|
CVE-2019-5490 Default Privileged Account Vulnerability in the NetApp Service Processor
|
#
?
Mar 6, 2019 01:08
|
|
|
|
| # ? Apr 19, 2024 06:25 |
|
|
Ghidra is out now: https://ghidra-sre.org/ https://twitter.com/RGB_Lights/status/1103019876203978752
|
|
#
?
Mar 6, 2019 02:15
|
|
|
Thanks Ants posted:CVE-2019-5490 Default Privileged Account Vulnerability in the NetApp Service Processor
|
|
#
?
Mar 6, 2019 14:18
|
|
|
evil_bunnY posted:WHAT YEAR IS THIS September 2017
|
|
#
?
Mar 6, 2019 14:20
|
|
|
Ah, endless September
|
|
#
?
Mar 6, 2019 15:54
|
|
|
Thanks Ants posted:CVE-2019-5490 Default Privileged Account Vulnerability in the NetApp Service Processor My NetApp guy when I forward him the notice "I'm looking into this, but we changed default passwords when we set it up" 
|
|
#
?
Mar 6, 2019 16:02
|
|
|
Cup Runneth Over posted:September 2017 The Fool posted:Ah, endless September
|
|
#
?
Mar 6, 2019 17:16
|
|
|
Is there a preferred free Windows VPN option in this thread? I just need it for one day to access The Division 2 (game) via Australia or New Zealand.
|
|
#
?
Mar 10, 2019 17:10
|
|
|
If the VPN is free, you're the product, and malware is the best case scenario. Don't do it.
|
|
#
?
Mar 10, 2019 17:27
|
|
|
Volmarias posted:If the VPN is free, you're the product, and malware is the best case scenario. Don't do it. It looks like some use a free version to upsell the paid version? https://www.pcmag.com/roundup/285788/the-best-free-vpn-services
|
|
#
?
Mar 10, 2019 17:30
|
|
|
Set up Algo using GCP in Australia. GCP has a $300 free trial.
|
|
#
?
Mar 10, 2019 18:20
|
|
|
Mustache Ride posted:Set up Algo using GCP in Australia. GCP has a $300 free trial. Australia? Didn't they pass a law mandating lower privacy and/or encryption standards?
|
|
#
?
Mar 10, 2019 19:13
|
|
|
Yes, but I don't know how they could enforce it, especially if he's using it for a few days
|
|
#
?
Mar 10, 2019 20:54
|
|
|
pmchem posted:Is there a preferred free Windows VPN option in this thread? I just need it for one day to access The Division 2 (game) via Australia or New Zealand. My preferred VPN service is Mullvad, for a lot of reasons. Looks like they have a few nodes in Australia and one in New Zealand. The way their free trial thing works is that you can create an account number anonymously on the website, and it'll work free for three hours, then stop unless you've bought more time. If you're really hard up, there's nothing stopping you from making a new account every few hours, but come on, it's five whole euros to add a month of time. Absurd Alhazred posted:Australia? Didn't they pass a law mandating lower privacy and/or encryption standards? That law, while terrible, is vague as hell and has yet to be tested in court, as far as I've heard. It also doesn't require anything of individuals, saying only that the government can now order tech companies to essentially do the impossible. It won't have any effect on someone VPNing through to play a video game.
|
|
#
?
Mar 10, 2019 21:45
|
|
|
There's been another dozy... In an alert from haveibeenpwned: Breach: Verifications.io Date of breach: 25 Feb 2019 Number of accounts: 763,117,241 Compromised data: Dates of birth, Email addresses, Employers, Genders, Geographic locations, IP addresses, Job titles, Names, Phone numbers, Physical addresses Description: In February 2019, the email address validation service verifications.io suffered a data breach. Discovered by Bob Diachenko and Vinny Troia, the breach was due to the data being stored in a MongoDB instance left publicly facing without a password and resulted in 763 million unique email addresses being exposed. Many records within the data also included additional personal attributes such as names, phone numbers, IP addresses, dates of birth and genders. No passwords were included in the data. The Verifications.io website went offline during the disclosure process, although an archived copy remains viewable.
|
|
#
?
Mar 11, 2019 10:02
|
|
|
Powered Descent posted:My preferred VPN service is Mullvad, for a lot of reasons. Looks like they have a few nodes in Australia and one in New Zealand. The way their free trial thing works is that you can create an account number anonymously on the website, and it'll work free for three hours, then stop unless you've bought more time. If you're really hard up, there's nothing stopping you from making a new account every few hours, but come on, it's five whole euros to add a month of time. Well you can ignore this because I figured out it's just my Windows firewall botching the works up. Things are working now. DaveKap fucked around with this message at 10:23 on Mar 11, 2019 |
|
#
?
Mar 11, 2019 10:19
|
|
|
Pablo Bluth posted:There's been another dozy... In an alert from haveibeenpwned: No passwords in that one, so you just have to change your DoB, email, employer, gender, location, ip address, job title, name, phone number, and physical address. Easy!
|
|
#
?
Mar 11, 2019 10:26
|
|
|
Rexxed posted:No passwords in that one, so you just have to change your [...] gender Finally, the excuse I've been looking for
|
|
#
?
Mar 11, 2019 13:13
|
|
|
Cup Runneth Over posted:Finally, the excuse I've been looking for did you really need one tho?
|
|
#
?
Mar 11, 2019 14:34
|
|
|
Gender is a mistake
|
|
#
?
Mar 11, 2019 14:41
|
|
|
I feel like some people need a restraining order from Javascript https://twitter.com/fs0c131y/status/1105260936305274880
|
|
#
?
Mar 13, 2019 04:47
|
|
|
Sounds like Super Meat Boy again, kinda.
|
|
#
?
Mar 13, 2019 06:12
|
|
|
Cup Runneth Over posted:I feel like some people need a restraining order from Javascript https://twitter.com/fs0c131y/status/1105260936305274880 I'm going to be employed forever.
|
|
#
?
Mar 13, 2019 06:54
|
|
|
CLAM DOWN posted:I'm going to be employed forever. Hell yeah. 
|
|
#
?
Mar 13, 2019 09:06
|
|
|
Cup Runneth Over posted:I feel like some people need a restraining order from FTFY
|
|
#
?
Mar 13, 2019 11:45
|
|
|
CLAM DOWN posted:I'm going to be employed forever. How long before every IDE has a 'sanitize code' button that's mandatory during the compile phase that does nothing but look for anything like a credential and pitches a shitfit about it? "ATTN: IDIOT: It appears you left admin credentials in your code, this TRIVIALLY RECOVERABLE, and you really should make sure this won't see the light of day, much less an app store, thanks!
|
|
#
?
Mar 13, 2019 11:45
|
|
|
SonarQube and other tools do that already. The kind of people that do this sort of thing doesn't use these tools.
|
|
#
?
Mar 13, 2019 15:17
|
|
|
MS have a tool as well https://secdevtools.azurewebsites.net/helpcredscan.html
|
|
#
?
Mar 13, 2019 15:17
|
|
|
Good write-up on TPM sniffing. Or why pre-boot auth PINs are necessary with BitLocker. https://pulsesecurity.co.nz/articles/TPM-sniffing
|
|
#
?
Mar 13, 2019 16:13
|
|
|
63red Safe guy posted:We see this person's illegal and failed attempts to access our database servers as a politically motivated attack, and will be reporting it to the FBI later today. We hope that, just as in the case of many other politically motivated Internet attacks, this perpetrator will be brought to justice, and we will pursue this matter, and all other attacks, failed or otherwise, to the utmost extent of the law. We log all activity against all our servers, and will present those logs as evidence of a crime. Aaaand there's the usual "I don't understand security" meltdown from Mr. I Hardcoded My Server Credentials In Javascript.
|
|
#
?
Mar 13, 2019 20:58
|
|
|
That quote reminds me of when the local uni caught some people using a usb keylogger, and the FBI found out about it through a message broadcast on the uni's alert system. I'm almost certain most orgs are required to report breaches anyways, so why not get the help right away? Should pull himself up by his own bootstrap.js imo
|
|
#
?
Mar 13, 2019 21:25
|
|
|
Powered Descent posted:My preferred VPN service is Mullvad, for a lot of reasons. Looks like they have a few nodes in Australia and one in New Zealand. The way their free trial thing works is that you can create an account number anonymously on the website, and it'll work free for three hours, then stop unless you've bought more time. If you're really hard up, there's nothing stopping you from making a new account every few hours, but come on, it's five whole euros to add a month of time. 5eyes secfuck "Hasn't been tried in court" friend, they've been compelling companies/employees to decrypt data or build in vulnerabilities for ages. That they've passed legislation permitting them to do so in broad daylight only changes one thing. Australia can now use surveillance information to steer decryption warrants to gather properly-gathered evidence for use in public court, and Australian citizens can't refuse.
|
|
#
?
Mar 13, 2019 21:25
|
|
|
Methylethylaldehyde posted:How long before every IDE has a 'sanitize code' button that's mandatory during the compile phase that does nothing but look for anything like a credential and pitches a shitfit about it? A co-worker of mine accidentally checked in a file with credentials in it (fortunately nothing serious, just a Slack token so it could post notices to a channel) to our public repo, and some automated system at GitHub actually saw it and notified us by the next morning. Pretty neat, actually.
|
|
#
?
Mar 13, 2019 22:17
|
|
|
Powered Descent posted:A co-worker of mine accidentally checked in a file with credentials in it (fortunately nothing serious, just a Slack token so it could post notices to a channel) to our public repo, and some automated system at GitHub actually saw it and notified us by the next morning. Pretty neat, actually.
|
|
#
?
Mar 13, 2019 23:01
|
|
|
D. Ebdrup posted:Think about how many people commited much worse than that to their public repos, for GitHub to implement that. Then shake your head in disgust. I've had to quickly figure out how to delete a commit that had passwords in it once or twice. Hope the notification tells people how to do that lol
|
|
#
?
Mar 13, 2019 23:09
|
|
|
I've typed domain and enterprise admin passwords in username fields before. Never uploaded one to a public repo though.... not yet.
|
|
#
?
Mar 14, 2019 15:01
|
|
|
ChubbyThePhat posted:I've typed domain and enterprise admin passwords in username fields before.
|
|
#
?
Mar 14, 2019 17:38
|
|
|
Every once in a while I'll do the ol:code:
|
|
#
?
Mar 14, 2019 19:13
|
|
|
dougdrums posted:
Wow, I didn't know SA automatically hid your password like that if you typed it in a post
|
|
#
?
Mar 14, 2019 21:04
|
|
|
|
| # ? Apr 19, 2024 06:25 |
|
|
Cup Runneth Over posted:Wow, I didn't know SA automatically hid your password like that if you typed it in a post
|
|
#
?
Mar 14, 2019 21:08
|
|