|
Jabor posted:Validity being too long absolutely affects certs issued before September. The thing happening in September is that the maximum validity period is getting shorter. According to digicert, quote:Any certificates issued before Sept. 1, 2020 will still be valid, regardless of the validity period (up to 825 days). Certificates that are not publicly trusted can still be recognized, up to a maximum validity of 825 days. -- https://www.digicert.com/blog/position-on-1-year-certificates/ And I'm talking about 2 year certs. Edit: They're actually 3 year certs, which makes the inconsistency even more puzzling. Most people aren't getting the error (talking thousands of employees), but a few do. PBS fucked around with this message at 18:45 on Aug 3, 2020 |
# ? Aug 3, 2020 17:03 |
|
|
# ? Apr 27, 2024 19:53 |
|
evil_bunnY posted:That's the thing, your monitor isn't a company-wide available asset. Write down your loving password if you must. I originally read this as "your mother", which tbf is also true. At least of my mother, don't know about yours.
|
# ? Aug 3, 2020 20:16 |
|
PBS posted:According to digicert, The limit was 39 months from April 2015 until March 2018, which at least Chrome interprets as the longest possible 39 months including a leap year and two 31 day months for 1188 total days, then it switched to 825 days after that. This means there's around a 10 month period between the evening of May 3, 2017 and the end of February 2018 where a cert could have been issued at or above 3 years and still be valid. If it's actually 3 years and not maxing out the allowed range that earliest date moves forward to seven months starting August 3, 2017. Interestingly as a result of the changing maximum validity periods there are two gaps in time for which there are no currently valid certificates. 10 year certificates were grandfathered in if they were issued before the effective date of the CA/B Forum requirements on July 1, 2012. This means any issued between this time on August 4, 2010 and then are still valid, but there's a nearly five year gap after that because all of the 60 month era certs have already expired (the last of them in March 2020) along with three quarters of the 39 month era. The 825 day certs have also started expiring as of June 3 so we have another gap there that's currently two months wide and growing. edit: If it's a public-facing service you can try feeding it to Qualys' checker, just make sure to check the "do not show results on boards" box if this is something you'd rather not have exposed to the bots of the world https://www.ssllabs.com/ssltest/
|
# ? Aug 3, 2020 23:34 |
|
Remember when Dennis Ritchie, Bob Morris (author of Unix crypt utility) and a future stats professor at Berkeley stumbled across an attack against the Hagelin m-209 cipher machines used by the US military, and the NSA approached them and asked them not to publish it? https://www.bell-labs.com/usr/dmr/www/crypt.html Remember when it was revealed in 2020 that the entire Hagelin corporation was controlled by the CIA? https://en.wikipedia.org/wiki/Crypto_AG#Compromised_machines https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/ The NSA even personally wrote manuals for Hagelin cipher machines
|
# ? Aug 5, 2020 02:38 |
|
trashy owl posted:If you're looking for Free, you might want to look into Security Onion. I tried security onion but it takes up 30 gigs of RAM, it seems cool to impress management with. Their "open source" repo just compiles a disk image. Is there any sort of tool that'd make it easy to turn the disk image into a set of install scripts like ansible or just pulling the bins and config files? It would be nice to remove a bunch of the things on there so it runs on a cheaper server. Looks like Prometheus + Grafana is another popular option but it doesn't do IPS blocking and alerting? Mainly I'm just looking for something to put on cheap <2GB servers that'll try to block malicious traffic and alert if there's weird activity or if it gets (file hashes? something like tripwire)
|
# ? Aug 6, 2020 00:58 |
|
Klyith posted:If I was on the jury I'd say not guilty to wire fraud, on the grounds that bitcoins have no value. On the other hand if it was a sex offender trial...... "Objection Your honor! The fact my client owns a bitcoin account does not establish guilt of sexual assault against minors!" "Your honor, But does it not establish that he might be a libertarian" "Objection overruled" But yeah, I half suspect Bitcoin might be the best thing that ever happened to law enforcement. Its like the criminals of the worlds randomly decided that the best way to hide their money was to publish their ledgers in the newspaper, but with the names scrubbed out and replaced with their telephone numbers.
|
# ? Aug 6, 2020 08:50 |
https://www.msn.com/en-gb/money/tec...U?ocid=msedgntpquote:
|
|
# ? Aug 6, 2020 11:07 |
|
Computer Serf posted:I tried security onion but it takes up 30 gigs of RAM, it seems cool to impress management with. Their "open source" repo just compiles a disk image. Is there any sort of tool that'd make it easy to turn the disk image into a set of install scripts like ansible or just pulling the bins and config files? It would be nice to remove a bunch of the things on there so it runs on a cheaper server. Take a look at Suricata and Zeek for malicious traffic detection and blocking. Your best bet for weird activity detection would be a good auditd config and centralized, off system log collection.
|
# ? Aug 6, 2020 11:57 |
|
There was another infosec thread with tips for a layman, does anyone have that handy? I can't seem to find it, it may have went dead.. It had a good op about using windows defender (only) for AV and turned me onto 1password.
|
# ? Aug 6, 2020 13:09 |
|
Quaint Quail Quilt posted:There was another infosec thread with tips for a layman, does anyone have that handy? I can't seem to find it, it may have went dead.. Your Operating System has Poor Operational Security?
|
# ? Aug 6, 2020 13:18 |
|
Thank you, I had it bookmarked even. It must not have had any posts lately.
|
# ? Aug 6, 2020 14:00 |
|
|
# ? Aug 6, 2020 16:05 |
|
wolrah posted:When exactly were they issued versus when they expire? It was issued on June 1st 2019 and is valid for 1096 days.
|
# ? Aug 6, 2020 17:26 |
|
PBS posted:It was issued on June 1st 2019 and is valid for 1096 days. It's not clear to me whether or not private certificates using locally trusted roots are held to the same standards, some reports indicate yes but others say they're more of a free-for-all.
|
# ? Aug 6, 2020 20:08 |
|
evilhacker posted:Take a look at Suricata and Zeek for malicious traffic detection and blocking. Your best bet for weird activity detection would be a good auditd config and centralized, off system log collection. thank you evilhacker
|
# ? Aug 6, 2020 20:33 |
|
wolrah posted:If that's a public certificate that shouldn't have even been issued, much less having it work for any remotely modern browsers. Yeah, it's private.
|
# ? Aug 6, 2020 20:54 |
https://www.zdnet.com/article/china-is-now-blocking-all-encrypted-https-traffic-using-tls-1-3-and-esni/
|
|
# ? Aug 9, 2020 22:11 |
|
https://thehackernews.com/2020/08/teamviewer-password-hacking.html Teamviewer sucks if you haven't figured it out.
|
# ? Aug 10, 2020 13:49 |
|
What's a more secure way to access a home computer running Windows 10 from a not-home location?
|
# ? Aug 10, 2020 15:59 |
|
Ynglaur posted:What's a more secure way to access a home computer running Windows 10 from a not-home location? Vpn is about it. If you can't vpn, you are just going to have to accept some risk with a 3rd party remote desktop service or open ports.
|
# ? Aug 10, 2020 16:05 |
|
Pop Tailscale on there and your phone or laptop or whatever and you’re off to the races.
|
# ? Aug 10, 2020 16:13 |
|
Maybe time for me to buy a Pi and learn to install Wireguard on Docker or something.
|
# ? Aug 10, 2020 16:15 |
|
Ynglaur posted:What's a more secure way to access a home computer running Windows 10 from a not-home location? Chrome Remote Desktop seems pretty good.
|
# ? Aug 10, 2020 16:38 |
Internet Explorer posted:Chrome Remote Desktop seems pretty good.
|
|
# ? Aug 10, 2020 16:50 |
|
What's the thread's opinion of ZeroTier?
|
# ? Aug 10, 2020 17:17 |
|
Zerotier creates a virtual layer 1 network. If you need it, why not. Tailscale is probably the better solution, because it uses Wireguard to create a layer 3 network. Both use a lot more battery on my phone than plain Wireguard, tho. I'm currently running a Wireguard endpoint within docker on my Raspberry Pi with Home Assistant.
|
# ? Aug 10, 2020 17:28 |
|
Sickening posted:Vpn is about it. If you can't vpn, you are just going to have to accept some risk with a 3rd party remote desktop service or open ports. Ynglaur posted:Maybe time for me to buy a Pi and learn to install Wireguard on Docker or something. A proper VPN is best, but for a simple use case like one person phoning home for an RDP session, an ssh tunnel is plenty secure and (in my opinion) it's a lot easier to set up. Heck, I think you can even run openssh-server directly in WSL, and not even need a separate Linux box to accept the incoming ssh connection.
|
# ? Aug 10, 2020 17:46 |
|
Wireguard isn't quite enterprise ready as far as I know.
|
# ? Aug 10, 2020 17:46 |
|
Subjunctive posted:Pop Tailscale on there and your phone or laptop or whatever and you’re off to the races. https://rnorth.org/tailscale-docker/ at home and go
|
# ? Aug 10, 2020 17:53 |
|
D. Ebdrup posted:Chrome really is turning into an OS, isn't it. wait until I tell you about Chrome OS
|
# ? Aug 10, 2020 17:53 |
|
Powered Descent posted:A proper VPN is best, but for a simple use case like one person phoning home for an RDP session, an ssh tunnel is plenty secure and (in my opinion) it's a lot easier to set up. Heck, I think you can even run openssh-server directly in WSL, and not even need a separate Linux box to accept the incoming ssh connection. Windows has an ssh server built in. I forget how to use it, but its there and has been for a couple years
|
# ? Aug 10, 2020 17:58 |
|
RFC2324 posted:Windows has an ssh server built in. I forget how to use it, but its there and has been for a couple years Its under Apps -> Optional Features -> Add A Feature https://virtualizationreview.com/ar...0the%20service.
|
# ? Aug 10, 2020 18:51 |
|
https://twitter.com/caetuscap/status/1293205995083177985 e: lmao https://nypost.com/2020/08/11/john-mcafee-apparently-arrested-for-wearing-thong-instead-of-face-mask/
|
# ? Aug 11, 2020 18:39 |
|
Can't be forced to eat your dick if you're in custody
|
# ? Aug 11, 2020 19:54 |
|
CLAM DOWN posted:https://twitter.com/caetuscap/status/1293205995083177985 2020 is really just bringing that "is it real or machine generated" vibe to the news, rising towards a crescendo as the year goes on.
|
# ? Aug 12, 2020 06:07 |
|
Volmarias posted:2020 is really just bringing that "is it real or machine generated" vibe to the news, rising towards a crescendo as the year goes on. The world is a simulation and we just found the bug that causes a Dwarf Fortress style tantrum spiral. Everything is spinning out of control in hilariously bad ways that shouldn't be possible.
|
# ? Aug 12, 2020 06:23 |
|
CLAM DOWN posted:https://twitter.com/caetuscap/status/1293205995083177985 All this article does is highlight how terrible journalism is these days: Clicking on the tweets, they clearly state that he was denied entry into Germany for not wearing a face mask and then apparently got into a physical fight with the police denying him entry. Which ended with McAfee in German jail.
|
# ? Aug 12, 2020 12:39 |
|
At this point, a kaiju attack would not be surprising.
|
# ? Aug 14, 2020 20:53 |
|
My friend is redoing a website for a local business and found this homebuilt "crypto" gem written by a different local web developer in 2007. Luckily it didn't protect anything important, but still.code:
Oh, and this was just published in the source of the webpage,.
|
# ? Aug 17, 2020 20:00 |
|
|
# ? Apr 27, 2024 19:53 |
|
That's a cool CTF exercise for you to point potential interns towards.
|
# ? Aug 17, 2020 20:16 |