|
Schadenboner posted:There's no need to use profanity, you could just say "MS Access project"* I would have done something like "You don't need to call it lovely when it's Microsoft lovely Access project"
|
# ? Jul 29, 2020 14:40 |
|
|
# ? Mar 28, 2024 17:18 |
|
Mustache Ride posted:I would have done something like "You don't need to call it lovely when it's Microsoft lovely Access project"
|
# ? Jul 29, 2020 14:52 |
|
We have all sorts of infosec stuff. Everything Microsoft throws at you with O365/M365, Azure Sentinel, even Darktrace. No one looks at it, it's no one's responsibility, and we've never met as a team to discuss an approach. It's great. I love it.
|
# ? Jul 29, 2020 16:49 |
|
Mustache Ride posted:It's probably a lovely MS Access project. Please don't swear itt. Just say "lovely project."
|
# ? Jul 29, 2020 19:59 |
|
Ynglaur posted:Please don't swear itt. Just say "lovely project." See, this is what I should have gone with but I'm always worried the punchline won't land. I think I lack confidence in my jokes being sufficiently un-funny?
|
# ? Jul 29, 2020 20:01 |
Internet Explorer posted:We have all sorts of infosec stuff. Everything Microsoft throws at you with O365/M365, Azure Sentinel, even Darktrace. Darktrace is the loving snake oil of the infosec world It's what would happen if movie producers could make infosec tools.
|
|
# ? Jul 29, 2020 20:09 |
|
One of my first big projects at my new job was replacing an MS Access database on the network drive
|
# ? Jul 29, 2020 20:42 |
|
CyberPingu posted:Darktrace is the loving snake oil of the infosec world I literally cannot tell what Darktrace is supposed to do from their website. Not surprising though. I just left a job (thank god) doing research and detection development for another enterprise security software company, and there was a huge push for UEBA and ML and AI all the other sexy buzzwords. No one in product leadership could describe what features they actually wanted, and any proof of concept work or references to ML projects other companies were working on were met with "yeah but not like that". Never did figure it out.
|
# ? Jul 30, 2020 00:41 |
|
Shuu posted:I literally cannot tell what Darktrace is supposed to do from their website. IT LOOKS loving RAD ON THE BIG SCREEN IN THE SOC IS WHAT IT DOES. I think they also had a sufficiently flashy booth at one of the last trade shows I attended in person, but I could be mis-remembering.
|
# ? Jul 30, 2020 00:53 |
|
Schadenboner posted:See, this is what I should have gone with but I'm always worried the punchline won't land. I think I lack confidence in my jokes being sufficiently un-funny?
|
# ? Jul 30, 2020 02:36 |
|
CyberPingu posted:Darktrace is the loving snake oil of the infosec world It really is. I loving hate it. Of course the CIO types love it. They couldn't tell you what it does, but they love it.
|
# ? Jul 30, 2020 03:50 |
Shuu posted:I literally cannot tell what Darktrace is supposed to do from their website. Its aggregated attack logs with a shiny UI. My favourite Dark Trace story was being at an InfoSec conference last year where DT were doing one of the keynotes The guy before them was this ex GCHQ and current Interpol guy who was saying how we need to drop vendors selling us all these services and get back to doing the basics right. Then DT stood up and tried to do a sales pitch. CyberPingu fucked around with this message at 08:11 on Jul 30, 2020 |
|
# ? Jul 30, 2020 08:09 |
|
Shuu posted:I literally cannot tell what Darktrace is supposed to do from their website. I think Darktrace's mission is to bother you as much as possible in the most aggressive way possible, while selling you absolutely nothing. It's the true shitstain of the industry.
|
# ? Jul 30, 2020 10:36 |
|
Anything advertising self-learning AI is bullshit.
|
# ? Jul 31, 2020 00:11 |
|
i do network security for a mid sized org in a complicated outsourced fashion. all that to say i own almost all network/infosec-related systems but not darktrace, that’s CIO’s eyes only. i have been asked to narrow down the source of exactly three “incidents” that darktrace detected in the three years i’ve been here: two coinminer.js “downloads” and a helpdesk guy installing the battle.net launcher
|
# ? Jul 31, 2020 04:26 |
|
Combat Pretzel posted:Anything advertising self-learning AI is bullshit. adaptive control doesn't sound cool at all
|
# ? Jul 31, 2020 04:37 |
|
uniball posted:i do network security for a mid sized org in a complicated outsourced fashion. all that to say i own almost all network/infosec-related systems but not darktrace, that’s CIO’s eyes only. i have been asked to narrow down the source of exactly three “incidents” that darktrace detected in the three years i’ve been here: two coinminer.js “downloads” and a helpdesk guy installing the battle.net launcher There are so many loving false positives that it's just an avalanche of garbage unless you put an absolute enormous amount of time into it.
|
# ? Jul 31, 2020 05:48 |
Internet Explorer posted:There are so many loving false positives that it's just an avalanche of garbage unless you put an absolute enormous amount of time into it. Tbf that sounds like a lot of AV solutions too.
|
|
# ? Jul 31, 2020 06:51 |
|
Any griefs with Suricata? ...in as far as the "you get what you pay for" open sores tier
|
# ? Jul 31, 2020 07:00 |
|
Computer Serf posted:Any griefs with Suricata? If you're looking for Free, you might want to look into Security Onion.
|
# ? Jul 31, 2020 07:13 |
|
Internet Explorer posted:There are so many loving false positives that it's just an avalanche of garbage unless you put an absolute enormous amount of time into it. This is true for any security product tbh
|
# ? Jul 31, 2020 08:55 |
|
CyberPingu posted:Tbf that sounds like a lot of AV solutions too. spankmeister posted:This is true for any security product tbh It's on a totally different level.
|
# ? Jul 31, 2020 14:00 |
Internet Explorer posted:It's on a totally different level. Oh I know. DT is loving horrendous, but false positives feel like a by product of over sensitive security (or lack of a 1000hour configured safe list).
|
|
# ? Jul 31, 2020 15:22 |
|
https://twitter.com/NMichaels013/status/1288873125627793409
|
# ? Jul 31, 2020 17:03 |
Combat Pretzel posted:advertising is bullshit.
|
|
# ? Jul 31, 2020 17:32 |
|
https://twitter.com/campuscodi/status/1289280517318127617?s=19
|
# ? Jul 31, 2020 20:27 |
|
Garmin paid the ransom https://twitter.com/BleepinComputer/status/1289641485873209344
|
# ? Aug 1, 2020 20:54 |
|
I didn't see that before: quote:A New York Times report that has yet to be confirmed by Twitter said that hackers breached employee Slack accounts and found credentials for the Twitter backend pinned inside a Slack channel. Passwords on a post-it stuck to your monitor (2020 version): still undisputed king of security vulnerabilities
|
# ? Aug 1, 2020 21:50 |
|
Klyith posted:I didn't see that before: what else am I supposed to put on the post-it I cover my webcam with???
|
# ? Aug 1, 2020 23:28 |
|
Diva Cupcake posted:Garmin paid the ransom Ah, you know, we meant to test our backups but you know we had that production freeze, and then john went on vacation, and .. well all’s well that ends well right?
|
# ? Aug 1, 2020 23:35 |
|
Klyith posted:Passwords on a post-it stuck to your monitor (2020 version): still undisputed king of security vulnerabilities Also, state attorneys bragging about bagging teenage crackers while ransomware gangs go unchecked is very 2020
|
# ? Aug 2, 2020 00:09 |
|
I know what August is going to be. I've started getting the car warranty spam phone calls again. August is going to be the Summer of Spam.
|
# ? Aug 2, 2020 02:15 |
|
evil_bunnY posted:Also, state attorneys bragging about bagging teenage crackers while ransomware gangs go unchecked is very 2020 Idiot teens that discuss federal crimes on loving discord and use bitcoin addresses traceable to their identity are very very easy to catch. International ransomware gangs, sometimes with state-sponsored involvement, are hard to catch and near-impossible to extradite.
|
# ? Aug 2, 2020 02:57 |
|
Martytoof posted:Ah, you know, we meant to test our backups but you know we had that production freeze, and then john went on vacation, and .. well all’s well that ends well right? Pretty much what I expected
|
# ? Aug 2, 2020 05:27 |
evil_bunnY posted:That's the thing, your monitor isn't a company-wide available asset. Write down your loving password if you must. While everyone is working from home. Writing down a password on a post it note isn't the worst tbh, as long as its out of webcam view But yeah, teenage crackers are low hanging fruit that boosts their "got em" numbers. Which makes them look better. Getting the high end organised guys takes time and money, and doesn't produce instant results
|
|
# ? Aug 2, 2020 09:56 |
|
Klyith posted:Idiot teens that discuss federal crimes on loving discord and use bitcoin addresses traceable to their identity are very very easy to catch.
|
# ? Aug 2, 2020 11:57 |
|
evil_bunnY posted:ACAB. If I was on the jury I'd say not guilty to wire fraud, on the grounds that bitcoins have no value.
|
# ? Aug 2, 2020 14:10 |
|
Klyith posted:If I was on the jury I'd say not guilty to wire fraud, on the grounds that bitcoins have no value. Interesting version of jury nullification
|
# ? Aug 2, 2020 16:43 |
|
Anyone else having trouble with users getting cert validity too long errors from their browser? I can't figure out why some users are getting it and some aren't. As far as I've been able to tell from research,
So what gives? Why are only some users (on the same chrome & safari versions, accessing the same sites, receiving the same certificates, on managed endpoints) seeing the errors?
|
# ? Aug 3, 2020 16:53 |
|
|
# ? Mar 28, 2024 17:18 |
|
Validity being too long absolutely affects certs issued before September. The thing happening in September is that the maximum validity period is getting shorter.
|
# ? Aug 3, 2020 17:01 |