|
ChubbyThePhat posted:Anyone have or use Kibana as a front end to their Elasticsearch? I've been handed pretty much exactly that setup but haven't used Kibana before. Anything I should be aware of while I play around? Kibana is fairly self-explanatory, though the Lucene query language isn't great. If this is something you have to run/maintain, make sure to dig into the X-Pack options for monitoring and security. Also, be aware that you can basically enter free-form queries, so be conscientious if this is your production cluster, since searches for wide-ranging patterns over all indices can very much have adverse effects on the cluster's overall performance (ask me how I know...).
|
#
?
Oct 4, 2019 22:42
|
|
|
|
| # ? May 14, 2024 06:11 |
|
|
CLAM DOWN posted:A draft of 800-63B had deprecated SMS 2FA, but the subsequent final removed that part: Regarding those risk factors your quote says to be aware of, there's a system I work on which uses ussd for auth, but before we initiate the session, we use a service provider to query from the customers network when last their sim card was swapped, and don't even initiate the ussd auth session if we think the sim swap was too recent.
|
|
#
?
Oct 5, 2019 07:51
|
|
|
My job uses email 2fa for our snow instance, which contains basically everything about our customers. We have at least 3 other mfa platforms active to auth it against, but we use email instead.
|
|
#
?
Oct 6, 2019 19:26
|
|
|
does accessing the email require 2fa?
|
|
#
?
Oct 6, 2019 20:53
|
|
|
Ranter posted:does accessing the email require 2fa? Not sure tbh. Never done it outside of my work machine(which does not) I'm more concerned about that fact that a plaintext email is not what I consider secure in transit.
|
|
#
?
Oct 6, 2019 20:59
|
|
|
If it’s o365<->o365 it will be, results with other services may vary.
|
|
#
?
Oct 6, 2019 21:42
|
|
|
The Fool posted:If it’s o365<->o365 it will be, results with other services may vary. Given the quality of implementation in other things, i wouldn't be surprised if it was using sendmail, tbh
|
|
#
?
Oct 6, 2019 21:44
|
|
|
RFC2324 posted:I'm more concerned about that fact that a plaintext email is not what I consider secure in transit. I'd worry a lot less about email being intercepted in flight and more about the email accounts themselves. a: email is often the first thing compromised, then attack things that are tied to that email. b: if email can be used to do password reset whether with an automatic recovery or by sending a help request through their work-associated email, that's a giant weakness. It's like SMS 2FA -- SMS 2FA isn't the best thing, but the real fuckup is services like twitter that have SMS for both 2FA and password reset. If you can reset a password through the same means as the 2FA, it's not two factors. It's one factor with an extra vulnerability.
|
|
#
?
Oct 6, 2019 22:48
|
|
|
ChubbyThePhat posted:Anyone have or use Kibana as a front end to their Elasticsearch? I've been handed pretty much exactly that setup but haven't used Kibana before. Anything I should be aware of while I play around? Kibana is pretty seamless to Elasticsearch. It's meant to run with elastic so its pretty clean. But as mentioned earlier look into x-pack for proper security.
|
|
#
?
Oct 8, 2019 09:59
|
|
|
X-Pack used to be fairly expensive, but I think they've fairly recently released it as free (or at least parts of it, like auth).
|
|
#
?
Oct 8, 2019 14:38
|
|
|
PBS posted:X-Pack used to be fairly expensive, but I think they've fairly recently released it as free (or at least parts of it, like auth). Yeah its free, but they lock alerting and "MACHINE LEARNING" behind huge pricing, which is bullshit. That kinda behaviour triggered amazon to forkish elastic stack to their own thing - which is almost identical. https://opendistro.github.io/for-elasticsearch/
|
|
#
?
Oct 10, 2019 09:40
|
|
|
xThrasheRx posted:Yeah its free, but they lock alerting and "MACHINE LEARNING" behind huge pricing, which is bullshit. That kinda behaviour triggered amazon to forkish elastic stack to their own thing - which is almost identical. No, AWS forked because all of X-Pack, even the no-cost parts, are under a license that says AWS can't use it. The basic license is only free if you aren't charging users for ELK, for the sake of ELK. If you want to offer ELK as a service, you are limited to the OSS parts. We use some of the basic level features in our internal ELK, but use only OSS on the ES that contains data that our customer-facing app searches. We could probably use basic on both parts, but it saved me from talking to legal for a re-review.
|
|
#
?
Oct 10, 2019 10:51
|
|
|
Open core isn't open source, source-available, or even source free (the kind of source trading that early UNIX and BSD used).
|
|
#
?
Oct 10, 2019 12:07
|
|
|
apropos man posted:Is there a really basic SIEM program, which I could run in a VM or something that's free and doesn't require the knowledge that some of you guys have, in order to monitor my home network? LogZilla is free up to 1 million events per day. Simple searching and filtering, and email alerts. PM me if you want to try it out and I can set up your license. Lucid Nonsense fucked around with this message at 21:28 on Oct 14, 2019 |
|
#
?
Oct 14, 2019 21:25
|
|
|
(mimimmi) Dumb ways to randomize.... https://twitter.com/pati_gallardo/status/1184122778976423936 (see whole thread with new and improved suggestions)
|
|
#
?
Oct 15, 2019 18:34
|
|
|
I have a question to which I think I know the answer but I still have some hope that it is wrong. In the last few weeks I've been getting spam calls (chinese speakers or some robot pretending to be some law enforcement crap) that were not marked as spam by Google. I dutifully told Android to block those numbers and mark them as spam. Today I get a phone call from an unknown number again, I pick it up fully expecting to be a spam call again. The conversation went like this: - Hello - Hello - I missed your call. What's the problem? - I didn't call anyone, who are you? - Oh, ok , goodbye. I looked in my phone's log, thinking maybe I called and I just didn't know it, but no, my phone doesn't say that I called anyone. Could it be that those spammers are impersonating my (and others) phone number to spam call people? Like, real, used, phone numbers? I thought they just use some unused numbers. It was bad enough they were from the area, with my area code, but I was expecting them to be at least new phone numbers. Is that possible? I know I can put whatever I want in a From field of an email, but I still need to have a mail server that will accept my bill.gates@micrsoft.com address. Not very hard to do, but not trivial either. Can the same thing be done with phone numbers?
|
|
#
?
Oct 16, 2019 15:36
|
|
|
Yes, they're using numbers arbitrarily. I have a short list of numbers in a few area codes that show up on your caller ID as Vader, Darth because that's what the line subscribers named themselves with their telcos. When it comes to American phone systems, "can I do x" is often "lol u can do anything." disclaimer, I'm not and never will be a phone expert
|
|
#
?
Oct 16, 2019 15:50
|
|
|
The caller ID system allows callers to send whatever they please as the "from" address. There are legitimate uses for this - for instance, an outbound-only customer service return call might show up with the main customer service phone number in caller ID - but there's no authentication, and it's heavily used by scammers. Your number was almost certainly used by a scammer in outbound caller ID. There's nothing you can do about it and the phone companies effectively don't care - they're already spinning up revenue streams for spam call blocking services.
|
|
#
?
Oct 16, 2019 15:50
|
|
|
At least in the US anyways, the carriers are implementing a system akin to SPF/DKIM, but for phone calls. Its called STIR/SHAKEN. The CRTC in Canada is as usual, following in the FCCs footsteps, and has also mandated Canadian carriers to adopt the same standards.
|
|
#
?
Oct 16, 2019 16:34
|
|
|
Volguus posted:Could it be that those spammers are impersonating my (and others) phone number to spam call people? Like, real, used, phone numbers? I thought they just use some unused numbers. It was bad enough they were from the area, with my area code, but I was expecting them to be at least new phone numbers. It's called neighbor spoofing, and yes. I have even received voicemails of people threatening all kinds of things if I don't stop calling them. I almost never answer the phone anymore if it is a number not already in my contacts.
|
|
#
?
Oct 16, 2019 18:24
|
|
|
The scammers like to impersonate your local prefix, I just stopped answering calls that contain mine, but I've also literally never seen this prefix used anywhere so it hasn't been an issue for me.
|
|
#
?
Oct 16, 2019 18:25
|
|
|
As many of us already say, just don't pick up the phone if they aren't in your contacts. If it's important they'll leave a message.
|
|
#
?
Oct 16, 2019 18:40
|
|
|
Sirotan posted:I have even received voicemails of people threatening all kinds of things if I don't stop calling them. Please consider: 
|
|
#
?
Oct 16, 2019 18:42
|
|
|
I've noticed robo callers tend to call all the numbers in a given prefix in order. We have a few company cellphones at the office where like 5-6 people have sequential numbers. When the first one gets a call, the rest will also get one within a second or so.
|
|
#
?
Oct 16, 2019 19:15
|
|
|
ChubbyThePhat posted:As many of us already say, just don't pick up the phone if they aren't in your contacts. If it's important they'll leave a message. Or if it's a robocall, they will leave a message too!
|
|
#
?
Oct 16, 2019 19:18
|
|
|
stevewm posted:I've noticed robo callers tend to call all the numbers in a given prefix in order. Oh that's spooky lmao
|
|
#
?
Oct 16, 2019 19:56
|
|
|
Dumb Lowtax posted:Oh that's spooky lmao Happens at our office too. One day a bunch of our desk phones started ringing one at a time, all with the same recording in Manderin. A coworker who could understand it let us know it's a scam where they pretend to be the Chinese government to scare the hell out of Chinese nationals to extract stuff from them.
|
|
#
?
Oct 16, 2019 20:03
|
|
|
azurite posted:Please consider: Eh I don't know if I even remember the specifics. Just poo poo like "if you don't stop calling me I'm going to hunt you down and make you regret it". People get real mad about their phone spam I guess. 
|
|
#
?
Oct 16, 2019 20:56
|
|
|
It seems like people of a certain age take a very personal view of their cell phone. If you're calling it and they didn't want you to it's an even worse invasion of privacy than walking up to the front door of their house.
|
|
#
?
Oct 16, 2019 20:59
|
|
|
Space Gopher posted:The caller ID system allows callers to send whatever they please as the "from" address. There are legitimate uses for this - for instance, an outbound-only customer service return call might show up with the main customer service phone number in caller ID - but there's no authentication, and it's heavily used by scammers. It would take me less time than it took to type this sentence to set up my PBX to send any arbitrary phone number as the caller ID, and unless I called a toll-free number the recipient would have absolutely no ability to tell it from a legitimate call. Toll-free calls have a bit of extra metadata that takes a bit longer to spoof but is still pretty easy. Still to this day a hilarious number of voicemail systems will let you in without a password if your caller ID matches that of the mailbox, including a few major cellular phone providers. SHAKEN/STIR definitely looks like it will resolve this if it gets sufficiently wide adoption, but at this point I'm not sure how long that'll take.
|
|
#
?
Oct 16, 2019 21:26
|
|
|
About 4 times as long as the digital TV conversion. So wide enough adoption to stop spam right around 2040.
|
|
#
?
Oct 16, 2019 21:34
|
|
|
wolrah posted:
Probably faster than you think.. The FCC gave major carriers a warning to get things implemented by the end of 2019, and if they didn't, the FCC would could step in with regulatory measures. https://www.fcc.gov/call-authentication Edit: The FCC statement says that as of August, all the "major voice carriers" are on track to meet the deadline. stevewm fucked around with this message at 21:40 on Oct 16, 2019 |
|
#
?
Oct 16, 2019 21:38
|
|
|
stevewm posted:Probably faster than you think..
|
|
#
?
Oct 16, 2019 21:45
|
|
|
Originally got my cell phone in Oakland CA. No longer live in that rough as guts neighborhood. 12 years later got cussed out something shocking by some tough dude that didn't know spammers spoof numbers. Went something like: me: hello angry man: yo who dis? me: you called me... angry man: cocksucker you called my motherfucking phone now who are you??! me: yo mommas new boyfriend, bitch* *i didn't say this bit
|
|
#
?
Oct 16, 2019 22:06
|
|
|
wolrah posted:I wouldn't trust Ajit "The free market means we don't need net neutrality laws in a country with no real broadband competition" Pai's FCC to go through with any threats to increase regulation. Yeah fair enough. I sometimes forget that little turd is chairman.
|
|
#
?
Oct 16, 2019 22:48
|
|
|
stevewm posted:I've noticed robo callers tend to call all the numbers in a given prefix in order. It's literally software just dialing every possible number in order and playing the message, nothing spooky about it at all.
|
|
#
?
Oct 17, 2019 02:09
|
|
|
Last I heard on shaken/stir is that nobody want to set up to actually and run the authority that would validate and publish what phone numbers are owned by what carriers. No single carrier wants to do the work, and it would make sense for someone like the FCC to handle it but lol they're poo poo and also the scope of this problem is global so you need at least the EU jumping on board as well to hit the critical mass that forces adoption for everyone else
|
|
#
?
Oct 17, 2019 04:38
|
|
|
Carriers also reuse numbers all the time. If you get a new number now, chances are it’s been used by about three people, at least one of whom couldn’t pay their bills, meaning you will get vaguely threatening messages that don’t give any details other than a name. Somebody who had my number apparently tried to start a business recently. I get non-stop messages about my non-existent business application being approved, along with the typical debt collection calls. I won’t ever answer them, since they might be scammers. If the debt collectors want their money, they can subpoena the carrier and find out they’ve been wasting their time from them.
|
|
#
?
Oct 17, 2019 04:40
|
|
|
wolrah posted:SHAKEN/STIR definitely looks like it will resolve this if it gets sufficiently wide adoption, but at this point I'm not sure how long that'll take. SHAKEN/STIR is great and all, but remember, it terminates at the carrier level. There's nothing to stop Verizon or AT&T from putting the functionality to block spoofed CID detected by new auth mechanisms behind an "enhanced spam call blocking service" package for a monthly fee. And would you look at that, they're already selling those services.
|
|
#
?
Oct 17, 2019 04:53
|
|
|
|
| # ? May 14, 2024 06:11 |
|
|
Anyone here using Wireguard extensively over a mobile connection, in always-on mode? I keep having connectivity issues when my phone was too long in my pocket. My provider puts me behind CGNAT and seems to be yanking the rug from under my feet frequently (on their port mapping) when things are idle. I have persistent keep-alive configured, but whatever my mobile provider does, that won't gel with Wireguard. Maybe trick it by changing the endpoint to a popular UDP port and hope it gets treated differently?
|
|
#
?
Oct 17, 2019 20:02
|
|
