|
klosterdev posted:Performas were awful for a kid who couldn't play his friend's DOS/Win95 computer games but good for escape velocity
|
#
?
Oct 14, 2020 20:29
|
|
|
|
| # ? Apr 23, 2024 11:06 |
|
|
Spaceway 2000 man
|
|
#
?
Oct 15, 2020 02:29
|
|
|
Microsoft Security Response Center has published a pdf report of a security analysis of the CHERI ISA which uses FreeBSD as a basis for a fork called CheriBSD which has been modified to make use of CHERI. The team estimates that between half and two thirds of all the vulnerabilities that Microsoft have faced in 2019 would have been mitigated.
|
|
#
?
Oct 15, 2020 16:27
|
|
|
That's a really dense read but really cool at the same time.
|
|
#
?
Oct 15, 2020 16:38
|
|
|
Barnes and noble apparently don't patch things. https://www.bleepingcomputer.com/news/security/barnes-and-noble-hit-by-cyberattack-that-exposed-customer-data/
|
|
#
?
Oct 15, 2020 16:47
|
|
|
Sickening posted:Barnes and noble apparently don't patch things. So some idiot has been using my gmail address for many years thinking it's his (I have a simple/short gmail addy from the early beta invite-only days), and I got this breach email last night lmao. Now this idiot has gotten....my email? breached. Again. Siiiigh.
|
|
#
?
Oct 15, 2020 17:07
|
|
|
CLAM DOWN posted:So some idiot has been using my gmail address for many years thinking it's his (I have a simple/short gmail addy from the early beta invite-only days), and I got this breach email last night lmao. Now this idiot has gotten....my email? breached. Again. Siiiigh. Its funny because i too have a short email alias from the beta days that is lastname.firstinitial. Its like a clear indicator that you are old.
|
|
#
?
Oct 15, 2020 20:47
|
|
|
Mine is firstname.lastinitial
|
|
#
?
Oct 15, 2020 20:52
|
|
|
CLAM DOWN posted:So some idiot has been using my gmail address for many years thinking it's his (I have a simple/short gmail addy from the early beta invite-only days), and I got this breach email last night lmao. Now this idiot has gotten....my email? breached. Again. Siiiigh. I'm a bit out of it today, but how does this actually affect you if it wasn't your account? Presumably you didn't share passwords with him.
|
|
#
?
Oct 15, 2020 20:55
|
|
|
Subjunctive posted:I'm a bit out of it today, but how does this actually affect you if it wasn't your account? Presumably you didn't share passwords with him.
|
|
#
?
Oct 15, 2020 21:02
|
|
|
Sickening posted:Its funny because i too have a short email alias from the beta days that is lastname.firstinitial. Its like a clear indicator that you are old. Mine is firstname.lastinitial, it rules but it's too full of spam. I own a domain that's lastname.com so I keep meaning to switch to firstname@lastname.com that I have attached to my personal O365 account. Subjunctive posted:I'm a bit out of it today, but how does this actually affect you if it wasn't your account? Presumably you didn't share passwords with him. Oh, it doesn't really, just means that my email is out there in yet another breach/dump. Because of how simple/short/old my gmail is, it's already out there in a dozen, but yeah it's not a huge deal. Just another facepalm moment because god I don't understand how this idiot can keep using my email as if it's his.
|
|
#
?
Oct 15, 2020 21:34
|
|
|
i have uniball at gmail and get a lot of other people’s instagram accounts, in-store loyalty programs, etc. one time the pen company held some kind of contest in india and for some reason i got dozens of submissions my friend has idontgetit at gmail and he gets way more and way funnier stuff, including some shockingly sensitive personal finance things.
|
|
#
?
Oct 15, 2020 22:56
|
|
|
CLAM DOWN posted:Mine is firstname.lastinitial, it rules but it's too full of spam. I own a domain that's lastname.com so I keep meaning to switch to firstname@lastname.com that I have attached to my personal O365 account. I have been signing up firstname@gmail.com for everything that asks me for an email for more than a decade. Whoever that person is that works at google, I hope they enjoy it. I would also assume nope@nope.com gets a bunch as well.
|
|
#
?
Oct 15, 2020 23:17
|
|
|
Sickening posted:I have been signing up firstname@gmail.com for everything that asks me for an email for more than a decade. Whoever that person is that works at google, I hope they enjoy it. I would also assume nope@nope.com gets a bunch as well. Try mailinator.com instead.
|
|
#
?
Oct 15, 2020 23:33
|
|
|
A shocking number of sites block not just mailinator, but also its alternate domains.
|
|
#
?
Oct 15, 2020 23:34
|
|
|
I wonder if I'll need to change from dtrump@whitehouse.gov to something else.
|
|
#
?
Oct 15, 2020 23:34
|
|
|
Sickening posted:I have been signing up firstname@gmail.com for everything that asks me for an email for more than a decade. Whoever that person is that works at google, I hope they enjoy it. I would also assume nope@nope.com gets a bunch as well. they're probably not a googler try firstname@google.com
|
|
#
?
Oct 16, 2020 00:18
|
|
|
Sickening posted:I have been signing up firstname@gmail.com for everything that asks me for an email for more than a decade. Whoever that person is that works at google, I hope they enjoy it. I would also assume nope@nope.com gets a bunch as well. Hey fellow nope user.
|
|
#
?
Oct 16, 2020 01:01
|
|
|
Can someone clarify something for me about Shannon Entropy? If I have a really got RNG and I request 128 random bits, as long as the chance of any possible binary number is equally likely as any other number from those 128 bits it is said to have 128 bits of Entropy?
|
|
#
?
Oct 16, 2020 03:39
|
|
|
when i worked for apple, they were very nonspecific in their training/documentation around how to do software troubleshooting, so it really stood out when they sent out a communication and updated their documentation to say like "When submitting an email address with a form in the process of testing something, you MUST use a nonexistent TLD. We suggest test@test.none" wonder what kind of stink was raised to result in that! that wouldn't work for a lot of things these days. all of mailinator's domains being blocked has been common for many years now, but i've occasionally run into things in the last couple years that refuse to accept "anything but the best" (gmail, icloud, etc).
|
|
#
?
Oct 16, 2020 06:07
|
|
|
What’s a good starting point for OSINT basics? Or is there a megathread somewhere I’ve missed?
|
|
#
?
Oct 19, 2020 11:12
|
|
|
SpaceSDoorGunner posted:What’s a good starting point for OSINT basics? Or is there a megathread somewhere I’ve missed? https://github.com/jivoi/awesome-osint ?
|
|
#
?
Oct 19, 2020 13:06
|
|
|
SpaceSDoorGunner posted:What’s a good starting point for OSINT basics? Or is there a megathread somewhere I’ve missed? Bellingcat has an excellent toolkit and guide as well: https://docs.google.com/document/d/1BfLPJpRtyq4RFtHJoNpvWQjmGnyVkfE2HYoICKOGguA/edit https://www.bellingcat.com/category/resources/how-tos
|
|
#
?
Oct 19, 2020 14:43
|
|
|
CommieGIR posted:Bellingcat has an excellent toolkit and guide as well: https://docs.google.com/document/d/1BfLPJpRtyq4RFtHJoNpvWQjmGnyVkfE2HYoICKOGguA/edit That’s the kinda thing I’m looking for, thanks!
|
|
#
?
Oct 19, 2020 20:17
|
|
|
For those of ya'll working in InfoSec for a specific company (ie not a company that contracts out InfoSec to other businesses), how much access do you all usually have to systems in your environment? Admin level access to everything? View level access? Admin for a few specific things? Or just "I can login to my email and ticketing software?"
|
|
#
?
Oct 20, 2020 15:41
|
|
|
Revdomezehis posted:For those of ya'll working in InfoSec for a specific company (ie not a company that contracts out InfoSec to other businesses), how much access do you all usually have to systems in your environment? Admin level access to everything? View level access? Admin for a few specific things? Or just "I can login to my email and ticketing software?" darn near everything, but with approval checkout workflow
|
|
#
?
Oct 20, 2020 15:48
|
|
|
Revdomezehis posted:For those of ya'll working in InfoSec for a specific company (ie not a company that contracts out InfoSec to other businesses), how much access do you all usually have to systems in your environment? Admin level access to everything? View level access? Admin for a few specific things? Or just "I can login to my email and ticketing software?" I don't work in them, but have ended up working with them at various companies and the best solution I have seen is read only to everything, but if they want to make a change it's impossible without involving a sysadmin.
|
|
#
?
Oct 20, 2020 15:55
|
|
|
Revdomezehis posted:For those of ya'll working in InfoSec for a specific company (ie not a company that contracts out InfoSec to other businesses), how much access do you all usually have to systems in your environment? Admin level access to everything? View level access? Admin for a few specific things? Or just "I can login to my email and ticketing software?" Technically everything... I have admin privileges in our UIs which are logged extensively. But as a developer I could also just go siphon it all from the database, or deploy code to email it to me, or something.
|
|
#
?
Oct 20, 2020 15:57
|
|
|
No longer boots on the ground security, but I had RW access to security tooling, RO access to our non-prod environment and zero access to PROD.
|
|
#
?
Oct 20, 2020 16:01
|
|
|
Potato Salad posted:darn near everything, but with approval checkout workflow
|
|
#
?
Oct 20, 2020 16:24
|
|
|
Read to everything config and DBs, RW to tools, and nothing to prod. Security shouldn't have admin to everything imo.
|
|
#
?
Oct 20, 2020 16:36
|
|
|
CLAM DOWN posted:Read to everything config and DBs, RW to tools, and nothing to prod. Security shouldn't have admin to everything imo. Security shouldn't be adminning anything. Y'all should be identifying issues and setting policies, then kicking down tickets to the admins to make what changes you need(or engage about why the change breaks things)
|
|
#
?
Oct 20, 2020 16:40
|
|
|
RFC2324 posted:Security shouldn't be adminning anything. Y'all should be identifying issues and setting policies, then kicking down tickets to the admins to make what changes you need(or engage about why the change breaks things) Yup
|
|
#
?
Oct 20, 2020 16:52
|
|
|
CLAM DOWN posted:Read to everything config and DBs, RW to tools, and nothing to prod. Security shouldn't have admin to everything imo. to expand, I've got logging/read accounts for siem/signals/puppet/sccm/whatever for regular operational use, and my team has a set of checkout accounts that we can activate when we are asked to respond to an incident we have admin capability upon invitation and in coordination with the system owners, tldr
|
|
#
?
Oct 20, 2020 17:02
|
|
|
CLAM DOWN posted:Read to everything config and DBs, RW to tools, and nothing to prod. Security shouldn't have admin to everything imo. If the point is to build trustworthy systems "having the power to do whatever you want" is not compatible . We shouldn't just not have admin to everything we shouldn't want it.
|
|
#
?
Oct 20, 2020 17:27
|
|
|
Appreciate the answers everyone. For reference I thought before asking that basically this VVV would be the best/most common approachRFC2324 posted:Security shouldn't be adminning anything. Y'all should be identifying issues and setting policies, then kicking down tickets to the admins to make what changes you need(or engage about why the change breaks things) To be clear though, in my org the infosec team has "I can login to my email and ticketing software?"-level access. Unsurprisingly this has made identifying issues.... difficult. 
|
|
#
?
Oct 20, 2020 17:27
|
|
|
apseudonym posted:If the point is to build trustworthy systems "having the power to do whatever you want" is not compatible . We shouldn't just not have admin to everything we shouldn't want it. Yes, I agree, I didn't say otherwise?
|
|
#
?
Oct 20, 2020 17:39
|
|
|
Revdomezehis posted:Appreciate the answers everyone. For reference I thought before asking that basically this VVV would be the best/most common approach Yeah, p hard to get insight into the environment to spot issues that way. Are you SOC or actual secops tho, because most SOCs I have seen are level 1 analysts who only respond to tickets
|
|
#
?
Oct 20, 2020 17:53
|
|
|
Secops, we have a contract with an outside SOC which analyzes logs being forwarded to them and then creates tickets that either they'll resolve or will get sent to us for further investigation. We also deal with setting policy and whatnot. Basically got prompted to ask the question since I was hired on a few months ago because of having sysadmin experience and skills in malware analysis/reverse engineering, as well as knowledge of some of the specialized software used in our line of business. (the company, not infosec in general) I went in thinking it'd be as I described, having basically RO access to most things, RW for security related software/servers, and otherwise working with the actual sysadmins for remediation stuff. Instead we have, as I noted, basically email and ticketing suite level access. But then recently I got asked to help evaluate a cyber-range vendor that does simulations. Well doing the simulation seemed to assume we had admin level access to everything in the network. After that I figured I needed to check in others in the field as to what the reality was, since again, I had gone in assuming that we'd never have that level of access to everything, but at least be able to admin some stuff. As it is, basically the only insight into potential issues that I can see we're capable of currently is gleaning vulnerabilities from the tickets created from the logs being forwarded to our SOC vendor, checking for gaps in our company policies, or else findings from our once every other year redteam style audits that we contract out for.
|
|
#
?
Oct 20, 2020 18:08
|
|
|
|
| # ? Apr 23, 2024 11:06 |
|
|
Ah! But what if your info-sec guys are your regular admins because your company cheap AF!? What then?
|
|
#
?
Oct 20, 2020 18:41
|
|
