|
Pass the token back and forth
|
# ? Nov 9, 2023 15:18 |
|
|
# ? May 24, 2024 14:22 |
|
SlowBloke posted:Adversary in the middle. I can't take people who try to use "adversary" in a security context seriously. It just makes me think of the IT guy at work who seems still mad that developers get sudo access, spends a ton of his time arbitrarily blocking specific commands from passing through sudo, while telling everyone who's trying to do work that it's to "protect from the adversary". Also that going around his nonsense because you actually need docker/k8s to do your job so yes you're going to do a little sudo bash as a treat (and developers are supposed to have sudo access in the first place! we have a process for getting it!) that it is a "resume producing event".
|
# ? Nov 9, 2023 15:22 |
|
tracecomplete posted:I can't take people who try to use "adversary" in a security context seriously. It just makes me think of the IT guy at work who seems still mad that developers get sudo access, spends a ton of his time arbitrarily blocking specific commands from passing through sudo, while telling everyone who's trying to do work that it's to "protect from the adversary". Also that going around his nonsense because you actually need docker/k8s to do your job so yes you're going to do a little sudo bash as a treat (and developers are supposed to have sudo access in the first place! we have a process for getting it!) that it is a "resume producing event". they should stop being so adversarial
|
# ? Nov 9, 2023 15:32 |
|
2 APTs, 1 Org
|
# ? Nov 9, 2023 15:37 |
|
sometimes ___ in the middle refers to specifically doing the decrypting, altering, etc thing. sometimes it refers to the position of a third party wrt communication channels, whether or not they're doing specific attacks (or are trying to do something other than the classic). whether the acronym is "adversary," "attacker," "man," or "meddler" has no bearing on what is being discussed. context, however, does have such a bearing.
|
# ? Nov 9, 2023 16:46 |
|
I like “interception” for this.
|
# ? Nov 10, 2023 02:15 |
|
"Come on maaaan, why you gotta do this to me?"
|
# ? Nov 10, 2023 14:18 |
|
Evis posted:I like “interception” for this. Threat Actor or Adversary is the usual term, as 'military' as it sounds.
|
# ? Nov 10, 2023 17:49 |
|
Threat actor and adversary just sound like threat modeling terms to me, and don’t indicate someone is intercepting traffic.
|
# ? Nov 11, 2023 03:53 |
|
agreed
|
# ? Nov 11, 2023 03:59 |
|
Evis posted:Threat actor and adversary just sound like threat modeling terms to me, and don’t indicate someone is intercepting traffic. this is true but i'm pretty sure no one suggested otherwise
|
# ? Nov 11, 2023 04:15 |
|
Damnit i forgot to quote the post i was replying to. Sorry, all.
|
# ? Nov 11, 2023 05:21 |
|
Whoever is in the middle is still an rear end for making us drink more.
|
# ? Nov 11, 2023 05:36 |
|
Idk what you people are on about but MitM obviously refers to the Michael Jackson song Man in the Mirror.
|
# ? Nov 11, 2023 08:12 |
|
I prefer e-privateer, personally.
|
# ? Nov 11, 2023 16:48 |
|
I think ive heard "some rear end in a top hat" more often than adversary or whatever, as a reference to someone trying to do annoying stuff to our network. So we should go with that.
|
# ? Nov 11, 2023 18:08 |
|
spankmeister posted:Idk what you people are on about but MitM obviously refers to the Michael Jackson song Man in the Mirror. We shall now refer to any attacker as a 'Smooth Criminal'
|
# ? Nov 11, 2023 22:27 |
|
spankmeister posted:Idk what you people are on about but MitM obviously refers to the Michael Jackson song Man in the Mirror. Why aren't we simply asking him to change his ways?
|
# ? Nov 13, 2023 06:39 |
|
Giving researchers who engage in responsible disclosure the white glove treatment
|
# ? Nov 13, 2023 19:51 |
|
I am enjoying the short term situation we are living in. Leaders are fearing having their names attached to security problems that might be communicated to investors. Suddenly there is money for anything that is needed. Also apparently Microsoft has turned off the ability of free email accounts to report phishing? Is that really the case?
|
# ? Nov 14, 2023 20:48 |
|
Why would phishing email accounts need to report phishing anyways? /s
|
# ? Nov 14, 2023 22:27 |
|
One of our clients today requested we not use the term "Hacktivist" during meetings because it could "stress out our person in charge of security". Most definitely not because the person who requested it is an old boomer, who's sweating bullets because their entire place of work is in regional news for upholding policy that could be labeled as "anti-woke", and digging heels in.
|
# ? Nov 15, 2023 01:34 |
|
Jiro posted:One of our clients today requested we not use the term "Hacktivist" during meetings because it could "stress out our person in charge of security".
|
# ? Nov 15, 2023 01:41 |
|
I know the answer is "the stupidest of the stupid" but I'm looking through this spam message that I got from someone who obviously just trolled IANA's public registry and I'm like.. I don't get it -- this zero effort email that isn't even pretending to be legitimate which presumably costs a non-zero amount of dollars to spam out: What are the economics of this scam? Like maybe this is a failure of imagination on my part because I can't even begin to pretend to dream up someone gullible enough to engage with these kinds of emails. But then again this is sitting in a folder next to eight messages from various desperate ladies who want to "have a good time" peppered with emoji so I guess the ACTUAL answer is that I have no idea how the world of spam works. quote:Dear iana@xx.com, Sorry I guess this is only marginally infosec related, but it's been living in my head rent free for like two days now and the only way to evict it is to fess up about how absolutely confused I am.
|
# ? Nov 15, 2023 12:50 |
|
Sending email spam costs you essentially nothing - what costs you is engaging with anyone that takes the bait. As a result, you want to only send mails that catch the dumbest, most gullible morons that will happily send you thousands of dollars of "import fees" when you ask for them. You don't actually want to trick anyone slightly smarter who will take up a lot of your time and then back out before giving you your payday.
|
# ? Nov 15, 2023 15:04 |
|
Deep down I think I know this, but my mind reels against the notion that someone reads the above and thinks "wow! here's ol' gil's chance to shine!"
|
# ? Nov 15, 2023 15:08 |
|
some kinda jackal posted:I know the answer is "the stupidest of the stupid" but I'm looking through this spam message that I got from someone who obviously just trolled IANA's public registry and I'm like.. I don't get it -- this zero effort email that isn't even pretending to be legitimate which presumably costs a non-zero amount of dollars to spam out: What are the economics of this scam? Like maybe this is a failure of imagination on my part because I can't even begin to pretend to dream up someone gullible enough to engage with these kinds of emails. If that hit one of the sales guys in my company, he would probably respond, just because it's a contact (well, maybe if we sold actual physical stuff), and from there you can apply actual skilled manipulation to a guy who's likely to fall for it. I'm assuming the cost is fairly low, enough that hitting even 3 targets successfully is enough to offset the investment. That's 3 in millions, so it's possible. Also the company that doesn't want anyone to say hacktivist sounds like they don't want to hear about the most relevant threat to them because they don't agree with them. Imagine if the USA ignored all intelligence about the USSR because they were communists. That's basically the scenario.
|
# ? Nov 15, 2023 15:09 |
|
Took the thread's advice and (finally) moved everyone in the company off LastPass. Annoying to have renewed just before all their incompetence came out last year (well, that round of it anyway). But it's given us a really long time to plan the replacement and now we never have to deal with them again. Which is not the high-tech security some of y'all deal with, but it's a start.
|
# ? Nov 15, 2023 17:30 |
|
doing the lord's work
|
# ? Nov 15, 2023 17:31 |
|
Major Ryan posted:Which is not the high-tech security some of y'all deal with, but it's a start. Does anyone in here actually work something "high tech" I think everyone here is pretty much corporate infosec.
|
# ? Nov 15, 2023 17:35 |
|
I mean, infosec is probably a bit rich for what I do - I'm just a sys admin with some security responsibility. The idea of a dedicated role or team is way beyond us. (Which is fine, small company, but it's interesting to see all the chat here about how it goes with more people, more resource and so on).
|
# ? Nov 15, 2023 17:51 |
|
Major Ryan posted:I mean, infosec is probably a bit rich for what I do - I'm just a sys admin with some security responsibility. x Don't sell yourself short. That's what we all are at some level.
|
# ? Nov 15, 2023 18:11 |
|
Major Ryan posted:I mean, infosec is probably a bit rich for what I do - I'm just a sys admin with some security responsibility. The idea of a dedicated role or team is way beyond us. (Which is fine, small company, but it's interesting to see all the chat here about how it goes with more people, more resource and so on). Dedicated roles are great. Silo'ing is great. Don't overestimate the value of your work having scope. Never think you aren't good enough to do anything because the reality worse than you do it and get paid a lot of money to do it.
|
# ? Nov 15, 2023 19:05 |
|
I work at a company selling ISMS software to various levels of companies in mostly Denmark, so I've seen some breadth of what people are doing for security around the country. There's a few places with high tech stuff, but then they still have incredibly basic problems to deal with as a well. Especially on the governance side, but all around really. The advanced, up to speed guys also mostly work by having a shitton of manual tasks and controls that some dudes have to do and some other dudes have to verify. What makes them advanced and good is that they know about the tasks and actually set aside resources to do them. Also, most importantly because that's what I'm selling, they have an IT system to keep track of the tasks and controls and stuff and send out emails to the various guys.
|
# ? Nov 15, 2023 19:51 |
|
Remembering the time our boss had us implement rapid7 ($$$$$$$) then we didn't have enough resources to act on anything. Big tick from the board though.
|
# ? Nov 16, 2023 00:03 |
|
Bald Stalin posted:Remembering the time our boss had us implement rapid7 ($$$$$$$) then we didn't have enough resources to act on anything. Big tick from the board though. i feel like this is basically everything i do.
|
# ? Nov 16, 2023 00:28 |
|
Yeah, that certainly strikes a note. Are there any good RSS feeds for emergent vulnerabilities? I made the mistake of asking our SOC folks about some of the stuff mentioned in this thread over the last few weeks and now they think I'm in the "know". Might as well ask around for them.
|
# ? Nov 16, 2023 04:43 |
|
poo poo I get most of my stuff from this thread
|
# ? Nov 16, 2023 04:46 |
|
Cannon_Fodder posted:Yeah, that certainly strikes a note. Not RSS but: https://www.rapid7.com/blog/series/emergent-threats/emergent-threats/ You can have them emailed to you: https://information.rapid7.com/communication-preferences.html CISA KEV also useful for keeping up with actively exploited vulnerabilities (that have fixes!): https://www.cisa.gov/about/contact-us/subscribe-updates-cisa
|
# ? Nov 16, 2023 05:06 |
|
|
# ? May 24, 2024 14:22 |
|
Jiro posted:One of our clients today requested we not use the term "Hacktivist" during meetings because it could "stress out our person in charge of security". I thought the Saudi Sovereign Wealth Fund had better cyber investment than this
|
# ? Nov 16, 2023 05:10 |