|
that stinks of a misconfigured pulse vpn portal using the old network connect client
|
# ? Jun 12, 2019 15:02 |
|
|
# ? Apr 24, 2024 03:02 |
|
its actually array networks https://ouvpn-us.oracle.com
|
# ? Jun 12, 2019 15:08 |
|
lol gross
|
# ? Jun 12, 2019 15:42 |
|
i just wish that either we could use a version of kronos that doesnt require java or hr would go back to doing their job so we dont need to use kronos
|
# ? Jun 12, 2019 15:43 |
|
my employer uses kronos and it doesn't integrate at all with our industry-specific groupware/ERP vendor so i have to manually enter my weekly time tracking in like 3 and a half different places. one of them is a Word doc where i put different client names all right next to each other, totally not a privacy issue at all (jk it probably is)
|
# ? Jun 12, 2019 15:54 |
|
Looks like we got another gently caress up fellas. LOL (USER WAS PUT ON PROBATION FOR THIS POST)
|
# ? Jun 12, 2019 16:04 |
|
duz posted:i just wish that either we could use a version of kronos that doesnt require java or hr would go back to doing their job so we dont need to use kronos Specifically Java 1.7u9? 'cause my employer thinks that will work fine, forever.
|
# ? Jun 12, 2019 16:10 |
|
as per usual, a lot of non-technical people are mad that taviso dropped it at the 90-day deadline https://twitter.com/taosecurity/status/1138490944347619329
|
# ? Jun 12, 2019 16:24 |
|
qa delays from the company that fired practically all their qa people? lets give them the benefit of the doubt here
|
# ? Jun 12, 2019 16:26 |
|
people: we want microsoft to be more responsive to security issues also people: we want microsoft to stop blowing up our machines with half-baked updates microsoft:
|
# ? Jun 12, 2019 16:27 |
|
BangersInMyKnickers posted:qa delays from the company that fired practically all their qa people? lets give them the benefit of the doubt here well yeah they're not the microsoft of 1999 anymore they're the microsoft of 2019 and they don't write bugs into the software anymore so they don't need qa
|
# ? Jun 12, 2019 16:27 |
|
qa is just a subset of development, right? we already pay developers, so why would we pay for qa?
|
# ? Jun 12, 2019 16:29 |
|
beta tested in the future
|
# ? Jun 12, 2019 16:54 |
|
have i been pwned is up for sale https://www.troyhunt.com/project-svalbard-the-future-of-have-i-been-pwned/
|
# ? Jun 12, 2019 16:55 |
|
Who needs a qa department when you have github?
|
# ? Jun 12, 2019 17:05 |
|
I honestly don't get how companies don't have any email from taviso immediately go to every important security person plus maybe their phone system to ring a few SIP enabled klaxons
|
# ? Jun 12, 2019 17:09 |
|
cybrancyborg posted:Specifically Java 1.7u9? 'cause my employer thinks that will work fine, forever. probably, i know i have to keep acknowledging that it is insecure for it to display anything
|
# ? Jun 12, 2019 17:11 |
|
Lain Iwakura posted:as per usual, a lot of non-technical people are mad that taviso dropped it at the 90-day deadline
|
# ? Jun 12, 2019 17:27 |
|
Diva Cupcake posted:should we really be considering Bejtlich non-technical? in this case, yes
|
# ? Jun 12, 2019 17:28 |
|
how does troy hunt not want to make a larger security company out of pwned? does he just not want to raise capital himself? He's sitting on one of the most universally beloved security tools of the decade and doesn't want to build a company out of it himself?
|
# ? Jun 12, 2019 18:42 |
|
lots of great cooks would make lovely restauranteurs
|
# ? Jun 12, 2019 18:44 |
|
Potato Salad posted:how does troy hunt not want to make a larger security company out of pwned? does he just not want to raise capital himself? Doesn't he have an actual day job and a young family? The way the site has exploded these last few years I can imagine he's entering burn-out territory.
|
# ? Jun 12, 2019 18:47 |
Potato Salad posted:how does troy hunt not want to make a larger security company out of pwned? does he just not want to raise capital himself? He answered that question in the blog post. He wants to actually be able to take time off, not have to worry about growing a business with VC funding or anything right now.
|
|
# ? Jun 12, 2019 18:47 |
|
Potato Salad posted:how does troy hunt not want to make a larger security company out of pwned? does he just not want to raise capital himself? he's working with kpmg's m&a group and promises to stay with the company after its sold. so basically he's skipping all those steps and going straight to the payout/aquihire stage
|
# ? Jun 12, 2019 18:49 |
|
Potato Salad posted:how does troy hunt not want to make a larger security company out of pwned? does he just not want to raise capital himself? getting out now is a bit late tbh, and i seriously question how universally beloved it is. it's a good pr tool at most
|
# ? Jun 12, 2019 18:49 |
|
infernal machines posted:i don't know how that guy isn't waking up with a horse's head in his bed every day what and turn down all that free horse meat?
|
# ? Jun 12, 2019 18:57 |
|
it's me, im the sec fuckup that clicked the obvious One Drive phishing link from a clearly compromised client (i did not give credentials but lol if I didn't blindly click those links). I should just not use the internet when I'm tired. or at all.
|
# ? Jun 12, 2019 19:58 |
|
Perplx posted:they are up to java 12 but only java 8 will work in a browser (IE 11 is the only java capable browser now) don’t worry I’m sure someone is working on a java applet interpreter in wasm or something
|
# ? Jun 12, 2019 20:16 |
|
Ur Getting Fatter posted:it's me, im the sec fuckup that clicked the obvious One Drive phishing link from a clearly compromised client (i did not give credentials but lol if I didn't blindly click those links). I really wish microsoft could figure out how to effectively filter those because they explicitly target o365 domains and it's a huge pain in the dick explaining to clients why they can't actually trust shared document links sent from people they know irl because there's a good chance it's one of these
|
# ? Jun 12, 2019 20:52 |
|
lmao. literally just had a client in o365 almost certainly hit by one of these. whoever got their credentials used it to organize a wire transfer for like fml e: n/m they flagged it and it didn't go through, well good new there i guess e2: they flagged it as suspicious, then the account manager violated policy and processed the transaction anyway. lmao. someone is getting hosed for this. infernal machines fucked around with this message at 23:12 on Jun 12, 2019 |
# ? Jun 12, 2019 21:23 |
|
Wiggly Wayne DDS posted:he's sitting on a trove of questionably sourced dumps with public access and an expectation for it to forever expand and let's ignore the legal pitfalls with a global userbase the "questionably sourced dumps" part combined with massive burn out is why i got out of this
|
# ? Jun 12, 2019 21:35 |
|
BangersInMyKnickers posted:qa delays from the company that fired practically all their qa people? lets give them the benefit of the doubt here
|
# ? Jun 12, 2019 22:00 |
|
Truga posted:https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md quote:Also, the PoC uses terminal escape sequences to hide the modeline when the content is printed with cat. (cat -v reveals the actual content.) Is this default behaviour of cat useful for anything other than tricking people?
|
# ? Jun 12, 2019 23:07 |
|
jfc Microsoft 90 days is enough to develop a patch, test it, and deploy. Devs should be starting work on day 1 on an e-mail from taviso. It's not asking for an entire service pack, it's to fix a bug or two. Get your poo poo together.
|
# ? Jun 12, 2019 23:32 |
|
otoh the bug is in every secure channel thing in every version of windows, so wherever it's located it's exposed to a lot of stuff. possibly stuff that breaks in exciting ways if some specific stupid behaviour changes
|
# ? Jun 12, 2019 23:40 |
|
okay alternative scenario: this is being actively exploited in the wild. can you solve it in 90 days?
|
# ? Jun 12, 2019 23:45 |
|
Kazinsal posted:I honestly don't get how companies don't have any email from taviso immediately go to every important security person plus maybe their phone system to ring a few SIP enabled klaxons I wonder how to do that in gsuite.
|
# ? Jun 13, 2019 01:02 |
|
Subjunctive posted:I wonder how to do that in gsuite. Sorry, the klaxons were deprecated
|
# ? Jun 13, 2019 02:52 |
|
Subjunctive posted:I wonder how to do that in gsuite. i think it goes something like this https://www.youtube.com/watch?v=BpsMkLaEiOY
|
# ? Jun 13, 2019 02:54 |
|
|
# ? Apr 24, 2024 03:02 |
|
to be fair I don't think the button on any smoke detector ive ever owned actually silences the loving thing
|
# ? Jun 13, 2019 06:51 |