|
I've been asked to create some kind of repository/system to document exceptions to our data protection agreement policy, and I'm wondering if anyone here has a more novel idea than a folder in Google Drive. Example: we want to deploy Slack, but my university has not yet been able to get Slack to sign a DPA, so using Slack goes against our security policy. The DPA exception is essentially a CYA for my department so that in case we get audited or bad poo poo happens, we can point to the sheet and say that so-and-so overrode our concerns and approved it anyway.
|
# ¿ Jul 16, 2019 15:51 |
|
|
# ¿ May 22, 2024 05:03 |
|
Volmarias posted:How many documents will you realistically be creating / storing? Honestly no idea at this point. Dozens? My boss just came to me last Friday and said create this thing, so I've been reaching out to our Information Assurance and Software Procurement groups to see what their take is on it. We actually have an internal Sharepoint site for security but I'm new in this job (~6 weeks) and have not even used it myself, in a meeting a few weeks ago where the team was trying to reorg the Google Drive, I got laughed at for even suggesting it as a place to store poo poo... I guess maybe it doesn't matter as long as we're CYA'd?
|
# ¿ Jul 16, 2019 17:42 |
|
Yeah sounds like I was probably completely other thinking this. Guess I'll chat with my boss a bit more, Sharepoint might end up being the best option in this case.
|
# ¿ Jul 16, 2019 18:08 |
|
evil_bunnY posted:Do you not have issue/change management software that can take attachments? We do but it's ServiceNow and I don't hate my users that much.
|
# ¿ Jul 16, 2019 19:22 |
|
This discussion reminds me that China/Russia/somebody has my fingerprints thanks to the OPM hack, and makes me wonder what kind of changes, if any, the three-letter agencies had to make following it. There had to have been a non-zero number of fingerprint-based biometric security systems deployed out there.
|
# ¿ Sep 20, 2019 21:14 |
|
Volguus posted:Could it be that those spammers are impersonating my (and others) phone number to spam call people? Like, real, used, phone numbers? I thought they just use some unused numbers. It was bad enough they were from the area, with my area code, but I was expecting them to be at least new phone numbers. It's called neighbor spoofing, and yes. I have even received voicemails of people threatening all kinds of things if I don't stop calling them. I almost never answer the phone anymore if it is a number not already in my contacts.
|
# ¿ Oct 16, 2019 18:24 |
|
azurite posted:Please consider: Eh I don't know if I even remember the specifics. Just poo poo like "if you don't stop calling me I'm going to hunt you down and make you regret it". People get real mad about their phone spam I guess.
|
# ¿ Oct 16, 2019 20:56 |
|
Ah neat, I kinda lost track of that ARG after the initial push a couple months back.
|
# ¿ Oct 29, 2019 03:28 |
|
Arsenic Lupin posted:This is pretty cool. You can create a traffic jam in Google Maps anywhere you want, from anywhere you to want, and even get the public to willingly assist you: https://www.anarula.com/#/map-jamming/
|
# ¿ Feb 2, 2020 17:52 |
|
cr0y posted:If any of ya'll wanted to know how democracy is doing... Bobby Tables is going to win this by a landslide.
|
# ¿ Feb 4, 2020 17:18 |
|
Docjowles posted:He doesn't touch on the ACTUAL most ridiculous part, which is that Equifax suffered zero meaningful consequences. Their stock price is at an all time high. The executives who were "forced to resign" or whatever are all rich as gently caress and never had to work another day in their lives anyway. Nothing changed at all. well yeah but they are totally gonna send me that $125 any day now!!
|
# ¿ Feb 11, 2020 19:13 |
|
Martytoof posted:Up until like 2006 all computers on the networks at the uni I worked at had public IPs. We have multiple /16's and everything that isn't a printer is on it. There appears to be 0 desire at central IT services to change this. Mitigation plans for computers still on Win 7 recently were "put it on the private IP space" but besides an IPAM system there is literally no visibility into what has been stuck there. My particular unit is trying to change that for our networks but the rest of the university is just doing uh....nothing? Sirotan fucked around with this message at 16:12 on Mar 4, 2020 |
# ¿ Mar 4, 2020 16:10 |
|
Zoom building their security team by hiring any rando that finds a vuln on Twitter now I guess?? https://twitter.com/BillDemirkapi/status/1248909505234075649
|
# ¿ Apr 12, 2020 00:31 |
|
It's for an ARG and I really wish the clues would drop at 4pm on a Friday instead of when I'm totally slammed at work. I appreciate your effort there calypsosaphire, just so busy.
|
# ¿ Jun 3, 2020 15:47 |
|
CLAM DOWN posted:If that's seriously what it is (lol if so just lol) please ask your game to not spam other threads with stuff for it. Thanks. Not my game and I haven't actually participated in it in like a year, nor do I have any clue who is involved or what it's for. That person has already had their account probated/banned a couple times. link for more info https://forums.somethingawful.com/showthread.php?threadid=3894623
|
# ¿ Jun 3, 2020 16:49 |
|
Lambert posted:You really should stop drinking at work, that's going to cost you your job one day. Hehe. I have managed to stay strong during my entire roni WFH period, though I did almost slip up and need to crack open a beer before quittin' time last week because of some real dumb poo poo regarding a VIP complaining about the spam filtering being too aggressive in Outlook, which he's using in our 100% G-Suite environment. CLAM DOWN posted:Maybe it's the key to closing off this timeline because we must be stuck in a temporal loop at this point. poo poo, I better abandon my work responsibilities and dig back into this then, just in case
|
# ¿ Jun 3, 2020 17:02 |
|
Biowarfare posted:Holy gently caress they pay 57k a year for this? Just curious where you're seeing the salary figure? Or did they change the listing.
|
# ¿ Jul 27, 2020 19:47 |
|
Sickening posted:Glassdoor, probably. Ah, yeah.
|
# ¿ Jul 27, 2020 19:52 |
|
I run this service for my org and it was super fun to come back to work after some days off last week to find this out. We are not impacted. Clickstudios statement on this is pretty bad and they also took down their support forums, which is a totally cool and normal thing to do after a major incident.
|
# ¿ Apr 26, 2021 16:24 |
|
chin up everything sucks posted:My boss sent me a $50 doordash gift card for my hard work. Yay! I have been offered a blanket, or insulated lunch bag I am very tired.
|
# ¿ Dec 15, 2021 16:03 |
|
Apparently it is pronounced "log forge" and I'm not sure how I feel about that.
|
# ¿ Dec 15, 2021 19:50 |
|
|
# ¿ Dec 17, 2021 17:16 |
|
Waroduce posted:Are there any security related bulletins one could subscribe to in order to keep abrest of "industry" developments? CISA has a nice mailing list that sends out alerts about vulns and other advisories. Just scroll to the bottom of the page and click Subscribe: https://www.cisa.gov/uscert/
|
# ¿ Feb 23, 2022 15:34 |
|
We must be on completely different lists then because in the last week I've been alerted to vulns in three different apps that are in our environment. Wouldn't have known about the Zabbix vulns they shared 20 hours ago without it. Their log4j resources were great too.
|
# ¿ Feb 23, 2022 21:20 |
|
FungiCap posted:Anyone else seen an increase in phishing of like... 400%+ since the Russian invasion? Our e-mail scanners are having a complete field day. I work for a European company. I can say that for myself personally, the amount of phishing/impersonation scam emails, phone calls, AND texts has gone up about 10x this week from what I usually get. Usually get 1 or 2 spam phone calls a month, yesterday I got 4. Also most of the phishing emails have been Norton Antivirus related, lol.
|
# ¿ Mar 4, 2022 16:29 |
|
Diva Cupcake posted:The employee who was phished was on their IR team. lol Can you point me to a source for this? I can find that the hacker was pretending to be Uber IT/IR but not the other way around.
|
# ¿ Sep 16, 2022 17:01 |
|
Diva Cupcake posted:A few Twitter threads referenced it. As well as having access to the security response break glass creds (in plaintext). tyvm
|
# ¿ Sep 16, 2022 17:05 |
|
Internet Explorer posted:My favorite on internal doors is just popping open a ceiling tile and climbing over the drywall. Had to do this once at a remote site because staff didn't leave a key for the network closet. Stood on my boss' shoulders (there was no ladder), stuck my head and torso up through the drop ceiling, and opened the door using a patch cable tied into a tiny lasso so that it could reach and lift the door handle. It worked but was extremely stupid.
|
# ¿ Nov 7, 2022 19:47 |
|
RFC2324 posted:ok, I'll admit I used a handle mostly because I wanted to be a cool hacker lol See I had to use a screen name so people wouldn't know you were a Girl On The Internet and treat you like poo poo. I think we've made limited progress on that front in the last 20 years.
|
# ¿ Jan 6, 2023 22:53 |
|
https://wheregoes.com/ is a great way to see where those redirects actually go without having to click on potentially malicious links yourself.
|
# ¿ Feb 5, 2023 13:45 |
|
Sickening posted:I wonder if imgur understands what kind of data they are sitting on right now. This vuln is only on Win 11 so I'm guessing that's a fraction of a percent of all the screen grabs from Windows that are hosted there.
|
# ¿ Mar 21, 2023 20:35 |
|
I gave up on the freezes just because I tend to churn credit cards for points, but yeah I've got fraud alerts set up everywhere as well as multiple services that alert me to credit changes (including one paid for by the government after being involved in the OPM breach ). The fraud alerts require identify verification so places have to reach out to me first before credit is granted which means I have to make some calls or deal with banks a bit to get them shut down. It's kind of a hassle but I just had somebody last week try to open a new United Visa card through Chase in my name. It's happened to me so often that it's basically become routine. The credit freezes should prevent you from having to go through that bullshit, though.
|
# ¿ Mar 26, 2023 13:37 |
|
adnam posted:Yikes - I thought about doing credit point churning but it just sounded like so much more work, and from the last time I looked into it, looked like most CCs had nerfed their reward programs Tbqh I have not been churning lately but there are plenty of current offers that can net you $500+ with minimal effort: https://www.doctorofcredit.com/best-current-credit-card-sign-bonuses/ The nice thing about the CC bonuses is they are not taxed as income like a bank account bonus is. Is it worth the bullshit? Eh, I guess I can put up with a lot for a little bit of free cash. YMMV
|
# ¿ Mar 27, 2023 21:39 |
|
They just seem to be down for planned maintenance? https://1password.statuspage.io/incidents/n6f7my821dw8?u=ylpccsvhfbqr
|
# ¿ Apr 28, 2023 02:28 |
|
I guess I am finally going to be switching over to Keepass XC. Also RIP to a great master password, gonna take me a while to undo that muscle memory.
|
# ¿ May 17, 2023 14:33 |
|
Klyith posted:Unless you have reason to suspect your machine is compromised, why would you do that? Because I am probably due to rotate it anyway and also I am just generally paranoid.
|
# ¿ May 17, 2023 14:59 |
|
Subjunctive posted:What purpose does rotation of master passwords serve? Someone brute-forced expensively it against your database and is just sitting on it to unlock a future version with a few more saved passwords in it? I have decades-old master passwords and good loving luck to me if I change them. I'm fully aware and will admit it's mostly an irrational decision. To be honest the password is a bit too personal no it isn't the name of my pet and I've known I should probably have changed it for a while now so I am finally using this as my excuse. It's really not a big deal and I was mostly being hyperbolic ok!!
|
# ¿ May 17, 2023 15:37 |
|
Anybody here have to use Tenable(.io)? They finally got rid of the Vulnerabilities and Assets 'workbenches' and jesus gently caress WHY. You can no longer do things like, at a glance see the total number of unique vulns in your environment. You get ">1000". Want more detail than that? gently caress you. Wanna see how many devices are currently vulnerable to one specific exploit? They'll tell you, if it's under 500 devices. If it's over 500, you only get to see ">500". Wanna export some data? You can select 5 items, or you can select all items. Nothing in between. Can't generate a report from the data because there are too many lines(???). Want to just export all the raw data with no filters applied so you can deal with it in Excel instead like a sane person? Lol, you can't, the export just silently fails. We just had a vendor demo this week for a replacement tool and it looked great and I am excited. I'm sure they are going to come back with pricing that we cannot afford and it is going to break my heart.
|
# ¿ Jun 1, 2023 16:50 |
|
incoherent posted:Have a look at intruder.io. Leverages the same tool and gives you a better understanding of your software\hardware posture. Basically, a nicer UI and easier to understand ways to correct actions. This seems interesting but their pricing is outrageous. Their pricing slider maxes out at 3% of our total number of assets and their cheapest plan would cost us $265,000/yr at that rate lol. I'm sure we could negotiate some kind of volume discount but just deep sixing Tenable for something else would probably end up costing us a fraction of that. But I do appreciate the suggestion.
|
# ¿ Jun 2, 2023 16:34 |
|
|
# ¿ May 22, 2024 05:03 |
|
victorious posted:I use it daily across multiple tenancies. Some still have access to the old workbenches. It does suck you can't see totals over 1000 at a glance anymore but you can still get the total if you export the data. Not sure what sort of data you're talking about with the 'select 5 or all items' thing, where are you running into that? I'll have to confirm Monday but it should be Findings, grouping by Plugin? You can select 5 plugins to export, but if you select a 6th the Export button just disappears. It will reappear if you select everything. My coworker reached out to Tenable support on this, thinking something was wrong, and was told that was working as intended.
|
# ¿ Jun 4, 2023 03:02 |