|
Truga posted:at one point, steam said something like 90% of its users has a 1/1 birthday lmao They don't store this information though
|
# ? Jan 3, 2019 21:04 |
|
|
# ? May 18, 2024 14:45 |
|
Sickening posted:Please make sure your work pays for this other computer. As much as this would be ideal, it doesn't seem likely for a non-US/EU small business with a handful of employees. If you wanted to devote a weekend or two to learning some computer poo poo, you can run a virtual machine and have the VPN just on that. This means that the VM tunnels all it's networking through your host OS to your work network, but the host OS can't. Then keep all your work internet inside the VM, and read SA with your normal browser. If the stuff you need from the work network is just docs and pdfs, it would be easy enough to work inside a VM.
|
# ? Jan 4, 2019 02:06 |
|
^ agreed.. Perfect excuse to run Ubuntu (other distro's are available) in a VM and pay a couple of bucks a month for an openVPN service inside your VM. PRO's: 1 .You get to learn Linux AND watch Tijuana Donkey Show without work knowing about it. 2. You get proficient at Linux and, over time, ditch Windows telemetry and then even the NSA don't know about your Donkey Show habit.
|
# ? Jan 4, 2019 03:38 |
|
Cup Runneth Over posted:They don't store this information though they used to have a birthday check for age limited games, and they probably stored how many times people clicked each?
|
# ? Jan 4, 2019 03:44 |
|
Truga posted:they used to have a birthday check for age limited games, and they probably stored how many times people clicked each? This is almost certainly, and obviously, what happened.
|
# ? Jan 4, 2019 05:03 |
|
They don't store that information, truga is probably mis-remembering that onion-wannabe article as a real one.
|
# ? Jan 4, 2019 05:11 |
|
So the NSA is finally declassifying their internal reverse engineering tool: https://www.rsaconference.com/events/us19/agenda/sessions/16608-come-get-your-free-nsa-reverse-engineering-tool It's great that there might finally be a real viable alternative to IDA Pro. It's been ~6 or 7 years since I last used ghidra, but even a gimped/redacted public build should still be better than pretty much anything currently available right now other than IDA (although I've never tried binary ninja), and IDA's pricing is what it is. I'm real interested in seeing what ghidra modules they'll actually be releasing.
|
# ? Jan 4, 2019 05:49 |
|
Mystic Stylez posted:I'm going to ask some very dumb questions, but please bear with me. It’s already been answered, but yes, that’s trivial. Assume everything you do over the network is logged and easily searchable, or filtered with notifications for visiting certain websites. If he really wanted to, he could measure productivity with your browsing habits and see how much time you spend actively browsing the web and where with automatic reporting. That being said, it’s probably very unlikely with such a small company, but there you have it. Nobody has the time to waste with even basic IT stuff at a small company, but many owners are also neurotic, paranoid, and weird. As already mentioned, a VM is a great option, and Oracle Virtualbox is free and easy to use if you have a good general knowledge of computers. A second laptop is also not a bad idea as well. astr0man posted:So the NSA is finally declassifying their internal reverse engineering tool: https://www.rsaconference.com/events/us19/agenda/sessions/16608-come-get-your-free-nsa-reverse-engineering-tool This is awesome! Can’t wait to get my hands on this
|
# ? Jan 4, 2019 08:23 |
|
Klyith posted:As much as this would be ideal, it doesn't seem likely for a non-US/EU small business with a handful of employees. Its not hard to build a business case based on the fact that he can't ensure that his personal computer is not compromised, so a company controlled system that he doesn't use for personal browsing is less likely to get infected with donkey porn. It would also help reduce their overall costs from the bandwidth use that won't happen because steam isn't updating in the background.
|
# ? Jan 4, 2019 09:30 |
|
apropos man posted:2. You get proficient at Linux and, over time, ditch Windows telemetry and then the NSA, Cloudflare, Google and/or your DNS provider, and upwards of five persistent passive presences on your home network still know about your Donkey Show habit.
|
# ? Jan 4, 2019 13:30 |
|
astr0man posted:So the NSA is finally declassifying their internal reverse engineering tool: https://www.rsaconference.com/events/us19/agenda/sessions/16608-come-get-your-free-nsa-reverse-engineering-tool I looked into radare2 for awhile. It works, but it has terrible docs and ergonomics. Any new tools are good tools.
|
# ? Jan 5, 2019 18:02 |
|
Ida recently updated their free version to something from the past 20 years also, and it’s really good
|
# ? Jan 5, 2019 18:07 |
|
Free IDA is at least decent now, and being usable at all is a huge upgrade from the prior free version. But being x64 only, no debugger, and no scripting/plugin support are all still pretty big drawbacks.
|
# ? Jan 6, 2019 02:42 |
|
https://twitter.com/mischmerz/status/1083891597534736384 It's your funeral. Edit: https://twitter.com/da5ch0/status/1083956033934913536 https://twitter.com/DanielGallagher/status/1083957859824685057 Absurd Alhazred fucked around with this message at 23:40 on Jan 12, 2019 |
# ? Jan 12, 2019 23:38 |
Absurd Alhazred posted:https://twitter.com/mischmerz/status/1083891597534736384 One of the replies got a chuckle out of me: https://twitter.com/mrjhnsn/status/1083972010529632256 e: oh, you edited it with more
|
|
# ? Jan 12, 2019 23:43 |
|
tf when a user wipes and reloads their machine to circumvent the management/security software. sigh.
|
# ? Jan 16, 2019 18:29 |
|
lol how
|
# ? Jan 16, 2019 18:32 |
|
azurite posted:lol how anything is possible with a bios reset jumper and an unlocked case
|
# ? Jan 16, 2019 18:35 |
|
AlternateAccount posted:tf when a user wipes and reloads their machine to circumvent the management/security software. sigh. tfw they've violated your aup and you get then pipped or termed for loving with corporate assets
|
# ? Jan 16, 2019 20:22 |
|
Well, the person is only about 1 or 2 rungs down from the top in the org chart, so we'll see how that goes. I told my boss, who then felt obligated to escalate it, so we'll see what shakes out. Modifying boot device was not specifically prevented, so welp.
|
# ? Jan 16, 2019 20:51 |
|
I mean, at that point it wouldn't have proper client certs, so the end result shouldn't be much different from if they'd bought in a personal laptop and tried using that?
|
# ? Jan 17, 2019 01:07 |
|
Got an email a short while ago to say I'd been 'pwd. https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/ However as he can't/won't provide any information about the password, it's a frustrating bit of knowledge. I think blissful ignorance was more pleasant! Fortunately I don't have that many accounts using that email so I'm just updating them all and making sure they're long lones. Hoping it's just an old password from simpler times that is floating around and has been repacked in to a new collection.
|
# ? Jan 17, 2019 12:00 |
|
It’s mentioned in the post, but Watchtower feature in 1Password is a great tool for this kind of thing. I’ve been using Watchtower in 1Password for a while now and it’s even better since they started using the API for Have I Been Pwned. I usually check once a week and change passwords for sites that get flagged. I used to do the strong, unique passwords for important stuff and common password for things like forums. Now I just let the password manager worry about it and do strong, unique for every single site I use.
|
# ? Jan 17, 2019 12:13 |
|
Big Beautiful Passwords for everything.
|
# ? Jan 17, 2019 12:18 |
|
Lambert posted:Big Beautiful Passwords for everything.
|
# ? Jan 17, 2019 15:41 |
|
Pablo Bluth posted:Got an email a short while ago to say I'd been 'pwd. https://haveibeenpwned.com/Passwords You can check to see if your specific password was ever seen before in any password dumps. If it was a fairly unique password, you should be able to tell if it was yours that was leaked.
|
# ? Jan 17, 2019 16:01 |
|
Nalin posted:https://haveibeenpwned.com/Passwords And if for some reason you don't trust Troy Hunt (in that case, come on), you can manually submit the first five of your password's SHA-1 hash to his API. He explains how to do this in his blog post explaining why testing your password on his site is okay and safe.
|
# ? Jan 17, 2019 16:15 |
|
Jabor posted:I mean, at that point it wouldn't have proper client certs, so the end result shouldn't be much different from if they'd bought in a personal laptop and tried using that? LOL if you think we're cool enough to have certs actually required to do anything meaningful in this garbage fire company. No switch port security. Wifi key for corp network is pre-shared and has been the same for over a decade.
|
# ? Jan 17, 2019 18:35 |
|
Then, aside from breaking policy, this guy didn't actually do anything negative to your security footprint.
|
# ? Jan 17, 2019 19:03 |
|
bull3964 posted:Then, aside from breaking policy, this guy didn't actually do anything negative to your security footprint. I don't disagree with that, except that he normally wouldn't have local admin and then went ahead and installed a bunch of software on his new machine where he was God. The sad part is, dude is high enough up, and supposedly smart enough, he could have asked for an admin account for his use on the box and gotten it.
|
# ? Jan 17, 2019 19:32 |
|
Also, WEIRD, the machine hasn't checked in since about an hour after it was re-enrolled 3 days ago. That's a few dozen 15m checkins missed, even though this person was working. It's almost like they took it home and did the same poo poo again. At this point I hope they get fired, but I know they won't. :\
|
# ? Jan 18, 2019 19:09 |
|
AlternateAccount posted:Also, WEIRD, the machine hasn't checked in since about an hour after it was re-enrolled 3 days ago. That's a few dozen 15m checkins missed, even though this person was working. It's almost like they took it home and did the same poo poo again. At this point I hope they get fired, but I know they won't. :\ Sounds like they have some kind of compromised machine, better suspend the account until you can verify everything
|
# ? Jan 19, 2019 19:18 |
|
A lot of stuff is coming out lately about this toxic misogynistic hateful dumpster fire of an industry https://motherboard.vice.com/en_us/article/eve4en/hackers-blame-women-and-sjws-end-of-derbycon-security-conference quote:Hackers Baselessly Blame Women and ‘SJWs’ for the End of DerbyCon Security Conference https://twitter.com/georgiaweidman/status/1086757975593750531 https://twitter.com/eiais/status/1088218176587030528
|
# ? Jan 24, 2019 17:58 |
|
CLAM DOWN posted:A lot of stuff is coming out lately about this toxic misogynistic hateful dumpster fire of an industry Jesus christ.
|
# ? Jan 24, 2019 18:37 |
|
CLAM DOWN posted:A lot of stuff is coming out lately about this toxic misogynistic hateful dumpster fire of an industry This looks like the movie industry. Or the financial industry. Or the legal industry. Or the ... what am I talking about : absolutely every industry out there.
|
# ? Jan 24, 2019 18:42 |
|
Volguus posted:This looks like the movie industry. Or the financial industry. Or the legal industry. Or the ... what am I talking about : absolutely every industry out there. Only in infosec can you get a guy who literally looks like an even more unkempt version of Comic Book Guy give a talk on something that completely packs the room to capacity. When a guy who you'd normally associate with the powerful odor of a magic the gathering tournament is a superstar infosec hacking demigod, perhaps the people involved don't adhere to some of society's lesser known social moors, like 'don't be a loving creepy weirdo' and 'no does in fact mean no'.
|
# ? Jan 24, 2019 18:59 |
|
Methylethylaldehyde posted:Only in infosec can you get a guy who literally looks like an even more unkempt version of Comic Book Guy give a talk on something that completely packs the room to capacity. When a guy who you'd normally associate with the powerful odor of a magic the gathering tournament is a superstar infosec hacking demigod, perhaps the people involved don't adhere to some of society's lesser known social moors, like 'don't be a loving creepy weirdo' and 'no does in fact mean no'. What's the difference if one is doing that wearing a suit with expensive cologne vs being an unwashed creep? It's just the people that are to blame, not the industry they're a part of.
|
# ? Jan 24, 2019 19:14 |
|
lol at being a shithead on Facebook with your real name. Good opsec. quote:One female member of the Facebook group who asked to remain anonymous in order to avoid retaliation told Motherboard she monitors illmob as a way to avoid hiring questionable individuals.
|
# ? Jan 24, 2019 19:15 |
|
Volguus posted:What's the difference if one is doing that wearing a suit with expensive cologne vs being an unwashed creep? It's just the people that are to blame, not the industry they're a part of. The suit and expensive cologne are a learned social technique used to camouflage the inherent creepiness of the person. There is a certain minimum social awareness required to maintain good grooming habits and the ability to dress yourself well that the unwashed crowd seems to miss. Both can be just as repulsive as a person, but the initial expectations of an interaction with a dude in a sport coat and button up shirt vs a dude in stained sweatpants wearing a fanny pack are way different. Diva Cupcake posted:lol at being a shithead on Facebook with your real name. Good opsec. If they're too dumb to NOT post poo poo on a barely private group on the world's greatest NSA honeypot, would you really want to hire them even if you agreed with what they were saying?
|
# ? Jan 24, 2019 19:20 |
|
|
# ? May 18, 2024 14:45 |
|
Tech has this strange extreme-libertarian streak running though it as well
|
# ? Jan 24, 2019 22:05 |