Subject: Log4j
Great. Another long weekend for a lot of people.
As is tradition, we have to point out that a logging program being so complex that it could even be capable of getting exploited like this is ridiculous -- and it's another example of what we call ... "progress".
Im sure ill have stones tossed at me, but i would imagine that
google's is 'good enough' if you are going that route.
It *is* good enough for someone who doesn't care about de-googleing their computers. I actually wish I had a password manager right now, because I'm doing my bookmark syncing with a third party program (xBrowserSync) which is *really* nice because it works across not only multiple devices but multiple browsers -- but it doesn't sync passwords.
its sort of a trade-off. Noting comes free..
So far, the trade-off to be a google captive works out, for me at least. Next month, next year? Who knows. But today, its ok. And i do have that netxcloud install out on my farm ( even got SSL to work so it can do video chat ) and it works well, its tempting, to switch. But, ya, you lose some things that are convenient.
2022-01-02 07:35 from Nurb432
I have not been keeping up, i assume that tor v2 addresses are now
dead?
I don't follow Tor closely, but so do I think. Now you have to use these monster URLs if you want to access .onion services :)
Several of my bookmarks gave me errors ( i dont get on often so it might have been a while, or last night.. who knows ) but a couple i 're-found' ( like proton mail ) and they were different links, but now worked.
I know that was on the horizon, so i figured that is what happened.
So that network compromise i talked about a month ago. I guess our security team has just announced " no, we will not be answering any questions and you must cancel the requests from our customers for explanations. "
WTF. we are a freaking public entity.
You got hit by that ransomware - and if you're a Windows shop, it came in through a print spooler exploit.
Tue Jan 11 2022 14:48:12 EST from Nurb432So that network compromise i talked about a month ago. I guess our security team has just announced " no, we will not be answering any questions and you must cancel the requests from our customers for explanations. "
WTF. we are a freaking public entity.
No, not even close.
What i can say it was vulnerabilities built into an application several entities like us were using. It was inserted by the developing company, they had an insider from china who did it, so it wasn't 'planned' by the company.
It used several general exploits to spread, which were patched by everyone else that got hit.
Tue Jan 11 2022 06:15:52 PM EST from ParanoidDelusionsYou got hit by that ransomware - and if you're a Windows shop, it came in through a print spooler exploit.
Tue Jan 11 2022 14:48:12 EST from Nurb432So that network compromise i talked about a month ago. I guess our security team has just announced " no, we will not be answering any questions and you must cancel the requests from our customers for explanations. "
WTF. we are a freaking public entity.
Interesting.
Tue Jan 11 2022 18:47:43 EST from Nurb432No, not even close.
What i can say it was vulnerabilities built into an application several entities like us were using. It was inserted by the developing company, they had an insider from china who did it, so it wasn't 'planned' by the company.
It used several general exploits to spread, which were patched by everyone else that got hit.
Tue Jan 11 2022 06:15:52 PM EST from ParanoidDelusionsYou got hit by that ransomware - and if you're a Windows shop, it came in through a print spooler exploit.
Tue Jan 11 2022 14:48:12 EST from Nurb432So that network compromise i talked about a month ago. I guess our security team has just announced " no, we will not be answering any questions and you must cancel the requests from our customers for explanations. "
WTF. we are a freaking public entity.
oh and the print spooler thing, we took care of that the day it was known. ( it was rather painful. You had to call a field tech out to add a printer.. )
Ig is wrong about Exchange. 5.5 was an awesome platform...
But Microsoft's print services have sucked all the way back to NT 4. Roaming profiles and remote printers has always been an absolute disaster, and the Spooler causes probably 85% of Desktop support problems industry wide.
Fri Jan 14 2022 17:59:53 EST from Nurb432oh and the print spooler thing, we took care of that the day it was known. ( it was rather painful. You had to call a field tech out to add a printer.. )
In principle Roaming Profiles is a good idea. In practice, not so much.
Mon Jan 24 2022 11:31:49 AM EST from ParanoidDelusionsIg is wrong about Exchange. 5.5 was an awesome platform...
But Microsoft's print services have sucked all the way back to NT 4. Roaming profiles and remote printers has always been an absolute disaster, and the Spooler causes probably 85% of Desktop support problems industry wide.
Roaming Profiles was a good idea but they never quite got it right. On a real computer you just remotely mount /home and everything just sort of works the way you expect on every computer involved.
One drive auto sync is trying to do the same thing. Cant comment much about it yet however. We just started doing that at the office.
Wed Jan 26 2022 02:57:32 PM EST from IGnatius T FoobarPD is wrong about Exchange. 5.5 is the worst of them all. The one after that was also the worst. After that it went into a bit of a decline.
Roaming Profiles was a good idea but they never quite got it right. On a real computer you just remotely mount /home and everything just sort of works the way you expect on every computer involved.
I need to read some good conversation on the subject, preferably both sides. I haven't been able to turn up anything helpful yet in my own searches.
My personal opinion is that its a wash. Unless you are running on a semi-anonymous vpn, someone knows, somewhere.
BUT, i suppose cloud-flare is more disconnected from you than your local isp.
Fri Apr 08 2022 09:37:37 AM EDT from zelgomerUpdated Firefox recently and noticed they now enable DNS-over-HTTPS by default. Do I want to leave this enabled? Could you please share your opinions of it? I'm on the fence. On the one hand, my ISP can spy on my DNS queries. On the other hand, now Cloudflare can spy on my DNS queries. Who is the lesser of the two evils here? Is this a further move toward total web centralization?
I need to read some good conversation on the subject, preferably both sides. I haven't been able to turn up anything helpful yet in my own searches.
2022-04-08 09:37 from zelgomer
Updated Firefox recently and noticed they now enable DNS-over-HTTPS by
default. Do I want to leave this enabled? Could you please share your
opinions of it? I'm on the fence. On the one hand, my ISP can spy on my
DNS queries. On the other hand, now Cloudflare can spy on my DNS
queries. Who is the lesser of the two evils here? Is this a further
move toward total web centralization?
I need to read some good conversation on the subject, preferably both
sides. I haven't been able to turn up anything helpful yet in my own
searches.
Cloudflare is a Google-grade threat to privacy at this point. If your ISP is not a very, VERY big one, Cloudflare is more dangerous.
They get to see more traffic than anybody else with few exceptions.
I personally tunnel my DNS queries to a server I actually own. If you are concerned you can use an encrypted tunnel to an Opennic server, so neither Cloudflare nor your ISP can see what you are doing. Reaching that point you may as well be using Tor, but for the regular Internet it may suffice.
2022-04-08 11:19 from Nurb432
My personal opinion is that its a wash. Unless you are running on a
semi-anonymous vpn, someone knows, somewhere.
BUT, i suppose cloud-flare is more disconnected from you than your
local isp.Fri Apr 08 2022 09:37:37 AM EDT from zelgomer
Updated Firefox recently and noticed they now enable
DNS-over-HTTPS by default. Do I want to leave this enabled? Could you
please share your opinions of it? I'm on the fence. On the one hand,
my ISP can spy on my DNS queries. On the other hand, now Cloudflare
can spy on my DNS queries. Who is the lesser of the two evils here?
yet in myIs this a further move toward total web centralization?
I need to read some good conversation on the subject, preferably
both sides. I haven't been able to turn up anything helpful
own searches.
In the case of DNS you may also run an iterative server and access the Root DNS services directly with no middle man.
You know, what bothers me in all of this is that Firefox is cooperating so much with the tracking crap.
I cant give you details ( and even if i could, i probably should not say too much ), but i guess CF offers some sort of service to 'secure' external facing web apps. We are migrating one of our largest. I guess once the switch is flipped you access it thru their 'stuff' which tunnels back to our internal network, i assume via VPN.
ya, pretty vague, but i'm not part of the teams involved, nor in testing.. BUT it seems like a bad plan to me.
Thu Apr 14 2022 06:25:59 PM EDT from darknetuserCloudflare is a Google-grade threat to privacy at this point. If your ISP is not a very, VERY big one, Cloudflare is more dangerous.
They get to see more traffic than anybody else with few exceptions.
I personally tunnel my DNS queries to a server I actually own. If you are concerned you can use an encrypted tunnel to an Opennic server, so neither Cloudflare nor your ISP can see what you are doing. Reaching that point you may as well be using Tor, but for the regular Internet it may suffice.