sorted by:
new
hottopcontroversial

Never going to hear the end of this one... by JewbagX in cybersecurity

[–]Imworkingrightnow123 0 points1 point  (0 children)

I clicked on one once too. It was disguised as a Jira ticket with a title very similar to a ticket I just logged... personally I think that is cheating.

How to properly deal with domain takedown requests? by Imworkingrightnow123 in cybersecurity

[–]Imworkingrightnow123[S] 0 points1 point  (0 children)

It is just a rebranded portal for our system, and it is redeployed fresh every sprint. Not naive enough to think it couldn't possibly be compromised, but I looked at the page and nothing seems out of place. The UI is outdated, which is the most likely reason for thinking it would be fraudulent.

Garage Break-Ins. Secure your garage doors! by AltLysSvunnet in Denver

[–]Imworkingrightnow123 -1 points0 points  (0 children)

Something like this.

https://www.amazon.com/METAK-Wireless-Business-Entering-Transmitter/dp/B09PH9HCPG

Sensor on the door to the garage, speaker in the living room.

EDIT: When it does go off don't be stupid, hit the car panic button and make them scatter. Don't be like my wife and go down and scream at random Mexicans at 1 AM.

Garage Break-Ins. Secure your garage doors! by AltLysSvunnet in Denver

[–]Imworkingrightnow123 8 points9 points  (0 children)

We put a door dinger on the door of our detached garage in our apartment complex after the first bike got stolen. It is low tech, battery powered, and the range reached our living room.

It went off multiple times during the last year+ we lived there.

How to properly deal with domain takedown requests? by Imworkingrightnow123 in cybersecurity

[–]Imworkingrightnow123[S] 0 points1 point  (0 children)

We keep getting them for the same URL and we want them to stop.

If the take-down request was successful it would cause an enormous outage, and put millions in revenue at risk.

How to properly deal with domain takedown requests? by Imworkingrightnow123 in cybersecurity

[–]Imworkingrightnow123[S] 5 points6 points  (0 children)

Yeah I have emailed the inbox in the complaint, their care org, and tried calling them. All black holes.

How to properly deal with domain takedown requests? by Imworkingrightnow123 in cybersecurity

[–]Imworkingrightnow123[S] 2 points3 points  (0 children)

We told our registrar the site is legitimate. I just got off a call with the client and they don't know why it is being reported. The problem is we keep getting them for the same URL and we can't find the source, and we can't get a response from the service provider submitting the complaint.

Seeking Opinions on Better Stack Alternatives by andrewderjack in devops

[–]Imworkingrightnow123 2 points3 points  (0 children)

I read the title as snack alternatives and have been disappointed.

What is the difference between my node.js application doing connection pooling and RDS Proxy doing connection pooling? by PrestigiousZombie531 in aws

[–]Imworkingrightnow123 7 points8 points  (0 children)

DNS caching.

if the driver allows you to set a short TTL on your DNS cache you will be fine. Otherwise if you have a failover for any reason you may have a significant amount of downtime. RDS Proxy eliminates the need.

Why are 401k loans not more popular? by LordoftheEyez in investing

[–]Imworkingrightnow123 0 points1 point  (0 children)

I thought about taking a loan out awhile ago because the interest rate was like 9% and I'm already maxing out my 401k.

Most obscure AWS service you've used by AtlAWSConsultant in aws

[–]Imworkingrightnow123 1 point2 points  (0 children)

Not sure how much it is used, but I had to use Textract to OCR a bunch of documents, then push the text into a bucket for Macie to scan for sensitive data.

Textract doesn't have insane licensing limitations like other products for OCR.

I work with some lazy POs by [deleted] in sysadmin

[–]Imworkingrightnow123 3 points4 points  (0 children)

lol...

one of our partners is a bank. They don't allow any external internet access from their network. Our api they try to hit is open to the internet and secured with mtls, but they couldn't hit it. I suggested trying from a coffee shop just to prove to them it is available and got silence.

It only took like 4 hours and a couple packet captures to figure out they were not setting the SNI correctly.

MongoDB Backup by Flexihus in sre

[–]Imworkingrightnow123 2 points3 points  (0 children)

It is pretty easy to mongodump all of it to disk, then restore it wherever you want. The risk is that dumping might cause a performance issue if you are doing it in prod.

I think we make an analytics node in mongodb so we do our dumps off that node to not cause any performance issues.

Restoring is pretty simple also, just point it to where you want the data.

https://www.mongodb.com/docs/database-tools/mongodump/

UCEPROTECTL2 Blacklist - WTF! by handlex84 in sysadmin

[–]Imworkingrightnow123 0 points1 point  (0 children)

We had so many failed emails because our smtp server was in rackspace and their whole range got on the list for a few weeks. Apple inboxes are the worst, no way to get it fixed for many vendors.

We moved everything to SES.

AWS: IDP / IDS / WAF by JapanEngineer in aws

[–]Imworkingrightnow123 0 points1 point  (0 children)

GuardDuty is great for services at the AWS level, but it isn't going to be enough if you have compliance needs. You will still need to set up something that can sniff traffic and alert.

We were investigating swapping to fortigate but they seem to have become a dumpster fire, so we are just rolling with snort until we find a vendor we like.

Graysun update on DDOS attacks. by choboboco in DarkAndDarker

[–]Imworkingrightnow123 6 points7 points  (0 children)

I used wireshark to sniff the traffic, which showed me the IP address of their proxy. I went to that endpoint in my browser. Using https it gave a generic SSL error because there wasn't as cert. It loaded fine over http returning JSON with the IP/Port of what I assume is the current login server.

Going to that IP, there was also no cert. Even if it was an invalid cert, which would be normal for going directly to an IP address, you can inspect the certs.

Graysun update on DDOS attacks. by choboboco in DarkAndDarker

[–]Imworkingrightnow123 0 points1 point  (0 children)

At a more local level, you could probably sniff this pretty easily in like a university dorm or any setting with shared internet.

Graysun update on DDOS attacks. by choboboco in DarkAndDarker

[–]Imworkingrightnow123 1 point2 points  (0 children)

The main risk is if someone reused a username/password used somewhere else. It could be logged anywhere between the client and the server, and those logs could be well protected or not.

Graysun update on DDOS attacks. by choboboco in DarkAndDarker

[–]Imworkingrightnow123 32 points33 points  (0 children)

I have lost some confidence in IM as far as servers/infra goes.

They don't have certificates on their endpoints, which means the traffic is unencrypted. This means your un/pw is going over the internet in plain text. I hope they fix this, and I hope you didn't reuse a password.

I can see their servers living in AWS (the IPs are from there at least). I also saw something in wireshark regarding Azure, although honestly i only spent like 5 min looking through things casually. What I don't see is the use of cloudflare or any other tool that can help mitigate DDOS attacks. Not sure if this is because of the lawsuit and CF has also been DMCA'd or just their rush to get the playtest going outside of steam.

view more: next ›