|
modal editors are terrible
|
# ¿ Jul 2, 2017 00:00 |
|
|
# ¿ May 18, 2024 02:40 |
|
Cocoa Crispies posted:i got better things to do *plays factorio for six hours* this but unironically
|
# ¿ Jul 4, 2017 15:07 |
|
theres litterrally us cyber command. cyber is old as heck.
|
# ¿ Jul 4, 2017 15:14 |
|
Subjunctive posted:I don't think alt-names are a solution for something like slack that dynamically generates hostnames. A 2-hour process is a long time if you have a lot of machines, especially if you provision new addressable systems frequently. is lets encrypt cert generation not immediate? what is the 2 hour delay? also if you have that much a problem you can provision names prior to provisioning hosts to solve the problem. if the goal of wildcard certs is ease of deployment, then why not include them in your machine templates instead of generating them on the fly? if you have the capability to generate on the fly, why not generate certs with the right names?
|
# ¿ Jul 6, 2017 17:53 |
|
wyoak posted:I thought CSR's didn't include the private key, wildcard or not yeah I've never sent or received a private key from the CA. wildcards function the same as everything else. the problem is mostly around what happens with the cert in your local environment where someone is like "hmm, i could generate a separate, identical wildcard cert for this new server or just copy the existing one from another server." Also according to lets encrypts docs they have a limit of 5 identical cert requests per week so you'd be limited to 5 new hosts per week if you wanted new keys for each wildcard.
|
# ¿ Jul 6, 2017 17:56 |
|
Subjunctive posted:the 2 hour delay for re-provisioning came from the person I was quoting, based I believe on how long it took someone (idk who) to rotate certs on a set of servers you were suggesting generating them on the fly instead of reusing existing keys.
|
# ¿ Jul 6, 2017 17:58 |
|
right that part makes sense, but it clearly wasn't designed w/ wild card certs in mind.
|
# ¿ Jul 6, 2017 17:59 |
|
Subjunctive posted:no, I was suggesting using wildcard certs, because slack can't predict what names they will need. if you go and create a slack community called "shaggarfanclub", then https://shaggarfanclub.slack.com" works moments later. you were suggesting separate wild card certs (same domain, different key) instead of re-use which would require requesting new, identical wildcard certs with other keys. if you aren't doing this then you are re-using the keys and increasing your attack surface.
|
# ¿ Jul 6, 2017 18:01 |
|
Subjunctive posted:oh, sure. just like you'd need to do to protect an alt-name version similarly, right? if you get the a|b|c|d|... key from one server you can see all traffic to all the servers, same as wildcard. Bangers was suggesting that you not share keys across servers, which means reissuing afaik. sure but with the wildcard its more likely to be re-used everywhere meaning more traffic is vulnerable to a leaked key. using alt names limits exposure. this is assuming you're installing these alt-name certs on clusters serving the same group of names vs having alt-name certs for every name you host across all clusters in every cert. in that case you're right its not much different from wildcards, but its also a bad idea.
|
# ¿ Jul 6, 2017 18:10 |
|
Subjunctive posted:I would be *extraordinarily* surprised if LE's implementation asked for the private key, even if other CAs somewhere do or did, and we're talking about LE here yeah i doubt that that would be a thing. i have a few godad wildcard certs and they were all generated from CSRs
|
# ¿ Jul 6, 2017 18:11 |
|
tl;dr: the primary benefit of lets encrypt was avoidance of key-reuse and wildcards and now they're gonna end that so w/e. its stupid but i guess just don't use them yourself.
|
# ¿ Jul 6, 2017 18:16 |
|
Jabor posted:While there's a lot of value to "if you've got an exploit against this target, how much lateral movement do you get to non-vulnerable targets, and how quickly is the intrusion identified?", I don't see what you get by using actual 0-days rather than just, say, giving the pentesters local root on a particular box to jump off from. its a good way to test realistic intrusions against your generic mitigations to see if you actually can limit the spread or other damage beyond the unknown effects of the 0day. like if they can get into a box with the exploit but then you have mitigations that prevent them from escaping the machine/container/other jail, they might be able to gently caress up whats in that container but you can prove the efficacy of your other mitigations.
|
# ¿ Jul 7, 2017 14:53 |
|
winphone ftw
|
# ¿ Jul 7, 2017 16:30 |
|
cinci zoo sniper posted:i mean, how different is it from loosing phone with sms 2fa, or do your carriers restore stolen numbers? you just get a new phone and the same account w/ same number. the old phone/sim are deactivated. the reason SMS is so common for 2fa is because the user doesn't have to manage their own key recovery when their 2fa mechanism is lost. For example: anthonypants posted:just use the gauth recovery code when you set up gauth on your new phone doesnt work for most users who are just going to pass right by the recovery key section during setup because all they see is a list of numbers and letters that they don't understand.
|
# ¿ Jul 9, 2017 19:49 |
|
oh yeah then you'd be hosed. same as if you didn't copy down your recovery keys for a non-sms 2fa. altho depending on the account they probably have a way to remove the 2fa which is an easier target than your SMS was in the first place.
|
# ¿ Jul 9, 2017 19:55 |
|
anthonypants posted:if we use asas is there a good alternative to anyconnect or should we be using anyconnect anyconnect enforces policies that other clients may not (ex: split tunneling). the biggest thing is keeping it all up to date.
|
# ¿ Jul 11, 2017 18:49 |
|
the ASAs support multiple protocols so 3rd party clients can be used by design, so if its not a compliance requirement that you enforce certain things then don't worry about it. a bigger problem is that asa doesn't support anything beyond tls 1.0 afaik
|
# ¿ Jul 11, 2017 18:54 |
|
is it her job to know what to pick or is she IT by way of "oh, you know what a computer is, you deal w/ this." I like Sophos utms for small biz stuff. their pretty easy to use and manage and have a boatload of features.
|
# ¿ Jul 12, 2017 15:19 |
|
if Microsoft was saying oems cant ship with non-Microsoft software installed, even if its subpar and detrimental to the user like MacAfee or firefox, they'd get hit w/ some bullshit by the ftc so fuckin fast. w/ drivers Microsoft doesn't want to be responsible for updates cause who knows what kind of untested configurations are out there that are working fine on their oem release drivers but will break when given the latest stuff. not to mention, how much related software should they bundle w/ the driver?
|
# ¿ Jul 13, 2017 01:15 |
|
surebet posted:re: unaltered windows, there's a bunch of stuff on my precision that's not handled natively and requires dell spec drivers. just off the top of my head my quadro outright rejects stock nvidia drivers & ddp stuff i'm not sure i can even talk with my biometrics signature edition laptops are good like that and litterrally the same price as direct from the oem. its weird.
|
# ¿ Jul 13, 2017 04:56 |
|
yeah that ruled
|
# ¿ Jul 13, 2017 18:55 |
|
in ie/edge it would be updated the next time its used.
|
# ¿ Jul 17, 2017 19:53 |
|
Daman posted:so say someone recently got a job doing internal code security auditing. they're reviewing one feature, and their "Senior" coworker is meant to be reviewing another feature. they're adjacent on the org chart. they're probably just trying to do the bare minimum while other poo poo has to get done. if you want clarity, consult w/ ur legal department or review existing policies.
|
# ¿ Jul 18, 2017 15:09 |
|
Phone posted:i think win7 forces you to put in a password hint, so i think i set mine to "PASSWORD TIME!!!!!!!!!" my windows password hint is a space I think
|
# ¿ Jul 18, 2017 15:51 |
|
Mr SuperAwesome posted:becase i press ctrl + shift + esc unlike you chumps why would you bring up task manager when leaving ur comp?
|
# ¿ Jul 18, 2017 18:01 |
|
anyone who doesn't lock their comp @ work leaves themselves open to being hosed w/
|
# ¿ Jul 18, 2017 18:01 |
|
FAT32 SHAMER posted:standard course of action here is your background being changed to Hulk Hogan and if you do it again you get a screenshot of your desktop with shortcuts = off you should also rotate the display and rotate the desktop background to match
|
# ¿ Jul 18, 2017 18:06 |
|
Ciaphas posted:nevada dmv: hold my loving beer CMS also requires 8 characters, but they only allow alphanumeric characters. Thankfully I don't have to use their garbage systems anymore.
|
# ¿ Jul 20, 2017 22:40 |
|
cinci zoo sniper posted:https://security.gerhardt.link/RCE-in-Factorio/ don't care. factorio rules
|
# ¿ Jul 26, 2017 19:38 |
|
Trabisnikof posted:pretty great timeline considering game devs the factorio devs are constantly working on it and posting updates about changes and stuff. its pretty cool.
|
# ¿ Jul 27, 2017 00:20 |
|
fivehead posted:NYTimes: Wells Fargo Accidentally Releases Trove of Data on Wealthy Clients lol. how is it even possible to get that information out of their system?
|
# ¿ Jul 27, 2017 20:05 |
|
yuck
|
# ¿ Jul 27, 2017 20:24 |
|
Powerful Two-Hander posted:there is an EU law coming in called GDPR that includes right to be forgotten and stuff and it is going to gently caress. poo poo. up. because good luck finding which of your 100 old rear end hosed up document stores with 800Pb of data has my personal information in it when i vindictively pull that on you when i leave. "Our acceptable use policy does not allow for personal use of company resources, therefore any content related to you in our system is company property. "
|
# ¿ Jul 27, 2017 21:57 |
|
BangersInMyKnickers posted:I am a little concerned with reprisal as a customer. Not really sure the best way to prove the point without giving them a pcap from my house and then they would know at minimum what node segment I'm on. They're still the best ISP available w/ ISPs they probably wont go after you unless its a government backed entity. also getting a hold of a higher level tech would be the way to go cause they're in a position to understand what you're saying and not have a motive to shut you down.
|
# ¿ Aug 1, 2017 19:09 |
|
maskenfreiheit posted:If you think something is amiss, reporting to the FCC is a good call. It is my understanding that reprisal for reporting them to the FCC would be some sort of crime or tort. (Not a lawyer) if your FCC report isn't someone violating broadcast frequency/power they don't give a gently caress
|
# ¿ Aug 1, 2017 19:11 |
|
BangersInMyKnickers posted:Maybe I'll open a ticket under the guise of getting IPv6 setup and see if I can slip it in that I am seeing other people's traffic I think its more likely they'll just close it as "ipv6 not yet supported" or something to that effect. if you can find the number for the noc or something that would be the way to go.
|
# ¿ Aug 1, 2017 19:16 |
|
is it worth reporting spear phishing/wire fraud attempts to the feds?
|
# ¿ Aug 1, 2017 22:35 |
|
it would depend on whether or not the furry was non-white.
|
# ¿ Aug 2, 2017 21:36 |
|
BangersInMyKnickers posted:lmbo SEP to SEPM traffic appears to be straight HTTP on an alt port how the gently caress hasn't someone arp poisoned or intercepted on wifi to use this to compromise endpoints as root its probably checking signatures but also probably checking signatures in a way that's wrong and exploitable
|
# ¿ Aug 4, 2017 18:12 |
|
|
# ¿ May 18, 2024 02:40 |
|
oh I was thinking it was updates, but if the control traffic is unencrypted and unsigned then lol. it would be pretty easy to grab a trace and see what its sending and if its signed or not.
|
# ¿ Aug 4, 2017 18:34 |