Topics tagged under "security"

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

M

City of Atlanta Shuts Down Due to Ransomware

News
• security ransomware • • mlnews

24

1
Votes

24
Posts

1.8k
Views

S

@dbeato said in City of Atlanta Shuts Down Due to Ransomware:

I don't even understand why Cisco needed to be involved let alone Microsoft... I guess they don't have an IT Team.

Yeah, pretty weird. No wonder these companies get compromised, they don't have any relevant staff. It's like getting robbed and realizing you have no facilities people locking the front door!
M

Tamper Proof Currency Wallet Pwned by Fifteen Year Old

News
• crypto currency security wallet ars technica • • mlnews

5

3
Votes

5
Posts

763
Views

T

@bnrstnr said in Tamper Proof Currency Wallet Pwned by Fifteen Year Old:

@travisdh1 This one?
https://i.imgur.com/F2EnQhB.gif

That's the one, my search skills are lacking today apparently.
O

S stands for security. Find out which certificate ensures the connection safety.

Starwind
• http https security • • Oksana

3

6
Votes

3
Posts

1.1k
Views

J

Not particularly good, actually. Good to spread awaremenss, but the information was mostly spotty with a chance of confusion.
S

The Myth of RDP Insecurity

IT Discussion
• rdp vpn security • • scottalanmiller

103

8
Votes

103
Posts

11.4k
Views

F

I've been dreaming of creating my own RD gateway authentication plugin - but I doubt I will ever find the time.
M

MoviePass CEO Backpedals After Accidentally Admitting to Spying on Customers

News
• moviepass security • • mlnews

14

1
Votes

14
Posts

530
Views

S

@travisdh1 said in MoviePass CEO Backpedals After Accidentally Admitting to Spying on Customers:

@dustinb3403 said in MoviePass CEO Backpedals After Accidentally Admitting to Spying on Customers:

@scottalanmiller said in MoviePass CEO Backpedals After Accidentally Admitting to Spying on Customers:

Movie theaters love it since all the profit is in the food anyway.

That'll be $22 please.

For a goddamn popcorn and a small soda!?

$22? Ouch, I'd so much rather be unemployed and living here then employed in most other areas of the country. That's like $9 here.

Got to be $40 here.
M

Best Buy and Geek Squad Caught Being Paid to Turn in Customers to FBI

News
• best buy geek squad security • • mlnews

1

3
Votes

1
Posts

322
Views

No one has replied
M

Slighshot Malware Found Hidden for Six Years in MikroTik Routers

News
• slingshot malware mikrotik ars technica security • • mlnews

1

4
Votes

1
Posts

446
Views

No one has replied
T

Cisco Security Vulnerability Thread.

News
• cisco security • • travisdh1

91

9
Votes

91
Posts

10.2k
Views

T

More remote code vulnerabilities. Haven't had time to look at what product(s) yet.
https://tools.cisco.com/security/center/publicationListing.x
C

Ubiquity Security appliance

IT Discussion
• ubiquity security anti-virus intrusion prevention intrusion detection • • CCWTech

55

0
Votes

55
Posts

3.8k
Views

S

It’s coincidental. Not visiting them 🙂
S

Only 50% of Cyber Security Attacks Target Small Businesses

IT Discussion
• security • • scottalanmiller

7

1
Votes

7
Posts

459
Views

S

@momurda said in Only 50% of Cyber Security Attacks Target Small Businesses:

What are you defining as a cyberattack?

Where "you" = "National CyberSecurity Alliance"
J

TPM vs PTT

IT Discussion
• ptt tpm intel security bitlocker encryption • • jepoytengco

2

2
Votes

2
Posts

5.7k
Views

S

PTT is a way of provider TPM, they are not two separate things. PTT is a non-dedicated hardware approach to TPM 2.0. PTT is designed for low power devices, often used in industrial computing.

Traditionally TPM requires a TPM module, a dedicated hardware processor and firmware for security. With TPM 2.0 dedicated hardware is no longer required. PTT is Intel's implementation of TPM 2.0 for low power systems.
S

Meltdown Shows Why to Avoid LTS Releases

IT Discussion
• linux meltdown zdnet security patching centos fedora ubuntu long term support • • scottalanmiller

5

2
Votes

5
Posts

1.1k
Views

S

@black3dynamite said in Meltdown Shows Why to Avoid LTS Releases:

What makes Red Hat and SUSE exempt compare to CentOS and OpenSUSE leap? Because we are paying for the support?

Nothing makes them exempt, they ARE CentOS and Leap, just paid for instead of free. They suffer just the same.
A

Securing Linux with Ansible

IT Discussion
• ansible linux security • • Alex Sage

13

1
Votes

13
Posts

997
Views

S

Here’s mine based off of the DISA STIGS.

https://mangolassi.it/topic/15041/ansible-hardening-role
J

What does Quad9 do the Pihole does not

IT Discussion
• quad9 dns security pi-hole • • JaredBusch

8

2
Votes

8
Posts

1.8k
Views

T

@scottalanmiller said in What does Quad9 do the Pihole does not:

@thwr said in What does Quad9 do the Pihole does not:

@jaredbusch said in What does Quad9 do the Pihole does not:

@thwr said in What does Quad9 do the Pihole does not:

Just from reading I would say he's using Quad9 as upstream DNS for his PiHole (which is used by clients)

I know that. I mean, what is the service Quad9 doing.

It's another "privacy" friendly DNS driven by IBM, Packet Clearing House (PCH) and Global Cyber Alliance (GCA). Placed as an alternative to Google's DNS

"Privacy friendly" is what we are worried about. It's from the US gov't so we really don't trust it.

I'm sure you've noticed the quotes around "privacy".
S

FreePBX Site Disconnects All Phones At Once

IT Discussion
• pbx voip freepbx firewall fail2ban responsive firewall security intrusion detection freepbx 14 • • scottalanmiller

1

6
Votes

1
Posts

657
Views

No one has replied
Z

Least Privilege Accounts Setup

IT Discussion
• security active directory • • zachary715

18

0
Votes

18
Posts

1.6k
Views

D

@black3dynamite said in Least Privilege Accounts Setup:

@zachary715 said in Least Privilege Accounts Setup:

@jaredbusch said in Least Privilege Accounts Setup:

@jaredbusch said in Least Privilege Accounts Setup:

@zachary715 said in Least Privilege Accounts Setup:

@jaredbusch said in Least Privilege Accounts Setup:

I create an AD account specifically for local admin rights.

This account information is ususally given to department managers.
So if software or something needs installed, and they choose not to contact me, they can.

They are also warned that fixing something will be billed...

So you have one AD account setup that multiple department managers use when they need something that requires admin privileges? And then what you give that account local admin rights on each machine, or give it some sort of admin authority within the domain itself?

That account gets local admin rights only. No other access.

If I was an on site IT department, I woudl probably do it a bit different. I would have time to experiment and setup better methods.

Yeah this is what I'm going through now and why I'm coming to the community to get input. Trying to think through this carefully and make sure I do it right and the way I want it done the first time.

With the help of GPO Preferences, you could take advantage of using Item-level targeting for Local Users and Groups to fine tune who should have local admin privileges depending on the user, groups and/or computers.

This is what I do. Works like a champ.
T

Cisco: we're not competent.

News
• cisco cisco asa security • • travisdh1

22

2
Votes

22
Posts

2.2k
Views

T

@scottalanmiller said in Cisco: we're not competent.:

https://arstechnica.com/information-technology/2018/02/that-mega-vulnerability-cisco-dropped-is-now-under-exploit/

They can own all the ASAs!
Z

Botnet Security Alert on Sonicwall

IT Discussion
• security sonicwall botnet • • zachary715

23

0
Votes

23
Posts

2.6k
Views

J

@scottalanmiller said in Botnet Security Alert on Sonicwall:

@tim_g said in Botnet Security Alert on Sonicwall:

@scottalanmiller said in Botnet Security Alert on Sonicwall:

@tim_g said in Botnet Security Alert on Sonicwall:

@scottalanmiller said in Botnet Security Alert on Sonicwall:

@jaredbusch said in Botnet Security Alert on Sonicwall:

@scottalanmiller said in Botnet Security Alert on Sonicwall:

@jaredbusch said in Botnet Security Alert on Sonicwall:

@scottalanmiller said in Botnet Security Alert on Sonicwall:

@tim_g said in Botnet Security Alert on Sonicwall:

Latest news is saying a half million sized botnet is mining line to, and one of the targets are Linux SQL servers.

What's a Linux SQL server? Anything running a relational database? How do they target them?

I assumed that one meant Linux servers running MS SQL.

I had thought of that, but that seemed so unlikely.

Not really. I mean you know how good Windows people patch right?

That's true. But it seems like a worthless target. How many of these can there be yet?

Probably nothing outside of labs / testing.

Why would you run MS SQL on Linux when an MS SQL license includes an OS license?
Why would you run MS SQL on Linux when there are better options to run on Linux?

MS SQL licenses include an OS license?

Maybe not. I thought about it again and I think I got that mixed with System Center including an MS SQL license.

Ah, okay. I was really confused there. I've always priced it out with Server + SQL Server licenses and CALs. Was hoping I hadn't been adding all that in extra all this time 🙂

You were not doing it wrong.
W

Moving Away From LAN-Centric Security

IT Discussion
• security network security endpoint security best practices • • wrx7m

35

0
Votes

35
Posts

3.1k
Views

O

Like I said, it was a couple years ago. Make sure to go through their documentation well.
M

Spectre and Meltdown Patches Causing Trouble as Realistic Attacks Approach

News
• ars technica meltdown intel spectre security • • mlnews

1

0
Votes

1
Posts

692
Views

No one has replied

8 / 32