Language:
switch to room list switch to menu My folders
Go to page: First ... 4 5 6 7 [8] 9 10 11 12 ... Last
[#] Wed Apr 18 2018 16:54:50 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

I'm amused that this is still around:

http://igopolis.myminicity.com/

(If y'all click on the link, IGopolis will get larger.)



[#] Thu Apr 19 2018 09:49:19 EDT from fleeb <>

[Reply] [ReplyQuoted] [Headers] [Print]


"Your flash player is outdated."

Gads.

[#] Wed May 30 2018 09:48:26 EDT from mo

[Reply] [ReplyQuoted] [Headers] [Print]

 

Thu Apr 19 2018 09:49:19 EDT from fleeb

"Your flash player is outdated."

Gads.

How did you know? Yikes!!



[#] Wed May 30 2018 09:54:53 EDT from fleeb <>

[Reply] [ReplyQuoted] [Headers] [Print]


Heh... the hint is in the word 'flash'.

The cool kids these days use 'HTML5'. Because it's all caps, not pronouncable, and isn't owned by anybody.

[#] Thu May 31 2018 00:52:32 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

This week I had to go complete a "mandatory security training" crapfest. I always just skip the presentations and fly through the test, since it's all pretty old and/or obvious stuff.

But ironically, to complete an evaluation on data security, I had to disable two security features of my browser: popup blocking and Flash blocking.
\

[#] Thu May 31 2018 06:52:37 EDT from Ragnar Danneskjold

[Reply] [ReplyQuoted] [Headers] [Print]

2018-05-31 00:52 from IGnatius T Foobar
This week I had to go complete a "mandatory security training"
crapfest. I always just skip the presentations and fly through the
test, since it's all pretty old and/or obvious stuff.

But ironically, to complete an evaluation on data security, I had to

disable two security features of my browser: popup blocking and Flash

blocking.
\



There's a person in my company who argues we need mandatory security training, and that for people who don't take it, it should be a "compensation limiting event".

I've decided to create a company drinking game. GDPR and "compensation limiting event" are two of my favorites.

[#] Thu May 31 2018 08:34:04 EDT from fleeb <>

[Reply] [ReplyQuoted] [Headers] [Print]


Heh... security...

Most people say 'training' and mean 'sit at a boring set of web pages or video and press shiny buttons at statements you'll just as quickly forget.'

Few people mean 'have the security team attempt to break into their own networks through phishing schemes or other pentesting techniques and drag the folks who enabled any found breaches into a brief training session that demonstrates just what the fuck happened so it becomes real to them.'

Becuase the latter involves real, serious effort, while the former is just a bandaid to a larger problem.

[#] Thu May 31 2018 09:35:26 EDT from wizard of aahz

[Reply] [ReplyQuoted] [Headers] [Print]

Ragnar - I think I'll play that drinking game remotely. Of course I'd be drunk by 9 am. (Okay, I'm a lightweight, but I'd be drinking a lot)

fleeb - being made an example of is always a life lesson.

[#] Thu May 31 2018 10:15:40 EDT from LoanShark <>

[Reply] [ReplyQuoted] [Headers] [Print]

There's a person in my company who argues we need mandatory security

training, and that for people who don't take it, it should be a
"compensation limiting event".

I've decided to create a company drinking game. GDPR and
"compensation limiting event" are two of my favorites.

I don't know about "compensation limiting event", but we now have a formal GDPR training class which is being referred to as "mandatory." This covers things like what is PII, how to handle it and how not to handle it. "Mandatory", I assume to mean a career-limiting event rather than a compensation-limiting event.

This is not to be confused with security training. Nobody understands security in this industry, even if they've been trained on it.

[#] Thu May 31 2018 10:18:06 EDT from LoanShark <>

[Reply] [ReplyQuoted] [Headers] [Print]

fleeb - being made an example of is always a life lesson.

See, there's always another bug. So busting heads and trying to make examples just gets you ignored.

[#] Thu May 31 2018 11:27:10 EDT from fleeb <>

[Reply] [ReplyQuoted] [Headers] [Print]


I wasn't so much thinking that the folks would be paraded around and laughed at as much as some shadowy and mildly scary component of the company approaches you with Very Bad News that might act as a kind of built-in incentive not to repeat mistakes.

'cause folks make mistakes, and you tend to learn best from those mistakes, so let's find them.

LS is right, though. It's frightening how ignorant even the folks trained in cyber security really are about cyber security.

I get the impression that, for hackers, the current state of affairs is a bit like shooting fish in a barrel.

To be fair, I don't consider myself to be especially great at it, either.
I've done port scans, used meterpreter to break into unpatched flavors of Windows, and even broken into a ridiculously old Linux machine, but they were all scripted, composed environments built for education, not live situations in the real world (because, y'know, I'm not interested in jail time, and I'm more interested in helping people learn about this stuff).

But when I see folks earning an income as a cyber security expert, yet can't even work out how to find the user's within a Windows operating system (or Linux, for that matter), or other basic sysadmin tasks, I wonder what exactly *is* a cyber security expert.

We hire interns who know more than these alleged cyber security experts.

(Hint: when will the bubble burst in this brave new field, and who will find themselves still standing?)

[#] Fri Jun 01 2018 12:52:28 EDT from Ragnar Danneskjold

[Reply] [ReplyQuoted] [Headers] [Print]

I think there's a difference between people who know policy and procedure and those who deal with network and machine level stuff.....

Too many people in "security" are nothing more than auditors who have taken some courses.


[#] Sun Jun 10 2018 22:27:19 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

Most people say 'training' and mean 'sit at a boring set of web pages

or video and press shiny buttons at statements you'll just as quickly

forget.'

You have to understand their objective.

It isn't "train people to use technology in a secure way."

Rather, it is "check the box that shows we did security training, so we can't be held negligent for lack of training if there's a breach."

[#] Thu Jun 14 2018 07:35:04 EDT from fleeb <>

[Reply] [ReplyQuoted] [Headers] [Print]


Yeah, that's the impression I have.

Until the industry standard changes such that the quality of that training is part of accountability, nobody will actually care.

This will likely require a successful lawsuit.

[#] Thu Jun 21 2018 10:41:38 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]


Here's a fun little story of domain hijacking.

Phishing? Forgery? Breaking into the registry?

Nope ... just break into the owner's home and rob the domain at gunpoint.

[ https://www.bleepingcomputer.com/news/legal/dude-gets-20-years-in-the-slammer-for-attempting-to-hijack-domain-at-gunpoint/ ]

[#] Sat Aug 25 2018 10:02:24 EDT from zooer

[Reply] [ReplyQuoted] [Headers] [Print]

art.png

 

Ahh yes...

If you visit the channel you are required to leave one of ten comments outlined below:

 1) "THEY SHOULD RAISE THE BRIDGE!!!"

  2) "I must be the first person to suggest lowering the road!"

  3) "You need a camera on the other side of the bridge"

  4) "Can opener!"

  5) "Hope they got the extra insurance!"

  6) "Hey did you notice (insert something that everyone noticed)"

  7) "I am from some country in Europe and bla bla bla bla bla."

  8) Something about traffic citations.

  9) "Box truck to flatbed!!"

 10) "That will buff out!"

 11) CDL/Know your height referance.

 12) Must be a member of some political party.

 13) Must be an illegal

 



[#] Mon Aug 27 2018 09:39:03 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

If you visit the channel you are required to leave one of ten
comments outlined below:

...for moderately large values of ten.

That was a pretty cool video to read the comments on, for two reasons:

1. I noticed you there

2. Someone actually found the damaged truck afterwards

I didn't know the 11'8" bridge was in Durham NC. I travel to that area from time to time. Next time I'm there with a rental car (not a 12' high rental truck) I'm going to have to go see it.

[#] Fri Aug 31 2018 14:03:12 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

"Despite the image of the Scrubbing Bubbles mascots, the product does not actually feature bubbles with bristles, which could potentially cause a number of problems with disposal."

Thanks, Wikipedia.  We needed to be told that.



[#] Tue Sep 18 2018 22:27:32 EDT from zooer

[Reply] [ReplyQuoted] [Headers] [Print]

 

Mon Aug 27 2018 09:39:03 AM EDT from IGnatius T Foobar
I didn't know the 11'8" bridge was in Durham NC. I travel to that area from time to time. Next time I'm there with a rental car (not a 12' high rental truck) I'm going to have to go see it. 

I pass close to Durham now and again but I don't want to go out of my way to see the bridge.

I found another channel you might like, it is the edited video taken from the many exterior security cameras of a web/cloud hosting company's very small parking lot.  Apparently there are several bars located nearby and people park their vehicles in the private parking lot. The parking lot has several "No Parking" signs.  In his spare time one of the employees makes videos of the vehicles as they pull into the parking area, the video shows the occupants of the vehicles and what they are doing before they leave the parking lot. He edits the tow truck towing the vehicles and the reaction of the car's occupants when they return to find their car has been towed.   I am amazed at how quickly a tow truck can grab a vehicle.   

https://www.youtube.com/user/gtoger/videos



Go to page: First ... 4 5 6 7 [8] 9 10 11 12 ... Last