|
Shaggar posted:do security scanners still not take redhate backporting into account and just look at base version number? Nessus definitely takes it into account with few exceptions (they generally revise pretty quickly it if they get it wrong). If your security scanner is just naively looking at mainline version numbers it's probably a trash scanner anyway.
|
# ? Nov 6, 2022 18:33 |
|
|
# ? Apr 28, 2024 17:46 |
|
narrator:
|
# ? Nov 6, 2022 18:35 |
|
Raere posted:Nessus definitely takes it into account with few exceptions (they generally revise pretty quickly it if they get it wrong). If your security scanner is just naively looking at mainline version numbers it's probably a trash scanner anyway. nessus was the one that didnt take it into account last time i used it, but thankfully i havent had to deal with linux poo poo in ages
|
# ? Nov 6, 2022 18:42 |
|
nessus bitcoin mining station
|
# ? Nov 6, 2022 18:53 |
|
fwiw this isn't an automated scanner flagging us, they asked for an inventory of all VMs with the vulnerable version and we told them and said we had applied 3.0.1.-43.el9 or w/e as per the RHSA and they came back with the "not best practice" gem
|
# ? Nov 6, 2022 19:02 |
|
Volmarias posted:What does your heart tell you? I'm the one applying what I believe is best practice, which is to just use what the vendor provides I'm just arguing against the logic of these cybersecurity analysts
|
# ? Nov 6, 2022 19:57 |
|
carry on then posted:fwiw this isn't an automated scanner flagging us, they asked for an inventory of all VMs with the vulnerable version and we told them and said we had applied 3.0.1.-43.el9 or w/e as per the RHSA and they came back with the "not best practice" gem this is a great paper trail to use to justify dropping them later
|
# ? Nov 6, 2022 19:58 |
|
sb hermit posted:this is a great paper trail to use to justify dropping them later why do you think this is a vendor? this is the infosec office.
|
# ? Nov 6, 2022 20:12 |
|
carry on then posted:why do you think this is a vendor? this is the infosec office. then this is a good paper trail to getting the infosec office management fired
|
# ? Nov 6, 2022 20:17 |
|
to be very clear, I'm half shitposting, and half serious I am 100% serious when I say that I don't want to be in your shoes
|
# ? Nov 6, 2022 20:19 |
|
we're going to be deploying some automated version checking poo poo soon, i am so excited
|
# ? Nov 6, 2022 22:03 |
|
Shame Boy posted:we're going to be deploying some automated version checking poo poo soon, i am so excited better start practicing the phrase "no, that's a false positive"
|
# ? Nov 6, 2022 23:06 |
|
Main Paineframe posted:better start practicing the phrase "no, that's a false positive"
|
# ? Nov 6, 2022 23:12 |
|
someone turn that poo poo into a smiley please
|
# ? Nov 6, 2022 23:12 |
|
Shame Boy posted:we're going to be deploying some automated version checking poo poo soon, i am so excited I ran an application repository and users kept submitting updates without changing the version numbers and it got real tiring so we just told them that we'll just bump it internally, silently, and (for real) it never caused any issues
|
# ? Nov 6, 2022 23:16 |
|
sb hermit posted:someone turn that poo poo into a smiley please it'd get so many people banned for anime though
|
# ? Nov 6, 2022 23:31 |
|
Cybernetic Vermin posted:it'd get so many people banned for anime though where do we still ban for anime?
|
# ? Nov 7, 2022 01:23 |
|
i could swear i saw an anime probe from some thread in here within the last few months but like gently caress i'm gonna go dig for it lol
|
# ? Nov 7, 2022 01:38 |
|
RFC2324 posted:where do we still ban for anime? smoka posts a bunch that nobody wants to see then graph probes him for it its just a part of life in the 'pos
|
# ? Nov 7, 2022 01:45 |
|
Sniep posted:smoka posts a bunch that nobody wants to see then graph probes him for it
|
# ? Nov 7, 2022 01:48 |
|
probes her for it
|
# ? Nov 7, 2022 01:48 |
|
I was expecting it to be hbag eating an anime probe, tbh
|
# ? Nov 7, 2022 01:49 |
|
we still have stuff like and no one's been probed for using it yet
|
# ? Nov 7, 2022 01:59 |
|
|
# ? Nov 7, 2022 02:00 |
|
|
# ? Nov 7, 2022 02:03 |
|
|
# ? Nov 7, 2022 02:06 |
|
mystes posted:I think smoka is a girl ok infernal machines posted:probes her for it thanks
|
# ? Nov 7, 2022 03:00 |
|
Shaggar posted:do security scanners still not take redhate backporting into account and just look at base version number? what does your heart tell you best part of cloudflare job was working next to the security team and getting to hear the person we hired specifically for their connections in the security auditor industry moan out loud about some of the less competent vendors flagging poo poo yet another time after they'd called execs at said vendors to explain the mitigations in excruciating detail
|
# ? Nov 7, 2022 05:03 |
|
VSOKUL girl posted:what does your heart tell you my girlfriend works in a food biotech company and for the above reason, unrelated to computers, they have a standard document dated and signed which explains why x and y aren't an issue.
|
# ? Nov 7, 2022 10:01 |
|
my lastpass renewal is coming up and im finally gearing up to ditch this thing. i have an iphone and a pc but I'm kinda leaning towards just going full keychain and just rocking the icloud extension for Chrome/Edge? my wife is extremely not tech savvy but she knows that if anything happens to me she can access my icloud accounts as my emergency contact so that solves a problem. just wondering if you guys have any ~~~thoughts~~~ dpkg chopra fucked around with this message at 05:02 on Nov 8, 2022 |
# ? Nov 8, 2022 04:56 |
|
|
# ? Nov 8, 2022 07:13 |
|
I am planning on getting two yubikey security keys to give to each of my parents so that my parents can use their own key as well as the key of the other to unlock accounts as a 2nd factor. Probably better than right now where it's either SMS or no 2FA at all. And I get the bonus of not buying backup keys for both of them just in case. I might register my emergency yubikey as their backup 2fa on their accounts too, though. Just have to get them on board with actually using the things.
|
# ? Nov 8, 2022 07:15 |
|
dpkg chopra posted:my lastpass renewal is coming up and im finally gearing up to ditch this thing. probably the most I would suggest is what you would do with most disaster plans. Write the recovery plan out in reasonable detail, then test it within reason. this plan could also include the step of "give these steps to a trusted individual to execute with your supervision", which is totally acceptable as long as you have decent friends or relatives or descendants
|
# ? Nov 8, 2022 07:19 |
|
dpkg chopra posted:my lastpass renewal is coming up and im finally gearing up to ditch this thing. i like bitwarden vov
|
# ? Nov 8, 2022 07:24 |
|
dpkg chopra posted:my lastpass renewal is coming up and im finally gearing up to ditch this thing. I would not use iCloud Keychain without at least one Mac tbh iirc there’s a few things from a management perspective that can’t be done from iPhone
|
# ? Nov 8, 2022 07:27 |
|
Buff Hardback posted:I would not use iCloud Keychain without at least one Mac tbh I couldn't access the $30 or so I had in apple cash when my iphone 6s hit the drink until I got a hand-me-down iPhone 7 about three years later
|
# ? Nov 8, 2022 07:45 |
|
while looking into how to export from LastPass to BitWardenquote:Warning I'm sure this won't be a problem dpkg chopra fucked around with this message at 19:18 on Nov 8, 2022 |
# ? Nov 8, 2022 16:02 |
|
is anyone going to Oktane? It’s a total junket conference, which is why I booked flights so I could have most of today and Thursday afternoons evening free to do things around the city. gonna go see the wwII sub hell yeah
|
# ? Nov 8, 2022 17:49 |
|
dpkg chopra posted:while looking into how to export from LastPass to BitWarden lol at the fix
|
# ? Nov 8, 2022 18:45 |
|
|
# ? Apr 28, 2024 17:46 |
|
dpkg chopra posted:while looking into how to export from LastPass to BitWarden I moved from lastpass to bitwarden back when lastpass had their first major security breach, and I didn't have any trouble exporting.
|
# ? Nov 8, 2022 20:42 |