|
I've never heard of a character limit but I've definitely had to deal with the 10 lookups limit and it partially falls, stops working after the 10th. That was fun to have to convince the other side of.
|
# ? Dec 12, 2019 01:20 |
|
|
# ? May 20, 2024 00:38 |
|
This is the relevant stuff from the RFC:code:
code:
|
# ? Dec 12, 2019 01:56 |
|
Can someone settle this for me, is PrivateInternetAccess not a good VPN anymore due to who bought them or is it FUD? What is the currently goon approved VPN provider?
|
# ? Dec 12, 2019 16:33 |
|
cr0y posted:Can someone settle this for me, is PrivateInternetAccess not a good VPN anymore due to who bought them or is it FUD? What is the currently goon approved VPN provider? ProtonVPN is still decent.
|
# ? Dec 12, 2019 16:44 |
|
CommieGIR posted:ProtonVPN is still decent. Agreed, Proton is legit. But my favorite is still Mullvad, which just got picked to provide the actual backend service for Firefox's new VPN offering. As for PIA... sorry, haven't really been following the story, or even tried their service, so I can't say.
|
# ? Dec 12, 2019 17:44 |
|
From the Windows thread:935 posted:Not even sure what to google to figure this out. I got a new cell number few months ago and it obviously belonged to a Ms Cathy Jackson (I didn't use her real name) , since I keep getting spam calls for her.
|
# ? Dec 12, 2019 19:19 |
|
Amazing.
|
# ? Dec 12, 2019 19:23 |
|
activating your #1 Best Grandma digital entitlement...
|
# ? Dec 12, 2019 19:26 |
|
What the hell..... That's gotta art at this point.
|
# ? Dec 12, 2019 22:15 |
|
https://twitter.com/KringleCon/status/1205491010958020608
|
# ? Dec 14, 2019 19:01 |
|
Does anybody know how to make the AzireVPN app to start automatically when loging into Windows 10?
|
# ? Dec 15, 2019 15:54 |
|
https://www.businessinsider.com/nginx-russian-police-cofounders-f5-networks-2019-12 Might want to hold off for a spell on nginx updates and modules till this shakes out. Smells like a source code grab!
|
# ? Dec 16, 2019 02:45 |
|
The Iron Rose posted:https://www.businessinsider.com/nginx-russian-police-cofounders-f5-networks-2019-12 Even more, it might be a state sponsored grab, taking bets now of nginx getting forked by the community.
|
# ? Dec 16, 2019 03:23 |
|
Is there a good repository out there for best practice ways to fix certain security issues? Like maybe a general outline of "Hey you have a problem: x, y, and z probably need to be checked and you probably also might want to do a, b, c." I mean you can just google or research individual items like "I have a rogue AP, what do I do?" or "I've been rensenwared, how do I score enough to get my computer back?", but I haven't found a knowledge base of generalized trouble shooting/remediation/eradication best practices.
|
# ? Dec 16, 2019 15:43 |
|
Defenestrategy posted:Is there a good repository out there for best practice ways to fix certain security issues? Like maybe a general outline of "Hey you have a problem: x, y, and z probably need to be checked and you probably also might want to do a, b, c." I mean you can just google or research individual items like "I have a rogue AP, what do I do?" or "I've been rensenwared, how do I score enough to get my computer back?", but I haven't found a knowledge base of generalized trouble shooting/remediation/eradication best practices. Ransomware is only solveable one of two ways: Paying or having proper backups. Maybe you'll get lucky and there will be a published decryptor out, but don't bet on it. https://nvd.nist.gov/800-53/Rev4/control/CP-9 Rouge APs: Work on getting 802.1x Network Access Controls implemented on your network. Here's the draft for the NIST WLAN: https://csrc.nist.gov/csrc/media/publications/sp/800-153/final/documents/draft-sp800-153.pdf This is kind of what the NIST standards are for: To help you identify and resolve security issues, but still assume that you have talented IT people that can help you implement the changes and understand the technical side. There's some good writeups for consumers, but the lessons are the same. CommieGIR fucked around with this message at 17:19 on Dec 16, 2019 |
# ? Dec 16, 2019 17:15 |
|
My team is looking to build out our Elastic cluster in the cloud, but it sounds like Elastic is selling it to them as best done via IaaS? Anyone else use ELK and run all their stuff in that could more accurately inform me how much smoke is being blown up our rear end for compute requirements?
|
# ? Dec 16, 2019 23:22 |
|
You can run ELK yourself on EC2 or whatever just fine?
|
# ? Dec 17, 2019 22:59 |
|
ChubbyThePhat posted:My team is looking to build out our Elastic cluster in the cloud, but it sounds like Elastic is selling it to them as best done via IaaS? Anyone else use ELK and run all their stuff in that could more accurately inform me how much smoke is being blown up our rear end for compute requirements? I am a little confused on what you don't understand. Are you suspecting you are being told to build too much infrastructure? Are you confused of the benefits of IaaS vs not? Do you currently not have your elastic custer on prem? I feel like if you already have it on prem you should have an idea of what your consumption already looks like so you can size it in the cloud appropriately.
|
# ? Dec 17, 2019 23:19 |
|
Ah. Yes reading back on my post I basically provided zero context to anything I was asking; my mistake. We are running on prem right now but our logstash is FAR from collecting everything it's supposed to. We do have a decent assumption towards our event ingestion with all systems, but as these last statements indicate we have no live data to confirm it against. Basically Elastic is suggesting what I believe to be an incredible over-build and was curious what sort of rough figures of compute power other people were using.
|
# ? Dec 18, 2019 00:12 |
|
Just abandon elk and go all in on azure log analytics.
|
# ? Dec 18, 2019 00:19 |
|
I wanted to bitch about random bullshit turning up in my Pi Hole logs, but turns out Chrome on my smartphone is polling random letter hostnames to detect whether something's loving with DNS. I find it a tad annoying, tho. --edit: I guess what's more interesting is that it's doing it while my phone is locked and idle for hours now. Combat Pretzel fucked around with this message at 02:22 on Dec 18, 2019 |
# ? Dec 18, 2019 02:07 |
|
ChubbyThePhat posted:how much smoke is being blown up our rear end for compute requirements? Elastic stack seems to require metric fuckloads of resources to run even trivial queries, so wildly inflated requirements seem par for the course. My mind boggles when I hear that 8 GB of RAM is not enough to run an Elastick stack with 1 user doing manual queries a few times per day with 5 services logging into it but real world practice has proven this to be the case (the server was crashing due to out of memory and similar situations). The whole stack is just insanely resource-wasteful. If your on-prem experience differs, you seem to be in the minority.
|
# ? Dec 18, 2019 11:02 |
|
Combat Pretzel posted:I wanted to bitch about random bullshit turning up in my Pi Hole logs, but turns out Chrome on my smartphone is polling random letter hostnames to detect whether something's loving with DNS. You'll want to blacklist bugsnag.
|
# ? Dec 19, 2019 07:29 |
|
EssOEss posted:Elastic stack seems to require metric fuckloads of resources to run even trivial queries, so wildly inflated requirements seem par for the course. My mind boggles when I hear that 8 GB of RAM is not enough to run an Elastick stack with 1 user doing manual queries a few times per day with 5 services logging into it but real world practice has proven this to be the case (the server was crashing due to out of memory and similar situations). Is the issue that the individual EC2 instances need a lot of RAM? If the workload can be spread over lots of little EC2 instances then you could start with that and setup aggressive auto-scaling rules.
|
# ? Dec 19, 2019 16:35 |
|
Could a piece of malware hypothetically rewrite a GPU's BIOS/firmware to send screen data to the malware's owner? Having a conversation with a super-paranoid former blackhat friend and I had never heard of/thought of that before. He runs Qubes with Xen so basically 90% of what he uses is disposable/non-writing. Definitely seems more towards the Mossad than the non-Mossad end of the threat spectrum, I'm wondering if it's even possible.
|
# ? Dec 19, 2019 16:47 |
|
Okay infosec thread. What infosec specific things do you wish your infosec leadership could do better?
|
# ? Dec 19, 2019 17:40 |
|
Sickening posted:Okay infosec thread. What infosec specific things do you wish your infosec leadership could do better? I wish people in my organization actually understood PKI and certificates, and I wish that was encouraged by leadership on an organizational level. I appreciate our infosec's active engagement with staff every time there's a breach and employees' personal data is exposed (not our breaches - lifelabs, Equifax etc) I am on a personal crusade against shared accounts and I'd like that to be not a personal crusade - leadership should hammer that home during all hands and encourage buy-in from the rest of the company. Clear policies for travels to high risk areas like China/Russia/GCC as well as something to say if TSA wants to inspect company data. Password managers for the whole company. The Iron Rose fucked around with this message at 18:03 on Dec 19, 2019 |
# ? Dec 19, 2019 17:49 |
|
22 Eargesplitten posted:Could a piece of malware hypothetically rewrite a GPU's BIOS/firmware to send screen data to the malware's owner? Having a conversation with a super-paranoid former blackhat friend and I had never heard of/thought of that before. He runs Qubes with Xen so basically 90% of what he uses is disposable/non-writing. Definitely seems more towards the Mossad than the non-Mossad end of the threat spectrum, I'm wondering if it's even possible. it would be pretty elaborate and require some level of driver/application integration in the OS to ship the data out on the network stack, or some kind of integration/exploit to manage that over the UEFI environment, an OOB management controller, and/or the management engine embedded in the CPU that might have direct access to a nic. I would not consider it a likely vector, and there's likely going to be rom signature validation before flashing to stop it from taking arbitrary code so you'd be doing some soldering to get the rom written.
|
# ? Dec 19, 2019 17:52 |
|
BangersInMyKnickers posted:it would be pretty elaborate and require some level of driver/application integration in the OS to ship the data out on the network stack, or some kind of integration/exploit to manage that over the UEFI environment, an OOB management controller, and/or the management engine embedded in the CPU that might have direct access to a nic. I would not consider it a likely vector, and there's likely going to be rom signature validation before flashing to stop it from taking arbitrary code so you'd be doing some soldering to get the rom written. It's a good thing signing keys never get stolen and the graphics helper software on your computer is well known for its high bar in security. This still sounds like badbios levels of probability though, there are easier ways and TAO will just intercept your shipment to solder something on if you're at this point.
|
# ? Dec 19, 2019 17:55 |
|
Sickening posted:Okay infosec thread. What infosec specific things do you wish your infosec leadership could do better? Open communication and honesty with the userbase is probably the biggest lesson we haven't learned yet. We made decisions in secret (sometimes even internally between teams in security) and do not solicit feedback for initiatives that will impact the entire org. Our relationship with other departments is often hostile and they more often than not fight us or withhold important information as a result. Not exactly productive in the context of security if your userbase is trying to undermine you every step of the way.
|
# ? Dec 19, 2019 17:58 |
|
Volmarias posted:It's a good thing signing keys never get stolen and the graphics helper software on your computer is well known for its high bar in security. Yeah, I am not saying it is impossible but the number of things you have to successfully chain together to make it work mean that doing this would be pretty much a one-off to a specific hardware config in a specific org because any one of a number of variables changing slightly would make the wheels fall off. We're talking Iranian enrichment program PLC sabotage levels of sophistication and targeting e: It's much easier to target an OOB controller (idrac/intel me/ilo/etc) since that's going to let you scrape the video buffer and should already have an active network stack to exfil on. BangersInMyKnickers fucked around with this message at 18:02 on Dec 19, 2019 |
# ? Dec 19, 2019 18:00 |
|
22 Eargesplitten posted:Could a piece of malware hypothetically rewrite a GPU's BIOS/firmware to send screen data to the malware's owner? Having a conversation with a super-paranoid former blackhat friend and I had never heard of/thought of that before. He runs Qubes with Xen so basically 90% of what he uses is disposable/non-writing. Definitely seems more towards the Mossad than the non-Mossad end of the threat spectrum, I'm wondering if it's even possible. NVIDIA GPUs Kepler and newer and AMD GPUs Vega and newer will authenticate their VBIOS signature against a key that has not, to date, been broken (by the general public at least, and people have been trying so that they can play with it for mining/etc). Replacing the VBIOS with a malicious one is towards the Mossad end of the scale for sure. That said, GPU process isolation is probably not very good and I would work on the assumption that it's possible to leak data from one process to another (or in the case of SR-IOV from one user to another). For starters consumer GPUs only zero memory at startup, so there is the possibility that you could be handed memory that already has data from another process in it. Also, there is a decent chance that GPUs could be vulnerable to some kind of spectre-like attack since it's doubtful any attention was paid to timing attacks when designing a performance-oriented GPU architecture back in the 2010-2012 timeframe. So while firmware attacks are probably unlikely, there are probably attacks that would allow an unprivileged app to, say, grab framebuffer data from a browser or from the screen-wide framebuffer and then send that to someone. It is probably a blessing in disguise that GPU-accelerated compute has never really taken off outside niche compute-intensive applications so there isn't much sensitive data sitting in VRAM. Still pretty paranoid, and still probably implies that the Mossad is interested in you specifically as opposed to someone dropping cryptominers on everybody they can, but I think there's a pretty good chance there are significant unknown vulnerabilities in GPU architectures and firmware. Paul MaudDib fucked around with this message at 18:53 on Dec 19, 2019 |
# ? Dec 19, 2019 18:29 |
|
BangersInMyKnickers posted:it would be pretty elaborate and require some level of driver/application integration in the OS to ship the data out on the network stack, or some kind of integration/exploit to manage that over the UEFI environment, an OOB management controller, and/or the management engine embedded in the CPU that might have direct access to a nic. I would not consider it a likely vector, and there's likely going to be rom signature validation before flashing to stop it from taking arbitrary code so you'd be doing some soldering to get the rom written.
|
# ? Dec 19, 2019 19:08 |
|
BangersInMyKnickers posted:Open communication and honesty with the userbase is probably the biggest lesson we haven't learned yet. We made decisions in secret (sometimes even internally between teams in security) and do not solicit feedback for initiatives that will impact the entire org. Our relationship with other departments is often hostile and they more often than not fight us or withhold important information as a result. Not exactly productive in the context of security if your userbase is trying to undermine you every step of the way. Do you work where I work, or are these problems just that common.
|
# ? Dec 19, 2019 19:09 |
|
Biowarfare posted:You'll want to blacklist bugsnag. I've updated Pi Hole a day or two before this. I'm surprised it's not on any blacklist it uses.
|
# ? Dec 19, 2019 19:11 |
|
PBS posted:Do you work where I work, or are these problems just that common. I'd say it's common, since it rings true for me too. I'm on the other end of it. Our security team operates in the shadows and is usually an irritating presence when they peek out to ask for information for things they should already know, berate us for violating policies they created without buy-in, or when they break critical business apps with their mostly secret infrastructure. The final point is the greatest, because they reveal themselves after we've been troubleshooting under pressure for hours. I get that there may be certain things they can't reveal, but they act like they're the NSA or something.
|
# ? Dec 19, 2019 19:23 |
|
Inter-department infighting? It's not just a thing between IT and others. It's everywhere.
|
# ? Dec 19, 2019 19:29 |
|
BangersInMyKnickers posted:Open communication and honesty with the userbase is probably the biggest lesson we haven't learned yet. We made decisions in secret (sometimes even internally between teams in security) and do not solicit feedback for initiatives that will impact the entire org. Our relationship with other departments is often hostile and they more often than not fight us or withhold important information as a result. Not exactly productive in the context of security if your userbase is trying to undermine you every step of the way. One of the things I started doing is meeting with product teams when there isn’t an incident or ask; I need a word other than “peacetime” for it. If the only time we interact with the teams we support is when we broke them or we are asking them to do work, it’s hard to have a non-hostile relationship. For my tools team, we’re starting to require ourselves (and have metrics we are accountable for) in the realm of noise in security bugs, improving user workflows alongside work to make security tooling and not just throwing up new roadblocks, that sorta thing. I spend a lot of time talking to peers in performance/accessibility; they have some of the same problems we do w/r/t asks to other teams, but without the “you have to do this because security” hammer. Lessons to learn from them.
|
# ? Dec 19, 2019 19:43 |
|
Ynglaur posted:Is the issue that the individual EC2 instances need a lot of RAM? If the workload can be spread over lots of little EC2 instances then you could start with that and setup aggressive auto-scaling rules. You don't just autoscale elasticsearch. You'll be spending your whole life with shards moving around, reallocating, losing data. You could autoscale Logstash and Kibana, but the meat is in Elasticsearch. We run an ELK cluster, but we use ES as part of our product and most of my ES experience is on those clusters. I can't say anything like x events/second needs a cluster with y nodes or anything like that, but I will say that our new clusters are on i3en nodes and using the on-board nvme storage instead of EBS. We were on an loving ancient version of ES that didn't have index snapshots to S3, meaning we couldn't tolerate the volatility of instance store before. That change really bought us a ton of efficiency, and is going to save us a bunch of money. Elastic is pretty clear about using instance store instead of EBS, and they are right about that. So maybe they are right about the other recommendations?
|
# ? Dec 19, 2019 21:51 |
|
|
# ? May 20, 2024 00:38 |
|
My company has been fiddling around with adding Security Onion to our infrastructure as a kind of rolling project, where it'll be sweet once we get it working and configured properly, but we're not really investing serious time into getting it up and running. While combing through the logs today my boss came on this event that repeats every so often. code:
|
# ? Dec 20, 2019 21:17 |