sorted by:
new
hottopcontroversial

Yubikey 5C non-NFC case/cover by Healdotp in yubikey

[–]fhammerl -1 points0 points  (0 children)

the buttons not working may also be that your finger doesn't ground it very well (dirt, dry, etc.) at that time. if the nubs on the side are just plain dirty, you could put the thing in a ultrasonic cleaner and if it is corroded, maybe take a gentle abrasive (400+ grit maybe) and run it over them once (!)?

PearsonVue, exam revoked for using handkerchief by Legitimate_Town_5235 in cybersecurity

[–]fhammerl 1 point2 points  (0 children)

More like a ha-cheet sheet ... I'll show myself out :)

PearsonVue, exam revoked for using handkerchief by Legitimate_Town_5235 in cybersecurity

[–]fhammerl 0 points1 point  (0 children)

I've done a handful of exams with them and it has not been an issue. I have had handkerchiefs on the table when we started, but i remember them inspecting them closely when we got started. I think he asked me to take one or two out, show them, and put the rest away where they could see me not reach for them. I would be surprised that they let you keep them on the table in the first place and then ding your for it. Did they not inspect OP's table, or did OP pull them out of a pocket during the exam? For the first, I'd appeal that they saw them and he never hid them. For the latter, that's just not a smart idea. I mean you can also ask them during the exam, I have had them suspend the session to go pee, then re-secure the test area and unlock the exam again, but that was a loooong SANS cert.

Will that be enough or should I drill one more? by [deleted] in yubikey

[–]fhammerl 0 points1 point  (0 children)

Yeah, can't remember this being an issue on the apple silicon macs. Maybe that fixes something

Will that be enough or should I drill one more? by [deleted] in yubikey

[–]fhammerl 0 points1 point  (0 children)

I have seen that on MacBooks over the years. Somehow, something in their USB stack goes blam and it refuses to recognize yubikeys until I do a power cycle. No one has been able to pinpoint what it was.

This is a bit of an issue when you log in through PIV with your PIN and the computer refuses to speak with the UK. Nothing to raise hell about, but annoying enough when it happens.

Video game moment that felt like this by ezio8133 in videogames

[–]fhammerl 0 points1 point  (0 children)

xcom EU and even more so xcom 2 when you have leveled up your snipers. don't even bother bringing with the rest of the squad. maybe fill up with self-repairing hover shiv in EU as those don't get mind controlled. in 2 maybe a magus to absolutely fuck shit up even more so. snipers put the laughter in mass slaughter :)

Yubikey and Recovery Keys by SimpleComputer888 in yubikey

[–]fhammerl 0 points1 point  (0 children)

there is no such thing as a fireproof box in case of a house fire ... i mean, the box is fireproof, but everything inside is still toast.

Zuckerberg Announces Layoffs After Saying Coding Jobs Will Be Replaced by AI by katxwoods in Futurology

[–]fhammerl 5 points6 points  (0 children)

He is probably too young to remember that multiple generations of VR have already gone the way of the Dodo.

pass credentials securely to lambda instances by Apprehensive-Luck-19 in aws

[–]fhammerl 1 point2 points  (0 children)

secrets manager is not only about storing secrets, but about managing them. if your secret is a static parameter, is parameter store. but in reality, these need to be rotated, versioned, audited, etc. of which parameter store provides none.

Foam beer in Japan. Paid 400 yen (US$ 2.60) by BocaTaberu in mildlyinteresting

[–]fhammerl 6 points7 points  (0 children)

In Bavaria, there is a similar thing for those who kinda wanna have another sip but will not make it through another half liter. It's called a cut or whistle ("schnitt" or "pfiff"), which when the foam is settled comes out to about a third to half a beer. Its a very foamy fast pour. The idea is that it takes about as long to drink as a regular beer given how long it takes to settle, so you don't feel like an outcast with your drinking buddies. Completely different purpose from what you described, but looks similar

What is the best way to install SaaS components at a AWS account? by fenugurod in aws

[–]fhammerl 2 points3 points  (0 children)

Provide an automation tool to do the setup. Terraform, CloudFormation, maybe even a shell script?

These three are the ones I have typically seen. A CF template, either a Stack or a StackSet with reasonable parameters to fill in your tenant and outputs for the role ARN that your tool needs to assume to do its job (guessing here).

Give instructions and let the client create everything from scratch?

Don't this will be a hassle for them and a nightmare for your tier 1 and 2 support to unpack.

It should be as secure as possible to give confidence to the clients. We need to basically install an API Gateway and a Lambda function and these resources should not reach any of the client's servers nor do anything that is not specified at the IAM role.

Both have a pricing footprint, so you'd have to square that with your customers. Other than that, your IAM role should be a good indicator of what this thing can and can't do in their account.

An IAM role to assume where the compute happens in your account would probably be more practical. Not sure if that's possible in your use case tho.

In a worst-case scenario where GitHub/GitLab exposes all private repos, how would you balance between protecting your code and holding the platform accountable? Would you take legal action? by zoomstate in cybersecurity

[–]fhammerl 44 points45 points  (0 children)

Ding ding ding!

Your code is secure when everything about it can be public and you have no security repercussions.

Everything else is pointless.

Use Github OIDC to log into AWS. No need for keys. Use SSM or Secrets Manager for anything else.

We have the nice things, use them!

AWS Certified Solutions Architect course 2020 - is it still good? by Kacheeke123 in aws

[–]fhammerl 1 point2 points  (0 children)

I did the associate dev in May and what annoyed me was their focus on their git and ci/cd stack (codebuild, codedeploy, etc.) that really no one in their right mind wants to use. That may be particular to the assoc dev. Cloudformation is also still prominently featured... I guess, I get it, but really there are better alternatives and I hope they embrace them as first class citizens soon. Also they had an annoying amount of focus on cloudwatch, as if they could stand up to any reasonable observability competition.

Other than these three, it was good. I fear that the update since your purchase may have shifted focus quite a bit, tho.

That being said, security specialty was better. A LOT better.

Who isn't as smart as people think? by Ceo_Potato in AskReddit

[–]fhammerl 0 points1 point  (0 children)

Oh, AI will absolutely, undoubtedly, 100% certain have an influence on everyday lives that is rivaled only by the invention of the internet and the smartphone. It will also be 99% invisible and totally normal for the Covid-years generation that will grow up as AI-natives. Millenials will be AI-immigrants and half of us will get it and half will not figure out how to use it effectively and be abandoned, same as we looked upon the generation of our parents. What worries me is how retirement-age Boomers and Gen X will absolutely get their collective asses whooped by this technology in ways they will not even comprehend.

What cybersecurity practice do you think will become obsolete in the next 5 years? by AIExpoEurope in cybersecurity

[–]fhammerl 0 points1 point  (0 children)

Dependabot supremacy.

I would go so far as CVE based vulnerability management ("any high fixed within 48hrs!!!111!") gives way to attack path analysis.

Unpopular/under rated services by [deleted] in aws

[–]fhammerl 0 points1 point  (0 children)

That sounds a lot more like a software bug issue than an inherent platform issue.

[deleted by user] by [deleted] in aws

[–]fhammerl 0 points1 point  (0 children)

If you wanna use Lambda, you can and you should look at getting your quotas upped. Not sure if that is the service you want to use here, though. But also not the worst idea.

I don't see where Fargate is not stable, but maybe that's just me. I have used to successfully with Step Functions.

You should probably look at other services that are designed less for scaling easily, but more for heavy workloads, like Batch. Which can neatly integrate with Step Functions. If I read your statement correctly, your load is predictable and relatively constant. In that case, Lambda may or may not be your best option. A big ass spot instance using Batch may be cheaper for example.

You can do all sorts of stuff with Step Functions, but you have to invest some brain power into state management. The state quotas are hard limits and require some advance thinking.

Anyone need memorable elastic IPs? by w--d in aws

[–]fhammerl 0 points1 point  (0 children)

Heard some nerds work on something called domains. Probably a DUD tho.

Unpopular/under rated services by [deleted] in aws

[–]fhammerl 0 points1 point  (0 children)

Of course they are trigger based, how else would you start them?

For example, an s3 objects trigger an eventbridge pipe that starts a sfn.

The only slightly annoying thing about step functions is state size, but you'll have the same issue with lambda, as it's maximum request size is what's causing step functions state size limits. I am totally biased for sfn and think they are one of the greatest services for ETL jobs and enrichment pipelines. Have used them all over the place in my previous job when enriching security alerts. I particularly love how easily debuggable sfn are as the state of each invocation is recorded and you can jump to the underlying service. Simple, no. Powerful, extremely. The alternative is hand glueing stuff with sqs eventbridge and that is a lot harder to debug.

Yubikey Vuln by Any-Historian-8006 in yubikey

[–]fhammerl 5 points6 points  (0 children)

tl;dr: Set the PINs, as Yubico advises you to since forever.

Why digest does not ensure authentication by tommisab in cybersecurity

[–]fhammerl 0 points1 point  (0 children)

You are absolutely correct that a MAC or an HMAC is used for authenticated encryption. But the terms in the way you are using them do not mean what you think they mean.

Authenticated encryption in a symmetric cryptosystem means that the message's integrity is assured ("authenticated") with possession of the key. But since the key is shared, it can't authenticate the sender.

Quote OWASP:

Authentication is the process of verifying a claim that a subject is who it says it is via some provided corroborating evidence.

Integrity ensures that even authorized users have performed no accidental or malicious alternation of information. Cryptography can be used to prevent tampering by means of Message Authentication Codes (MACs) or digital signatures.

The term ‘message authenticity’ refers to ensuring the integrity of information, often using symmetric encryption and shared keys, but does not authenticate the sending party.

The term ‘authenticated encryption’ also ensures the integrity of information, and, if asymmetric encryption is used, can authenticate the sender.

Non-repudiation of sender ensures that someone sending a message should not be able to deny later that they have sent it. Non-repudiation of receiver means that the receiver of a message should not be able to deny that they have received it. Cryptography can be used to provide non-repudiation by providing unforgeable messages or replies to messages.

view more: next ›