|
That's normal in the PHP ecosystem. It's also normal to have your configuration files in your webroot.
|
#
?
Nov 29, 2023 18:50
|
|
|
|
| # ? Jun 8, 2024 06:54 |
|
|
peehpee
|
|
#
?
Nov 29, 2023 19:33
|
|
|
ownedcloud
|
|
#
?
Nov 29, 2023 21:40
|
|
|
Trabisnikof posted:own cloud indeed
|
|
#
?
Nov 29, 2023 22:08
|
|
|
pwnCloud
|
|
#
?
Nov 29, 2023 22:16
|
|
|
pwned clowns
|
|
#
?
Nov 29, 2023 22:17
|
|
|
i was like "what the gently caress is owncloud" so i went to their site and saw this but i guess it's not like it says "secure by implementation"
|
|
#
?
Nov 29, 2023 22:22
|
|
|
well-read undead posted:i was like "what the gently caress is owncloud" so i went to their site and saw this it's for people who want to janitor their own dropbox server
|
|
#
?
Nov 29, 2023 22:41
|
|
|
https://techcrunch.com/2023/11/29/founder-of-spyware-maker-hacking-team-arrested-for-attempted-murder-local-media/quote:The founder of the infamous and now-defunct spyware maker Hacking Team was arrested on Saturday after allegedly stabbing and attempting to murder a relative, according to multiple news reports.
|
|
#
?
Nov 29, 2023 22:45
|
|
|
Trabisnikof posted:own cloud indeed
|
|
#
?
Nov 30, 2023 00:19
|
|
|
https://www.nationalreview.com/news/gay-furry-hackers-breach-u-s-nuclear-research-facility/ The group claimed responsibility for the attack in statements on public forums. “Meow meow meow meow meow meow meow,” the group wrote.
|
|
#
?
Nov 30, 2023 06:34
|
|
|
repost but still lol
|
|
#
?
Nov 30, 2023 06:37
|
|
|
Shame Boy posted:it's for people who want to janitor their own dropbox server specifically, it's for people who want their own dropbox server, but haven't moved onto nextcloud when owncloud got bought by a lovely company and management made everyone who knew anything go away 9 *years* ago lmao
|
|
#
?
Nov 30, 2023 09:30
|
|
|
Owncloud is very much like OpenOffice. We moved to Nextcloud years ago and use it extensively with thousands of users.
|
|
#
?
Nov 30, 2023 09:47
|
|
|
shackleford posted:https://techcrunch.com/2023/11/29/founder-of-spyware-maker-hacking-team-arrested-for-attempted-murder-local-media/
|
|
#
?
Nov 30, 2023 13:57
|
|
|
"what are you gonna do? Hack me?" - quote from man stabbed
|
|
#
?
Nov 30, 2023 14:02
|
|
|
Powerful Two-Hander posted:"what are you gonna do? Hack me?" - quote from man stabbed
|
|
#
?
Nov 30, 2023 15:43
|
|
|
potential infosec/IT laffo in progress earlier today I was suddenly banned from PSN, and I'm too much of a goody two shoes for it to be deserved. phone and chat support couldn't help me or even give me sony's rationale, other than one guy who intimated it was a lockdown in response to suspicious login attempts. it looked like I was just cut off from years of cheevos and thousands of dollars of purchases for no reason whatsoever now it looks like this is a global phenomenon and there's a huge wave of wrongly banned PSN users today place your bets on whether sony got got by blackhats again or whether they hosed it up all by themselves haveblue fucked around with this message at 02:47 on Dec 5, 2023 |
|
#
?
Dec 5, 2023 02:40
|
|
|
knowing nothing about the issue my moneys on sony fuckup
|
|
#
?
Dec 5, 2023 02:45
|
|
|
post hole digger posted:knowing nothing about the issue my moneys on sony fuckup
|
|
#
?
Dec 5, 2023 02:46
|
|
|
post hole digger posted:knowing nothing about the issue my moneys on sony fuckup
|
|
#
?
Dec 5, 2023 02:49
|
|
|
the notion that somebody popped sony and then used that access to ban a bunch of random people seems really far-fetched
|
|
#
?
Dec 5, 2023 02:51
|
|
|
haveblue posted:potential infosec/IT laffo in progress lol o dip that's why I'm blocked. probably saved me from burning my time on an awful free to play game so bless you psn, ever present argument for why availability trumps security
|
|
#
?
Dec 5, 2023 02:56
|
|
|
Achmed Jones posted:the notion that somebody popped sony and then used that access to ban a bunch of random people seems really far-fetched it could easily be a diversion tactic, create a crisis that the target needs to respond to so that they're too overwhelmed to do anything about you executing your actual goal same reason people's email address gets signed up to thousands of spammy mailing lists after their amazon account gets popped
|
|
#
?
Dec 5, 2023 02:58
|
|
|
sony appears to have quietly cleaned this up I think we all learned something about testing on prod today
|
|
#
?
Dec 5, 2023 06:14
|
|
|
haveblue posted:I think we all learned something about testing on prod today It only goes wrong sometimes so it's worth the risk for the convenience.
|
|
#
?
Dec 5, 2023 11:13
|
|
|
haveblue posted:sony appears to have quietly cleaned this up We did, end users are a quick and free way to get QA testing for changes.
|
|
#
?
Dec 5, 2023 16:02
|
|
|
my org's infosec consultant wants us to start doing knowbe4 phishing tests. i know all the jaded computer touchers in this forum hate them, but is there evidence they're actually useful at the org level? like do they actually lead to better outcomes (i.e., fewer actually phished users) or is it more of a teaching-to-the-test type of thing, where all people really learn is how to spot the fake phishing test emails?
|
|
#
?
Dec 5, 2023 22:35
|
|
|
so the test doesn't generally effect actual outcomes of phishability or whatever. maybe it'll reduce the percentage or something, but the way that phishing works is not really a percentage game. having the _proof_ that people fall for fishing may or may not help security teams achieve their goals. it basically comes down to whether or not whoever greenlights those programs actually understands that phishing is a free pass into basically every org on the planet. if they do (that is, if they're competent at security) there's no need to spend on phishing training other than what might be required for certification. if they do not, well, it can be useful to have numbers. get prepared for half of the engineering org to start crowing about they're so smart and they made filters for messages with the phishing test headers or whatever, thus completely missing the entire point of the exercise. completely missing the point when it comes to hacker poo poo is pretty common though
|
|
#
?
Dec 5, 2023 22:41
|
|
|
I don’t read legit email, so I’m not gonna go back to reading phishing test emails either. I filter basically everything that isn’t from a known sender.
|
|
#
?
Dec 5, 2023 22:52
|
|
|
obvs that won’t work for many people but if you can avoid reading email from unknown senders it’s a pro move at work
|
|
#
?
Dec 5, 2023 22:53
|
|
|
The PhishER/PhishRIP stuff is helpful for auto containing actual threats that are reported by end users. The sample Phish of the week campaign will have realistic examples so people at least know what to look for but yeah most people just see them and delete them which doesn't indicate a pass or a fail, just that they "read" the e-mail.
|
|
#
?
Dec 5, 2023 22:57
|
|
|
i appreciate the insights. i'm just trying to determine how much of a stink to raise — if they're actually an effective tool, i will raise no stink; if they're ineffective but also only mildly irritating, i will raise a small stink; but if they are both ineffective and a giant pain in the rear end i will raise the biggest stink they've ever had the misfortune to smell
|
|
#
?
Dec 5, 2023 23:00
|
|
|
Cold on a Cob posted:I don’t read legit email, so I’m not gonna go back to reading phishing test emails either. I filter basically everything that isn’t from a known sender. I filter out everything that isn't actually addressed directly to me.
|
|
#
?
Dec 5, 2023 23:02
|
|
|
well-read undead posted:my org's infosec consultant wants us to start doing knowbe4 phishing tests. i know all the jaded computer touchers in this forum hate them, but is there evidence they're actually useful at the org level? like do they actually lead to better outcomes (i.e., fewer actually phished users) or is it more of a teaching-to-the-test type of thing, where all people really learn is how to spot the fake phishing test emails? theyre useful to the extent that you might them for compliance purposes but i've never heard a very compelling answer to what the goal of a phishing test campaign is, or what specifically is being tested, or what the org's success/failure criteria is, especially with poo poo like knowbe4 where you basically have to bend the rules in your favor by whitelisting, changing spf rules, etc to nerf your own technical controls. phishing tests can have some value in helping train users for what an attack may look like, but the value gets massively overblown by companies making easy money selling the testing service.
|
|
#
?
Dec 5, 2023 23:03
|
|
|
well-read undead posted:i appreciate the insights. i'm just trying to determine how much of a stink to raise — if they're actually an effective tool, i will raise no stink; if they're ineffective but also only mildly irritating, i will raise a small stink; but if they are both ineffective and a giant pain in the rear end i will raise the biggest stink they've ever had the misfortune to smell how big of a pain in the rear end they are completely depends on the people conducting them and what happens when a user 'fails' the test
|
|
#
?
Dec 5, 2023 23:07
|
|
|
The phishing test emails we get at work all come from the same domain so it was trivial to block them lol
|
|
#
?
Dec 5, 2023 23:09
|
|
|
if your company doesn’t do knowbe4 testing how will your users learn important words like vishing and smishing?
|
|
#
?
Dec 5, 2023 23:28
|
|
|
post hole digger posted:how big of a pain in the rear end they are completely depends on the people conducting them and what happens when a user 'fails' the test
|
|
#
?
Dec 5, 2023 23:38
|
|
|
|
| # ? Jun 8, 2024 06:54 |
|
|
who need they phishussy smished
|
|
#
?
Dec 5, 2023 23:38
|
|