hate these ads?, log in or register to hide them
Page 405 of 407 FirstFirst ... 305355395402403404405406407 LastLast
Results 8,081 to 8,100 of 8139

Thread: I don't need sanity, work in IT (thread) every day

  1. #8081
    Liare's Avatar
    Join Date
    April 9, 2011
    Location
    Denmark
    Posts
    11,068
    Quote Originally Posted by Daneel Trevize View Post
    Hey, at least we all recently gained the NSA's ability to disable the Intel Management Engine (sorry, enable "High Assurance Platform" compliance) if you don't trust networked black boxes inside your CPU.
    yea, because something better has been rolled out m8, i'd wager some sort of "escalate to ring 0 and trojan-horse the fuck out of the uefi system that no debugger can reasonably detect" being the norm.

    besides, it's really a enterprise level feature that has no place in the private computing space, AMT is fucking ace from a "i support these +1000 boxen around the world, and i cannot be arsed to deal with it" point of view.

    Hacking team was caught running a ghetto version of this, but if you're uncle america you can coerce the manufactors into giving you priviledged access all the way trough, so that the tools will not see your fucking malware, because the system pretends it doesn't exist.

    hacking team does supply a number of agencies, but notice who's missing. and the comparatively small sums involved w.r.t. american customers.
    Last edited by Liare; September 10 2017 at 10:23:30 PM.
    Viking, n.:
    1. Daring Scandinavian seafarers, explorers, adventurers, entrepreneurs world-famous for their aggressive, nautical import business, highly leveraged takeovers and blue eyes.
    2. Bloodthirsty sea pirates who ravaged northern Europe beginning in the 9th century.

    Hagar's note: The first definition is much preferred; the second is used only by malcontents, the envious, and disgruntled owners of waterfront property.

  2. #8082
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    12,022
    The wikipedia page for them reads like they're amateurs, just using regular vulns to gain root & install kernel modules for eavesdropping.
    The UEFI persistence doesn't sound novel, it's the weakness people have complained about since day 1, and the reason there's that undocumented HAP bit.
    What are you proposing that's lower & better than the UEFI or ME?

    The Intel ME leak is almost certainly not intended, it's much more likely the inevitable discovery of a backdoor to the backdoor that makes for compelling evidence against all the stupid shit politicians keep calling for while claiming they magically won't be exploited.
    Just like the other recent NSA toolkit leaks that then fed into negative publicity such as the UK's NHS systems being heavily impacted, with significant blame able to be placed on the NSA for not reporting flaws for years & gambling that they'd be better able to abuse them than anyone else in the world with other intent. Mainstream news was reporting it in layman's term as being like a biological/nuke weapons stockpile & making it obvious how this can blow up in your own face, as it just did.

    I would not assume that the NSA's able to perfectly coordinate burning 1 set of tools once they've found another, nor do they have any real incentive to do so, especially with how heterogeneous mitigation procedures are across the world's computer systems. Older mechanisms can live on for a very long time (especially in heavy industry & public infrastructure), certainly there'd be as many domestic commercial systems put at risk by publicising the old flaws as foreign systems made accessible by new ones. You just make more work & pressure for yourselves if you release a glut of flaws for the public/country you're charged with protecting & not looking incompetent in front of.
    Last edited by Daneel Trevize; September 11 2017 at 09:02:51 AM.
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

  3. #8083
    Liare's Avatar
    Join Date
    April 9, 2011
    Location
    Denmark
    Posts
    11,068
    Quote Originally Posted by Daneel Trevize View Post
    The wikipedia page for them reads like they're amateurs, just using regular vulns to gain root & install kernel modules for eavesdropping.
    The UEFI persistence doesn't sound novel, it's the weakness people have complained about since day 1, and the reason there's that undocumented HAP bit.
    What are you proposing that's lower & better than the UEFI or ME?
    hacking team more or less are amateurs meight, it's the sort of vendor second and third tier countries rely on.

    And i am not proposing anything lower than UEFI, but rather that the tools available will find nothing wrong in large part because the backdoor is designed in from the get-go with cloaked storage and what not, that's the insidious nature of something like that, if you assume that you cannot trust the underlying architecture then you're essentially fucked unless you go all in and fab the chips yourself from the architecture and up.

    The Intel ME leak is almost certainly not intended, it's much more likely the inevitable discovery of a backdoor to the backdoor that makes for compelling evidence against all the stupid shit politicians keep calling for while claiming they magically won't be exploited.

    Just like the other recent NSA toolkit leaks that then fed into negative publicity such as the UK's NHS systems being heavily impacted, with significant blame able to be placed on the NSA for not reporting flaws for years & gambling that they'd be better able to abuse them than anyone else in the world with other intent. Mainstream news was reporting it in layman's term as being like a biological/nuke weapons stockpile & making it obvious how this can blow up in your own face, as it just did.
    you still have to break into the proverbial house and browsers as well as attendant services are far too monitored to dicker about with, not that it has not been attempted mind you, there are also another aspect to consider, once you start using a exploit, intentionally added backdoor or otherwise, in the wild detection is a matter of time, you dont want to burn the golden eggs on chaff.

    I would not assume that the NSA's able to perfectly coordinate burning 1 set of tools once they've found another, nor do they have any real incentive to do so, especially with how heterogeneous mitigation procedures are across the world's computer systems. Older mechanisms can live on for a very long time (especially in heavy industry & public infrastructure), certainly there'd be as many domestic commercial systems put at risk by publicising the old flaws as foreign systems made accessible by new ones. You just make more work & pressure for yourselves if you release a glut of flaws for the public/country you're charged with protecting & not looking incompetent in front of.
    it's pretty easy to see a incentive to burn a tool like that, a "competitor" is caught using it and they have a alternative facility available.

    it's still going to be around of course, but putting it out in the public means it's solved come the next hardware cycle, you can always expedite a hardware refresh for the equipment "at risk".
    Viking, n.:
    1. Daring Scandinavian seafarers, explorers, adventurers, entrepreneurs world-famous for their aggressive, nautical import business, highly leveraged takeovers and blue eyes.
    2. Bloodthirsty sea pirates who ravaged northern Europe beginning in the 9th century.

    Hagar's note: The first definition is much preferred; the second is used only by malcontents, the envious, and disgruntled owners of waterfront property.

  4. #8084
    Donor Sparq's Avatar
    Join Date
    April 11, 2011
    Location
    Strayastan
    Posts
    8,769
    Assuming most people here already know about this, but;

    BlueBorne: Bluetooth bug could expose billions of devices to attack, cyber experts warn








  5. #8085
    root's Avatar
    Join Date
    April 26, 2011
    Location
    The Camel Empire
    Posts
    2,917
    A coworker told me it was already known half a year ago, why is it now all over the news?
    Is this a new attack?
    The Rapier is my love boat
    ~lowsec smallscale pvp 'n stuff~

  6. #8086
    tulip's Avatar
    Join Date
    April 11, 2011
    Posts
    1,988
    Quote Originally Posted by root View Post
    A coworker told me it was already known half a year ago, why is it now all over the news?
    Is this a new attack?
    I think it's just a security firm that has finished their counter-measure program drumming up business by releasing these videos.
    Quote Originally Posted by Tarminic View Post
    Just for the record, "sending a needy text" is never the right answer.

  7. #8087
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    12,022
    Google & some others were contacted April 19th, but public disclosure was scheduled for Sept 12th.
    "Armis reached out to the following actors to ensure a safe, secure, and coordinated response to the vulnerabilities identified.

    Google – Contacted on April 19, 2017, after which details were shared. Released public security update and security bulletin on September 4th, 2017. Coordinated disclosure on September 12th, 2017.
    Microsoft – Contacted on April 19, 2017 after which details were shared. Updates were made on July 11. Public disclosure on September 12, 2017 as part of coordinated disclosure.
    Apple – Contacted on August 9, 2017. Apple had no vulnerability in its current versions.
    Samsung – Contact on three separate occasions in April, May, and June. No response was received back from any outreach.
    Linux – Contacted August 15 and 17, 2017. On September 5, 2017, we connected and provided the necessary information to the the Linux kernel security team and to the Linux distributions security contact list and conversations followed from there. Targeting updates for on or about September 12, 2017 for coordinated disclosure."
    Other platform-specific implementation vulns were found previously this year, e.g. CVE-2017-0646, CVE-2017-0423, but IDK which specific thing your friend might have been referring to ~6months ago.
    See https://cve.mitre.org/cgi-bin/cvekey...word=bluetooth
    Last edited by Daneel Trevize; September 14 2017 at 12:24:41 PM.
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

  8. #8088
    Donor Aea's Avatar
    Join Date
    April 13, 2011
    Location
    Colorado
    Posts
    13,901
    Samsung got no fucks to give.


    Sent from my iPhone using Tapatalk

  9. #8089

    Join Date
    September 13, 2011
    Location
    Norway
    Posts
    857
    Anybody experienced with VMM? How do I create my logical network without them being available to my Virtual Machines? I'm trying to use VMM to create a Management network which should never be available as an option to VM's.

  10. #8090

    Join Date
    May 30, 2011
    Location
    asleep
    Posts
    5,848
    Why would SCCM stop reporting hardware/software/last logon time for a subset of computers ?
    Is this the fabled WMI reset ?
    Please don't teach me what to do with my pc.

  11. #8091
    Liare's Avatar
    Join Date
    April 9, 2011
    Location
    Denmark
    Posts
    11,068
    Quote Originally Posted by Itiken View Post
    Why would SCCM stop reporting hardware/software/last logon time for a subset of computers ?
    Is this the fabled WMI reset ?
    WMI's fucked.

    why is WMI fucked ? nobody knows, not even microsoft.
    Viking, n.:
    1. Daring Scandinavian seafarers, explorers, adventurers, entrepreneurs world-famous for their aggressive, nautical import business, highly leveraged takeovers and blue eyes.
    2. Bloodthirsty sea pirates who ravaged northern Europe beginning in the 9th century.

    Hagar's note: The first definition is much preferred; the second is used only by malcontents, the envious, and disgruntled owners of waterfront property.

  12. #8092
    Movember 2012 Stoffl's Avatar
    Join Date
    April 10, 2011
    Location
    The original viennese waffle
    Posts
    20,736
    Because it's Tuesday

    Posted von mein Tapashitcunt
    2/10/17 Greatposthellpurge never forget
    23/10/17 The Greatreposteninging ?

  13. #8093

    Join Date
    May 30, 2011
    Location
    asleep
    Posts
    5,848
    Code:
    	MESSAGE PAYLOAD TRANSFER COMPLETE:
    	Status : SUCCESS
    	Direction: Upload
    	Msg ID: {BF8A5716-8B15-4616-A0BC-8E124222209D}
    	BITS Job ID: {C8A6045D-2344-4D49-99D1-0C4AF952FC9E}
    	Start time : 09/26/2017 13:28 (GMT)
    	Completion time : 09/26/2017 13:28 (GMT)
    	Elapsed time : 35 seconds
    Turns out something exciting was broken within data transfer stream, meaning >270 odd clients haven't been updating their asset inventories for 9 months.
    A simple job %{remove-cmdevice -name $_} and we are good again.

    fucking sccm..
    Please don't teach me what to do with my pc.

  14. #8094
    Donor Aea's Avatar
    Join Date
    April 13, 2011
    Location
    Colorado
    Posts
    13,901
    No monitoring?


    Sent from my iPhone using Tapatalk

  15. #8095

    Join Date
    May 30, 2011
    Location
    asleep
    Posts
    5,848
    nah. you gotta YOLO SCCM. as long as software deploys who gives a shit ?
      Spoiler:
    me it seems. welp it's proper fucked welp[
    Please don't teach me what to do with my pc.

  16. #8096
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    12,022
    The saga continues. 297KB PDF rejected vs 300KB size limit.

    https://indianvisaonline.gov.in/visa/VSS_IMAGE.pdf Page 8, "Enter the mane of the image".

    Stereotypes exist for a reason. Thank fuck I'm not taking this trip.

    P.S. "pages" without linkable URLs, no example of a passport page scan, overridden menu mouse-over mouse styling. Garbage.
    Last edited by Daneel Trevize; September 27 2017 at 11:45:36 PM.
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

  17. #8097
    Movember 2012 I Legionnaire's Avatar
    Join Date
    April 9, 2011
    Posts
    1,610
    Quote Originally Posted by Daneel Trevize View Post
    The saga continues. 297KB PDF rejected vs 300KB size limit.

    https://indianvisaonline.gov.in/visa/VSS_IMAGE.pdf Page 8, "Enter the mane of the image".

    Stereotypes exist for a reason. Thank fuck I'm not taking this trip.

    P.S. "pages" without linkable URLs, no example of a passport page scan, overridden menu mouse-over mouse styling. Garbage.
    I did some digging this morning to figure out why I couldn't run frontend selenium tests locally after writing a new one to cover a change. Turns out this stuff is actually just completely busted. There's a Jenkins job that runs them every night which has been failing silently since probably forever. Actually, silently isn't really true, one cunt has been getting them, the Indian contractor that wrote most of this shit.

    I changed the job to alert everyone via email, and now it's triggered on every PR. Fuckboy and I are going through his email history tomorrow so I can track down what commit broke this. My gut tells me this stuff has probably never worked though, which would explain why it doesn't do anything useful. No one has written any new tests in it since July.

    Unfuckingbelievable.

    edit: by failing I mean the webpack dev server never serves up the app, Selenium tries to run tests against a blank white page.

  18. #8098
    Donor erichkknaar's Avatar
    Join Date
    April 10, 2011
    Posts
    8,960
    Quote Originally Posted by I Legionnaire View Post
    Quote Originally Posted by Daneel Trevize View Post
    The saga continues. 297KB PDF rejected vs 300KB size limit.

    https://indianvisaonline.gov.in/visa/VSS_IMAGE.pdf Page 8, "Enter the mane of the image".

    Stereotypes exist for a reason. Thank fuck I'm not taking this trip.

    P.S. "pages" without linkable URLs, no example of a passport page scan, overridden menu mouse-over mouse styling. Garbage.
    I did some digging this morning to figure out why I couldn't run frontend selenium tests locally after writing a new one to cover a change. Turns out this stuff is actually just completely busted. There's a Jenkins job that runs them every night which has been failing silently since probably forever. Actually, silently isn't really true, one cunt has been getting them, the Indian contractor that wrote most of this shit.

    I changed the job to alert everyone via email, and now it's triggered on every PR. Fuckboy and I are going through his email history tomorrow so I can track down what commit broke this. My gut tells me this stuff has probably never worked though, which would explain why it doesn't do anything useful. No one has written any new tests in it since July.

    Unfuckingbelievable.

    edit: by failing I mean the webpack dev server never serves up the app, Selenium tries to run tests against a blank white page.
    it was making too many emails, so I set up a rule to delete them.

  19. #8099
    Shaikar's Avatar
    Join Date
    April 9, 2011
    Location
    Kador
    Posts
    1,829
    Quote Originally Posted by erichkknaar View Post
    Quote Originally Posted by I Legionnaire View Post
    Quote Originally Posted by Daneel Trevize View Post
    The saga continues. 297KB PDF rejected vs 300KB size limit.

    https://indianvisaonline.gov.in/visa/VSS_IMAGE.pdf Page 8, "Enter the mane of the image".

    Stereotypes exist for a reason. Thank fuck I'm not taking this trip.

    P.S. "pages" without linkable URLs, no example of a passport page scan, overridden menu mouse-over mouse styling. Garbage.
    I did some digging this morning to figure out why I couldn't run frontend selenium tests locally after writing a new one to cover a change. Turns out this stuff is actually just completely busted. There's a Jenkins job that runs them every night which has been failing silently since probably forever. Actually, silently isn't really true, one cunt has been getting them, the Indian contractor that wrote most of this shit.

    I changed the job to alert everyone via email, and now it's triggered on every PR. Fuckboy and I are going through his email history tomorrow so I can track down what commit broke this. My gut tells me this stuff has probably never worked though, which would explain why it doesn't do anything useful. No one has written any new tests in it since July.

    Unfuckingbelievable.

    edit: by failing I mean the webpack dev server never serves up the app, Selenium tries to run tests against a blank white page.
    it was making too many emails, so I set up a rule to delete them.
    ^

    With a side order of "we automated the tests so we didn't have to test it ourselves. I've been wanking solidly since."

  20. #8100
    Lana Torrin's Avatar
    Join Date
    April 13, 2011
    Location
    Bonding around
    Posts
    17,943
    WHY CAN YOU REPORT PATCHING COMPLIANCE CORRECTLY SCCM WHY!!!!!
    Quote Originally Posted by lubica
    And her name was Limul Azgoden, a lowly peasant girl.

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •