|
Defenestrategy posted:signing emails with PGP How does signing emails with PGP make a person safer?
|
#
?
Mar 4, 2021 16:33
|
|
|
|
| # ? Apr 20, 2024 01:07 |
|
|
Why is mfa a tip instead of something that's already turned on for your company? Its opt in?
|
|
#
?
Mar 4, 2021 16:34
|
|
|
Nukelear v.2 posted:Maybe somebody will read it, but yea it's mostly CYA so they can't feign total ignorance when an incident occurs. I had an idea for a presentation, where I would use OSINT to gather information on a volunteer and then present a bio on them to be used for nefarious purposes and then show how to lock the information down to an extent, but I fear the ramifications on teaching the work place how to efficiently google-fu/harvester/etc their coworkers. edit: droll posted:Why is mfa a tip instead of something that's already turned on for your company? Its opt in? Subjunctive posted:How does signing emails with PGP make a person safer? In that case it was more about "What is a digital signature, and how can I use it" sort of thing. Defenestrategy fucked around with this message at 16:51 on Mar 4, 2021 |
|
#
?
Mar 4, 2021 16:39
|
|
|
Defenestrategy posted:I had an idea for a presentation, where I would use OSINT to gather information on a volunteer and then present a bio on them to be used for nefarious purposes and then show how to lock the information down to an extent, but I fear the ramifications on teaching the work place how to efficiently google-fu/harvester/etc their coworkers. Yea that's gonna get creepy super quick when you start presenting pictures of their kids and house. Really people aren't going to stop using social media anyway. I would imagine OSINT isn't really the biggest threat you have though, so I'd think more about how to target that.
|
|
#
?
Mar 4, 2021 16:55
|
|
|
Nobody is reading your work newsletter about what they should do in their personal life lol
|
|
#
?
Mar 4, 2021 17:25
|
|
|
Defenestrategy posted:I had an idea for a presentation, where I would use OSINT to gather information on a volunteer and then present a bio on them to be used for nefarious purposes and then show how to lock the information down to an extent, but I fear the ramifications on teaching the work place how to efficiently google-fu/harvester/etc their coworkers. OH dear lord no, just no. Boundaries!
|
|
#
?
Mar 4, 2021 17:31
|
|
|
Nukelear v.2 posted:Maybe somebody will read it, but yea it's mostly CYA so they can't feign total ignorance when an incident occurs. I have a 100% success rate at not falling for phishing emails. Lemme share my secret so you can tell your users. I don't read my email.
|
|
#
?
Mar 4, 2021 17:57
|
|
|
Sickening posted:OH dear lord no, just no. Boundaries! On that very subject I find that people in our industry really have problems with boundaries. When filling open positions within my reports, a certain team had a habit of gathering intel of applicants and passing it around before their interview. I found the practice pretty loving gross and outlawed it. It gets way too out of control too quickly and leads to toxic poo poo.
|
|
#
?
Mar 4, 2021 18:05
|
|
|
Sickening posted:On that very subject I find that people in our industry really have problems with boundaries. When filling open positions within my reports, a certain team had a habit of gathering intel of applicants and passing it around before their interview. I found the practice pretty loving gross and outlawed it. It gets way too out of control too quickly and leads to toxic poo poo. God drat, that is awful.
|
|
#
?
Mar 4, 2021 18:10
|
|
|
Sickening posted:On that very subject I find that people in our industry really have problems with boundaries. When filling open positions within my reports, a certain team had a habit of gathering intel of applicants and passing it around before their interview. I found the practice pretty loving gross and outlawed it. It gets way too out of control too quickly and leads to toxic poo poo. That's an oof.
|
|
#
?
Mar 4, 2021 18:26
|
|
|
Sickening posted:On that very subject I find that people in our industry really have problems with boundaries. When filling open positions within my reports, a certain team had a habit of gathering intel of applicants and passing it around before their interview. I found the practice pretty loving gross and outlawed it. It gets way too out of control too quickly and leads to toxic poo poo. I'm glad you outlawed that. Wtf.
|
|
#
?
Mar 4, 2021 18:39
|
|
Sickening posted:On that very subject I find that people in our industry really have problems with boundaries. When filling open positions within my reports, a certain team had a habit of gathering intel of applicants and passing it around before their interview. I found the practice pretty loving gross and outlawed it. It gets way too out of control too quickly and leads to toxic poo poo. This is quite possibly illegal depending on the state it’s occurring in
|
|
|
#
?
Mar 4, 2021 18:45
|
|
|
yeah, it's best to leave any doxing and any racism/classism/sexism/etc to the machine learning HR resume/hiring applications popping up everywhere  (strictly off topic for infosec, but Jesus Christ some of the reporting that's coming out on how terrifically biased some of these systems are)
|
|
#
?
Mar 4, 2021 18:46
|
|
|
https://twitter.com/ericgeller/status/1367534978167406595
|
|
#
?
Mar 4, 2021 19:00
|
|
|
Defenestrategy posted:As part of my role as infosec guy, I've been tasked with doing "employee education", and so every two months I've been putting out a short company newsletter that has broad stroke significant company affecting infosec event summaries, such as successful phishing attempts on employees, or foreign IP logins,etc as well as a "infosec tip of the day" kind of thing where it outlines a thing to be slightly safer, like enabling MFA or signing emails with PGP, stuff like that. One good thing that might come of it: an improved internal recruiting program, as junior IT guys read it and think, "hey, that sounds interesting, that's a cool job to which I might aspire." Hah hah who am I kidding, nobody ever promotes internally.
|
|
#
?
Mar 4, 2021 21:52
|
|
|
Sickening posted:On that very subject I find that people in our industry really have problems with boundaries. When filling open positions within my reports, a certain team had a habit of gathering intel of applicants and passing it around before their interview. I found the practice pretty loving gross and outlawed it. It gets way too out of control too quickly and leads to toxic poo poo. That is seriously unprofessional and uncool, yikes.
|
|
#
?
Mar 4, 2021 22:00
|
|
|
Is looking at the applicant's LinkedIn, noticing they worked at a company where I know someone, and asking that someone I know about the applicant, gross/bad?
|
|
#
?
Mar 4, 2021 22:02
|
|
|
droll posted:Is looking at the applicant's LinkedIn, noticing they worked at a company where I know someone, and asking that someone I know about the applicant, gross/bad? Isn't that de jure what HR is already doing I don't think so  depends on your questions I guessvvvv assuming nobody talks to *current* company, that would be awful Mr. Crow fucked around with this message at 22:10 on Mar 4, 2021 |
|
#
?
Mar 4, 2021 22:06
|
|
droll posted:Is looking at the applicant's LinkedIn, noticing they worked at a company where I know someone, and asking that someone I know about the applicant, gross/bad? Untrustworthy if anything. Also people at the other company might not know the applicant is looking for jobs
|
|
|
#
?
Mar 4, 2021 22:07
|
|
|
.
droll fucked around with this message at 22:24 on Mar 4, 2021 |
|
#
?
Mar 4, 2021 22:10
|
|
|
Mr. Crow posted:Isn't that de jure what HR is already doing I don't think so HR don't know who my friends are and where they work/worked. CyberPingu posted:Untrustworthy if anything. Also people at the other company might not know the applicant is looking for jobs Yeh that would be bad if my friend was working at the applicant's current place of work.
|
|
#
?
Mar 4, 2021 22:11
|
|
|
droll posted:HR don't know who my friends are and where they work/worked. They know what companies the applicant worked for and are surely asking them about them.
|
|
#
?
Mar 4, 2021 22:11
|
|
|
droll posted:Is looking at the applicant's LinkedIn, noticing they worked at a company where I know someone, and asking that someone I know about the applicant, gross/bad? I mean, even if this doesn't violate the applicant's privacy, it sounds like a great way to perpetuate one of the many established cliques of tech, so probably don't do it? Edited to remove sexist phrasing Absurd Alhazred fucked around with this message at 22:28 on Mar 4, 2021 |
|
#
?
Mar 4, 2021 22:15
|
|
|
droll posted:Is looking at the applicant's LinkedIn, noticing they worked at a company where I know someone, and asking that someone I know about the applicant, gross/bad? No. An example what is gross and uncool is to take the email address that is presenting in the resume and checking across the internet to see what that email is registered for. Gross looking at their social media to figure out the things they are into. Gross is trying to figure out their reddit account based on similar usernames on their social media handles and finding out they have a panty hose fetish. It became known to me as one of my sr guys alerted me to the fact that a potential candidate had a blog from 2012 with some vial stuff on it. gently caress that sucks and the content was really REALLY bad. When I pressed him how he found this he went down the entire long rabbit hole and I wanted to vomit. My predecessor apparently had sanctioned this type of thing in the past and he thought I was going to praise him for his hard work. You can't foster this type of behavior at all. Promoting this level of snooping means that your company employees are going to get the same treatment eventually and nobody wants that. The snooping only escalates if it goes unchecked.
|
|
#
?
Mar 4, 2021 22:17
|
|
|
We actually went through this with one of our IT techs I asked a guy at his last place who I went to Uni with what he was like. He gave him a not great review because he worked on the night team. Im so loving glad I didnt listen to that guy and its the last time ill ever do that
|
|
|
#
?
Mar 4, 2021 22:19
|
|
|
Absurd Alhazred posted:I mean, even if this doesn't violate the applicant's privacy, it sounds like a great way to perpetuate one of the many old boy's clubs of tech, so probably don't do it? I am neither old nor a boy FYI. Please don't make assumptions like that, that's actually gross. Sickening posted:No. An example what is gross and uncool is to take the email address that is presenting in the resume and checking across the internet to see what that email is registered for. Gross looking at their social media to figure out the things they are into. Gross is trying to figure out their reddit account based on similar usernames on their social media handles and finding out they have a panty hose fetish. Woah that is way more hosed up than I envisioned. droll fucked around with this message at 22:28 on Mar 4, 2021 |
|
#
?
Mar 4, 2021 22:23
|
|
|
droll posted:I am neither old nor a boy FYI. Please don't make assumptions like that, that's actually gross. Fair enough, edited.
|
|
#
?
Mar 4, 2021 22:27
|
|
|
Defenestrategy posted:As part of my role as infosec guy, I've been tasked with doing "employee education", and so every two months I've been putting out a short company newsletter that has broad stroke significant company affecting infosec event summaries, such as successful phishing attempts on employees, or foreign IP logins,etc as well as a "infosec tip of the day" kind of thing where it outlines a thing to be slightly safer, like enabling MFA or signing emails with PGP, stuff like that. It might be more useful if you can find subjects that people will care about. Just this week our IT sec did presentation where they told about a recent small scale phishing campaign that snared about a dozen people. Instead of immediately using their accounts for spamming as usual, the phishers waited until near the payday, logged in to our SAP HR system and changed the bank account numbers. People started asking questions when their pay euros were no where to be seen. Beside the multitude of organisational failures that this was possible, this is the best example why you should not get phished that I have seen.
|
|
#
?
Mar 5, 2021 02:42
|
|
|
Mr. Crow posted:Isn't that de jure what HR is already doing I don’t know that I’ve been anywhere that HR has by written policy backchannelled people, though it happens de facto quite a bit for more senior candidates. What does the policy say to do to find these connections or to do if none are found? (I don’t love the practice, I have to say, even though it has generally worked to my advantage as a candidate.)
|
|
#
?
Mar 7, 2021 15:55
|
|
|
.
Sheep fucked around with this message at 18:47 on Mar 7, 2021 |
|
#
?
Mar 7, 2021 18:37
|
|
|
God drat, infosec people are like their own worse enemy. We have a single dumb alert, literally just suspected Adware on a Mac host. The detection is all messed up but it keeps quarantining these files on a developers computer. We know the detection is wrong but everyone is to chickenshit to sign off on marking this as a false positive so we can update our detection rules and let the user actually work. This isnt even something new, we've seen it before, our rules just suck for MacOS. Instead of just fixing it for the user though everyone cowers behind the vendor until they make some fix in the next update.
|
|
#
?
Mar 8, 2021 19:11
|
|
|
Y'all should hire a vCISO to approve it
|
|
#
?
Mar 8, 2021 20:33
|
|
|
droll posted:Y'all should hire a vCISO to approve it Hire me, i will approve it!
|
|
#
?
Mar 8, 2021 23:24
|
|
|
I hate Alice and Bob
|
|
#
?
Mar 9, 2021 00:58
|
|
|
What’s everyone’s favorite cryptography character? Big fan of Trudy myself
|
|
#
?
Mar 9, 2021 04:15
|
|
|
Tryzzub posted:What?s everyone?s favorite cryptography character? Big fan of Trudy myself 
|
|
#
?
Mar 9, 2021 07:30
|
|
|
Martytoof posted:I hate Alice and Bob I hate them and their loving paint
|
|
#
?
Mar 9, 2021 08:26
|
|
|
Everyone knows Eve is the coolest
|
|
#
?
Mar 9, 2021 08:50
|
|
|
Cool little reverse shell generator: https://www.revshells.com/
|
|
#
?
Mar 9, 2021 17:08
|
|
|
|
| # ? Apr 20, 2024 01:07 |
|
|
Hello everyone! Just a quick note to help out the folks who browse by bookmarks. We've started a SH/SC feedback thread and would love it if you stopped by to say hi and let us know what you think. https://forums.somethingawful.com/showthread.php?threadid=3961558
|
|
#
?
Mar 9, 2021 18:34
|
|