|
The Fool posted:That sucks, I know I've done it before. Maybe they upped their game and I used to use my employers one as well. What's funny is that I have a one year M365 Trial with Entra ID P2 but no Azure subscriptions. I had no idea there was service for cc numbers but I'll try that next.
|
#
?
Jan 11, 2024 23:40
|
|
|
|
| # ? May 18, 2024 10:20 |
|
|
Wrong thread
|
|
#
?
Jan 12, 2024 00:07
|
|
|
I'm a network admin and my security group is getting on my nerves. I believe they use Tenable to scan our routers/switches for vulnerabilities and then tell us to fix whatever is found. However, it seems like 99% of what they find are false positives and I'm wasting so much time having to prove to them that the devices they say are affected by various vulnerabilities are not in fact affected at all. For example, HSRP vulnerabilities on switches that don't even have HSRP configured. So my question is, is this just how Tenable works or is my security team just a bunch of morons that don't know how to use it correctly? I don't know anything about Tenable but I was under the impression that it would login to the devices through SSH to scan the config itself for vulnerabilities? If that's the case I don't know why it think so many devices have vulnerable configs when they don't.
|
|
#
?
Jan 12, 2024 01:04
|
|
|
I have Security + massive corporate bureaucracy. Rapid7 says our score is high. Better make sure the laptops sitting in the sorter are up-to-date so number goes down.
|
|
#
?
Jan 12, 2024 01:25
|
|
|
We're too small for a dedicated security team but we have our own little piece of poo poo false positive engine in Portnox. We've had it for over two years and it has NEVER found a genuine rogue device, but at least once a week it sure loves to randomly decide that someone's laptop -- the same one they have been using for months or years! -- is a rogue device and their port needs to be shut off IMMEDIATELY. It's bad enough that usually when someone sends a ticket in complaining that they don't have network access the very first thing I do is check the Portnox control panel
|
|
#
?
Jan 12, 2024 01:31
|
|
|
This week I started on a new project for a renewable energy company. Today they cancelled all the meetings with us to work on network issues, caused by a power outage in their datacenter.
|
|
#
?
Jan 12, 2024 01:32
|
|
|
Charliegrs posted:I'm a network admin and my security group is getting on my nerves. I believe they use Tenable to scan our routers/switches for vulnerabilities and then tell us to fix whatever is found. However, it seems like 99% of what they find are false positives and I'm wasting so much time having to prove to them that the devices they say are affected by various vulnerabilities are not in fact affected at all. Depending on why they are scanning, they might be required to prove that they checked every threat that popped up on the scan - even if both you and they know it's all theater, it's theater that has to be done in trackable form so auditors will check a box.
|
|
#
?
Jan 12, 2024 02:26
|
|
|
chin up everything sucks posted:Depending on why they are scanning, they might be required to prove that they checked every threat that popped up on the scan - even if both you and they know it's all theater, it's theater that has to be done in trackable form so auditors will check a box. This is definitely it half the time; I used to support a bank and they'd bring in whatever 3rd party firm to do audits every year, we'd get the same 3-4 vulns every year and had to produce X Y Z documentation every year. The other half of the time is that security teams know nothing about infrastructure (most of the time) and are just folks that went and got a cybersec degree so they push buttan and tell you what the output is with no regard for anything else because they don't know how anything outside their little buttan works.
|
|
#
?
Jan 12, 2024 02:31
|
|
|
MF_James posted:This is definitely it half the time; I used to support a bank and they'd bring in whatever 3rd party firm to do audits every year, we'd get the same 3-4 vulns every year and had to produce X Y Z documentation every year. Speaking as someone who moved from helpdesk into cybersec and was told "run this scan and chase down anything above X level", with zero knowledge of the infrastructure - it's a loving pain when the infrastructure people have no readable documentation and go out of their way to not give you details on the network you are managing scans on.
|
|
#
?
Jan 12, 2024 02:35
|
|
|
I had a heated debate with a security person that might have escalated to fisticuffs if it weren't a zoom meeting. We had a lot of "vulnerabilities" that were of the form "service has issues you might want to consider disabling it" but we were purposefully leaving it on knowing the risks and also mitigating it. And I wasn't even asking to have that specific vulnerability marked as ignored globally, but merely bringing up that it would be useful to have a process by which we could get vulns ignored if we all agreed to it. And the security person just... couldn't understand why we would ever want that. No idea why we might want to mark a vulnerability as a false positive, no idea why we might want to mark something as a known risk being mitigated elsewhere. All he could conceive of was "scanner go brrrrr".
|
|
#
?
Jan 12, 2024 02:47
|
|
|
If the scan isn’t a credentialed/privileged scan it may just be doing a poo poo job of device posturing so it just throws out vulns that could technically apply to the hardware. Some scanners and engineers just suck too.
|
|
#
?
Jan 12, 2024 03:06
|
|
|
The Fool posted:tbh, as someone that doesn't live in California, I have no idea what the distances between the cities are off the top of my head and I've actually driven between SF and LA before. since there's a bunch of New Yorkers up in 'hea Commuting from San Diego to Rancho Cucamonga is like commuting from Trenton NJ to White Plains, and about as meaningful. Driving from San Diego to downtown LA is comparable to driving from NYC past Philly to Wilmington DE Driving from LA to SF distance wise is like driving from NYC to the Outer Banks in NC. Time wise is more like driving from Boston to DC. California is loving huge
|
|
#
?
Jan 12, 2024 06:04
|
|
|
It's been a while since I've used Tenable. Mostly I remember it just wouldn't scan things half the time. Some of the computers might have had 30 critical vulnerabilities but we'd never know cause it couldn't be scanned for whatever reason. I can't remember how granular you could make a scan, they didn't trust us help desk people with admin credentials for Tenable. We also ran a STiG scan after imaging every computer. Our IA wouldn't approve them to be on the network without a 100% clear rate, but a group policy setting was preventing that. So we'd change it, run the scan, screenshot the 100%, group policy would revert the changes, we'd submit the screenshot and get it approved. The only other time we ran STiG scans were for computers that were disconnected from the network, but the army really wanted those old windows 7 machines secured.
|
|
#
?
Jan 12, 2024 14:45
|
|
|
chin up everything sucks posted:
I should never have to find you to ask you what you did to solve a problem. I had a call where I spent 20 minutes redoing something that someone else did because they never documented it. As far I could make out from talking to the user every thing the tech who talked to them about the pretty complicated process was 100% correct but he didn’t document anything and it took me 20minutes to figure out I didn’t need to do anything in the first place I had another call where another dude told them a bunch of stuff which was straight up wrong and hosed everything up. He documented his terrible reasoning and poor understanding thoroughly however and it took me 5 minutes to fix everything Write everything down! I want to know what color underwear you were wearing and what you had for breakfast when you solved the problem
|
|
#
?
Jan 12, 2024 15:16
|
|
|
Vampire Panties posted:since there's a bunch of New Yorkers up in 'hea this doesn't help me, nyc is just gta4
|
|
#
?
Jan 12, 2024 16:48
|
|
|
I looked up a metric that would make sense to me. California is 1040 miles tall which makes texas the 3rd tallest state.
|
|
#
?
Jan 12, 2024 16:49
|
|
|
Due to the number of large trucks and guns that are in Texas, it’s CLEARLY the shortest state.
|
|
#
?
Jan 12, 2024 16:53
|
|
|
States should be square. It never sat right in my head that going east-west through Illinois takes like 2 hours but north south is over 6. Tennessee and California are just more ridiculous examples of that.
|
|
#
?
Jan 12, 2024 17:00
|
|
|
We should just get rid of states and be one country instead of 50 fiefdoms
|
|
#
?
Jan 12, 2024 17:07
|
|
|
smh that you think there's only 50
|
|
#
?
Jan 12, 2024 17:08
|
|
|
tokin opposition posted:We should just get rid of states and be one country instead of 50 fiefdoms Yes, as long as we can still have stupid pointless regional rivalries.
|
|
#
?
Jan 12, 2024 17:09
|
|
|
As someone not from a square that who now lives in a square state, can we put unique notches on them or something? I never know what the gently caress I'm looking at when I look at a map.
|
|
#
?
Jan 12, 2024 17:11
|
|
|
FISHMANPET posted:Yes, as long as we can still have stupid pointless regional rivalries. Rivalries that can be traced all the way back to the first colonists with scary precision. I recently read through 'American Nations' and it's eerie. There's some valid criticisms over the specifics but the broad picture is spot on.
|
|
#
?
Jan 12, 2024 17:14
|
|
|
Internet Explorer posted:As someone not from a square that who now lives in a square state, can we put unique notches on them or something? I never know what the gently caress I'm looking at when I look at a map. Good news, Wyoming and Colorado aren't quadrilateral. Colorado actually has 697 edges. I couldn't find a precise number for Wyoming but it's probably a similar number. I feel like Oregon and Pennsylvania are the ideal shapes. Rectangular-ish with enough distinction that you can identify them easily. The Dakotas are just lazy and Oklahoma is showing off.
|
|
#
?
Jan 12, 2024 17:19
|
|
|
you shut the hell up its friday and this is violence
|
|
#
?
Jan 12, 2024 17:21
|
|
|
3 day weekend hell yeah.
|
|
#
?
Jan 12, 2024 17:23
|
|
|
I managed to get sick wed/thurs so I'm back for the Friday before a break. E: my coworker apparently cant read because she mistook issue XXXX for being XYXX despite the fact that I pointed out to the entire IT team that they are separate issues, because that's how numbers work. I wish I had coworkers that could read tokin opposition fucked around with this message at 17:29 on Jan 12, 2024 |
|
#
?
Jan 12, 2024 17:25
|
|
|
Internet Explorer posted:its friday and this is violence it's friday and googling geography facts is how I spend it instead of working
|
|
#
?
Jan 12, 2024 17:27
|
|
|
My soon to be former employer has MLK day off, so next week is a 4 day week. And then next Friday is my last day, and I start my new job on Tuesday, so I have one day of official unemployment, or another 3 day weekend. Also the team I got pawned off to gave me a task to do that I completed on the 3rd. The manager had an idea of a next task I could work on, but I said it needed to be designed and I wasn't in a position to do that because I don't know the team and their skills and standards well enough to design something they can actually maintain. So we had a meeting on the 5th where some guy just blabbed about the task but never really provided any design guidance. Nothing specific has been asked of me. My weekly meeting with this manager got cancelled on Tuesday, where she learned I'd put in my notice. We have a meeting scheduled this afternoon to discuss what I'll be working on. As I mentioned, next week is a 4 day week, and also I'm turning in my equipment next Friday so basically they've got 3 days of my time left, and I guarantee they're going to spend it faffing around trying to find something for me to do, rather than just waving goodbye and saying "have fun next week!"
|
|
#
?
Jan 12, 2024 17:32
|
|
|
xzzy posted:it's friday and googling geography facts is how I spend it instead of working geography owns
|
|
#
?
Jan 12, 2024 17:32
|
|
|
Has anyone worked at / know anyone that works at KnowBe4? Apparently I applied for a job with them and got a request for me to fill out some kind of assessment. Probably doing that today when I feel mentally together, I just know nothing about working for them.
|
|
#
?
Jan 12, 2024 18:16
|
|
|
22 Eargesplitten posted:Has anyone worked at / know anyone that works at KnowBe4? Apparently I applied for a job with them and got a request for me to fill out some kind of assessment. Probably doing that today when I feel mentally together, I just know nothing about working for them. Check the links in it to make sure it's not a phishing test.
|
|
#
?
Jan 12, 2024 18:26
|
|
|
Good idea, although I looked through my application history and I did apply. I just go through spamming a bunch of job applications because putting effort into individual ones is too soul-crushing. e: I copied the text for the link rather than following the embedded link and it seems valid, no PII requested. So I did it, although tbh looking at the JD it's probably not a good fit. I like taking the cognitive tests though, logic problems are fun. 22 Eargesplitten fucked around with this message at 19:31 on Jan 12, 2024 |
|
#
?
Jan 12, 2024 18:28
|
|
|
xzzy posted:States should be square. It never sat right in my head that going east-west through Illinois takes like 2 hours but north south is over 6. Internet Explorer posted:As someone not from a square that who now lives in a square state, can we put unique notches on them or something? I never know what the gently caress I'm looking at when I look at a map. There are spots in CA and NV where there are 0 permanent residents within a 100mi radius. My schools in CA had outdoor hallways and amphitheatres. 3 elementary schools feeding 3 middle schools feeding a high school. Schools in IA are a single giant building from Pre-K to High school, all indoors. Because of loving blizzards like today and negative degree high temps in winter. And then there's the different meaning of "hills" in each locale... There's obvious stuff too, but a lot is not anything you'd think about if you hadn't lived in both. [/rant] ilkhan fucked around with this message at 19:44 on Jan 12, 2024 |
|
#
?
Jan 12, 2024 19:36
|
|
|
ilkhan posted:My schools in CA had outdoor hallways and amphitheatres. 3 elementary schools feeding 3 middle schools feeding a high school. Schools in IA are a single giant building from Pre-K to High school, all indoors. Because of loving blizzards like today and negative degree high temps in winter. lol, what? That has nothing to do with what state you live in, that's just the difference between cities and rural school districts. Iowa has both, friend. I promise. 22 Eargesplitten posted:e: I copied the text for the link rather than following the embedded link and it seems valid, no PII requested. So I did it, although tbh looking at the JD it's probably not a good fit. I like taking the cognitive tests though, logic problems are fun. That got me thinking, an unsolicited job application questionnaire would be a hell of a phishing test. The response rate could double as an employee morale survey. 
Cenodoxus fucked around with this message at 20:02 on Jan 12, 2024 |
|
#
?
Jan 12, 2024 19:59
|
|
|
Cenodoxus posted:lol, what? That has nothing to do with what state you live in, that's just the difference between cities and rural school districts. Iowa has both, friend. I promise.
|
|
#
?
Jan 12, 2024 20:25
|
|
|
tokin opposition posted:We should just get rid of states and be one country instead of 50 fiefdoms
|
|
#
?
Jan 12, 2024 20:51
|
|
|
No because then the neoliberalism of New San Chicago Angeles would have full rule of the country and gently caress neoliberalism. Also before someone brings up "But rural areas aren't safe for LGBT people so the enlightened urban areas bla bla bla" I live in a small rural town with a well above average LGBT population compared to the country as a whole even if it's not San Francisco. 22 Eargesplitten fucked around with this message at 21:22 on Jan 12, 2024 |
|
#
?
Jan 12, 2024 21:18
|
|
|
Just had someone submit a ticket saying their password wasn't working. Not only did they email us their password in plaintext, they put it in the subject line of the email. That's a first. Good god
|
|
#
?
Jan 12, 2024 22:21
|
|
|
|
| # ? May 18, 2024 10:20 |
|
|
johnny park posted:Just had someone submit a ticket saying their password wasn't working. Not only did they email us their password in plaintext, they put it in the subject line of the email. That's a first. Good god But it doesn’t work so what’s the big deal! Yeah that’s a new low. I’m in the process of convincing management that dropping 15k year out of IT’s budget for a password manager company wide is worth it since some departments are pushing back on paying themselves. A single breach investigation costs $7500 per incident just to determine if an actual investigation needs to be performed so…
|
|
#
?
Jan 12, 2024 22:33
|
|
