Notices by Viss (viss@mastodon.social), page 6

RIP vmware

go to the cloud they said.
it'll be fine, they said.

@da_667 @horse excellent!

@da_667 theres a huge difference between 'keeping something at like 150 degrees in a slowcooker' and 'the same thing but under 12psi in the instant pot'.

shit will turn into liquid way faster than you think in that thing.

ive melted several meals in mine because i thought the same thing :D

@dangoodin one thing their writeup doesnt make clear, is that they were corporate credentials.

thats the only way that you can draw a dotted line from "some test vm somewhere with some kind of creds" to "execs and security team emails".

they refer to it as 'tenant', but there are only two possible explanations for what happened:

1) it was indeed 'customer gear', but staff logged into it for some reason

2) it was corp gear, and they're just calling it 'tenant'.

@dangoodin the first possitiblity is a massive can of worms with regards to implications.

if it is indeed 'customer equipment', then why did someone with corporate creds log into it? does ms routinely log into customer stuff with corp creds and not consider cached creds or logs or anything like that?

or is it the other - where they leave corp creds stashed on some vm they abandoned months or years ago and left to rot?

neither are great. but one is definitely worse.

@haroldgodwinson @dangoodin thats the second scenario. where it was indeed some kind of corp vm or something they setup and used legit corp creds on it, then .. just fucked off? and left it to fester?

@haroldgodwinson @dangoodin a system is only as good as its sysadmin.

you can harden windows boxes, even unpatchable ones.

you can make macs and linux woefully insecure. I have seen it all.

being a sysadmin is a lot of fun and its really rewarding to build cool shit and watch it hum along under pressure.

but its when they get lazy and assume 'the cloud will do stuff for me' - thats where demons and plagues and evil lives.

remember how last week 23andme said the users were to blame because of their bad password hygiene? this week we find out the attackers were cavediving in their small intestines for 6 months?

this is exactly the sort of scenario these new SEC rules were written for:

23andme attacker dwell time: 6 months

@horse im pleased you approve :D

welp, better get started on my hackcon oslo training slide deck

@mmasnick i can say that i appreciate you here way more than on bsky, in that like 90% of my feed content there is politics and the drama surrounding that, and it gets tiresome pretty quickly - there are way broader topics here - if theres something i can do to make you feel welcomed here more than there i'm happy to do it!

@mmasnick @dangoodin @briankrebs i tried there. i really did. but there are people who i have gone to some lengths to avoid and bsky does that shitty thing twitter does where it will show you replies from someone you follow, responding to someone you have blocked, and showing you that the previous post in the thread isnt visible to you.

its an incredibly stupid design decision and it makes me crazy, so closed the tab for a couple weeks

@jerry cool they can take all those ssl vpn vulns with em

spotted on imgur.
something i figured @foone might appreciate

go to the cloud they said
it'll be fine they said

this is the real trolley problem

oof.

yup