|
three weeks after moving to my new cybersecurity position and i still have no tasks and no privileges. i don't mind the money but i finished catching up with my shows and i'm bored of sitting at work doing nothing. i have a frosted glass door otherwise i would've brought my switch and did some gaming on company dime lol.
|
# ¿ Apr 21, 2019 11:48 |
|
|
# ¿ Apr 25, 2024 04:40 |
|
any of you worked in non-operations infosec? i.e. dealing with risk analysis and policies and poo poo like that? how do you stay engaged?
|
# ¿ Apr 21, 2019 11:50 |
|
i guess i better start some side-projects then...
|
# ¿ Apr 21, 2019 12:23 |
|
florida lan posted:one of my fave epic systems cool features was the "use TLS when communicating with the DB" switch that did literally nothing (or maybe something, but definitely didn't turn on TLS) and went unnoticed forever until the navy finally bothered to look at some pcaps. can they get sued for fraud?
|
# ¿ May 2, 2019 07:08 |
|
wyoak posted:so I’ve only heard blurbs about the WhatsApp attack while traveling, did they break out of the iOS sandbox or did the hack just affect WhatsApp, the news snippets made it sound like they could get complete control of the phone but “Infosec journalism”
|
# ¿ May 14, 2019 23:39 |
|
redleader posted:imagine asking a normal person to use keepass lol same but cloud thingies. heck imagine asking them to pay rent for password fillers.
|
# ¿ Sep 17, 2019 12:01 |
|
D. Ebdrup posted:Linus has managed to piss a lot of people off in very short order: if people need the secure prng they should explicitly ask for it imho
|
# ¿ Sep 18, 2019 22:07 |
|
the random function accidentally being secure is not "secure-by-default". it's just an accident.
|
# ¿ Sep 18, 2019 22:08 |
|
haveblue posted:what is a situation in which you want a random number that is guaranteed to be not secure data sampling games retry delays load balancing fuzzing machine learning engineering ...
|
# ¿ Sep 18, 2019 22:20 |
|
does the function make any claims about being cryptographically secure? if yes then you get to bitch at linus if not then fix your ASSumptions
|
# ¿ Sep 18, 2019 22:46 |
|
do motherboards/cpus come with hardware prngs or not? also why not use uefi to store/restore prng seeds?
|
# ¿ Sep 21, 2019 10:59 |
|
on one hand we must protect the cybers on the other do you really want to deal with passwords mid-sea?
|
# ¿ Sep 22, 2019 19:01 |
|
we shouldn’t’ve driven the discourse guy away lol imagine sa with notifications, likes, and badges
|
# ¿ Sep 25, 2019 14:24 |
|
but you see user journey first experience frictionless onboarding therefore...
|
# ¿ Oct 13, 2019 11:44 |
|
if i learned anything from muddy waters it would be to short the stocks then release the vuln report to the public
|
# ¿ Oct 13, 2019 21:00 |
|
30 TO 50 FERAL HOG posted:why would you short the stock? do you think wall st cares about a security vuln? lmao of course the stock market doesn’t give a poo poo but there is always a tiny dip before the market stops caring quote:Share prices of breached companies hit a low point approximately 14 market days following a breach. Share prices fall 2.89% on average, and underperform the NASDAQ by -4.6%
|
# ¿ Oct 14, 2019 19:40 |
|
of course they did. of course they did.
|
# ¿ Oct 18, 2019 19:22 |
|
the russians just used keep rear end
|
# ¿ Oct 20, 2019 07:53 |
|
unpacked robinhood posted:Bestialities were my least favorite mortal kombat moves loving scorpion turning into a penguin wtf???
|
# ¿ Oct 20, 2019 12:14 |
|
Methanar posted:Also break_time_at_the_toyota_factory.wmv on my domain controller. is this a shock video or something?
|
# ¿ Oct 29, 2019 20:46 |
|
apparently when you integrate azure ad with duo you can still do password stuffing and bruteforce attacks. getting redirected to duo only happens if the password is valid.
|
# ¿ Nov 4, 2019 13:49 |
|
The Fool posted:this is how most mfa systems work well then most mfa systems are trash i can’t believe loving citrix got this right and they didn’t
|
# ¿ Nov 4, 2019 15:48 |
|
Shaggar posted:the amount of user tickets generated from not knowing if it's the password or the token is not worth the added security. especially when you can handle it other ways like brute force detection, unknown location detection, disallowing common passwords, etc... still why would you give attackers an oracle? it's already bad enough when our users show up on haveibeenpwned.com. we don't need attackers to also be able to guess passwords. also bruteforce protection does jack poo poo. if you lock out users after x failed attempts then you just dos yourself (happened before, management rightfully told IT to gently caress off and disable lock out). if you lock out malicious ips then attackers simply do distributed bruteforce.
|
# ¿ Nov 4, 2019 20:53 |
|
this can be solved if the login redirected you to 2fa regardless of cred validity btw
|
# ¿ Nov 4, 2019 20:54 |
|
BattleMaster posted:wtf how about not putting medical devices (or process equipment, re: the image) on the internet to begin with zero trust BABYYYYYYYYYYYYYYY
|
# ¿ Nov 5, 2019 11:01 |
|
Ur Getting Fatter posted:after an automatic update windows 10 enabled a hidden "default" user account with no password and admin privileges wtf? link please
|
# ¿ Nov 5, 2019 19:38 |
|
∕ etc∕ hosts
|
# ¿ Nov 5, 2019 23:11 |
|
BangersInMyKnickers posted:so the schizophrenic guy from last month is back with 3 new gmail accounts spamming a bunch of people with his pdf "book" that he appended another 400 pages to. great poo poo, love to deal with it i have to do a big report and i wish i could do just 10 pages. writing is hard
|
# ¿ Nov 19, 2019 15:29 |
|
CommieGIR posted:"We want to keep you secure, so we're adding a back door" you don't need to unlock the device though? just factory reset. am i missing something?
|
# ¿ Dec 4, 2019 23:30 |
|
looks like a 4chan “prank” a la growing your own crystals by blowing bubbles in a toxic bleach compound
|
# ¿ Feb 3, 2020 15:35 |
|
Malloc Voidstar posted:https://twitter.com/jonoberheide/status/1224525738268905477 EXCUSE ME????????????????
|
# ¿ Feb 4, 2020 17:44 |
|
Chris Knight posted:opsec it's a harsh cop my 600lb prison life
|
# ¿ Feb 5, 2020 00:42 |
|
Agile Vector posted:nice! a remote access server Ur Getting Fatter posted:Remote Code Execution
|
# ¿ Apr 23, 2020 07:50 |
|
Truga posted:my first name is shared by like 2-3 other people, and my full name is unique, so i just never ever post either on the internet. people call me paranoid for some reason tho one day my mom got many calls from other old ladies congratulating her on me becoming a religious radio personality. it turns out its another person with the same full name living in the same area.
|
# ¿ Aug 31, 2020 13:43 |
|
Ulf posted:https://www.howmanydayssinceajwtalgnonevuln.com but but my rapid development cycle
|
# ¿ Sep 2, 2020 00:05 |
|
Carthag Tuek posted:also the parents are dumb as hell if they think they can raise their kids with tech most parents nowadays just give children electronics to shut them up. i feel like an rear end in a top hat because i refuse to give my toddler an ipad.
|
# ¿ Sep 8, 2020 11:18 |
|
Cybernetic Vermin posted:an experiment already happening on a vast scale. vast enough in fact that it is unfortunately hard to really control for. mental health issues are on the rise among the young, but as they all grew up with both screens and the decay of society it is not obvious which part is the problem. The thing that really destroys children is roads. Roads everywhere. Used to be you can play in front of the house with the other kids. Now make way for mister automobile. Can't have human spaces. Must pave over everything. Pave pave pave. Mark down park times in your calendar. Hope that you have time and energy to get the poor little ones in the car and make the trip. Can't have regular play time. It must be a loving event. I miss when we spent summers at my grandparents in bumfuck nowhere. Just running around riding bikes and kicking footballs. The only concern is stray dogs and older kids. Ban cars. Strip roads. Plant trees.
|
# ¿ Sep 11, 2020 19:21 |
|
Subjunctive posted:admit it, though, you were biking on roads when i said bumfuck nowhere i meant it. no roads at all. just people and their animals. electricity got shut down every day (running on a generator).
|
# ¿ Sep 11, 2020 19:48 |
|
mystes posted:How did you get there if there were no roads? ride the dirt on a creaky 80s suburban
|
# ¿ Sep 11, 2020 20:56 |
|
|
# ¿ Apr 25, 2024 04:40 |
|
Methanar posted:why would you want more bsd-tier binary incompatible reject platforms to split market share, features, tools and patterns across because i love computer
|
# ¿ Sep 25, 2020 10:01 |