|
Volmarias posted:2020 is really just bringing that "is it real or machine generated" vibe to the news, rising towards a crescendo as the year goes on. The world is a simulation and we just found the bug that causes a Dwarf Fortress style tantrum spiral. Everything is spinning out of control in hilariously bad ways that shouldn't be possible.
|
# ¿ Aug 12, 2020 06:23 |
|
|
# ¿ May 8, 2024 23:03 |
|
I hate socializing with people I don't know, so I'm never taking one of those social sales lunches unless I'm required to by a boss. If they want to send snacks to my office/home, sure - but don't expect me to remember the company that sent them.
|
# ¿ Jan 13, 2021 19:36 |
|
BonHair posted:I'm betting a lot of execs would invest in butt security rather than cloud security. You could call it Cover Your Butt Insurance, they would immediately fund it.
|
# ¿ Nov 4, 2021 22:08 |
|
SlowBloke posted:Are you seriously expecting competence, skills and effort from an ubiquiti networks dev? I have posted before about my experience working for Ubiquiti most of a decade ago. Place was a shitshow.
|
# ¿ Dec 2, 2021 20:07 |
|
KillHour posted:I always thought of Ubiquiti as having really good hardware for the money but with perpetually beta software that may or may not eventually get all the features they promise. Which is great for certain market segments and terrible for others. The hardware was always iffy, mostly because of inconsistent manufacturing in China. Sometimes it was indestructible, other times even light weather or sunshine could break it. Then you also had knock-offs made in Russia after one factory sold the build designs to someone else after losing a contract.
|
# ¿ Dec 3, 2021 07:46 |
|
8am in the morning yesterday I pinged our infrastructure team about Log4J. They said that we were fine. 2 hours later they start really digging in and going "ok poo poo, we aren't fine." 11am a conference bridge starts, and I was included on it. 8pm last night the bridge finally ended. My boss sent me a $50 doordash gift card for my hard work. Yay!
|
# ¿ Dec 11, 2021 20:16 |
|
BaseballPCHiker posted:Someone on a conference call around my companies response to Log4J just said they werent ever told to patch their stuff so they never have and that as a result they arent vulnerable because they run Log4J version 1x. Point them to the 1.x CSV from 2 years ago that is just as bad.
|
# ¿ Dec 13, 2021 17:59 |
|
Fart Amplifier posted:If an iPhone was hit by this vulnerability, would a patch then erase any exploits? I'd assume you'd need to reinstall the OS, but would that be enough? A patch would prevent future exploits, but anything already put in place would be running with whatever permissions it gave itself.
|
# ¿ Dec 16, 2021 19:01 |
|
Fart Amplifier posted:Yeah, I'm assuming even at that point even a wipe might not be able to remove it A full factory restore would be the way to go - flash firmware and everything.
|
# ¿ Dec 16, 2021 19:18 |
|
Fart Amplifier posted:Is this exploit guaranteed to not survive a firmware flash? I don't know how that works. Honestly, I have no idea - I don't think anything survives a wipe + firmware flash unless the device was compromised via a supply chain attack, but I can't say that with 100% certainty.
|
# ¿ Dec 16, 2021 21:23 |
|
evil_bunnY posted:"where an attacker with permission to modify the logging configuration file" It's not dangerous at all except when used as part of a supply chain attack. Hacker finds a commonly used but rarely updated software package. Hacker finds a way to compromise the package so it now includes a pre-hosed version of Log4J and something that pings a C&C on rare occasion. Now the hacker has a self-identifying list of servers open for a RCE until people figure out the root cause.
|
# ¿ Dec 29, 2021 04:22 |
|
Volmarias posted:A version that, apparently, cannot just pop open a shell for itself...? Depends on how long they want to maintain access to devices, or if they want to burn them immediately. There is a business in backdooring devices and then selling access to them to other criminals.
|
# ¿ Dec 29, 2021 05:11 |
|
stoopidmunkey posted:My company is in the process of getting fedramp certified. They chose Qualys for web app scanning and after having the product since may, we just got our first successful scan (their SaaS servers kept running out of memory). Anyway, I opened the scan results and they’re loving useless. To get any value you have to download the scan report as pdf to view the actual output from the scans. How do people manage with useless tools like this apart from just buying Tenable or Rapid7 next budget cycle? Fun fact, with Qualys if you submit a false positive report - you lose access to the information and explanation you submitted. So if that issue is going to be reoccurring every time you run a scan, you need to collect that evidence and re-write the explanation again whenever the granted exception expires, which is usually every 6 months.
|
# ¿ Aug 10, 2023 02:33 |
|
Had an interview for a helpdesk job that had a Security+ cert as a requirement. Also, it needs a security clearance. And... it sounds like I'm actually getting an offer. It's going to pay WAY less than I hoped, but they are talking about putting me in for the clearance which is a huge step forward in my career. Crossing my fingers.
|
# ¿ Aug 21, 2023 20:34 |
|
It's officially even though I failed to get a job in InfoSec. At least this place is getting me a security clearance so my range of possible positions opens up significantly next time I'm looking.
|
# ¿ Aug 22, 2023 20:32 |
|
eonwe posted:Passed my CISSP exam! Nice! How hard did it feel?
|
# ¿ Nov 8, 2023 17:57 |
|
unknown posted:rear end in the middle? The doggy style of hacking
|
# ¿ Nov 9, 2023 14:28 |
|
A promotion came in - moving from government helldesk to government cybersecurity in a few weeks, just waiting for someone to start in 2 weeks to backfill me. No paperwork signed yet, hoping I can negotiate a pay bump.
|
# ¿ Jan 10, 2024 18:39 |
|
BaseballPCHiker posted:Local, state or federal government? Most government orgs have pretty set pay bands in my experience. They may be able to start you up a level or two higher but then youre on a set pay raise increase with each step/year of experience. Contractor on an USAF base, so I don't get the nice pay bands. Instead I get the minimum they can pay to keep people in the job. Turnover is unsurprisingly high due to EVERY other cybersecurity job that exists paying 25-30% more at a minimum.
|
# ¿ Jan 10, 2024 20:16 |
|
Methylethylaldehyde posted:Try to angle for a clearance, so you can giggle as the pay differential goes the other way. Local TS computer toucher jobs on base are 20-35k more than equivalent private sector gigs. They put me in for Secret clearance just to have me on base for helpdesk. My official clearance came through the same day I was told about the promotion.
|
# ¿ Jan 11, 2024 13:11 |
|
Speaking as someone who has problems staying motivated in learning specific stuff on my personal time for more than a month at a time, the CISSP feels like it exists specifically to block my advancement because it requires a lot of very specific niche knowledge but very little real world knowledge. But holy crap is it hard to get past doors without it or a college degree to my name.
|
# ¿ Apr 24, 2024 23:24 |
|
|
# ¿ May 8, 2024 23:03 |
|
Last day at my current job, 2 weeks before my new job is going to start.... Got a phonecall with an offer for the job I really wanted, better pay, benefits, better work.... Everything. loving taking it. ISSO here I go.
|
# ¿ May 3, 2024 17:05 |