|
CommieGIR posted:Lmao, its too much to expect justice but its gonna be hilarious watching Dominion wring Murdoch and Kushner for cash after all the attack ads they pulled on them. I'll believe it when I see it. Not saying that they aren't guilty as all hell, just that poo poo's collectively hosed and I am captain pessimist at this point
|
#
?
Feb 28, 2023 05:12
|
|
|
|
| # ? Apr 30, 2024 13:40 |
|
|
Eej posted:Like if "dickgirl" became a slur somehow. It kind of already is. You'd get reamed (and not in the good way) using it outside of online porn communities.
|
|
#
?
Feb 28, 2023 05:25
|
|
Milo and POTUS posted:I'll believe it when I see it. Not saying that they aren't guilty as all hell, just that poo poo's collectively hosed and I am captain pessimist at this point
|
|
|
#
?
Feb 28, 2023 11:36
|
|
|
I know I'm late to Israel chat, but it's kinda wild to me that they sort of have a pretty well-documented history of God slamming their dicks in a a drawer if they start acting silly, yet here we are again.
|
|
#
?
Feb 28, 2023 14:45
|
|
|
Mr. Bad Guy posted:I know I'm late to Israel chat, but it's kinda wild to me that they sort of have a pretty well-documented history of God slamming their dicks in a a drawer if they start acting silly, yet here we are again. Then again, their history of being very much in God's favor by genociding the gently caress out of everyone around them is equally well documented. Almost as if the takeaway of a religion that is explicitly a 4000 year long history lesson is discernment rather than a continuing exercise in buffet-style justification. e: it's more like a 500 year long conversation about 4000 years of history where none of the authors can agree on what it all means joat mon fucked around with this message at 15:47 on Feb 28, 2023 |
|
#
?
Feb 28, 2023 15:23
|
|
|
Its a history for sure https://www.youtube.com/watch?v=-evIyrrjTTY
|
|
#
?
Feb 28, 2023 15:32
|
|
|
More current events, cross posted from the InfoSec thread:bull3964 posted:https://arstechnica.com/information-technology/2023/02/lastpass-hackers-infected-employees-home-computer-and-stole-corporate-vault/ The TL;DR is LastPass got totally owned as did all of their cloud data, including customer data. If you haven't switched, it's well past time to as well as change all of your stored passwords. Also from infosec: Dandywalken posted:Whats the recommended alternative to Lastpass for personal passwords? Or are there multiple options? Klyith posted:1Password if you can afford $3 per month and want to be done with this poo poo forever.
|
|
#
?
Feb 28, 2023 15:39
|
|
|
a sticky note if you want it to be actually secure Keepass is the better one as its not cloud connected, but its still software and thus suspect
|
|
#
?
Feb 28, 2023 15:41
|
|
|
Yup. Keepass and Syncthings across all your devices.
|
|
#
?
Feb 28, 2023 15:48
|
|
|
Can you post the link to the INFOSEC thread? I thought that I had it bookmarked. I don't really stray from GiP.
|
|
#
?
Feb 28, 2023 15:50
|
|
|
M_Gargantua posted:a sticky note if you want it to be actually secure I use KeePass and it's super useful. And though it could still be compromised by a determined person, it's better than LastPass and easier than having to remember X number of passwords or having sticky notes cover your entire office/home (not advisable if you have pets or kids!). tacopie posted:Can you post the link to the INFOSEC thread? I thought that I had it bookmarked. I don't really stray from GiP. https://forums.somethingawful.com/showthread.php?threadid=3750534
|
|
#
?
Feb 28, 2023 15:52
|
|
|
Secure depends on your threat model. Most of us really only need to worry about phishing and password guessing or reuse attacks. 1pass + MFA is fine for most people. Use the 1pass app to generate random passwords and just copy/paste. Don't resuse passwords and change your password if the place you have that account experiences a data breach. You can use https://haveibeenpwned.com/ to see which of your accounts have appeared in data dumps. Protect 1pass with MFA and enable MFA on as many places as support it. 1pass also supports group vaults which is nice if you and your partner want to share access credentials for things like utility accounts but keep the rest of your passwords separate. SMS based MFA is not nearly as secure as it used to be but better than nothing. App based MFA through something like Authy is stronger and hardware token MFA using a Yubikey is strongest. The latter two might not be supported by everything you'd want, like your banks. Using stronger MFA also imposes a risk if you lose your phone or token, so have a backup plan in place for that contingency. Do use app based or hardware based MFA for your passwords vault though. If you are likely to be personally targeted SMS isn't as useful because SIMswaping is way too easy. This is only a problem if you have a position of privileged access for an organization someone is targeting, if you are in a position of high profile and risk as a journalist or streamer, or if you have a bunch of cryptocurrency and ape jpgs. Also if you're in the last category go gently caress yourself and rethink your life choices. If your threat model includes nation state actors ask your SSO for counterintelligence training. Otherwise you're already hacked, have fun. CommieGIR posted:Yup. Keepass and Syncthings across all your devices. This will certainly work but 1pass + Authy is likely secure enough for most users who want minimum computer janitoring.
|
|
#
?
Feb 28, 2023 16:03
|
|
|
Soylent Pudding posted:This will certainly work but 1pass + Authy is likely secure enough for most users who want minimum computer janitoring. True, and I use Authy for my MFA. But I'm quite happy with Keepass. The joy of working in Security.
|
|
#
?
Feb 28, 2023 16:09
|
|
|
CommieGIR posted:True, and I use Authy for my MFA. But I'm quite happy with Keepass. I've used KeePass before and really liked it. I just feel like the average person is fine using a service like 1password that handles most of the backup concerns for them. I'm also ADHD. I'm willing to take the risk of relying on 1password for backups rather than take the risk I'll forget to check if my backups are working for six months and then find out too late that they weren't. CommieGIR posted:The joy of working in Security. This is an oxymoron because there is no joy working in infosec, just suffering.
|
|
#
?
Feb 28, 2023 16:19
|
|
|
Soylent Pudding posted:This is an oxymoron because there is no joy working in infosec, just suffering. 15 years of doing it, and I take a special delight in it, but I also work mostly consulting for Incident Response and Disaster Recovery with some Red Teaming, so I particularly like my job.
|
|
#
?
Feb 28, 2023 16:20
|
|
|
CommieGIR posted:15 years of doing it, and I take a special delight in it, but I also work mostly consulting for Incident Response and Disaster Recovery with some Red Teaming, so I particularly like my job. Impressive. I'm a relative newbie with not quite 5 years DFIR experience after I failed at being a lawyer. I also get to do some purple teaming which is also very fun. I'm a civilian but given the place I work I tend to cross paths with military cyber protection teams on the regular. Lurking GiP for a decade now has been excellent cultural acclimation.
|
|
#
?
Feb 28, 2023 16:29
|
|
|
Soylent Pudding posted:Impressive. I'm a relative newbie with not quite 5 years DFIR experience after I failed at being a lawyer. I also get to do some purple teaming which is also very fun. Yeah don't get me wrong, the field has a high burnout rate and I've watched a lot of people come and go. Thankfully my secret for surviving has been: Be clear that outside of advising and providing solutions, I don't care because the client rarely does. Assume your advice will go unacted upon. Just enjoy the flow. Its all a disaster and you are just a observer half the time watching the train wreck.
|
|
#
?
Feb 28, 2023 16:31
|
|
|
How far out are we from banks adopting proper MFA?
|
|
#
?
Feb 28, 2023 16:55
|
|
|
Cugel the Clever posted:How far out are we from banks adopting proper MFA? If by MFA you mean codes over an auth app, it's mandatory already in EU under the PSD2 directive. If you mean FIDO2 over a physical or virtual key, we might as well hope for peace in the middle east.
|
|
#
?
Feb 28, 2023 17:18
|
|
|
Cugel the Clever posted:How far out are we from banks adopting proper MFA? ITs gonna be a while or require government regulation to really get it to stick.
|
|
#
?
Feb 28, 2023 17:53
|
|
|
Soylent Pudding posted:If your threat model includes nation state actors ask your SSO for counterintelligence training. Otherwise you're already hacked, have fun. Twice now I think? Maybe more. How many times was OPM breached? I stopped caring at some point. China knows more about me than I do at this point.
|
|
#
?
Feb 28, 2023 18:29
|
|
|
Thanks for reminding me I really need to prune my Keepass database. I have, for example, "<online bank>", "<online bank> temporary", and "<online bank> use me" in there. Its a fuckin mess.
|
|
#
?
Feb 28, 2023 18:37
|
|
|
"China hits out as US bans TikTok on federal devices" https://www.bbc.com/news/world-asia-china-64795548 yeah..... that's not suspicious
|
|
#
?
Feb 28, 2023 19:33
|
|
|
Why the blue gently caress would you have TikTok on a work device anyway?
|
|
#
?
Feb 28, 2023 19:35
|
|
|
Comrade Blyatlov posted:"China hits out as US bans TikTok on federal devices" That is just them confirming that it is a spy app, right?
|
|
#
?
Feb 28, 2023 19:35
|
|
|
MrYenko posted:Why the blue gently caress would you have TikTok on a work device anyway? So I can see that bussy pop
|
|
#
?
Feb 28, 2023 19:42
|
|
|
MrYenko posted:Why the blue gently caress would you have TikTok on a work device anyway? Seriously. My work phone is so locked down I can't even save attachments from my work email to the phone, I'm pretty sure an IT QRF would black bag me if I even brought up TikTok in the app store.
|
|
#
?
Feb 28, 2023 19:44
|
|
|
MrYenko posted:Why the blue gently caress would you have TikTok on a work device anyway? so you can confirm the belief that the weakest part of any system is the human using it?
|
|
#
?
Feb 28, 2023 19:49
|
|
|
MrYenko posted:Why the blue gently caress would you have TikTok on a work device anyway? No idea. I didn’t even know it was possible to install random apps on a corporate-managed phone. I just use mine for work stuff. I also found out recently that IT goons love connecting gaming devices to their company’s internal network so lmao what even is the point of security
|
|
#
?
Feb 28, 2023 19:51
|
|
|
https://twitter.com/stevenmazie/status/1630640185175097360?s=46&t=4BW0n8LBBuC8tM2nwPJuAg
|
|
#
?
Feb 28, 2023 19:55
|
|
|
MrYenko posted:Why the blue gently caress would you have TikTok on a work device anyway? You're a recruiter posting thirst traps to convince dumb 18 year olds to give their bussy up to Uncle Sam?
|
|
#
?
Feb 28, 2023 19:56
|
|
|
Tiny Timbs posted:I also found out recently that IT goons love connecting gaming devices to their company’s internal network so lmao what even is the point of security Well is the sever down? Did you make a ticket yet and have you rebooted?
|
|
#
?
Feb 28, 2023 19:58
|
|
|
Can confirm there is at least one xbox connected in my office. I work in a university IT department though, I don't know why you'd be able to do this at a real job. I used to have Steam and a bunch of poo poo on my work computer, sadly we're now required to be HIPAA compliant so I can only get paid to gently caress around in browser based apps now
|
|
#
?
Feb 28, 2023 19:58
|
|
|
mlmp08 posted:https://twitter.com/stevenmazie/status/1630640185175097360?s=46&t=4BW0n8LBBuC8tM2nwPJuAg Would the payment cap part of the plan still survive?
|
|
#
?
Feb 28, 2023 20:16
|
|
|
CommieGIR posted:Yeah don't get me wrong, the field has a high burnout rate and I've watched a lot of people come and go. I opted to leave IR for a major media company and go into BigLaw and supporting them. Advantage - they move slow so there’s no feeling of always catching up to the latest idiot. Disadvantage - they move slow so moving to the cloud has taken 5 years and we just got our toes wet with some SaaS and mail systems in a public cloud. Oh and lol at promoting from within. gently caress it I’m pivoting to CloudSec Architecture and Cloud DFIR.
|
|
#
?
Feb 28, 2023 21:02
|
|
|
McNally posted:Would the payment cap part of the plan still survive? I'm generally not a doomer on most things, but trying to analyze what the supreme court will do in this situation is sucker poo poo. Gorsuch/Alito's main arguments for throwing out the whole policy is basically BUUUUTTTTT IT'S NOT FAAAAAAAIR to people that already paid off their loans. When that's the Supreme Court's analysis of what "standing" is, it's all calvinball that's not worth the speculation until the decisions come down. They can throw out whatever five chudges decide to throw out. https://twitter.com/The_Law_Boy/status/1630648110270521355?t=NRHHW8Lo6JJOf0hc2PHWpA&s=19 So theoretically sure - payment caps shouldn't have anything to do with this whole deal. But theoretically, I am a sentient ham sandwich so I can be indicted for RICO. facialimpediment fucked around with this message at 21:07 on Feb 28, 2023 |
|
#
?
Feb 28, 2023 21:03
|
|
|
Every single last aspect of the court system has become culture war battleground. Even the scheduling of the SCOTUS is being hosed with to attack the enemy. Something Trump/Fox didn't like? That's when we found out what the Rocket Docket was. Some rear end in a top hat judge in Shitsplat, Texas decides foreign policy is now the realm of the courts and the president has to do what he says? Golly gee guess we just won't get around to that this term weird oh well guess it stays in effect until we manage to find time in our schedule to decide on separation of powers issues.
|
|
#
?
Feb 28, 2023 21:15
|
|
|
doesn't matter who wins the game if the refs are bought off
|
|
#
?
Feb 28, 2023 21:59
|
|
|
SlowBloke posted:If by MFA you mean codes over an auth app, it's mandatory already in EU under the PSD2 directive. If you mean FIDO2 over a physical or virtual key, we might as well hope for peace in the middle east. the average bank customer will throw a poo poo fit if you tried to make them keep track of a physical token and there’s less than zero incentive for the banks to push it
|
|
#
?
Feb 28, 2023 22:05
|
|
|
|
| # ? Apr 30, 2024 13:40 |
|
|
I certainly don’t want to have a different hardware token for each account. I already have three.
|
|
#
?
Feb 28, 2023 22:06
|
|