|
it's irresponsible to say random baseless poo poo because "it's possible"
|
#
?
Jul 7, 2021 06:14
|
|
|
|
| # ? Apr 28, 2024 22:03 |
|
|
Achmed Jones posted:it's irresponsible to say random baseless poo poo because "it's possible" Talk about over reaction. I don’t think that post is unreasonable at all. No need to defend this companies honor when someone makes some blanket guesses what could have happened.
|
|
#
?
Jul 7, 2021 06:18
|
|
|
I mean, there are basically 3 things that could have happened. 1) they got hacked, info got found. I think this least likely because there would have been more than just this 2) someone in one of the two group that were working on it(kaseya or the infosec group) leaked it 3) the hackers discovered the vuln independently human nature tells me it was 2, but they will claim it was 3 so they don't have to dig for a leak
|
|
#
?
Jul 7, 2021 06:20
|
|
|
Achmed Jones posted:it's irresponsible to say random baseless poo poo because "it's possible" 
|
|
#
?
Jul 7, 2021 06:43
|
|
|
Maneki Neko posted:In further fun MSP news a Microsoft CSP reseller got compromised over the weekend too. A CSP reseller sells Office 365/Azure to MSPs (which in turn resell it to their customers) that are too small to deal with Microsoft directly and gets delegated admin to every tenant they provide licensing to. Im a one-person consulting company and I signed up to office365 and azure (separately) just by filling out some forms and putting in my credit card details. I’ve never understood the need for the o365/azure reselling industry (and now I find out there’s 2 levels of resellers) cos anyone can just sign up directly on a website. Is this something for where companies operate with purchase orders and weird admin overhead and can’t just put in the bosses company credit card number? Large enough to have admin but not large enough to deal directly with MS?
|
|
#
?
Jul 7, 2021 06:58
|
|
|
beuges posted:Im a one-person consulting company and I signed up to office365 and azure (separately) just by filling out some forms and putting in my credit card details. I’ve never understood the need for the o365/azure reselling industry (and now I find out there’s 2 levels of resellers) cos anyone can just sign up directly on a website. Is this something for where companies operate with purchase orders and weird admin overhead and can’t just put in the bosses company credit card number? Large enough to have admin but not large enough to deal directly with MS? I think the salesmen are gonna be telling their customers that such a block exists, and/or are offering to manage/provide expertise I know my company theoretically resells AWS, and the value add is that we manage it to some degree
|
|
#
?
Jul 7, 2021 07:01
|
|
|
beuges posted:Im a one-person consulting company and I signed up to office365 and azure (separately) just by filling out some forms and putting in my credit card details. I’ve never understood the need for the o365/azure reselling industry (and now I find out there’s 2 levels of resellers) cos anyone can just sign up directly on a website. Is this something for where companies operate with purchase orders and weird admin overhead and can’t just put in the bosses company credit card number? Large enough to have admin but not large enough to deal directly with MS? Bulk discounts that are partially split between the reseller and the end customer, perhaps?
|
|
#
?
Jul 7, 2021 12:04
|
|
|
CSP lets resellers make margin, so instead of paying Microsoft $x per month for your licensing, you can pay the same amount to a reseller but they will help you out when you need assistance because they're now making money off the deal. CSP licenses are also all pro-rated to the day, so there's no annual commitment to get the advertised pricing which actually makes it quite a lot cheaper if you need the flexibility of changing licence counts down as well as up more than once a year.
|
|
#
?
Jul 7, 2021 12:11
|
|
|
Internet Explorer posted:New write up by Ars is pretty good. Yeah this is exactly the type of article I was looking for, thanks!
|
|
#
?
Jul 7, 2021 13:40
|
|
|
Thanks Ants posted:CSP lets resellers make margin, so instead of paying Microsoft $x per month for your licensing, you can pay the same amount to a reseller but they will help you out when you need assistance because they're now making money off the deal. CSP licenses are also all pro-rated to the day, so there's no annual commitment to get the advertised pricing which actually makes it quite a lot cheaper if you need the flexibility of changing licence counts down as well as up more than once a year. That plus the number of companies that just have issues dealing with purchasing on credit cards is astounding because they have no other way of keeping control of their spending. (ie: accounting departments get to audit invoices before paying them)
|
|
#
?
Jul 7, 2021 14:45
|
|
|
Our AWS bill is above the daily spending limit on our corporate card, so every month the charge is declined. Then someone in finance has to call and set up a split payment. Every loving month. We've been asking AWS to please set up a different way to pay, and they just are not motivated to do anything different.
|
|
#
?
Jul 7, 2021 15:00
|
|
|
Guy Axlerod posted:Our AWS bill is above the daily spending limit on our corporate card, so every month the charge is declined. Then someone in finance has to call and set up a split payment. Every loving month. We've been asking AWS to please set up a different way to pay, and they just are not motivated to do anything different. Setup direct debit or paying by invoice? https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-debit.html
|
|
#
?
Jul 7, 2021 15:16
|
|
|
Jeoh posted:Setup direct debit or paying by invoice? https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-debit.html Yeah, we had tried setting up the payment by invoice and it just never happened. I wasn't directly involved but our account managers have been less than useful in the past.
|
|
#
?
Jul 7, 2021 15:36
|
|
|
I mean, "it just never happened" is a bit of a cop out for such an easy thing. And it doesn't require your account manager. I'm not surprised AWS didn't bend over backwards for your esoteric credit card payment scenario. And to bring this back to infosec instead of random credit card chat, if you guys can't get your poo poo straight to handle this, I worry what you are doing with the rest of your infrastructure.
|
|
#
?
Jul 7, 2021 15:40
|
|
|
I thought aws invoicing required a massive spend or a reseller in the middle.
|
|
#
?
Jul 7, 2021 16:01
|
|
|
Guy Axlerod posted:Our AWS bill is above the daily spending limit on our corporate card, so every month the charge is declined. Then someone in finance has to call and set up a split payment. Every loving month. We've been asking AWS to please set up a different way to pay, and they just are not motivated to do anything different. My first question here is why Finance hasn't called the bank to bump the spending limit to eliminate that issue. AWS accepts ACH / SEPA direct debits as well as credit cards, so this seems more like a lazy / hemmed in by their own stupid policies Finance department. Internet Explorer posted:And to bring this back to infosec instead of random credit card chat, if you guys can't get your poo poo straight to handle this, I worry what you are doing with the rest of your infrastructure. Letting the MSPs handle it, obviously.
|
|
#
?
Jul 7, 2021 16:02
|
|
|
Yeah, you wouldn't be wrong on either count.DrDork posted:My first question here is why Finance hasn't called the bank to bump the spending limit to eliminate that issue. gently caress if I know on that either.
|
|
#
?
Jul 7, 2021 16:02
|
|
|
If there isn't some kind of motto like "finance is infosec, HR is infosec", etc, there should be.
|
|
#
?
Jul 7, 2021 16:19
|
|
|
Absurd Alhazred posted:If there isn't some kind of motto like "finance fucks infosec, HR fucks infosec", etc, there should be. Fixed for reality.
|
|
#
?
Jul 7, 2021 16:41
|
|
|
droll posted:I thought aws invoicing required a massive spend or a reseller in the middle. It sure does. The amount of stupid bullshit that goes on in procurement and AP is incredible, from simple carelessness to services that basically exist to sit on bills and use "we'll pay you on time if you play ball with us, otherwise we'll spam you with requests for backing data that don't even make any sense, enjoy your net-200 payment terms" as leverage to knock a couple of percent off. I normally hate automated-only systems like this, but I can't blame Amazon for noping out until the cost of a dedicated bill collector and procurement-unfucker is a rounding error in the total spend.
|
|
#
?
Jul 7, 2021 18:20
|
|
|
There are businesses that exist to just manage and negotiate your AWS bill for you
|
|
#
?
Jul 7, 2021 18:53
|
|
|
i heard you got AP problems and i feel for you son, i got 99 problems but paying bills aint one
|
|
#
?
Jul 7, 2021 19:05
|
|
|
I work at an enterprise-y Windows shop that relies on a bunch of powershell scripts through a task scheduler platform. Is there any benefit to getting a code signing cert and signing our scripts as a defense in depth way of minimizing blast radius if we are compromised? Aside from malware getting signed by trusted entities, it seems that for powershell especially bypassing any code signing requirements is as easy as an -ExecutionPolicy bypass flag or copy pasting into a console window. So I'm thinking the answer is no, don't waste my time with it, but it's also the case that checking off an auditors checkbox has nonzero benefit for us. So I don't know.
|
|
#
?
Jul 7, 2021 20:05
|
|
|
Happiness Commando posted:I work at an enterprise-y Windows shop that relies on a bunch of powershell scripts through a task scheduler platform. Is there any benefit to getting a code signing cert and signing our scripts as a defense in depth way of minimizing blast radius if we are compromised? common attack in linux is to get around not being able to execute something by just modifying something that someone with the privs will run(like say, a cron script) and code signing should help with that. I don't know if that makes sense in a windows world, tho
|
|
#
?
Jul 7, 2021 20:53
|
|
|
It might work for compiled executables, but for powershell it’s trivial to just change the execution policy
|
|
#
?
Jul 7, 2021 22:34
|
|
|
The Fool posted:It might work for compiled executables, but for powershell it’s trivial to just change the execution policy unix philosophy supremacy
|
|
#
?
Jul 7, 2021 22:36
|
|
|
I wish I could sign my stuff 
|
|
#
?
Jul 7, 2021 22:36
|
|
|
The Fool posted:It might work for compiled executables, but for powershell it’s trivial to just change the execution policy How? The threat it's intended to address is "low privilege compromised account can sneak a malicious script into a place where a higher-privileged account will run it." Execution policies are set on a per-account or per-computer basis, so the low privilege attacker account shouldn't be able to set the execution policy for the high privilege target account - if it has that kind of access, then the target is owned already.
|
|
#
?
Jul 8, 2021 06:17
|
|
|
RFC2324 posted:I wish I could sign my stuff is there a guide to how it is done on PowerShell scripts? my admin who runs our CA offered to cross sign my code signing cert for this if I wanted it
|
|
#
?
Jul 8, 2021 15:30
|
|
|
text editor posted:is there a guide to how it is done on PowerShell scripts? my admin who runs our CA offered to cross sign my code signing cert for this if I wanted it Here's the guide I used last time: https://www.entrust.com/knowledgebase/ssl/how-to-sign-powershell-script-using-domain-trusted-ca-certificate https://twitter.com/KeraRolsen/status/1413142258149326861?s=20 https://twitter.com/josephfcox/status/1413164205000167429?s=20 CommieGIR fucked around with this message at 17:24 on Jul 8, 2021 |
|
#
?
Jul 8, 2021 15:38
|
|
|
Undocumented x86 instructions to control the CPU at the microarchitectural level in modern Intel processors.
|
|
#
?
Jul 9, 2021 09:55
|
|
|
Yo anyone ever had to use dark trace, i do siem monitoring for various companies and recently got set up with this poo poo and its the worst thing I've had to use yet, poo poo looks like the software you get with a gaming mouse, all grey on black with loads of weird graphics designed to impress people who will never actually use I, it's impossible to read and its layed out in the dumbest possible way with everything hidden behind weird icons that mean nothing. So far I've just been avoiding it and sticking to splunk when I can, but I'm gonna need to put some time in eventually and figure out how to actually use it..
|
|
#
?
Jul 9, 2021 20:20
|
|
|
Well you just make a nice dashboard with graphy graphs to display to the idiot CISO who bought it and keep using splunk for actual work.
|
|
#
?
Jul 9, 2021 20:22
|
|
|
Kullik posted:Yo anyone ever had to use dark trace, i do siem monitoring for various companies and recently got set up with this poo poo and its the worst thing I've had to use yet, poo poo looks like the software you get with a gaming mouse, all grey on black with loads of weird graphics designed to impress people who will never actually use I, it's impossible to read and its layed out in the dumbest possible way with everything hidden behind weird icons that mean nothing. Yes, a little. It was almost entirely a waste of time. I asked here a while back and didn't get any bites. I can try to help if you have any specific questions. And yes, the UI is awful. It's a loud product that takes way too much time to set up and babysit.
|
|
#
?
Jul 9, 2021 20:28
|
|
|
Kullik posted:Yo anyone ever had to use dark trace, i do siem monitoring for various companies and recently got set up with this poo poo and its the worst thing I've had to use yet, poo poo looks like the software you get with a gaming mouse, all grey on black with loads of weird graphics designed to impress people who will never actually use I, it's impossible to read and its layed out in the dumbest possible way with everything hidden behind weird icons that mean nothing. Waste of time, its mostly CISO / c-suite fodder rather than actual usable data.
|
|
#
?
Jul 9, 2021 20:40
|
|
|
Kullik posted:Yo anyone ever had to use dark trace, i do siem monitoring for various companies and recently got set up with this poo poo and its the worst thing I've had to use yet, poo poo looks like the software you get with a gaming mouse, all grey on black with loads of weird graphics designed to impress people who will never actually use I, it's impossible to read and its layed out in the dumbest possible way with everything hidden behind weird icons that mean nothing. it's terrible and the less time you spend using it the better imo if you want to impress CEOs and do no real work however, it's great! You could put a screenshot of darktrace in some "leet haxxors" mainstream bullshit movie and it wouldn't look out of place.
|
|
#
?
Jul 9, 2021 21:08
|
|
Cat Army
|
They advertise in The Economist so that should probably tell you their target audience.
|
|
#
?
Jul 9, 2021 21:14
|
|
|
Sri.Theo posted:They advertise in The Economist so that should probably tell you their target audience. "Magic Quadrant!"
|
|
#
?
Jul 9, 2021 21:17
|
|
|
Does anybody actually read The Economist for reasons other than feeling/looking smart? Source: Me in my early 20's
|
|
#
?
Jul 9, 2021 21:55
|
|
|
|
| # ? Apr 28, 2024 22:03 |
|
|
It's just garbage like this for people who think it's possible to separate wider societal impact from economic activity, or that as long as your economy is performing well enough you can just fix all the other problems later https://twitter.com/theeconomist/status/1080893334581923841?lang=en
|
|
#
?
Jul 9, 2021 22:20
|
|