Tags added.

MM strange issue, I have had this issue with Buffalo and Synology but haven't found the answer.

IRS finally did something about it.

https://arstechnica.com/tech-policy/2017/10/after-second-bungle-irs-suspends-equifaxs-taxpayer-identity-contract/

@jmoore said in Linux vulnerability found - effecting Debian and RedHat:

@stacksofplates Oh that is interesting, I didn't know that.

Ya it forces it to use the legacy mmap layout which isn't vulnerable. Once you are able to reboot then you should be able to remove it.

@jaredbusch - I thought that is what you meant but did a double-take. LOL

0_1505718013007_IMG_7679.JPG

@nerdydad said in Equifax Has 143 Million Americans Data Compromised:

Because of this contract, now the government has a stake in the game. They will probably do a full investigation to see if their information was compromised, who was incompetent, who made the decisions, etc.

https://techcrunch.com/2017/10/03/former-equifax-ceo-says-breach-boiled-down-to-one-person-not-doing-their-job/
http://money.cnn.com/2017/10/03/news/companies/equifax-ceo-congress/index.html

This contract with the IRS that was just rewarded on Friday?

I doubt there will be any governmental or organizational blow back. Everyone is already on to the next big thing that comes from twitter.

Ya, so there must have been a change at some point. Setting the zone to drop and then adding services allows those services through. Firewalld site shows what your book says is correct and what (I'm 99% sure) I saw when I initially started with the SCAP stuff last year:

0_1505511440757_drop-site.png

However, here are the actual results:

0_1505511232007_drop.png

0_1505511240422_nmap.png

@stacksofplates said in Another Gov't (maybe) Breach:

@scottalanmiller said in Another Gov't Breach:

When you hire the lowest bidder in a market segment with no pride in their work, the number of resources isn't really a factor.

im just trying to understand from my experience with this. Money is thrown at things, not people. Very expensive things are purchased and sometimes never used and just sit there. But they can't "afford" to pay for real talent.

That's what I meant with unlimited resources. Again only in my experience, the money is thrown in the most incorrect place possible.

I'm seeing this all the time, everywhere right now.

EchoDot came back hard.

I disabled the pi-hole for 5 minutes (setting in the menu on the left) and poof. it is happy again.

0_1523583914500_7ec4ae68-6fbc-466c-b499-3cad488459ef-image.png

0_1523583888016_b5fd7e49-7c6a-4d40-9498-e7362394b34e-image.png

@penguinwrangler said in US Department of Justice Seeking IP Addresses of All 1.3m Visitors to DisruptJ20 Website:

@scottalanmiller said in US Department of Justice Seeking IP Addresses of All 1.3m Visitors to DisruptJ20 Website:

@penguinwrangler said in US Department of Justice Seeking IP Addresses of All 1.3m Visitors to DisruptJ20 Website:

@scottalanmiller While I think the scope of the request is a bit broad and has privacy concerns for other people not related to those arrested. I do not believe that there is an issue with the government trying to see if the people that were arrested did go to that website and did plan. It changes what charges and what sentencing can be rendered so it is pertinent to the case. I believe it should be a more narrow request than what it was.

Right, a narrow, appropriate request would be for the court case. This is not what a warrant related to the court case would look like.

I also know though you always ask for the moon and then settle for what you really want.

If they get the chance to do that. And you don't ask for the moon when it makes it into a court case exposing your department for corruption and an attack on the American people and the appearance of attempting to stifle free speech in order to promote a political agenda.

@stuartjordan said in NextCloud Introduces a Ransomware Protection App:

That is Great to hear, they are constantly developing on the project.

They really are. It's very busy.

@dashrender said in UK To Fine Some Service Agencies if Found with Inadequate Security:

@irj said in UK To Fine Some Service Agencies if Found with Inadequate Security:

@scottalanmiller said in UK To Fine Some Service Agencies if Found with Inadequate Security:

@irj said in UK To Fine Some Service Agencies if Found with Inadequate Security:

Most of the time it is just cheaper to pay the fine rather than practice good security. I recently read about a health organization that had a million records compromised. They were fined $3.5 million, so about $3.50 a record. Alot of companies figure it is better to just take the chance and even if you do get hacked it is still cost less than having a good security program.

That's often the case. Same thing with credit cards. Cheaper to pay for bad transactions than to pay for better security in the cards.

Yeah. These companies get rewarded for not having security. Just because you have terrible security, doesnt mean you will get breached either. How many are flying under the radar that we don't know about?

No the bigger question is, how many have been breached that they aren't aware of it, and the effects are low enough that it's not tripping any alarms?

Any good breach will be that way - no one knows except that data is out there, somewhere.

@dustinb3403 said in The NIST Finally Formally Chooses SAM Security Model for Passwords:

@scottalanmiller is that really the question.

More importantly why does it fucking matter. It was written so long ago and there has been plenty of time and evidence that what was written down was complete bullshit.

Except they new it was BS in 2003, too.

@storageninja said in Ubiquiti Security Gateway:

Agent based network abstraction is an interesting alternative to traditional VPN.

It's still traditional VPN, though. Other than automating the configuration, it's all stuff you could have done with OpenVPN or whatever decades ago. It's nice that it auto-configures and it is a great product (or was, appears mostly abandoned now) but it's not an alternative or new VPN, it's just a mesh VPN setup.

Pretty sure that ShadowCopy is still time only.

@dashrender said in Lenovo - if it's on your network, you ARE breached.:

@travisdh1 said in Lenovo - if it's on your network, you ARE breached.:

@gjacobse said in Lenovo - if it's on your network, you ARE breached.:

I'd like to see recent references; everything I have found hasn't been updated / linked to since 2019 about the 2014-2015 incident.

What has changed? Nothing.

Why should anyone keep reporting no news?

Exactly - There's nothing newer because they haven't been caught doing any dirty shit in the past 2-3 years. But at the same time - the same management is in charge, so why would we expect them to do things right?

I think that they've been caught. It's just so unimportant to American consumers if Chinese companies are spying on them that literally reporting it has no value.