|
cr0y posted:There are reels all over Instagram though saying that the statement is bullshit and literally everything is still down, including the parking gates, so Well, I guess at least the perimeter is secure.
|
# ? Sep 14, 2023 18:55 |
|
|
# ? May 24, 2024 13:25 |
|
BonHair posted:Well, I guess at least the perimeter is secure. I should have been more specific, they can't control the gates, so parking is free at the moment.
|
# ? Sep 14, 2023 20:13 |
|
Caesars had data popped as well - https://www.theregister.com/2023/09/14/caesars_mgm_hacks/ https://www.sec.gov/ix?doc=/Archives/edgar/data/0001590895/000119312523235015/d537840d8k.htm
|
# ? Sep 14, 2023 21:17 |
|
https://twitter.com/BrettCallow/status/1702415605612331061
|
# ? Sep 14, 2023 21:49 |
|
The balls on that end statement..... So they're claiming ransomware hacktivism???
|
# ? Sep 15, 2023 02:56 |
|
Jiro posted:The balls on that end statement..... It's just ransomware but groups like this often claim to serve some higher purpose. It's not in any way altruistic though, they're criminal enterprises.
|
# ? Sep 15, 2023 05:46 |
|
Hope they get that poo poo sorted out. I have reservations in mid-November for our 25th anniversary. MGM just straight up lying that everything is fine is concerning.
|
# ? Sep 15, 2023 16:55 |
|
I keep going back and forth on if I should change my login information for my MGM Rewards now or later when an all clear is sounded. It's not really that surprising that a publicly traded company would try to obscure how bad the damage is. They're eating a PR poo poo sandwich at the start of the NFL season going into Halloween along with whatever big Fall concerts the properties have lined up. Jiro fucked around with this message at 17:49 on Sep 15, 2023 |
# ? Sep 15, 2023 17:45 |
|
spankmeister posted:It's just ransomware but groups like this often claim to serve some higher purpose. It's not in any way altruistic though, they're criminal enterprises. New money is loving with old money again, interested to see what the Finding Out portion will look like this time.
|
# ? Sep 15, 2023 17:56 |
|
I would probably do both. Just assume they have your info from before; Even if they’re still (almost certainly) still persistent, they’ll have to do another exfil. So like.. Change it again when you realistically believe MGM has the situation under control.
|
# ? Sep 15, 2023 17:56 |
|
https://arstechnica.com/security/2023/09/how-google-authenticator-gave-attackers-one-companys-keys-to-the-kingdom/ This was an interesting thing that I came across today. some kinda jackal posted:I would probably do both. Just assume they have your info from before; Even if they’re still (almost certainly) still persistent, they’ll have to do another exfil. So like.. Change it again when you realistically believe MGM has the situation under control. Yeah, you're right. Just a hassle. Jiro fucked around with this message at 20:50 on Sep 15, 2023 |
# ? Sep 15, 2023 20:43 |
|
1password has started pushing passkeys on me as an end user. Should I set them up, and if so should I use 1password to create and store them?
|
# ? Sep 15, 2023 21:33 |
|
it's up to you. there is convenience in having everything in one place. there is also risk, both in terms of security (impact wrt. breach) and continuity (losing codes alongside passwords). there's not really a good-for-everyone answer to that, tbh. for what it's worth, i have my mfa codes in authy, and store the key material in 1password.
|
# ? Sep 15, 2023 21:47 |
|
Jiro posted:The balls on that end statement..... That statement has real “and another thing: im not mad. please dont put in the newspaper that i got mad.” dril energy
|
# ? Sep 15, 2023 23:00 |
|
Well Played Mauer posted:1password has started pushing passkeys on me as an end user. Should I set them up, and if so should I use 1password to create and store them? If you care about an account, the two (mfa device & password manager) should be separate devices. If you don't ... then why even have it in a pw manager?
|
# ? Sep 15, 2023 23:46 |
|
Volguus posted:If you care about an account Can we stop pretending that “care” is a binary choice? I care if someone fucks with my Netflix account because it would be annoying to sort out, and I care about my employer’s stock management portal, because it could definitely cost me money temporarily if someone hosed with it, and I care about my work login because I can authorize 7-digit purchases. Not all of them are worth the same amount of inconvenience to protect. (The first two of mine have MFA codes in Bitwarden, and for the latter I don’t save password in anything.)
|
# ? Sep 16, 2023 00:49 |
|
Subjunctive posted:Can we stop pretending that “care” is a binary choice? You are 100% right, there are many shades of grey to consider. From "I will absolutely do my best to protect this account from any alien interference" to "Password is 1234, who wants to have a go at it?". However, on the internet you cannot really convey or even imagine how much a particular account is worth to someone. Some people go all in and treat any account protection advice like it's gonna have to be safe from the Mossad. Some go the opposite way, smoke a joint and don't worry about it man. At the end of the day, the safest way is to be 100% paranoid. It's up to you to decide for particular accounts how paranoid you want to be.
|
# ? Sep 16, 2023 01:48 |
|
Jiro posted:I keep going back and forth on if I should change my login information for my MGM Rewards now or later when an all clear is sounded. If I can do a thing for almost zero additional effort or cost that eliminates my worry going forward I do it.
|
# ? Sep 16, 2023 03:15 |
|
It is funny to me, that just like at work, the fascinating and complex world of infosec trends towards arguing over passwords requirements itt. not a complaint fwiw
|
# ? Sep 16, 2023 03:28 |
|
Volguus posted:If you care about an account, the two (mfa device & password manager) should be separate devices. If you don't ... then why even have it in a pw manager? if someone can get in my password manager, then they have access to my device since you'd need my 1password secret key on a new device, at which point it doesn't matter if my mfa is in 1password or not
|
# ? Sep 16, 2023 04:44 |
|
I'm inheriting a massive vulnerability debt and taking on a vulnerability management position with very little experience. Piss and poo poo. Here we go.
|
# ? Sep 16, 2023 04:49 |
|
Cannon_Fodder posted:I'm inheriting a massive vulnerability debt and taking on a vulnerability management position with very little experience. Username + post combo
|
# ? Sep 16, 2023 06:43 |
|
Cannon_Fodder posted:I'm inheriting a massive vulnerability debt and taking on a vulnerability management position with very little experience.
|
# ? Sep 16, 2023 07:42 |
|
This cuts deep, op.
|
# ? Sep 16, 2023 12:31 |
|
No, I am not.
|
# ? Sep 17, 2023 05:11 |
|
Cannon_Fodder posted:I'm inheriting a massive vulnerability debt and taking on a vulnerability management position with very little experience. good luck! who is your vuln mgmt vendor?
|
# ? Sep 18, 2023 04:38 |
|
Cannon_Fodder posted:This cuts deep, op. Play your cards right and you could become one of the lucky ones... https://twitter.com/InternetH0F/status/1702701547786838473
|
# ? Sep 18, 2023 07:16 |
|
Takes No Damage posted:Play your cards right and you could become one of the lucky ones... Compliance manager. Just do not give a gently caress.
|
# ? Sep 18, 2023 18:52 |
|
I'm doing my SABSA bootcamp and I can't even begin to tell you how much of a failure this is going to be when I try to apply it to my job, when it presupposes a certain level of organization in projects and business owners lol But hey, CPEs and linkedin acronyms right??
|
# ? Sep 18, 2023 22:39 |
|
Anybody know of any good guides or info I can read about hardening Linux for PCI-DSS? I'm being included into a team to talk about it and while I'm not in charge for this group, I would at least like to have a general idea of which direction we should be going. [edit] I think it's Red Hat and Ubuntu. No idea on the versions.
|
# ? Sep 19, 2023 19:19 |
|
I could be wrong but I don't believe PCI-DSS is prescriptive in terms of hardening, only that you have a hardening policy and follow it to actually harden your assets. You can look at something like CIS hardening standard, both levels 1 or 2 depending on how stringent the environment is, but you'll still have to check that your policy says something about the level of compliance and probably speaks to a proper exception/risk process since it's unlikely you'll hit 100% on any hardening standard without impacting something running.
|
# ? Sep 19, 2023 19:44 |
|
some kinda jackal posted:I could be wrong but I don't believe PCI-DSS is prescriptive in terms of hardening, only that you have a hardening policy and follow it to actually harden your assets. This. PCI-DSS really doesn't give you the hardening guidelines, but CIS does. And you can get pre-hardened CIS images.
|
# ? Sep 20, 2023 00:46 |
|
Takes No Damage posted:Play your cards right and you could become one of the lucky ones... I'm rapidly becoming that guy as the resources I've been asking for have been getting salary lines over the years :/ I'm gonna be out of work before too long
|
# ? Sep 20, 2023 01:16 |
|
That guy is setting his bar way too low, the real lanyard analyst do-nothing types get paid double or triple that.
|
# ? Sep 20, 2023 07:06 |
|
Joking aside and speaking of careers -- something I learned WAY too late in my career which SHOULD be obvious: Book AMPLE busy time in your calendar to DO WORK. If you don't, all your calendar will be is meetings to talk about the work you're SUPPOSED to be doing that you're not doing because you're in meetings talking about it.
|
# ? Sep 20, 2023 11:37 |
|
some kinda jackal posted:Book AMPLE busy time in your calendar to DO WORK.
|
# ? Sep 20, 2023 12:11 |
|
I had no meetings today
|
# ? Sep 20, 2023 15:11 |
|
Wibla posted:I had no meetings today I've got 22. I'll attend 5.
|
# ? Sep 20, 2023 15:34 |
|
some kinda jackal posted:Joking aside and speaking of careers -- something I learned WAY too late in my career which SHOULD be obvious: Preferably, get a buddy you can set up fake meetings with, since calendar time marked "busy" will often just get ignored by the meeting people.
|
# ? Sep 20, 2023 15:48 |
|
|
# ? May 24, 2024 13:25 |
|
Wibla posted:I had no meetings today
|
# ? Sep 20, 2023 15:58 |