|
Say hello to the new linux kernel root vunerability CVE-2016-0728 released today before your vendor can do anything about it.http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/ posted:Introduction
|
# ¿ Jan 19, 2016 23:14 |
|
|
# ¿ May 7, 2024 11:26 |
|
I'm not saying they didn't disclose, but just gave a very small embargo window to one vendor (https://bugzilla.redhat.com/show_bug.cgi?id=1297475 / https://bugzilla.novell.com/show_bug.cgi?id=CVE-2016-0728) to fix across multiple vendors before doing a very public disclosure with working exploits - all before anyone could really get a tested patch in place/released. Semi responsible security research info release, good for maximum media attention basically. Won't be the first, won't be the last.
|
# ¿ Jan 20, 2016 19:44 |
|
Back to infosec... Literally gets you a usb U2F/Fido security key from amazon. (https://www.hypersecu.com/products/hyperfido) Half the price of Yubico.. No reason to not do it any more.
|
# ¿ Jan 1, 2017 19:13 |
|
Well, if you're in Canada, it's $9.99cdn with free 2day/prime shipping. That's what, like $7.50 usd? https://www.amazon.ca/HyperFIDO-Mini-U2F-Security-Key/dp/B01LZO0WE9 I'm not sure if it's possible to get cheaper. Makes me wonder if something is wrong with these tokens.
|
# ¿ Jan 2, 2017 22:52 |
|
Anyone got recommendations/horror stories on cloud SSO providers? (eg: onelogin, bitium, etc) Was just asked about it from someone that's running Gsuite and wants to do some auth integration against it, but gear doesn't directly support it (this is to do 802.1x auth - they've seen the light about wifi).
|
# ¿ Jan 13, 2017 19:34 |
|
2fa sms is never going away because it allows them to link your account to a cell phone number which then make your data easier to link to external databases.
|
# ¿ Oct 8, 2017 03:30 |
|
So IBM is now taking on Google on their home turf by literally "1 up"ping them. https://quad9.net quote:How Quad9 works That's right. IBM is now running a public anycast DNS service at 9.9.9.9 with the idea that all queries run through their advanced security screening system to block bad hostnames. IBM being IBM also registered quad9.com and forgot that their *.quad9.net ssl certificate doesn't cover it.
|
# ¿ Nov 17, 2017 16:25 |
|
They (Quad9) claim 9.9.9.10 is the same infrastructure, just without any filtering.
|
# ¿ Nov 17, 2017 19:57 |
|
https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/quote:... (much clipped) ... unknown fucked around with this message at 02:31 on Jan 3, 2018 |
# ¿ Jan 3, 2018 02:28 |
|
Google's posting on it (lots of technical details): https://googleprojectzero.blogspot.ca/2018/01/reading-privileged-memory-with-side.html?m=1 quote:...(clipped)...
|
# ¿ Jan 4, 2018 19:56 |
|
If you're comfortable with doing things yourself, voip.ms is actually fairly decent and cheap for putting a number on as they charge by usage (1c/min, plus like $1/mo for a number) generally with pops throughout North America. Any sip client works, and they've got a no-frills sms app too.
|
# ¿ Nov 2, 2020 04:07 |
|
CarForumPoster posted:TY. I ended up saying gently caress it just try the VPN and that worked. Going to just run all my scrapers through ExpressVPN. Small slowdown but not a big deal in the scheme of things. Use a tiny ssh server somewhere and use ssh's built in socks proxy capability? (-D option)
|
# ¿ Nov 11, 2020 17:58 |
|
Thanks Ants posted:CSP lets resellers make margin, so instead of paying Microsoft $x per month for your licensing, you can pay the same amount to a reseller but they will help you out when you need assistance because they're now making money off the deal. CSP licenses are also all pro-rated to the day, so there's no annual commitment to get the advertised pricing which actually makes it quite a lot cheaper if you need the flexibility of changing licence counts down as well as up more than once a year. That plus the number of companies that just have issues dealing with purchasing on credit cards is astounding because they have no other way of keeping control of their spending. (ie: accounting departments get to audit invoices before paying them)
|
# ¿ Jul 7, 2021 14:45 |
|
Zorak of Michigan posted:I have a vanity domain hosted at fastmail.com for my personal email, and when I have to register for a site that I'd rather didn't have my real email, I just register a new alias with the name of the site @ my vanity domain. IIRC unlimited aliases are included in the basic plan, and I suspect that's common since it's not like they take up a lot of compute cycles. I have similar one at pobox (now fastmail), and just before they sold they told me that my account was one of the top email spam destinations and wanting to cancel my account - receiving like 200k emails a month because of the anything@domain alias. After a bit of back and forth turns out they were saving all the emails in the spam system that failed spamhaus rbl lookups.
|
# ¿ Jul 16, 2021 17:53 |
|
I'm sure cisco execs in charge of licensing jizzed everyday when they discovered Meraki and how it effectively bricks the device when the license expires.
|
# ¿ Dec 3, 2021 03:49 |
|
https://twitter.com/p_malynin/status/1469866520939429889
|
# ¿ Dec 13, 2021 14:36 |
|
BrianBoitano posted:Yeah that's part of my variety of reasons - comparing with Paprika because I hate to admit there's only one good app out there IIRC, it (Paprika) is a goon owned project too. unknown fucked around with this message at 18:21 on May 12, 2022 |
# ¿ May 12, 2022 18:18 |
|
Lots of hardware is like that - generally a brilliant person/team comes up with the initial concept, but when the secondary crew (not-so brilliant) comes afterwards, they're tasked with just "get (new) function working" and the product slowly falls apart.
|
# ¿ Sep 8, 2022 14:35 |
|
My dealings with a couple heavily regulated/paranoid companies basically they wouldn't allow any video/chat app except for the ones they approved and controlled/locked down. As you can guess it was a poo poo show for that company employees. "nooo, let me run the meeting, it's just easier.." They also bought for the major vendors so that if you did use their non-regular (teams) system - basically they were locked out.
|
# ¿ Aug 24, 2023 01:22 |
|
Too often it's a case of a red team being brought in to bust the network and the network/blue team already know it can be done but there was never buy in by management to finance fixing the holes in the first place. So it immediately becomes an adversarial relationship from the beginning and its just downhill from there.
|
# ¿ Oct 15, 2023 03:15 |
|
BonHair posted:I think this is hitting the nail on the head. You're making the assumption that the blue team even exists and isn't just another title for some admin who's constantly being pulled into other work of greater emergency so never gets a chance to even document an issue in the first place. Generally that's how it goes in most companies I see.
|
# ¿ Oct 16, 2023 02:02 |
|
FungiCap posted:Sysadmins/Blue team not being overly defensive when given results from a pen test. More circular in my opinion: 10) Budget reduction/freeze over time 20) External red team test to see how well the company does [ie: mgmt trying to prove old budget wasn't necessary] 30) Budget increase to fix problems since they didn't "pass" 40) goto 10 This provides lots of political opportunities for boardroom fights and poo poo. A good CEO can stop the cycle, but most aren't that good.
|
# ¿ Oct 16, 2023 20:05 |
|
Biggest issue with small subnets is that most origins don't know how to put the ranges in popular routing registries so they'll get filtered out at various key points (IXs/large providers).
|
# ¿ Oct 19, 2023 17:12 |
|
rear end in the middle?
|
# ¿ Nov 9, 2023 14:13 |
|
Whoever is in the middle is still an rear end for making us drink more.
|
# ¿ Nov 11, 2023 05:36 |
|
|
# ¿ May 7, 2024 11:26 |
|
Serious Hardware/Software Crap › The Infosec Thread: Yes, time to move off Entrust
|
# ¿ May 6, 2024 18:45 |