|
Inept posted:WebSphere lol
|
#
?
Sep 13, 2021 02:28
|
|
|
|
| # ? May 25, 2024 18:24 |
|
|
Update your Apples. https://twitter.com/RachelTobac/status/1437504811289563140
|
|
#
?
Sep 13, 2021 21:17
|
|
|
related: what do y’all see being used for MDM for stuff like this?
|
|
#
?
Sep 13, 2021 22:23
|
|
|
Tryzzub posted:related: what do y’all see being used for MDM for stuff like this? Far too often the device being used is BYOD. You are better off with a conditional access policy that blocks out of date devices in that case in order to force compliance for devices you don't own/manage. Staple that together with a brief email to your org letting them know to update their poo poo. Done.
|
|
#
?
Sep 13, 2021 23:00
|
|
|
All my updates are going at like 100kb/s with 17 hours to go Big online panic
|
|
#
?
Sep 13, 2021 23:01
|
|
|
Sickening posted:Far too often the device being used is BYOD. You are better off with a conditional access policy that blocks out of date devices in that case in order to force compliance for devices you don't own/manage. Staple that together with a brief email to your org letting them know to update their poo poo. Also consider downloading and mirroring the updates on your local share/network, save your bandwidth and help everyone update faster. I remember too many big release days crippling our circuits with everyone updating phones.
|
|
#
?
Sep 14, 2021 03:42
|
|
|
Tryzzub posted:related: what do y’all see being used for MDM for stuff like this? We use Jamf for forced updates & have other software for conditional access/zero trust to prevent devices that don't meet policy (up to date, MDM installed, other required security tools installed) from connecting to important services. This is really only viable though if you have a large enough OSX user base to justify it and millions of dollars to burn.
|
|
#
?
Sep 14, 2021 17:53
|
|
|
https://twitter.com/amiluttwak/status/1437898746747097090?s=20
|
|
#
?
Sep 15, 2021 02:16
|
|
|
That seems like a big deal. Like a really big deal right?
|
|
#
?
Sep 15, 2021 02:21
|
|
|
Just tested in our sandbox. It works lol
|
|
#
?
Sep 15, 2021 02:26
|
|
|
unsubscribe
|
|
#
?
Sep 15, 2021 02:36
|
|
|
Can I have one week where I don’t wish for the sweet release of death? Uh, I mean lmao
|
|
#
?
Sep 15, 2021 02:46
|
|
|
CLAM DOWN posted:Just tested in our sandbox. It works lol Tested it in our Azure test lab. Oops
|
|
#
?
Sep 15, 2021 03:07
|
|
|
I am exceedingly glad I'm "between jobs" and not responsible for any linux machines in Azure right now.
|
|
#
?
Sep 15, 2021 03:10
|
|
|
CLAM DOWN posted:Just tested in our sandbox. It works lol don't stop there, do it in prod c0ward
|
|
#
?
Sep 15, 2021 03:50
|
|
|
Amazing.
|
|
#
?
Sep 15, 2021 04:05
|
|
|
AWS sales reps be all like 
|
|
#
?
Sep 15, 2021 04:24
|
|
|
Taking the rest of my IT budget, buying pallets of Big Chief tablets and leaving my keys on the desk
|
|
#
?
Sep 15, 2021 06:03
|
|
|
 This is laughably, aggressively bad. Impressively bad.
|
|
#
?
Sep 15, 2021 06:25
|
|
|
Anyone know if this affects Azure on-prem stacks or only the cloud platform? e: I should probably just read the CVE. It’s too early in the morning and not nearly enough caffeine for me to be thinking clearly.
|
|
#
?
Sep 15, 2021 12:47
|
|
|
loving hell, I was putting this loving agent on onprem systems for a Sentinel POC
|
|
#
?
Sep 15, 2021 13:14
|
|
|
Lol at microsoft trying to say OMI is open source and not paying the bounty to Wiz when they were the ones who first developed it and seem to be the only contributors to it on GitHub.
|
|
#
?
Sep 15, 2021 14:00
|
|
|
Martytoof posted:Anyone know if this affects Azure on-prem stacks or only the cloud platform? If you push logs to sentinel or log analytics you have another agent, i think even HCL uses a different stack. It might be used if you have powershell DSC enabled on linux machines on premises.
|
|
#
?
Sep 15, 2021 14:52
|
|
|
lovely, walmart has joined the trend in retailers port scanning your device and local network and abusing webrtc
|
|
#
?
Sep 18, 2021 20:03
|
|
|
Biowarfare posted:lovely, walmart has joined the trend in retailers port scanning your device and local network and abusing webrtc this is why you should never go to any website
|
|
#
?
Sep 19, 2021 02:04
|
|
|
Episode 100 of Darknet Diaries is out https://darknetdiaries.com/episode/100/
|
|
#
?
Sep 19, 2021 02:59
|
|
|
Biowarfare posted:lovely, walmart has joined the trend in retailers port scanning your device and local network and abusing webrtc Heck, nmaps website still has an entire page dedicated to the legal ramifications, so I wonder how much trouble an enterprising individual could get into, if they really wanted.
|
|
#
?
Sep 19, 2021 07:22
|
|
|
Biowarfare posted:lovely, walmart has joined the trend in retailers port scanning your device and local network and abusing webrtc heh. I'm working on a pentesting assignment for class and my professor warned us very strongly to never portscan outside the test because that could be a felony!!
|
|
#
?
Sep 19, 2021 16:56
|
|
|
Lmao, considering the number of times I have gotten bored and tried to scan 0.0.0.0... Also, if port scanning is a felony, then how shodan?
|
|
#
?
Sep 19, 2021 17:01
|
|
|
You think it's possible to knock over a lovely legacy network/device with a scan like nmap -sV -p- -T4 that maybe totally "reasonable" for a network built today, but not one stood up 10-20 years ago? While portscanning is legal, I think accidentally somehow knocking over someone's lovely server with a scan might be.
Defenestrategy fucked around with this message at 17:36 on Sep 19, 2021 |
|
#
?
Sep 19, 2021 17:33
|
|
|
Pretty sure I always set things up to be relatively polite, since its was out of curiosity not malice, but the checkpoint firewall I learned about firewalls on in 2002 could handle multiple portscans trivially Like, I am pretty sure that knocking a server that can fall down because of a portscan off the internet is a public service
|
|
#
?
Sep 19, 2021 17:42
|
|
|
Famethrowa posted:heh. I'm working on a pentesting assignment for class and my professor warned us very strongly to never portscan outside the test because that could be a felony!! Its laughably difficult to enforce because there is almost constant port scanning on the public internet.
|
|
#
?
Sep 19, 2021 17:58
|
|
|
CommieGIR posted:Its laughably difficult to enforce because there is almost constant port scanning on the public internet.
|
|
#
?
Sep 19, 2021 18:11
|
|
|
I scanned a computers ports and then i was arrested and put away for 5 years.
|
|
#
?
Sep 19, 2021 18:12
|
|
|
RFC2324 posted:Lmao, considering the number of times I have gotten bored and tried to scan 0.0.0.0... pretty sure it was a cyoa for the universities benefit because we are using shodan in a lab. context for the class is contracted pentest work and he emphasizes making sure you know your target scope for the pentest.
|
|
#
?
Sep 19, 2021 18:33
|
|
|
Famethrowa posted:pretty sure it was a cyoa for the universities benefit because we are using shodan in a lab. context for the class is contracted pentest work and he emphasizes making sure you know your target scope for the pentest. oh yeah, anything more than a general port scan is probably asking for trouble, and I can see pentesting having more stringent ethics
|
|
#
?
Sep 19, 2021 22:57
|
|
|
https://twitter.com/PhleBuster/status/1439285455267188741 these social media virus warnings always seem so hysterical, poorly-sourced, technically dubious, and full of lols like the fact that this guy claims to have been debugging malware on his developer computer outside of a VM
|
|
#
?
Sep 20, 2021 04:46
|
|
|
Biowarfare posted:lovely, walmart has joined the trend in retailers port scanning your device and local network and abusing webrtc Why would they do this? Fingerprinting?
|
|
#
?
Sep 20, 2021 05:50
|
|
|
Cup Runneth Over posted:https://twitter.com/PhleBuster/status/1439285455267188741 It looks to me like the person you linked got hit by the scam, and then sent the file on to someone else who supposedly is "a white hat" (that also hacks consoles). And that second unknown person is the one saying it can hack the gibson from inside a debugger behind 9 proxies. IE they sent a file to some rando on their weeb discord who claimed to be a hacker, and got back that bullshit. So don't blow them up on twitter or whatever, they're just trying to do the right thing.
|
|
#
?
Sep 20, 2021 05:52
|
|
|
|
| # ? May 25, 2024 18:24 |
|
|
Klyith posted:It looks to me like the person you linked got hit by the scam, and then sent the file on to someone else who supposedly is "a white hat" (that also hacks consoles). And that second unknown person is the one saying it can hack the gibson from inside a debugger behind 9 proxies. oh for sure, it's just that EVERY twitter post warning about the latest hack or scam or whatever is exactly like this and it's very amusing
|
|
#
?
Sep 20, 2021 05:55
|
|