Vomik posted:

Idgi. what specifically are you investigating dashlane for?

1Password, lastpass, and dashlane all have pretty much the exact same functionality and use.

dashlane costs more but it has a vpn and some other items. included. they all have emergency contacts which you don’t have to setup.

dashlane is also originally (?) from france so I suppose it may have stricter data regulations... depending on if they’re used or if it matters since they have servers in the US who knows.

in terms of a copy... I guess but in the same sense lastpass is a copy of 1password.

you could always use keepassXC which has the EFF seal of approval.

Wiggly Wayne DDS posted:

and also this dashlane product people speak of

CommieGIR posted:

So, we're SEIM shopping, down to Secureworks, Logrythm, and Splunk.

But now it looks like they are not going to allow us to budget for any of them, and we are not renewing with Symantec for MSS, because its garbage.

I'm trying to develop a fallback plan around ELK if we can't get the C levels to sign off on any of our picks.

CommieGIR posted:

That's the gist of what we've been getting, but Splunk is outrageously pricey. Logrythm is desperate because they are losing customers right and left.

But at this point, Symantec's is so bad that Logrythm might be honestly better, especially if we are using a Managed Services to actually configure and filter. So we can tie deliverable to it and call them out on it via contracts if they cannot.

I'd preffer ELK or Splunk.

The Fool posted:

Tangentially related to ELK, do you have opinions on Graylog?

e: link, https://www.graylog.org/

Wiggly Wayne DDS posted:

shocking no one

https://twitter.com/ericlaw/status/1159850783862640641

Mustache Ride posted:

Subjunctive posted:

the alerts are stored in the balls

pseudorandom posted:

If they had a sign that said "wouldn't you rather drown in drinks than alerts" and then had a liquor pit, then I'd be interested.

Cocoa Crispies posted:

I feel like I’ve heard a million people talking about splunk and elk stack all weekend

either I’m finding a pattern where none exists or I’m lucky to not have to store and search logs

Subjunctive posted:

Lain's a dudette, dude.

COACHS SPORT BAR posted:

https://mobile.twitter.com/zer0pwn/status/1158433002239746048

0-day for kde disclosed, apparently without any attempt to report it to the devs. lol

Janitor Prime posted:

https://mashable.com/article/dmv-vanity-license-plate-def-con-backfire/

Idiot buys vanity NULL license plate, some system somewhere starts sending him a bunch of unpaid tickets.

Captain Foo posted:

I would like to know more

but I suspect nda

Volmarias posted:

My bank just magnanimously informed me via email that my contactless credit card that I never wanted nor asked for is now on the way since I'm such a good customer.

How currently hosed is this technology and do I have to wrap my card in tinfoil now?

quote:

Hard-coded credentials on ProGrade/Lierda Grill Temperature Monitor [CVE-2019-15304]
From: tim () tepatti com
Date: Sat, 24 Aug 2019 23:50:36 -0400
[Author:] Tim Tepatti
[Website:] tepatti.com

[Title:] Hard-coded credentials on ProGrade/Lierda Grill Temperature
Monitor [CVE-2019-15304]

[Product:] Grill Temperature Monitor
[Manufacturer:] ProGrade / Lierda
[Affected Version(s):] V1.00_50006
[Tested Version(s):] V1.00_50006
[Vulnerability Type:] Use of hard-coded credentials (CWE ID 798)
[CVE Reference:] CVE-2019-15304


[TL;DR:]

ProGrade/Lierda Grill Temperature Monitor V1.00_50006 has a default
password of admin for the admin account, which allows an attacker to
cause a Denial of Service or Information Disclosure via the
undocumented access-point configuration page located on the device.

[Long Info:]

ProGrade/Lierda Grill Temperature Monitor V1.00_50006 has a default
password of admin for the admin account, which allows an attacker to
cause a Denial of Service or Information Disclosure via the
undocumented access-point configuration page located on the device.

The access point configuration page is never made known to the end
user - the user is never supposed to access it or change any of the
options, and as such, the end user has no idea that an attacker could
access this page. This is different than a normal access point or
internet router where the administration page is required for setup
and configuration, and the end user is made aware of the risk of
default credentials. This makes the vulnerability more severe because
the attack vector is something which the end user wasn't aware even
operated on their device.

Additionally, there were two vendors provided because Lierda is a
wholesaler who actually created the device, and ProGrade simply
re-branded the device for the American market. This way, both
customers will be aware of the security vulnerabilities in the
product.

[Technical Info:]

[Default Web Server IP:] 11.11.11.254
[Default Web Server Port:] 80

[Reference(s):] http://progradegrill.com/wifi-grilling-thermometer/

Carbon dioxide posted:

I don't, I just 'know' the tech guy on IRC.

BTW, the passwords in the forums leak were MD5 hashed.