|
Proteus Jones posted:I doubt you're worse than me. My whole approach: This is generally my approach except that I don't get input from team members because no-one else cares about it.
|
# ? Feb 27, 2019 01:40 |
|
|
# ? Apr 27, 2024 00:31 |
|
Jedi425 posted:What's the attribute called? (When I guessed, I didn't know you'd found it in AD. ) LOL, no, let's just say a publicly readable attribute with a specific name, typically containing text, and certainly not meant for this kind of thing. WTF?
|
# ? Feb 27, 2019 01:56 |
|
AlternateAccount posted:LOL, no, let's just say a publicly readable attribute with a specific name, typically containing text, and certainly not meant for this kind of thing. WTF? Fair enough. My theory was that someone was trying to do some kind of janky user-certificate authentication thing for a Client VPN, which I’ve only ever seen from the Cisco side of the configuration.
|
# ? Feb 27, 2019 03:28 |
|
Can anybody give me some insight into their process, policies, and procedures around approving an application for use within their environment? The business side of the house is working on a project with Samsung, and oh boy does Samsung have some lovely, lovely applications. The latest application I've been asked to review for this project is the Samsung CPCex Portal. We've been requested to use CPCex to facilitate transferring working key material and certificates between the two parties. The PM of this project has been contacting me daily asking if I can green-light this application for use. I have more concerns than I could reasonably list but some of my main gripes are: 1) This is very obviously a legacy application, ActiveX in this year of our lord 2019 2) The documentation is in Korean, and that is all of it. 3) Users must register their endpoints with Samsung 4) If I say "yes" I'm going to have to support this in production and holy poo poo I don't want to do that. The last application I had to review of theirs was Samsung Wormhole and I still have weekly meetings on my calendar for troubleshooting. 5) Seriously, why can't Samsung just use a normal SFTP connection like the rest of our partners. I've voiced my concerns to my teammates and managers and they won't touch this issue with a 10-foot pole. So here I am, asking strangers on the internet how I should be doing my job.
|
# ? Feb 27, 2019 06:08 |
|
CLAM DOWN posted:This field doesn't operate on your hyperbolic assumptions and biases. Yes..... but then you see stuff like this: https://futurism.com/cybersecurity-c-toc-ibm/amp/ taqueso posted:It's the continue code for the last level of Battle Toads NES. It’s already been answered, but just to elaborate, base 64 encodes characters into blocks of four, hence the equal signs for padding to fill out the last block of four. Whenever you see trailing equal signs like that, it’s usually base64 encoded, which can be decoded with Notepad++. I usually see it through attempts to pass prohibited characters through XSS filters, eg <> or /
|
# ? Feb 27, 2019 07:28 |
|
Diametunim posted:Can anybody give me some insight into their process, policies, and procedures around approving an application for use within their environment? The business side of the house is working on a project with Samsung, and oh boy does Samsung have some lovely, lovely applications. The latest application I've been asked to review for this project is the Samsung CPCex Portal. We've been requested to use CPCex to facilitate transferring working key material and certificates between the two parties. The PM of this project has been contacting me daily asking if I can green-light this application for use. I guess my question is, what are the consequences if you push back? Because that's a lot of "gently caress off with that poo poo" in there. If it doesn't matter and they're only looking for a green light and will override your decision anyway, then document the poo poo out of the problems and make sure everyone gets a copy so they're aware of why this is a BAD idea. That way they can't turn around and go "well, you approved this".
|
# ? Feb 27, 2019 13:49 |
|
Samsung software is universally terrible. I wouldn't touch it with a mile-long pole.
|
# ? Feb 27, 2019 18:05 |
|
What CVE scanner are yall running at home? I've just been using nmap --script vuln, but want to update to something more proactive; buddy recommended Qualys Community Edition? I also had bookmarked openvas from a while back but now that I'm looking at it I dunno where I got that or why it's not on the owasp site... anybody use it?
|
# ? Feb 28, 2019 00:29 |
|
Proteus Jones posted:I guess my question is, what are the consequences if you push back? Because that's a lot of "gently caress off with that poo poo" in there. "I cannot in good conscience approve this application for production use on our domain. You may wish to find another engineer who is more willing to take ownership of the risks associated with this."
|
# ? Feb 28, 2019 00:36 |
|
Mr. Crow posted:What CVE scanner are yall running at home? I've just been using nmap --script vuln, but want to update to something more proactive; buddy recommended Qualys Community Edition? Nessus Home and OpenVAS. Nessus is obviously a bit more user friendly. You will find different vuln scanners yield different results so I find it better to use both.
|
# ? Feb 28, 2019 13:22 |
|
Mr. Crow posted:What CVE scanner are yall running at home? I've just been using nmap --script vuln, but want to update to something more proactive; buddy recommended Qualys Community Edition? While I know you're talking about home, something I do want to let everyone know is if you work in an environment that has industrial control equipment, you should never use Nmap or any other vulnerability scanning tool against your real-time equipment. There are stories of people doing this and then having devices seize up two-days later due to some weird memory exhaustion or race condition bug being triggered. Just advice from the trenches of working in an esoteric world like I have been in. 🙃
|
# ? Feb 28, 2019 15:24 |
Lain Iwakura posted:While I know you're talking about home, something I do want to let everyone know is if you work in an environment that has industrial control equipment, you should never use Nmap or any other vulnerability scanning tool against your real-time equipment. There are stories of people doing this and then having devices seize up two-days later due to some weird memory exhaustion or race condition bug being triggered.
|
|
# ? Feb 28, 2019 18:53 |
|
D. Ebdrup posted:It's mind-boggling just how poorly written these critical infrastructure systems can be. Almost as if there's no liability like there is in every other employment field that deals with critical infrastructure. there are perma-starred searches on shodan.io of things like "here's everything running this certain software built for managing power delivery" and its all like, 'we are so hosed as a country' other countries have the same issue... its just they use different software people here do not know much about
|
# ? Feb 28, 2019 19:22 |
|
Azure Sentinel https://azure.microsoft.com/en-us/blog/introducing-microsoft-azure-sentinel-intelligent-security-analytics-for-your-entire-enterprise/
|
# ? Feb 28, 2019 20:48 |
|
The Fool posted:Azure Sentinel Hmmm this doesn't sound half bad.
|
# ? Feb 28, 2019 22:31 |
|
Free to beta test!
|
# ? Feb 28, 2019 23:07 |
|
|
# ? Feb 28, 2019 23:32 |
|
This is a good overview https://docs.microsoft.com/en-gb/azure/sentinel/connect-data-sources
|
# ? Feb 28, 2019 23:34 |
|
I saw one earlier this year that searched out other miners by name, killed their process id one by one, and then did some other fun stuff like check system utilization and only run below a certain threshold. I’ll see if I can dig it up, that was just great in so many ways. Diva Cupcake posted:Nessus Home and OpenVAS. Nessus is obviously a bit more user friendly. OpenVAS and Nmap are the two I see most frequently being used on a day to day basis. Golismero is a handy interface for launching OpenVAS and generating reports if you have a Kali VM.
|
# ? Mar 1, 2019 12:11 |
OSU_Matthew posted:I saw one earlier this year that searched out other miners by name, killed their process id one by one, and then did some other fun stuff like check system utilization and only run below a certain threshold. I’ll see if I can dig it up, that was just great in so many ways. To address what you said, though: on any FreeBSD system I'm root on, I don't permit any process, jail, user, or login class to run without an rctl(8) rule specified for it. I would assume that Linux has something similar.
|
|
# ? Mar 1, 2019 16:12 |
|
I'm not sure what you're responding to, but 194.108.44.53:8161 is what's in the host header. ASCII numbers are themselves plus 0x30.
|
# ? Mar 1, 2019 17:10 |
|
D. Ebdrup posted:You may wanna pay a little attention to what's blanked and what isn't blanked. Or not. It's not as if hexidecimals can be translated into IPs or anything like that. Trend Micro certainly doesn't seem to think so. I’m seeing a pcap containing a
|
# ? Mar 1, 2019 21:34 |
OSU_Matthew posted:I’m seeing a pcap containing a
|
|
# ? Mar 1, 2019 21:58 |
|
They blurred out the hex in the actual report. I like that it checks netstat for other specific ip's though, to kill the process. It's like they got a personal grudge w/ other rear end in a top hat miners. Also no worries, I'm certainly brain damaged from writing dsl compilers by now
dougdrums fucked around with this message at 22:57 on Mar 1, 2019 |
# ? Mar 1, 2019 22:54 |
|
If Microsoft can flesh out this Sentinel siem with tons of preconfigured alarms and responses integration with ATP info, hell, more power to 'em.
|
# ? Mar 3, 2019 03:37 |
|
https://www.pcgamer.com/juggling-passwords-is-a-chore-and-soon-you-might-not-have-to/ Thoughts? Is biometric verification a valid replacement for passwords?
|
# ? Mar 4, 2019 21:09 |
|
If you're going to use a single authentication method, passswords are among the worst you can use.
|
# ? Mar 4, 2019 21:13 |
|
biometrics? no, you can't revoke or stop it being cloned now passwordless auth has its applications if you have a trustworthy way to communicate with the client, but keep in mind it's just shifting the auth flow. it's not a replacement for multi-factor auth.
|
# ? Mar 4, 2019 21:16 |
|
Cup Runneth Over posted:https://www.pcgamer.com/juggling-passwords-is-a-chore-and-soon-you-might-not-have-to/ Biometrics are usernames, not passwords.
|
# ? Mar 4, 2019 21:18 |
|
Wiggly Wayne DDS posted:biometrics? no, you can't revoke or stop it being cloned Fair: quote:The WebAuthn API allows users to log into websites using biometric security measures, such as fingerprint scanning or facial recognition. It can also be used with FIDO security keys that plug into USB ports, and mobile devices such as smartphones to verify a user's identity. Sounds like a smart person would use FIDO keys or smartphone verification rather than biometrics.
|
# ? Mar 4, 2019 21:20 |
|
Cup Runneth Over posted:https://www.pcgamer.com/juggling-passwords-is-a-chore-and-soon-you-might-not-have-to/ PC Gamer is not the best place to get your security news. The idea isn't to use biometrics as passwords directly. Instead, you have a strong token you persist onto some secure device - a U2F device, secure enclave in some larger system, etc. Then, you use biometrics to authenticate yourself to the device, which then goes through a mutual authentication process with the website. The end result is that, to log in, you need to have an enrolled device in your possession, that in turn needs to see your biometric identifier before it will do anything. Somebody with only a perfect image of your fingerprint/retina/whatever won't be able to do anything with it, because they don't have the device that actually has the token. Somebody who pickpockets your device won't be able to do anything with it, barring hardware level insecurity, because they need your biometric identifier to unlock the device. And, a phisher won't be able to trick you into revealing your token, because the device needs to see proof that the system asking for the token is the one that issued it in the first place. There are a lot of places where weaknesses might theoretically crop up, but the system is way, way better than a username/password combo. e: I should point out that this is a simplified version of what's actually going on, which is actually based around key exchange. But the core idea remains the same: you use biometrics to authenticate yourself to a device that then has the knowledge to do mutual auth with whoever you're talking to. Space Gopher fucked around with this message at 21:50 on Mar 4, 2019 |
# ? Mar 4, 2019 21:44 |
|
Space Gopher posted:PC Gamer is not the best place to get your security news. It's not where I get my security news. It's where I get my PC gaming news. It is also where I first heard of this authentication standard.
|
# ? Mar 4, 2019 21:54 |
|
it sounds like where you get your security news op
|
# ? Mar 4, 2019 21:58 |
|
MFA everything everywhere
|
# ? Mar 4, 2019 22:19 |
|
Wiggly Wayne DDS posted:it sounds like where you get your security news op Take that up with their editorial staff I get my security news from the industry people that have been recommended in the thread
|
# ? Mar 4, 2019 22:29 |
|
CLAM DOWN posted:MFA everything everywhere We've e-mailed you a security code. Please enter it to continue.
|
# ? Mar 5, 2019 08:56 |
|
Methylethylaldehyde posted:"I cannot in good conscience approve this application for production use on our domain. You may wish to find another engineer who is more willing to take ownership of the risks associated with this." This. Cover your rear end. I'm curious what has transpired in the intervening days between this comment and now.
|
# ? Mar 5, 2019 13:59 |
Hooray: SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks.
|
|
# ? Mar 5, 2019 14:05 |
|
Nalin posted:We've e-mailed you a security code. Please enter it to continue.
|
# ? Mar 5, 2019 20:51 |
|
|
# ? Apr 27, 2024 00:31 |
|
If you or a loved one experience side-effects such as an exploding brain, some forms of 2FA may not be right for you. Please consult your doctor.
|
# ? Mar 5, 2019 21:09 |