|
well go on
|
# ? May 24, 2022 22:38 |
|
|
# ? May 30, 2024 13:50 |
|
Has anyone heard anything odd with Instagram recently? My wife had someone log into her account from a different state. She didn't have MFA, but it was a unique password generated and stored from 1Pass. I asked if she had used it as SSO for another service or anything, thinking maybe she got phished that way, but she's saying no. And it's not like she's logging in to it on her computer. Not linked to Facebook, no Facebook account. She got a text link the day before that looked like phishing from ig.me, but she ignored and marked as spam. Wouldn't Instagram be doing basic MFA and texting/emailing her if a new device logs in? She's saying it doesn't and the only way she knew that someone logged into her account was an email from IG saying someone had logged in from a new location and when she opened the app she saw it in the login history. Internet Explorer fucked around with this message at 04:16 on May 30, 2022 |
# ? May 30, 2022 04:04 |
|
Could have gotten phished recently. Could have been cred stuffed. Insta has good auth security but they do have fuckups on the books. They seem to have a steady slow churn of fraudulent authentication attacks performed at scale and with no particular monetization scheme in mind. Just a steady burn of accounts getting compromised for no seemingly good reason. Y'all need to make sure MFA is enforced. Potato Salad fucked around with this message at 04:15 on Jun 1, 2022 |
# ? Jun 1, 2022 04:11 |
|
Internet Explorer posted:Has anyone heard anything odd with Instagram recently? My wife had someone log into her account from a different state. She didn't have MFA, but it was a unique password generated and stored from 1Pass. I asked if she had used it as SSO for another service or anything, thinking maybe she got phished that way, but she's saying no. And it's not like she's logging in to it on her computer. Not linked to Facebook, no Facebook account. I've seen a few reports of this happening lately with the ig.me URL
|
# ? Jun 1, 2022 04:22 |
|
Speaking of MFA, does Amazon really not give you an option to revoke TOTP authenticator devices? I just added TOTP using Microsoft Authenticator because I was hoping that “add a new app” would invalidate what’s there now. I have no idea what the first of the “2 apps enrolled” is, don’t see anything in my inbox about an authenticator being enabled on my account. Like, is my option really to disable MFA altogether and hope that wipes all existing QR codes? Amazon? Really? I’m pretty meticulous about adding QR codes to my authenticator apps when I generate them so this is weird. I also screenshot my codes and store them in a temporary encrypted DMG that I dump onto two separate USB keys in my safety deposit box at my local bank branch. I guess I’ll have to see if I have an existing amazon one I forgot to add?? some kinda jackal fucked around with this message at 11:49 on Jun 1, 2022 |
# ? Jun 1, 2022 11:46 |
|
some kinda jackal posted:Speaking of MFA, does Amazon really not give you an option to revoke TOTP authenticator devices? Affirm, you can only add new from the web page, to remove previous setups you need to shut down mfa and turn it back on again(i recently did that cause i wanted to re-enroll away from authy and into another app). Also no u2f even if aws does support it, which is perplexing.
|
# ? Jun 1, 2022 13:35 |
|
Side question: any particular reason you are rolling away from Authy? Just curious as it’s my main personal Authenticator.
|
# ? Jun 1, 2022 15:27 |
|
I like Aegis, which lets you export your vault and just has a better interface. It's on F-Droid.
|
# ? Jun 1, 2022 15:36 |
|
Suggestion for IDS providers? Boss wants to move away from security onion, and I havent touched anything but that.
|
# ? Jun 1, 2022 16:10 |
|
Defenestrategy posted:Suggestion for IDS providers? Boss wants to move away from security onion, and I havent touched anything but that. Picking an IDS is going to be pretty dependent on what your networks/systems look like and also your budget. What do you not like about security onion?
|
# ? Jun 1, 2022 16:15 |
|
Thwomp posted:Side question: any particular reason you are rolling away from Authy? Just curious as it’s my main personal Authenticator. Moving to yubico authenticator since i got a handful of 5Ci and never saved that specific qr code in my archives. It's not bad per se but i feel like it's a bit neglected by twilio (it never got any major new feature since the acquisition).
|
# ? Jun 1, 2022 16:16 |
|
Defenestrategy posted:Suggestion for IDS providers? Boss wants to move away from security onion, and I havent touched anything but that. Corelight and Extrahop are the big ones. Corelight is just professional Extrahop is pretty good, but expensive.
|
# ? Jun 1, 2022 16:27 |
|
Thwomp posted:Side question: any particular reason you are rolling away from Authy? Just curious as it’s my main personal Authenticator. I'm starting to move from Authy to Aegis because Authy's UI is atrocious.
|
# ? Jun 1, 2022 17:06 |
|
What's the best way for me to secure a wordpress site to reduce the chance of someone logging in to the admin console? So far: 1. Aggressive plugin review / no plugins 2. Have /wp-admin/ to allow only specific IP addresses (I would like to remove this rule, that's why I'm asking the question) 3. MFA 4. Monitor traffic to wp-login Not an option: 1. Don't use wordpress Thank you in advance goons
|
# ? Jun 1, 2022 17:29 |
|
nvrgrls posted:What's the best way for me to secure a wordpress site to reduce the chance of someone logging in to the admin console? Given the number of vulnerabilities in Wordpress, #2 should be required.
|
# ? Jun 1, 2022 17:31 |
|
CLAM DOWN posted:Given the number of vulnerabilities in Wordpress, #2 should be required. But all the "zero trust" buzz garbage says not to do that
|
# ? Jun 1, 2022 17:32 |
|
nvrgrls posted:But all the "zero trust" buzz garbage says not to do that "zero trust" describes the amount of trust I have in Wordpress' security state
|
# ? Jun 1, 2022 17:35 |
|
I’d probably set up an nginx reverse proxy or load balancer that just blocked access to that path. Also be careful to also block things like “///wp-admin” or “/../wp-admin” through canonicalization if that’s a concern with the system. I’d have to look into that bit more. When someone actually needed access to the admin interface they should get there through a VPN/bastion/proxy set up to only allow access to authorized users. This is by no means what I do as my day job and I’m not an expert nor do I work with Wordpress, so there might be ways around this or easier options. I don’t claim this is sufficient.
|
# ? Jun 1, 2022 17:36 |
|
nvrgrls posted:But all the "zero trust" buzz garbage says not to do that I think if you wanted to do this in a zero trust way you should still block /wp-admin but allow access via an authorized proxy.
|
# ? Jun 1, 2022 17:38 |
|
CLAM DOWN posted:"zero trust" describes the amount of trust I have in Wordpress' security state I mean... yeah. same.
|
# ? Jun 1, 2022 17:45 |
|
Evis posted:I’d probably set up an nginx reverse proxy or load balancer that just blocked access to that path. Also be careful to also block things like “///wp-admin” or “/../wp-admin” through canonicalization if that’s a concern with the system. I’d have to look into that bit more. When someone actually needed access to the admin interface they should get there through a VPN/bastion/proxy set up to only allow access to authorized users. Thank you!
|
# ? Jun 1, 2022 17:45 |
|
nvrgrls posted:What's the best way for me to secure a wordpress site to reduce the chance of someone logging in to the admin console? As far as I can recall most/all recent Wordpress vulns have been tied to plugins, in recent memory at least.
|
# ? Jun 1, 2022 18:05 |
|
If you have a WAF/DDoS service like cloudflare or imperva to throw in front of your external facing assets, you may have options there to enable a second challenge on certain URL paths. I hate relying on this kind of stuff but it might be a solution. Moving administration out-of-band or restricting the IP is probably the fastest hit though, zero trust be damned haha
|
# ? Jun 1, 2022 18:17 |
|
Wordpress itself is as solid as anything else at this point. Plug-ins are the path to pain. Install Okta’s SAML auth plugin () and auth that way if you want tighter control.
|
# ? Jun 1, 2022 18:18 |
|
Sickening posted:Picking an IDS is going to be pretty dependent on what your networks/systems look like and also your budget. What do you not like about security onion? I like it just fine, but we're looking to replace the system entirely as its gotten long in the tooth and my boss wants options beyond just building new seconion boxes. Network is something like 3gbits of throughput and something like 600 clients/servers doing various dev tasks. CLAM DOWN posted:"zero trust" describes the amount of trust I have in Wordpress' security state Also the amount of trust I have in anyones given definition of zero trust.
|
# ? Jun 1, 2022 19:20 |
|
Zero trust *yanks ethernet cable*
|
# ? Jun 1, 2022 19:22 |
|
some kinda jackal posted:Zero trust *yanks ethernet cable* thread title
|
# ? Jun 1, 2022 19:30 |
|
This is bad, right? Have I missed a discussion of this? Follina — a Microsoft Office code execution vulnerability quote:In English, So What
|
# ? Jun 1, 2022 20:11 |
|
some kinda jackal posted:Zero trust *yanks ethernet cable*
|
# ? Jun 1, 2022 20:18 |
|
Absurd Alhazred posted:This is bad, right? Have I missed a discussion of this? Detection right now isnt great. Theres a pretty simple GPO that can be enforced that makes a reg key change to mitigate in the meantime.
|
# ? Jun 1, 2022 20:35 |
|
BaseballPCHiker posted:Detection right now isnt great. Theres a pretty simple GPO that can be enforced that makes a reg key change to mitigate in the meantime. Also you can enforce it with intune/defender ASR if you prefer mdm/modern workplace.
|
# ? Jun 1, 2022 21:17 |
|
The GPO for disabling troubleshooters does work on this. It completely disables the msdt tool from executing which the vulnerability relies on. Went ahead and applied to our entire domain after I tested it on a few machines.
|
# ? Jun 1, 2022 21:35 |
|
I hear office doesn’t run the dangerous code if you have the byte sequence 0x43, 0x49, 0x53, 0x53, 0x50 in your user preferences. Some kill switch thing, I guess.
|
# ? Jun 1, 2022 21:40 |
|
some kinda jackal posted:Zero trust *yanks ethernet cable* CLAM DOWN posted:thread title
|
# ? Jun 1, 2022 21:43 |
nvrgrls posted:What's the best way for me to secure a wordpress site to reduce the chance of someone logging in to the admin console? You can limit it to just the admin area, of course - but it works for everything, including all manner of self-hosted services where you don't trust the authentication to be able to stand up to being exposed on the internet (which, unfortunately, is most of them). The nginx implementation of HTTP basic auth can break too, of course - but it's pretty well-tested already, and if it gets broken, there's a bigger chance of a fix getting implemented quickly as it's used in a lot of places. some kinda jackal posted:Zero trust *yanks ethernet cable*
|
|
# ? Jun 1, 2022 23:33 |
|
I got you.
|
# ? Jun 1, 2022 23:37 |
|
Subjunctive posted:I hear office doesn’t run the dangerous code if you have the byte sequence 0x43, 0x49, 0x53, 0x53, 0x50 in your user preferences. Some kill switch thing, I guess. lol
|
# ? Jun 1, 2022 23:45 |
|
Subjunctive posted:I hear office doesn’t run the dangerous code if you have the byte sequence 0x43, 0x49, 0x53, 0x53, 0x50 in your user preferences. Some kill switch thing, I guess. sir
|
# ? Jun 1, 2022 23:53 |
|
Subjunctive posted:Wordpress itself is as solid as anything else at this point. Plug-ins are the path to pain. speaking of stuff like okta, I recently found authelia. anyone know if its any good? I don't want to deal with standing up an ldap server, but maybe I can find a little container to throw on the rpi
|
# ? Jun 2, 2022 03:43 |
|
|
# ? May 30, 2024 13:50 |
|
lol. lmao. I think most orgs are using SaaS but still. https://twitter.com/HackingLZ/status/1532480905335345152
|
# ? Jun 2, 2022 23:55 |