|
This is pretty hilarious. Genius and Google have had sour relations for a very long time.
|
# ¿ Jun 18, 2019 01:29 |
|
|
# ¿ May 11, 2024 18:32 |
|
One day I need to critically review Dashlane since it shows up in half of the YouTube promos I see.
|
# ¿ Jul 23, 2019 17:13 |
|
My VoIP provider many years ago didn’t set my ANI up correctly and thus for years I could dial overseas and not get billed for the calls. I did a lot of wardialing back then. I have little faith in telcos getting this right.
|
# ¿ Jul 25, 2019 14:51 |
|
Some of you have never herded cats I take it.
|
# ¿ Jul 26, 2019 15:22 |
|
The way to look at radio is this way: you can capture all the radio data you want, but you cannot interfere with it and whatever you do record you cannot do anything with except solely for yourself. In theory, this means that there is nothing anyone can do to stop you from trying to decode the radio transmissions let alone record it, but if you start to disseminate the information you've acquired or use it to get leverage then you're running the risk of breaking the law.
|
# ¿ Aug 2, 2019 03:55 |
|
https://twitter.com/whid_injector/status/1157976716196941824?s=21 This is how you get on a list somewhere.
|
# ¿ Aug 4, 2019 15:56 |
|
https://twitter.com/katelibc/status/1159355614704783360?s=21
|
# ¿ Aug 8, 2019 16:24 |
|
CommieGIR posted:Honestly, Windows Defender is getting really good, I find it hard to need any other solution right now. You're talking to me. That said, my complaint is that Trend Micro's response was really loving lovely. There are countless women who have to deal with men who want to abuse and harass them via their mobile devices and computers. I've had too many women come to me telling me that their ex-partners are reading their e-mails and there has been at least two cases where it was due to these sort of stalking apps being installed. All this despite them running anti-virus.
|
# ¿ Aug 8, 2019 20:57 |
|
Klyith posted:The pharma industry charges money for lifesaving drugs, ethics capitalism etc. AV isn't the right solution; the issue is super complex and is beyond just dealing with someone's computer or device--as in you're right that it is more than a technical problem. I've written extensively about this elsewhere but the average person in an abusive situation isn't going to know what to do all the time and as much as I hate AV, it can be an appropriate solution when someone is trying to deal with things the best way they can. I have never found myself having to deal with an abusive adversary who has the means to control my devices, but I cannot discount any of the tools available when dealing with such if it were anyone else. It's easy for any of us to go and say "AV is bad" but TrendMicro going and saying that it isn't their job unless you pay them all the while offering a carrot on a stick with a free version is really scummy. That is where the "anti-virus is ransomware" remark came from. AV vendors offer this protection because there are companies that don't want to see this garbage software show up on their networks or they want to ensure that it is properly whitelisted. However, since it's often just companies that use it, Trend sees it fit to not bother with making it available to any free user who typically would be at home. Having worked in the industry, it is unsurprising that this has happened but again their response was loving garbage. I am glad that their social media team is atop of it but still. Evacide owns.
|
# ¿ Aug 8, 2019 22:12 |
|
The Iron Rose posted:Premium features = ransomware is a new one to me. Characterizing the free version as a carrot on a stick is also a really weirdly malicious way to talk about a pricing model. Do you object to the idea of paid software altogether? Because otherwise I don't see the distinction between an AV with premium features from software demos, or really any form of tiered capability software sales model to begin with. It isn't an effective response but in the case of a person being abused it's the one case where I won't bat an eye to them attempting to do whatever they can under duress--a rag will suffice as gauze if you find yourself dealing with something that otherwise needs stitches and proper attention and have no other means to deal with things. You will never, ever hear me talking positive about anti-virus but this is one of these edge cases where I will not go after people for suggesting it. Also while I am not a capitalist (and let's not derail this thread), I understand that under our system that things need money in order to exist and as such things need to be paid for. However, it's a garbage response that the sales rep gave to what the free version covers and at the very least stalkerware and its ilk should be covered by the free version. I have zero issue with spending money myself on products that actually work, but we're dealing with a completely different issue here.
|
# ¿ Aug 9, 2019 00:30 |
|
Schadenboner posted:Capitalism's actual winners have convinced him that's he's also one (he almost certainly is not). We're both women.
|
# ¿ Aug 9, 2019 02:04 |
|
The Iron Rose posted:I think they should suggest more effective things to someone being abused to install an antivirus program. I'm not sure the social obligation particular measures up against, idk, premium rootkit or web execution prevention, or scheduled scans or whatever. To what extent does a product designed to keep people from harm have a social obligation to provide protective services free of charge? I am horribly bitter about infosec products as a whole but anti-virus gets a special place in the depths of hate that I have within due to my time having worked for an AV company.
|
# ¿ Aug 9, 2019 04:09 |
|
LtCol J. Krusinski posted:I’ve just finished reading this entire thread, and I saved several of your posts into my keep for later.rtf file. If you wouldn’t mind, could you expand on your disdain for AV software? Is it all AV software or just certain companies? I don't really feel the need to talk about my time in the industry any longer--this was years ago and I've moved on to cooler things. My role wasn't super important but it did let me know how the inner-workings of the whole thing work. It's the fundamentals of AV that are wrong so it's irrelevant to anyone or even myself what company I worked for since the principles are all the same. The AV vendors with larger research and analysis teams are the vendors that tend to get better coverage but really that is it. AV doesn't scale well and is a technological dead-end as there are better ways to thwart off malware and the like.
|
# ¿ Aug 9, 2019 17:23 |
|
Just your regular reminder of where my hatred of AV comes from: https://twitter.com/ericlaw/status/1159850783862640641 Avast has done this poo poo before too.
|
# ¿ Aug 9, 2019 21:13 |
|
stevewm posted:A while back I posted about how our CC company has the most useless 2FA implementation.. Name and shame please. This is horrible
|
# ¿ Aug 13, 2019 20:09 |
|
stevewm posted:Not quite ready to do that yet... Are you a customer? It's easier to just get them publicly shamed to get anything dealt with. First-line people will be ignored. I know this first-hand.
|
# ¿ Aug 13, 2019 20:18 |
|
When I worked at an ISP over a decade ago, we stored all the passwords in plaintext due to having to synchronize our systems. Billing had the same password as your POP3/IMAP access. 🙃
|
# ¿ Aug 18, 2019 19:47 |
|
Arsenic Lupin posted:
someone needs to create a scanner that looks for misconfigured sonicwall ssl vpn servers because they can be run without auth (as in point a client at a host and hit connect and voila)
|
# ¿ Aug 23, 2019 02:25 |
|
I'm the $25,000 USD speaking slot.
|
# ¿ Aug 23, 2019 21:58 |
|
xtal posted:The Code Book is insanely good and my first edition copy from 1999 is one of my most prized possessions it's a good book
|
# ¿ Aug 24, 2019 00:14 |
|
VPN services are just about moving security goal posts.
|
# ¿ Aug 28, 2019 22:31 |
|
duz posted:If you just want to access another country's Netflix, don't ask the security thread, ask the Netflix thread. That is really it. The idea that you're going to use a third-party VPN to add an extra layer of security is really silly. If you're looking for a service that'll get you access to Netflix in some other country or to get around YouTube's copyright blocks, that is another thing all together. If you need your own VPN for security reasons, set up OpenVPN, Algo, or something else.
|
# ¿ Aug 29, 2019 18:13 |
|
fyallm posted:Is anybody familiar with CISCO AMP/McAfee Suite? One of my clients feels that these are sufficient countermeasures for not conducting endpoint vulnerability scanning. I disagree since I don't think that they can capture misconfigurations, malware from zero days, etc. but I haven't worked with AMP/McAfee suite since many many years ago so who knows what updates they have made. Years ago I had AMP demo'd to me and found it to be inadequate unless you're in the business of having something that'll make noise and do nothing. Every time I hear that some vendor has a way to track "zero day malware", my eyes immediately start to roll back so far into my skull that I know it's straining my optic nerve. All endpoint software is trash really so it's really picking your poison if you have someone or you are someone who wants to go this route rather than rely on what comes with Windows to begin with.
|
# ¿ Aug 29, 2019 19:19 |
|
If anyone wants a throwback, this is what what we used to use on SA back in 2000-ish to block ads. https://www.proxomitron.info/index.html It worked well and I used it to make websites less garbage by removing unnecessary content when I was still using dialup. I am sure it's littered with problems especially if the source-code were available to review.
|
# ¿ Aug 29, 2019 21:21 |
|
Raenir Salazar posted:Clearly the only reliable method of security is carrier pigeons. Adding chaos to UDP is not a terrible idea.
|
# ¿ Aug 31, 2019 00:10 |
|
BangersInMyKnickers posted:Avoid splunk unless you have Infinity Dollars Yeah. If you have money to throw at a SIEM, Splunk is fine. But if you're going to work within nasty budget constraints, just ELK it and find a consultant to provide support.
|
# ¿ Sep 12, 2019 00:11 |
|
Mustache Ride posted:I work for a VAR, I do what they tell me. Believe me, I loving hate Splunk. I used to work for a VAR and had to deal with Splunk. They’re the least worst product out there That said, I have little faith in Google since they didn’t manage to wow us when we were actively considering switching our 12,000 person company to them.
|
# ¿ Sep 12, 2019 05:37 |
|
Schadenboner posted:I'd really like to read Lain's words on Chronicle. I heard an interview they did on Risky Business but even though Patrick gives good interview and I trust his integrity it's still a sponsor interview and ? We aren’t considering it and I’ll only review it when our licence is up for renewal. However, Google has a notoriously bad history of giving long term support to its products even including those for the enterprise so take that as you will.
|
# ¿ Sep 12, 2019 15:14 |
|
I honestly am more interested in how this will change the Xbox homebrew scene.
|
# ¿ Jan 14, 2020 19:29 |
|
BangersInMyKnickers posted:If this gets figured out and someone makes a spoofed MS cert that the xbox implicitly trusts for execution, then yeah its basically jackpot and you're busting the whole thing wide open. That's assuming you have a pre-patch system obviously Someone offered me an Xbox One today since I quipped about this on Twitter before it all dropped. I'll try and avoid updating it.
|
# ¿ Jan 14, 2020 21:18 |
|
|
# ¿ May 11, 2024 18:32 |
|
evil_bunnY posted:The restore part is always the kicker. How do you restore, and where to. Testing your backups is important and often isn't done even by big firms.
|
# ¿ May 19, 2021 23:53 |