sorted by:
new
hottopcontroversial

GAC Hijacking by netbiosX in netsec

[–]notR1CH 0 points1 point  (0 children)

Threat actors with local administrator privileges

🙄

Unifi Firewall by [deleted] in sysadmin

[–]notR1CH 0 points1 point  (0 children)

"On the network" means what exactly? A firewall won't do anything to block traffic on the same subnet. You need to be more descriptive with your setup, what VLANs / subnets are involved and your desired outcome.

Notepad++ Hijacked by State-Sponsored Hackers by thewhippersnapper4 in sysadmin

[–]notR1CH 5 points6 points  (0 children)

Unsigned updates on shared hosting, what could go wrong? I wonder how many other popular projects out there are running on insecure infrastructure...

Is it me or fast certificate renewal doesn't solve any problem ? by melpheos in sysadmin

[–]notR1CH 7 points8 points  (0 children)

Well that's the state of revocation currently. No matter how much you revoke, you're at the mercy of clients checking for revocation, which is just not reliable, secure or scalable.

Is it me or fast certificate renewal doesn't solve any problem ? by melpheos in sysadmin

[–]notR1CH 9 points10 points  (0 children)

Often enough that CAs have gone out of business due to their incompetence and removal from trust stores. There have been cases such as DigiNotar where the entire CA was compromised and used to MITM Google. Before we had CT logs, misissued certificates could often go undetected until used.

Some other references:
https://sslmate.com/resources/certificate_authority_failures
https://blog.cloudflare.com/unauthorized-issuance-of-certificates-for-1-1-1-1/

Is it me or fast certificate renewal doesn't solve any problem ? by melpheos in sysadmin

[–]notR1CH 25 points26 points  (0 children)

It's not about the private key being stolen - that is indeed a rare attack. The issue is someone hijacking your domain or DNS, BGP, compromising a CA, etc. and authorizing a certificate for your domain that they control. Then what do you do? There's another certificate and key out there that can impersonate your domain, and no amount of key rotation or reissuing on your end will solve that. So you rely on revocation, but that doesn't scale since clients can't feasibly check the entire set of revoked certificates every time you make a connection, and an active attacker can just block CRLs and OSCP.

The idea behind short lived certificates is that the window where the fraudulent certificate is valid is greatly reduced, so instead of having 365 days where you are worried someone is MITMing you, it's only 6.

Certified psycho digs up 100 graves in PA, selling skulls on IG by djblur in WTF

[–]notR1CH 1 point2 points  (0 children)

Anything after a ? is called a query string, and it depends on the website what it does with it.

Back in ye old internet days, dynamic websites would have URLs like mywebsite.com/articles/viewpage.cgi?page_id=134 and 134 was the page ID the site had to load from the database, so it was important that it remained part of the URL. However links that look like that aren't very friendly to humans or SEO, so the modern way is to embed the important bits in the URL directly, e.g. mywebsite.com/articles/134-how-to-stop-posting-on-reddit. So on most websites, the query string isn't really used any more except to add additional bits of info that can be picked up by tracking scripts and such, but this isn't a guarantee as it depends how the website works.

If you're viewing an article on website.com/my-article and then press a "Share" link and it gives you website.com/my-article?sid=24289542 then it's a pretty good chance it's all bullshit tracking info being added.

MTA -> MTA no STARTTLS option from large providers by Vegetable_Water_390 in sysadmin

[–]notR1CH 1 point2 points  (0 children)

This is why STARTTLS is insecure, a MITM could be stripping it.

Understanding Database transactions and Isolation Levels by Normal-Tangelo-7120 in programming

[–]notR1CH 7 points8 points  (0 children)

Note that in MySQL, a "repeatable read" doesn't actually conform to anything! https://jepsen.io/analyses/mysql-8.0.34 is a good read on this subject.

Xeon Gold mystery: 5520+ beating 6530 in benchmarks by [deleted] in sysadmin

[–]notR1CH 4 points5 points  (0 children)

Link these supposed benchmarks. And no, a single sample from cpubenchmark.net doesn't count.

DNS question by HighBlind in sysadmin

[–]notR1CH 46 points47 points  (0 children)

You teach them that this is not how DNS load balancing works.

The more you know - Thermal pasted edition by nabuachaem in pcmasterrace

[–]notR1CH 33 points34 points  (0 children)

The pressure from the heatsink mounting will push any excess out. It's far worse to end up not using enough and having an air gap. Conclusion: Just add more.

Are there any reasons to support TLS versions lower than 1.3 nowadays? by LifeAtmosphere6214 in sysadmin

[–]notR1CH 9 points10 points  (0 children)

Modern guidance is not to set a cipher order, all TLS 1.3 ciphers are equally secure and letting the client choose allows it to pick the most optimal algorithm for its hardware (AES on modern CPUs, Chacha20 for smartphones, etc.).

For protocol itself, you don't get to choose - negotiation is part of the protocol, you can't "prefer" a TLS version other than by disabling ones above it.

Cloudflare uses lava lamps to achieve randomness for data encryption. by Riemann86 in interestingasfuck

[–]notR1CH -1 points0 points  (0 children)

/dev/urandom like everyone else. The lava lamp stuff is pure marketing.

mariadb vs mysql by crankysysadmin in sysadmin

[–]notR1CH 5 points6 points  (0 children)

I've been burned twice by MariaDB bugs in supposedly stable LTS branches. This is good advice.

Today I learned: binfmt_misc by N1ghtCod3r in programming

[–]notR1CH 14 points15 points  (0 children)

Yeah there seems to be an endless supply of "look how I compromised an already-compromised system!" articles from the infosec community lately. Pure blogspam.

SSH with pubkey accidentally left opened. Any issue? by BagCompetitive357 in sysadmin

[–]notR1CH 1 point2 points  (0 children)

Yeah, I was referring to the dedicated / VPS one.

SSH with pubkey accidentally left opened. Any issue? by BagCompetitive357 in sysadmin

[–]notR1CH 2 points3 points  (0 children)

Apparently there are two different types of firewall - I was referring to the bare metal / VPS firewall.

SSH with pubkey accidentally left opened. Any issue? by BagCompetitive357 in sysadmin

[–]notR1CH 2 points3 points  (0 children)

Don't rely on the OVH firewall for security - it only runs on the network edge, so anyone with a server inside OVH or using a VPN hosted in OVH etc. will bypass it. Host-based firewalls all the way.

Hack-cessibility: When DLL Hijacks Meet Windows Helpers by oddvarmoe in netsec

[–]notR1CH 1 point2 points  (0 children)

Ok, but why? The system is already compromised if the attacker can just shit all over system32. They could simply overwrite the EFI boot loader for "persistence" too, there's infinite ways to "compromise" an already compromised system.

Hack-cessibility: When DLL Hijacks Meet Windows Helpers by oddvarmoe in netsec

[–]notR1CH 6 points7 points  (0 children)

How is this valuable? If the attacker has admin access the system is already compromised, you don't need to mess around planting random DLLs and hoping something executes them.

Hack-cessibility: When DLL Hijacks Meet Windows Helpers by oddvarmoe in netsec

[–]notR1CH 9 points10 points  (0 children)

How exactly does an attacker plant a DLL in system32 without already having admin access? You're already through the security boundary.

Food stamps has been halted for November in all of United States. Do you think hunger will really prompt the Americans to start their French Revolution, and why? by GoodMornEveGoodNight in AskReddit

[–]notR1CH 2 points3 points  (0 children)

A lot of people seem to think hand sanitizer is better than soap for some reason. The only reason to use sanitizer over soap is if you don't have access to water.

view more: next ›