ทวีตที่ปักหมุด
Sysadministrivia
8K posts
Sysadministrivia
@SysAdm_Podcast
Apparently twitter does not let you include the word admin in your handle. Go figure. https://t.co/NmOsH0lUoW most tweets by @brentsaner
USA เข้าร่วม Şubat 2015
1.2K กำลังติดตาม934 ผู้ติดตาม
@evilsocket To be fair, you can do this with straight up telnet to a target SMTP server: dattaproffs.se/2017/02/22/how…
English
TIL you can enumerate valid email addresses for any G Suite domain with a simple HTTP request ... pretty neat!
English
@GeorgeOhWell10 @erlichya LZ were plenty impressive on their own right; no need to steal thunder from other innovations.
English
@GeorgeOhWell10 @erlichya And ZIP (technically, DEFLATE) used only *parts* of LZ77 along with Huffman encoding. ZIP was entirely Katz and Conway, not LZ, and isn't itself spec'd to any compression whatsoever- just provides hooks/allowances for it.
English
@MrKevHunter @CompuConnexions @BrandonLive @robertgraham for a targeted account unless they've fixed that or implemented mandatory MFA in the meanwhile. This was a while back.
English
@MrKevHunter @CompuConnexions @BrandonLive @robertgraham Theoretically assuming the attack was silent enough, not even 1Password would know.
Pragmatically, last I looked into it they didn't limit or restrict failed login attempts so a bruteforce *may* be feasible (con't)
English
I'm curious. Other than the fact that they've had known incidents... is there a basis for believing 1Password is more generally more secure than LastPass?
English
Sysadministrivia รีทวีตแล้ว
Stop using LastPass as your password manager.
Move to any other one, and please change any passwords you have on there now.
English
@Paul__Walsh @evacide @kvakes Anything beyond is a fundamental misunderstanding of the right to privacy.
The consumer/user has no direct and enforceable guarantee that the privacy of their real-life identity is respected *except for never requiring it in the first place*.
English
@Paul__Walsh @evacide @kvakes My entire argument is this API call, in mention, is now pointless. There is no purpose to verifying "identity" (as you've taken upon yourself to claim context) unless it's something tied *to servicing* that identity.
English
@Paul__Walsh @evacide @kvakes well, no- there *is* PII. a specific *value* be ephemeral, but it's still required. further, tokenizing to a specific entity is, itself, still PII.
Personal - yep, entity is an individual, a person
Identity -ah, yep, there is indeed a set of data and history tied to this entity
English
@SysAdm_Podcast @evacide @kvakes The use of real names doesn’t necessarily have to mean the collection of real names. For example, an entity could verify real names and then immediately delete them when a unique ID is created. Metadata could be restricted to behavior - zero PII. A possible use case!?!
English
@Paul__Walsh @evacide @kvakes i thought "I am always going to set fire to ... requir[ing] the use of real names online" was pretty clear
English
@bastianpurrer @Leomoss @PrivSecurity @evacide might want to rethink that for #2, becsuse the posturing for "hacking back" as part of nationstate cyberwarfare is literally what directly led to WannaCry.
English
@Leomoss @PrivSecurity @evacide If that's it, I agree with @evacide, but otherwise had same concern as @PrivSecurity - I definitely hope we hack back against Russia etc?
1&3 yes yes yes!!
English
Sysadministrivia รีทวีตแล้ว
BREAKING
Microsoft allegedly breached.
@campuscodi @vxunderground
#cybersecurity #infosec @Microsoft
English
English
@brandonscript Ah, so like a timed "/mute for 1 hour"? We'll share the idea, thank you!
English
@chakkerz @gamozolabs Oh word; here's some recommended reaources to get you started when you have the time! (Hit the first link las6; the upstream docs are a bit dry)
gitlab.com/apparmor/appar…
ubuntu.com/server/docs/se…
wiki.debian.org/AppArmor
wiki.archlinux.org/title/AppArmor
English
@chakkerz @gamozolabs from an actual hardening/security perspective, though, they're both good. either one is better than neither. :)
English