ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Miscellaneous Tech News

    Scheduled Pinned Locked Moved News
    7.4k Posts 83 Posters 3.8m Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller @Obsolesce
      last edited by

      @obsolesce said in Miscellaneous Tech News:

      @scottalanmiller said in Miscellaneous Tech News:

      Spiceworks appears to be down, at least their hosted helpdesk.

      SW is down like every week

      Not so much the helpdesk, I don't think. We use it heavily and tend to notice.

      1 Reply Last reply Reply Quote 0
      • ObsolesceO
        Obsolesce
        last edited by

        Marketing Firm Exactis Leaked a Personal Info Database With 340 Million Records
        https://www.wired.com/story/exactis-database-leak-340-million-records/

        RojoLocoR JaredBuschJ 2 Replies Last reply Reply Quote 0
        • RojoLocoR
          RojoLoco @Obsolesce
          last edited by

          @obsolesce said in Miscellaneous Tech News:

          Marketing Firm Exactis Leaked a Personal Info Database With 340 Million Records
          https://www.wired.com/story/exactis-database-leak-340-million-records/

          Once the fuckbags that let this shit happen get strung up and publicly tortured.... then these breaches will finally stop.

          dafyreD 1 Reply Last reply Reply Quote 3
          • dafyreD
            dafyre @RojoLoco
            last edited by

            @rojoloco said in Miscellaneous Tech News:

            @obsolesce said in Miscellaneous Tech News:

            Marketing Firm Exactis Leaked a Personal Info Database With 340 Million Records
            https://www.wired.com/story/exactis-database-leak-340-million-records/

            Once the fuckbags that let this shit happen get strung up and publicly tortured.... then these breaches will finally stop.

            Publicly flogged twice for each record leaked. Fined, $100,000 for each record leaked ($99,000 of which goes to the person whose records were leaked), and the entire C-Level team fired if this was discovered and not reported for more than 36 hours.

            1 Reply Last reply Reply Quote 2
            • JaredBuschJ
              JaredBusch @Obsolesce
              last edited by

              @obsolesce said in Miscellaneous Tech News:

              Marketing Firm Exactis Leaked a Personal Info Database With 340 Million Records
              https://www.wired.com/story/exactis-database-leak-340-million-records/

              Public ElasticSearch database

              fucking idiots.

              1 Reply Last reply Reply Quote 2
              • KellyK
                Kelly
                last edited by

                Interesting possibility for SMB network monitoring: https://www.ipswitch.com/about/news-and-events/ipswitch-news/first-ever-free-edition-of-whatsup-gold-released-by-ipswitch. 5 nodes isn't a ton, but if all you need is your edge and your core then this is good.

                1 Reply Last reply Reply Quote 0
                • KellyK
                  Kelly
                  last edited by Kelly

                  If your marketing people start complaining about the number of hits their sites are getting falling through the floor, this might be the culprit: https://thehackernews.com/2018/07/google-chrome-not-secure.html. (Since the link is not helpful, here is the headline from the article: "From today, Google Chrome starts marking all non-HTTPS sites 'Not Secure'".

                  travisdh1T 1 Reply Last reply Reply Quote 1
                  • travisdh1T
                    travisdh1 @Kelly
                    last edited by

                    @kelly said in Miscellaneous Tech News:

                    If your marketing people start complaining about the number of hits their sites are getting falling through the floor, this might be the culprit: https://thehackernews.com/2018/07/google-chrome-not-secure.html. (Since the link is not helpful, here is the headline from the article: "From today, Google Chrome starts marking all non-HTTPS sites 'Not Secure'".

                    Who doesn't have a site running HTTPS now? Before Letsencrypt made it free, maybe, but no excuse now! Even my home lab box runs everything over secured connections now.

                    coliverC KellyK scottalanmillerS 3 Replies Last reply Reply Quote 0
                    • coliverC
                      coliver @travisdh1
                      last edited by

                      @travisdh1 said in Miscellaneous Tech News:

                      @kelly said in Miscellaneous Tech News:

                      If your marketing people start complaining about the number of hits their sites are getting falling through the floor, this might be the culprit: https://thehackernews.com/2018/07/google-chrome-not-secure.html. (Since the link is not helpful, here is the headline from the article: "From today, Google Chrome starts marking all non-HTTPS sites 'Not Secure'".

                      Who doesn't have a site running HTTPS now? Before Letsencrypt made it free, maybe, but no excuse now! Even my home lab box runs everything over secured connections now.

                      I just run everything over a proxy that's encrypted.

                      travisdh1T 1 Reply Last reply Reply Quote 1
                      • travisdh1T
                        travisdh1 @coliver
                        last edited by

                        @coliver said in Miscellaneous Tech News:

                        @travisdh1 said in Miscellaneous Tech News:

                        @kelly said in Miscellaneous Tech News:

                        If your marketing people start complaining about the number of hits their sites are getting falling through the floor, this might be the culprit: https://thehackernews.com/2018/07/google-chrome-not-secure.html. (Since the link is not helpful, here is the headline from the article: "From today, Google Chrome starts marking all non-HTTPS sites 'Not Secure'".

                        Who doesn't have a site running HTTPS now? Before Letsencrypt made it free, maybe, but no excuse now! Even my home lab box runs everything over secured connections now.

                        I just run everything over a proxy that's encrypted.

                        That's what I do for everything that is web based. Still have a few things, like the minecraft server, that's not available on a standard web page.

                        1 Reply Last reply Reply Quote 0
                        • KellyK
                          Kelly @travisdh1
                          last edited by

                          @travisdh1 said in Miscellaneous Tech News:

                          @kelly said in Miscellaneous Tech News:

                          If your marketing people start complaining about the number of hits their sites are getting falling through the floor, this might be the culprit: https://thehackernews.com/2018/07/google-chrome-not-secure.html. (Since the link is not helpful, here is the headline from the article: "From today, Google Chrome starts marking all non-HTTPS sites 'Not Secure'".

                          Who doesn't have a site running HTTPS now? Before Letsencrypt made it free, maybe, but no excuse now! Even my home lab box runs everything over secured connections now.

                          Everyone should be, but we still run into computers without AV or passwords, so it is unsurprising to me that there are sites that neglect this basic responsibility.

                          travisdh1T scottalanmillerS 2 Replies Last reply Reply Quote 0
                          • travisdh1T
                            travisdh1 @Kelly
                            last edited by

                            @kelly said in Miscellaneous Tech News:

                            @travisdh1 said in Miscellaneous Tech News:

                            @kelly said in Miscellaneous Tech News:

                            If your marketing people start complaining about the number of hits their sites are getting falling through the floor, this might be the culprit: https://thehackernews.com/2018/07/google-chrome-not-secure.html. (Since the link is not helpful, here is the headline from the article: "From today, Google Chrome starts marking all non-HTTPS sites 'Not Secure'".

                            Who doesn't have a site running HTTPS now? Before Letsencrypt made it free, maybe, but no excuse now! Even my home lab box runs everything over secured connections now.

                            Everyone should be, but we still run into computers without AV or passwords, so it is unsurprising to me that there are sites that neglect this basic responsibility.

                            While I question the automatic response of AV being needed today, neglected servers, web sites, and anything else is way to common, for sure!

                            1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @travisdh1
                              last edited by

                              @travisdh1 said in Miscellaneous Tech News:

                              @kelly said in Miscellaneous Tech News:

                              If your marketing people start complaining about the number of hits their sites are getting falling through the floor, this might be the culprit: https://thehackernews.com/2018/07/google-chrome-not-secure.html. (Since the link is not helpful, here is the headline from the article: "From today, Google Chrome starts marking all non-HTTPS sites 'Not Secure'".

                              Who doesn't have a site running HTTPS now? Before Letsencrypt made it free, maybe, but no excuse now! Even my home lab box runs everything over secured connections now.

                              Well Google itself came up as not HTTPS just two days ago, so....

                              1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @Kelly
                                last edited by

                                @kelly said in Miscellaneous Tech News:

                                @travisdh1 said in Miscellaneous Tech News:

                                @kelly said in Miscellaneous Tech News:

                                If your marketing people start complaining about the number of hits their sites are getting falling through the floor, this might be the culprit: https://thehackernews.com/2018/07/google-chrome-not-secure.html. (Since the link is not helpful, here is the headline from the article: "From today, Google Chrome starts marking all non-HTTPS sites 'Not Secure'".

                                Who doesn't have a site running HTTPS now? Before Letsencrypt made it free, maybe, but no excuse now! Even my home lab box runs everything over secured connections now.

                                Everyone should be, but we still run into computers without AV or passwords, so it is unsurprising to me that there are sites that neglect this basic responsibility.

                                For static sites, it's not irresponsible in any way. If you have no user data moving, there's nothing wrong with plain text. There are good reasons to do HTTPS everywhere today, but security is not always it.

                                stacksofplatesS 1 Reply Last reply Reply Quote 0
                                • stacksofplatesS
                                  stacksofplates @scottalanmiller
                                  last edited by

                                  @scottalanmiller said in Miscellaneous Tech News:

                                  @kelly said in Miscellaneous Tech News:

                                  @travisdh1 said in Miscellaneous Tech News:

                                  @kelly said in Miscellaneous Tech News:

                                  If your marketing people start complaining about the number of hits their sites are getting falling through the floor, this might be the culprit: https://thehackernews.com/2018/07/google-chrome-not-secure.html. (Since the link is not helpful, here is the headline from the article: "From today, Google Chrome starts marking all non-HTTPS sites 'Not Secure'".

                                  Who doesn't have a site running HTTPS now? Before Letsencrypt made it free, maybe, but no excuse now! Even my home lab box runs everything over secured connections now.

                                  Everyone should be, but we still run into computers without AV or passwords, so it is unsurprising to me that there are sites that neglect this basic responsibility.

                                  For static sites, it's not irresponsible in any way. If you have no user data moving, there's nothing wrong with plain text. There are good reasons to do HTTPS everywhere today, but security is not always it.

                                  No user data doesn't mean you don't need HTTPS. MITM with fake login forms, DNS hijacking, etc is still a big vulnerability for static sites on HTTP.

                                  scottalanmillerS 1 Reply Last reply Reply Quote 1
                                  • scottalanmillerS
                                    scottalanmiller @stacksofplates
                                    last edited by

                                    @stacksofplates said in Miscellaneous Tech News:

                                    @scottalanmiller said in Miscellaneous Tech News:

                                    @kelly said in Miscellaneous Tech News:

                                    @travisdh1 said in Miscellaneous Tech News:

                                    @kelly said in Miscellaneous Tech News:

                                    If your marketing people start complaining about the number of hits their sites are getting falling through the floor, this might be the culprit: https://thehackernews.com/2018/07/google-chrome-not-secure.html. (Since the link is not helpful, here is the headline from the article: "From today, Google Chrome starts marking all non-HTTPS sites 'Not Secure'".

                                    Who doesn't have a site running HTTPS now? Before Letsencrypt made it free, maybe, but no excuse now! Even my home lab box runs everything over secured connections now.

                                    Everyone should be, but we still run into computers without AV or passwords, so it is unsurprising to me that there are sites that neglect this basic responsibility.

                                    For static sites, it's not irresponsible in any way. If you have no user data moving, there's nothing wrong with plain text. There are good reasons to do HTTPS everywhere today, but security is not always it.

                                    No user data doesn't mean you don't need HTTPS. MITM with fake login forms, DNS hijacking, etc is still a big vulnerability for static sites on HTTP.

                                    Right, but if you have a login or form, it's got user data. There are many sites that don't have those. MITM, DNS hijacking, aren't really risky if you don't transmit data.

                                    stacksofplatesS 1 Reply Last reply Reply Quote 0
                                    • stacksofplatesS
                                      stacksofplates @scottalanmiller
                                      last edited by

                                      @scottalanmiller said in Miscellaneous Tech News:

                                      @stacksofplates said in Miscellaneous Tech News:

                                      @scottalanmiller said in Miscellaneous Tech News:

                                      @kelly said in Miscellaneous Tech News:

                                      @travisdh1 said in Miscellaneous Tech News:

                                      @kelly said in Miscellaneous Tech News:

                                      If your marketing people start complaining about the number of hits their sites are getting falling through the floor, this might be the culprit: https://thehackernews.com/2018/07/google-chrome-not-secure.html. (Since the link is not helpful, here is the headline from the article: "From today, Google Chrome starts marking all non-HTTPS sites 'Not Secure'".

                                      Who doesn't have a site running HTTPS now? Before Letsencrypt made it free, maybe, but no excuse now! Even my home lab box runs everything over secured connections now.

                                      Everyone should be, but we still run into computers without AV or passwords, so it is unsurprising to me that there are sites that neglect this basic responsibility.

                                      For static sites, it's not irresponsible in any way. If you have no user data moving, there's nothing wrong with plain text. There are good reasons to do HTTPS everywhere today, but security is not always it.

                                      No user data doesn't mean you don't need HTTPS. MITM with fake login forms, DNS hijacking, etc is still a big vulnerability for static sites on HTTP.

                                      Right, but if you have a login or form, it's got user data. There are many sites that don't have those. MITM, DNS hijacking, aren't really risky if you don't transmit data.

                                      No, fake login forms that don't exist on your site but are injected.

                                      MITM, DNS hijacking, aren't really risky if you don't transmit data.

                                      They most definitely are. Cryptominers are a good example.

                                      1 Reply Last reply Reply Quote 1
                                      • ObsolesceO
                                        Obsolesce
                                        last edited by

                                        With DNS hijacking it doesn't matter.

                                        Nobody is going to pay attention to the warnings anyways.

                                        If I hijacked your DNS and redirected wellsfargo.com to my own server, and presented you with http://wellsfargo.com (non-https), perhaps you'd notice the non-https warning in Chrome, perhaps not, and you'd enter your credentials.

                                        If I hijacked your DNS and redirected your static-HTML site (http://staticsite.com) to my server, and suddenly presented to you a form... why would you fill out some random form? If I go to someone's static-html blog, and my DNS is hijacked, and now when i get to their blog i'm presented with some login... why woudl i attempt to log in to some random static-html blog site with credentials I would never have made or knwo in the first place?

                                        stacksofplatesS scottalanmillerS 2 Replies Last reply Reply Quote 0
                                        • stacksofplatesS
                                          stacksofplates @Obsolesce
                                          last edited by stacksofplates

                                          @obsolesce said in Miscellaneous Tech News:

                                          With DNS hijacking it doesn't matter.

                                          Nobody is going to pay attention to the warnings anyways.

                                          If I hijacked your DNS and redirected wellsfargo.com to my own server, and presented you with http://wellsfargo.com (non-https), perhaps you'd notice the non-https warning in Chrome, perhaps not, and you'd enter your credentials.

                                          This proves my point exactly? I don't know what you're arguing here. People don't pay attention unless it's in their face. They (Google) want to get to the point where you click through to an HTTP site (like with self signed certs).

                                          If I hijacked your DNS and redirected your static-HTML site (http://staticsite.com) to my server, and suddenly presented to you a form... why would you fill out some random form? If I go to someone's static-html blog, and my DNS is hijacked, and now when i get to their blog i'm presented with some login... why woudl i attempt to log in to some random static-html blog site with credentials I would never have made or knwo in the first place?

                                          If you present people with real looking OAUTH forms to sign in with gmail or whatever, people will log in. Just like in the sentence above, they don't pay attention. DNS hijacking isn't just for redirecting the whole site. I'm talking also about things like redirecting JS embedded in the page.

                                          scottalanmillerS 2 Replies Last reply Reply Quote 0
                                          • scottalanmillerS
                                            scottalanmiller @Obsolesce
                                            last edited by

                                            @obsolesce said in Miscellaneous Tech News:

                                            If I hijacked your DNS and redirected wellsfargo.com to my own server, and presented you with http://wellsfargo.com (non-https), perhaps you'd notice the non-https warning in Chrome, perhaps not, and you'd enter your credentials.

                                            Sure, but what if you hijacked a site that does NOT have a reason for you to log in? Your example requires that the site have had a login in the past to make sense. Do it for a brochure site and think about how silly this is as a risk.

                                            ObsolesceO stacksofplatesS 2 Replies Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 372
                                            • 373
                                            • 2 / 373
                                            • First post
                                              Last post