|
are you even allowed to say you once worked at oracle if you leave
|
#
¿
Apr 22, 2019 23:47
|
|
|
|
| # ¿ Apr 25, 2024 02:34 |
|
|
In a similar vein we had some eval company freak out because we flagged like all their admin accounts and service accounts having PASSWORD_NOT_REQD being set (and a bunch of them not having passwords) as an issue. he couldn't show our product to his boss cause it definitely is not an issue and we're dumb and stupid for thinking it is!!! It was something about smart cards. "best practices" was thrown around a bunch. Either its the same company or this is a more popular way of solving login/lockout problems than I thought.
|
|
#
¿
Apr 25, 2019 10:54
|
|
|
didn't chase or capital one or some bank let you just type in someone else account number once you were logged in a few years ago
|
|
#
¿
May 24, 2019 23:35
|
|
|
Rufus Ping posted:i remember a british bank forgot to key their http cache on the logged in userid and customers suddenly started seeing other peoples account details https://nypost.com/2018/02/22/chase-says-glitch-gave-customers-access-to-wrong-accounts/ apparently that's popular. this is probably what I was thinking of.
|
|
#
¿
May 25, 2019 00:21
|
|
|
I hope fire eye asks if bill ever tried the cigar trick with her... in a secure manner. boom on topic.
|
|
#
¿
May 31, 2019 02:29
|
|
|
what's so lovely about splunk in production
|
|
#
¿
May 31, 2019 18:44
|
|
|
wow rude
|
|
#
¿
May 31, 2019 18:51
|
|
|
i got an email to my work address from myself saying i got hacked and theyre gonna release nudes to everyone in my contacts so long story short everyone at work knows what my penis looks like
|
|
#
¿
Jun 3, 2019 21:35
|
|
|
lets not forget persistant malware in your bios that exfiltrates data through microwaves or morse code or something
|
|
#
¿
Jun 5, 2019 15:51
|
|
|
... and to my dad, i leave my suicidegirls account
|
|
#
¿
Jul 29, 2019 18:59
|
|
|
its probably the same thing as everyone else - checking haveibeenpwned, and will coincidentally break just along with every other vendor once HIBP goes private
|
|
#
¿
Jul 29, 2019 19:07
|
|
|
crazysim posted:it'll break if they don't pay HIBP. so then half these vendors will change it to a susbcription based "identity protection service" for an extra 2 bucks/month or something. 1password is already subscription based and set up nicely for this. lower the cost of the normal version by a dollar or whatever and increase the cool HIBP integration to like 2$/month or whatever. either way im going to assume a lot of these services will go pay only or break, so you don't have to worry about it unless you actually opt in.
|
|
#
¿
Jul 29, 2019 19:31
|
|
|
Patents are good. Our patent lawyer at work does like 0 due diligence so they all get rejected but I get 1000 bucks if I submit an application so I keep throwing poo poo at the wall.
|
|
#
¿
Aug 3, 2019 12:20
|
|
|
i accidentally opened up lDAP to the internet and the past month my azure vm uploaded like 17 tb. it was only like 6 or 700 bucks which seems pretty reasonable
|
|
#
¿
Oct 22, 2019 14:14
|
|
|
sure thats bad to add to DOS attacks, but it also felt kinda good to finally be part of something bigger than myself
|
|
#
¿
Oct 22, 2019 14:15
|
|
|
its cool theyre all posting uhh... that was from the staff who are definitely outside the room
|
|
#
¿
Oct 23, 2019 20:09
|
|
|
Symantec has OEMed us and what you are all saying is very hurtful. please understand there are human beings behind the software you use and just because it doesn't work as you think it should thats no cause for being an asshat
|
|
#
¿
Oct 25, 2019 18:07
|
|
|
Shaggar posted:setting up a new AD domain is super easy and if you want to copy everything its also real easy. the problem w/ migrations is always in scenarios where you're migrating from one domain into an already well established domain as in a merger or something. even then its just about make sure you know which objects you want to migrate and if there will be collisions rather than the actual migration. yeah I dont see how migrating the actual domain is hard. merging a companies IT resources and all that risk is a real issue and involves the business but standing up a new domain and trust is clicking next like 10 times and changing some samaccountnames. worst case scenario just rely on sid history and wide open trusts.
|
|
#
¿
Nov 2, 2019 01:39
|
|
|
infernal machines posted:well, sid history only works as long as the original domain is online, so there's that so you agree it's all people problems and from a technical perspective its pretty easy.
|
|
#
¿
Nov 2, 2019 02:46
|
|
|
evil_bunnY posted:lol you don't know poo poo how won't that work? let me just pick a random application you would have to migrate. Exchange? here's how you migrate exchange: sid history and trusts. it works 100% of the time infernal machines posted:yes, was that in question? im just trying to clear up some misconceptions re: "costly" migrations
|
|
#
¿
Nov 2, 2019 11:24
|
|
|
what are peoples thoughts on ping. ADFS seems way less fucky to get working but i dunno.
|
|
#
¿
Nov 4, 2019 16:16
|
|
|
you know hes bitching about this idiot customer to his coworkers too
|
|
#
¿
Nov 8, 2019 01:04
|
|
|
dont vaults like thycotic/cyberark claim to handle that? dunno how well that works in reality though. I got the impression its huge professional service bills to really do the discovery and migration. natively in AD group managed service accounts handle that but you need a fairly high functional level. migrating to that, much like domain migrations, is actually very easy. GSMAs are cool as h*ck though. the people I've spoken to do everything they can to find out where that account is being used, and the original purpose of the account to see if that matches up. sometimes they leave it cause its too sketchy to touch, a lot of times migrating to GSMAs involves creating a bunch of different accounts if the sprawl got too big. ultimately it involves doing your best due diligence up front and hoping your trading system doesn't go down for too long.
|
|
#
¿
Nov 10, 2019 11:55
|
|
|
yeah just checked and thycotic secret server or the cyberark central policy manager does all that stuff. I think thycotic also claims to be able to replace passwords in connection strings in scripts too? which is a perfect summation of enterprise security.
|
|
#
¿
Nov 10, 2019 15:11
|
|
|
BangersInMyKnickers posted:so you've consolidated all your PII in to a single location and didn't bother with any kind of RBAC or sanitization? we scan for sensitive data. at first we didnt bring back the actual data that matched our criteria. customers demanded we start saving the actual result in their 99% of the time unencrypted database so they could review results for false positives I guess? I dunno. either ive learned that a critical part of the process for PCI compliance is copying every CC# and CVV you find verbatim into a database.
|
|
#
¿
Nov 15, 2019 14:12
|
|
|
1password just raised 200 million so dont expect it to be good for much longer
|
|
#
¿
Nov 15, 2019 15:50
|
|
|
CRIP EATIN BREAD posted:i wonder what they even need that money for unless it's for some massive amount of infrastructure they want to put up, because 1password hasn't really changed in ages. the only thing i can think of is the 1password for teams stuff, which we use at work, or the new-ish browser plugin that syncs with the cloud storage. getting the founders tons of money and then also maybe going after the enterprise vault space?
|
|
#
¿
Nov 15, 2019 17:25
|
|
|
it would be cool to do that. who wants to make a credible threat against my life itt
|
|
#
¿
Nov 21, 2019 16:25
|
|
|
how is that a data breach when its just consolidating publicly accessible information people willing provide
|
|
#
¿
Nov 23, 2019 18:44
|
|
|
push it to the limit
|
|
#
¿
Jan 23, 2020 20:37
|
|
|
mycrimes.mp4 https://www.youtube.com/watch?v=qk2jeE1LOn8
|
|
#
¿
Jan 23, 2020 20:37
|
|
|
ping is cool because if you need to return the objectsid in your contract you need to specifically tell it "ad will return this as bytes please decrypt it into usable S-1-whatever" instead of just working also it seems like they try to abstract everything in case you need to use the same attributes or filters or whatever in multiple services so configuring it takes like 100x longer than ADFS
|
|
#
¿
Jan 24, 2020 01:20
|
|
|
maybe im stupid but ADFS was super super easy to get working in an afternoon and ping was very very convoluted and I had to reach out to them multiple times when I was trying to configure it
|
|
#
¿
Jan 24, 2020 01:22
|
|
|
Shame Boy posted:idk how my work email gets on these weird lists for some reason an electron microscope company account rep keeps emailing me
|
|
#
¿
Feb 14, 2020 16:28
|
|
|
guys I dont want this thread to be closed please stay on topic of security issues
|
|
#
¿
Feb 14, 2020 19:09
|
|
|
Cybernetic Vermin posted:the late stymies two gimmicks; warning about the dangers of alcoholism, and espousing the inherent immorality of computer touching; were both entirely correct and very effective trolling for yospos. rip~
|
|
#
¿
Feb 26, 2020 20:19
|
|
|
turn off the gas and the electricity before you leave anywhere if its such a big worry
|
|
#
¿
Mar 22, 2020 09:35
|
|
|
at work they made a big announcement about split tunneling to help vpn capacity but either they hosed up configuring it or just blatantly lied and want to catch people loving around.
|
|
#
¿
Mar 25, 2020 22:26
|
|
|
screen reading should be part of the OS. something like a core component called "VoiceOver" or something.
|
|
#
¿
Apr 6, 2020 17:37
|
|
|
|
| # ¿ Apr 25, 2024 02:34 |
|
|
my ceiling fans have an open wifi network but I live in a brick + steel building and nothing makes it outside
|
|
#
¿
Apr 14, 2020 15:37
|
|