|
klosterdev posted:Are we talking about the Google/Oracle API Copyright case now APIs are the intellectual property equivalent of QWERTY!
|
# ? Oct 9, 2020 16:05 |
|
|
# ? May 27, 2024 03:16 |
People who're looking for guides on how to find vulnerabilities might get something out of reading this.
|
|
# ? Oct 9, 2020 17:06 |
|
Achmed Jones posted:It's very likely you're legally compelled to block traffic from embargoed countries. Geoip blocking is useless for actually preventing attacks from those countries, but does fulfill your legal obligation* At a previous job about a decade ago, we had a download map for a consumer software release (which included strong crypto) and there was some noise about the fact that Iran appeared and was tracked. The solution was to just exclude Iran from the geo-IP lookup set and show up as “unknown” along with a few Pacific islands or whatever. We didn’t have to block it if we weren’t determining where it was from, per our counsel at the time. If you can identify your users the standards are different, I believe, so our services signup had to take more steps to attempt to avoid the banned countries (and theoretically the DPL but nobody really bothers outside of finance and some dual-use applications AFAICT).
|
# ? Oct 9, 2020 17:10 |
|
D. Ebdrup posted:People who're looking for guides on how to find vulnerabilities might get something out of reading this. Swearing isn’t as good as “TODO” I suspect, but any code that evokes an emotional reaction in the writer is suspect. e: oop, double
|
# ? Oct 9, 2020 17:12 |
|
Thanks everyone who chimed in about Darktrace. Glad to hear "you don't necessarily need something like this" is the consensus. I don't know if I'll be able to convince management to drop it entirely, but if we don't need it I'm not going to bother offering up an alternative. I'll just suggest way pay as little as possible for renewal or drop it. We still have a lot of low-hanging fruit we could be focusing on.
|
# ? Oct 9, 2020 17:12 |
Subjunctive posted:Swearing isn’t as good as “TODO” I suspect, but any code that evokes an emotional reaction in the writer is suspect.
|
|
# ? Oct 9, 2020 17:31 |
|
Subjunctive posted:“TODO”
|
# ? Oct 9, 2020 17:52 |
|
Biowarfare posted:I haven't done this in a while, what's the easiest way to break cert pinning on a Win32 application? Either do that or edit it to use SSL_VERIFY_NONE if you can find the right place
|
# ? Oct 9, 2020 17:54 |
|
Achmed Jones posted:It's very likely you're legally compelled to block traffic from embargoed countries. Geoip blocking is useless for actually preventing attacks from those countries, but does fulfill your legal obligation* Anyone else have to disable QUIC?
|
# ? Oct 9, 2020 19:27 |
|
Internet Explorer posted:If you need to follow ITAR or something, it's absolutely something that you'll need to do. Pretty much for the reasons stated above. That's....not my experience, and my environment passes annual alphabet soup audits with flying colors each year.
|
# ? Oct 9, 2020 22:59 |
|
Potato Salad posted:That's....not my experience, and my environment passes annual alphabet soup audits with flying colors each year. Really? It always seems like one of the first requests. Thanks for the correction. I guess it's one of those things that persists like regular password resets / complex passwords. Maybe it's something I need to start pushing back on!
|
# ? Oct 9, 2020 23:02 |
|
Internet Explorer posted:Really? It always seems like one of the first requests. definitely do whatever the suits from ABC XYZ tell you to do, of course
|
# ? Oct 9, 2020 23:07 |
|
Whoa, looks like Tyler Tech who is in deep with lots of government clients paid out their ransom: https://www.bleepingcomputer.com/news/security/tyler-technologies-paid-ransomware-gang-for-decryption-key/
|
# ? Oct 12, 2020 03:02 |
|
Internet Explorer posted:Really? It always seems like one of the first requests. A lot of time this is poo poo like 'you must use the DoD 7 wipe DBAN or else the drive isn't clean' that persists more out of it being tons easier to wait an extra day for the drive to be reusable than it is to argue with your boss who has to argue with legal who has to argue with some government drone, who then has to make a descison, who then tells you "no, do it anyway." ITAR/FINRA/HIPPA poo poo on the technology side is a big 'one size fits all, if you squint at it right', with a ton of poo poo that are genuine good ideas interspersed with poo poo that might have made sense two decades ago but now is the regulatory equivalent of vestigial limbs. If it's stupid but it makes the auditors happy, it's our job to make it somehow work, not call the nice XYZ agency guy a dipshit (at least to his face).
|
# ? Oct 12, 2020 11:25 |
|
secret hint: All ITAR boils down to "don't let unapproved foreign persons see widget" one way or another That's, when you're trying to do work, sometimes you're trying to secure access to widget. sometimes you're trying to recategorize or beneficially categorize widget. sometimes you are applying for an approval license. technical controls themselves don't exist specifically in the itar
|
# ? Oct 12, 2020 12:33 |
|
Methylethylaldehyde posted:A lot of time this is poo poo like 'you must use the DoD 7 wipe DBAN or else the drive isn't clean' that persists more out of it being tons easier to wait an extra day for the drive to be reusable than it is to argue with your boss who has to argue with legal who has to argue with some government drone, who then has to make a descison, who then tells you "no, do it anyway." I'm digging through a pile of servers and removing any RAM cache from RAID controllers and destroying them today. Because paranoid.
|
# ? Oct 12, 2020 12:47 |
|
Maneki Neko posted:Whoa, looks like Tyler Tech who is in deep with lots of government clients paid out their ransom: They've been extremely tight-lipped about this, even with the support managers I've spoken to, who say they don't know anything more about it than the customers do. Wonder when they paid--their phone systems are all still completely down.
|
# ? Oct 12, 2020 14:04 |
|
Bob Morales posted:I'm digging through a pile of servers and removing any RAM cache from RAID controllers and destroying them today. Because paranoid. Now that I think about it, I'm not sure how to erase the data on the flash backed write cache on our company servers, what data might be there and in which situations it gets written there. I assume it only happens if the server loses power, so most of the UPS connected servers will have them empty. But then there are those few servers that have started misbehaving enough that I've gone to yank the power leads.
|
# ? Oct 12, 2020 21:07 |
|
e: nvm im wrong
|
# ? Oct 12, 2020 23:10 |
|
Saukkis posted:Now that I think about it, I'm not sure how to erase the data on the flash backed write cache on our company servers, what data might be there and in which situations it gets written there. I assume it only happens if the server loses power, so most of the UPS connected servers will have them empty. But then there are those few servers that have started misbehaving enough that I've gone to yank the power leads. 1)if the cache was nand, hammer it to gently caress 2) if the cache was dram backed by a battery, unplug the battery 3) hammer everything to gently caress anyway, it's fun form of stress relief
|
# ? Oct 13, 2020 00:24 |
|
Go rent this from lowes: https://www.lowes.com/pd/Detail-K2-...ires/1002826350
|
# ? Oct 13, 2020 00:56 |
|
Saukkis posted:Now that I think about it, I'm not sure how to erase the data on the flash backed write cache on our company servers, what data might be there and in which situations it gets written there. I assume it only happens if the server loses power, so most of the UPS connected servers will have them empty. But then there are those few servers that have started misbehaving enough that I've gone to yank the power leads. Something something degauss something lower it into a vat of molten metal
|
# ? Oct 13, 2020 03:38 |
|
Do they have physical shredders for hard drives yet? I want to reduce a rectangle of metal to strips.
|
# ? Oct 13, 2020 03:41 |
|
Cup Runneth Over posted:Do they have physical shredders for hard drives yet? I want to reduce a rectangle of metal to strips. Most of the truck mounted shredders will do it. We have one site where we inherited one of these from the previous regime, it has a very satisfying "destroy" button: https://garnerproducts.com/products/hard-drive-destroyers-solid-state-destroyers/pd-4-hard-drive-destroyer
|
# ? Oct 13, 2020 04:43 |
|
degauss before physical destruction if you're a federal contractor
|
# ? Oct 13, 2020 05:01 |
|
Maneki Neko posted:Most of the truck mounted shredders will do it. We have one site where we inherited one of these from the previous regime, it has a very satisfying "destroy" button:
|
# ? Oct 13, 2020 05:43 |
There's always the thermite recipe from the anarchists cookbook.
|
|
# ? Oct 13, 2020 07:38 |
|
D. Ebdrup posted:There's always the thermite recipe from the anarchists cookbook. https://www.youtube.com/watch?v=-hNQ280Zkk4
|
# ? Oct 13, 2020 07:48 |
https://www.youtube.com/watch?v=2iWB7FkuM_4
|
|
# ? Oct 13, 2020 09:04 |
|
Volmarias posted:Something something degauss something lower it into a vat of molten metal
|
# ? Oct 13, 2020 12:46 |
|
Maneki Neko posted:Most of the truck mounted shredders will do it. We have one site where we inherited one of these from the previous regime, it has a very satisfying "destroy" button: Crushing is good but I'm talking about turning a hard disk drive into strips like you put a piece of paper in a paper shredder.
|
# ? Oct 13, 2020 14:33 |
|
Kind of surprised I never hear about systems that heat a hard drive up to the platter's curie temperature for data destruction
|
# ? Oct 13, 2020 15:52 |
|
Cup Runneth Over posted:Crushing is good but I'm talking about turning a hard disk drive into strips like you put a piece of paper in a paper shredder. https://www.youtube.com/watch?v=wb3Xa1h_RqM It's as magnificent to behold in person as you'd expect.
|
# ? Oct 13, 2020 15:56 |
klosterdev posted:Kind of surprised I never hear about systems that heat a hard drive up to the platter's curie temperature for data destruction video abstract posted:How much more paranoid are you now than you were four years ago? Warrantless surveillance and large-scale data confiscation have brought fear of the feds filching your files from black helicopter territory into the mainstream. Recent government snatch-and-grabs have run the gamut from remotely imaging foreign servers to straight up domestic coffeeshop muggings, so if you think you might need to discard a lot of data in hurry you're probably right. In their legendary DEF CON 19 presentation Shane Lawson, Bruce Potter and Deviant Ollam kicked off the discussion, and now it's time for another installment. While purging incriminating material residing on spinning disks remains the focus, the research has been expanded to encompass solid state storage and mobile solutions to your terabyte trashing needs. With best efforts to comply with the original constraints, the 2015 update features more analysis of the efficacy of kinetic projectiles, energetic materials and high voltages for saving your freedom at the potential cost of only a redundant body part... or two.
|
|
# ? Oct 13, 2020 17:01 |
|
D. Ebdrup posted:There's always the thermite recipe from the anarchists cookbook. There was a good DEFCON talk on hard disk destruction: https://www.youtube.com/watch?v=-bpX8YvNg6Y
|
# ? Oct 13, 2020 20:09 |
|
Cup Runneth Over posted:Do they have physical shredders for hard drives yet? I want to reduce a rectangle of metal to strips. In the 00s I was researching for drive destruction and I found a hand-operated single drive shredder. Same principle as the videos posted, but with a handle on the side you cranked. I bet that would have been some satisfying to use, probably even better than the hammer.
|
# ? Oct 13, 2020 23:16 |
|
Saukkis posted:In the 00s I was researching for drive destruction and I found a hand-operated single drive shredder. Same principle as the videos posted, but with a handle on the side you cranked. I bet that would have been some satisfying to use, probably even better than the hammer. .308 HDD Decommissioning will always be my favorite way to do things.
|
# ? Oct 14, 2020 01:29 |
|
.
|
# ? Oct 14, 2020 03:15 |
|
Oh, hey, a '90s Mac. I like Macs, but... go ahead and shoot that one.
|
# ? Oct 14, 2020 19:00 |
|
|
# ? May 27, 2024 03:16 |
|
Performas were awful for a kid who couldn't play his friend's DOS/Win95 computer games
|
# ? Oct 14, 2020 19:53 |