hate these ads?, log in or register to hide them
Page 37 of 37 FirstFirst ... 2734353637
Results 721 to 731 of 731

Thread: Antivirus is shit, everything is compromised, etc etc (Cybersecurity thread)

  1. #721
    Donor halbarad's Avatar
    Join Date
    April 9, 2011
    Posts
    4,984
    We've for mfa set up so that it only prompts outside the office. I'll ask how we have it configured when I'm back in town on Monday and let you know. It's probably conditional access or something, I haven't looked at mfa in O365 so I'm not sure.

  2. #722
    Lana Torrin's Avatar
    Join Date
    April 13, 2011
    Location
    Bonding around
    Posts
    19,039
    Quote Originally Posted by halbarad View Post
    We've for mfa set up so that it only prompts outside the office. I'll ask how we have it configured when I'm back in town on Monday and let you know. It's probably conditional access or something, I haven't looked at mfa in O365 so I'm not sure.
    This. We have outside of organisation completely locked out unless you are a member of a specific group. This is done with rules in ADFS so o365 has no clue who does and who doesnt have access. You need to be authing from our internal ranges or you just get a flat out no. We could modify it to use any 2FA for external that windows supports (so quite a lot) and again, its done in the ADFS part so o365 has no clue whats going on.. Works for us as we don't want "normal" staff to access their email outside of work.

    Today our new servers turned up.. Its only taken 11 months to get them approved and paid for. I can now (ok next week as its late now) start migrating away from some of these server 2003 VMs (server 2019 licences were included in the purchase).
    Quote Originally Posted by lubica
    And her name was Limul Azgoden, a lowly peasant girl.

  3. #723

    Join Date
    May 30, 2011
    Location
    asleep
    Posts
    6,370
    Quote Originally Posted by halbarad View Post
    We've for mfa set up so that it only prompts outside the office. I'll ask how we have it configured when I'm back in town on Monday and let you know. It's probably conditional access or something, I haven't looked at mfa in O365 so I'm not sure.
    Awesomesauce. I'm getting a quote for the advanced AAD stuffs now.

    Quote Originally Posted by Lana Torrin View Post
    This. We have outside of organisation completely locked out unless you are a member of a specific group. This is done with rules in ADFS so o365 has no clue who does and who doesnt have access. You need to be authing from our internal ranges or you just get a flat out no.
    I wish

    Today our new servers turned up.. Its only taken 11 months to get them approved and paid for. I can now (ok next week as its late now) start migrating away from some of these server 2003 VMs (server 2019 licences were included in the purchase).
    hooray *celebrate*
    Please don't teach me what to do with my pc.

  4. #724

    Join Date
    May 31, 2011
    Posts
    4,168
    Look Ma, I did it again. This time I've got your private keys!

    Quote Originally Posted by TFA
    In a paper scheduled for release soon, researchers document how they were able to exploit the newly discovered leak to recover an elliptic curve private key from a server running an OpenSSL-powered TLS server.
    tl;dr
    Processor side-channel vulnerability, discovered on Intel Skylake and Kaby Lake, but most likely not restricted to Intel.

  5. #725

    Join Date
    April 14, 2011
    Posts
    6,618
    Eh, it's a timing attack. They're pretty easy to guard against.

  6. #726
    Shaftoes's Avatar
    Join Date
    April 9, 2011
    Location
    Ships
    Posts
    1,718
    Another tales from tech support story cyber-security story that I found highly amusing


    Part 1: https://www.reddit.com/r/talesfromte...ppens_at_once/
    Part 2: https://www.reddit.com/r/talesfromte...ce_conclusion/

  7. #727

    Join Date
    April 14, 2011
    Posts
    6,618
    Quote Originally Posted by Shaftoes View Post
    Another tales from tech support story cyber-security story that I found highly amusing


    Part 1: https://www.reddit.com/r/talesfromte...ppens_at_once/
    Part 2: https://www.reddit.com/r/talesfromte...ce_conclusion/
    Ah, if only all security assessors were this competent.

    I received a "critical vulnerability report" last week telling us one of our products had a SQL injection vulnerability. The way this has been determined was pointing a scanner at all well-known REST endpoints and throwing the usual ';;;SELECT * FROM credentials' and other such 90s-era cruft at it.

    They reported that we were passing through SQL strings and executing them unvalidated. I found this to be unusual because the application they were testing doesn't have a SQL database attached. In fact, it's a search application using solr under the covers. Poker face applied, I asked for the details.

    They were shocked to discover that throwing 'AND 1=0' into a plain text search query does in fact change the results the search engine returns.

    They were slightly more shocked to find I'd asked their client never to employ them again.

  8. #728

    Join Date
    May 31, 2011
    Posts
    4,168
    They were shocked to discover that throwing 'AND 1=0' into a plain text search query does in fact change the results the search engine returns.

  9. #729
    Donor halbarad's Avatar
    Join Date
    April 9, 2011
    Posts
    4,984
    Quote Originally Posted by Shaftoes View Post
    Another tales from tech support story cyber-security story that I found highly amusing


    Part 1: https://www.reddit.com/r/talesfromte...ppens_at_once/
    Part 2: https://www.reddit.com/r/talesfromte...ce_conclusion/
    Lawtechie writes good stories and has quite an interesting collection of them in his history.

  10. #730

    Join Date
    November 5, 2011
    Posts
    11,489
    Quote Originally Posted by halbarad View Post
    Quote Originally Posted by Shaftoes View Post
    Another tales from tech support story cyber-security story that I found highly amusing


    Part 1: https://www.reddit.com/r/talesfromte...ppens_at_once/
    Part 2: https://www.reddit.com/r/talesfromte...ce_conclusion/
    Lawtechie writes good stories and has quite an interesting collection of them in his history.
    Yeah that shit was golden.

  11. #731
    Movember 2011Movember 2012 Nordstern's Avatar
    Join Date
    April 10, 2011
    Posts
    9,487
    tfw you spend months fixing your product and some punk researchers say "lol nope"

    "Another Meltdown, Spectre security scare: Data-leaking holes riddle Intel, AMD, Arm chips"
    https://www.theregister.co.uk/AMP/20...down_variants/
    "Holy shit, I ask you to stop being autistic and you debate what autistic is." - spasm
    Quote Originally Posted by Larkonis Trassler View Post
    WTF I hate white people now...

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •