|
quote:The root cause here seems to be that the affected WAR components ingest and process all serialized data, and have a blacklist of "bad" content.
|
# ¿ May 1, 2019 18:27 |
|
|
# ¿ May 10, 2024 10:33 |
|
I'm cross-posting this from the Windows Enterprise thread since I'd like perspective from a wider security-focused group too I'm in the process of migrating off our ancient single tier Windows PKI setup. My initial thought was the standard offline root with online subordinate CA, but the more I think about it the more I'm considering just doing a single tier deployment. Our certs are generally only issued to domain-joined machines via auto-enrollment, and they're only used for internally-facing resources. In the event of the online CA getting compromised, it seems like it'd be quicker to remove the singler-tier CA's cert from Trusted Root CA's via GPO than it would be to online the offline root, revoke the subordinate CA's cert, publish the new CRL, and trust the clients to check the updated CRL - especially considering the CRL expiration on an offline root CA is typically pretty long (weeks or months). Am I missing anything here?
|
# ¿ Jul 16, 2019 18:28 |
|
Rufus Ping posted:Password managers that make you copy and paste by hand or work by blindly typing into any window with a plausible title are completely retarded, fail to protect users from phishing sites, and shouldn't be taken seriously by anyone. Please don't use them or recommend them to people autotype is bad, but given that most password manager exploits have been exploiting the browser plugins as opposed to the safe itself, and the frequency with which field names change (or are dynamically generated), copy-paste seems like as good a method as any wyoak fucked around with this message at 17:33 on Jul 25, 2019 |
# ¿ Jul 25, 2019 17:28 |
|
Watchtower is a moderately useful add-on in the newer versions, up to you if it's worth the cost
|
# ¿ Jul 31, 2019 16:37 |
|
D. Ebdrup posted:You're posting in the infosec thread, and you can't make the definitely hugely massive leap of logic that if standards aren't open and implemented across different alternatives so that people have a choice, you're just putting money directly into Alphabets pockets since they make the vast majority of their money by tracking people?
|
# ¿ Sep 6, 2019 18:59 |
|
CommieGIR posted:Same, I was gonna take my OSCP this year but then Covid hit and my company is now declining to pay for the test, so I'll wait till next year and keep practicing.
|
# ¿ Sep 2, 2020 21:34 |
|
CommieGIR posted:Brought to you by Brian Krebs!
|
# ¿ Oct 29, 2020 18:09 |
|
CommieGIR posted:Brian Krebs is an ex Windows Admin who plays security and regularly says poo poo that is based on little evidence. He's a pariah in the Infosec community, especially because he doesn't take criticism well. Kinda like Kevin Mitnick but Kevin does actually know a lot of things, even though he sold his soul.
|
# ¿ Oct 29, 2020 19:53 |
|
|
# ¿ May 10, 2024 10:33 |
|
Ynglaur posted:A credit bureau lost all of their customer records. Nobody went to jail. I don't think anybody was even charged (except maybe for dumping stock?). So, probably somewhere between lol and zero.
|
# ¿ Dec 22, 2020 16:17 |