Miscellaneous Tech News
-
SSL Certs expired at TrustWave
-
Look at those dates, they've not been following the super basic security rule of updating every six months. That's way, way too long expired. That's like web security 101. Total fail. Someone needs to teach them about LetsEncrypt.
-
@scottalanmiller said in Miscellaneous Tech News:
Kaseya potentially imploding after Datto acquisition, CEO goes on a rampage alienating incoming staff...
He says he's not trying to be a dick but clearly looks like a dick!
-
@WLS-ITGuy said in Miscellaneous Tech News:
@scottalanmiller said in Miscellaneous Tech News:
Kaseya potentially imploding after Datto acquisition, CEO goes on a rampage alienating incoming staff...
He says he's not trying to be a dick but clearly looks like a dick!
Generally the case.
Example... "I don't mean to be racist but....."
You know, whatever comes next is going to be racist. As above, whatever came next, was likely him being a dick.
-
I don't want to be pretentious...
But box wine is for losers, only those that don't understand the value of glass are serious wine drinkers. I won't drink anything with a screw top or plastic cork either, only real tree bark for real wine.
Um yeah, pretentious.
-
For reference, I buy box wine.
-
After getting interrupted for the 3rd time when trying to ask questions, I wouldn't have cared at that point what the benefits were, I would've been DUDE! You're SO BEING A DICK RIGHT NOW!
-
-
Uber Breach 2022
The critical vulnerability that granted the attacker such high levels of access was hardcoded credentials in a PowerShell script
-
@Obsolesce said in Miscellaneous Tech News:
Uber Breach 2022
The critical vulnerability that granted the attacker such high levels of access was hardcoded credentials in a PowerShell script
Argh, why the heck is there Windows development on a platform like Uber? And who approved THAT GIT checkin?
-
@scottalanmiller said in Miscellaneous Tech News:
@Obsolesce said in Miscellaneous Tech News:
Uber Breach 2022
The critical vulnerability that granted the attacker such high levels of access was hardcoded credentials in a PowerShell script
Argh, why the heck is there Windows development on a platform like Uber? And who approved THAT GIT checkin?
No idea. Android and ios only AFAIK. No need for Windows. But I have a feeling that one who bakes credentials into scripts would do it in any scripting language. You'd also think a vulnerability like that would have been found during scanning. They must not have any devsecops or code scanning tools in place.
-
@Obsolesce said in Miscellaneous Tech News:
@scottalanmiller said in Miscellaneous Tech News:
@Obsolesce said in Miscellaneous Tech News:
Uber Breach 2022
The critical vulnerability that granted the attacker such high levels of access was hardcoded credentials in a PowerShell script
Argh, why the heck is there Windows development on a platform like Uber? And who approved THAT GIT checkin?
No idea. Android and ios only AFAIK. No need for Windows. But I have a feeling that one who bakes credentials into scripts would do it in any scripting language. You'd also think a vulnerability like that would have been found during scanning. They must not have any devsecops or code scanning tools in place.
Clearly no one is scanning or checking anything. That's the problem. And that's why Windows development is an issue, it starts a "trend" of looking the other way for obvious non-best practices. Once something so fundamental as making business software or production server software on a platform that is costly, risky and less performant (presumably to allow hiring less than capable developers - that's why that ecosystem exists there) then where do you start adding best practices when clearly, it's not even on the radar? you don't, it just doesn't make sense to. So you get here.
-
@scottalanmiller said in Miscellaneous Tech News:
@Obsolesce said in Miscellaneous Tech News:
Uber Breach 2022
The critical vulnerability that granted the attacker such high levels of access was hardcoded credentials in a PowerShell script
Argh, why the heck is there Windows development on a platform like Uber? And who approved THAT GIT checkin?
I'm sure their desktop environment is Windows for their non techies. And there's probably little to no separation between the Uber app platform and their staff.
-
@Dashrender said in Miscellaneous Tech News:
I'm sure their desktop environment is Windows for their non techies.
That's weird as that is a power user platform. You'd never put that in to make things harder jsut for the less capable staff if you don't for the good staff. But that's not really relevant, why would their applications be getting built on Windows regardless of that? And even if they were BUILT on Windows, why would the app deployment happen to Windows? What is used by some non-dev staff has zero to do with what is talking to their system.s
-
@scottalanmiller said in Miscellaneous Tech News:
@Dashrender said in Miscellaneous Tech News:
I'm sure their desktop environment is Windows for their non techies.
That's weird as that is a power user platform. You'd never put that in to make things harder jsut for the less capable staff if you don't for the good staff. But that's not really relevant, why would their applications be getting built on Windows regardless of that? And even if they were BUILT on Windows, why would the app deployment happen to Windows? What is used by some non-dev staff has zero to do with what is talking to their system.s
You're asking people to do things your way - we all know that's not the typical way.
-
@Dashrender said in Miscellaneous Tech News:
@scottalanmiller said in Miscellaneous Tech News:
@Dashrender said in Miscellaneous Tech News:
I'm sure their desktop environment is Windows for their non techies.
That's weird as that is a power user platform. You'd never put that in to make things harder jsut for the less capable staff if you don't for the good staff. But that's not really relevant, why would their applications be getting built on Windows regardless of that? And even if they were BUILT on Windows, why would the app deployment happen to Windows? What is used by some non-dev staff has zero to do with what is talking to their system.s
You're asking people to do things your way - we all know that's not the typical way.
No, I'm asking people to do their jobs and do them well. Nothing more. Basic competence.
-
Optus (second largest telco in Australia) has been compromised and customer data loss has been confirmed
https://www.itnews.com.au/news/optus-attack-exposes-customer-information-585567
-
How Citrix dropped the ball on Xen ... according to Citrix
-
@Danp said in Miscellaneous Tech News:
How Citrix dropped the ball on Xen ... according to Citrix
Jaja, yay I got sort of referenced (as the one who proposed XCP-NG. They also screwed themselves royally by mixing the names all over the place. They left that out, the utter market confusion that they created by calling everything Xen.
They did more than crush trust in Xen. They caused many people to simply distrust Citrix.
-
@scottalanmiller said in Miscellaneous Tech News:
Jaja, yay I got sort of referenced
The
"weird systems users": hobbyists who offer virtualization to non-profit and charity users, using old, out-of-maintenance hardware that had been inherited or passed on to them. Enthusiast users, with no funds to buy licenses?
