|
I lost count of the number of times I have to remind people of reputation impact when it comes to security. Headlines read "COMPANY X BREACHED (no confidential information stolen)" not "NO CONFIDENTIAL INFORMATION STOLEN in company X breach"
|
#
?
Jun 4, 2021 16:12
|
|
|
|
| # ? May 19, 2024 09:13 |
|
|
Martytoof posted:I lost count of the number of times I have to remind people of reputation impact when it comes to security. Headlines read "COMPANY X BREACHED (no confidential information stolen)" not "NO CONFIDENTIAL INFORMATION STOLEN in company X breach" They take a reputation hit, but its getting to the point where everyone's been breached at one point or the other. Its like 'There is no ethical consumption under capitalism' except its 'There is no unbreached corporation under Capitalism'. Its also counter to the reality of infosec which is: You are going to get hacked, it will happen to you eventually, IR/DR and a good Infosec program is how you will handle that when it happens.
|
|
#
?
Jun 4, 2021 16:48
|
|
|
There's also the fact that the actual hit stocks take from breaches is minimal and is gone after 6 months. It doesn't matter if a bunch of infosec nerds say Store X is dumb, normal people don't remember and the robots that trade the stocks don't care. It's just a brute fact that the monetary hit from stock prices and brand damage from breaches is tiny. If the operational costs can be shifted away too (eg with insurance) there's not a financial incentive to care outside of industries where a major breach really could be a company ending event. And (unfortunately) stuff like Cambridge Analytica has proved that stuff that we might intuitively expect to be company-ending just...isn't.
|
|
#
?
Jun 4, 2021 17:05
|
|
|
im sorry to kramer into your fine thread and bother yall, but the old domestic partner wants a more secure maybe even non-american VPN and im too ignorant to help her.
|
|
#
?
Jun 4, 2021 18:18
|
|
|
Depends entirely why she thinks she needs one to begin with (changing IP to watch foreign TV? Torrenting without risk of DMCAs? Living in a country where ISPs collect web history?)
|
|
#
?
Jun 4, 2021 18:40
|
|
|
The Saucer Hovers posted:im sorry to kramer into your fine thread and bother yall, but the old domestic partner wants a more secure maybe even non-american VPN and im too ignorant to help her. Mullvad
|
|
#
?
Jun 4, 2021 18:44
|
|
|
Cup Runneth Over posted:Mullvad Mullvad or ProtonVPN.
|
|
#
?
Jun 4, 2021 18:44
|
|
|
The Saucer Hovers posted:im sorry to kramer into your fine thread and bother yall, but the old domestic partner wants a more secure maybe even non-american VPN and im too ignorant to help her. First choice: Mullvad. Second choice: Proton. e: Beaten, but keeping my voice in the chorus.
|
|
#
?
Jun 4, 2021 18:44
|
|
|
Rufus Ping posted:Depends entirely why she thinks she needs one to begin with (changing IP to watch foreign TV? Torrenting without risk of DMCAs? Living in a country where ISPs collect web history?) they mostly use it as an academic to procure academic articles for no money Cup Runneth Over posted:Mullvad CommieGIR posted:Mullvad or ProtonVPN. thank yall having a look
|
|
#
?
Jun 4, 2021 18:46
|
|
|
The Saucer Hovers posted:they mostly use it as an academic to procure academic articles for no money No need for a VPN, just use sci-hub. I think they have a tor version of the site too if you're paranoid
|
|
#
?
Jun 4, 2021 18:56
|
|
|
Rufus Ping posted:No need for a VPN, just use sci-hub. I think they have a tor version of the site too if you're paranoid Yeah if its just for Scientific Articles, Sci-Hub.
|
|
#
?
Jun 4, 2021 18:57
|
|
|
lol https://twitter.com/kevincollier/status/1400875731505274888
|
|
#
?
Jun 4, 2021 19:08
|
|
|
Isn't proton known to be a Honeypot at this point?
|
|
#
?
Jun 4, 2021 20:27
|
|
|
theyre using scihub and dont want to end up like its founder or sued a few years from now once they catch up. weve been using KNOWN BAD VPN for a couple years and decided to stop being rubes
|
|
#
?
Jun 4, 2021 20:35
|
|
|
Mr. Crow posted:Isn't proton known to be a Honeypot at this point? There's some claims its a Honeypot, Privacy-watchdog.io has some extensive claims but I haven't seen any hard evidence yet, but privacy-watchdog.io is also suspected to be an astroturfing campaign for another VPN vendor and focuses a lot on Proton's services. CommieGIR fucked around with this message at 20:45 on Jun 4, 2021 |
|
#
?
Jun 4, 2021 20:42
|
|
|
CommieGIR posted:There's some claims its a Honeypot, Privacy-watchdog.io has some extensive claims but I haven't seen any hard evidence yet, but privacy-watchdog.io is also suspected to be an astroturfing campaign for another VPN vendor and focuses a lot on Proton's services. Hmmm maybe I dug that website up last time I looked not paying attention and thinking it was https://www.privacytools.io/providers/vpn/, thought privacytools.io (frontend for r/privacy) removed them at some point under honeypot pretenses but they list it under both vpn and email so 
|
|
#
?
Jun 4, 2021 20:56
|
|
|
Mr. Crow posted:Hmmm maybe I dug that website up last time I looked not paying attention and thinking it was https://www.privacytools.io/providers/vpn/, thought privacytools.io (frontend for r/privacy) removed them at some point under honeypot pretenses but they list it under both vpn and email so I mean, the reality is any of these providers could be a plant, and the only way to be sure is to setup your own servers/cloud solutions to vpn to, so you are not wrong to be cautious about them. https://twitter.com/gabsmashh/status/1400876819654533120?s=20 Run. Run fast, run far. CommieGIR fucked around with this message at 21:33 on Jun 4, 2021 |
|
#
?
Jun 4, 2021 21:22
|
|
|
vmware vuln?
|
|
#
?
Jun 4, 2021 21:39
|
|
|
Biowarfare posted:vmware vuln? It came out a week or two ago. Starting to be exploited now though. https://arstechnica.com/gadgets/2021/06/under-exploit-vmware-vulnerability-with-severity-rating-of-9-8-out-of-10/
|
|
#
?
Jun 4, 2021 21:41
|
|
|
Wow, April fools was a while ago  Oh it's real. Yep.
|
|
#
?
Jun 4, 2021 21:43
|
|
|
rafikki posted:It came out a week or two ago. Starting to be exploited now though. https://arstechnica.com/gadgets/2021/06/under-exploit-vmware-vulnerability-with-severity-rating-of-9-8-out-of-10/ I know the nmap checker for it is out: https://github.com/GuayoyoCyber/CVE-2021-21972
|
|
#
?
Jun 4, 2021 21:44
|
|
|
the funny thing is that i noticed one of my dead side project sites (avg <100 pv/day) is now getting a hundred requests a minute of that vcenter request crap from bots instead of just the usual wp-login.php type of 404
|
|
#
?
Jun 4, 2021 21:45
|
|
|
When I first saw that headline I thought it meant that Norton would start treating Ethereum mining software like a virus. 
|
|
#
?
Jun 4, 2021 22:21
|
|
|
i wonder how much cocaine went into that decision
|
|
#
?
Jun 5, 2021 03:12
|
|
|
Ynglaur posted:When I first saw that headline I thought it meant that Norton would start treating Ethereum mining software like a virus. I assumed it meant that norton antivirus was gonna start doing crypto mining and sending all the coins to symantec I'm not convinced its not going to
|
|
#
?
Jun 6, 2021 01:30
|
|
|
The Saucer Hovers posted:theyre using scihub and dont want to end up like its founder or sued a few years from now once they catch up. weve been using KNOWN BAD VPN for a couple years and decided to stop being rubes Tor will always be better than VPN as far as anonymity but much slower. If you’re really paranoid run Tails while using Tor at a coffee shop wifi. Getting more elaborate than that is both beyond my ability to do safely and probably not relevant to your use case. Personally if I’m understanding what your goal is, speaking for myself I would just use a VPN since if it’s a honeypot it’s probably not worth ruining it for copyright violations, but definitely I’m trading some safety for ease of use.
|
|
#
?
Jun 6, 2021 05:20
|
|
|
SMEGMA_MAIL posted:Tor will always be better than VPN as far as anonymity but much slower. If you’re really paranoid run Tails while using Tor at a coffee shop wifi. Unrelated to this but I just wanted to share this awesome blog post about how Tor really works: https://skerritt.blog/how-does-tor-really-work/ I found it just fascinating to read, and so now I share it with you all! May it prove to be a good conversation piece when all y’all’s friends and family next regret asking you about your careers.
|
|
#
?
Jun 6, 2021 18:00
|
|
Cat Army 
|
Fun little Kubernetes vulnerable cluster for practicing security on K8s https://github.com/madhuakula/kubernetes-goat
|
|
#
?
Jun 6, 2021 18:14
|
|
|
Powered Descent posted:First choice: Mullvad. Second choice: Proton. I currently give mullvad money, FWIW
|
|
#
?
Jun 6, 2021 21:01
|
|
|
https://twitter.com/CommieGIR/status/1401729287510704129?s=20
|
|
#
?
Jun 7, 2021 03:38
|
|
|
I think it says something about security these days that whenever I see a picture of someone's monitor I'm instantly on the look out for sticky notes.
|
|
#
?
Jun 7, 2021 03:59
|
|
|
I'm the additional opsecfuck of the excel spreadsheet in the downloads of people_i_bribe_for_their_connections.xlsx
|
|
#
?
Jun 7, 2021 04:02
|
|
|
Sounds like a great FOIA request right there.
|
|
#
?
Jun 7, 2021 10:40
|
|
|
Martytoof posted:Wow, April fools was a while ago
|
|
#
?
Jun 7, 2021 19:58
|
|
|
https://twitter.com/NatashaBertrand/status/1401969917633740801?s=20
|
|
#
?
Jun 7, 2021 19:59
|
|
|
lol I thought that was an exit scam by hackers trying to lay low edit: depending on the timeline, they are still out 30% of their money.
|
|
#
?
Jun 7, 2021 20:11
|
|
|
Ynglaur posted:Sounds like a great FOIA request right there. The only thing that this guy wouldn't want to have released is the actual figures, in much the same way you don't want your clients to know what you ACTUALLY bill.
|
|
#
?
Jun 7, 2021 20:34
|
|
|
text editor posted:lol I thought that was an exit scam by hackers trying to lay low Also they'll just lose money on the exchange rate 
|
|
#
?
Jun 8, 2021 07:40
|
|
|
Any technicals on how the FBI recovered those funds? I am assuming penetrating whatever systems had the private keys is more likely than cracking the crypto involved....
|
|
#
?
Jun 8, 2021 14:06
|
|
|
|
| # ? May 19, 2024 09:13 |
|
|
cr0y posted:Any technicals on how the FBI recovered those funds? I am assuming penetrating whatever systems had the private keys is more likely than cracking the crypto involved.... You would be right, right now it appears that the ransomware team had some servers in California that the FBI discovered and siezed that had wallets on it. CommieGIR fucked around with this message at 14:26 on Jun 8, 2021 |
|
#
?
Jun 8, 2021 14:17
|
|