|
|
| # ? Apr 25, 2024 00:15 |
|
|
I sure do like how they can manipulate the stack to their advantage
|
#
?
Apr 20, 2019 05:51
|
|
|
these threads are gonna remain closed until shits sorted
|
|
#
?
Apr 20, 2019 05:52
|
|
|
|
|
#
?
Apr 21, 2019 04:41
|
|
|
IS zone alarm still good?
|
|
#
?
Apr 21, 2019 04:57
|
|
|
Celexi posted:IS zone alarm still good? zonealarm has never been good Edit: Say, mods, now the shitstorm is over, could you edit a link to this thread in the last post of the old thread? Thanks.
|
|
#
?
Apr 21, 2019 07:40
|
|
|
three weeks after moving to my new cybersecurity position and i still have no tasks and no privileges. i don't mind the money but i finished catching up with my shows and i'm bored of sitting at work doing nothing. i have a frosted glass door otherwise i would've brought my switch and did some gaming on company dime lol.
|
|
#
?
Apr 21, 2019 11:48
|
|
|
any of you worked in non-operations infosec? i.e. dealing with risk analysis and policies and poo poo like that? how do you stay engaged?
|
|
#
?
Apr 21, 2019 11:50
|
|
|
I do. It's just run of the mill grc work like you see everywhere, where everyone you speak to still assumes you're configuring firewalls and don't understand why loss of availability would be a risk worth addressing from a security perspective. It's drat hard, nigh impossible to stay engaged.
|
|
#
?
Apr 21, 2019 12:13
|
|
|
Oh and it never really gets any busier than what you're currently doing, for most commercial companies it really is basically a check-the-box-position.
|
|
#
?
Apr 21, 2019 12:14
|
|
|
i guess i better start some side-projects then...
|
|
#
?
Apr 21, 2019 12:23
|
|
|
Shinku ABOOKEN posted:any of you worked in non-operations infosec? i.e. dealing with risk analysis and policies and poo poo like that? how do you stay engaged? I couldn't. Eventually, being surrounded by people who don't actually know how computers work but dictate policy for them starts to eat at your brain and you have to move on.
|
|
#
?
Apr 21, 2019 12:57
|
|
|
Shinku ABOOKEN posted:any of you worked in non-operations infosec? i.e. dealing with risk analysis and policies and poo poo like that? how do you stay engaged? we have a team dedicated to it and it's telling that their hiring pool is "warm bodies that can use word and excel" otoh i do security engineering which is a very different beast but also comes with similar engagement issues around picking and choosing meaningful work in a company where a lot of the security systems are already quite mature
|
|
#
?
Apr 21, 2019 13:01
|
|
|
it’s an incredibly tedious type of work and I wouldn’t recommend it. it does involve talking to people that should work the policies and continuously wondering why they don’t so it’s not just office365 work, but it is a well paying joke of a job regardless
|
|
#
?
Apr 21, 2019 13:09
|
|
|
thank you, based mods
|
|
#
?
Apr 21, 2019 19:07
|
|
|
FungiCap posted:I couldn't. Eventually, being surrounded by people who don't actually know how computers work but dictate policy for them starts to eat at your brain and you have to move on. i ended up welcoming the brain worms. I also argue as much as possible with my idiot coworkers who barely understand networked computers or virtual machines. no your network connection won’t make the server install software faster that’s not how this works Turkish guy no virtual machines are fine old Unix lady it doesn’t matter whether the servers are real or virtual the brain worms are badly in your head
|
|
#
?
Apr 21, 2019 22:41
|
|
|
"Schadenboner" posted:Is 9.9.9.9 good? "The Fool" posted:It's fine as long as you don't mind your dns being run by law enforcement. I don't understand. Quad9 is too stringent with filtering?
|
|
#
?
Apr 21, 2019 23:32
|
|
|
telegram is the one run by cryptocurrency poop touchers and that has the "custom" hand rolled encryption, right? anyone cracked that one yet out of national actors yet?
|
|
#
?
Apr 21, 2019 23:40
|
|
|
Rufus Ping posted:
I think reverse engineering a bot-net that installed a RAT from some infected p2p file, and then took screencaps of users who had it installed. I 'think' that might have been the threshold for locking the thread - couldn't say for sure.
|
|
#
?
Apr 22, 2019 00:40
|
|
|
That was a diff thread and is goldmined
|
|
#
?
Apr 22, 2019 00:57
|
|
|
Something something Nazis something mods
|
|
#
?
Apr 22, 2019 01:11
|
|
|
CmdrRiker posted:I don't understand. Quad9 is too stringent with filtering? No, I mean literally founded by law enforcement. One of the founding members of Quad9 is Global Cyber Alliance, two of the founding members of that organization are the City of London Police and the New York District Attorney. To be honest, I like that organizations like that are behind a service that has the stated purpose of reducing cybercrime for everyone, it shows they are trying to be more proactive. But those two don't exactly have great track records for measured use of surveillance tools.
|
|
#
?
Apr 22, 2019 02:00
|
|
|
SIGSEGV posted:telegram is the one run by cryptocurrency poop touchers and that has the "custom" hand rolled encryption, right? anyone cracked that one yet out of national actors yet? Also run by Russian nationals, so take that for what you will.
|
|
#
?
Apr 22, 2019 02:02
|
|
|
The Fool posted:No, I mean literally founded by law enforcement. I respect your suspicion. At this point it definitely feels like the best option out of what is available. It's a nonprofit that doesn't allow itself (supposedly) to be managed by any entities other than itself, and would have to be held accountable were it to actually profit from user data. By comparison to other options it seems like a good place to start.
|
|
#
?
Apr 22, 2019 02:32
|
|
|
The Fool posted:No, I mean literally founded by law enforcement. important to note that the city of london police are not the same as the metropolitan police who operate across greater london (although they too are complete bandits in their own right). the city of london police are the ones whose "intellectual property crime unit" strongarm web hosts and domain registries into deleting/handing over sites they claim are involved in IP infringement (primarily the sale of counterfeit luxury goods) without going through the courts. they are blatantly and shamelessly abusing their role, and the ignorance/goodwill/fear of the general public, to do the bidding of rolex, gucci, prada etc without any legal authority or oversight
|
|
#
?
Apr 22, 2019 02:46
|
|
|
Millions using 123456 as password, security study findsquote:For its first cyber-survey, the NCSC analysed public databases of breached accounts to see which words, phrases and strings people used. https://www.bbc.com/news/technology-47974583
|
|
#
?
Apr 22, 2019 03:13
|
|
|
Uh oh. Looks like someone hosed up. LOL
|
|
#
?
Apr 22, 2019 03:16
|
|
|
Proteus Jones posted:Millions using 123456 as password, security study finds how can they just reveal all my passwords on the news like that????
|
|
#
?
Apr 22, 2019 03:39
|
|
|
Someone or ones (definitely not Israel) is Doxxing Iranian Nationstate hackers and leaking their hacking tools: https://arstechnica.com/information-technology/2019/04/a-mystery-agent-is-doxing-irans-hackers-and-dumping-their-code/ https://arstechnica.com/information-technology/2019/04/a-mystery-agent-is-doxing-irans-hackers-and-dumping-their-code/ You can even go to the public telegram server and see it in real time ("Lab Dookhtegan") but be warned, they are posting images of dead bodies they claim are victims of the Iranian regime. 
|
|
#
?
Apr 22, 2019 06:17
|
|
|
https://twitter.com/andrew___morris/status/1120297095108485120 interesting
|
|
#
?
Apr 22, 2019 13:25
|
|
|
https://twitter.com/rosa/status/1119736583521853441
|
|
#
?
Apr 22, 2019 13:28
|
|
|
trying to get the bank ranges blacklisted and gently caress with everybodies payroll?
|
|
#
?
Apr 22, 2019 13:38
|
|
|
abigserve posted:trying to get the bank ranges blacklisted and gently caress with everybodies payroll?
|
|
#
?
Apr 22, 2019 16:23
|
|
|
Rufus Ping posted:That was a diff thread and is goldmined my bad, i thought the time-frame was close to then
|
|
#
?
Apr 22, 2019 16:44
|
|
|
Wiggly Wayne DDS posted:or identify hosts that only whitelist bank ip ranges If they spoof, then wouldn't they never see the replies and therefore not know who whitelists what?
|
|
#
?
Apr 22, 2019 16:47
|
|
|
Stabby McDamage posted:If they spoof, then wouldn't they never see the replies and therefore not know who whitelists what? in theory this isnt a dealbreaker (antirez's tcp idle scan) but yea i dont see how it would work here, or anywhere else for the past 20 years
|
|
#
?
Apr 22, 2019 16:56
|
|
|
Proteus Jones posted:Millions using 123456 as password, security study finds Six nine six nine still safe as houses
|
|
#
?
Apr 22, 2019 20:01
|
|
|
hell yeah, back to working on infosec software after a year and a half at Oracle getting my rear end kicked working on boring non-infosec trash! I missed poo poo posting with you guys.
|
|
#
?
Apr 22, 2019 23:34
|
|
|
are you even allowed to say you once worked at oracle if you leave
|
|
#
?
Apr 22, 2019 23:47
|
|
|
|
| # ? Apr 25, 2024 00:15 |
|
|
probably not tbh
|
|
#
?
Apr 22, 2019 23:54
|
|