|
reading a few of those posts tho the people don’t seem so smart about using computers and at least one I found ended up being someone being reminded they had logged in once upon a time with their own apple id not gonna put anything past tim, tho!
|
# ? Nov 11, 2019 00:20 |
|
|
# ? Apr 27, 2024 21:07 |
|
yeah I mean on the one hand software is garbage on the other hand idiots REALLY want to share apple IDs. like it is their favourite thing
|
# ? Nov 11, 2019 00:37 |
|
it’s pretty understandable that regular people might not understand how the keychain model works tho. it’s not the most intuitive.
|
# ? Nov 11, 2019 00:43 |
|
infernal machines posted:i wonder if this is related to their wifi password sharing mechanism, just you know, all of the keychain rather than that specific subset gently caress that stupid mechanism
|
# ? Nov 11, 2019 01:16 |
|
The wifi password sharing thing is a good feature in theory but for how many people do you have their apple ID email address stored to their contact card?
|
# ? Nov 11, 2019 02:59 |
|
~Coxy posted:The wifi password sharing thing is a good feature in theory but for how many people do you have their apple ID email address stored to their contact card? i think it works for numbers attached to apple ids as well since we were a signing into a new corporate wifi network at work and my phone offered to share the password to my coworker and all i have is his phone and work details
|
# ? Nov 11, 2019 07:14 |
|
huh; I've only ever had it work once in my life so I assumed that was the limitation. (I guess it's even more mundane than that and the answer is it just doesn't work all that well.)
|
# ? Nov 11, 2019 07:17 |
|
toiletbrush posted:My project at my last job got audited twice. i have had auditors do an actual code review twice, the first one flagged legit stuff which I respect and we fixed. the second said "oh, this is more complicated than I thought it would be" and we never heard anything again.
|
# ? Nov 11, 2019 10:17 |
|
Powerful Two-Hander posted:... lmao
|
# ? Nov 11, 2019 10:30 |
|
Powerful Two-Hander posted:serious question: how do people handle account password changes for services or process that depend on the account for access to resources? Chiming in to support GMSA's for Windows services, they're a very tidy solution and also are very easy to audit if your service supports them. If you've got cyberark, thycotic, or PMP they generally have services that are installed on the server to manage service account passwords and even restart services/IIS processes after a password change if needed, so no typing passwords etc, just give the service access and pray it doesn't get compromised. These tools are usually very good at producing audit reporting that auditors like (like who has access to certain account passwords stored in the vault, logs of authorizations to access them, and scripts to change them, etc). Look into Azure Key Vault for credentials for your cloudy services if you run Az; scripts can consume credentials, private keys, etc without actually exposing them directly. They also produce lots of reporting with respect to key changes and who has access to creds, logs of accesses, etc.
|
# ? Nov 11, 2019 13:33 |
|
Powerful Two-Hander posted:the second said "oh, this is more complicated than I thought it would be" and we never heard anything again. Doing my code reviews I see.
|
# ? Nov 11, 2019 14:52 |
Volmarias posted:Doing my code reviews I see. watch out, we have a 10x coder over here
|
|
# ? Nov 11, 2019 15:53 |
|
*smugly* yeah it’s written in brainfuck
|
# ? Nov 11, 2019 15:54 |
|
I never said the code was any good.
|
# ? Nov 11, 2019 16:14 |
|
gMSAs are bang on the solution we need for this, I look forward to nothing happening to implement this just like the last few times I've submitted tangible improvements that would actually fix security issues as opposed to just writing "we are secure" on a piece of paper which is the current approachVolmarias posted:I never said the code was any good. woah where did you get my response to the reviews of my code? j/k nobody reviews my code Powerful Two-Hander fucked around with this message at 18:12 on Nov 11, 2019 |
# ? Nov 11, 2019 18:10 |
|
Powerful Two-Hander posted:
same
|
# ? Nov 11, 2019 19:02 |
|
A+++ would compile again.
|
# ? Nov 11, 2019 19:54 |
|
mystes posted:A+++ would compile again.
|
# ? Nov 11, 2019 20:41 |
|
Jowj posted:same i don't even have another coworker that can even read code let alone help me write it or review it
|
# ? Nov 11, 2019 21:05 |
|
mystes posted:C+++ would compile again.
|
# ? Nov 11, 2019 21:34 |
|
Captain Foo posted:C+++ would compile again.
|
# ? Nov 11, 2019 21:42 |
|
My code reviews regularly have nitpicky bullshit that makes absolutely no difference and have things denied because 'ehh idk just not feeling it' or 'this isn't exactly how I would have done it'
|
# ? Nov 11, 2019 22:54 |
|
I'm the fuckup. I just deleted a terraform statefile that I needed and now I need to go through and manually find and delete like 80 resources.
|
# ? Nov 12, 2019 01:28 |
|
Methanar posted:I'm the fuckup. I just deleted a terraform statefile that I needed and now I need to go through and manually find and delete like 80 resources. Terraform is really good because you can instantly delete or corrupt days worth of work
|
# ? Nov 12, 2019 04:04 |
|
abigserve posted:Terraform is really good because you can instantly delete or corrupt days worth of work Yeah its great I have some general support terraform that creates the s3 bucket that holds the remote statefiles of other relevant projects and our naming is hosed so I actually did the initial support terraform stuff wrong which cascaded down into several naming conventions being incorrect. okay so I'll redo the support terraform because that's first and then the sub project terraform oh woops I can't destroy the sub project terraform because I already destroyed the bucket holding the state lol
|
# ? Nov 12, 2019 04:13 |
|
abigserve posted:Terraform is really good because you can instantly delete or corrupt days worth of work According to myth, cryptolocker can destroy in six days. Now watch out! Here comes Terraform, we'll do it for ya in six minutes.
|
# ? Nov 12, 2019 04:56 |
|
I hate manually fixing corrupted TF states. Something about instances recreating cloudwatch log groups as soon as they log anything which terraform freaks out about and same for the abomination affront to god that is every component comprising iam. e; code:
ee; I made a mistake and instantiated two modules that were too similar and ended up both creating the same assets indirectly with the same names - due to being too similar - while the creation of the resources twice was indirect in such a way the fact there were 2 was not computable by the graph engine code:
tldr i regret everything i've ever done to arrive to this moment Methanar fucked around with this message at 08:12 on Nov 12, 2019 |
# ? Nov 12, 2019 07:00 |
|
did you instantiate the babby?
|
# ? Nov 12, 2019 14:05 |
|
terrorform
|
# ? Nov 12, 2019 14:53 |
|
Methanar posted:I hate manually fixing corrupted TF states. Something about instances recreating cloudwatch log groups as soon as they log anything which terraform freaks out about and same for the abomination affront to god that is every component comprising iam. you can import existing resources to reconcile state rather than destroying and rebuilding
|
# ? Nov 12, 2019 14:57 |
|
Powerful Two-Hander posted:j/k nobody reviews my code Though a third party auditor they brought in did review some of my code once, his first question was "... so why did you do this?"
|
# ? Nov 12, 2019 15:27 |
|
Absurd Alhazred posted:Soldiers with top-secret clearances say they were forced to use an app that could endanger them My favorite blurbs quote:The app developer, Straxis LLC, is based in Tulsa but has a subsidiary in southern India. User data wasn’t stored on foreign servers and third parties do not have access to data, a company spokesperson said. quote:The app was later removed from both Apple’s App Store and the Google Play Store. Lmao
|
# ? Nov 12, 2019 15:55 |
|
https://krebsonsecurity.com/2019/11/retailer-orvis-com-leaked-hundreds-of-internal-passwords-on-pastebin/Krebs posted:a file containing a staggering number of internal usernames and passwords for Orvis had been posted to Pastebin. You can read between the lines and imagine the exact mixture of incompetence that led to this.
|
# ? Nov 12, 2019 16:39 |
|
Blockade posted:
response: why not? auditor: ok great seems reasonable think we have all the docs we need.
|
# ? Nov 12, 2019 16:40 |
|
Vomik posted:response: why not? "because it is in compliance with our documented policy"
|
# ? Nov 12, 2019 16:45 |
|
Stabby McDamage posted:https://krebsonsecurity.com/2019/11/retailer-orvis-com-leaked-hundreds-of-internal-passwords-on-pastebin/ i hope that locked server room safe has a gun in it to ensure data destruction in the event of compromise
|
# ? Nov 12, 2019 17:53 |
|
oh and password/gMSA update: it pinged around a bit to a guy I know who went "yeah, just set it to non expire that's the standard process, I know it sucks but whatcha gonna do?" apparently as long as i personally don't know the pw and we could in theory change it if we had to it's deemed OK
|
# ? Nov 12, 2019 17:56 |
|
ratbert90 posted:HOO loving BOY! I'm sorry, I just wanted to say please inject this type of horrible poo poo directly into my veins
|
# ? Nov 12, 2019 20:11 |
|
Stabby McDamage posted:https://krebsonsecurity.com/2019/11/retailer-orvis-com-leaked-hundreds-of-internal-passwords-on-pastebin/ my_passwords.txt
|
# ? Nov 12, 2019 20:20 |
|
|
# ? Apr 27, 2024 21:07 |
semi serious question: let’s say that one is to buy a custom-built online shop software. what are some it security things that should be asked to the vendor, who may also be the initial system administrator for some period of time?
|
|
# ? Nov 12, 2019 20:21 |