Jump to content
OpenSecurity.global

Glenn Pegden

Members
  • Content Count

    34
  • Joined

  • Last visited

  • Days Won

    1
  • Invited by

    Robin Wood

Everything posted by Glenn Pegden

  1. Corporate-wise and next-gen rather than trad sig based AV, then I have a LOT of love for CrowdStrike at the moment. Obviously not an option for ad-hoc home users though.
  2. Same Guy. When I'm talking about the original version of Tequila by Terrorvision's Tequila I mean the one that's isn't the Mint Royale Remix. -> https://www.youtube.com/watch?v=dB_9wo3qepU I did not mean 1958 song by The Champs -> https://www.youtube.com/watch?v=MDD21ZJF3mI This lead to a very confusing conversation about the the difference between the original and the remix
  3. A couple of the (security) guys here have them and think they're great as an extra level of kid-proofing. Personally I'd have preferred it to be a proper "gateway" firewall, rather than something doing hacky arp spoofing, but each to their own.
  4. We have a young intern in the team. Things he's learnt recently include. Will Smith used to be a rapper Why red-shirts isn't the uniform we want in security Goodfella's isn't just a pizza brand! "That cheese related trucking film you mentioned" (Smokey and the Bandit) Not to eat rotten meat How to use chopsticks What canopees are The floppy disk / save icon origin Any film reference before 2010 Whilst coming up with this list "Oh that Windows Guy who threw a chair"
  5. The problem is, so much parliamentary procedure is built on tradition and "gentleman's agreements" rather than law. The problem with the prorogue isn't it's legality, it's that it would normally have happened at the start of this parliament session, but it was intentionally delayed because of Brexit (to allow parliament more time to sit). So to suddenly say "let's do this now" essentially gives Johnson a 5 week filibuster where he doesn't even to turn up, much less speak! Technical the Queen could have not given her assent, but that comes back to the tradition and gentleman's agreement bit, in reality she always defers any decisions about parliament to the PM. I guess from the outside it looks very British that fact mass outrage and protests in the street, because of what is essentially "unsportsmanlike behaviour". But then the stakes are very very high!
  6. Being a little pedantic, I'd have to say, like most InfoSec "how do you show?" questions (at least when the recipient is management), Excel! So few things, even something as simple a patching, rely on just a single tool and data source, so most of my "showing" tasks are normalising data from multiple source and then using Excel as a presentation layer. If a tool doesn't have an API or at least an automatable export, it generally doesn't last long around me, vendors spend hours demoing shiny dashboards and customisable reporting, but generally I just want the data OUT of their platform so I can enrich it and correlate it to other data.
  7. So, who's going? I've never been before, so anything I should particularly lookout for, avoid etc?
  8. I actually a regular defender of CVSS and find much of it's bad reputation comes from people using it the wrong way and/or for the wrong thing. Vendor-generated base-CVSS isn't a great way of ranking vulnerabilities in a specific environment, but that's why we have environmental CVSS (and a distrust of vendor-generated scores). Edit - Section removed because I am a doofus and exported the wrong field. All vulns do have either CVSS 2 or 3, so I’m calling them ALL out as wrong! In previous roles I wouldn't really have cared, "it's stupid to run old stuff, get it patched etc etc etc", but where I am now the difference between a risk and a vulnerability really matters and I'd rather than engineer resource thrown at remediating CVSS 7 actual vulns than software for which there isn't actually a known vulnerability but somebody has slapped an arbitrary 9.8 on it just because it's likely that if vulns are found, no patches are released (which I'll admit is a *risk*).
  9. Oooh, as I've found somebody else that cares about CVSS, this is my latest WTF $Vendor vulnerability for "EOL/Obsolete Software: Apache Tomcat 8.0.x Detected" is listed with a base score of 9.8. Now, as far as I'm aware, the final release of Tomcat 8 currently has zero reported vulnerabilities. The fact it's EOL is a risk (any newly discovered vulns may not get patches) but it's complete wrong to assign it a CVSS score at all. In my opinion there is no C/I/A impact at all, which obviously gives a score 0 (which is as this is a useful, informational finding, I agree with), but for whatever reason Qualys have gone C:L I:L A:L (full vector is https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:C ) which is just nuts! Don't get me wrong, I'm not advocating EOLed software is ignored, but by doing this I'm sure people are putting resources into do a major version upgrade for something that has no known vulnerabilities, when they could be fixing things that are actually vulnerable. All because (I assume) somebody at $Vendor doesn't know the difference between a risk and a vulnerability.
  10. I know they weren't mentioned in most of the early versions of that FAQ .... as I wrote it 😄 Actually, we may have had it, but mislabeled it as a 2600 meet, check out this version, section 4.4 http://www.siliconbunny.com/darkfall_mirror/fallen/phreak/!phukfaq.htm BTW I love going back and reading the FAQ. I was so young and nieve, thinking I was an authority on stuff I'd barely scratched the surface of. But also, so see mention of things that just don't exist any more, phone cards, Novell, Janet etc
  11. Part of the reason I created this club (other than genuinely loving old school stuff) is I'm looking for other peoples memories and war stories from decades gone by as inspiration for a talk I've had half-completed for years now. What I'm looking for is some kind of point, conclusion, take-away or lessons learnt to end on and my own war stories don't provide that! My takeaways are "we we young, we did dumb things, I walked away, some of my friends ended up doing time" which doesn't work as either a inspiring message or a deterrence. So, as well as genuinely loving reading about old school hacks, I'm hoping your reminiscences of "the old days" might spark something that I can use to actually wrap the talk around. If not, they'll still be fun to read. So, come on, share your old school stories ... or I'll have to bore you all to death with mine!
  12. Damn! In my mind I had something altogether more comical for a moment there!
  13. alt.ph.uk had meetups? I never knew that! I know there were a few 2600 ones (I help start the Manchester one) but never alt.ph.uk, that's cool! ... wait, what now! Do you mean Drydock, or is this an awesome bit of Leeds I never knew existed?
  14. So, any other veterans of either the 90s UK BBS Scene and/or the alt.ph.uk or uk.telecom usenet groups?
  15. Oooh, as large forum owner for 20 plus years and worked for one the the UKs biggest commercial moderation providers for 5+ years, this is a pet topic of mine. Buckle Up 😄 Once a forum hits a certain critical mass, you've lost control and the best moderation can provide is damage control and all hope of significantly shaping how that community behaves is lost. Whilst they are still small, the community feel makes forums mostly self-regulating, nobody wants to be the one that hurts the community and anyone that tries is soon ousted (either technically booted or simply ostracised). But as forums grow, the community feel is sadly lost, rather than simple expulsion, battle lines get drawn on grey issues, factions form, moderators are soon seen as enforcers, police, censors, not helpful community members and some people turn up who just want to watch the world burn. Think that would never happen here? Well, imagine trying to "moderate" InfoSec twitter! Now there are some things you can do to lengthen that "community" phase, most of it based around "reputation", we all work in the same industry and it's comparatively small, making being a dick on here potentially cause you reputational damage in real life can be a massive incentive to play nicely. Similarly the invite system contributes massively because nobody wants to risk their reputation by inviting somebody who later turns out to be a dick. Obviously these are just behaviour shapers, not controls as there isn't a person amongst us who couldn't spin up a credible alternative online persona in a matter of minutes, but these speed bumps to work expand the "community" phase of its lifespan. The bad news is, I've never seen a forum grow beyond that size that hasn't turned into semi-toxic chaos, a battleground for keyboard warriors. For traditional forums the STW cycling forum is the nearest I've seen and weirdly Reddit, but that's because it's users so so compartmentalised into individual subs (and you know it's bad when Reddit is an example of "good"!) TLDR; At this size and whilst it grows, Real Name and links to real life personas are good mechanisms to exploit and moderation only needs to be very light touch. When it hits critical mass, nothing can save you, moderation will just make everyone angry for not enforcing their view of right/sensible/acceptable (so only effective for damage limitation) and if you're using volunteer mods, they'll start to despise the place.
  16. Website: http://www.dc151.org Twitter: http://www.twitter.com/_dc151 When: The second Wednesday of every month, 7pm ish (though a few of us tend to be in earlier and get food) Where: The Cross Keys Pub
  17. Oooh, I just posted a blog on this (kinda). It was focused on quick reads for newcomers, but check out http://blueteamhackers.com/2019/07/30/the-start-of-a-journey/
  18. I'm Glenn, Lancastrian exiled in Leeds working as the Vulnerability Manager for a big gambling company large technology company (if you really care, it's all on LinkedIn). Qualys, excel and a big stick are the tools of my trade, but I also run the bug bounty programme and dabble in a load of areas not strictly within me remit. I spend far time much time worrying about PCI and SOx and not enough time poppin' shellz any more. I also love where I work, so have a habit of trying to recruit people 😉
  19. I had the pleasure of being in the audience at BSides Liverpool when Jamie Hankins (aka 2Sec4u) told his WannaCry story. For those that don't know, he was the analyst that worked alongside Marcus "MalwareTech" Hutchins on both the initial analysis and keeping the sink hole up afterwards. He initially didn't want it being available online, but today he's changed his mind and it's well worth a watch. Oh and it's VERY SWEARY in places (you have been warned).
×
×
  • Create New...

Important Information

We use cookies as we're cookie monsters. Privacy Policy