|
Sounds like Bitlocker doesn't make use of TPM 2.0's encrypted communications and/or the POC on the T440 they did was on TPM 1.2, but yeah bad either way.
|
#
?
Nov 20, 2021 16:33
|
|
|
|
| # ? May 23, 2024 14:16 |
|
|
CommieGIR posted:Either you'll make a name for yourself or the management will shut you down
|
|
#
?
Nov 20, 2021 17:06
|
|
|
Sheep posted:Sounds like Bitlocker doesn't make use of TPM 2.0's encrypted communications and/or the POC on the T440 they did was on TPM 1.2, but yeah bad either way.
|
|
#
?
Nov 20, 2021 18:45
|
|
|
I, a dude whose electronics knowledge barely includes which end of a soldering iron is hot, managed to extract the bios password from an old thinkpad using a similar technique, in, like, 2013.
|
|
#
?
Nov 22, 2021 11:21
|
|
|
bolind posted:I, a dude whose electronics knowledge barely includes which end of a soldering iron is hot, managed to extract the bios password from an old thinkpad using a similar technique, in, like, 2013. I took a basic circuits class in college and all it taught me was to look at things thoughtfully and go "lol, I'm not touching this" Back at the start of my help desking days a user managed somehow to get one of the tines of her laptops power brick stuck in the wall outlet. Like she unplugged the power brick and one tine just sat there in the wall outlet. She submitted a ticket to my boss, my boss sent the ticket to me, and I laughed at my boss and told him I'm submitting this to facilities.
|
|
#
?
Nov 22, 2021 18:31
|
|
|
Defenestrategy posted:I took a basic circuits class in college and all it taught me was to look at things thoughtfully and go "lol, I'm not touching this" But it has electricity involved and therefore is IT because electricity.
|
|
#
?
Nov 22, 2021 19:43
|
|
|
"I have issued a replacement power cable and referred the matter to facilities to replace the outlet."
|
|
#
?
Nov 23, 2021 18:31
|
|
|
Local Priv Esc 0 Day for Windows: https://www.bleepingcomputer.com/news/microsoft/new-windows-zero-day-with-public-exploit-lets-you-become-an-admin/ Confirmed it works in a lab. Another day, another pissed off security researcher not being paid their bounty and releasing the proof of concept in retaliation.
|
|
#
?
Nov 23, 2021 18:55
|
|
|
Yeah I got to try that when it came out Monday. Exploit Wednesday!
|
|
#
?
Nov 23, 2021 18:58
|
|
|
Microsoft has been loving up a lot lately. It seemed for a while they had gotten their poo poo together but now it's almost like the old days.
|
|
#
?
Nov 23, 2021 20:54
|
|
|
At least they finally fixed the print spooler vulnerability, right?
|
|
#
?
Nov 23, 2021 21:17
|
|
|
“the” print spooler vulnerability
|
|
#
?
Nov 23, 2021 21:31
|
|
|
Subjunctive posted:“the” print spooler vulnerability ... any of the print spooler vulnerabilities?!
|
|
#
?
Nov 23, 2021 21:32
|
|
|
It's unfixable, for some reason printer companies have been dragging their heels on implementing a driver model that was first introduced in Server 2012
|
|
#
?
Nov 23, 2021 21:34
|
|
|
Yeah "some reason"
|
|
#
?
Nov 23, 2021 21:36
|
|
|
 ?
|
|
#
?
Nov 23, 2021 21:38
|
|
|
spankmeister posted:Yeah "some reason" i wonder if there's something actually innate to printers that makes them such horrible functionality/compatibility curses, or if it's just laziness/cooperative noncompetition among the various printer brands that none of them want to make their products actually work reasonably ever
|
|
#
?
Nov 23, 2021 21:38
|
|
|
If they don't absolutely have to invest time and money into changing their drivers, they won't.
|
|
#
?
Nov 23, 2021 21:48
|
|
|
spankmeister posted:If they don't absolutely have to invest time and money into changing their drivers, they won't. right, but printers are just infamous for being cursed in so many ways, and I'm just idly wondering if that's a lack of investment or something inherent to printers. is there like an apple printer from 1980 that Just Works, or are all printers condemned since the days they were born.
|
|
#
?
Nov 23, 2021 21:52
|
|
|
Arivia posted:i wonder if there's something actually innate to printers that makes them such horrible functionality/compatibility curses, or if it's just laziness/cooperative noncompetition among the various printer brands that none of them want to make their products actually work reasonably ever
|
|
#
?
Nov 23, 2021 22:06
|
|
|
Arivia posted:i wonder if there's something actually innate to printers that makes them such horrible functionality/compatibility curses, or if it's just laziness/cooperative noncompetition among the various printer brands that none of them want to make their products actually work reasonably ever If you were excited to get into the world of computers you're not going to write print drivers are you
|
|
#
?
Nov 23, 2021 22:13
|
|
|
Arivia posted:right, but printers are just infamous for being cursed in so many ways, and I'm just idly wondering if that's a lack of investment or something inherent to printers. is there like an apple printer from 1980 that Just Works, or are all printers condemned since the days they were born. If all you want is basic functionality, the majority of network-capable printers worth owning will accept Postscript on port 9100. You can use a generic driver from something like a LaserJet 4M+ and expect it to work. Newer printers will often accept PDFs flung at 9100 as well. It would be technically almost trivial to define a universal basic print driver that just did a "Print to PDF" and handed that to the printer, but that doesn't leave any opportunity for branding or selling replacement ink/toner so that'll never do.
|
|
#
?
Nov 23, 2021 22:29
|
|
|
Which basically describes the V4 printer drivers that Thanks Ants was referring to. I feel like I could type a million words on the topic, but printers aren't loving worth a million words.
|
|
#
?
Nov 23, 2021 22:46
|
|
|
Internet Explorer posted:Which basically describes the V4 printer drivers that Thanks Ants was referring to. I feel like I could type a million words on the topic, but printers aren't loving worth a million words.
|
|
#
?
Nov 23, 2021 23:05
|
|
|
Arivia posted:is there like an apple printer from 1980 that Just Works LaserWriters were pretty solid, now that you mention it.
|
|
#
?
Nov 24, 2021 00:08
|
|
|
I think the problem with printers is that if you made a functional, useful, efficient, and durable device your company would immediately go bankrupt.
|
|
#
?
Nov 24, 2021 01:23
|
|
|
When we released the Mozilla source in 1997 a company approached us with some questions because they wanted to use the rendering engine—which was seven kinds of terrible in 1997 for sure—in their “driver package”. It was, of course, a printer company (HP), but we didn’t find that out for some time because they played coy. It was and remains a terrible idea.
|
|
#
?
Nov 24, 2021 01:29
|
|
|
We have a Samsung Color Laser, and its going on 10 years old and still powering away when we leave it sitting for months between use.
|
|
#
?
Nov 24, 2021 02:10
|
|
|
Cup Runneth Over posted:I think the problem with printers is that if you made a functional, useful, efficient, and durable device your company would immediately go bankrupt. HP LaserJet 4. P sure people are still using those things with bootleg toner carts
|
|
#
?
Nov 24, 2021 06:41
|
|
|
I have a brother 2200 or something to that effect that has literally never had a problem that wasn't either being out of paper or that the wifi router is out.
|
|
#
?
Nov 24, 2021 06:54
|
|
|
RFC2324 posted:HP LaserJet 4. P sure people are still using those things with bootleg toner carts Discontinued 30 years ago. Case in point. It did its job too well, didn't make money for HP.
|
|
#
?
Nov 24, 2021 08:06
|
|
|
My MFP printer is super nice and all but I do leave it running 24/7 to suck down power and it's on my network and I really should check to see whether it has that stupid IoT "print from the cloud" thing enabled and how many nation states are currently watching me browse porn instead of doing work.
|
|
#
?
Nov 24, 2021 14:43
|
|
|
Cup Runneth Over posted:Discontinued 30 years ago. Case in point. It did its job too well, didn't make money for HP. There's zero non-financial reason to make stuff that doesn't last 30+ years, so of course that's all we get.
|
|
#
?
Nov 24, 2021 14:54
|
|
|
I'm not actually sure that printers right now won't last 10+ years, but rather that when most people who don't think about 3rd party toner see the price to replace the four original 1/4-capacity CMYK cartridges that came with their $300 machine, and then realize you can buy a new printer for $300 you see a lot of curbed printers. e: Unless it's inkjet in which case good luck scrubbing those nozzles for 45 minutes every time you forget about the printer for 6 months.
|
|
#
?
Nov 24, 2021 15:12
|
|
|
BaseballPCHiker posted:Oh god, my new job is a poo poo show of the highest degree. Not sure what kind of leverage you have or what your role is supposed to be in fixing this situation, but I would highly recommend ordering a comprehensive penetration test, possibly a program review as well. You can get a prioritized list of what needs to be fixed and even some help on how to fix it. Depending on your size you can get one in the low 5 figures, though big orgs could be much more.
|
|
#
?
Nov 24, 2021 17:22
|
|
|
I'd be surprised if insurance didn't demand an annual pentest.
|
|
#
?
Nov 24, 2021 18:21
|
|
|
If their security is really that bad they need to be getting a better test, not just a service meant to check a box on a form.
|
|
#
?
Nov 24, 2021 18:32
|
|
|
Martytoof posted:My MFP printer is super nice and all but I do leave it running 24/7 to suck down power and it's on my network and I really should check to see whether it has that stupid IoT "print from the cloud" thing enabled and how many nation states are currently watching me browse porn instead of doing work. No pls don't I almost finished mining a block
|
|
#
?
Nov 24, 2021 18:36
|
|
|
Mustache Ride posted:I'd be surprised if insurance didn't demand an annual pentest. A lot of the cyber insurance firms are requiring not just that, but external audit showing you are actually addressing findings. Its a win win.
|
|
#
?
Nov 24, 2021 22:32
|
|
|
|
| # ? May 23, 2024 14:16 |
|
|
CommieGIR posted:A lot of the cyber insurance firms are requiring not just that, but external audit showing you are actually addressing findings. Its a win win. my company does monthly scans for some customers, and its amazing how many are suddenly wanting to do something more than just get a list of vulns lately
|
|
#
?
Nov 24, 2021 22:36
|
|