|
mystes posted:You trust accounting companies to do security audits? My girlfriend is an accountant and her company's accounting department just finished getting audited. The auditors savaged their IT department for not enabling a secure accounting environment. Meanwhile IT is pushing back on complicated audit guidance like "use full disk encryption".
|
#
¿
Nov 9, 2019 22:49
|
|
|
|
| # ¿ Apr 25, 2024 08:08 |
|
|
The greatest value of phishing tests is being able to delete obnoxious emails from office boomers because "it looked like phishing".
|
|
#
¿
Apr 8, 2020 18:29
|
|
|
I got a 50" Samsung dumb TV for free when my neighbor decided to replace it with a smart TV. My plan for the inevitable smart TV that replaces it is dropping it on its own VLAN to keep it from wandering to other wifi and then killing the VLAN internet connectivity.
|
|
#
¿
Apr 14, 2020 13:40
|
|
|
Where I live now every wifi is protected ,but when I lived in heavens waiting room Florida all the networks were open.
|
|
#
¿
Apr 14, 2020 14:12
|
|
|
2 TVs 1 Analytic
|
|
#
¿
Apr 14, 2020 14:21
|
|
|
Truga posted:i don't know, but regardless of that, never trust a corporation with *any* data Also I don't want my TV mining bitcoins.
|
|
#
¿
Apr 14, 2020 14:57
|
|
|
We learned a ton about Russia's main nuclear base because some soldiers took pictures of themselves pissing their names in the snow on base and uploading them to social media.
|
|
#
¿
May 20, 2020 15:21
|
|
|
Munkeymon posted:thought I saw a post in one of these threads about a protocol that uses ethernet but not TCP intended for equipment like HVAC and stuff but I can't remember what it was called BACnet? Or maybe one of the modbus variants?
|
|
#
¿
Jun 17, 2020 19:36
|
|
|
The best part is the idea that you can save money on cabling your facility by running your ICS protocols over WiFi.
|
|
#
¿
Jun 17, 2020 20:29
|
|
|
I feel like there is this implicit assumption that whoever hacked Twitter has to be some world class genius hacker and not some schlub with just the right amount of skill and luck. In other words, I don't buy into the idea that someone smart enough to hack Twitter is necessarily smart or organized enough to pull off something other than Buttcoin scams.
|
|
#
¿
Jul 17, 2020 14:15
|
|
|
Perplx posted:replace all roads with tunnels, treat them like the underclass they are Okay Elon.
|
|
#
¿
Sep 11, 2020 20:03
|
|
|
The remote control aspects appeals to some people and kinda makes sense for some relationship situations. For that matter being able to remotely release your partner in an emergency would be a nice feature. But any electronic design should still have a key allowing for manual override as a failsafe. Something something please do not not gently caress and not cum inside your computer.
|
|
#
¿
Oct 6, 2020 15:47
|
|
|
Risky.biz and some other places have been asking the question "at what point do cyber attacks against hospitals during a loving pandemic cross the line from organized crime to terrorism?"
|
|
#
¿
Oct 30, 2020 14:12
|
|
|
We're obviously not putting warheads on foreheads in St. Petersburg, but it does open up other avenues of state power. OFAC has been very aggressive in sanctioning Russian and Chinese cybercrime groups and Cybercom claims to have launched interference actions against Trickbot. I genuinely wonder what happens when ransomware kills Americans and how weapons free Cybercom is allowed to go in response.
|
|
#
¿
Oct 30, 2020 14:32
|
|
|
Trabisnikof posted:I feel like declaring ransomware cyber terrorism will only have negative impacts on infosec community Nah it'll be great when the CIA is renditioning foreign hackers to black sites and the Russians are exploiting local polonium inclusion vulnerabilities at western infosec firms.
|
|
#
¿
Oct 30, 2020 17:26
|
|
|
Secret service is one of the many agencies that got swept up into DHS and is now one of the eight semi-autonomousish DHS agencies along with stuff like FEMA, Coast Guard, CISA, TSA and CBP.
|
|
#
¿
Nov 1, 2020 21:25
|
|
|
Pile Of Garbage posted:beat me to it but gonna post anyway I was idly wondering the other day how many nation state intelligence services have owned OnlyFans as a trove of blackmail material.
|
|
#
¿
Nov 2, 2020 14:13
|
|
|
The average poli sci student has less stupid and reductionist ideas about how society works than the average comp sci student. Source: I double majored poli sci and comp sci.
|
|
#
¿
Nov 5, 2020 17:20
|
|
|
A good social sciences program is going to teach research design, statistical analysis, and provide substantial practice at descriptive and persuasive writing. The statistics is more of a grad level emphasis to be fair. Either way it tends to leave someone a better adjusted human capable of interacting with society than your average perfectly spherical math & logic computer toucher. There are also shitheads on both sides of the aisle who who go into social sciences not to learn how to be right but to learn the jargon to explain that their preconceived notions are already right. But there are also plenty of STEMlords who do the same thing with logic and first principles. To tie this back to secfucks. I have a friend who also has an international relations and a comp sci degree who consults with companies trying to set up or revise insider threat programs. She says 90% of her job is to tell companies the machine learning tool they just purchased is digital phrenology and will get them sued because it assumes every black employee is a criminal.
|
|
#
¿
Nov 5, 2020 18:49
|
|
|
Soricidus posted:just encrypt your passwords with a caesar cipher op. nobody will be able to break it because frequency counting won’t work and the right answer will look as random as all the wrong answers For extra security I run it through Rot-13 twice!
|
|
#
¿
Nov 10, 2020 18:56
|
|
|
Clearly all y'all just need a 5g Faraday cage for your router: https://mobile.twitter.com/AnsgarTOdinson/status/1334015546979803137
|
|
#
¿
Dec 2, 2020 17:46
|
|
|
Hed posted:why yes, my password is 2.412x10^28 characters of text You also use the full John Galt speach?
|
|
#
¿
Jan 6, 2021 18:41
|
|
|
Teaching teens infosec is more effective at promoting abstinence than abstinence only education.
|
|
#
¿
Feb 1, 2021 15:32
|
|
|
Sassafras posted:"Penis" is a dictionary word. Not long enough
|
|
#
¿
Feb 4, 2021 13:08
|
|
|
This is a good change because the only secure code is code no one can run.
|
|
#
¿
Feb 10, 2021 17:26
|
|
|
Kazinsal posted:this is our penance for capturing the angry lightning demons in order to trick rocks into thinking for us https://mobile.twitter.com/Strife212/status/1365756219923853314
|
|
#
¿
Mar 1, 2021 21:23
|
|
|
PCjr sidecar posted:the usual failure mode is the cooling systems on one power system and it power on another (usual a/b redundancy in both) so the ac goes down but the servers keep generating heat I once visited an office where the server room suffered this exact problem. Building lost power, the servers kicked over to backup generators on the roof, but the AC had no backup. This was middle of the night so no one got the alert in time to perform a graceful shutdown before the servers overheated the room. That's when they realized they should have spent the money when building out the server room to replace the sprinkler system with alternative fire suppression.
|
|
#
¿
Mar 11, 2021 15:19
|
|
|
These are both extremely bad and every IR team is simultaneously lamenting their fate and eyeing those OT figgies. It feels like the theme of 2021 is catastrophic ecosystem wide supply chain attacks.
|
|
#
¿
Apr 21, 2021 00:46
|
|
|
Kesper North posted:hahahaha what OT figgies, IR is done by salaried consultants at my firm RIP. I do IR but I get OT for anything over 40/week.
|
|
#
¿
Apr 21, 2021 11:20
|
|
|
It's almost like the current IR model (security model in general really) is unsustainable because vendor and supply chain attacks amplify adversary effectiveness and efficiency far beyond what IR teams can sustain.
|
|
#
¿
Apr 21, 2021 12:33
|
|
|
Fart Sandwiches posted:just check the log files duh client posted:We have 50k endpoints with the default logging policies and no centralized retention. The CCB won't approve your request to deploy an edr agent in less than 6 weeks. Once they approve it IT can begin manually deploying it to the specific systems. What?, of course we can't do a mass deployment. We've never centrally pushed software before and aren't about to start now. So we'll just have IT throw it on a thumb drive and install it on the hacked computers. Oh and we can't let you have physical access to most of our campus or offsites so just tell us what computers you want logs from and one of our IT folks will pull it and drive it over at the end of the day. Also our CISO already assigned a hand picked review team and the already concluded the breach was localized and didn't get anywhere and no remediation is needed. If you waste a bunch of time and resources to come to a wrong conclusion we'll be very upset and will have to fire you.
|
|
#
¿
Apr 21, 2021 13:09
|
|
|
The Iron Rose posted:and good god someone needs to make tech nerds take more writing and communication classes. When I was a TA I made every assignment have an accompanying 3-5 page paper to try and make them practice a bit. It sort of worked. The good students did okay but the worst coders were also the ones most likely to quarter-rear end the papers.
|
|
#
¿
Apr 27, 2021 01:37
|
|
|
Chris Knight posted:holy crap, you're right! took him long enough lol He announced it on April Fool's and people were very confused.
|
|
#
¿
Apr 29, 2021 12:17
|
|
|
So NTFs are just quitclaim deeds for art? But burn rainforests?
|
|
#
¿
Apr 29, 2021 20:52
|
|
|
Lol gently caress me for being slightly optimistic that the shutdown was out of good faith security concerns. I should know better but I guess I wanted to believe
|
|
#
¿
May 14, 2021 13:50
|
|
|
Ur Getting Fatter posted:YOSPOS>SecFuck M/T v18.8.01 - seed is stored in the vaults
|
|
#
¿
May 23, 2021 15:26
|
|
|
mystes posted:Just put "Iran" or "North Korea" or something. One weird trick your bank and the Office of Foreign Assets Control of the Treasury hate! A friend of a friend put "Iranian Missile Parts" and got investigated by Venmo.
|
|
#
¿
May 25, 2021 17:34
|
|
|
You might find something useful in this article on what makes a cybersecurity lawyer from CISA's chief counsel: https://www.lawfareblog.com/what-cybersecurity-legal-practice
|
|
#
¿
May 27, 2021 17:31
|
|
|
mystes posted:^^^ Buttery emails
|
|
#
¿
May 28, 2021 16:47
|
|
|
|
| # ¿ Apr 25, 2024 08:08 |
|
|
Cybernetic Vermin posted:i really must insist no one goes through with this just-fix-it plan before we have a chance to parlay this into a ban on cryptocurrencies first.
|
|
#
¿
Jun 4, 2021 23:31
|
|