|
cinci zoo sniper posted:my unlimited phone plan costs 14 euro for unlimited data + 15 euro for unlimited voice/text 
|
#
?
Mar 14, 2023 18:38
|
|
|
|
| # ? Apr 18, 2024 20:07 |
|
|
Cold on a Cob posted:is it normal for my it dept to install both crowdstrike and bitdefender on my laptop is this happening under load (applications, whatever) or while nothings running?
|
|
#
?
Mar 14, 2023 18:43
|
|
|
Crime on a Dime posted:is this happening under load (applications, whatever) or while nothings running? both, got a lot worse when I was trying to upgrade git but that makes sense I guess
|
|
#
?
Mar 14, 2023 19:03
|
|
|
the various monitoring and health reporting apps we were forced to install on our servers were like that. real fun losing 50% or more of your server's performance to multiple pieces of poo poo that do nothing.
|
|
#
?
Mar 14, 2023 19:15
|
|
|
Cold on a Cob posted:both, got a lot worse when I was trying to upgrade git but that makes sense I guess devs always after an exception 
|
|
#
?
Mar 14, 2023 19:18
|
|
|
Crime on a Dime posted:devs always after an exception yep and I get them all the time  I’ve never requested they remove endpoint protection on my machine; as long as I get local admin I’m usually fine but looks like I might need new hardware nowanyhow mostly I was just curious if there’s any benefit to running both. either way looks like I need a new machine
|
|
#
?
Mar 14, 2023 20:35
|
|
|
rjmccall posted:not even six figgies I mean on top of my current salary
|
|
#
?
Mar 14, 2023 20:36
|
|
|
Subjunctive posted:huh, I haven’t tested it on other faces, I should try that if my wife is driving and wants me to do something with her phone that is not trivial through carplay, i usually unlock it by covering the bottom half of my face with my hand and trying face id, it works fine since shes sitting next to me, meaning her watch is close by the mitigation of this loose security is your watch notifying you that it was unlocked, letting you press the "lock iphone" button to make the phone require a passcode
|
|
#
?
Mar 14, 2023 20:36
|
|
|
Lysidas posted:if my wife is driving and wants me to do something with her phone that is not trivial through carplay, i usually unlock it by covering the bottom half of my face with my hand and trying face id, it works fine since shes sitting next to me, meaning her watch is close by lmao "this picture of half of someone else's face and a hand is close enough for me I guess"
|
|
#
?
Mar 14, 2023 20:46
|
|
|
i am sincerely regretting having implemented azure information protection for a client dealing with sensitivity labels on documents, and the myriad of sharing options in onedrive is just enough of a divergence from their usual workflow that they absolutely cannot get it right, and they're starting to get pissed off rather than taking the time to learn how it works (we've had multiple demo sessions and done one-on-one training with several of them, no one retains anything). aip was a hard requirement to move them to cloud hosted infrastructure, which they wanted because they have people working across the country and they were getting annoyed with the limitations of the remote access system. now, instead, they're getting annoyed by the workflow changes and it appears everyone but a few of the partners are willing to throw access controls and data security to the wind because no one can remember the steps to do anything for longer than a single work day i'm not sure if there's a lesson here, or a point to this, other than apparently security is impossible, because even if you can make it work, no one wants it.
|
|
#
?
Mar 14, 2023 20:47
|
|
|
infernal machines posted:i am sincerely regretting having implemented azure information protection for a client If this was a greenfield deploy why did you use AIP instead of MIP? AIP isn't natively integrated in sharepoint/onedrive/office but relies on several moving parts to work compared to the mostly transparent MIP.
|
|
#
?
Mar 14, 2023 20:59
|
|
|
that's actually my mistake in the post. we did use mip, the original plan for the project predated mip and was planned around aip, but when it came time to deploy we used purview. the problem isn't mip itself, it's people having to adjust their workflow to accommodate any kind of restrictions. it's two clicks to mark a file so that external clients can interact with it, but you have to remember to do those two clicks. if you don't the client sends you an email saying they can't open the file, it's asking them to sign in, and then you get mad because this is all a waste of your time. actually, the problem is also mip, and onedrive, and 3rd party poo poo like acrobat not interacting well, but those are generally edge cases around the fundamental problem that people do not give a gently caress about the security of the data because they don't think the data needs to be secure, so this is all just making their lives more difficult for no reason. the nature of the work these people do means that any kind of breach/leak would immediately kill their reputation, and would very probably result in huge fines, but until that happens it's not something anyone cares to worry about. infernal machines fucked around with this message at 21:10 on Mar 14, 2023 |
|
#
?
Mar 14, 2023 21:04
|
|
|
Subjunctive posted:huh, I haven’t tested it on other faces, I should try that
|
|
#
?
Mar 14, 2023 21:14
|
|
|
infernal machines posted:i'm not sure if there's a lesson here, or a point to this, other than apparently security is impossible, because even if you can make it work, no one wants it. infernal machines posted:the nature of the work these people do means that any kind of breach/leak would immediately kill their reputation, and would very probably result in huge fines, but until that happens it's not something anyone cares to worry about.
|
|
#
?
Mar 14, 2023 21:16
|
|
|
evil_bunnY posted:Why is this not documented in a way you can rub their faces in it? i'm not sure what you mean. the processes are documented, being able to say they they're documented, refer to the documentation, doesn't actually make people less annoyed or more likely to do it. the justification for the information restrictions, the limitations thereof, and the exceptions already made in the name of expedience are also documented. they don't matter, because every time someone runs into an issue with it, they get mad that it exists at all. evil_bunnY posted:LOL welcome to infosec I guess. It's still hilarious that with MS owning the entire stack it's never, ever smooth sailing. we've worked with this company for 12 years, no one has ever been happy with the way things have been locked down. this was basically done in a hurry because it was discovered that their remote teams were running shadow IT with sensitive information, because they refused to work with the old remote system. individually, these people have worked with government orgs nation wide on all manner of PII and other sensitive information and apparently ours are the most stringent access controls they've experienced. e: and yeah, the MS stack is a joke but mostly for the usual reasons with microsoft. testing in production, rolling releases, and nothing being in the same place across multiple apps for more than a month at a time infernal machines fucked around with this message at 21:28 on Mar 14, 2023 |
|
#
?
Mar 14, 2023 21:20
|
|
|
I do am curious to see how the google equivalent of MIP works, every big google tenant i interacted with had a security stance of "YOLO".
|
|
#
?
Mar 14, 2023 23:13
|
|
|
AIP fuckin sucks dongs (bad)
|
|
#
?
Mar 14, 2023 23:54
|
|
|
it doesn't help that microsoft has had three different versions of information rights management in the last year alone, some of which have been partially depreciated, all of which share names and have overlap in feature sets. to this day there is no complete and accurate documentation for mip/pureview, links within the documentation go to older, different branded irm solutions, and the licensing requirements remain "to be determined" when we implemented things in december, mip wouldn't automatically apply sensitivity labels to pdf files unless you created them in word. the interface said automatic labeling rules would apply to them, they just didn't. then in february, suddenly they did. acrobat theoretically supports them even, except you have to manually push a registry key to get the sensitivity label interface to appear, and because of the way acrobat locks files, onedrive fails to sync files you change the label on, it just silently creates a duplicate file.
|
|
#
?
Mar 15, 2023 00:09
|
|
|
meanwhile over here, if you email someone a link to a document that they don't have access to, you get a little message saying "hey do you want to share this document so the person you're emailing can access it" the power of a sensible integration instead of having two distinct systems that try their best to ignore each other
|
|
#
?
Mar 15, 2023 00:34
|
|
|
mip is supposed to do that! it doesn't, the feature is still in preview, but god willing one day it will. onedrive/sharpoint does it in outlook, but since it has no notion of sensitivity labels, it still lets you share a link the recipient can open but not actually view e: of course, only about half the staff know how to share a link in outlook, the other half still try to attach documents directly, and so there's a spread between "sent a file that's protected and the recipient can't open", "sent a link to a document the recipient doesn't have permission to access", and "sent a link to a document the recipient can access but can't decrypt" there's also the problem of recipient can edit/can view and making sure that the link created has the right setting there too. infernal machines fucked around with this message at 00:41 on Mar 15, 2023 |
|
#
?
Mar 15, 2023 00:36
|
|
|
infernal machines posted:it doesn't help that microsoft has had three different versions of information rights management in the last year alone, some of which have been partially depreciated, all of which share names and have overlap in feature sets. to this day there is no complete and accurate documentation for mip/pureview, links within the documentation go to older, different branded irm solutions, and the licensing requirements remain "to be determined" Purview is maybe their most confusing rebranding yet. Purview.microsoft.com doesn't even go to their purview product. Its like a simple dns change they never got around to implementing. They also tie a lot of their client dlp preventions into the protected apps service ... which is less than ideal.
|
|
#
?
Mar 15, 2023 03:16
|
|
|
i configured MIP recently for an environment that had to be done according to the australian PSPF standard. right off the bat i discover you can't use colons in sensitivty label names so "OFFICIAL: Sensitive" has to become "OFFICIAL - Sensitive" which doesn't align with the PSPF protective marking standard. also you cant customise the colours you set for each label so that doesnt align with the standard either. good poo poo thanks microsoft. at least i was able to implement the X-Protective-Marking header and [SEC=*] subject line suffix on e-mails properly (mostly)
|
|
#
?
Mar 15, 2023 08:08
|
|
|
lmao someone reported an email from docusign as spam and now all emails from its sender address get black holed into proof point because the security team haven't bothered to review any of their queue yet
|
|
#
?
Mar 15, 2023 10:20
|
|
infernal machines posted:it doesn't help that microsoft has had three different versions of information rights management in the last year alone, some of which have been partially depreciated, all of which share names and have overlap in feature sets. to this day there is no complete and accurate documentation for mip/pureview, links within the documentation go to older, different branded irm solutions, and the licensing requirements remain "to be determined" I thought I was the only person who has ever had to deal with this garbage. Honestly it’s so bad you’re just better off not even using it. Whatever team is responsible for this has got to be one of the worst product teams at Microsoft, its all of their worst practices compressed into a diamond made of absolute poo poo Edit: also it’s in almost the exact state it was in 2020 it sounds like. Wonder if they just fired everyone and forgot to remove any references to it i am a moron fucked around with this message at 00:23 on Mar 16, 2023 |
|
|
#
?
Mar 16, 2023 00:21
|
|
|
infernal machines posted:i am sincerely regretting having implemented azure information protection for a client With the mention of "partners".... If this is legal, why not use something like NetDocuments or iManage (now that the latter has a cloud offering) for document management? Access controls are built in, if someone doesn't have permission on a matter, they don't even see it as an option. Not a shill, just someone who saw those pretty regularly working at a legal-industry-specific "outsourced t1 support" call center. [Snipped: a bunch of mostly unrelated rambling about that job that I realized after I wrote it wasn't important]
|
|
#
?
Mar 16, 2023 05:07
|
|
|
it's not a law firm, but a few of the partners are former lawyers. they have not had/used a proper document management solution before, and mip/sharepoint is basically the the closest they've ever been to that they have access controls and always have, but they're broad and there is enough overlap and collaboration between teams than only some things are really locked down. beyond that, they're primarily remote/WFH and the concern is still files taking a walk on them and ending up elsewhere. the pitch for mip was the files themselves still work in office, etc. the way you're used to, but it's trivial to revoke access, and having sent or copied the file doesn't matter so much because it's still tied to the drm solution. the friction comes from having files classified properly/automatically, and remembering when those classifications need to change because you're sending something to an external recipient intentionally. infernal machines fucked around with this message at 13:27 on Mar 16, 2023 |
|
#
?
Mar 16, 2023 13:20
|
|
|
infernal machines posted:the friction comes from having files classified properly/automatically, and remembering when those classifications need to change because you're sending something to an external recipient intentionally.
|
|
#
?
Mar 16, 2023 14:32
|
|
|
it would be, which is no doubt why it's been sitting in preview for three months
|
|
#
?
Mar 16, 2023 15:57
|
|
|
christ I've been trying to get our legal people to either a) use anything at all or b) upgrade off the ancient version of stuff some of them do have but most of all c) stop using network shares for dumping files into because who knows what's in there my tip for doing this with an actual dms ia"absolutely do not let people change permissions on content in the DMS itself". make them go through some wrapper on an API so you can control and log/view it else you end up with 10000 folders/cabinets with 9000 different permission sets
|
|
#
?
Mar 16, 2023 23:11
|
|
|
Powerful Two-Hander posted:christ I've been trying to get our legal people to either a) use anything at all or b) upgrade off the ancient version of stuff some of them do have but most of all c) stop using network shares for dumping files into because who knows what's in there folders and cabinets are the past the future is asking the AI for the document and it'll just hallucinate whatever you need as long as the file is stored *somewhere*, you will always have access to some form of it or at least its core ideas and tenets
|
|
#
?
Mar 17, 2023 03:03
|
|
|
Lysidas posted:if my wife is driving and wants me to do something with her phone that is not trivial through carplay, i usually unlock it by covering the bottom half of my face with my hand and trying face id, it works fine since shes sitting next to me, meaning her watch is close by I like that carplay will let you use a keyboard while driving while android auto requires the parking brake on(not that idiots don't bypass this)
|
|
#
?
Mar 17, 2023 03:35
|
|
|
Celexi posted:I like that carplay will let you use a keyboard while driving while android auto requires the parking brake on(not that idiots don't bypass this) carplay in my hyundai won't give me a keyboard if the car isn't in park.
|
|
#
?
Mar 17, 2023 03:37
|
|
|
Midjack posted:carplay in my hyundai won't give me a keyboard if the car isn't in park. so, it seems s to be up to the car/radio instead ofa standard
|
|
#
?
Mar 17, 2023 03:42
|
|
|
Celexi posted:so, it seems s to be up to the car/radio instead ofa standard likely so. my 2018 honda would give me a keyboard even while moving on both carplay and android auto. i haven't plugged an android into the hyundai yet.
|
|
#
?
Mar 17, 2023 03:45
|
|
|
Samsung basebands apparently have a modern version of the old +++ATH0 trick https://9to5google.com/2023/03/16/google-exynos-modem-vulnerabilities/ https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html quote:Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim’s phone number. With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely. oops. note that the workaround for the affected models is to turn off all voice service available in the US right now (VoLTE and WiFi - UMTS and CDMA are gone)
|
|
#
?
Mar 17, 2023 04:55
|
|
|
hobbesmaster posted:Samsung basebands apparently have a modern version of the old +++ATH0 trick t-mobile still has gsm and umts in some places, the other day I was playing around with bands and I could use my phone fully in edge lol
|
|
#
?
Mar 17, 2023 04:59
|
|
|
ok, it’s more accurate to say that they’re in the “sunset” phase and you are extremely unlikely to hit a 2g/3g AT&T or Verizon tower but sprint/T-Mobile has apparently always kept things around longer
|
|
#
?
Mar 17, 2023 05:07
|
|
|
if you do find a CDMA/EVDO tower then it's prolly the FBI
|
|
#
?
Mar 17, 2023 17:37
|
|
|
as long as their back haul is decent, I’m ok with that
|
|
#
?
Mar 17, 2023 17:43
|
|
|
|
| # ? Apr 18, 2024 20:07 |
|
|
five 911 of uptime 
|
|
#
?
Mar 17, 2023 17:46
|
|