|
Rust Martialis posted:If you have developers, etc who live to stay bleeding edge... Why call me out like this
|
#
?
Apr 1, 2024 20:05
|
|
|
|
| # ? May 14, 2024 09:28 |
|
|
Cup Runneth Over posted:Why call me out like this Because you make everyone else in IT miserable every day.
|
|
#
?
Apr 1, 2024 20:35
|
|
|
based64 fucked around with this message at 03:48 on Apr 8, 2024 |
|
#
?
Apr 2, 2024 01:43
|
|
|
based64 posted:drink the LTS juice it's good for you, nummy nummy Yeah I'm not great with keeping everything up to date anyway, but even so all my stuff seems to be at 5.4.x levels, which ~might be OK? It sounds like we're still trying to figure out exactly when the well got poisoned. Pretty lucky too, since I didn't realize just running xz -v actually executed the program and is a very bad way to check the version of something you suspect might be compromised 
|
|
#
?
Apr 2, 2024 02:11
|
|
|
I just run a linux distro from 1996 to be safe. No one will think to try exploits that old
|
|
#
?
Apr 2, 2024 11:56
|
|
|
Rescue Toaster posted:Yeah looking back at some of the clues that this person wasn't legit seem obvious, but it was basically only dumb luck and mistakes on their part that this didn't totally explode in our faces. Hopefully OSS at large does some reflection on this and what to do going forward.
|
|
#
?
Apr 2, 2024 12:35
|
|
|
Update: vulnerable versions are 5.6.0 and 5.6.1 https://www.cisa.gov/news-events/al...y-cve-2024-3094 
|
|
#
?
Apr 2, 2024 13:38
|
|
|
Easy to understand timeline https://research.swtch.com/xz-timeline
|
|
#
?
Apr 2, 2024 14:17
|
|
|
Pablo Bluth posted:Easy to understand timeline I don’t think I could be as devious with social engineering like this if I tried.
|
|
#
?
Apr 2, 2024 14:49
|
|
|
Kibner posted:I don’t think I could be as devious with social engineering like this if I tried. https://www.youtube.com/watch?v=3jQoAYRKqhg Also, someone noticed that Jia Cheong Tan, which appears some places, anagrams to CIA Agent John.
|
|
#
?
Apr 2, 2024 18:09
|
|
|
It also anagrams to A GOTHIC JENNA, so I choose to blame Wednesday Addams.
|
|
#
?
Apr 2, 2024 22:52
|
|
|
BlankSystemDaemon posted:Also, someone noticed that Jia Cheong Tan, which appears some places, anagrams to CIA Agent John. Smoking gun right there. Pack it up Langlailures.
|
|
#
?
Apr 2, 2024 23:00
|
|
|
All my linux VMs are running 5.2.2-5.2.5. Wooo!
|
|
#
?
Apr 2, 2024 23:10
|
|
|
some kinda jackal posted:I just run a linux distro from 1996 to be safe. No one will think to try exploits that old same, its called centos 7
|
|
#
?
Apr 3, 2024 00:39
|
|
|
I don't know if "lollers I spit coffee all over my monitor goon sir" is still probe worthy or whatever but I honest to god choked on my tea when I read that trying not to laugh lmao
|
|
#
?
Apr 3, 2024 00:48
|
|
|
post hole digger posted:same, its called centos 7 lmao
|
|
#
?
Apr 3, 2024 01:45
|
|
|
flakeloaf posted:It also anagrams to A GOTHIC JENNA, so I choose to blame Wednesday Addams. Lol, solid future username for someone
|
|
#
?
Apr 3, 2024 05:21
|
|
|
post hole digger posted:same, its called centos 7 Release Release date End of life CentOS 8 September 24, 2019 December 31, 2021 CentOS 7 July 7, 2014 June 30, 2024 CentOS 6 July 10, 2011 November 30, 2020 CentOS 5 April 12, 2007 March 31, 2017 It's still a supported OS so nyahhhh
|
|
#
?
Apr 3, 2024 06:26
|
|
|
it's 2007 somewhere
|
|
#
?
Apr 3, 2024 07:08
|
|
|
Why is 7 still supported when 8 went EOL years ago?
|
|
#
?
Apr 3, 2024 07:54
|
|
|
DoctorWhat posted:Why is 7 still supported when 8 went EOL years ago? Because 7 8 9. 
|
|
#
?
Apr 3, 2024 08:08
|
|
|
DoctorWhat posted:Why is 7 still supported when 8 went EOL years ago? Because 8 just was not that good, and 9 wasn't really ready yet to replace it when it was decided that 8 wasn't cutting it. Making 7 last longer in support was a good stopgap because there wasn't really anything wrong with 7.
|
|
#
?
Apr 3, 2024 08:13
|
|
|
Because we all know no enterprise has an upgrade policy or process that works and will just keep handing RedHat money for extended support.
|
|
#
?
Apr 3, 2024 11:52
|
|
|
DoctorWhat posted:Why is 7 still supported when 8 went EOL years ago? Because redhat screwed the pooch
|
|
#
?
Apr 3, 2024 12:30
|
|
|
Starting to see a few explainers linked from places like HN. I'm sure these people know and mean well but to me it's all just a bunch of random names so I'm still waiting for an "official" institution to throw their weight behind a deep dive. It's gonna be hilarious though if it turns out that this wasn't a nation state actor like everyone is angling at, but was just someone trying to read their ex's DMs.
|
|
#
?
Apr 3, 2024 12:34
|
|
|
based64 fucked around with this message at 03:47 on Apr 8, 2024 |
|
#
?
Apr 3, 2024 13:29
|
|
|
Boris Galerkin posted:[...] just someone trying to read their ex's DMs. That's literally all international espionage.
|
|
#
?
Apr 3, 2024 17:50
|
|
|
corgski posted:That's literally all international espionage. "No no no, I want to read YOUR ex's DMs, not mine."
|
|
#
?
Apr 3, 2024 18:56
|
|
|
Boris Galerkin posted:It's gonna be hilarious though if it turns out that this wasn't a nation state actor like everyone is angling at, but was just someone trying to read their ex's DMs. An Office Space style screenplay where some CS student wants to win a local CTF and backdoors xz, unintentionally kicking off a global infosec meltdown.
|
|
#
?
Apr 3, 2024 22:46
|
|
|
I would love to know what a cyber attack triage specialist consultant costs because I'm sure these guys are making stupid money.
|
|
#
?
Apr 3, 2024 23:21
|
|
|
Cannon_Fodder posted:I would love to know what a cyber attack triage specialist consultant costs because I'm sure these guys are making stupid money. You need to apply strategic defenses to your perimeter to maximize your security ROI and strengthen your overall security posture in alignment with NIST 800-53 best practices. Do you have XDR? SOAR? CSPM? CNAPP? MDR? ZTNA? Let me set up a few calls with vendors. I won’t be able to attend due to scheduling conflicts but these guys are great, you’re in good hands. That will be $95,000.
|
|
#
?
Apr 3, 2024 23:25
|
|
|
post hole digger posted:You need to apply strategic defenses to your perimeter to maximize your security ROI and strengthen your overall security posture in alignment with NIST 800-53 best practices. Do you have XDR? SOAR? CSPM? CNAPP? MDR? ZTNA? Let me set up a few calls with vendors. I won’t be able to attend due to scheduling conflicts but these guys are great, you’re in good hands. That will be $95,000. An hour, I presume. I mean the hands on keyboard "unfuck your poo poo" mercenaries that batman in during an ongoing security event
|
|
#
?
Apr 4, 2024 04:49
|
|
|
Last time I encountered Cisco's ransomware response team, the bill was somewhere around $25k/day. And that was five or so years ago.
|
|
#
?
Apr 4, 2024 04:54
|
|
|
Cannon_Fodder posted:An hour, I presume. My firm bills my time at $450 an hour; my salary is unexceptional and I'm probably making a lot less than someone at one of the big players in the field.
|
|
#
?
Apr 4, 2024 08:14
|
|
|
The Internet Oracle is still around. The Internet Oracle has pondered your question deeply. Your question was: > Please explain (or unexplain) why I tend to write parenthetical remarks > (like I just did (and am doing now)) in all the supplicatitive > questions that I send to your Vast (And Overflowing) Oracular > In-Basket. It's almost as if I have the opposite of a one-track mind, > where I am unable to keep onto (Look! A Squirrel!!!) one idea, but must > divert (or divide) my own attention (or lack of attention) (or > whatever) elsewhere. > > Your (not you're) thoughts, please. And in response, thus spake the Oracle: } I'm tempted to say you have a Lisp. https://internetoracle.org/
|
|
#
?
Apr 4, 2024 15:45
|
|
|
New XZ backdoor scanner detects implant in any Linux binary https://www.bleepingcomputer.com/news/security/new-xz-backdoor-scanner-detects-implant-in-any-linux-binary/
|
|
#
?
Apr 4, 2024 20:45
|
|
|
Anyone got any idea when Bitwarden will support passkeys on its mobile apps? It's been on the roadmap for a couple of years now but isn't there yet. I'm assuming it's pretty close, since the desktop app launched the feature in November 2023.
|
|
#
?
Apr 9, 2024 21:53
|
|
|
This is a brand new project, but it actually looks pretty cool. The less people rely on MS tools to manage MS infra, the better imo: https://maester.dev/
|
|
#
?
Apr 11, 2024 17:42
|
|
|
MustardFacial posted:The less people rely on MS tools to manage MS infra, the better imo: Why is that? I’m curious.
|
|
#
?
Apr 11, 2024 17:55
|
|
|
|
| # ? May 14, 2024 09:28 |
|
|
MustardFacial posted:This is a brand new project, but it actually looks pretty cool. The less people rely on MS tools to manage MS infra, the better imo: Or don't use Azure because it's noncompliant with GDPR.
|
|
#
?
Apr 11, 2024 18:12
|
|