Posts by mikepren

Perverting the course of justice

Re: No mention of the alleged method for delivery of the hack.....

But they should still be securing their supply chain. Where was their module signing

Re: S/360

The old yellow cheat sheet. Amazing how much debugging assembler dumps translates into debugging hava stack dumps

Yes it's been rediscovered several times since then. The j-frog security guys nligged about it in 2022, from memory.

Any enterprise organisation who is using uncurated npm repositories is in for axworld of pain.

Re: I would like to see the not-so-subtle racism in this article applied elsewhere

But but But your insta stories..

Re: "sophisticated"

Well they're deploying CORs and CSP headers, now. Good thing they've only just been invented, and not been around for a decade. If you run a payment site without those, then you're not serious about security. Especially on Magneto.

Re: Not a Cossie, but...

When I worked for vendors, always carefully used wife's car on site, for first few calls, unless I knew customer was full of petrol heads

Re: General Sanders said the MoD should be developing …

I did Latin at school, and additional maths. After an IT career of 30+ years,none as scrum master or product owner, not sure which was the better choice.

Re: Splunk's advice for those hoping to avoid the attack is simple

Guardduty from AWS has a specific finding on brute force RDP ports. Of course it has to be turned on, and some one has to read the alert. I'm ignoring the ability to automate a response on the basis that anyone who would leave an exposed RDP port is unlikely to have automated remediation.

Re: Smells bad

Weren't they Autonomy auditors? Their duty of care is to Autonomy, and the current shareholders, not to any prospective purchasers.

Re: Coin operated and risk/reward

Incentives drive behavior

Re: I'm maths challenged, sorry.

But aren't track and trace mainly consultancies.

Those guys are employed. Apart from the partners, seeing the comments higher up.

And denying that the looked data has actually been used

Re: I think they are Nerfing...

I think it's worse than that. I think there design is wrong, for massive scale. Status messages shouldn't Nedd to be p2p, that's what you have topics and messaging for. In the days of on pi rem app servers you used to have state replication like that (p2p) but as you scale you moved to a different paradigm, like a central HA dB, or some broadcast technology.

Re: Sharepoint ??

It makes me sad too

It's not if they click on the first link, it's if they still click after round 3.

This has to be iterative

Re: Exchange Server

The mere fact you talk about upgrades, and then patches, means you aren't 90% of the remaining on prem exchange sites

Love the Long for manager bonus, great touch

Re: Quarterly

Given that it was operating over 8 months and hence I assume two scans, I'd suggest the frequency wasn't the issue.

To be fair to the scanning company, you need to understand the terms of reference they were engaged on.

Re: Not just coronavirus

Really if you are using atlassian you should be tieing it to some identity store, and ideally name Corp 2fa. BOTH AWS AND AZURE MAKE THIS EASIER (shouting intended). JFDI

/rant over

In fact this should be for any SAAS service, that be ns you Service Now admins!

Re: most senior officials and ministers were using bog-standard Zoom

Secretly they are competent, it's just a misdirection to fool the enemy /french

Re: Another SCADA attack

Nisr imposes legal responsibility on the utilities, around their critical infrastructure. SCADA controlling the fresh water systems certainly fits that definition. I imagine ofwat is very closely examining this

Re: The embedded gear is often based on very low-power hardware

Doesn't it say all the devices are from azure? Surely that's the issue? All that virtulisation means limited entropy feed

Re: Had They Never Cut Over A System Before

Don't forget that all previous integration was with v3 of their code. They'd decided to let tsb, really lloyds, pay for a system upgrade. New Middleware, Web interface and mobile apps, and they also used the project to get rid of their legacy VB code.

Re: The question is: what are reasonable efforts

The failing here is to insist on a secure data transfer mechanism.

Re: But Benghazi!

Don't forget the comb over...

Like a bit of lizard. All hail our alien overlords

Re: Not 20%

They changed the rules on dividends, after the first 2k it's taxed as income.

The main advantage of contracting are expense costs and liability.

If you can't get expenses then you can't travel. That will hurt the economy at the same time that kids aren't moving due to the increased city living costs.

Re: RE: TonyJ

Convenient for car thieves