|
pseudorandom name posted:wasn't there a brief period of time where you straight up yeah because there was a bug in the new iso they'd put up, but they didn't want to put back up the outdated iso. so it was just not availalbe until they got a newer version up
|
#
?
Jan 6, 2017 04:25
|
|
|
|
| # ? Apr 25, 2024 21:04 |
|
|
pseudorandom name posted:wasn't there a brief period of time where you straight up you still can't download a windows 7 ISO from MS afaict, but they even have a tool for downloading windows 10
|
|
#
?
Jan 6, 2017 04:53
|
|
|
that's because windows 10 is free software
|
|
#
?
Jan 6, 2017 04:56
|
|
|
what the gently caress, Citibank  edit: greenpos bestpos
|
|
#
?
Jan 6, 2017 05:08
|
|
|
I'm the USBDepository
|
|
#
?
Jan 6, 2017 05:10
|
|
|
Achmed Jones posted:I'm a founding member of my company's new security team. A week ago, I was a hobbyist with an OSCP certification. We're starting on risk assessment, prioritization, and all that, but I'd love any links y'all might have (or books to read) that'll help us out. I don't currently have the link (on mobile and too lazy) but it's called "Security Risk Assessment" and it's a Syngress Press book. It's pretty much my risk assessment Bible for audit stuff and basically what I used to write the closing on what a company needs to focus on and do at 30 days, 90 days, etc based on what was found during the audit.
|
|
#
?
Jan 6, 2017 05:12
|
|
|
Ur Getting Fatter posted:what the gently caress, Citibank u can hack atms like in the Fallout games 
|
|
#
?
Jan 6, 2017 05:29
|
|
|
Achmed Jones posted:I'm a founding member of my company's new security team. A week ago, I was a hobbyist with an OSCP certification. We're starting on risk assessment, prioritization, and all that, but I'd love any links y'all might have (or books to read) that'll help us out. just have everyone buy macs
|
|
#
?
Jan 6, 2017 06:00
|
|
|
negromancer posted:I don't currently have the link (on mobile and too lazy) but it's called "Security Risk Assessment" and it's a Syngress Press book. It's pretty much my risk assessment Bible for audit stuff and basically what I used to write the closing on what a company needs to focus on and do at 30 days, 90 days, etc based on what was found during the audit. is it this one (PDF)? http://www.grc.net.br/attachment.php?attachmentid=46&d=1307706976
|
|
#
?
Jan 6, 2017 06:18
|
|
|
flakeloaf posted:i agree there's a difference between a guy searching your drive because he's bored and a guy searching your drive cause his fbi handlers told him to, cause one's just poo poo luck and the other's a giant problem and also the part where they were like "well we can't indict on a single deleted image because you can't prove intentional possession or who possessed it... so let's just not tell the prosecutor it was deleted"
|
|
#
?
Jan 6, 2017 06:38
|
|
|
Ur Getting Fatter posted:what the gently caress, Citibank you hacked a bank across state lines? that's monumentally stupid!
|
|
#
?
Jan 6, 2017 06:39
|
|
|
Ur Getting Fatter posted:what the gently caress, Citibank
|
|
#
?
Jan 6, 2017 07:12
|
|
|
apseudonym posted:That was me, and I'm gonna stand by that with skill its not impossible to catch using things like timing and sizes and such signals, I worked with people who built tools for this kind of stuff (and sold them to lovely human being Yeah but can you do all that on a national scale?
|
|
#
?
Jan 6, 2017 08:39
|
|
) and I hosed a lot of lovely tor stealth projects that tried to mask as other things.
|
spankmeister posted:Yeah but can you do all that on a national scale? Sure, why wouldn't you? The information you get at a national scale makes it easier to spot outliers. But y'know,  and 
|
|
#
?
Jan 6, 2017 09:10
|
|
Heresiarch posted:you still can't download a windows 7 ISO from MS afaict, but they even have a tool for downloading windows 10 Microsoft's website will give you a Windows 7 ISO if you give them a valid key
|
|
|
#
?
Jan 6, 2017 14:05
|
|
|
Segmentation Fault posted:Microsoft's website will give you a Windows 7 ISO if you give them a valid key i remember i tried this with a key i got through some MS win 7 upgrade promotion and it would only let me download a french or korean windows 7 iso lol ala this poor gently caress https://answers.microsoft.com/en-us...d0-62ca58d027cb
|
|
#
?
Jan 6, 2017 14:34
|
|
|
apseudonym posted:That was me, and I'm gonna stand by that with skill its not impossible to catch using things like timing and sizes and such signals, I worked with people who built tools for this kind of stuff (and sold them to lovely human being wanna talk about how to not broadcast traceable signals if you know about it?
|
|
#
?
Jan 6, 2017 15:47
|
|
|
Heresiarch posted:you still can't download a windows 7 ISO from MS afaict, but they even have a tool for downloading windows 10 i am so loving glad microsoft is making this easy now so i don't have to clean viruses from torrented ISO's my friends got because they had a license but not a CD, which has happened several times Silver Alicorn posted:that's because windows 10 is free software not anymore 
|
|
#
?
Jan 6, 2017 15:49
|
|
|
ate all the Oreos posted:not anymore yeah it is just run the installer and itll still activate just fine lmao
|
|
#
?
Jan 6, 2017 15:56
|
|
|
BiohazrD posted:yeah it is just run the installer and itll still activate just fine lmao you sure it didn't have an OEM license attached to the computer at all? because my friend thought this with a new built computer and it required a key.
|
|
#
?
Jan 6, 2017 16:01
|
|
|
windows 10 clean install was never free. upgrade from win7/8/8.1 was free and then would activate on your hardware even if you installed again clean.
|
|
#
?
Jan 6, 2017 16:51
|
|
|
Flagrama posted:windows 10 clean install was never free. upgrade from win7/8/8.1 was free and then would activate on your hardware even if you installed again clean. yeah that's what i thought
|
|
#
?
Jan 6, 2017 16:52
|
|
|
Flagrama posted:windows 10 clean install was never free. upgrade from win7/8/8.1 was free and then would activate on your hardware even if you installed again clean. and that upgrade still is free. the 'deadline' was only there to fight procrastination
|
|
#
?
Jan 6, 2017 17:06
|
|
|
you can still get a free upgrade if you jump through some sort of user accessibility hoop, I don't know anything about that specifically You can still get the install media for Win10 from Microsoft and install it without a valid license just fine, it just locks you out of some features like Hackbunny said
|
|
|
#
?
Jan 6, 2017 17:39
|
|
|
Hey sec fuckup thread! I know I've seen some awesome posts about what cipher suites should be enabled...does anyone have a config or can link to an ideal nginx SSL config? Specifically for ssl_protocols and ssl_ciphers?
|
|
#
?
Jan 6, 2017 17:43
|
|
|
Segmentation Fault posted:you can still get a free upgrade if you jump through some sort of user accessibility hoop, I don't know anything about that specifically You have to pinky swear you'll use accessibility features (like, say, hotkeys) when using windows, and you can still install it from here: https://www.microsoft.com/en-us/accessibility/windows10upgrade That's it. Also, lol that microsoft themselves don't offer a torrent of their iso, it's a much better protocol for downloading large files than http if your internet isn't very fast (so, majority of the world that doesn't have win10 yet). Are there even any browsers out there that can resume http downloads today? Winkle-Daddy posted:Hey sec fuckup thread! I know I've seen some awesome posts about what cipher suites should be enabled...does anyone have a config or can link to an ideal nginx SSL config? Specifically for ssl_protocols and ssl_ciphers? My personal procedure is to use https://www.ssllabs.com/ssltest/analyze.html until it shows A or A+. It says what the problematic ciphers are if you have them enabled.
|
|
#
?
Jan 6, 2017 17:46
|
|
|
Truga posted:My personal procedure is to use https://www.ssllabs.com/ssltest/analyze.html until it shows A or A+. It says what the problematic ciphers are if you have them enabled. Yeah, I use that too, but this isn't internet accessible, so I was just hoping for a solid config for those two options.
|
|
#
?
Jan 6, 2017 17:47
|
|
|
Winkle-Daddy posted:Hey sec fuckup thread! I know I've seen some awesome posts about what cipher suites should be enabled...does anyone have a config or can link to an ideal nginx SSL config? Specifically for ssl_protocols and ssl_ciphers? Here u go: https://wiki.mozilla.org/Security/Server_Side_TLS e: might be worth putting this in the OP e2: the config generator: https://mozilla.github.io/server-side-tls/ssl-config-generator/ spankmeister fucked around with this message at 17:54 on Jan 6, 2017 |
|
#
?
Jan 6, 2017 17:47
|
|
|
Heresiarch posted:you still can't download a windows 7 ISO from MS afaict, but they even have a tool for downloading windows 10 no one should be running windows 7 when win10 is a free upgrade
|
|
#
?
Jan 6, 2017 17:51
|
|
|
pr0zac posted:no one should be running windows
|
|
#
?
Jan 6, 2017 17:53
|
|
pr0zac posted:no one should be running windows 7 when win10 is a free upgrade but windows 10 spies on you! Anyway check out my android
|
|
|
#
?
Jan 6, 2017 17:58
|
|
|
however, if you have to pr0zac posted:no one should be running windows 7 when win10 is a free upgrade windows 10 installer will take a windows 7 product key even on a fresh install in my experience, even after the period ended.
|
|
#
?
Jan 6, 2017 17:58
|
|
|
spankmeister posted:Here u go: https://wiki.mozilla.org/Security/Server_Side_TLS this is awesome. thank you!
|
|
#
?
Jan 6, 2017 18:05
|
|
|
Achmed Jones posted:I'm a founding member of my company's new security team. A week ago, I was a hobbyist with an OSCP certification. We're starting on risk assessment, prioritization, and all that, but I'd love any links y'all might have (or books to read) that'll help us out. are you already familiar with this article? https://medium.com/starting-up-security/starting-up-security-87839ab21bae Shaggar posted:the torrent is probably advertised as activation cracked once I needed a windows vm and was anxious about it. I bit down and just downloaded and installed windows 10, figuring that I'd just reinstall the vm if the evaluation period ran out. instead it turned out that windows works at, like, 99% capacity without activation. you can't configure telemetry, personalize the taskbar, things like that Heresiarch posted:you still can't download a windows 7 ISO from MS afaict, but they even have a tool for downloading windows 10 downloading windows was, for the longest time, exclusively allowed to msdn subscribers. except windows 2000, because it had java built in and the settlement with sun means they can't distribute it any longer in any way or form, you have to find a 3rd party reseller that still has it
|
|
#
?
Jan 6, 2017 18:24
|
|
|
r/netsec proves to be the best place to see painful discussions on password managers https://www.reddit.com/r/netsec/comments/5mahfl/1password_is_still_using_full_dropbox_access_to/ quote:1Password on iOS doesn't even promote good security. It allows copying text to the clipboard. Any third party app can read the clipboard – users have to manually clear the clipboard by copying over it. yes. jailbreak your device to fix a problem with 1password's innocuous copy and paste method
|
|
#
?
Jan 6, 2017 18:28
|
|
|
I wonder if 1password could use a custom keyboard instead of the clipboard, as an interface between password database and applications
|
|
#
?
Jan 6, 2017 18:41
|
|
|
Winkle-Daddy posted:Yeah, I use that too, but this isn't internet accessible, so I was just hoping for a solid config for those two options. check out sslscan which does most of the things ssl labs does but you can run it locally. spankmeister posted:Here u go: https://wiki.mozilla.org/Security/Server_Side_TLS yeah i think that's where i originally got mine from, then i massaged it until i was happy. here's mine if anyone cares: code:- ssl_dhparam - ssl_session_* - ssl_stapling also if you're a cool ssl bro and are 100% sure you'll only use SSL forever you wanna do: code:
|
|
#
?
Jan 6, 2017 18:43
|
|
|
Random question: Is there a way for me to NOT have a self-signed certificate on an production embedded device that may not be connected to the internet?
|
|
#
?
Jan 6, 2017 18:46
|
|
|
hackbunny posted:I wonder if 1password could use a custom keyboard instead of the clipboard, as an interface between password database and applications or people could just use icloud keychain like a normal person
|
|
#
?
Jan 6, 2017 18:52
|
|
|
|
| # ? Apr 25, 2024 21:04 |
|
|
ate all the Oreos posted:check out sslscan which does most of the things ssl labs does but you can run it locally. Yeah I janitored my own bespoke artisanal cipher suite, but the mozilla one is a very good starting point and you wouldn't be bad off at all if you left it.
|
|
#
?
Jan 6, 2017 18:56
|
|