|
MF_James posted:Someone got a little butthurt, thanks for the title infosec, you made my day Bah, same title, wrong dude. Sickening fucked around with this message at 02:18 on May 13, 2016 |
# ¿ May 13, 2016 01:47 |
|
|
# ¿ May 8, 2024 16:04 |
|
ratbert90 posted:I didn't see it here, but the other infosec thread is talking about AV again. MF_James posted:but it opens you up to other vulnerabilities! GOD DON'T YOU loving GET IT.
|
# ¿ Jun 29, 2016 19:34 |
|
Subjunctive posted:If PayPal or your bank get owned, they're going to eat the damages, not you. If LastPass gets owned you might get an apology email. (And as you say, the purpose of the basket is to hold all your eggs.) The bank doesn't eat anything. The sellers of whatever the unauthorized person bought eats them.
|
# ¿ Jul 28, 2016 03:22 |
|
stevewm posted:Any PCI experts in here? I can't seem to get a straight answer from anyone, and cannot really wrap my head about the PCI council documentation I can find on the topic.. I feel like that might be something you pay a consultant to walk you through. Right?
|
# ¿ Oct 25, 2016 17:26 |
|
"Khablam" posted:
20 mb hard drive is all your are ever going to need.
|
# ¿ Dec 4, 2016 16:07 |
|
mod saas posted:You're right. There is absolutely no possibility the allowed password length will increase over time. RFC2324 posted:No, don't you see, once you set your password you can never change it. That kind of functionality would me MADNESS!!! Don't sperg out over even the lamest of jokes.
|
# ¿ Dec 4, 2016 17:00 |
|
ChubbyThePhat posted:Looks like some cute fireworks blowing up around the BetterDiscord community. Haven't read into anything that's going on, my twitter feed is just getting a few people throwing red flags around. Why would you post this but not post the content?
|
# ¿ Feb 21, 2017 20:20 |
|
andrew smash posted:I wonder if it's a hipaa violation if I'm required to unlock a device with patient info on it by border patrol Borders crossings in the US and US border patrol is a magical land of no constitution or laws. There is nothing to wonder. All sense of reality is suspended there.
|
# ¿ Mar 14, 2017 20:02 |
|
Phone posting!!!! N/m
Sickening fucked around with this message at 00:43 on Mar 28, 2017 |
# ¿ Mar 27, 2017 23:13 |
|
Martytoof posted:I... don't get it. Phone posting mishap.
|
# ¿ Mar 28, 2017 00:43 |
|
Wiggly Wayne DDS posted:yeah there's a high burnout rate in security of people who actually care and want to get things fixed running against people who just want a paycheck and will patch around the issue to make sure that paycheck keeps coming Don't leave out the Nessus scan results middlemen.
|
# ¿ Feb 16, 2018 19:02 |
|
ozymandOS posted:What's UpGuard? http://lmgtfy.com/?q=upguard
|
# ¿ Mar 1, 2018 23:24 |
|
ChubbyThePhat posted:Sickening with the sick anti-joke punchline I couldn't help it, the joke was terrible.
|
# ¿ Mar 1, 2018 23:27 |
|
Avenging_Mikon posted:unwarranted confidence? Hey! I got an idea for a porn stage name...
|
# ¿ Mar 20, 2018 19:56 |
|
Double Punctuation posted:This is what Libertarians actually believe. Come on, let’s pretend this is a thread for smart people talking about real things.
|
# ¿ Mar 21, 2018 18:35 |
|
wolrah posted:This was about once a month for me in college. It was before there was official wireless in the dorms, so people would just hook up their own stuff and inevitably a bunch of them got hooked up with the LAN side connected to the campus network. They had nice switches but apparently hadn't enabled snooping and were really slow about actually doing anything about it. What an incredible chud you are. Like does anyone hear that story from you and think "wow, so cool!"?
|
# ¿ Mar 23, 2018 17:59 |
|
Potato Salad posted:They weren't going over the actual raw logs with their eyes to see if if any info wasn't being consumed Maybe having every celebrities password in the world was a thing their nerds wanted?
|
# ¿ May 3, 2018 22:15 |
|
Lain Iwakura posted:Tooting my own horn again here: I dug the windows nt screenshot. Nice.
|
# ¿ May 24, 2018 05:33 |
|
Diametunim posted:I can't take this PCI audit anymore. Six months of auditing is too god drat long for everybody to pass their laundry list of blunders over to InfoSec because we're responsible for everything in the end. I just want to die. Auditing is a huge part of infosec? Crazy
|
# ¿ Sep 20, 2018 17:41 |
|
Proteus Jones posted:Via SecFuck thread So who else is going to inspect their server hardware for tiny bumps that could hack their entire system?
|
# ¿ Oct 4, 2018 14:49 |
|
Governments are for the rich and the protection of their assets.
|
# ¿ Oct 5, 2018 01:24 |
|
Martytoof posted:CISSP was the most worthless cert I ever achieved. That said, it was also the most profitable. The entire thing is baffling. The test is fairly easy yet the dumb outside requirements and corporate adoption keeps it a thing.
|
# ¿ Nov 21, 2018 21:42 |
|
Proteus Jones posted:Remember, this is the same company that was knocking people’s mobile hotspots out of the air to force them to use their pay-to-access guest network at conferences and hotels. And got slapped by the FCC for $600K fine. Oh no, not 600k.
|
# ¿ Dec 1, 2018 15:18 |
|
Mystic Stylez posted:I'm going to ask some very dumb questions, but please bear with me. What porn are you watching this morning?
|
# ¿ Jan 3, 2019 14:59 |
|
Mystic Stylez posted:So if I can get a separate computer with the VPN installed and only my work stuff there is it sufficient or do I need anything more? Please make sure your work pays for this other computer.
|
# ¿ Jan 3, 2019 17:39 |
|
Boris Galerkin posted:And I’m saying the time to assume Facebook isn’t doing awful evil poo poo is over. It’s time to assume they are unless they can show otherwise. I don’t see the benefit to be this emotionally invested.
|
# ¿ Feb 23, 2019 16:37 |
|
Klyith posted:Context. The same image can be CP is one context and innocent in another. Context: you are a loving idiot.
|
# ¿ Mar 26, 2019 14:49 |
|
Virigoth posted:You are right they don't BUT they have always been super transparent and explanatory on what they are doing for X and Y just like we are when we provide tooling to our developers. This is a strong turn towards just yelling out mandates randomly after an audit with little to no explanation. This is a disturbing and growing trend. They usually provide these explanations, metrics, etc because we all like to learn and grow from how we do things on our product and how our culture is setup. This is a big step backwards for our culture and product to start throwing up walls and not communicating. I'm glad it looks like a standard tool, and I don't do any weird illegal poo poo on my laptop anyway because I'm not a complete fuckup, but I always like to try to check / learn as much as I can about these things. I think its reasonable to not thoroughly discuss your security watch dog tools with the people its intended to watch over. I don't think its anything to get concerned over.
|
# ¿ May 2, 2019 16:27 |
|
The Fool posted:Welp, I can't think of a more impactful anti-endorsement than that. No poo poo.
|
# ¿ May 11, 2019 03:46 |
|
Ranter posted:Yes I have full insight, our mfa service requires a small app on their device so I know we have old android devices out there. If we cut them off because we require a minimum version of android, but we also explicitly won't reimburse them for a new phone or at least partially reimburse, that's a dick move, no? They can say "I can't afford a new phone but you require me to have it to log in to our systems. Either pay for a new phone for me, give me a phone, or disable the 2fa requirement when logging in to applications." My company is getting into the legal jungle of this right now. My company doesn't want to pay a stipend to its 10k employees. We will see how it shakes out.
|
# ¿ May 17, 2019 20:03 |
|
AlternateAccount posted:Uhhh, that's not a thing. You can always ask for it, but confiscation of personal property, regardless of what you think it may or may not contain, is a good way to get sued in a slam-dunk easy fat settlement. Do no do this. I find it disturbing that someone even assumes they can take an employees personal property.
|
# ¿ May 17, 2019 20:59 |
|
Please don’t put a belt clip on a phone.
|
# ¿ May 19, 2019 00:58 |
|
I like the comments. This person could have gotten 2k in bounties! Microsoft bounty program is such poo poo.
|
# ¿ May 23, 2019 20:40 |
|
Its really not a good idea to rock the boat right away. Even something as dumb as that. Humans are just weird and its usually always better to right it down and revisit it in the near future.
|
# ¿ Jun 4, 2019 00:12 |
|
PBS posted:Are you the guy that got a bunch of people, rightfully, fired within like a month of joining a new company? True. They were people who report to me and reading the C level email is a big deal. I wouldn't put those two things in the same category. I could have gotten fired for not take action the way I did. Sickening fucked around with this message at 00:27 on Jun 4, 2019 |
# ¿ Jun 4, 2019 00:24 |
|
The mpl both recently invited some great people as well as cemented that they absolutely no clue on the direction of the mpl.
|
# ¿ Jun 10, 2019 23:45 |
|
Internet Explorer posted:We had an issue with Adobe Acrobat and ADFS due to our non-persistent VDI. They basically stopped offering serial keys with their cloud products, so you have to use their "log into account = licensed" scheme. The problem is that it would intermittently log users out between VDI sessions with no rhyme or reason. Then add in that the user actually had to log in, instead of SSO just logging them in automatically, and it was a huge headache. Users would be prompted for username and password and when they'd enter the username field and tab/click down to password, it would pass them through. Problem with that is users would panic and call because they didn't know their password. Do you use fslogix by chance?
|
# ¿ Jun 13, 2019 22:50 |
|
Does the CISSP test as easy as it looks?
|
# ¿ Jul 17, 2019 13:04 |
|
xtal posted:A good alternative is nothing because certifications don't really matter at all I wish we lived in a world where this was always true.
|
# ¿ Jul 17, 2019 23:44 |
|
|
# ¿ May 8, 2024 16:04 |
|
xtal posted:I wasn't even trying to be controversial, I've never met anybody who cares about certifications. I could see it being useful as a freelancer if you need to convince laymen, or if you're starting off and don't have anything on your resume yet. If only it mattered who you have met. It’s not the end all be all or even super important, but to say it doesn’t matter is naive.
|
# ¿ Jul 18, 2019 00:19 |