|
Rip zonealarm
|
![]() |
|
![]()
|
# ? Jun 11, 2024 07:55 |
|
mostly rip thinking that the identity of the base image of a process is a useful/refined security distinction
|
![]() |
|
speaking of jre, ghidra got an update today
|
![]() |
|
Midjack posted:motherfuckers act like they forgot about jre eqing for rotor
|
![]() |
|
Midjack posted:motherfuckers act like they forgot about jre
|
![]() |
|
Sniep posted:eqing for rotor thanks but i forgot i was logged in here so BAM
|
![]() |
|
pseudorandom name posted:speaking of jre, ghidra got an update today "turned on font antialiasing by default for linux" yup this is authentic government code
|
![]() |
|
Midjack posted:motherfuckers act like they forgot about jre
|
![]() |
|
Midjack posted:motherfuckers act like they forgot about jre drat lol also this actually happened at work! turns out some poo poo old application depends on it and its critical for hr so some poor fucker has to figure out how to keep it working! not me though!
|
![]() |
|
Midjack posted:motherfuckers act like they forgot about jre graph please
|
![]() |
|
Midjack posted:motherfuckers act like they forgot about jre
|
![]() |
|
Midjack posted:motherfuckers act like they forgot about jre
|
![]() |
|
Midjack posted:motherfuckers act like they forgot about jre
|
![]() |
|
now now we can just hang onto it until this thread gets closed yet again
|
![]() |
|
lotta yall dont understand thread semver minor point updates for title changes, version bumps for new threads please dont use yospos threads in production until you have internalized this
|
![]() |
|
also, mods plsMidjack posted:Security Fuckup Megathread - v17.1 - motherfuckers act like they forgot about jre also also, little snitch owns bones
|
![]() |
|
yoloer420 posted:The question was about process aware firewalls that work. They do work, I'm not aware of any enterprise level solutions (for anything) that work though. The tech exists however. it's called "the windows firewall"
|
![]() |
|
Krankenstyle posted:lotta yall dont understand thread semver I'm going to need to see your versioning documentation in the IG, this seems to be a non-security impacting change so you can probably use a wildcard.
|
![]() |
|
BangersInMyKnickers posted:it's called "the windows firewall" Windows firewall is good in the same way Defender is good. Microsoft actually implemented a relatively simple, good thing that you can manage centrally but then forgot that you might care about central logging.
|
![]() |
|
ewiley posted:Windows firewall is good in the same way Defender is good. Microsoft actually implemented a relatively simple, good thing that you can manage centrally but then forgot that you might care about central logging. They do need a native mechanism to forward that in to an event log but if you aren't already deploying a log forwarding agent to scape application log files then you've already messed up so its kinda a moot issue
|
![]() |
|
Krankenstyle posted:lotta yall dont understand thread semver actually i think you'll find the way semver works is nobody ever changes major versions because we need to "get a marketing win out of a new major version", minor versions are meaningless and patch versions are random and then someone changes it to be based on the current year and then never updates it again so your version is forever 2017.x.x
|
![]() |
|
half the libs are pre 1.0.0 and the versions mean nothing too
|
![]() |
|
Defender is getting stronger with ATP, ATA, and Sandbox testing builtin. Honestly, if you have Azure AD, even just for your off prem stuff, you should totally take advantage of ATP and their Event Forewarding Analysis stuff. We've been testing its use as a way to isolate infected machines, and even though it modifies the firewall to block all outbound internet traffic if it detects an infection, it keeps pushing the ATP and even forewarding for analysis
|
![]() |
|
Midjack posted:motherfuckers act like they forgot about jre
|
![]() |
|
Shame Boy posted:actually i think you'll find the way semver works is nobody ever changes major versions because we need to "get a marketing win out of a new major version", minor versions are meaningless and patch versions are random lol at using patch versions just increment the minor version number and look in the code if you want to see what check ins are covered in that
|
![]() |
|
CommieGIR posted:Defender is getting stronger with ATP, ATA, and Sandbox testing builtin. There's like 4 different ATP products
|
![]() |
|
Someone post some anime so we can force the devs to update
|
![]() |
smoka, i heed thee
|
|
![]() |
|
pro thread title
|
![]() |
Now fix the versioning
|
|
![]() |
|
cinci zoo sniper posted:Now fix the versioning
|
![]() |
|
cinci zoo sniper posted:Now fix the versioning lmao ![]()
|
![]() |
|
lel
|
![]() |
|
good hustle
|
![]() |
|
The Fool posted:There's like 4 different ATP products And I'm specifically talking about one of them. ![]() How it relates to the ATP product chain as a whole: ![]() CommieGIR fucked around with this message at 22:04 on Mar 27, 2019 |
![]() |
|
ftfy
|
![]() |
|
ate poo poo on live tv posted:Yea, this is where I'm at. Idempotent is a fun word, and ansible/network changes AREN'T. Thirding this. All configuration is a transition from some state to another state, and the concept of idempotence with regard to configuration just seems like either pretending the starting state doesn't exist or implicitly assuming a known clean starting state. I like Ansible for configuration automation, but the idempotent paradigm is stupid and I don't use it. I thought I was stupid or that I must have been using Ansible wrong. I may still be stupid, but it seems pretty clear to me after a few years of using it that Ansible itself misunderstands the nature of their own project.
|
![]() |
|
For Juniper devices Ansible works really well because you just delete the entire config, then apply the complete new one. Juniper commit engine is smart and as long as the section that you deleted and put back didn't change, the router won't recommit and cause router reconvergence, or firewalls to drop sessions etc. For Cisco/Arista, welp...
|
![]() |
|
Cisco had a rce vulnerability on one of their routers which was reported to them along with a curl command that would trigger the problem. They released an update that solves this problem by blocking user agents containing 'curl' ![]() https://twitter.com/RedTeamPT/status/1110843396657238016
|
![]() |
|
![]()
|
# ? Jun 11, 2024 07:55 |
|
Rahu posted:Cisco had a rce vulnerability on one of their routers which was reported to them along with a curl command that would trigger the problem. ![]()
|
![]() |