|
lol Black Hat isn't requiring proof of vaccination by attendees but you can order a room-service covid test for just $140-$230! OSU_Matthew posted:Well, I'll be masked and vaxxed, so Delta is worth some caution even if you're vaxxed -- 2 of the 5 hospitalizations in the Massachusetts 4th of July outbreak results were people who were vaccinated & had no underlying conditions. going to the conference is a decision, going to the parties is dumb as gently caress
|
#
?
Aug 2, 2021 00:24
|
|
|
|
| # ? May 25, 2024 20:10 |
|
|
Klyith posted:
The conference is the same level as a party IMO.
|
|
#
?
Aug 2, 2021 00:31
|
|
|
Klyith posted:lol Black Hat isn't requiring proof of vaccination by attendees Pretty sure it was 4 of the 5 hospitalizations who were vaccinated.
|
|
#
?
Aug 2, 2021 00:48
|
|
|
AlternateAccount posted:Pretty sure it was 4 of the 5 hospitalizations who were vaccinated. Well, there was also some other critical analysis missing from the news with regards to the recent Massachusetts outbreak
|
|
#
?
Aug 2, 2021 00:53
|
|
|
OSU_Matthew posted:Well, I'll be masked and vaxxed, so It really doesn't make it any smarter if you're masked and vaxxed. It's a crowd and your country is having an enormous surge because you ARE full of chuds.
|
|
#
?
Aug 2, 2021 00:59
|
|
|
OSU_Matthew posted:Well, there was also some other critical analysis missing from the news with regards to the recent Massachusetts outbreak Not a gay guy but gently caress if that's not worth catching covid versus a security conference.
|
|
#
?
Aug 2, 2021 00:59
|
|
|
OSU_Matthew posted:Well, there was also some other critical analysis missing from the news with regards to the recent Massachusetts outbreak I don’t have a Reddit account, soooo
|
|
#
?
Aug 2, 2021 01:00
|
|
|
AlternateAccount posted:Pretty sure it was 4 of the 5 hospitalizations who were vaccinated. Yep, but 2 of those 4 had additional conditions. The 2 without are the this could be you examples.
|
|
#
?
Aug 2, 2021 01:01
|
|
|
AlternateAccount posted:I don’t have a Reddit account, soooo So, what? That sub isn't private
|
|
#
?
Aug 2, 2021 01:58
|
|
|
droll posted:So, what? That sub isn't private But it’s flagged as for mature readers only so unless you have an account, you can’t read it.
|
|
#
?
Aug 2, 2021 02:12
|
|
|
Thwomp posted:But it’s flagged as for mature readers only so unless you have an account, you can’t read it. you just have to click the button, no account needed.
|
|
#
?
Aug 2, 2021 02:19
|
|
|
Thwomp posted:But it’s flagged as for mature readers only so unless you have an account, you can’t read it. you can on desktop! here's the text for those who care:  NSFW. Like many gay men, I thought the vaccine made me invincible and I had a year's worth of pent-up sexual frustration, so I partied hard in P-Town during July 4 week. I tested positive a day after I left, with some cold symptoms that lasted a few days. People are understandably worried about the CDC data showing breakthrough cases in P-Town, but I feel like they've left out a rather large variable. I suspect it may have something to do with offending gay men, so allow me to tell you a little bit about my week. *Ahem* Cue Jeff Foxworthy voice ... You might get a breakthrough case: If you're packed into the A-House shoulder-to-shoulder with 300 other people If the 300 people around you are dancing hard and panting all over you If you make out with 2 (or 5) of those people in the club per night If you go home with one (or 5) of those men per night and have lots of hot bear sex If you wake up in the morning and have some more sex (FYI: gay sex involves kissing) If you go to a crowded brunch and kick your immune system in the rear end with 4 mimosas If you repeat the above six activities with complete strangers every day for a week Do most people live their regular daily lives this way? I certainly don't. Every single guy I talked to was fully vaccinated, so I don't even know how an unvaccinated person would get COVID because they didn't seem to be in P-Town that week. It was a rude awakening that the vaccine does not make me invincible -- but the shot still worked miracles. I barely got sick. All of my vaccinated friends who I lived with for the week tested negative. The cases in P-Town are already plummeting. Without the vaccine, I imagine cases would have been 5,000+ with dozens of hospitalizations and a handful of deaths -- with Delta spreading uncontrollably throughout the rest of MA. But instead, the state numbers seem to be plateauing. I'm embarrassed for being part of the statistic that put MA on the national news. I'm horribly sorry to anyone I've indirectly infected. I've learned an important lesson. But I'm not quite sure it's a representative case study of the average MA population. My point is... To everyone worried about the P-Town data: I wouldn't get too nervous going to the grocery store just yet -- unless you tend to have orgies at Market Basket. Tryzzub fucked around with this message at 04:31 on Aug 2, 2021 |
|
#
?
Aug 2, 2021 02:19
|
|
|
Achmed Jones posted:it's like that prodigy song, "back your poo poo up" Not empty quoting.
|
|
#
?
Aug 2, 2021 02:20
|
|
|
Tryzzub posted:you can on desktop! here's the text for those who care: might I suggest putting the NSFW outside the tags if you are gonna bother spoilering it?
|
|
#
?
Aug 2, 2021 03:42
|
|
|
CLAM DOWN posted:America is insane for having in-person conferences right now. yep
|
|
#
?
Aug 2, 2021 04:12
|
|
|
RFC2324 posted:might I suggest putting the NSFW outside the tags if you are gonna bother spoilering it? good call, done
|
|
#
?
Aug 2, 2021 04:31
|
|
|
Tryzzub posted:I tested positive a day after I left, with some cold symptoms that lasted a few days. This means the vaccine worked hth
|
|
#
?
Aug 2, 2021 06:37
|
|
|
CLAM DOWN posted:It really doesn't make it any smarter if you're masked and vaxxed. It's a crowd and your country is having an enormous surge because you ARE full of chuds. i mean, it does, because my risk of infection is very small and my risk of serious complications is infinitesimally so. obviously it's a personal comfort thing, I'm not going either because it is a bit soon for me covid wise, and as you say, there's a wave! But vaccines are widely available, and they work miracles. I for one am very excited to start going to in person conferences again this fall/winter. I can't wait for my office to open up so we can work in person again, and given that Canada has the highest % of vaccinated people in the world, I'd say opening up is long overdue. I'd expect you of all people to understand, you've talked about missing the in person spark and connection often enough! Let's not be too judgmental is what I'm getting at here.
|
|
#
?
Aug 2, 2021 07:51
|
|
Cat Army
|
OSU_Matthew posted:Well, I'll be masked and vaxxed, so
|
|
#
?
Aug 2, 2021 08:09
|
|
|
The Iron Rose posted:i mean, it does, because my risk of infection is very small and my risk of serious complications is infinitesimally so. Ahhh, the famously individual risk calculations of a global pandemic
|
|
#
?
Aug 2, 2021 09:40
|
|
|
not to mention that there's a significant number of infosec folks who are also antivax and willing to lie about their vaccination status but i guess that problem will sort itself out a few weeks after defcon
|
|
#
?
Aug 2, 2021 10:47
|
|
|
CLAM DOWN posted:It really doesn't make it any smarter if you're masked and vaxxed. It's a crowd and your country is having an enormous surge because you ARE full of chuds. In case you haven't checked lately, the whole world has gone insane. It's not just limited to America, but we're just the easiest ones to point fingers at and laugh at. Glass houses and all. Humanity is stuck with Covid, same way as we're still stuck with the 1918 influenza bug as one of the miscellaneous flu strands that rears up each year. I don't know about you lot, but being stuck at home here for the last year and a half has been depressing as gently caress. I personally had a really lovely bout with covid last February, which took months to feel like a halfway normal person again. Throughout the pandemic I've followed the CDC's guidance, and this will be no different. I'm fully vaccinated and I'll be wearing a mask. The Pfizer and Moderna vaccines have proven themselves especially effective against the Delta variant, even with the people who did catch a breakthrough case in Massachusetts. On a personal note, I'll just say that my mental health especially is at an all time low. Something has to change, because I'm not sure how much longer I can keep doing this.
|
|
#
?
Aug 2, 2021 13:03
|
|
|
Pablo Bluth posted:I often listen to the Risky Business podcast, and every so often the guy behind thinkst canary is on the show. How well do canaries work in the real world? Perhaps not surprisingly, there's not too many people shouting about finding out their network is being owned... I've actually used them before and had a whole project getting it spun up. The way we used it (I was working local government for many cities/orgs at the time) was to create tokens and place them in file servers here and there. We supported a lot of police and fire departments, public utilities, etc. So we made tokens that looked like police officer address spreadsheets or utility SCADA diagrams, and we'd place them in directories that people had access too but would've had to go out of their way to get to. So for example all of the users in the PD had access to a shared drive that was something like G:\Whatever Town\Police\. We'd put the token in G:\Whatever Town\HR\Police\token.xls. The mapped drives would go straight to police but people could browse to HR\Police and poke around. We only ever caught employees snooping around. The alerting worked well and I was happy with the setup and how the canaries performed when triggered.
|
|
#
?
Aug 2, 2021 14:04
|
|
|
Stop comparing COVID to the flu. It’s not the flu. Jfc arrrrrrrrgggggggg Mental healthy is serious. Take care of yourself the best you can. Don’t do so at the expense of the health of others.
|
|
#
?
Aug 2, 2021 14:10
|
|
|
Vaccines work great in keeping you out of the hospital, keeping you from dying, or getting critically ill. Though, understand, a "mild" case of COVID in the vaccinated still may be two weeks of the worst flu you've ever encountered. It varies by person. However, we still don't have data on how long COVID is affected by the vaccine. So, there's still a potential risk you could be picking up long term symptoms/conditions if you get infected even after being vaccinated. More importantly though, vaccines have proven far less effective of stopping the spread of delta since the viral load of delta looks to be many times that of the original or even alpha strain. The current theory is that it since it takes up residence in the upper airway first (where there are fewer antibodies) it can spread from person to person. In a vaccinated person, once it starts trying to invade the rest of the body, it gets eradicated quickly. But, in the initial stages, it can still be easily spread. So, transmission between unvaccinated to vaccinated, vaccinated to unvaccinated, and even vaccinated to vaccinated is looking really common right now. This is bad for two reasons. The first is that it make it easier for the virus to find unvaccinated bodies and have the potential to mutate. The second is there's still a large portion of the population that doesn't have vaccines as an option due to being under 12 or immune suppressed. We're are also likely going to start hearing about boosters within the next few weeks as there's growing evidence that if you are greater than 65 and got your last shot months ago, that your protection could be waning. Yes, children are more resilient than adults, but they can still end up in the hospital, they can still end up with life long conditions, and they can still die. Until there's authorization to give the vaccine to children under 12, mitigation measure should remain in place. I'm going to be just more than a little pissed if my 11 year old niece ends up in the hospital just because an adult needed a swag and cheap booze hit. Yes, COVID will likely end up endemic. However, it doesn't just magically get there. Endemic means it can be managed, that it's only hitting a pocket of the population in a place and can be contained. Wildfire out of control spread is not a quick path to COVID becoming endemic and threatens to prolong everything if it escapes the protections we do have. bull3964 fucked around with this message at 14:29 on Aug 2, 2021 |
|
#
?
Aug 2, 2021 14:27
|
|
|
Sickening posted:Stop comparing COVID to the flu. It’s not the flu. Jfc arrrrrrrrgggggggg Why the gently caress are we arguing about this poo poo in the infosec thread? Go do that poo poo in d&d
|
|
#
?
Aug 2, 2021 15:01
|
|
|
Mustache Ride posted:Why the gently caress are we arguing about this poo poo in the infosec thread? Go do that poo poo in d&d If people are going to talk about it here, I am going to discuss it here. Be mad I guess.
|
|
#
?
Aug 2, 2021 15:06
|
|
|
Mustache Ride posted:Why the gently caress are we arguing about this poo poo in the infosec thread? Go do that poo poo in d&d Because derails naturally happen and as long as they are relatively brief and people aren't being lovely, then we try to let them peter out naturally. But I would agree that we've probably gotten too off track here and ask that any in-depth COVID discussion happen in the COVID thread in D&D. Thanks all. May your week be swift and easy. [edit: COVID thread - https://forums.somethingawful.com/showthread.php?threadid=3915397 ]
|
|
#
?
Aug 2, 2021 15:06
|
|
|
Sickening posted:Stop comparing COVID to the flu. It’s not the flu. Jfc arrrrrrrrgggggggg This.
|
|
#
?
Aug 2, 2021 17:58
|
|
|
Going back to the topic, Regione Lazio (the Italian county Rome is in) got cryptolocked to the point Covid vax calendaring is compromised(along many other services). Media is keeping a lid on cause and origin.
SlowBloke fucked around with this message at 20:17 on Aug 2, 2021 |
|
#
?
Aug 2, 2021 20:10
|
|
|
BaseballPCHiker posted:I've actually used them before and had a whole project getting it spun up. I can see the samba server and AWS tokens being hard to tell without having the bit the bullet and try them. On the other hand, stuff like the Excel canary tokens seem like they risk showing your hand, allowing a smart actor to notice the token without triggering it.
|
|
#
?
Aug 2, 2021 21:22
|
|
|
Pablo Bluth posted:It'd be interesting to know how well they work against the top-tier APT crews. I can see them being useful against automated ransomware and naïve rummagers, but can they be insidious enough that enough the smartest Russian/Chinese/US/Israeli hacker can't help but trip over them even if they're looking for them? If you have a file and a device absolutely nobody ever has a reason to access, and someone is trying to log into it, it's triggered. I would imagine they would at least trip over them unless you had maps of canaries laying around. You will need the act of observing the thing to trigger though, not some kind of remote image inside the XLS file, because it absolutely will have network blocked and any macros or remote calls blocked. You have to trigger literally upon even looking at the folder "Pay Scans (HR Proprietary)", on the server side, and also make sure it's deliverable and logged even if connectivity is cut and its been unjoined from the domain. Minimizing false alarms? Well, there's literally zero reason for any human working for you to be browsing to something named that, at all, so it's not so much a false positive as your canary informing you someone needs to be fired, and you can't reach it via normal AV scans from client devices since their mounts don't traverse there and the root is another folder by default. If you have DLP software and MITM all of your endpoints, canaries can be useful against non-APT regular compromises. Seed some normal data too, they don't just need to be access tokens or links but handfuls of very unique emails that if you ever get marketing/spam/signups/phishing to, you know your database has been dumped. Impotence fucked around with this message at 21:43 on Aug 2, 2021 |
|
#
?
Aug 2, 2021 21:35
|
|
|
One of my agencies that does Employee Benefits hired someone as a contractor, then I got this gem of an email:quote:They do not need a computer, they are only going to be monitoring the shared mailbox via browser and helping in the sharepoint. Turns out, this person is from a company called Zirtual, which we have no agreement with or Legal approval to use, and they were just going to have access to our email, intranet, and customer data including SSN on an unsecured endpoint. No big deal, right?
|
|
#
?
Aug 2, 2021 23:23
|
|
|
kensei posted:One of my agencies that does Employee Benefits hired someone as a contractor, then I got this gem of an email: 
|
|
#
?
Aug 2, 2021 23:24
|
|
|
I'm quite excited to get the first one of those and go all-in on Azure Virtual Desktop
|
|
#
?
Aug 2, 2021 23:28
|
|
|
Thanks Ants posted:I'm quite excited to get the first one of those and go all-in on Azure Virtual Desktop We do have a Citrix farm for approved contractors, but this is just them doing their own thing, trying to save money by using a virtual assistant and not paying for Citrix or anything.
|
|
#
?
Aug 2, 2021 23:35
|
|
|
quote:Zirtual is considered a part of the sharing economy, similar to ride-sharing services Uber and Lyft, car-sharing service Zipcar, and home-sharing service Airbnb.[2][3] Zirtual assigns ZAs to serve multiple clients within their time zone to perform administrative tasks. Each client, however, interacts with one, dedicated assistant. ZAs perform duties such as: responding to emails, scheduling meetings and appointments, researching and ordering products, services and gifts, making travel arrangements, coordinating events, performing market research, and other tasks as requested. Taking any bets on how long it takes for this to get compromised. Jesus. Social engineer just one "Zirtual Assistant” and have a choose-your-adventure data breach.
|
|
#
?
Aug 2, 2021 23:36
|
|
|
You don't even need to social engineer, there's no way that platform is doing the sort of background checking required to keep bad actors out, and the types of companies using an 'app' like that will probably be sharing credentials.
|
|
#
?
Aug 2, 2021 23:42
|
|
|
I mean most of the major outsourcing firms do no background checks, the one we use got caught by my team hiring someone who had a previous history for cybercrime. Found him out because we caught up trying to do network scans and other things outside of the scope of what he was supposed to be doing (patching servers).
CommieGIR fucked around with this message at 00:06 on Aug 3, 2021 |
|
#
?
Aug 3, 2021 00:03
|
|
|
|
| # ? May 25, 2024 20:10 |
|
|
Pablo Bluth posted:It'd be interesting to know how well they work against the top-tier APT crews. I can see them being useful against automated ransomware and naïve rummagers, but can they be insidious enough that enough the smartest Russian/Chinese/US/Israeli hacker can't help but trip over them even if they're looking for them? Maybe they'd catch it? We're not trying to secure ourselves against persistent state sponsored attackers though so I never thought that far into it. Before I left they did a good job catching snoops. Beyond that they were just our canary in a coal mine that we'd been breached. Maybe APTs have a way of looking into this now, I'm not sure. Interesting to think about though.
|
|
#
?
Aug 3, 2021 02:14
|
|