|
I do. It's just run of the mill grc work like you see everywhere, where everyone you speak to still assumes you're configuring firewalls and don't understand why loss of availability would be a risk worth addressing from a security perspective. It's drat hard, nigh impossible to stay engaged.
|
# ¿ Apr 21, 2019 12:13 |
|
|
# ¿ Apr 27, 2024 01:37 |
|
Oh and it never really gets any busier than what you're currently doing, for most commercial companies it really is basically a check-the-box-position.
|
# ¿ Apr 21, 2019 12:14 |
|
it’s an incredibly tedious type of work and I wouldn’t recommend it. it does involve talking to people that should work the policies and continuously wondering why they don’t so it’s not just office365 work, but it is a well paying joke of a job regardless
|
# ¿ Apr 21, 2019 13:09 |
|
doesnt every Oracle agreement disallow any posts or comparison about their products? be careful before their army of lawyers take all of lowtax’s spine cash
|
# ¿ Apr 26, 2019 15:06 |
|
I’ve been trying to read the Wireguard documentation today but I’m not good enough for this... or everyone just uses terminology that doesn’t match up with anything I know. any good posts on how to set up client/server wg that an idiot like me can use?
|
# ¿ Sep 2, 2019 20:37 |
|
the wg writeup is great, thanks!
|
# ¿ Sep 3, 2019 16:17 |
|
duz posted:if thats what it takes to get people to keep their dependencies up to date... I ran a snyk test on our companies repo once. panicked, closed the terminal, and went to find another job. worked out great thusfar
|
# ¿ Sep 17, 2019 12:54 |
|
isn’t the master key something idiotic like 9876 or 9999 anyway, since even the hotel personnel is too lazy to pick something meaningful?
|
# ¿ Sep 18, 2019 15:03 |
|
exactly
|
# ¿ Sep 18, 2019 16:59 |
|
Soricidus posted:the latest amd cpus literally came with a hardware rng that always returns -1 that number was carefully selected with several dice rolls by a committee
|
# ¿ Sep 21, 2019 13:26 |
|
it’s a beauty apparently it was worth $10000 if they posted it to 0dayium instead of anonymously to the fd list
|
# ¿ Sep 25, 2019 08:15 |
|
doubt the SA vbulletin is new enough to hit the minimum version
|
# ¿ Sep 25, 2019 08:21 |
|
so thats everyone
|
# ¿ Oct 2, 2019 21:57 |
|
i can’t wait for the first 4% fine to happen
|
# ¿ Oct 9, 2019 15:28 |
|
Volmarias posted:Extremely same but I'm not holding my breath. didn't BA get hit with 1.8% (or was it 2.8%?) of revenue for being magecarted? nice last in-eu-move by the ICO
|
# ¿ Oct 9, 2019 17:33 |
|
yes but we can’t patch because [insert idiotic reason here] sucks that these people are typically considered not the best protected, hope autoriteit persoonsgegevens and police can do anything and that they change literally everything.. ancilla probably has a valid opinion about this
|
# ¿ Oct 10, 2019 07:04 |
|
for as much as I’ve read about it the ec council seems the biggest ripoff for everything they do
|
# ¿ Oct 12, 2019 17:04 |
|
I think he posted later it’s cloud related
|
# ¿ Oct 13, 2019 07:51 |
|
no but docker always runs with root privs
|
# ¿ Oct 15, 2019 12:15 |
|
Cocoa Crispies posted:yeah there was a fun challenge in the cccamp19 ctf where you used a docker image that lets you run commands as root to escalate your host privilege (I used root in the docker to make a bash executable setuid root on a host volume) all the docker sandbox escapes I’ve seen in ctfs or challenges the last couple years were all dirtycow based also fun but I guess a lot less realistic nowadays
|
# ¿ Oct 16, 2019 07:32 |
|
what’s a leaked root ca if it cures lowtax’s spine
|
# ¿ Oct 21, 2019 20:23 |
|
Share Bear posted:gonna guess this is still correct? https://gist.github.com/grugq/353b6fc9b094d5700c70 what makes freedome an acceptable vpn?
|
# ¿ Oct 22, 2019 06:02 |
|
i'm still on safari for some reason, but i seem to be alone in the infosec community
|
# ¿ Oct 26, 2019 20:32 |
|
Tankakern posted:bah, let's post php 0-days to hn Pretty sure I read about it before these flurry of releases now also, probably in some nginx or php-fpm advisory. this publication is fine
|
# ¿ Oct 28, 2019 12:17 |
|
https://twitter.com/a_tweeter_user/status/1188811977851887616?s=21 im still stuck on the kaka ‘n peepee, but I guess a compromised nuclear power plant is also serious
|
# ¿ Oct 29, 2019 07:59 |
|
the actual release from the admin seems to be specifically about the operational tech, not the it infra but who knows, iran also never admitted to being stuxnetted i think
|
# ¿ Oct 29, 2019 11:27 |
|
Carbon dioxide posted:This poo poo absolutely wouldn't be allowed in the Information Security Policy at my job. In this case the company would probably decide, with the CISO's approval, to stop all cooperation with this audit company. in a real company the CISO would be told by the ceo or cfo that the exercise is not for security but commercial reasons and just “fix it” when it’s over
|
# ¿ Nov 8, 2019 20:07 |
|
ST is just upgrading stuff i think. afaik no hardware change is really necessary?
|
# ¿ Nov 21, 2019 15:17 |
|
they just should’ve used magic links in emails and noone would’ve complained
|
# ¿ Dec 7, 2019 22:48 |
|
bunq, a dutch online bank, used cvvs as totp at some point. It was great, but for some reason they turned it off.
|
# ¿ Dec 21, 2019 15:23 |
|
Midjack posted:that was a good talk and I’m glad i was there for it. it was a good one to get the day started for sure
|
# ¿ Jan 8, 2020 23:55 |
|
pseudorandom name posted:Zoom doesn't have end-to-end encryption IIRC Zoom’s recorded meetings are obscure URL only protected
|
# ¿ Mar 31, 2020 22:10 |
|
hey the founder moved away from cisco, what do you expect he knows about cryptography
|
# ¿ Apr 3, 2020 12:49 |
|
lord fifth posted:hi friends, i hope this is on topic given the subject manner use ckeditor in your php website and leave the demo directory. (it contains upload.php. it uploads any file. also php files.)
|
# ¿ Apr 10, 2020 17:34 |
|
while it does sound very culty wasn’t there a botnet that used kardashian Instagram comment sections as C2?
|
# ¿ Sep 12, 2020 08:25 |
|
Oh right! I think that's an enjoyable factoid wrt malware
|
# ¿ Sep 12, 2020 14:42 |
|
I'm shocked (well not really) by how slow people are patching. someone figured earlier that to this day not even 5% of the exchange hosts were actually patched in my country. We can all worry about giant 0days and everything but a large part of those 95% unpatched exchanges haven't patched since 2017 probably. I can only laugh at how depressing it is
|
# ¿ Mar 6, 2021 18:05 |
|
shaggar was right 2021 what are you doing
|
# ¿ Mar 6, 2021 18:38 |
|
there’s a difference between asking for all types and software and completely pwning your it department because you’re a hostile rear end in a top hat who can’t adapt or ask questions and explain needs
|
# ¿ May 8, 2021 10:38 |
|
|
# ¿ Apr 27, 2024 01:37 |
|
rip mcafee I guess
|
# ¿ Jun 23, 2021 20:23 |