|
Harik posted:I hate when purchasing departments have no loving clue what their requirements are. Great work guys, it's only your literal job. Purchasing isn't usually expected to have a goddamn clue imo. It's up to the data / system owner to know what the gently caress is going on, and I'd spitball that fewer than half of domestic businesses even know what "system owner" means. Condolences if it turns out the buyer is an entity that absolutely should know/function better.
|
#
?
May 19, 2024 08:54
|
|
|
|
| # ? Jun 10, 2024 18:00 |
|
|
Purchasing absolutely needs to have a clue. They don't have to know security, but they have to know the standard security requirements and also when to get a security guy involved. Same deal as involving legal and finance more or less. The entire point of a purchasing department is to have guys who can understand all the different stuff involved in a purchase, not just business need and budget like the department that needs the product would.
|
|
#
?
May 19, 2024 09:22
|
|
|
Around Y2K I ordered 4* Sun E220R rack servers. Half a rack. Purchasing decided they could get Sun E450 servers for less.  Two full racks, plus they're drawing a couple kilowatts
|
|
#
?
May 19, 2024 09:38
|
|
|
If you are moonlighting, don't login to your company poo poo on the wrong company laptop. It might fire off detections. Don't do this especially if the wrong laptop has enforced vpn connections and public ip's with your other companies name tied to them. And if you can't avoid all of this, come up with a convincing story other than "i logged in from my gf's laptop on accident". You aren't breaking the law. Nobody wants to tattle on you. Give people a reason to move on, I beg you.
|
|
#
?
May 22, 2024 02:59
|
|
|
BonHair posted:Purchasing absolutely needs to have a clue. They don't have to know security, but they have to know the standard security requirements and also when to get a security guy involved. Same deal as involving legal and finance more or less. The entire point of a purchasing department is to have guys who can understand all the different stuff involved in a purchase, not just business need and budget like the department that needs the product would. I once had a Cisco consultant shop drag their feet on a deliverable, and then send us the invoice for the project. Our AP people sent them a $2500 check without talking to the IT manager (me!). We never did get that deliverable. I wonder why. I wish I could remember the name of the consultants, they need their rep trashed.
|
|
#
?
May 22, 2024 08:21
|
|
|
Probably only relevant to me, but a couple weeks ago London Drugs, a local pharmacy released a statement saying they got hit with a cybersecurity incident. Then they made a statement saying they refused to pay the ransom. Lockbit (the attacker) put a 48h notice on their dark web blog yesterday afternoon This morning it's gone.  I wonder where they came up with the extra $17mil
|
|
#
?
May 23, 2024 00:41
|
|
|
very interested in that Telekom one, since Telekom Security is a root CA trusted in the major browsers
|
|
#
?
May 23, 2024 03:41
|
|
|
Subjunctive posted:very interested in that Telekom one, since Telekom Security is a root CA trusted in the major browsers Haven't confirmed for myself, but it seems like not a big deal 
|
|
#
?
May 23, 2024 16:53
|
|
|
excellent news
|
|
#
?
May 23, 2024 22:33
|
|
|
MustardFacial posted:Probably only relevant to me, but a couple weeks ago London Drugs, a local pharmacy released a statement saying they got hit with a cybersecurity incident. Then they made a statement saying they refused to pay the ransom. Lockbit (the attacker) put a 48h notice on their dark web blog yesterday afternoon Maybe they didn't https://www.cbc.ca/news/canada/british-columbia/hackers-london-drugs-data-1.7213141 quote:Retailer London Drugs says cybercriminals who stole files from its corporate head office last month have released some of the data after it refused to pay a ransom.
|
|
#
?
May 23, 2024 22:43
|
|
|
Yeah, looks like they put it back up. 300GB archive.
|
|
#
?
May 24, 2024 00:26
|
|
|
Broadcom to acquire Zscaler for $38Bigones
|
|
#
?
May 26, 2024 22:32
|
|
|
If you’re the product manager for Entra Global Access you’re feeling quite good about now
|
|
#
?
May 26, 2024 22:33
|
|
|
Well, it was a good run.
|
|
#
?
May 26, 2024 22:36
|
|
|
Is there any reason to believe that random substack?
|
|
#
?
May 26, 2024 23:03
|
|
|
I want to vomit. It’s been hard enough to get the gently caress off Symantec DLP because of Broadcom’s poo poo.
|
|
#
?
May 27, 2024 00:57
|
|
|
rafikki posted:Is there any reason to believe that random substack? Not that I can tell. An exchange in the comments indicates that the author might also work for a Zscaler competitor?
|
|
#
?
May 27, 2024 01:02
|
|
|
From Zscaler's CEO: https://www.linkedin.com/feed/update/urn:li:activity:7200857561930031104/ quote:Response to Broadcom Rumors
|
|
#
?
May 27, 2024 16:27
|
|
|
how did that alleged/denied breach of their poo poo turn out (and why didn’t their systems catch it before it was announced)?
|
|
#
?
May 27, 2024 16:48
|
|
|
iconv () bug in glibc Patch! Cve once I get to desk CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.ambionics.io/blog/iconv-cve-2024-2961-p1 quote:The Cisco PSIRT has assigned this bug the following CVSS version 3.1 score. The Base CVSS score as of the time of evaluation is: 9.8 https://tools.cisco.com/security/center/cvssCalculator.x?version=3.1&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCVE ID CVE-2023-0687, CVE-2024-2961 have been assigned to document this issue. Rust Martialis fucked around with this message at 12:46 on May 31, 2024 |
|
#
?
May 31, 2024 12:40
|
|
|
Zscaler has a lovely default feature flag that downgrades your non-browser web traffic to http/1.1. You won't know about it unless you discover it in testing or find it in its dreadful documentation. It won't be visible in your configuration console unless the feature flag is flipped. Have fun!
|
|
#
?
Jun 4, 2024 17:12
|
|
|
RIP https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features#deprecated-features 
|
|
#
?
Jun 4, 2024 19:20
|
|
|
Diva Cupcake posted:RIP All I'm reading is that it's going to continue to work.
|
|
#
?
Jun 4, 2024 19:26
|
|
|
spankmeister posted:All I'm reading is that it's going to continue to work.
|
|
#
?
Jun 4, 2024 19:28
|
|
|
NTLM, now brought to you by Entrust
|
|
#
?
Jun 4, 2024 19:29
|
|
|
spankmeister posted:All I'm reading is that it's going to continue to work.
|
|
#
?
Jun 4, 2024 19:29
|
|
|
smb v1 was superseded in 2007, publicly depreciated in 2014. then took until 2017 to be no longer installed by default. yet i can still hear of smb v1 use in the wild..
Wiggly Wayne DDS fucked around with this message at 19:41 on Jun 4, 2024 |
|
#
?
Jun 4, 2024 19:37
|
|
|
|
| # ? Jun 10, 2024 18:00 |
|
|
Look Windows for Workgroups won't run itself
|
|
#
?
Jun 4, 2024 19:39
|
|
