minimatt
Junior Member
hyper mediocrity
Posts: 1,693
|
Post by minimatt on Sept 14, 2022 15:15:28 GMT
this would have solved the ipv4 address shortage if we'd known about the extra secret 20 addresses at the end of each subnet
|
|
dogbot
Full Member
Posts: 8,738
|
Post by dogbot on Sept 14, 2022 15:18:42 GMT
this would have solved the ipv4 address shortage if we'd known about the extra secret 20 addresses at the end of each subnet *ominous music plays* "Beyond the broadcast zone..." |
|
Bongo Heracles
Junior Member
Technically illegal to ride on public land
Posts: 4,662
Member is Online
|
Post by Bongo Heracles on Sept 16, 2022 9:12:22 GMT
|
|
dogbot
Full Member
Posts: 8,738
|
Post by dogbot on Sept 16, 2022 10:19:51 GMT
Christ.
For the lulz. And he got in by texting an employee prentending to be their tech support and got their username and password, after which he was able to access a shared folder on which there were Powershell scripts with Admin usernames and passwords in PLAIN TEXT.
Fucking idiots.
|
|
Bongo Heracles
Junior Member
Technically illegal to ride on public land
Posts: 4,662
Member is Online
|
Post by Bongo Heracles on Sept 16, 2022 10:29:59 GMT
Agile startups, innit? I have colleagues/friends who have gone to work for finance startups that would crumble if you leaned on them too hard. But devs are king and you cant impose any kind of restrictions on them so whatever. Wetransfer live customer databases to yourself, knock yourself out.
|
|
Bongo Heracles
Junior Member
Technically illegal to ride on public land
Posts: 4,662
Member is Online
|
Post by Bongo Heracles on Sept 16, 2022 10:32:27 GMT
We had a scary campaign the other day. We get a lot sent from scraped linkedin details but this one was from someone who put two and two together and worked out employees of third party suppliers often had internal accounts, so were phishing them at the supplier end to open payloads on our devices.
|
|
dogbot
Full Member
Posts: 8,738
|
Post by dogbot on Sept 16, 2022 11:47:29 GMT
Agile startups, innit? I have colleagues/friends who have gone to work for finance startups that would crumble if you leaned on them too hard. But devs are king and you cant impose any kind of restrictions on them so whatever. Wetransfer live customer databases to yourself, knock yourself out. True, but by the time you're on the cusp of the world's top 200 most valuable companies, if they haven't sorted that out it's hard to have any sympathies for 'em. Not just startups, either. The devs at my last place had a shit fit any time you asked them about things like change logs, never mind Secure Development Life Cycles. They also refused outright to give control of the platform to anyone else (not me, I should point out, but Infrastructure) so that they could scale up and deploy whatever whenever. In the end, I just escalated up to the group auditor and said fuck it, which of course, caused a shitstorm. But fuck 'em, they deserved it. |
|
sport✅
Junior Member
notice me senpai
I want to claim my tits
Posts: 2,327
Member is Online
|
Post by sport✅ on Sept 21, 2022 15:16:51 GMT
Anyone getting SSL Protocol errors when trying to load google.com atm?
|
|
uiruki
New Member
Posts: 811
Member is Online
|
Post by uiruki on Sept 21, 2022 15:26:58 GMT
Was in meetings with some potential CRM providers at work the last couple of days and the Salesforce people were very quick to point out that Uber wasn’t their fault. Which in fairness, it isn’t.
|
|
dogbot
Full Member
Posts: 8,738
|
Post by dogbot on Sept 21, 2022 15:31:42 GMT
Anyone getting SSL Protocol errors when trying to load google.com atm? Nope. What browser? |
|
sport✅
Junior Member
notice me senpai
I want to claim my tits
Posts: 2,327
Member is Online
|
Post by sport✅ on Sept 21, 2022 15:34:21 GMT
Anyone getting SSL Protocol errors when trying to load google.com atm? Nope. What browser? Chrome. Something is up though (or down rather) downdetector.com/status/google/Edit: actually looks like it could MalwareBytes causing issues. I restarted it and seems to be working again. I dunno |
|
dogbot
Full Member
Posts: 8,738
|
Post by dogbot on Sept 21, 2022 15:37:46 GMT
Chrome. Something is up though (or down rather) downdetector.com/status/google/Edit: actually looks like it could MalwareBytes causing issues. I restarted it and seems to be working again. Aha. Might be an update to that causing it, I suppose. I don't have that installed, so would explain why I didn't see it. |
|
|
|
Post by dfunked on Sept 30, 2022 15:00:43 GMT
Oh man, Hafnium was a lot of fun... Can't wait for the end of next week when our Infosec team hear about it and start to panic.
|
|
askew
Full Member
Posts: 6,831
Member is Online
|
Post by askew on Oct 4, 2022 15:24:34 GMT
Any Office 365 experts out there? Foolishly I installed Teams (for School & Work) on my personal PC, and despite unchecking the 'allow this device to be controlled' box, I note my machine is showing up under the Devices tab, with a big ol' killswitch in case it gets 'lost'. I do not want this.
Edit: Found the fucker: Windows Settings -> Accounts -> Access work or school. Is that Teams or signing into the account with a profile in Edge? Fucks sake.
|
|
Bongo Heracles
Junior Member
Technically illegal to ride on public land
Posts: 4,662
Member is Online
|
Post by Bongo Heracles on Oct 4, 2022 15:33:05 GMT
I dunno but you could uninstall it and just use the web version
|
|
|
|
Post by 😎 on Oct 4, 2022 15:49:54 GMT
What’s listed under the Access work or school tab should be AAD/Microsoft accounts. It should be as simple as disconnecting it. My guess is that your work has device management defaulted to on as part of the workplace join, so you can’t opt out.
If it’s still showing up under your work AAD profile as a device it’s probably just an artifact, but you could ask a global admin to nuke it.
|
|
askew
Full Member
Posts: 6,831
Member is Online
|
Post by askew on Oct 4, 2022 16:03:12 GMT
Yes, disconnecting it via that Settings panel did the trick. Seems to have logged me out of my current browser session, but a small price to pay. I wish we were still on GSuite/Google Apps  |
|
Bongo Heracles
Junior Member
Technically illegal to ride on public land
Posts: 4,662
Member is Online
|
Post by Bongo Heracles on Oct 4, 2022 16:13:24 GMT
RIP the one guy in every business who constantly suggested moving the business to google services
|
|
|
|
Post by baihu1983 on Oct 4, 2022 16:15:23 GMT
|
|
|
|
Post by 😎 on Oct 4, 2022 16:49:07 GMT
RIP the one guy in every business who constantly suggested moving the business to google services Our cyber team used to get near weekly “can I be granted an exception and use Google Docs?” requests, until eventually people understood that “absolutely fucking not” was now basically a macro response. |
|
Bongo Heracles
Junior Member
Technically illegal to ride on public land
Posts: 4,662
Member is Online
|
Post by Bongo Heracles on Oct 4, 2022 17:38:31 GMT
A few years ago, we had a cheeky monkey who figured out that Google calendar was pretty much the only Google app that wasn’t blocked so kept uploading/downloading stuff via attaching things to calendar appointments.
|
|
|
|
Post by 😎 on Oct 4, 2022 17:43:12 GMT
I’m always impressed by the stubborn workarounds people come up with rather than following the rules as designed. The best one I saw was someone using Excel Macros to transfer files to the cloud, rather than just…use the OneDrive sync client.
|
|
Bongo Heracles
Junior Member
Technically illegal to ride on public land
Posts: 4,662
Member is Online
|
Post by Bongo Heracles on Oct 4, 2022 17:51:57 GMT
Every user is a pen tester. Especially in a megacorp where some underemployed compsci grad in a call centre will try to whip up a macro or HTA that hooks into god knows what just to make finding addresses easier for his team.
|
|
|
|
Post by 😎 on Oct 4, 2022 18:21:13 GMT
But citizen dev and low code solutions will definitely take off this year.
|
|
|
|
Post by 😎 on Oct 4, 2022 18:23:48 GMT
and I totally was that underemployed compsci grad when I first joined my current company, in an effort to get a functioning org chart I wrote a script to poll through the only AD adjacent thing I had access to, which was on-prem SP profiles. Successfully locked up and brought down the entire farm when I ran that one.
|
|
cubby
Full Member
doesn't get subtext
Posts: 6,404
|
Post by cubby on Oct 4, 2022 18:25:02 GMT
Even USB C has splintered into loads of different standards. I already have 3 different kinds of USB C chargers. |
|
|
|
Post by 😎 on Oct 12, 2022 15:50:08 GMT
WHO’S EXCITED FOR MICROSOFT IGNITE WOO
More useless collab crap no one needs locked behind premium licensing.
|
|
dogbot
Full Member
Posts: 8,738
|
Post by dogbot on Oct 12, 2022 15:51:39 GMT
Errr. Yay?  |
|
|
|
Post by 😎 on Oct 12, 2022 15:53:36 GMT
I’m forced to pay attention to it for my job so I thought I’d inflict it here.
|
|
dogbot
Full Member
Posts: 8,738
|
Post by dogbot on Oct 12, 2022 15:58:03 GMT
Our infrastructure/365 guy mentioned it earlier, but it's not of much interest to me, I'm afraid.
I have to look at the security dashboard every now and again (for audit purposes) but almost without fail, the recommendations are "you'd have better security if you bought this product from us!".
|
|
