|
orange sky posted:I hope that is not as serious as it sounds. I'm no expert, but the paper is out: https://lirias.kuleuven.be/bitstream/123456789/547640/1/usenix2016-wifi.pdf And it does look serious, very possibly "replace all your APs" serious.
|
#
¿
Oct 15, 2017 22:13
|
|
|
|
| # ¿ Apr 24, 2024 11:42 |
|
|
The only reason their system hasn't been hacked to death is that several black hat groups own the whole thing and keep it going to have live access to a telco's systems.
|
|
#
¿
Apr 7, 2018 03:10
|
|
|
Maneki Neko posted:I've seen some rumblings of proof of concept vulnerabilities out there for the big ol' RDP bug that was patched recently, anyone seen anything public? https://github.com/zerosum0x0/CVE-2019-0708 My group just spent about three weeks going building by building, floor by floor, lab by lab. First I patched several hundred machines remotely. Then got allocated resources and deadlines based on the 1900 odd machines we knew would be vulnerable to this. Then we hit the labs and started discovering machines we hadn't known about. Then the list grew to 3200+ systems and management started wondering why we weren't done yet. We have enough machines that are still on the network but we have no idea of their physical location that we might actually be able to sell using the exploit with the patch as payload. That involves level of approval not located on this continent, so we'll probably have to start banning MAC addresses and waiting to see who screams. Ranter posted:Apparently Google is being sued due to the 'someone has signed into your account' false positive that triggered thousands of people-hours in various company security teams? Apparently Roche freaked the gently caress out, and they're huge. That explains a couple of things I wasn't paying attention to due to BlueKeep remediation. mllaneza fucked around with this message at 09:18 on Jun 8, 2019 |
|
#
¿
Jun 8, 2019 09:14
|
|
|
Ranter posted:scientists and research assistants are notorious for buying lab instruments that come with rando win7 machines 'thrown in' on the $100,000+ equipment order and not telling IT. Then they use USB flash drives to transfer the data to their machine for analysis. Then they ask service desk for help 18 months later when the machine shits the bed and its 'urgent'. We finally put a process in place, capex purchases with computers included go through an approval process including "did you check the warehouse to see if we already had one of these" and "can the vendor install the software on one of our standard machines." I did our gowning training and am now privileged to request access to many more rooms and areas. So far I've gotten into three labs run by people who didn't want to approve unescorted access for various reasons; like using weird chemicals that require a non-standard gowning/de-gowning process, or "has hundreds of gallons of liquid nitrogen in the room". That brings us down to 331 systems "not found". Decades of "our oversight, unlike our funding, is limited" is coming to an end.
|
|
#
¿
Jun 12, 2019 17:56
|
|
|
How's ansible-vault for practical use within ansible/our Linux infrastructure ?
|
|
#
¿
Jul 23, 2019 16:28
|
|
|
gourdcaptain posted:Frustratingly, one of them is the bank I use. Don't expect them to ever get it right.
|
|
#
¿
Jul 25, 2019 08:21
|
|
|
CommieGIR posted:Honestly, Windows Defender is getting really good, I find it hard to need any other solution right now. That and an ad-blocker will keep you safe so long as you stay out of the danker corners of the web.
|
|
#
¿
Aug 9, 2019 04:21
|
|
|
The Iron Rose posted:What's the actual usecase for 32bit Win 10 at this point anyways? We had an instrument vendor tell us that their software didn't really support Win10, but they could usually get it running on 32-bit Win 10. So I tried to get a machine set up with a 32-bit LTSC image. It turns out that HP doesn't do 32-bit Win 10 drivers any more, so we had to have them set up a system. Usually we hate vendor machines, but we had no choice here.
|
|
#
¿
Sep 29, 2019 02:28
|
|
|
Internet Savant posted:It sucks. But the instrument vendors really really want to sell you new software and a computer at a 100 percent markup. I've got a kvm project in the works, but that comes after the "remediate everything !" thing we have going on with the research infrastructure. Building by building, floor by floor, lab by lab, computer by computer. We have about 800 machines to go, and three weeks. I just wish instrument vendors would target a VM instead of whatever hardware they picked up at Costco. Win 10 is honestly asking a lot from too many of our vendors, never mind researchers who have a toolchain that works and don't want to gently caress with the PC and software version they're using. We have a path to nothing unsupported on the network, it's just that a lot of it sucks, and the part where I get to boost my resume isn't formally scheduled yet.
|
|
#
¿
Nov 3, 2019 10:38
|
|
|
Volmarias posted:The idea is that you're not putting out garbage that you wouldn't use yourself. What baffles me is, Microsoft's internal system administrators have physical access to the developers who wrote this poo poo. How are there not constant stories about screaming matches in the cafeteria between the people who have to run Windows, and the people who wrote it ?
|
|
#
¿
Mar 13, 2020 01:56
|
|
|
D. Ebdrup posted:VERY VERY FRIGHTENING! Right ? 
|
|
#
¿
May 16, 2020 08:28
|
|
|
CyberPingu posted:Zoom is no worse than any other conferencing system I've found so far. It's just at the moment they are in the spotlight as everyone and their dog flocked to them when everyone worked from home. Zoom scaled up from free video chat with some paid options to an enterprise-scale product really fast. They've actually managed to keep up with security features, so that's moderately impressive. Their user experience team is actually good at their jobs. For remote control sessions Zoom whips up on Webex, and Google Meet is stealing features from them. I appreciate attractive, easy t use software so that's a big plus for Zoom in my book. So they're hooked up with Chinese TLAs, state actors aren't really a problem you can do much about if they take an interest.
|
|
#
¿
Jun 23, 2020 00:10
|
|
|
DrDork posted:It certainly confirms something that most of us already assumed about Pharma Cos, at least. Years ago, before the Sunshine Act, I dated the daughter of the Head of Medicine at a major California med school. he made more than the governor. She used to tell me stories about the annual big sales pitch in Carmel, CA. It's a snooty, upscale coastal town and the pharma sales reps basically took the place over for two weeks to schmooze doctors. She'd come back with thousands of dollars in new outfits and stories of fine dining in Michelin rated restaurants. And that's why we have the Sunshine Acts, and we have severe restrictions on comping guests in the cafeteria, and doctors are lucky to get a handful of pens with drug names on them. We do still hire a lot of former cheerleaders as sales reps though; a fit, attractive woman with a bubbly personality can clean up in sales.
|
|
#
¿
Jan 14, 2021 01:41
|
|
|
brains posted:imo this is the only way to actually force anything to change. there have to be business consequences, a tangible impact to the bottom line, to not patching or using basic security practices. until companies are turned into pariahs for stuff like this, there won't be any industry-wide change. My industry has developed a grading system for Enterprise security. It affects your suitability to be a partner or supplier, too low and people won't do business with you. So, finally, we have a business reason coming down from the home office to get rid of the Win7 systems.
|
|
#
¿
Mar 25, 2021 16:00
|
|
|
Achmed Jones posted:it's like that prodigy song, "back your poo poo up" Not empty quoting.
|
|
#
¿
Aug 2, 2021 02:20
|
|
|
navyjack posted:polish the ol’ soft skills. Soft skills are severely underrated in tech fields. Both of my major career breaks came about because I'd made connections on smoke breaks. They resulted in my first full-time IT position, and - God willing and the creeks don't rise - my last. Find the people at work that are doing the jobs you want. Make friends, get job. Beyond just getting the job, soft skills are a huge part of my job. I've got to keep the business happy, I have to help keep the team ticking along, and generally keep up appearances socially around all the departments. I'm at a level where I'm working on GPOs for either thousands of machines, or for FDA-audited machines, and people skills got me the job. I don't see a ceiling above me, so I'm going to say that just simply being able to deal with people will take you from entry level to the C suite, or wherever in between you want to end up.
|
|
#
¿
Aug 29, 2021 09:16
|
|
|
KillHour posted:That's just a standard buffer overflooooh. Oh my. There is no  big enough, that's an amazing hack. I'm an overflow ! I can write to arbitrary memory ! All I can execute is AND, OR, XOR and XNOR I'm Turing complete !
|
|
#
¿
Dec 16, 2021 05:40
|
|
|
KozmoNaut posted:It's heavy-handed and broad, but in this case you actually want to block a whole country. I've done that. Back at the design studio we got floods of spam from hosts in Eastern Europe. I eventually got fed up and blocked, I believe it was, 4.0.0.0/8 to 9.0.0.0/8. That materially reduced the amount of spam we got. I did have to go back an punch out the range containing a client in Finland. And then we switched from on-prem email to GMail and their filters ended our spam problem.
|
|
#
¿
Mar 8, 2022 19:53
|
|
|
Potato Salad posted:give this man a promotion If he'd gotten a live session on an HR Director's machine he might have been able to handle that himself, self-service style.
|
|
#
¿
Apr 17, 2022 07:02
|
|
|
Crime on a Dime posted:Hit and miss. Blocks some stuff, doesn't recognise some malware. The group policy options aren't great. Breaks a specific instrument control app a few hours after every time Windows Defender AV updates virus definitions I didn't believe it until the second time it happened. But here we are.
|
|
#
¿
Nov 6, 2022 10:15
|
|
|
Sickening posted:At this point , the apathy shown leads to me to only two reasonable conclusions. There really is no financial benefit to care or this is just common embezzlement that every company maintains because this is the normal csuite grift. It must be the first one. At $Job-2 I had hired a consultancy to write up some documentation about how to do something tricky with our firewall and the DMZ. They invoiced us before turning over the documentation. Accounts Payable cut them a $2750 check. To nobody's surprise, we never got that documentation. Given that my boss was micromanaging me to keep going back to nitpick and chisel at the contract I don't blame them.
|
|
#
¿
Jan 20, 2023 07:57
|
|
|
jaegerx posted:So basically I find the accounting department. Send them a txt I need 10k in $500 Apple Card’s and it works? My mom is 67 and doesn’t fall for that poo poo At $JOB-1 I hired a network consultancy to document a process for us so I could give customers access to a specific server in our DMZ and only that one box. About halfway through the project, with nothing delivered, they invoiced us for all $2700. Accounts Payable paid them. We did not get the documentation. e. Klyith posted:You'd block the IP / connection, not the account, but it's not worth worrying about because nobody has done door-knock brute-force guessing at the active system for 20 years and that XKCD has been stupid and bad since the day it was posted. Twenty years ? In 2008 I inherited ftp.$COMPANY.com. This was a physical box in the server room, a PPC G4 Mac tower running an old version of OS X and a commercial ftp implementation. Naturally I checked that poo poo out. The logs showed that every night we would get exactly 50 attempts to log in to the Administrateur account from IP addresses in Central Europe, mostly in France. They came in over about half an hour, so it wasn't even accidentally a DDOS. Since OS X on a G4 had no exploits in the wild, and the Administrateur account did not actually exist, I let it go. They were still politely knocking on the door 50 times every night 2 years later when I migrated ftp to AWS. The politest botnet ever. I sometimes think I should have put up a honeypot, but the crappy software it was running wouldn't let me set up an ftp account that would take any arbitrary password. mllaneza fucked around with this message at 08:33 on Jan 22, 2023 |
|
#
¿
Jan 22, 2023 08:18
|
|
|
Shumagorath posted:I can’t believe how much the DoJ has weakened since the 90’s / 00’s such that Alphabet isn’t getting busted up for controlling the #1 browser, ad business, search, and video site. It’s just so utterly poisonous; all four of those products are demonstrably worse for it, and the synergy between two of them is actively pushing society off a cliff only slightly less energetically than Facebook. It doesn't get a lot of attention, but Google has an active antitrust suit against them. https://www.justice.gov/opa/pr/justice-department-sues-google-monopolizing-digital-advertising-technologies
|
|
#
¿
Feb 28, 2023 16:53
|
|
|
Inept posted:Just pay for an account somewhere. You don't want your internet going down to be the reason your parents can't get into their bank account. Or somebody on vacation if you went with a region lock.
|
|
#
¿
Mar 26, 2023 01:36
|
|
|
ShoeFly posted:I pushed for security.txt implementation at all my clients when I was in consulting, most said it wasn’t worth the time. Orgs can’t be bothered to even monitor a simple inbox. sales@example.com always exists I had a fun one this past week. We use Trellix for AV and I caught an escalation for a couple of cases where it was blocking an Excel add-in used by some of our chemists and quarantining anything they opened and some of the executable. I gather some data and put in an AV exclusion request. People restore from quarantine and... no go, macros still won't run. We get hands-on, do some experimentation (we do science here!), and discover that any workbook that had been quarantined is now broken, but files that hand't been are fine. We restore from backup and people get back to doing science. To quote the vendor tech, the software is made up of "obfuscated and encrypted VB macros". If you want the complete and undivided attention of your AV program, that's exactly what you do.
|
|
#
¿
Jun 15, 2023 14:35
|
|
|
cr0y posted:Did something big break? Comcast in Florida.
|
|
#
¿
Jun 17, 2023 17:33
|
|
|
I'm in a weird place as far as relationships with Security go. The product owner for Security Governance gave me PowerShell code to disable the bad kind of TeamViewer that can dial in whenever a vendor wants to touch one of our lab systems. They won't unblock downloads.teamviewer.com, but we can support it in labs where it's part of the support contract for a $BIGBUCKS instrument. The firewall people will deep dive in Splunk to help us diagnose weird network issues, screensharing Splunk sessions live while they're working on it. I have easy catalogue items to update firewall rules or exclude an external host from SSL MITM fuckery with certificates. The people who manage our antivirus solutions will spend hours with us watching the consoles live while we're trying to keep fireeye from breaking janky vendor software. These people are in Europe and about 9 time zones ahead of us, but they'll go live with West Coast US people. I talked them in to creating a Lab Systems exceptions group, and on top of that gave them a list of AD OUs that only contained lab machines to automatically add our stuff to the group with the exceptions. They open tickets with the vendor when AV goes wild on the stuff I support. I send these people internal recognition awards a few times a year. I expected all of these groups to default to "no". They don't, they want the work to get done, and they sincerely believe that they're here to add a layer of safety to the science. I'm blessed and I know it.
|
|
#
¿
Aug 20, 2023 10:03
|
|
|
Defenestrategy posted:is geofencing your network edge worth while? Anecdote time! Back in 2008 I inherited responsibility for an ftp server. It was running a commercial implementation on a PowerMac G4. I figured nobody had an exploit for that and left it alone other than only allowing ftp traffic inbound to it. I was checking the logs one day and noticed something funny. Every night, 50 random IPs in mostly France would each make one attempt to guess the password of the Administrateur account at 5-minute intervals. It didn't have an Administrateur account so I let it be. It was the politest form possible of a brute force attack, and I felt I had to respect that.
|
|
#
¿
Oct 5, 2023 00:56
|
|
|
Prepare two containers the Security team will each draw from. Each container is either Red/Observer or Blue/Observer. Yes, some people will be on both Red and Blue. If you have valuable data, this will come up in real life.
|
|
#
¿
Oct 17, 2023 07:35
|
|
|
Sarern posted:When I see organizations who don't have that kind of contractual language try to get audits of their vendor-provided IT services, most often the vendor simply ignores them or says no. Unless they're desperate to retain the contract, which sometimes happens depending on the relative sizes of the business units involved and the size of the contract. I am
|
|
#
¿
Nov 7, 2023 07:00
|
|
|
CommieGIR posted:A good Security team partners with IT to solve issues. I've got one of those to work with. A couple of weeks ago I had a lab change the password on a generic account they used on all the lab machines. It was also used by some scheduled tasks set to absurd frequencies, so their poo poo was getting locked out on the reg. Yes, you need to copy data to an approved repository, no, every 5 minutes doesn't make sense. I emailed security@example.com and an hour later I had a spreadsheet showing which hosts had generated failed authentication events and how often. We updated the credentials on the scheduled jobs, made the frequency make more sense, and the lab was back to work. Goddamn but I like our security governance people, they want to help us do the core work.
|
|
#
¿
Dec 6, 2023 09:33
|
|
|
CommieGIR posted:Its the best Serial Number - first out the door! Oh serial numbers. We use an in-house inventory system to track hardware lifecycles. And by "in-house" I mean the mothership in Switzerland hired a consultancy to develop it and now we're their only client. Steady money I guess. Anyway, lab systems are almost 100% outside of the normal ecosystem (and for good reason). One of the ways I manage them is with a nice huge database full of hardware details. There are lots of good reasons to pull data out of my DB and flow it into ServiceNow, so I was helpful when that was proposed. The first import caused a minor panic. It turns out that the inventory tool assumes that serial numbers are globally unique.  That's reasonably safe when you only deal with large, established OEMs like Dell and HP. The group I support buys instruments worth six figures that come with PCs to run them. A lot of those are from big companies that get the PCs from Dell or HP. We also buy instruments from startups who are hand assembling them in a suite in an industrial park. A lot of those also build the PC that's going to run the instrument. That means that my database had 35 systems with a serial number of "To be filled by OEM" and 12 more with "123456789". This required some adaptions on the part of the inventory people. The quantities are now 12 and 14. We've gained some, which is.... Not My Concern
|
|
#
¿
Dec 21, 2023 20:05
|
|
|
Subjunctive posted:I worked at a company that had “IT vending machines” with cables, power supplies, phone chargers, headphones, USB keys, keyboards, mice, monitor wipes, etc. The prices were listed, because it made people more thoughtful about what they grabbed, but the employee didn’t pay. They just swiped their badge and the management chain got a roll-up of it as part of the spend reporting every month. I once had IT reach out to me and someone I managed because they got like 20 phone chargers out of a handful of machines on the same day, but she was setting up a test device station so it was legit. Never heard a peep otherwise, and man the amount of time it saved IT… We have vending machines too, they're incredibly convenient. We do have a couple of tickets open with the vendor,. They made some small changes to lane speed, and now if you buy an Apple Magic Keyboard it vends seven and only charges for one. My manager posted in chat that it was a good thing we hire honest, decent people. I didn't have the heart to tell him that we also hire smart people who can figure out what swiping their badge means in this situation.
|
|
#
¿
Jan 10, 2024 02:20
|
|
|
|
| # ¿ Apr 24, 2024 11:42 |
|
|
MustardFacial posted:Maybe just migrate to another VPN appliance at this point. We already had a new one in testing, but Security said YOLO last week and pushed the new appliance on basically no notice. A couple of things are still broken, but it's been relatively smooth.
|
|
#
¿
Feb 8, 2024 00:01
|
|