|
|
# ¿ Apr 10, 2017 15:07 |
|
|
# ¿ Apr 26, 2024 18:31 |
|
Double Punctuation posted:I was thinking about hand-pushed vacuums and trying to figure out why they would need a password. I'm getting old. It's not that?
|
# ¿ Apr 10, 2017 21:39 |
|
Solaron posted:https://9to5mac.com/2017/04/20/how-to-spot-a-phishing-attempt-fake-apple-site/ IE won't go to the phishing link. It just says check the spelling and try again. Was it already taken down?
|
# ¿ Apr 25, 2017 16:17 |
|
Fired up an instance of Chrome, and I can paste the link in to there, but it shows it as https://www.xn--80ak6aa92e.com instead of apple. So I guess my users are safe at work. Relatedly unrelated, Chrome's now throwing up a "Your connection is not secure" to users accessing one of our subdomains, because it's mixed http/https, and we're getting a number of tickets and calls about it. I'm stepping on our applications team to fix it, but they say it's not critical, so they'll fix it as they get around to it. The desensitization is going to come back to bite us, I know it.
|
# ¿ Apr 25, 2017 16:34 |
|
What's a good free program to use to encrypt USB sticks being sent through the mail? Security is paramount, but something relatively easy for non-techies to use would be a huge plus.
|
# ¿ Jun 8, 2017 16:20 |
|
The Fool posted:Bitlocker. We don't give out local admin, so the non-techies wouldn't be able to enable it.
|
# ¿ Jun 8, 2017 16:46 |
|
Loving Africa Chaps posted:Could you install 7zip? Oh wow, I didn't realize 7zip did encryption. That's actually perfect then. Thanks!
|
# ¿ Jun 8, 2017 17:04 |
|
Klyith posted:A better question would be why are employees who need to send secure, encrypted data: A) No one gets admin except IT. At all. Ever. We provide network drives for people to store things on, so FDE isn't required because none of that information is local. B) Because it's a file from the municipal government, and their guideline is "No emailing our files, or we'll sue you. Yes you can mail them." The issue arose because the first USB sent out was an encrypted USB, so everything was just on it, but the recipient entered the wrong password enough that the data was wiped. There was no second USB laying around, and no one wanted to drive the hour there and back to pick one up.
|
# ¿ Jun 8, 2017 20:24 |
|
Evis posted:I take it you aren't concerned about attackers with local access? Not particularly. First they'd need to grab someone's account credentials, and then they'd only have access to what that person's permissions give them, and we have Windows' Previous Versions going @ 7am and noon, so a delete rampage isn't terribly effective, and so the only thing they could really do is Exfiltrate data, which the only data we have that's worth exfiltrating is students' personal info such as address or grades, and that's in a web-based program that doesn't have a mass export option. Is it possible something could happen? Yes, absolutely. Is it likely? No, not really. Is it something we've worked to mitigate anyway? You betcha. But with our users, FDE would likely cause more issues than it solves.
|
# ¿ Jun 8, 2017 22:50 |
|
BangersInMyKnickers posted:Cool platitude but SMB2+ is definitely better and FTP permissions are garbage. I think he's referring to the printer being newer, but not better. Because, ya know. Printers.
|
# ¿ Jul 4, 2017 15:23 |
|
Dylan16807 posted:With enough time, and enough dyson spheres. The entire output of the sun can't even count to 2^200 in a thousand years. Congratulations you just ensured the password will be found on the 3rd try.
|
# ¿ Jul 18, 2017 17:15 |
|
CLAM DOWN posted:A dev broke one of our internal tools, and everyone's password field contents, stored in plaintext, was suddenly displaying as the username attribute
|
# ¿ Jul 18, 2017 17:50 |
|
fyallm posted:I failed the CISSP by 3 points. Shoot me in the loving face now
|
# ¿ Sep 12, 2017 18:58 |
|
So, before the hack, why was CCleaner bad? Just placebo software?
|
# ¿ Sep 19, 2017 15:49 |
|
evil_bunnY posted:
Will? Isn't there literally a bill in the House that says "Class action can't do poo poo all" right now?
|
# ¿ Sep 27, 2017 16:29 |
|
Portland Sucks posted:All of my co-workers are screaming bloody murder at Microsoft because the recent security patching fixing the Office code execution vulnerability broke all of their lovely VB scripts that are still using Office 98 OLEDB drivers. A formal letter has been drafted to petition IT to turn off all further updates to our Windows running computers. The answer will be a round of firings of everyone who signed the petition, I hope.
|
# ¿ Oct 23, 2017 16:10 |
|
It works on a locked mac. After the trick has been enabled. Sooooo, don't leave your mac unlocked and you're fine?
|
# ¿ Nov 28, 2017 23:06 |
|
CLAM DOWN posted:I obviously could be, that's just been my understanding. Obviously you're very pro-Applocker, I'm not trying to poo poo on you or anything and it's weird you're referring to me in 3rd person like that, I've just have had an excellent experience with alternate solutions and Applocker isn't really considered sufficient for highly secure enterprises. There’s highly secure enterprises in Vancouver?
|
# ¿ Dec 19, 2017 03:01 |
|
CLAM DOWN posted:Yes sir, I tend to be pretty private/vague when posting stuff about my work (or myself for that matter) publicly on SA, but yup. I just figured y'all were too stoned to bother with security. Maybe after I study more security stuff I should move to Vancou then. Can I crash in your cardboard box?
|
# ¿ Dec 19, 2017 18:43 |
|
CLAM DOWN posted:, like for a security-related job posting, we might get 20 applicants, not a single security cert or previous position. It's a buyer's market! For jobs, not for real estate. Okay, serious questions time: I'm completely self-trained on everything I know. I'm currently studying for Sec+, and then plan to get a couple courses from SANS. My only official experience in IT work is service desk. Once I have those SANS courses, how high up the list would that get me for an interview?
|
# ¿ Dec 19, 2017 19:22 |
|
Sweet. I'm really enjoying security stuff. Not "glamorous" stuff like pen testing or red teams, but setting up an environment that allows users to do what they need, no more, no less, while minimizing risk of data breeches. HIDS and NIDS and all that fun poo poo. It's something I'd like to get in to as my focus. Just don't know what aspect yet. Really appeals to my nit-picky nature.
|
# ¿ Dec 19, 2017 20:06 |
|
EVIL Gibson posted:Seriously, show you want to do well at this job. I know there's a bunch of Canadian goons, and some of those are Alberta goons. Any recommendations for decent groups to join for someone in Edmonton? Virtual or IRL? What was fun is in the Sec+ study guide, the pre-assessment exam I got 65% on, no studying, but I really saw myself going "I know this is the answer, but I don't know why" which gave me a good batch of things to look towards learning.
|
# ¿ Dec 19, 2017 22:49 |
|
ChubbyThePhat posted:My Edmonton infosec group is me and one other guy. You are more than welcome to join our ranks. I will take you up on that offer. Hit me up with the details.
|
# ¿ Dec 21, 2017 00:18 |
|
I think it’s just the adding accounting to the new specialty group. Seems extraordinarily useless.
|
# ¿ Dec 23, 2017 00:17 |
|
Okay, this is bad, I get that. What I don’t get is, if you’re running VMs for private use and there’s no direct connection to the WAN, they’re ostensibly safe, right? I’m just trying to figure out the full scope of how hosed this is.
|
# ¿ Jan 3, 2018 05:04 |
|
The Fool posted:Good write up and fits my understanding of the issue as well. Thanks. Now tomorrow I’m going to grill our infrastructure team on what lives on what physical host. I know our terminal server is in trouble with this.
|
# ¿ Jan 3, 2018 05:10 |
|
Could you pay them to stop making it?
|
# ¿ Jan 9, 2018 01:48 |
|
Volguus posted:What's the consensus here about not allowing pasting into password fields? In my opinion it lowers security by preventing the use of password managers, while bringing nothing to the table. Are there engineers out there that favour this approach towards password fields? I have nothing but contempt for anyone who disables pasting into password fields. Burn them all.
|
# ¿ Jan 16, 2018 00:55 |
|
mewse posted:This is what that screen actually looks like apparently 4 posts up, dude.
|
# ¿ Jan 16, 2018 16:01 |
|
anthonypants posted:The SwiftOnSecurity twitter account is one of those parody accounts where you're supposed to think it's hilarious that a woman could be any good at computers. I thought the joke wasn't "a woman" but "Taylor Swift" specifically? Is that not the case? poo poo.
|
# ¿ Jan 19, 2018 16:23 |
|
Dadbod Apocalypse posted:The “joke” is that it’s a pop star AND that it’s a lol woman, though the emphasis is on the later. As an experiment, replace Taylor Swift with Bruno Mars in your mind. Funnier if it's The Rock. Or Macho Man, but Proteus Jones posted:Yeah, still funny.
|
# ¿ Jan 19, 2018 18:04 |
|
Stick the microSD card in your foreskin. If you don’t have any either by birth or circumcision, borrow someone else’s.
|
# ¿ Jan 24, 2018 05:00 |
|
The Fool posted:We are talking about a service which the entire purpose is to share GPS information. We are talking about a pervasive corporate culture that universally believes your information is theirs to do whatever the gently caress they want with unless you specifically tell them no, and even then you don't have much control or granularity. It's not this one instance, as hilarious as it is, but the complete back-rear end-wards-ness of how companies treat private information as a secondary revenue source.
|
# ¿ Jan 29, 2018 18:59 |
|
AlternateAccount posted:For things that aren't hypercritical, I usually answer security questions as a fictional character. Makes it easier to remember, since I am REAL HUMAN BEAN, and my favorite whatever is subject to change. Hey, that's a good idea. What character do you use?
|
# ¿ Feb 1, 2018 16:56 |
|
Took me reading the post below the linked one to notice that was duffleblog.
|
# ¿ Feb 4, 2018 02:46 |
|
I asked once in a different thread, and don't remember if I got an answer, but since password managers have come up again: Are there any glaring issues with using the iOS password generator and manager? Or subtle issues even.
|
# ¿ Feb 13, 2018 16:16 |
|
Inept posted:Yep the content blockers in iOS work pretty well. I used to VPN to my home network which was running PiHole as another layer of blocking, but I stopped bothering because there are few ads that get through any more. Whoa, iOS has content blockers built in now?
|
# ¿ Feb 16, 2018 21:14 |
|
I'm going to sound like an idiot, but how to use the native one? I've been using a downloaded one called Purify.
|
# ¿ Feb 16, 2018 21:18 |
|
bobfather posted:There's not a native one, just 3rd-party blockers like Purify. By the way, Purify was found to be sort of bad. Consensus has been to use Firefox Focus if you want free, or 1Blocker if you don't mind paying. Thanks for the heads-up. I've been using it for like two years, and I didn't do a ton of research first. I don't mind paying as long as it's not like $20, so I'll look at both.
|
# ¿ Feb 16, 2018 21:38 |
|
|
# ¿ Apr 26, 2024 18:31 |
|
Dylan16807 posted:Sure, I guess, but the comparable sentence for something like low-value identity theft is probably a misdemeanor and actually less than what I was suggesting. UK seems to have 10 years per count for their equivalent of felony identity theft, which this would probably count as. EU regulations are likely tougher, but I can't find specifics. So one count for each person who had this installed on their system.
|
# ¿ Feb 21, 2018 21:05 |