DigiCert recently was forced to invalidate something like 50,000 of their DNS-challenge based certs because of a bug in their system, and they gave companies like mine only 24 hours to renew them before invalidating the old ones…
DigiCert recently was forced to invalidate something like 50,000 of their DNS-challenge based certs because of a bug in their system, and they gave companies like mine only 24 hours to renew them before invalidating the old ones…
My employer had an EV cert for years on our primary domain. The C-suites, etc. thought it was important. Then one of our engineers who focuses on SEO demonstrated how the EV cert slowed down page loads enough that search engines like Google might take notice. Apparently EV certs trigger an additional lookup by the browser to confirm the extended validity.
Once the powers-that-be understood that the EV cert wasn’t offering any additional usefulness, and might be impacting our SEO performance (however small) they had us get rid of it and use a good old OV cert instead.
Depends on a large part how deep the water is right at the edge. The bows of the boats are largely on top of the surface. The stern of the boats sit lower in the water, and when lowered the outboard motors will sit a foot or more under the surface. It’s very possible that at low tide the prop could hit bottom when backing in…
If you have ssh open to the world then it’s better to disable root logins entirely and also disable passwords, relying on ssh keys instead.
Port 22 is the default SSH port and it receives a TON of malicious traffic any time it’s open to the whole internet. 20 years ago I saw a newly installed server with a weak root password get infected by an IP address in China less than an hour after being connected to the open internet.
With all the bots out there these days it would probably take a lot less time if we ran the same experiment again.
My first reaction to this question was: hey, I was alive (not by much) when Neil Armstrong walked on the moon. I don’t remember anything about it though.
My wife and I bring water bottles we can fill up after going through security, and packs of pedialyte powder to mix into it.
Smarter bots know how to easily avoid being detected based on the speed of their requests by simply adding a random delay to them. A few years ago we discovered a very slow speed credential stuffing attack (testing usernames & passwords) against my employers site. It was only testing one set of credentials every couple of minutes.
Once we discovered it we didn’t block it though. We were able to spot the attack fairly easily once we knew what to look for, so we updated our system to always return a login failure no matter what credentials they sent.
deleted by creator
Worked in a small Unix team under a broader IT department at a university. The manager of our team was awesome in part because his attitude was “I deal with all the university politics so you can focus on your work”. Anybody who has worked at a large university knows what the politics can be like.
The VP of IT retired and the replacement was hired from an IT department at another university. The new VP’s overall policy was “We will do things this way because that’s how we did it at my old university”. Within about 6 weeks we had a round of “layoffs” that targeted our manager and one other manager that was also known to push back against the university politics. They were the only two people let go out of a department of roughly 100.
Within about a year of that happening every last member of our tight knit Unix team left for greener pastures.
You won’t find statues of Hitler, Goering, or other Nazi figures in the Holocaust Museum. I’m well aware of what they did, and I’m sure many others are as well.
Not at all. Those billionaires will still have massively huge egos that will prevent them from recognizing their own futures will be incredibly shitty.
They’ll use their wealth in the short term to build bunkers, etc. where they think they’ll be able to continue to live in luxury while the rest of the world burns around them. But no matter how good the bunker and how many supplies they squirrel away, they’ll eventually be forced to return to the real world, and won’t be prepared for the fact that their piles of money will be worthless if the planet is largely uninhabitable.
Our web servers are locked down in such a way that you can’t copy data off of them using standard protocols like scp, ftp, and even http, etc. Our firewall blocks all such outbound traffic.
This hacker found a bug in a framework used on our web servers that let him execute commands remotely. When commands to copy data off the server failed using those more typical methods he switched to a more novel (and difficult) method of leveraging DNS instead. He discovered we weren’t locking DNS down the same way we were locking other protocols down and used that as a way to extract data from our server.
I never would have thought of it but I recently saw a novel use of DNS to exfiltrate data from a compromised server.
My employer takes security very seriously. Our public facing web servers are very thoroughly locked down, or so we thought. We contract with companies like HackerOne to perform penetration testing etc. One of their white hat hackers managed a remote command attack, and copied data off of the server via a string of DNS queries.
Suppose the hacker owned the domain example.com, and he had his own authoritative nameserver for it. He just ran a series of commands that took, for example, a password file, and ran DNS queries for line1.example.com, line2.example.com, line3.example.com and so on for each line in the file. As a result the log file on his DNS server collected each line of the password file as it responded to each query.
New Zealand. The wife & I spent 3 weeks there earlier this year. The people were all very friendly, and the range of things to do & see is just amazing if you’re into the outdoors at all.
I loved the bit where he spent a small pile of that money on an Inverted Jenny postage stamp then used it to send a postcard.
Just as long as he declares it “an official act”. I think he just has to say that. It doesn’t have to be written down or anything. And it doesn’t matter if anybody actually hears him say it, as long as he does.
Same. I used Apollo almost exclusively for Reddit. I left the day it shut down and haven’t been back.
It’s not currently in the best interest.
IF Trump wins the election then it would be in the best interests of the US. It would be akin to a judge throwing out a juries verdict because the jury clearly made the wrong decision.
Sammy “The Bull” Gravano would probably disagree with you. He’d likely consider himself a professional since he admitted to involvement in 19 murders. Granted they were all mob related, and not “for hire” by anybody with a pile of cash and a grudge…