|
Internet Explorer posted:This is the kinda poo poo I love to show people when they ask "how can we be 100% secure?" Yeah. My answer is usually, shut it off encase it in concrete wrap in tinfoil and bury.
|
#
¿
Dec 14, 2020 15:03
|
|
|
|
| # ¿ May 12, 2024 01:03 |
|
|
There are reports now of several SolarWinds execs dumping their stock options right before this blew up. They loving knew.quote:Now comes news that SolarWinds Co. Director Aurora Co-Invest L.P. Slp sold 2,079,823 shares of the business’s stock in a transaction last Monday, December 7th. Farking Bastage fucked around with this message at 21:53 on Dec 14, 2020 |
|
#
¿
Dec 14, 2020 21:48
|
|
|
CommieGIR posted:The Execs are always the first to know, of course. It means they sat on it long enough to get their golden parachutes
|
|
#
¿
Dec 14, 2020 22:21
|
|
|
Subjunctive posted:You don’t have to, it’s just that a 10b5-1 plan is an affirmative defence against charges of trading while possessing material non-public information. That is hard to avoid as a director, to the extent that trades outside a plan almost certainly fall afoul of it, and directors are the ones with personal liability at the end of the day (D&O insurance won’t cover you). But the trading disclosures have information about when the relevant plan was filed, so it’s easy to check Edgar if you want to. https://www.sec.gov/cgi-bin/own-disp?action=getissuer&CIK=0001739942 They got themselves and their buddies out before the hack went public.
|
|
#
¿
Dec 15, 2020 02:45
|
|
|
Ours are shut down until further notice.
|
|
#
¿
Dec 15, 2020 22:14
|
|
|
I got an email from a certain MAJOR firewall vendor regarding a 9.6/10 remote root shell vulnerability in their management servers that's about to be patched. I don't know who in their right loving minds would have that management server exposed to the outside world and not ACL'ed internally, but here we are.
Farking Bastage fucked around with this message at 17:31 on Jun 23, 2021 |
|
#
¿
Jun 23, 2021 00:01
|
|
|
Forti.
|
|
#
¿
Jun 23, 2021 17:31
|
|
|
The gently caress it does.. As much time as I spend shoring up poo poo that should have been retired 10 years ago, or worse, never should have been adopted if we were included in the first loving place from our lazy rear end programmers, y'all can gently caress right on off with this bullshit. Farking Bastage fucked around with this message at 04:54 on Jun 24, 2021 |
|
#
¿
Jun 24, 2021 04:50
|
|
|
Diva Cupcake posted:The CEH cert is worthless in private industry and I would have considered it theft had my company not paid for it back in 2016. I let mine expire. My Coworker narrowly missed the exam for that one. Also got a CISSP last year. CISO position created and he didn't even get an interview.
|
|
#
¿
Jun 25, 2021 00:31
|
|
|
That Kaseya hack was a hairs breadth from being catastrophic for us. The vendor management picked to work with us on a 9 million dollar Cisco phone project uses it and I just locked them the gently caress out of everything after crowdstrike picked up and stopped the malware that slipped in through kaseya and attempted to encrypt our whole phone system farm. Hell we even found the certificate with the key on a call manager box. Crowdstrike saved our rear end today.
|
|
#
¿
Jul 3, 2021 16:52
|
|
|
Thanks Ants posted:It will be interesting to see how industry attitudes change to these remote management exploits, whether you'll see clients insisting that MSPs cannot have any persistent agents running as privileged users as even in the best case scenario it's increasing the attack surface (and increasing their costs accordingly as a lot of auto-remediation is removed), or whether MSP customers won't really know to ask for that anyway. We mostly installed and configured that 9 million dollar phone system ourselves. The only reason they were allowed to sniff my network in the first place is because some salesman tucked the execs for a few hundred grand extra in annual MSP fees instead of just selling us the gear like we asked for. Seriously gently caress MSP's, gently caress Cisco, and double gently caress Cisco MSP's. I knew something was amiss when they would blame our non-cisco network for everything that could have possibly gone wrong with the phones. They once deployed a broken firmware to every(4000+) phone which bootlooped them all, then tried to blame it on using LLDP instead of CDP. Their "resident CCIE" was astounded that we don't just trunk vlans across everything instead of the multi-homed OSPF routed setup we have. It was damned satisfying watching him at the next meeting begrudgingly admit that "the network design is solid". That was from Presidio, who is is pretty notorious around here for getting their foot in the door as a cisco reseller then eventually getting entire government and private outfits to drop their in-house IT for MSP services. To answer your question, they just get to use bomgar like everyone else. 
|
|
#
¿
Jul 4, 2021 03:10
|
|
|
Volmarias posted:It's probably to try enticing the feds to pay the ransom since it's cheaper than actually solving the problem. that very thing is already happening so yeah.
|
|
#
¿
Jul 5, 2021 15:26
|
|
|
spankmeister posted:So there was a pretty serious vulnerability in Kaseya that was discovered by Dutch security researchers and they were in the process of working with Kaseya to get that resolved. While this was going on the REvil ransomware gang discovered the bug. Either they discovered it independently or they acquired details about it somehow, that part is not yet clear. That's how it got to us because I can assure you that now closed port and subsequent NAT that Kaseya was talking on was ACL'ed to hell and back, so big bad Presidio definitely had theirs exposed. At least I don't have to worry about their foot in the door at my agency anymore. Our in-house security averted a serious potential disaster when it stopped it cold on a live CUCM box.
|
|
#
¿
Jul 6, 2021 23:17
|
|
|
Crowdstrike was the only thing that prevented that poo poo from wrecking a 9 million dollar Cisco phone system and possibly large swathes of servers because a goddamned hardware vendor that we're contractually obligated to MSP services with was exploited through this and attacked us. What pisses me off is their client controls weren't at least ACL'ed to authorized users/VPN clients and was essentially open to the entire loving internet. I can assure you that tunnel the MSP had to come to us was hardened as gently caress. Crowdstrike dropped it in its tracks.
|
|
#
¿
Jul 10, 2021 01:55
|
|
|
evil_bunnY posted:Not just manage o364 but most often manage the transition, and processes integrating o364 to the business. I have done more 365 mail migrations than I care to admit.
|
|
#
¿
Jul 10, 2021 21:18
|
|
|
SAMBA now has a 9.9 CVE. https://www.samba.org/samba/security/CVE-2021-44142.html I think pretty much every non-microsoft NAC and NAS is running it. Farking Bastage fucked around with this message at 15:14 on Feb 1, 2022 |
|
#
¿
Feb 1, 2022 15:10
|
|
|
Subjunctive posted:Is vfs_fruit in the default config? At least you need write access of some kind to trip it… This is true. Still the most common attack vector is a users machine being rooted, so YMMV
|
|
#
¿
Feb 1, 2022 15:39
|
|
|
I will preface this by saying I'm not very strong on certificates. I have a case where I am trying to get single sign on working on wireless clients and I can't seem to get the presented certificate in an acceptable format for windows. SSO isn't going to work unless the cert chain is perfect, I get that, but there has to be something else I am missing here. Basically, the clients will not trust the radius cert without user interaction, even though I created a CSR using the NAC's openssl and ran that through the same windows cert server that the domain root comes from.  I'm running out of things to try. It feels like I have a context out of whack in there somewhere.
|
|
#
¿
Sep 12, 2022 15:04
|
|
|
Thanks Ants posted:Is it an actual trust issue, or are you just seeing clients prompted to use that cert when they try doing RADIUS auth? My understanding of WPA Enterprise in Windows was that to avoid users having to do anything you had to deploy the connections through group policy / config management and the certificates were part of that. It's prompting on a seemingly valid certificate that it should trust. It's a big enough org, I'll have to grab one of the server folks to check anything on that side. I've done this using a full windows NPS but it always seems to get weird when there's non-microsoft in the mix.
|
|
#
¿
Sep 12, 2022 15:12
|
|
|
SlowBloke posted:As much as it pains me to say, unless you have strict regulatory requirements, wpa2/3 enterprise with peap(password) is more than adequate for a conventional ad infra. It's all WPA2 using PEAP. I'm just trying to streamline it as much as I can. Things like password changes are *very* cumbersome, and usually clients have to forget/re-add the secure network. More often than not, users can't be arsed and just hop on the public and VPN in, as convoluted as that is 
|
|
#
¿
Sep 12, 2022 16:02
|
|
|
SlowBloke posted:You can set it up to use the AD profile password so the password change is transparent as long as the user always changes the password before expiration. That's the problem i'm having with the certificate. If you try to do it programmatically in any way, it just fails and blames the cert.
|
|
#
¿
Sep 12, 2022 16:41
|
|
|
JSON Bourne posted:I've run into this a lot with RADIUS using all sorts of combos of RADIUS servers and clients. The client can never really trust the certificate even if it knows about it because RADIUS is all happening pre-IP so the client can't do a CRL check or any other verification. The only way around this is to deploy the wireless profile via group policy or config management as Thanks Ants said. Thanks guys.
|
|
#
¿
Sep 12, 2022 21:14
|
|
|
|
| # ¿ May 12, 2024 01:03 |
|
|
After a long time in ops/network infra, I recently started studying for and I passed Sec+. We have a Udemy subscription I've been using for material(The Dion training material helped a lot), but I'm curious what the next one should be. I started into CySA+ since it was on Udemy and it's sort of kicking my rear end to be honest. There are so many tools to learn with names I can't remember, it's a little overwhelming. I feel like I've concentrated so much into network over the years, I've lost my grasp of a lot of other stuff, especially server architecture. Would my time be better suited to a different cert? I'm worried I may not be cut out for sec ops.
|
|
#
¿
Mar 19, 2024 17:56
|
|