|
CommieGIR posted:I've refused to do work for Oil companies in the past, to be fair since I drive fossil fueled cars that seems kinda hypocritical. i dont think thats hypocritical one time i turned down a job interview bc the company was named samsara and im buddhist. and yet i live in samsara!
|
# ? Jun 25, 2021 19:59 |
|
|
# ? May 26, 2024 03:55 |
|
Achmed Jones posted:i dont think thats hypocritical I agree. There's a difference between "I grudgingly have to participate in the oil economy because I live in the US and outside of a few city-centers, living without a car is an enormous problem and until quite recently non-oil-based cars simply didn't exist" and "yeah I'd work for Exxon without a second thought." Most of us end up participating in portions of an economic chain we would prefer not to support because the alternatives are non-viable or are so intrusive to our lives that we're not willing to make the sacrifices. Even the whole "lol defense contractor" stuff that gets thrown around in here kinda stinks of virtue signaling to some extent: there's a pretty salient ethical difference between a lot of the contracts many of those megacorps do--some are enormously problematic, while others are 100% things we all should be in favor of, with a whole lot somewhere in the middle. Lumping all of them together and painting them as the same is pretty myopic, IMO. evil_bunnY posted:Right, we essentially agree. I'd just never work at a FB/AWS. While I can understand not wanting to work for FB and be part of a company who is just shy of actively trying to undermine western democracy, I'm curious what your no-go is for AWS.
|
# ? Jun 25, 2021 20:24 |
|
My galaxy-brained physical abuser ex-friend lectured his now ex-wife to tears once over being a nurse. His reasoning was that if you work in the U.S. healthcare industry in any capacity, this means you support the system and therefore, are Part of the Problem. Don't be my galaxy-brained ex-friend. azurite fucked around with this message at 20:58 on Jun 25, 2021 |
# ? Jun 25, 2021 20:55 |
|
DrDork posted:
AWS is part of Amazon and if you can’t see why that’s a problem I can’t help you.
|
# ? Jun 25, 2021 21:01 |
|
azurite posted:My galaxy-brained physical abuser ex-friend lectured his now ex-wife to tears once over being a nurse. His reasoning was that if you work in the U.S. healthcare industry in any capacity, this means you support the system and therefore, are Part of the Problem. Literally this guy
|
# ? Jun 25, 2021 21:10 |
|
Alright, I think that's as good a time as any to say let's try to get back on topic. If you want to continue discussing it, there's some more generic IT threads that are probably more appropriate. Like this one - https://forums.somethingawful.com/showthread.php?threadid=3653857
|
# ? Jun 25, 2021 21:19 |
|
Or make an IT ethics thread, the topic is specific enough to warrant a dedicated discussion instead of fading into the generic it discussion thread.
|
# ? Jun 25, 2021 21:23 |
|
Yeah, I was kind of thinking the same thing. Good suggestion. I was going to run it by movax and see what he thought, but in the meantime at least it's somewhat more topical in the "working in IT" thread instead of the "infosec" thread.
|
# ? Jun 25, 2021 21:27 |
|
droll posted:https://www.bbc.com/news/world-us-canada-57592243 that was the genocide bit man I do not understand why y'all don't finish reading my posts before replying, not that I don't appreciate the source links
|
# ? Jun 25, 2021 21:38 |
|
Cup Runneth Over posted:that was the genocide bit man 1) I'm pretty sure they were just lazily providing context, not arguing with you. 2) I've asked the thread to get back on topic and your reply came pretty well after that.
|
# ? Jun 25, 2021 21:48 |
|
gently caress, missed opportunity to point out that i am a certified ethical hacker
|
# ? Jun 25, 2021 22:44 |
|
Tryzzub posted:gently caress, missed opportunity to point out that i am a certified ethical hacker cite your sources
|
# ? Jun 25, 2021 23:20 |
|
Missed modpost, nvm
evil_bunnY fucked around with this message at 23:43 on Jun 25, 2021 |
# ? Jun 25, 2021 23:37 |
|
brains posted:cite your sources paid ankit fadia $250
|
# ? Jun 26, 2021 00:07 |
|
Cup Runneth Over posted:that was the genocide bit man Sorry, ie is right I was just using your post as a jump off point to share links to recent news about evil. I'd love an ethics in
|
# ? Jun 26, 2021 00:58 |
|
I'd add an ethics thread to my bookmark collection. Its getting to be time to prune some of the extra dumb ones anyway
|
# ? Jun 26, 2021 16:28 |
|
I'll create one today and link it in the bigger IT threads.
|
# ? Jun 26, 2021 16:55 |
|
Jeoh posted:start doing ransomware and only target "bad" orgs Too late, already in motion...
|
# ? Jun 26, 2021 18:22 |
|
Without further ado, Ethics in IT: start doing ransomware and only target "bad" orgs
|
# ? Jun 26, 2021 22:12 |
|
Hackers exploited 0-day, not 2018 bug, to mass-wipe My Book Live devices Western Digital removed code that would have prevented the wiping of petabytes of data. quote:Last week’s mass-wiping of Western Digital My Book Live storage devices involved the exploitation of not just one vulnerability but a second critical security bug that allowed hackers to remotely perform a factory reset without a password, an investigation shows. Well, that sounds like fun. Still not 100% sure how a device behind a firewall is having commands run against it. I assume ports open, possibly via UPnP?
|
# ? Jun 29, 2021 16:05 |
|
Internet Explorer posted:Hackers exploited 0-day, not 2018 bug, to mass-wipe My Book Live devices At a guess, like most cloud poo poo, it had an always open connection to the c2 server. Its one of the big reasons things like one drive and google drive bother me so much: they demonstrably open the same kind of always on, can delete files remotely functionality, but hey, straight to your system, and good luck getting rid of one drive! (Ime it always comes back after a couple weeks)
|
# ? Jun 29, 2021 16:12 |
|
RFC2324 posted:At a guess, like most cloud poo poo, it had an always open connection to the c2 server. Its one of the big reasons things like one drive and google drive bother me so much: they demonstrably open the same kind of always on, can delete files remotely functionality, but hey, straight to your system, and good luck getting rid of one drive! (Ime it always comes back after a couple weeks) I think you can block onedrive at GPO level computer config > admin templates > windows components > onedrive > prevent the usage of onedrive for file storage
|
# ? Jun 29, 2021 16:23 |
|
I think the easy solution there is to not allow end-users to purge deleted items and only allow them to expire after a set amount of time. Same with "versions" of a file. I know there's ways to do that with the business versions of each product, but I'm not sure about the consumer versions. Hell, Pure SANs allow you to turn on a "safety" mode that holds deleted volumes and snapshots for a configured amount of time, up to 30 days, unless you contact support and have them enter their super secret password that's hopefully super secure. None of this really matters if you're developers do stupid things. It doesn't help if something gets root. But it does put some amount of safeguards from a user getting hit in user space and having it wipe out all their data. But then you have people flipping out over TPM requirements for Windows 11, so like, here we are I guess.
|
# ? Jun 29, 2021 16:29 |
|
Internet Explorer posted:Hackers exploited 0-day, not 2018 bug, to mass-wipe My Book Live devices DNS-320L ShareCenter. mydlinkBRionyg:abc12345cba. A shallow dive tell many lies. Western Digital is in the news, yet no one speaks of Busybox/Nostromo <1.9.5 LFI to RCE found on CPE attached to many ISPs. HughesNet, Cox, Rogers, Algar Telecom. Dead hardware with useful hardcoded backdoors (root:supernova) are useful as a distributed pivot when your RAT speaks MIPS. RATs hop to new homes at the call of a mouse. WebUIs exposed to the WAN, blame to be spread among multiple fingers and eyes. Dumping BINs off SOIC16 chips is childsplay, the structured and organized use of the jewels contained inside is much more fun. BGP and TR069 travesties are on the horizon, yet they will be handled quietly. No spotlights for these crumbling stones. Dentured minds and mouths built these castles, they are already ablaze. LORE COCO 2021 continues. All are welcome, few will succeed. We have fun too. (USER WAS PUT ON PROBATION FOR THIS POST)
|
# ? Jun 29, 2021 16:47 |
|
Internet Explorer posted:Well, that sounds like fun. Still not 100% sure how a device behind a firewall is having commands run against it. I assume ports open, possibly via UPnP? Yeah, My Book Live is one of the "home cloud" things that allow you to access data on the device from elsewhere, so that thing is punching through a home router's NAT/firewall. RFC2324 posted:and good luck getting rid of one drive! (Ime it always comes back after a couple weeks) It comes back after the major half-year updates, because those are effectively reinstalling the OS. Aside from that I've never had a problem as of late. %systemroot%\SysWOW64\OneDriveSetup.exe /uninstall <- use that to uninstall at the system level OTOH I don't use a MS account, maybe it is more persistent about coming back in that case.
|
# ? Jun 29, 2021 17:15 |
|
Klyith posted:Yeah, My Book Live is one of the "home cloud" things that allow you to access data on the device from elsewhere, so that thing is punching through a home router's NAT/firewall. Ill have to try this, but MS is convinced that I *need* one drive in my life. It might be the ms account, but having my license tied to that instead of hardware or a piece of paper or a sticker on the side of the case is soooo much easier, particularly if you tend to solve 95% of issues by just flattening and rebuilding
|
# ? Jun 29, 2021 17:24 |
|
Internet Explorer posted:Hackers exploited 0-day, not 2018 bug, to mass-wipe My Book Live devices whimsicaltelegraph posted:Dentured minds and mouths built these castles, they are already ablaze. evil_bunnY fucked around with this message at 17:32 on Jun 29, 2021 |
# ? Jun 29, 2021 17:29 |
|
whimsicaltelegraph posted:DNS-320L ShareCenter. mydlinkBRionyg:abc12345cba. A shallow dive tell many lies. *takes massive bong rip* Klyith posted:Yeah, My Book Live is one of the "home cloud" things that allow you to access data on the device from elsewhere, so that thing is punching through a home router's NAT/firewall. This is what I thought. Yeah... not really sure why anyone thought this was a good idea.
|
# ? Jun 29, 2021 18:31 |
|
Does that via UPnP I'm assuming?
|
# ? Jun 29, 2021 19:08 |
|
Internet Explorer posted:*takes massive bong rip* Like, ARGs, man. Friggin' weird stuff. *passes the dutchie* e: ahahaha I just saw that GBS mod challenged the weird ARG person and they *completed* it, fuckin kudos Kazinsal fucked around with this message at 19:19 on Jun 29, 2021 |
# ? Jun 29, 2021 19:17 |
|
I wouldn't be surprised if a lot of exploits come from people setting DMZs in their home routers because they're trying to get a better NAT type for their Xbox or whatever, and then a far less secure device ends up on that IP address.
|
# ? Jun 29, 2021 19:18 |
|
Thanks Ants posted:I wouldn't be surprised if a lot of exploits come from people setting DMZs in their home routers because they're trying to get a better NAT type for their Xbox or whatever, and then a far less secure device ends up on that IP address. I helped a friend who got popped and this is what happened: He put his PC in a DMZ, then dropped the host firewall. He was pretty quickly hit.
|
# ? Jun 29, 2021 19:24 |
|
I'm really happy that the firewall is enabled by default on Windows Server installs. I remember constantly setting up VMs that would get compromised in the less than a minute reboot window after a fresh OS install
|
# ? Jun 29, 2021 19:50 |
|
Biowarfare posted:I'm really happy that the firewall is enabled by default on Windows Server installs. I remember constantly setting up VMs that would get compromised in the less than a minute reboot window after a fresh OS install "Our App cannot connect, so we just disabled the firewall on the advice of the vendor" Literally had this happen yesterday. Updating our policies to include "Host Based Firewall will never be fully disabled"
|
# ? Jun 29, 2021 20:03 |
|
CommieGIR posted:Literally had this happen yesterday. Updating our policies to include "Host Based Firewall will never be fully disabled" "never said you couldnt have the fw on with 0 rules enabled" - Intelligent Vendor
|
# ? Jun 29, 2021 20:12 |
|
Klyith posted:Mmm, I wasn't very precise, but the file/folder encryption is always unlocked by simple login to your account. While veracrypt would normally be secure until you access & unlock it, and same with bitlocker if you're using a virtual drive or separate partition from your OS. I appreciate the clarification from both of you! I'm aware either way that leaving it open and unlocked (whether it's tied to my account which does not have a secure login password or specifically accessing and unlocking it separately) isn't safe. I will not be doing that!
|
# ? Jun 29, 2021 21:57 |
|
whimsicaltelegraph posted:LORE COCO 2021 continues.
|
# ? Jun 29, 2021 22:36 |
|
RFC2324 posted:Ill have to try this, but MS is convinced that I *need* one drive in my life. It might be the ms account, but having my license tied to that instead of hardware or a piece of paper or a sticker on the side of the case is soooo much easier, particularly if you tend to solve 95% of issues by just flattening and rebuilding I think I'll disagree with this. Licenses from eBay are so cheap I'd rather have a serial string attached to the hardware than deal with accounts or waste my time calling MS when I get new hardware. Just spend a minute on eBay and the old hardware will still have its license and can go on to continue it's life.
|
# ? Jun 30, 2021 16:04 |
|
CommieGIR posted:"Our App cannot connect, so we just disabled the firewall on the advice of the vendor"
|
# ? Jun 30, 2021 16:19 |
|
|
# ? May 26, 2024 03:55 |
|
Ive never had to calls over new hardware. Unless you move the license 3+ times in a year, it should just let you sign in and automagically the new machine is valid and the old one isn't anymore. Can be kind of a pain if you need access to both, but other than that I haven't had a problem in the 5 years or whatever since I accidentally did it
|
# ? Jun 30, 2021 16:20 |