|
Lain Iwakura posted:nope. just me being a princess Is this the first time the secfuck thread has been restarted because of princessery instead of poop touching?
|
# ¿ Jun 27, 2017 02:46 |
|
|
# ¿ May 2, 2024 10:12 |
|
syscall girl posted:there have been so many restarts to this thread that even can't piece it together security by obscurity is the number one rule anyway
|
# ¿ Jun 27, 2017 02:51 |
|
in other news i just bought some domain names that make sense to me, any ideas how to get internet rich out of this? I'm considering just blogging about random infosec in the real world, as in, with the intention to actually help people in my network become better at their jobs and maybe make them stop posting about selling me random anti-wanacry software or should i just give up in the first place also i don't want to compete with anyone in this thread because you're all probably at least 5% smarter than me
|
# ¿ Jun 27, 2017 02:54 |
|
Rufus Ping posted:you can make an install pushing fake video codec updaters on your visitors ok yeah i want it to actually be usable to people instead of crap. pref infosec stuff i mean, most of my experience comes from corporate level of talking about this kind of nonsense and managing frustation about people who think security isn't real, but i think there must be something useful in there
|
# ¿ Jun 27, 2017 03:36 |
|
I thought that was the main draw to female pop stars
|
# ¿ Jun 27, 2017 03:41 |
|
if you say anything else than "zero day" you should probably not be in this kind of business
|
# ¿ Jul 9, 2017 10:28 |
|
cinci zoo sniper posted:i mean, how different is it from loosing phone with sms 2fa, or do your carriers restore stolen numbers? they do, but the attack surface with sms 2fa is not stolen phones according to the defcon folk on that note at work we had our first official mention of APT this week; achievement unlocked!
|
# ¿ Jul 9, 2017 10:38 |
|
Jimmy Carter posted:my girlfriend just started as IT person #1 at an office of like 60 and they are apparently freaking out that they don't 'have a firewall' yet a few posts back somebody foolishly got an old asa they may want to part with
|
# ¿ Jul 12, 2017 07:20 |
|
nist has some very cynical people in their copywriting department
|
# ¿ Aug 9, 2017 09:33 |
|
same for os x here, what's up with that?
|
# ¿ Aug 13, 2017 21:41 |
|
Volmarias posted:If your account can get owned by someone calling customer service and asking really nicely, even though there's a note on your account that says "IDENTITY THEFT DO NOT ALLOW CHANGES OVER PHONE" , the password complexity really doesn't matter. well you see it's just really inconvenient to not help the customer who's calling on the phone right then and there, and they may hang up the phone unsatisfied, so youre better off just changing some personal details including the email address and password and everybody's happy
|
# ¿ Aug 20, 2017 16:07 |
|
anatoliy pltkrvkay posted:https://goatkcd.com/936/ 1875 is slightly better. Yet sadly far less security related.
|
# ¿ Aug 20, 2017 22:21 |
|
Yes, use startpage. Also, this is certainly a tweet: https://twitter.com/GCHQ/status/901015380617043968
|
# ¿ Aug 25, 2017 15:40 |
|
These online coding interview or playground things are great. I got poked by someone today how Skype's new "interview" feature runs any and all code you throw in. including Python's os.system.. is there a way at all to protect yourself from abuse there? or whats the idea
|
# ¿ Sep 1, 2017 15:09 |
|
the urge to touch poop is high, but I suggest you don't
|
# ¿ Sep 1, 2017 15:29 |
|
pr0zac posted:Every one I've looked into has run on spun up then destroyed vm instances with locked down settings in dmzed network areas. You'd need a hypervisor escape to exploit and would still basically be outside the network after that. i have a feeling these are running in containers rather than vms though, and those are probably (still) easier to escape from if you can do syscalls on the hosting kernel... but again I'm not going to try and prove any of that
|
# ¿ Sep 1, 2017 16:01 |
|
this entire equifax fiasco is close enough example for how healthy most us systems are at this point now i'm waiting for the equivalent nonsense to happen in eu
|
# ¿ Sep 9, 2017 14:29 |
|
lol
|
# ¿ Sep 9, 2017 15:22 |
|
lets fine facebook €150000, that'll teach em! - EU lol, i make that back in 4 minutes - the zuck
|
# ¿ Sep 9, 2017 15:23 |
|
im aware what gdpr can do (20m eur or 4% of turnover - also i'd like to see the economic impact of the eu trying to impose these fines on non-european companies), but it still has to be proportional and it's already been stated they'll never jump up to the maximum fine unless you're actively making an effort to not be gdpr compliant. even then, it'll be a noteworthy case when they hit a company with even the 2%/10m ruling. gdpr in itself is a "let's wait and see" kind of thing for these kind of matters. for business, i've heard it described as "the business prevention policy", which i tend to agree with after dealing with gdpr within the our infosec and legal teams and its driving me nuts still, wouldnt want to be the equifax of europe when gdpr is around
|
# ¿ Sep 9, 2017 16:01 |
|
you should see the list of suppliers that will only be gdpr compliant "for us" if we pay 10x the list price on their website. see you in june 2018 motherfuckers but i still doubt how effective it really is, and how much real consumers actually care
|
# ¿ Sep 9, 2017 18:42 |
|
she was also a professional before she became chief security
|
# ¿ Sep 9, 2017 19:11 |
|
COACHS SPORT BAR posted:my virus is a series of ~ROTATING CODE CUBES~ are you mixing up movies with the cube? which was a great movie on its own also, degrees and current jobs have very little to do with each other, if anything degrees can only prove that you can think in some capacity in a way some other people would like to see you think, but they don't necessarily qualify you for a role in a landscape of ever changing constants with continuous evolution of circumstances. especially in infused you're basically always hosed as a leadership person. the above isn't defending the Equifax approach, they're hosed
|
# ¿ Sep 11, 2017 21:44 |
|
hope the EU shows it muscles now
|
# ¿ Sep 26, 2017 07:48 |
|
They also do normal financial auditing which tends to be required in many territories. In other news, pretend you work at phishlabs, now feel sad because you work at phishlabs and are probably very incompetent. Are they internet trolls or something? they reported the login page of our product as a phishing page. What the gently caress.
|
# ¿ Sep 26, 2017 10:01 |
|
Thanks Ants posted:are we at this point yet?
|
# ¿ Sep 26, 2017 19:12 |
|
mrmcd posted:Secfuck as a service is the hot new trend in tech, friend! I'm not entirely sure what the surprise is, loads of SaaS things have been doing this, especially the free ones. lots of HR SaaS is doing this too, because for some reason HR doesn't think privacy or protection of sensitive personal data is important
|
# ¿ Oct 11, 2017 09:28 |
|
good security teams help with the how part instead of being stuck in the infantile “no” phase of their lives. and that’s why security teams still have a hard time getting poo poo done of keeping control I’m angry at companies stuck in that mode. thanks for reading I guess
|
# ¿ Oct 19, 2017 11:26 |
|
so many more missed xss opportunities
|
# ¿ Oct 22, 2017 21:59 |
|
Bulgogi Hoagie posted:both angles on this take are real funny while i get the sentiment, this is the most bullshit thing ever. a lot of education doesn’t prep for a job like cso, it’s most down to experience and then still, a company like Equifax is clearly not aimed at protecting PII, they cared about revenue above everything else, and they’re far from alone. the cso job is arguably the hardest for any c level, since most of the c-suite STILL don’t see the point
|
# ¿ Nov 1, 2017 20:40 |
|
anthonypants posted:the cso of equifax was just some rich white woman who got the job because they're rich and white. they were hired to be a rich white executive and not a security officer. equifax, the company, doesn't see the importance of security so they just put any old rich white person in that position. i can guarantee they would not do the same thing for different executives; i.e. they would absolutely never hire a cfo who only has an mfa in music. oh sure but still going “lol she only had a music degree” is not the offensive part. she was horribly unequipped for the role, but that’s not because of her education
|
# ¿ Nov 1, 2017 21:26 |
|
i thought any and all communications by the White House had to be preserved? so even if he deleted his tweets there will still be record of it some place? also lol like delete on twitter doesn’t actually mean update twits set deleted=now() instead actually deleting
|
# ¿ Nov 4, 2017 08:54 |
|
fair points. I guess it really is the most fraudulent administration known to mankind
|
# ¿ Nov 4, 2017 09:39 |
|
anthonypants posted:wasn't there an account that screencapped tweets from politicians and would repost them when they got deleted? and then that account got shut down theres another one that puts everything trump tweets on a presidential letterhead and tweets that, i think its still up
|
# ¿ Nov 4, 2017 21:45 |
|
but my special flavour of a blockchain and open contracts are the fut... no
|
# ¿ Nov 7, 2017 16:38 |
|
it’s all too much effort for something only Facebook really cares about too I guess. let them innovate on censorship
|
# ¿ Nov 8, 2017 08:54 |
|
Isn't that just the github issues page?
|
# ¿ Nov 24, 2017 01:01 |
|
Was this posted yet? https://blog.imgur.com/2017/11/24/notice-of-data-breach/ Because, of course.
|
# ¿ Nov 27, 2017 16:16 |
|
in theory you can be harmed by any kind of data exposed, as - this is an example given to me recently in a gdpr seminar - even the kind of music you listen to may be of influence on, for example, the interest on your mortgage. if you have to pay half a percent extra because your profile is unfavorable, you’re harmed by that information being public. harm often wrongly thought of as purely physical but lol internet and privacy
|
# ¿ Nov 28, 2017 16:50 |
|
|
# ¿ May 2, 2024 10:12 |
|
also the gdpr seminar used that example because our tax service found that Bach listeners in general pay on time and correctly, so this information could be used in your advantage too of course
|
# ¿ Nov 28, 2017 16:51 |