Notices by Jake Hildreth (acorn) :blacker_heart_outline: (horse@infosec.exchange), page 12

@Viss @burritosec I made my bones 46 years ago while in my mother’s uterus.

@pseudonym Living 20 minutes away from everything makes me check all my food while sitting in the parking lot.

The PUG is powerful.

@sk3w Suggestion box is open.

@pezhore Does yours have googly eyes?

@ligniform It’s a happy little one.

Travel router setup is complete! \o/

@Sempf Bruh

@Sempf We didn't even get to berate him about the OWASP site!

@Sempf LIVE NOW!!!

Today on Twitch Happy Hour!

Bill Sempf @Sempf is an App Security architect with DECADES of experience & contributions to our field. So, naturally, our first demand will be that he uses his pull to demand OWASP make a mobile friendly website.

2p ET!

https://twitch.tv/TrimarcSecurity

@RnDanger @uint8_t @walsonde @vkc A few years ago, I extended my ATM PIN to 8 characters by setting a new one from within the ATM GUI.

A couple months later, I had to visit a human teller. When I tried to verify my identity with my debit card + PIN, I couldn’t because the indoor PIN pad had a maximum PIN length of 4 characters didn’t work. Even truncating the PIN to its first 4 characters didn’t work. Thankfully, I was able to verify my identity with my driver’s license and do whatever I needed to do.

wtf.

@hazelweakly Least Privilege 2.0: Least Privileger

@shanselman Still got that pager number, eh?

Current pet peeve: restaurants that only have their menu as photos on their Facebook page.

Current super-pet peeve: restaurants that only have their menu in the "Menu" function on their Facebook page. (This isn't visible on mobile without the Facebook app!)

If you own or manage a restaurant and you do this, please contact me so we can discuss moving you to an essentially free site that includes the only things people really want from a restaurant website:

1. Menu
2. Hours
3. Address
4. Phone number
5. Online ordering link (if applicable)
6. Online reservations link (if applicable)

@Sempf When you find ‘em, let me know.

@Sempf YEAH! You better!

@samerde This is also a very important release because I got all the Markdown formatting correct for Mastodon on my first try!

Locksmith AD CS Remediation Tool v2024.3 Now Available!

A Little Icing but Mostly Cake

Cake: Fixing bugs, adding new functionality
Icing: Making things look better for the end user or easier to use for developers

Improvements:

• Eliminated duplicated ownership check in ESC4/5. We can and should have opinions, and the opinion is that only AD Admins should own PKS objects and templates.
• Filtered Deny ACEs from ESC4/5. This is not an Effective Access check, but it does cut down on false positives. Added flowcharts that explain severity for each finding. Added comment-based help to every function.Added instructions for Scans parameter to the README.

In Progress:

• Check to see if Locksmith is up to date. Provide links for latest version if not up to date.
• Check to see if user running Locksmith is a member of the Protected Users group. PUG membership will impact ESC8 checks.
• Check for ESC9. It was announced in August 2022, so Locksmith is late to the game.

Known Issues:

• msPKI-Certificate-Name-Flag check in ESC1-3 currently uses a direct comparison (-eq) instead of a bitwise comparison (-band) which could result in false negatives.
• ESC8 checks reports all endpoints as HTTP even when HTTPS.

Contributors:
@samerde
@horse

Get it her: https://github.com/TrimarcJake/Locksmith/releases/tag/v2024.3

@briankrebs @ravisambamurthy It was totally a strained analogy!