|
fyallm posted:What internal collaboration application do you guys use to communication with other members of your security team? I got asked to evalute some products but it seems like everything is poo poo. Currently I was asked between: Slack, Wire, WhatsApp and Microsoft Teams ... WhatApp message delivery is somewhat spotty in my area, i would suggest slack or teams depending on availability of office 365(if you have it you should go teams).
|
# ¿ Jul 14, 2019 19:23 |
|
|
# ¿ May 12, 2024 10:06 |
|
fyallm posted:We have O365 but for some reason the beta of teams at our place doesnt have a mobile option? Wtf? No phone app? Unless you guys still have blackberries there are apps for all modern phone platforms... It sound like your o365 team hosed up something...
|
# ¿ Jul 14, 2019 22:11 |
|
Sirotan posted:I've been asked to create some kind of repository/system to document exceptions to our data protection agreement policy, and I'm wondering if anyone here has a more novel idea than a folder in Google Drive. Example: we want to deploy Slack, but my university has not yet been able to get Slack to sign a DPA, so using Slack goes against our security policy. The DPA exception is essentially a CYA for my department so that in case we get audited or bad poo poo happens, we can point to the sheet and say that so-and-so overrode our concerns and approved it anyway. Sorry to break the news but that’s exactly what a share point document library offers/is designed for ... Condolences
|
# ¿ Jul 16, 2019 16:57 |
|
Telegram doesn’t do full encrypted moderated channels, just 1-to-1 chats. You get encrypted transport but not encrypted content like signal/WhatsApp/keybase
|
# ¿ Aug 11, 2019 08:57 |
|
The Fool posted:I'm going to suggest something that sounds like a joke, but if signal/telegram are non-starters, this is a real option. If any of the team admins users is compromised and gets its mitts on the ediscovery roles all data is compromised tho, caveat emptor
|
# ¿ Aug 11, 2019 17:16 |
|
CLAM DOWN posted:Curious, do you all use hard tokens or phone apps for 2FA? We got rid of our RSA fobs in favour of the Microsoft Authenticator app. We use ms authenticator as our fleet is too mixed for yubikeys(not enough usb-c laptops to go for the usb-c+lightning combo). Android build is a bit buggy but doable, ios build is a tad more stable. The sole hard tokens we had to handle were for our finance staff and thanks to PSD2 those are gone too(sadly the bank defaulted to sms rather than totp).
|
# ¿ Jan 19, 2020 10:26 |
|
geonetix posted:I like to believe the MS Teams team works with Teams themselves and that's why they can't get any poo poo done. Office 365 support explicitly doesn’t support teams, email or phone only.
|
# ¿ Jan 22, 2020 20:07 |
|
Sir Bobert Fishbone posted:https://web.archive.org/web/20200409164556/https://medium.com/@s3c/how-i-hacked-worldwide-zoom-users-eafdff94077d Without the images, it loses part of the shitpost charm
|
# ¿ Apr 11, 2020 08:44 |
|
Arivia posted:Hey, I don't know where to ask for better advice on this front so I figured I'd try here. I'm looking to make an encrypted folder I can unlock with a password on Windows 10 Home. Just something to stick some Word documents in with sensitive data. Are there any good options for this sort of thing? I'm not expecting any particular attack or concern, but better safe than sorry with research ethics. You could make a sealed folder in OneDrive if you consider Microsoft trustworthy. It’s naturally unreachable until you unlock the folder and once you seal it back the local items get synched to OneDrive and removed from explorer access.
|
# ¿ Jun 25, 2021 16:28 |
|
Or make an IT ethics thread, the topic is specific enough to warrant a dedicated discussion instead of fading into the generic it discussion thread.
|
# ¿ Jun 25, 2021 21:23 |
|
Thanks Ants posted:It will be interesting to see how industry attitudes change to these remote management exploits, whether you'll see clients insisting that MSPs cannot have any persistent agents running as privileged users as even in the best case scenario it's increasing the attack surface (and increasing their costs accordingly as a lot of auto-remediation is removed), or whether MSP customers won't really know to ask for that anyway. TeamViewer is still the most used unattended home assist tool so you might take a wild guess on what will happen after this hack.
|
# ¿ Jul 4, 2021 08:58 |
|
astral posted:Wow, it sure is too bad no domain registrars let you use a strong password and MFA. Really a damned shame. The biggest Italian registrar (Aruba.it) won’t even let you use SMS OTP so yes?
|
# ¿ Jul 17, 2021 12:43 |
|
Klyith posted:The somewhat plausible way they could force a new printer driver architecture would be to move all existing printer drivers into a VM, and have a virtual printer to translate jobs into the legacy system. Otherwise it's a complete no-go, because the printer companies aren't gonna write new drivers for old hardware. That already exists, it’s called universal print. The sole blocker is being expensive as gently caress(and being a chore to push printers using gpo)
|
# ¿ Jul 21, 2021 19:57 |
|
Going back to the topic, Regione Lazio (the Italian county Rome is in) got cryptolocked to the point Covid vax calendaring is compromised(along many other services). Media is keeping a lid on cause and origin.
SlowBloke fucked around with this message at 20:17 on Aug 2, 2021 |
# ¿ Aug 2, 2021 20:10 |
|
Martytoof posted:I've been air dropped into a flailing corporate InTune project and from what I understand Microsoft "recommends" installing a teamviewer intune connector to allow "hands on" remote assistance/administration of remote PCs? We sidestep this by using quickassist (and a few GPO to make UAC go thru), the teamviewer connector is pretty much a link generatorn, not much else.
|
# ¿ Aug 5, 2021 12:44 |
|
Thanks Ants posted:I presume the policies to make UAC work is just to disable the prompt being displayed on a secure desktop, rather than anything specific to QuickAssist We originally did that to make SCCM remote control work so it’s not quickassist exclusive. Weirdly enough every remote control option in the intune docs beside teamviewer seems to have issues with uac.
|
# ¿ Aug 5, 2021 20:20 |
|
Martytoof posted:Anyone know if this affects Azure on-prem stacks or only the cloud platform? If you push logs to sentinel or log analytics you have another agent, i think even HCL uses a different stack. It might be used if you have powershell DSC enabled on linux machines on premises.
|
# ¿ Sep 15, 2021 14:52 |
|
Martytoof posted:The whole webauthn thing has completely passed me by, I'm ashamed to admit. Is there a non-gag recommendation to a good primer? I feel I probably understand individual components and building blocks based on my 30 seconds of googling but not how this fits together. https://developers.yubico.com/WebAuthn/WebAuthn_Developer_Guide/Overview.html And https://fidoalliance.org/fido2/fido2-web-authentication-webauthn/ Should be a decent starting point.
|
# ¿ Nov 4, 2021 10:56 |
|
@martytoof Microsoft has just published one of their passwordless ignite sessions on YouTube which is partly about fido2 in case you want some extra guidance https://youtu.be/3wtwUh6iyxY
|
# ¿ Nov 5, 2021 10:57 |
|
Thanks Ants posted:It's unfixable, for some reason printer companies have been dragging their heels on implementing a driver model that was first introduced in Server 2012 It doesn’t help when papercut will make any v4 printer drivers running on the papercut host kill the services and v4 on the client will lose most of papercut features. I honestly hope Microsoft start cutting universal print prices so papercut becomes too expensive in comparison.
|
# ¿ Nov 27, 2021 14:47 |
|
Hughmoris posted:At a high level, could someone explain how researchers set up environments for analyzing malware, viruses etc...? Making an isolated sandbox is trivial, windows offers a integrated option for windows pro/ent customers that requires a couple of click to set up. If you want a complete air gap between local clients and sandbox all you need is a nuc with segregated internet access(or a AWS machine to spin up, compromise and destroy).
|
# ¿ Nov 28, 2021 16:34 |
|
RFC2324 posted:Having malware that shuts down when it detects a server OS on a VM seems to be missing the trend towards having servers be virtualized. A vm with russian language seems to be the current "virus ain't going to run here" mode
|
# ¿ Nov 28, 2021 17:44 |
|
FungiCap posted:The opsec utilized here is so terrible it's comical. If you're gonna try and pull a big digital heist like this, at least spend a few weeks or months studying and learning how to implement some basic TTPs . Are you seriously expecting competence, skills and effort from an ubiquiti networks dev?
|
# ¿ Dec 2, 2021 20:05 |
|
Maybe I missed this thru the posting but if you decided to nerd out and have a unifi controller hosted on the cloud or exposed to the web in any way, upgrade to 6.5.54 immediately, any other build is vulnerable to this log4j vuln.
|
# ¿ Dec 11, 2021 16:08 |
|
Martytoof posted:I get about five or six random ADFS authentication screens every other week because my token expired in one of the dozen ADFS-SSO apps I have open for work on like one of three corporate devices I own. Your SSO setup is wack, unless the powers that be demanded token expiration to be immediate it shouldn't do that.
|
# ¿ Jan 3, 2022 08:38 |
|
Buff Hardback posted:QNAP uses textarea rather than input for the username/password fields Just checked, username is textarea while password is input. Also, as per 5.0, QTS will nag you constantly to activate MFA on every user so i think that there are some devs that want security while others don't. Having owned QNAPs for quite a while, there is no need for exposing the nas over then internet since you have their cloud intermediate relay service(which is far faster than synology equivalent in my experience) and native vpn options, but then i only use my nas for file storage and dlna which will happily work on most mediums. SlowBloke fucked around with this message at 09:19 on Jan 28, 2022 |
# ¿ Jan 28, 2022 08:18 |
|
Rust Martialis posted:Any Eurogoons interested in discussing NIS 2? I’m skeptical about it since it only mandates audit on a limited basis and the control/management entities it mandates at member basis have been created already by most nato members. What are your thoughts?
|
# ¿ Jan 30, 2022 14:41 |
|
Rust Martialis posted:I work for a data centre service provider, and we provide services for a number of public and private entities currently deemed either essential or important or likely to be deemed as such once NIS 2 is passed. I am our senior subject matter expert on security including governance, risk and compliance. Breach/threat notification under 24 hours is mandated on several members already for public sector(and public controlled in most cases). I work in an italian public entity and ANYTHING foreign that touches data(cryptolockers that wipe storage without recourse included) must be notified to csirt since late 2019. Failure to update csirt is one of the few things i know will have heads roll quick. If you work within the gaia-x framework you are already under similar rules too. I do am skeptical on the “critical” label, what will get the label? Physical infrastructure for essential services? Datacenter providers that run services for public sector? Software makers for public sector(which are known to have very lax infosec stances)? Any nis2 doc i read doesn’t provide clear guidance.
|
# ¿ Jan 30, 2022 23:01 |
|
underlig posted:Log 4j continues In english -> https://nvd.nist.gov/vuln/detail/CVE-2022-23307
|
# ¿ Feb 1, 2022 13:30 |
|
Jabor posted:Wait, so this was identified in 2020, but nobody noticed that a vulnerable version of that library was being used in log4j 1.x as well? Every infosec bod that ignored the existence of log4j is now laser focused on finding new issues with it to flex on other infosec bods. It's going to last for a while.
|
# ¿ Feb 1, 2022 13:45 |
|
Just as reference, current QTS 5.0 has 4.13.0 so every qnap nas is potentially exposed.
|
# ¿ Feb 1, 2022 16:04 |
|
Sorry to interrupt the ssl chat, just wanted to inform that qnap has pushed a qts 5.0 update to address the latest samba cve, samba version is now 4.13.17 .
|
# ¿ Feb 9, 2022 19:45 |
|
Guy Axlerod posted:I suppose if you used a digital signature on your messages, you could ensure that they were all authentic while they were all still sent in the clear. Other people receiving the signal could also ensure they were authentic if the public keys were available to them. Not sure if that meets the letter of the law but would make me feel better if I had to go that way. That's what PADES does for files or eidas for messages and is the standard in most European countries
|
# ¿ Feb 10, 2022 19:49 |
|
I know it goes without saying but now it's the time to send mass mails to your employees to warn about weird bullshit, start changing your anti spam filters to drop anything that is not covered by dmarc and so on. Russian state-aligned hackers are going to start hitting targets in nato-aligned countries in a short while IMHO.
|
# ¿ Feb 22, 2022 18:15 |
|
Sickening posted:Going to start? I mean that they are going to intensify and possibly start hitting fields that were considered "not juicy enough" rather than targets of opportunity as until now. I'm going to start spooling up veeam tomorrow and anticipate our quarterly restore tests, kinda resigned to get cryptoed soon being in public sector
|
# ¿ Feb 22, 2022 18:33 |
|
https://us-cert.cisa.gov/ncas/alerts/aa22-054a Oh joy it has begun
|
# ¿ Feb 23, 2022 20:36 |
|
in my experience cisa is a decent warning on current issues without going full nerd while csirt/cert units notification are a "kharak is burning" statement when the smoke clears and the best you can hope for is not being a juicy target so you have time to patch everything up
|
# ¿ Feb 23, 2022 22:09 |
|
@IE sentinel does that(when you bolt in all the defender connectors)
|
# ¿ Feb 24, 2022 23:16 |
|
Internet Explorer posted:Yeah, unfortunately current place is allergic to anything Azure/M365, so I was hoping there was something a little more specific. Something like Tenable, etc. I am going to have a hard time getting them to do anything and it has to be as stand-alone and modular as possible. You can run sentinel and add each component at your leisure, it will be less effective in cross-checking data the fewer connector you enable. If your firm is 100% onprem it's not the best tool tho.
|
# ¿ Feb 25, 2022 12:14 |
|
|
# ¿ May 12, 2024 10:06 |
|
the russian bank is the less worrying leak from anonymous https://twitter.com/AnonUkraine_/status/1498773498713497600
|
# ¿ Mar 1, 2022 23:33 |