|
duz posted:Whatever the one built into Windows is called. e: Wow what a lovely page snipe.
|
#
?
Mar 10, 2020 19:09
|
|
|
|
| # ? May 30, 2024 03:33 |
|
|
Do not use 3rd party EDR either. Defender ATP owns plenty.
|
|
#
?
Mar 10, 2020 20:04
|
|
|
duz posted:Whatever the one built into Windows is called.
|
|
#
?
Mar 10, 2020 20:06
|
|
|
duz posted:Whatever the one built into Windows is called. CLAM DOWN posted:Do not buy or use third party AV products. Please. Thank you.
|
|
#
?
Mar 10, 2020 23:37
|
|
|
We have a Sophos campus license and are required to use it. Even got some Mac users to install it (we don't support Macs) and it alerted us that those same Mac users apparently love installing MacKeeper, so… 
|
|
#
?
Mar 10, 2020 23:56
|
|
|
While we're on the subject, does Defender ATP have a standalone license yet, or do I just need to push harder for E5 licenses?
|
|
#
?
Mar 11, 2020 00:50
|
|
|
They’re selling ATP ala carte now. We have an E3 enterprise and paid for it separately.
|
|
#
?
Mar 11, 2020 00:55
|
|
|
Diva Cupcake posted:They’re selling ATP ala carte now. We have an E3 enterprise and paid for it separately. Do you have a SKU, because it is not listed on this page: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements
|
|
#
?
Mar 11, 2020 01:05
|
|
|
Antigravitas posted:We have a Sophos campus license and are required to use it. I swear we used to sell boxed retail copies of MacKeeper at Micro Center long ago.
|
|
#
?
Mar 11, 2020 23:19
|
|
|
AlternateAccount posted:I swear we used to sell boxed retail copies of MacKeeper at Micro Center long ago. It’s more that MacKeeper installs itself like a Mac Adobe product (or regular Windows software). It sprays itself all over the file system and wriggles into the weirdest of places making it nigh impossible to uninstall completely.
|
|
#
?
Mar 12, 2020 00:29
|
|
|
People really love weird cleanup tools whose primary functionality is hosing your system, huh.
|
|
#
?
Mar 12, 2020 00:33
|
|
|
CLAM DOWN posted:Do not buy or use third party AV products. Please. Thank you. On that note: https://twitter.com/taviso/status/1237105815414124549
|
|
#
?
Mar 12, 2020 04:46
|
|
|
Yeah, Avast disabled the JS interpreter globally yesterday, I believe. We owe Tavis a great debt.
|
|
#
?
Mar 12, 2020 05:29
|
|
|
wolrah posted:While firewalls and routers can be the same, neither has to be part of the other. Standalone firewalls are becoming less common these days but standalone routers are still very much a thing. Most layer 3 switches are just routing, not firewalling, likewise for internet backbone routers. yeah sorry, i meant in the context of a NAT router. by default a NAT router will drop incoming connections, because it has no idea where to point them, which is the firewally choice. not an amazing thing in any way, except for home users who don't know poo poo. NAT really saved the world a ton of hurt there IMO, you mostly have to attack browsers now instead of people's publicly accessible, unpatched RDP ports. because i'm sure we all know if every ip was public, consumer routers would just blindly forward everything by default  e: and yeah, DMZ on consumer routers is a big lol of a misnomer.
|
|
#
?
Mar 12, 2020 06:54
|
|
|
Is there any on-modification antivirus for macOS that can scan by file signature only and doesn’t just scan downloads? As far as I know, XProtect, the built-in one, only runs on files tagged as downloaded. I just want XProtect but for any files that get modified, regardless of supposed origin. I tried modifying clamav from MacPorts to watch /Users, but it pegs an entire core of my CPU constantly due to being a giant hack.
|
|
#
?
Mar 12, 2020 07:31
|
|
|
Subjunctive posted:Yeah, Avast disabled the JS interpreter globally yesterday
|
|
#
?
Mar 12, 2020 10:23
|
|
|
Unpatched Samba flaw now public... https://arstechnica.com/information-technology/2020/03/windows-has-a-new-wormable-vulnerability-and-theres-no-patch-in-sight/
|
|
#
?
Mar 12, 2020 11:16
|
|
|
Luckily not Samba, but MS SMBv3, so none of our file services are impacted.
|
|
#
?
Mar 12, 2020 11:35
|
|
|
I always forget that SMB isn't pronounced Samba...
|
|
#
?
Mar 12, 2020 11:42
|
|
|
Pablo Bluth posted:I always forget that SMB isn't pronounced Samba...
|
|
#
?
Mar 12, 2020 12:47
|
|
|
I'm only JUST winning the battle of disabling SMBv1 on my infrastructure, so alright I guess. We also have 1803 on our desktops, so alright x2 I guess.
|
|
#
?
Mar 12, 2020 15:54
|
|
|
I just finished SMBv1 closeout, Least Privilege Access and LAPS for AD, and we're getting ready to roll out 802.1x and Privilage Access Workstation. Biggest fight is killing the last of our HTTP APIs and getting rid of FTP. CommieGIR fucked around with this message at 16:04 on Mar 12, 2020 |
|
#
?
Mar 12, 2020 16:02
|
|
|
I'm not even going to start on the struggle I'm having getting people to buy in to PAW, but know it is not a fun one.
|
|
#
?
Mar 12, 2020 16:14
|
|
|
ChubbyThePhat posted:I'm only JUST winning the battle of disabling SMBv1 on my infrastructure, so alright I guess. 1803 has been out of support for 5 months, which means your computers possibly haven't received security updates since November 2019 (except for Enterprise versions, which get support till November 2020)
|
|
#
?
Mar 12, 2020 17:09
|
|
|
Yep. Enterprise. Apparently our desktop team is fighting to upgrade, but I don't know to what (hopefully not 1809) and I don't know how that's going. Other question: Is there any reason an API would not use OAuth over the internet other than "because it's hard"?
|
|
#
?
Mar 12, 2020 17:12
|
|
|
We went to 1809. It doesn't really matter which one you pick, they are all bug-ridden festering poo poo garbage. I've found so many bugs. Many of them aren't huge but they just keep adding up. Like Windows disabling WOL if you shut down from the login screen, but keeping WOL available when you shut down while logged in. Leaving EXCLUSIVE WRITE LOCKS OPEN over SMB after logoff, sending print jobs as Letter despite EVERYTHING set to A4 default EVERYWHERE, etc. etc. Just go to the absolute latest, it will have fucktons of bugs, but who cares anymore.
|
|
#
?
Mar 12, 2020 18:02
|
|
|
ChubbyThePhat posted:I'm not even going to start on the struggle I'm having getting people to buy in to PAW, but know it is not a fun one. Buy in has actually been good so far, when we stripped admin rights and gave select people admin escalation rights, they were concerned but I ate the dogfood I was selling and suddenly they liked it.
|
|
#
?
Mar 12, 2020 18:49
|
|
|
ChubbyThePhat posted:I'm only JUST winning the battle of disabling SMBv1 on my infrastructure, so alright I guess. Where do you work? I want to get some of that free money.
|
|
#
?
Mar 12, 2020 18:59
|
|
|
CommieGIR posted:Buy in has actually been good so far, when we stripped admin rights and gave select people admin escalation rights, they were concerned but I ate the dogfood I was selling and suddenly they liked it. Good god I hate this term. Why does it exist? Who's eating dog food?
|
|
#
?
Mar 12, 2020 19:45
|
|
|
Mustache Ride posted:Good god I hate this term. Why does it exist? Who's eating dog food? Jeff Atwood posted:The idea originated in television commercials for Alpo brand dog food; actor Lorne Greene would tout the benefits of the dog food, and then would say it's so good that he feeds it to his own dogs. In 1988, Microsoft manager Paul Maritz sent Brian Valentine, test manager for Microsoft LAN Manager, an email titled "Eating our own Dogfood" challenging him to increase internal usage of the product. The idea is that you're not putting out garbage that you wouldn't use yourself.
|
|
#
?
Mar 12, 2020 20:00
|
|
|
Antigravitas posted:We went to 1809. It doesn't really matter which one you pick, they are all bug-ridden festering poo poo garbage. Which is annoying, because it means that Windows 10 doesn't work with NFS locking the way every single other NFS client implementation has since XP, where NetworkLanManager is just a thing you enable if you need it and bob's your uncle. Antigravitas posted:who cares anymore.
|
|
#
?
Mar 12, 2020 20:05
|
|
|
Volmarias posted:The idea is that you're not putting out garbage that you wouldn't use yourself. I understand what it means. I'm saying it's an awful phrase and used rampant in the Security and IT Space. Like AI and Machine Learning. Stop using it.
|
|
#
?
Mar 12, 2020 20:14
|
|
|
D. Ebdrup posted:So far as I know, SMB doesn't do file locking at all In this case, Windows places a DENY_ALL lock on the ntuser.dat during logoff and holds it forever. We _require_ roaming profiles and due to the way computer pools work, the same user may then log on on a different PC and get a temporary profile since ntuser.dat can't be accessed due to the lock held from the previous computer. The "solution" is a logoff script of Start-Sleep 10. The lock is then released. Locking on SMB is even worse than on NFS. A client can request a lock on a file, then go offline for a few months, and expect that nobody else has modified the file in the meantime. We have of course disabled CSC completely because that thing is a data destroyer.
|
|
#
?
Mar 12, 2020 20:23
|
|
|
Antigravitas posted:In this case, Windows places a DENY_ALL lock on the ntuser.dat during logoff and holds it forever. We _require_ roaming profiles and due to the way computer pools work, the same user may then log on on a different PC and get a temporary profile since ntuser.dat can't be accessed due to the lock held from the previous computer.
|
|
#
?
Mar 12, 2020 20:24
|
|
|
Potato Salad posted:Where do you work? I want to get some of that free money. There are even worse things inside my network right now; if you can believe that. Does anyone have experience with Airlock Digital? My company is putting them up against Carbon Black for application whitelisting and I only know what their sales team has told me (which, I'm sure you can understand, I take with a massive grain of salt).
|
|
#
?
Mar 12, 2020 20:40
|
|
|
Pablo Bluth posted:Unpatched Samba flaw now public... 1> Server versions affected are just Core, which is relatively rare. 2> To attack a client, you have to con the end user into connecting to a malicious SMB share. If you already have that level of influence, it's just a question of how you want to own the system.
|
|
#
?
Mar 12, 2020 22:03
|
|
|
AlternateAccount posted:2> To attack a client, you have to con the end user into connecting to a malicious SMB share There's about a hundred places you can stick a UNC path and have windows try to connect to it, "have to con" is exaggerating the complexity slightly (It may prove difficult to exploit but not for this reason)
|
|
#
?
Mar 12, 2020 23:56
|
|
|
https://blog.reasonsecurity.com/2020/03/09/covid-19-info-stealer-the-map-of-threats-threat-analysis-report/
|
|
#
?
Mar 13, 2020 00:44
|
|
|
Mustache Ride posted:I understand what it means. I'm saying it's an awful phrase and used rampant in the Security and IT Space. Like AI and Machine Learning. Stop using it. Give a better saying then.
|
|
#
?
Mar 13, 2020 00:53
|
|
|
|
| # ? May 30, 2024 03:33 |
|
|
I’m corona.bat
|
|
#
?
Mar 13, 2020 01:46
|
|