|
evil_bunnY posted:This. You can argue for/against BBounties forever but the fact of the matter is, if a researcher discloses irresponsibly citing your lack of BB setup as the reason, they're a giant rear end in a top hat. It's also literally extortion, but most of the time you can't do anything about it. OP if you want you can send me a PM too.
|
# ? Nov 11, 2020 16:16 |
|
|
# ? May 19, 2024 17:19 |
|
xtal posted:They're probably blocking it by APN and might block the VPN too. Are you also considering whether the traffic is from that governments jurisdiction? TY. I ended up saying gently caress it just try the VPN and that worked. Going to just run all my scrapers through ExpressVPN. Small slowdown but not a big deal in the scheme of things. Its a temp fix as we plan to migrate these scrapers to AWS lambda functions and at that point I'll have to figure out the proxy situation.
|
# ? Nov 11, 2020 17:33 |
|
GCE is a great place to stage scraping.
|
# ? Nov 11, 2020 17:46 |
|
CarForumPoster posted:TY. I ended up saying gently caress it just try the VPN and that worked. Going to just run all my scrapers through ExpressVPN. Small slowdown but not a big deal in the scheme of things. Use a tiny ssh server somewhere and use ssh's built in socks proxy capability? (-D option)
|
# ? Nov 11, 2020 17:58 |
|
Blinkz0rz posted:I asked a friend who works in compliance and she mentioned Auditboard and LogicGate. The latter her team uses for risk management but it has a policy compliance module. This is pretty much exactly what I was looking for, thanks.
|
# ? Nov 11, 2020 20:59 |
|
What kind of rules are you guys seeing for 'file sharing' websites? OneDrive Dropbox etc? We blocked them all. But guess what, people use the gently caress out of them. Especially non-profits. Who we share data etc with. I got reamed today because the CFO couldn't access a link in his email to Sharefile (Citrix product). I allowed access to it, by allowing the URL accountingfirm.sharefile.com I first explained that we ban those types of sites and asked if there was another way they could send the file, and he replied with "It's HIPAA data what do you suggest we use?" Anyway, this is a huge security risk I explained that only links to files from that particular company would be allowed, not HACKEDACCOUNT.sharefile.com that we would get in a phishing email, but whatever. Apparently I should be making firewall rules specific for individual users every time a site needs whitelisted.
|
# ? Nov 12, 2020 03:24 |
|
my approach to sharing sites has been to acquire licenses for the popular stuff, then install/activate DLP features bonus points if somebody can suggest or move a shared workload to our o365 I guess in short my approach is to find a way to say "yes" that is also safe. I'm not super strapped for cash, so I probably have a little bit more wiggle room then others might this time next year, I want to have SSL termination (and I'm going to NEED it by 2025 for CMMC), but...one step at a time
|
# ? Nov 12, 2020 04:33 |
|
Yeah have O365 and we have Onedrive across the office plus the DLP stuff.
|
# ? Nov 12, 2020 05:27 |
|
I wouldn't bother blocking those sites at all. It's a big usability (and therefore social capital) hit without a payoff of remotely the same magnitude. e: it's reasonable to disallow the sync binaries, though
|
# ? Nov 12, 2020 06:51 |
|
I mean, malware does use those sites a lot, no? That's why Firefox Send shut down.
|
# ? Nov 12, 2020 07:04 |
|
Malware uses a lot of things. Legitimate use cases also use a lot of things. The trick is blocking the former without blocking the latter. Blocking widely-used sites is very rarely a good idea. As the legit:malware ratio approaches zero, it becomes reasonable, but dropbox isn't gonna meet that bar. When I say "If it's down, it's secure," it's not supposed to be a serious recommendation.
|
# ? Nov 12, 2020 07:30 |
|
Bob Morales posted:I first explained that we ban those types of sites and asked if there was another way they could send the file, and he replied with "It's HIPAA data what do you suggest we use?"
|
# ? Nov 12, 2020 10:39 |
|
Cup Runneth Over posted:I mean, malware does use those sites a lot, no? That's why Firefox Send shut down. Malware uses a lot of legit services, but blanket blocks of legit services won't help.
|
# ? Nov 12, 2020 13:30 |
|
CommieGIR posted:Yeah have O365 and we have Onedrive across the office plus the DLP stuff. O365 + DLP is pretty great, MS can auto-flag anything emailed or shared through OneDrive/SharePoint Online that looks HIPPA-sensitive, or has financial data, etc, and you can decide what happens in those cases. That said, make sure you have a BAA signed with MS, and also make sure users know that O365 isn't an EMR system and treating it as such can be problematic depending on the what the rules are in your area. Edit: You can also limit external sharing by security group, and make sure you don't have your OD/SP sharing settings any higher than authenticated guest access.
|
# ? Nov 12, 2020 16:01 |
|
klosterdev posted:O365 + DLP is pretty great, MS can auto-flag anything emailed or shared through OneDrive/SharePoint Online that looks HIPPA-sensitive, or has financial data, etc, and you can decide what happens in those cases. I find the MS's DLP creates a lot of false positives even if you move the silly match level to high. You can do a lot with the cloud app security policies to do some automatic response as well. For example, in the instance that someone shares a sensitive file outside the org with onedrive, you can have it automatically make the file private, quarantine the file, disable the user, alert you, and basically everything else under the sun. Similar options with teams and sharepoint. You should also have had the BAA signed with Microsoft before you even created a single email in their space.
|
# ? Nov 12, 2020 16:15 |
|
How does DLP work on the backend? Never set one up before is it basically just a hook to your mail/printer/scanner/what ever that looks for really common regex patterns for pii like ###-##-#### in the case of socials?
|
# ? Nov 12, 2020 16:28 |
|
Defenestrategy posted:How does DLP work on the backend? Never set one up before is it basically just a hook to your mail/printer/scanner/what ever that looks for really common regex patterns for pii like ###-##-#### in the case of socials? The simplest ones do...I hope they have progressed in the last ten years.
|
# ? Nov 12, 2020 16:30 |
|
Defenestrategy posted:How does DLP work on the backend? Never set one up before is it basically just a hook to your mail/printer/scanner/what ever that looks for really common regex patterns for pii like ###-##-#### in the case of socials? It can be a little bit more involved now, it is sometimes surprising what Azure ML will pick up on
|
# ? Nov 12, 2020 16:44 |
The default Sensitive Info Types that O365/AIP use are absolutely terrible in my experience. You do wind up writing your own regex, uploading your own dictionary, or a bunch of keywords and then futzing around with the sensitivity.
|
|
# ? Nov 12, 2020 16:52 |
|
klosterdev posted:O365 + DLP is pretty great, MS can auto-flag anything emailed or shared through OneDrive/SharePoint Online that looks HIPPA-sensitive, or has financial data, etc, and you can decide what happens in those cases. Yeah there's some tuning to do with it, but its perfectly usable.
|
# ? Nov 12, 2020 20:06 |
|
My experience with CASB/DLP tooling was that I could never trust it to catch 100% of cases (or even have a reasonable false positive rate), but it was good for uncovering systemic misuse of data and tools. If you have an HR team that really loves keeping and sharing spreadsheets of SSNs or a sales team that asks for client CC#s for whatever reason, you will probably find out.
|
# ? Nov 12, 2020 22:24 |
|
The Proofpoint CASB was pretty good when I tested it for DLP. They bolt the regex on to a dictionary of other related terms to figure out if you're dealing with a high-confidence hit or not. so like if the word doc contains both the string SSN and ###-##-#### its going to flag as high priority compared to just the regex. Also prioritizes by # of hits in a file. Really helps you cut down the noise and garbage hits.
|
# ? Nov 12, 2020 22:55 |
|
I doubt any DLP system is perfect, but from a practical perspective the alternative is the data leaves your ecosystem anyway and everything feels fine because you aren't aware of it. Build as many guardrails as you can from a practical level, but at some point data will have to enter and leave your organization, and never underestimate a human's ability to gently caress up a well-built system.
|
# ? Nov 12, 2020 23:07 |
|
What monster came up with the new MSRC vulnerability pages and how can I fight them in a redmond area parking lot? It seems like they just stopped publishing summaries or FAQs for new vulnerabilities which makes it real hard to figure out what the hell the scope is Look at this poo poo: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17051
|
# ? Nov 13, 2020 00:28 |
|
Maneki Neko posted:What monster came up with the new MSRC vulnerability pages and how can I fight them in a redmond area parking lot? https://twitter.com/campuscodi/status/1326286259917099010?s=21
|
# ? Nov 13, 2020 00:32 |
|
"It's not obfuscation, you just need a code book and a diagram on your wall explaining how the government is using radio to get into our miiinds"
|
# ? Nov 13, 2020 00:48 |
|
This is all lies.
|
# ? Nov 13, 2020 01:16 |
|
This coincides with launch of their new "Interpreter" certification path/group. They've created a new Microsoft cert on Security Response Analysis and moved their Licensing certification over to this new grouping as well.
|
# ? Nov 13, 2020 03:19 |
|
OMG THE NEW MICROSOFT I LOVE SATYA NADELLA SO MUUUUCH
|
# ? Nov 13, 2020 03:34 |
|
Hello Infosec, I am looking for a goon guide on privacy. VPNs, secure email, browsers, extensions, password managers. I am about to unplug my google home and I need to know where to go next.
|
# ? Nov 13, 2020 05:02 |
|
drw posted:Hello Infosec, I am looking for a goon guide on privacy. VPNs, secure email, browsers, extensions, password managers. I am about to unplug my google home and I need to know where to go next. Get rid of facebook, linkedin, and twitter. Then scrub your posting history of pii
|
# ? Nov 13, 2020 05:08 |
|
https://www.privacytools.io
|
# ? Nov 13, 2020 05:14 |
|
Bob Morales posted:OMG THE NEW MICROSOFT I LOVE SATYA NADELLA SO MUUUUCH Don’t be that guy. MS is a big company that does some things well and lots of things poorly.
|
# ? Nov 13, 2020 05:22 |
|
drw posted:Hello Infosec, I am looking for a goon guide on privacy. VPNs, secure email, browsers, extensions, password managers. I am about to unplug my google home and I need to know where to go next. Lol just give up now and surrender you're rear end to GOOG
|
# ? Nov 13, 2020 05:24 |
|
Defenestrategy posted:Get rid of facebook, linkedin, and twitter. Then scrub your posting history of pii Thanks, these will do. CLAM DOWN posted:Lol just give up now and surrender you're rear end to GOOG They had me rear end for years, now I am willing to sneak into their datacenter to destroy the data they stole from me.
|
# ? Nov 13, 2020 06:29 |
https://thenewoil.xyz/ has some good advice within it. Privacytools.io is also good. The subreddits r/privacy and r/degoogle are also decent resources. I just started degoogling and taking privacy a bit more seriously so I'm happy to talk a bit about it. And learn more of course. My best advice is don't try to go all out right away. Especially if you've been using Gmail for years. It's been not too bad moving away from most of their services, but Gmail has been super tough with all of the accounts I've made with it for almost 2 decades. Moved from GVoice over to a VOIP provider, flashed a privacy centric Android rom and moved to FOSS apps and have been slowly migrating my cloud storage to in home or off site encrypted backups.
|
|
# ? Nov 13, 2020 07:16 |
|
Thanks for the resources! Great timing for the conversation, I was recently asked by a journalist acquaintance for tips and suggestions to improving their security on the internet and mobile phone and unfortunately turns out that looking at firewall logs a lot does not translate to practical cybersec skills.
|
# ? Nov 14, 2020 21:15 |
|
I just discovered Shodan has a lifetime student upgrade if you have a .edu email. I'm about to lose my .edu email soon, any other good osint (or really any) tools have lifetime/long student student upgrades?
|
# ? Nov 14, 2020 21:52 |
SimpleLogin has a free pro tier for students
|
|
# ? Nov 14, 2020 23:52 |
|
|
# ? May 19, 2024 17:19 |
|
Using unbound as local full resolver would still get me to the proper edge servers of CDNs, right? This isn't something coordinated with the ISPs DNS resolvers?
|
# ? Nov 21, 2020 16:43 |