|
Sorry, I only store my hashed password database on an encrypted flash drive stuffed in my rectum that requires a specific sequence of hot peppers at random Scoville values to dislodge. [Edit: Sorry, I'm not actually sure if this is a serious thread or not at this point.]
|
# ¿ Nov 15, 2016 06:16 |
|
|
# ¿ May 22, 2024 13:21 |
|
The idea of super-gluing all the USB ports in any company I've ever worked at is hilarious. You'd be laughed out of the room with a suggestion like that. At a place that requires a higher than normal level of security, sure. For most companies though, being that inflexible just isn't politically possible.
|
# ¿ Nov 23, 2016 21:44 |
|
That might actually be one of the dumbest things I've ever read.
|
# ¿ Dec 6, 2016 15:58 |
|
Can I have the password to your Dropbox account? Like, what the gently caress is even your point? Things that don't contain secure information don't need to be secured? Gee, thanks for that knowledge bomb. Back in the real world, we understand that people who set up a Dropbox account don't think "hey, this isn't as secure as it needs to be... maybe I shouldn't put my tax returns here." IF a location can potentially store sensitive data it should be secured using reasonable steps. 2FA is a reasonable step. No, it's not going to stop Mossad, but it is going to stop a million other circumstances. God drat.
|
# ¿ Dec 6, 2016 20:12 |
|
People who still buy IBM.
|
# ¿ Dec 8, 2016 22:42 |
|
I like my vShield agentless AV... works pretty well and doesn't seem to get in the way.
|
# ¿ Dec 13, 2016 21:06 |
|
I'm not aware of any history of vShield exploits. I did a quick look and I see one from 2012 that seems rather benign. I know AV is a bit of a joke, but what do you guys do in your environment? No AV across the board? Not even for using-facing systems? I find that hard to believe.
|
# ¿ Dec 13, 2016 22:10 |
|
Oh, tell my users to do something? Problem solved then!
|
# ¿ Dec 14, 2016 01:13 |
|
Back on the topic of AV and whether you should have it or not, saw an interesting article on Ars today - https://arstechnica.com/information-technology/2017/01/antivirus-is-bad/
|
# ¿ Jan 27, 2017 17:18 |
|
Cloudflare? Why not?
|
# ¿ Feb 24, 2017 02:28 |
|
Oof. Thanks.
|
# ¿ Feb 24, 2017 05:55 |
|
As IT Security folk reach for their bottle of desk whiskey....
|
# ¿ Feb 24, 2017 16:39 |
|
I think that "resetting all of your passwords" is overkill given the fact that the chance of this having been exploited in the past 6 months is low, the "good guys" found the issue, and CloudFlare have been working with search vendors to clear their relevant caches. I informed my users to reset their most sensitive accounts and to keep an eye on their bank statements, but until I see something that indicates this is being exploited it is more of a "reset your sensitive passwords when you have a moment" rather than "stop what you are doing and reset every password you have." Company-wise, we do not have any services that use CloudFlare that we are aware of, but obviously we are still researching that. [Edit: Like yeah, I get it, a full reset is the correct way of handling this. But back in the real world, the universe does not revolve around IT security. Add in the fact that theoretically speaking, some of the data that was leaked includes problematic info that isn't username and passwords that we can't clean up after, it is what is it is.]
|
# ¿ Feb 24, 2017 19:32 |
|
I highly doubt it unless we start seeing accounts being breached.
|
# ¿ Feb 24, 2017 23:17 |
|
OSI bean dip posted:Any responsible website would enforce a password reset on their users or at the very least advise them to do so. Can you post a running list of these responsible websites as they enforce password resets?
|
# ¿ Feb 24, 2017 23:42 |
|
I know most people in this thread probably already know this, but it is one of my favorite things to show people to get them to understand security is important and non-trivial. If you open a debug console in your browser you can change the type of the input field from password to text and them be able to see / copy out the password if someone has already typed it in or saved it in the browser.
|
# ¿ Mar 8, 2017 15:39 |
|
It is. Have fun with that knowledge.
|
# ¿ Mar 14, 2017 19:57 |
|
They had a database issue and lost... 9 days worth of orders? That's insane.
|
# ¿ May 15, 2017 18:24 |
|
Well, this looks like fun. OneLogin suffers breach—customer data said to be exposed, decrypted Customer account-only support page warns of "ability to decrypt encrypted data." https://arstechnica.com/security/2017/06/onelogin-data-breach-compromised-decrypted/
|
# ¿ Jun 1, 2017 15:59 |
|
I reserve that level of belligerence for svchost.
|
# ¿ Jun 27, 2017 23:24 |
|
Furism posted:I think the point is that Macs and Linux can give users a false sense of security and that's very, very dangerous. Because some software still "only supports SMBv1." loving shoot me.
|
# ¿ Jun 28, 2017 22:30 |
|
Subjunctive posted:So let the admin install and enable an optional component. Could even prompt if something tries to touch SMBv1 functionality. If this is directed at me, the software requires SMBv1 for pretty much everything. Not sure what you mean by "let the admin install and enable," unless you mean that Windows Server should install with SMBv1 disabled by default, in which case I would agree.
|
# ¿ Jun 28, 2017 22:42 |
|
Subjunctive posted:Yeah, that's what I mean. I think they really should do that with any older components. If you have a new version of something, allow and support old versions on some lifecycle timeline, but users should have to go out of their way to turn on the old stuff.
|
# ¿ Jun 28, 2017 22:49 |
|
Furism posted:Can't a GPO be put in place to disable it, then you'd manually turn it on on servers that *actually* need it? Genuinely wondering, I know nothing about AD administration. Oh yeah, you absolutely can. In my specific case this is a main line of business app and if the server gets hit we're pretty much down anyways. Needless to say the app has been on my "to replace" list since I started working for the company.
|
# ¿ Jun 28, 2017 22:52 |
|
anthonypants posted:I thought SMBv1 was disabled by default in 2012R2? But maybe not? It's supposed to be removed from some flavors of Windows 10/2016 as of the Creators Update release, according to a blog post from last year. Not by default, no.
|
# ¿ Jun 28, 2017 23:36 |
|
Cup Runneth Over posted:Disabling SMBv1 now enables ransomware Cool thanks for the link and explanation.
|
# ¿ Jun 29, 2017 16:08 |
|
I'm angry about Windows! (Sorry, I'm dumb.)
|
# ¿ Jun 29, 2017 19:19 |
|
All firewalls should run on Minecraft Redstone. It's the only layer abstract enough.
|
# ¿ Jun 30, 2017 06:18 |
|
nope nope nope
|
# ¿ Jul 10, 2017 00:38 |
|
I don't know much about Cylance, but I remember reading this article, which raised an eyebrow. https://arstechnica.com/information-technology/2017/04/the-mystery-of-the-malware-that-wasnt/
|
# ¿ Jul 10, 2017 05:06 |
|
That is god-drat terrifying.
|
# ¿ Aug 3, 2017 19:02 |
|
If that's all true, not particularly bright of him to be traveling to the US.
|
# ¿ Aug 3, 2017 19:55 |
|
Yeah, that's loving great. Head out to a conference, forget I got a business card with a condom on it, only for my wife to find it in my jacket pocket a month later while angrily demanding to know why I have a condom in my pocket after attending a conference.
|
# ¿ Aug 17, 2017 20:46 |
|
Double Punctuation posted:Also, do not click or copy+paste any links in this thread or elsewhere for this stuff. Always type them in directly. Are you... Are you talking to my grandmother?
|
# ¿ Sep 12, 2017 05:29 |
|
Wow. That's amazingly bad.
|
# ¿ Sep 12, 2017 18:17 |
|
Technology was a mistake. I want off this wild ride.
|
# ¿ Sep 22, 2017 22:31 |
|
I'm just going to stop reading this thread. You guys give me anxiety / make me drink more.
|
# ¿ Oct 11, 2017 17:49 |
|
Thanks Ants posted:Craft beer names are getting weirder Holy poo poo. I think we need to start a company. SA goons could be rich.
|
# ¿ Nov 2, 2017 20:13 |
|
K-Limed Lager (Lager with lime) I'm telling you. We need to start at SA IT brewery and quit our day jobs. I know some of you fuckers have overkill homebrew setups.
|
# ¿ Nov 3, 2017 02:07 |
|
|
# ¿ May 22, 2024 13:21 |
|
Rogue Beer IT, brought to you by Mike Rowe!
|
# ¿ Nov 3, 2017 14:49 |