@nadnerb said in Another Microsoft Breach, 92% of LinkedIn Users Compromised:

How did the 8% avoid being compromised?

I was wondering that.

@Dashrender said in When Anti-Virus Companies Get Hacked: Symantec, Trend Micro, and Intel McAfee:

I can't recall if the bad ccleaner was signed or not?

Even if it was, that would be a Microsoft compromise. This is about the AV vendors getting hacked.

@scottalanmiller said in Roll20.net breached:

Sucks when a site / business like that gets hit. Just people looking to have fun :(

Yeah. But at least they didn't store the passwords in clear text!

Another day, another security breach/problem.
Note to myself: Am I getting used to that?

@PhlipElder said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

@Pete-S said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

@PhlipElder said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

@Dashrender said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

@dafyre said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

@PhlipElder said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

All it takes is one absentminded click or drive-by that's completely shielded from us as we go about the day to day stuff and it's done. Game over. Say, "Bubbye".

There's always going to be that risk or one absentminded click.

Granted an Air-gapped PWA is a good way to handle it.... but so is not saving passwords in RDP files (I don't do this), and if you use an app like MobaXterm that can encrypt the files for you, use a good pass phrase.

However if your admin machine is owned, you have bigger issues to start with.

Well, the idea is that the air-gapped machine won't ever be in a situation to become compromised, is my guess. I haven't had a chance to look at the MS link Philip sent earlier.

There are several ways to implement with the simplest being the main machine having two VMs installed on it. One for day-to-day and one for client/systems management. Nothing is done on the machine itself with all designated tasks being done in their respective VM.

We have a number of laptops that came back from client refreshes. So, we're using them as our dedicated management machines. Asus makes a great external USB3 DisplayLink and DisplayPort external monitor that allows for two screens. That makes the work easier.

There is security leakage between VMs on a client machine for instance over clipboard.

Have a look at Qubes. https://www.qubes-os.org/

It's probably the best implementation of security separation to date.

Using the Hyper-V VM Console without RDS pass-through eliminates any access to the VM beyond console.

Same with KVM or whatever.

@aaronstuder said in Delta Airlines and Sears Have Large Credit Card Breach Through Third Party Shared Service Firm:

@harry-lui It is accepted everywhere...

Not true.

@mlnews said in Under Armor Security Breach Exposes 150 Million User Accounts:

Under Armor's MyFitnessPal has been compromised in a breach discovered on March 25 exposing 150 million user accounts.

I wonder if it is a state sponsored breach trying to obtain location data for things that are officially not there.

Nowadays they wouldn't get away on this. Maybe Troy Hunt will say something :P

@nerdydad said in Equifax Has 143 Million Americans Data Compromised:

Because of this contract, now the government has a stake in the game. They will probably do a full investigation to see if their information was compromised, who was incompetent, who made the decisions, etc.

https://techcrunch.com/2017/10/03/former-equifax-ceo-says-breach-boiled-down-to-one-person-not-doing-their-job/
http://money.cnn.com/2017/10/03/news/companies/equifax-ceo-congress/index.html

This contract with the IRS that was just rewarded on Friday?

I doubt there will be any governmental or organizational blow back. Everyone is already on to the next big thing that comes from twitter.

@jaredbusch said in Apache Struts - Critical Security Flaw:

Was the Eqifax breech because of the march strus flaw or a more recent one?

Just making sure the actual facts are known.

The one from March.

@stacksofplates said in Another Gov't (maybe) Breach:

@scottalanmiller said in Another Gov't Breach:

When you hire the lowest bidder in a market segment with no pride in their work, the number of resources isn't really a factor.

im just trying to understand from my experience with this. Money is thrown at things, not people. Very expensive things are purchased and sometimes never used and just sit there. But they can't "afford" to pay for real talent.

That's what I meant with unlimited resources. Again only in my experience, the money is thrown in the most incorrect place possible.

I'm seeing this all the time, everywhere right now.

LOL That company just needs to turn off all of it's servers, sell off everything and divy up the money to the shareholders!

@scottalanmiller said in HPE Laptop Compromises US Navy Sailor's Personal Data:

@DustinB3403 said in HPE Laptop Compromises US Navy Sailor's Personal Data:

If it doesn't effect the government overall why do I really care?

all hardware developers (and mainstream software) are culpable when it comes to this.

Why the military hasn't moved to Linux "globally" is insane.

I'm very lost as to what you are saying. What does the OS, hardware developers or anything else random have to do with the situation?

ancient-aliens.jpg

@Dashrender said in Yahoo Caught Giving Email Contents to Government Agencies:

Can't gmail act like a Pop3 client and go get the mail? So this really doesn't keep people from using another service like gmail.

O365 does too. And any client like Thunderbird or Outlook would fix this too.

@scottalanmiller said in Yahoo Breach Hit Half Billion Users:

Attack on Yahoo hit 500 million users
http://www.bbc.co.uk/news/world-us-canada-37447016

I was wondering when it was going to be confirmed. Yahoo kept wiping their brow and saying "Man, this is going to lower our value to Verizon... how do we spin this?"

@travisdh1 said in Seagate Sued by Own Employees Over Security Breach:

@IRJ said in Seagate Sued by Own Employees Over Security Breach:

@scottalanmiller said in Seagate Sued by Own Employees Over Security Breach:

Tagging @stus

I read the Knowbe4 Blog Daily. I love it!

I saw this attack on there this morning.

I signed up for the email summaries. Great blog site.

I love how their blog articles are technical, but also include a summary for non-technical people.