|
Absurd Alhazred posted:
yeah, it has been known since the 90s that the internet isn't an actual planned thing, but rather an organic thing that happened on accident and rests upon dozens, if not hundreds of single points of failure. Look up Harlan Stenn sometime.
|
#
?
Jul 3, 2021 06:42
|
|
|
|
| # ? May 10, 2024 14:14 |
|
|
RFC2324 posted:yeah, it has been known since the 90s that the internet isn't an actual planned thing, but rather an organic thing that happened on accident and rests upon dozens, if not hundreds of single points of failure. Every few months the number of routes in the full BGP tables hits a point where a whole bunch of old core routers and route servers are about to poo poo the bed and major ISPs scramble to figure out how to avoid the internet falling apart out of the blue
|
|
#
?
Jul 3, 2021 06:49
|
|
|
That Kaseya hack was a hairs breadth from being catastrophic for us. The vendor management picked to work with us on a 9 million dollar Cisco phone project uses it and I just locked them the gently caress out of everything after crowdstrike picked up and stopped the malware that slipped in through kaseya and attempted to encrypt our whole phone system farm. Hell we even found the certificate with the key on a call manager box. Crowdstrike saved our rear end today.
|
|
#
?
Jul 3, 2021 16:52
|
|
|
Crowdstrike is really good. The way my CISO put it is that it lets you stop bad stuff in a few minutes rather than a day.
|
|
#
?
Jul 3, 2021 18:54
|
|
|
Absurd Alhazred posted:
Yup. Security is laughing about the absolute monstrosity that is Enterprise grade while trying to claw your sanity back
|
|
#
?
Jul 3, 2021 18:58
|
|
|
Farking Bastage posted:That Kaseya hack was a hairs breadth from being catastrophic for us. The vendor management picked to work with us on a 9 million dollar Cisco phone project uses it and I just locked them the gently caress out of everything after crowdstrike picked up and stopped the malware that slipped in through kaseya and attempted to encrypt our whole phone system farm. Hell we even found the certificate with the key on a call manager box. So are you ditching the vendor and telling them to remove all their infrastructure?
|
|
#
?
Jul 3, 2021 19:54
|
|
|
Thanks Ants posted:So are you ditching the vendor and telling them to remove all their infrastructure? Everyone can get hacked. I don’t think that’s necessarily a reasonable reaction, though I would certainly recommend implementing additional controls.
|
|
#
?
Jul 3, 2021 20:02
|
|
Cat Army 
|
It will be interesting to see how industry attitudes change to these remote management exploits, whether you'll see clients insisting that MSPs cannot have any persistent agents running as privileged users as even in the best case scenario it's increasing the attack surface (and increasing their costs accordingly as a lot of auto-remediation is removed), or whether MSP customers won't really know to ask for that anyway.
|
|
#
?
Jul 3, 2021 20:35
|
|
|
Thanks Ants posted:It will be interesting to see how industry attitudes change to these remote management exploits, whether you'll see clients insisting that MSPs cannot have any persistent agents running as privileged users as even in the best case scenario it's increasing the attack surface (and increasing their costs accordingly as a lot of auto-remediation is removed), or whether MSP customers won't really know to ask for that anyway. unfortunately you know the answer to this
|
|
#
?
Jul 4, 2021 00:23
|
|
|
Thanks Ants posted:It will be interesting to see how industry attitudes change to these remote management exploits, whether you'll see clients insisting that MSPs cannot have any persistent agents running as privileged users as even in the best case scenario it's increasing the attack surface (and increasing their costs accordingly as a lot of auto-remediation is removed), or whether MSP customers won't really know to ask for that anyway. I've never worked at an MSP and didn't know this was common until the exploit came out yesterday lol.
|
|
#
?
Jul 4, 2021 00:26
|
|
|
Yeah, the MSP business model basically wouldn't work without RMM tools.
|
|
#
?
Jul 4, 2021 00:28
|
|
|
It could, and it has (in a sense, doing s2s’s back to an MSP lol). It’s just even worse than relying on the RMM tools.
|
|
|
#
?
Jul 4, 2021 00:32
|
|
|
Thanks Ants posted:It will be interesting to see how industry attitudes change to these remote management exploits, whether you'll see clients insisting that MSPs cannot have any persistent agents running as privileged users as even in the best case scenario it's increasing the attack surface (and increasing their costs accordingly as a lot of auto-remediation is removed), or whether MSP customers won't really know to ask for that anyway. We mostly installed and configured that 9 million dollar phone system ourselves. The only reason they were allowed to sniff my network in the first place is because some salesman tucked the execs for a few hundred grand extra in annual MSP fees instead of just selling us the gear like we asked for. Seriously gently caress MSP's, gently caress Cisco, and double gently caress Cisco MSP's. I knew something was amiss when they would blame our non-cisco network for everything that could have possibly gone wrong with the phones. They once deployed a broken firmware to every(4000+) phone which bootlooped them all, then tried to blame it on using LLDP instead of CDP. Their "resident CCIE" was astounded that we don't just trunk vlans across everything instead of the multi-homed OSPF routed setup we have. It was damned satisfying watching him at the next meeting begrudgingly admit that "the network design is solid". That was from Presidio, who is is pretty notorious around here for getting their foot in the door as a cisco reseller then eventually getting entire government and private outfits to drop their in-house IT for MSP services. To answer your question, they just get to use bomgar like everyone else. 
|
|
#
?
Jul 4, 2021 03:10
|
|
|
RSA just keeps getting goofier https://twitter.com/brysonbort/status/1411475373150384136?s=19
|
|
#
?
Jul 4, 2021 04:05
|
|
|
They deleted the tweet and apologized, https://twitter.com/RSAConference/status/1411480627455614991?s=20 But the internet remembers, and it's really really dumb
|
|
#
?
Jul 4, 2021 08:36
|
|
|
Thanks Ants posted:It will be interesting to see how industry attitudes change to these remote management exploits, whether you'll see clients insisting that MSPs cannot have any persistent agents running as privileged users as even in the best case scenario it's increasing the attack surface (and increasing their costs accordingly as a lot of auto-remediation is removed), or whether MSP customers won't really know to ask for that anyway. TeamViewer is still the most used unattended home assist tool so you might take a wild guess on what will happen after this hack.
|
|
#
?
Jul 4, 2021 08:58
|
|
|
It’s not like teamviewer has been popped already this year
|
|
#
?
Jul 4, 2021 15:22
|
|
|
geonetix posted:They deleted the tweet and apologized, https://twitter.com/RSAConference/status/1411480627455614991?s=20 The tweet was incredibly dumb but the article is on a whole different level. I'm not kidding, RSA actually posted:Today, virtually all the valuable companies in the world are Internet-driven, platform-based business models. Yet, despite the surge in popularity, the Internet has a serious fundamental flaw: the transmission control protocol/internet protocol (TCP/IP)—the primary engine underpinning the Internet—is less secure. If you click through to the author page, you'll also learn that "Rohan Hall is a 30-year veteran in the blockchain and DeFi space." Apparently, the only problem with a proposal to replace "the TCP/IP" with Bitcoin is... "neutrality."
|
|
#
?
Jul 4, 2021 16:05
|
|
|
I’m glad they posted that before post-COVID international travel opened up so I can whip it out whenever my boss tries to convince me to attend RSA again.
|
|
#
?
Jul 4, 2021 16:25
|
|
|
Brb, going to spend $17 on a transaction fee and wait up to 10 hours for confirmation for each packet I send.
|
|
#
?
Jul 4, 2021 16:34
|
|
|
Happiness Commando posted:Brb, going to spend $17 on a transaction fee and wait up to 10 hours for confirmation for each packet I send. They say having a better rig wins fps games as it is.
|
|
#
?
Jul 4, 2021 16:37
|
|
|
This is like that proposal to make spam impractical by forcing an expensive calculation before sending an email, but stupider.
|
|
#
?
Jul 4, 2021 17:43
|
|
|
https://twitter.com/KateLibc/status/1411692767495942153
|
|
#
?
Jul 4, 2021 17:49
|
|
|
Absurd Alhazred posted:This is like that proposal to make spam impractical by forcing an expensive calculation before sending an email, but stupider. "PLEASE PROVE YOU ARE NOT A ROBOT" captchas before every email Ah yes, Perpetual Motion, famous for....not working perpetually. CommieGIR fucked around with this message at 17:52 on Jul 4, 2021 |
|
#
?
Jul 4, 2021 17:50
|
|
|
Happiness Commando posted:Brb, going to spend $17 on a transaction fee and wait up to 10 hours for confirmation for each packet I send. Just 10 hours? I hope you weren't planning on sending that over a messy, insecure-by-design protocol like the TCP/IP. You'd give up all the benefits of the internet-over-Bitcoin protocol! So, you'd better add in the time for the messenger pigeon or postal service to deliver your packets, too.
|
|
#
?
Jul 4, 2021 17:50
|
|
|
geonetix posted:They deleted the tweet and apologized, https://twitter.com/RSAConference/status/1411480627455614991?s=20
|
|
#
?
Jul 4, 2021 18:06
|
|
|
kaseya, his ports open voccola, when the firewalls fell
|
|
#
?
Jul 4, 2021 18:09
|
|
|
Was RSA the one a couple years ago where the guy was presenting his New Quantum Holistic Math?
|
|
#
?
Jul 4, 2021 18:35
|
|
|
Klyith posted:Was RSA the one a couple years ago where the guy was presenting his New Quantum Holistic Math? No, that was Black Hat: https://www.pcmag.com/news/black-hat-attendees-sponsored-session-was-snake-oil-crypto
|
|
#
?
Jul 4, 2021 18:43
|
|
|
Discovery of a cosmic side-channel corruption attack: https://twitter.com/FiloSottile/status/1411583960115814401
|
|
#
?
Jul 4, 2021 19:27
|
|
|
Achmed Jones posted:kaseya, his ports open RSA, their blog unfurled
|
|
#
?
Jul 4, 2021 21:28
|
|
|
Bitcoin, its chains broken
|
|
#
?
Jul 4, 2021 21:39
|
|
|
Cup Runneth Over posted:Bitcoin, its chains broken "The Blockchain at Tenagra" 
|
|
#
?
Jul 4, 2021 22:05
|
|
|
Absurd Alhazred posted:Discovery of a cosmic side-channel corruption attack: No additional certs can be logged to the Yeti 2022 shart.
|
|
#
?
Jul 4, 2021 22:22
|
|
|
Guy Axlerod posted:No additional certs can be logged to the Yeti 2022 shart. 
|
|
#
?
Jul 4, 2021 22:23
|
|
|
Absurd Alhazred posted:Discovery of a cosmic side-channel corruption attack: is only they'd been using a blockchain
|
|
#
?
Jul 5, 2021 02:38
|
|
|
https://twitter.com/marcwrogers/status/1411871388529397767 https://twitter.com/vxunderground/status/1411868363983396872 Seems like a relatively small payoff
|
|
#
?
Jul 5, 2021 04:18
|
|
|
https://twitter.com/rantyben/status/1411907403008733191
|
|
#
?
Jul 5, 2021 05:54
|
|
|
Mr Chips posted:is only they'd been using a blockchain The joke is that they are, and that's why they can't fix it.
|
|
#
?
Jul 5, 2021 06:26
|
|
|
|
| # ? May 10, 2024 14:14 |
|
|
Cup Runneth Over posted:https://twitter.com/marcwrogers/status/1411871388529397767 lol do they want kaseya to pay, or is the some game theory thing where all the hit companies could contribute but they all get the decrypted if it goes through so there is incentive to wait
|
|
#
?
Jul 5, 2021 06:31
|
|