|
It's also an hourly thing too. $5/mo is the hourly rate over a month. If you only keep the algo box up for 7 days or some hours, you only pay for that much. Blow away the box when you don't need the VPN. Also, the Algo thing has a one-button deploy to DO button thing as well.
|
# ? Oct 15, 2018 18:44 |
|
|
# ? May 26, 2024 16:25 |
|
speaking of VPN, anyone have a FIPS 140-2 supported virtual appliance endpoint for aws govcloud? Our F5 is a tire fire that doesn't segregate traffic properly like it's supposed to and crashes on the reg after we apply the STIG. There aren't a lot of options in this space; we'd love to use openvpn but even though they have an open pull request which adds it, it hasn't been merged into the main branch and openvpn.net refuses to support.
|
# ? Oct 15, 2018 18:50 |
|
christ, F5. im sorry. no further insight. but im sorry
|
# ? Oct 15, 2018 18:51 |
|
Lysidas posted:i understand the appeal of buying a box but i would recommend just paying $5/month for a cloud vps like from digital ocean or wherever, setting up algo, generating keys for everyone and sending the .mobileconfig profiles to any ios devices i've done the same thing but more half-assed: no vpn, just an ssh tunnel to the vps (or to a box at home), and a socks proxy in the browser. which reminds me, does iOS let you do ssh tunnels yet? i haven't played around with an iphone/ipad in quite some time, but when i last did, it sure seemed like they really didn't want you coloring outside the lines like that.
|
# ? Oct 15, 2018 18:51 |
|
I finally got an answer why Symantec SEP admin console is so dogshit and its because instead of making a real HTML console what they're doing is rendering a native java session locally on the server itself and then doing some kind of remote composed view through http and if you do something like resize the window it samples all the redraw events at some set interval and queues them up against the server, but since its slow as dogshit you get stuck watching a slideshow for the next 2 minutes as it works through the queue
|
# ? Oct 15, 2018 19:10 |
|
BangersInMyKnickers posted:Symantec SEP admin console a huge piece of garbage lol
|
# ? Oct 15, 2018 19:14 |
|
so the mikrotik box I have (the hEX) uses this SoC: https://wikidevi.com/wiki/MediaTek_MT7621 which is dual core / quad thread and has "HW Crypto Engine 200Mbps IPSec throughput", whatever that means i paid like $50 for it and from personal experience it runs my vpn "fine" so e: on the mikrotik site it says "IPsec hardware encryption (~470 Mbps)" so either it uses both cores at once or they're lying lol
|
# ? Oct 15, 2018 19:15 |
|
graph posted:a huge piece of garbage lol I've been forced to reverse engineer pretty much the entire application stack because their support is miserable and useless. Rule of thumb now is to just assume the dumbest, laziest possible way to solve a problem and that's what they did, but even then they've surprised me a few times
|
# ? Oct 15, 2018 19:17 |
|
Shame Boy posted:so the mikrotik box I have (the hEX) uses this SoC: Its usually rated by aggregate throughput, 200mbit on a single stream for an arm cpu with aes-ni seems about right
|
# ? Oct 15, 2018 19:19 |
|
BangersInMyKnickers posted:I finally got an answer why Symantec SEP admin console is so dogshit and its because instead of making a real HTML console what they're doing is rendering a native java session locally on the server itself and then doing some kind of remote composed view through http and if you do something like resize the window it samples all the redraw events at some set interval and queues them up against the server, but since its slow as dogshit you get stuck watching a slideshow for the next 2 minutes as it works through the queue symantec, sponsored by lance armstrong: try it and you'll see why i'm using epo
|
# ? Oct 15, 2018 19:20 |
|
i just noticed chome now reports RSA as obsolete:quote:Connection - obsolete connection settings it doesn't flag the connection as "not secure" or anything so it's not really a big deal but yeah. when did that start happening?
|
# ? Oct 15, 2018 19:45 |
|
Shame Boy posted:i just noticed chome now reports RSA as obsolete: Anything non-ephemeral is old garbage that belongs in the dumpster
|
# ? Oct 15, 2018 19:48 |
|
Agreeing with sausagepants
|
# ? Oct 15, 2018 19:58 |
|
Shaggar posted:I like sophoses for the most part but they also require a subscription for features which is why used ones are cheap. you can run their vm version for personal use for free if you want to tho. ssl vpn doesnt require a license, i dont think edit: yea code:
30 TO 50 FERAL HOG fucked around with this message at 20:15 on Oct 15, 2018 |
# ? Oct 15, 2018 20:13 |
|
Shame Boy posted:so the mikrotik box I have (the hEX) uses this SoC: Unless it specifies a cypher throughput means precisely fuckall
|
# ? Oct 15, 2018 20:30 |
|
BangersInMyKnickers posted:Anything non-ephemeral is old garbage that belongs in the dumpster pretty much yeah it’s not that rsa is broken, exactly; unless you’re using a stupidly small key size, it’s only breakable in cases where an adversary is recording your sessions and might be able to obtain the server’s private key in future.* but there’s just no reason to choose it now that everything worth using supports well-studied alternatives that don’t have that flaw, and google’s sensible policy is to deprecate things aggressively in such cases * or has the key already, but in that case the server is compromised and you’re hosed whatever cipher you use
|
# ? Oct 15, 2018 20:43 |
|
evil_bunnY posted:Unless it specifies a cypher throughput means precisely fuckall If the hardware supports aes-ni then they are usually accurate. RC4 might be faster but its dead and nobody is using it for there benchmarks, and 3DES is slow compared to modern AES implementations. It's assuredly assuming a best-case scenario of ESP/UDP transport, with proper windowing and no fragmentation problems, and probably 128bit in GCM mode, but that's still a reasonable implementation.
|
# ? Oct 15, 2018 20:46 |
|
BangersInMyKnickers posted:I finally got an answer why Symantec SEP admin console is so dogshit and its because instead of making a real HTML console what they're doing is rendering a native java session locally on the server itself and then doing some kind of remote composed view through http and if you do something like resize the window it samples all the redraw events at some set interval and queues them up against the server, but since its slow as dogshit you get stuck watching a slideshow for the next 2 minutes as it works through the queue This is a fractal of horrible decisions, and I had to reread this three times to understand what was happening. Your console is performance art,
|
# ? Oct 15, 2018 20:47 |
|
Stabby McDamage posted:A colleague showed me this today. Apparently huge numbers of database passwords are available in plaintext via google, particularly for users of certain ~PHP FRAMEWORKS~. oh my.
|
# ? Oct 15, 2018 20:48 |
|
Re vpn: get a ubiquiti er-x and run lochnair's build of wireguard on it. Can do tens of mbps without breaking a sweat, more than enough for streaming video
|
# ? Oct 15, 2018 21:05 |
|
finally https://twitter.com/agl__/status/1051933087699881984
|
# ? Oct 15, 2018 21:32 |
|
anthonypants posted:more importantly, if a router/firewall advertises itself as a vpn endpoint, but its marketing documentation doesn't mention aes-ni, go somewhere else lol forever at insisting on x86 for this
|
# ? Oct 15, 2018 21:50 |
|
Rufus Ping posted:Re vpn: get a ubiquiti er-x and run lochnair's build of wireguard on it. Can do tens of mbps without breaking a sweat, more than enough for streaming video Does Wireguard have an iOS version that isn't horribly broken?
|
# ? Oct 15, 2018 22:45 |
|
No, i missed the part about him using an ipad
|
# ? Oct 15, 2018 23:59 |
|
our security department are running a "design the best phishing mail" competition, thanks to this thread I've added in dumb poo poo like odd characters in urls to make them look legit and even added a dumb word macro document to it that I was briefly extremely tempted to try to get to pop calc.exe before I realised they probably wouldn't appreciate that.
|
# ? Oct 16, 2018 00:06 |
|
Powerful Two-Hander posted:our security department are running a "design the best phishing mail" competition, thanks to this thread I've added in dumb poo poo like odd characters in urls to make them look legit and even added a dumb word macro document to it that I was briefly extremely tempted to try to get to pop calc.exe before I realised they probably wouldn't appreciate that. best as in most likely to get people to click or best as in the coolest looking?
|
# ? Oct 16, 2018 01:15 |
|
I did a "Such and such CIO has shared a document on OneDrive" that got a 98% click rate and a 75% creds in PhishMe when we started an O365 migration a few years ago.
|
# ? Oct 16, 2018 01:53 |
|
evil_bunnY posted:Unless it specifies a cypher throughput means precisely fuckall the best rfc posted:2.4. Performance it's valid IPSec and beats out all the competition on performance
|
# ? Oct 16, 2018 04:36 |
|
Oracle... your software... woof https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html we use oracle db quote:Oracle Database Server Executive Summary
|
# ? Oct 16, 2018 05:13 |
|
Just another Oracle CPU. There's usually a couple very bad vulnerabilities.
|
# ? Oct 16, 2018 06:54 |
|
Raere posted:best as in most likely to get people to click or best as in the coolest looking? it was unclear but I went for "most likely to get clicked" and faked up a "you have outstanding training" mail which is the sort of thing we get spammed with by hr
|
# ? Oct 16, 2018 08:18 |
|
Powerful Two-Hander posted:it was unclear but I went for "most likely to get clicked" and faked up a "you have outstanding training" mail which is the sort of thing we get spammed with by hr “Your it ticket has been updated, click here to see it now”
|
# ? Oct 16, 2018 08:37 |
|
BangersInMyKnickers posted:If the hardware supports aes-ni then they are usually accurate. RC4 might be faster but its dead and nobody is using it for there benchmarks, and 3DES is slow compared to modern AES implementations. It's assuredly assuming a best-case scenario of ESP/UDP transport, with proper windowing and no fragmentation problems, and probably 128bit in GCM mode, but that's still a reasonable implementation. anatoliy pltkrvkay posted:it's valid IPSec and beats out all the competition on performance evil_bunnY fucked around with this message at 09:00 on Oct 16, 2018 |
# ? Oct 16, 2018 08:57 |
|
Powerful Two-Hander posted:it was unclear but I went for "most likely to get clicked" and faked up a "you have outstanding training" mail which is the sort of thing we get spammed with by hr they did one at my firm a while ago that was from someone in hr with subject line "salary review - DO NOT SHARE" with a plausible-looking sharepoint link, followed up immediately with a "<x> wishes to recall this message" and a few minutes later with an email saying that it had been sent by mistake, contained confidential information, should be deleted immediately, and opening it may be a disciplinary matter. something like 85% success rate.
|
# ? Oct 16, 2018 09:21 |
|
Boiled Water posted:“Your it ticket has been updated, click here to see it now” “option grant requires confirmation”
|
# ? Oct 16, 2018 10:11 |
|
please login for a chance to participate in the company wide security contest for best phishing exercise first place $100 applebees gift card
|
# ? Oct 16, 2018 10:37 |
|
goddamnedtwisto posted:they did one at my firm a while ago that was from someone in hr with subject line "salary review - DO NOT SHARE" with a plausible-looking sharepoint link, followed up immediately with a "<x> wishes to recall this message" and a few minutes later with an email saying that it had been sent by mistake, contained confidential information, should be deleted immediately, and opening it may be a disciplinary matter. something like 85% success rate. drat that’s how it’s done.
|
# ? Oct 16, 2018 12:19 |
|
Powered Descent posted:i've done the same thing but more half-assed: no vpn, just an ssh tunnel to the vps (or to a box at home), and a socks proxy in the browser. ios will obey a .pac file so you can tunnel web traffic through a SOCKS proxy but some apps are just gonna connect direct without the proxy
|
# ? Oct 16, 2018 12:29 |
|
goddamnedtwisto posted:they did one at my firm a while ago that was from someone in hr with subject line "salary review - DO NOT SHARE" with a plausible-looking sharepoint link, followed up immediately with a "<x> wishes to recall this message" and a few minutes later with an email saying that it had been sent by mistake, contained confidential information, should be deleted immediately, and opening it may be a disciplinary matter. something like 85% success rate. Was it genuinely from someone in HR? I never know what to do if my phishing threat model is meant to include other people inside my own organization.
|
# ? Oct 16, 2018 12:49 |
|
|
# ? May 26, 2024 16:25 |
|
Bulgakov posted:please login for a chance to participate in the company wide security contest for best phishing exercise lol
|
# ? Oct 16, 2018 12:54 |