Readit News logoReadit News
technion commented on Sleeper Shells: Attackers Are Planting Dormant Backdoors in Ivanti EPMM   defusedcyber.com/ivanti-e... · Posted by u/waihtis
VladVladikoff · 2 days ago
Holy those checklists are the bane of my existence. For example demanding 2FA for email, which is impossible if you self host, unless you force everyone to use RoundCube, but then you have to answer to the CEO why he can’t get email on his iPhone in the mail app.

Or just loads of other stuff that really only applies to large Fortune 500 size companies. My small startups certainly don’t have a network engineer on staff who has created a network topology graph and various policies pertaining to it, etc etc. the list goes on, I could name 100s of absurd requirements these insurance companies want that don’t actually add any level of security to the organization, and absolutely do not apply to small scale shops.

technion · 2 days ago
I'm mostly with you (see my other comment) but MFA on email really is table stakes and your CEO will be the first to be phished without it.
technion commented on Sleeper Shells: Attackers Are Planting Dormant Backdoors in Ivanti EPMM   defusedcyber.com/ivanti-e... · Posted by u/waihtis
bootsmann · 2 days ago
Actually there is a significant push to more effective products coming from the reinsurance companies that underwrite cyber risks. Most of them come with a checklist of things you need to have before they sign you at any reasonable price. The more we get government regulation for fines in cases of breaches etc. the more this trend will accelerate.
technion · 2 days ago
Those checklists are frequently answered like this:

"Hey it says we need to do mobile management and can't just let people manage their own phones. Looks like we'll buy Avanti mobile manager". Same conversation I've seen play out with generally secure routers being replaced with Fortigates that have major vulnerabilities every week because the checklist says you must be doing SSL interception.

technion commented on It's 2026, Just Use Postgres   tigerdata.com/blog/its-20... · Posted by u/turtles3
SoKamil · 6 days ago
This post is discussing more specialized databases, but why would people choose Oracle/Microsoft DB instead of Postgres? Your own experience is welcome.
technion · 6 days ago
Easy answer here - nearly every LOB app we have uses MSSQL.

I've had engineers want to talk about syncing it to MySQL using some custom plumbing so that they can build a reporting infra around their MySQL stack, but it's just another layer of complexity over having code just use Microsoft's reporting services.

I'll add, having finance people with Excel really like being able to pull data directly from MSSQL, they do not like hearing about a technican's python app.

technion commented on How Jeff Bezos Brought Down the Washington Post   newyorker.com/news/annals... · Posted by u/thm
elorant · 7 days ago
He allegedly spent $70M to market that dreadful documentary about Melania Trump. Surely he could afford spending that much every year to keep an historic paper afloat.
technion · 7 days ago
That movie will be quite case study in media bias. Depending who is reporting on my social media feed, it was either the most successful movie of all time with every single showing at capacity, the run being extended, and gen z girls being the main demographic for a movie certain to clean up awards. Or it was a flop that lost money.
technion commented on Notepad++ hijacked by state-sponsored actors   notepad-plus-plus.org/new... · Posted by u/mysterydip
OsrsNeedsf2P · 10 days ago
So the hosting provider was hacked? Who was their hosting provider?

This is also why update signatures should be validated against a different server; it would require hackers to control bother servers to go undetected

technion · 10 days ago
You can see this in their DNS history:

notepad-plus-plus.org currently has an A record of 95.128.42.184, owned by "Aqua Ray SAS".

It switched up from 191.101.104.10 and 212.1.212.49 on 17/1, which is are Hostinger IP addresses.

technion commented on Notepad++ hijacked by state-sponsored actors   notepad-plus-plus.org/new... · Posted by u/mysterydip
Arainach · 10 days ago
It's not a matter of "immune" - larger organizations generally have more resources to allocate to things like this. That doesn't mean they get it right 100% of the time, but they are at least able to try, while small teams or volunteer projects often simply don't have the hours to spend on things like this.
technion · 10 days ago
I've sat in some pretty large orgs and my own experience was the "resources allocated" went to the PR team. I can assure you that they would have had a more boring, corporate sounding announcement with multiple references to their legal team and the actions they would have taken, alongside some useless information about being PCI compliant or something. I'm not convinced the practical output is any better.
technion commented on County pays $600k to pentesters it arrested for assessing courthouse security   arstechnica.com/security/... · Posted by u/MBCook
arcfour · 13 days ago
I'm not saying it's the most professional choice, but if I were about to burgle a courthouse as part of my work, I'd like a beer or two to calm my nerves beforehand.

Regarding force, this article says:

> The rules of engagement for this exercise explicitly permitted “physical attacks,” including “lockpicking,” against judicial branch buildings so long as they didn’t cause significant damage.

And later that they entered through an unlocked door, which they (it sounds like) kept unlatched by inserting something between the latch and the doorjamb. Not unreasonable.

technion · 13 days ago
I'll note 0.05 means you can't legally drive in Australia and would be issued a DUI.
technion commented on House of Lords Votes to Ban UK Children from Using Internet VPNs   ispreview.co.uk/index.php... · Posted by u/donpott
sublinear · 15 days ago
That's absurd and error prone for even the most cooperative of tenants. What does "full financial transaction history" even mean? Lazy and corrupt is what it means.

If they're too cheap to pay for a basic background check, there's no telling what kind of shady people will be your neighbors or how unmaintained those apartments are. Just find somewhere else or provide the bare minimum that will convince them (checking account only). Clearly they have no way to find what else you have, and nobody else is taking this that literally.

technion · 15 days ago
Whilst I agree in principle, its a bit like saying "never apply for a job that requires whiteboard coding or leetcode questions". Our rental market is abysmal and people can spent months sitting through rejections, without doing more of their own.
technion commented on SoundCloud Data Breach Now on HaveIBeenPwned   haveibeenpwned.com/Breach... · Posted by u/gnabgib
embedding-shape · 15 days ago
Importantly, 20% of the total userbase it seems:

> In December 2025, SoundCloud announced it had discovered unauthorised activity on its platform. The incident allowed an attacker to map publicly available SoundCloud profile data to email addresses for approximately 20% of its users. The impacted data included 30M unique email addresses, names, usernames, avatars, follower and following counts and, in some cases, the user’s country.

That's from the haveibeenpwned email which I received because of course I'm part of that 20%.

Remember to have unique passwords for each website kids, ideally with a password manager.

technion · 15 days ago
Whilst thats important advice, as far as I can tell it wouldnt help here as no passwords are breached. I had a few of our domain users on this report and as far as I can tell theres nothing actionable.
technion commented on House of Lords Votes to Ban UK Children from Using Internet VPNs   ispreview.co.uk/index.php... · Posted by u/donpott
sublinear · 16 days ago
I'm confused by what you mean (I'm an American though).

I don't think I'm unique for putting miscellaneous stuff like this on a credit card, and not even necessarily the one my bank offers. Not to hide the transaction, but because charging to debit/checking would make tracking my monthly expenses less straightforward. Payments online are also safer on credit in case a chargeback is required.

Also, are you sure you don't mean "proof of employment" showing the last three months of direct deposits? I've never heard of anyone asking for any other transactions. Similarly, pretty sure loan applications are based on credit reports. Transactions aren't relevant unless they got flagged for something so bad they showed up in the credit report (fraud, missed/late payments, etc).

technion · 16 days ago
All the properties ive rented over the last decade required an application with "full financial transaction history" for three months. I know ive submitted a statement before where a lot of expenses were "paying off credit card" and they complained the credit card expenses werent shown. I would have to imagine a rental agent looking at months worth of pornhub spending is going to count it against you.

Ive never been hit by something like this but I have friends who have:

https://www.reddit.com/r/personalfinance/comments/12s8257/la...

(Maybe this is just the horrendous Australian market talking).

t

u/technion

KarmaCake day6834June 19, 2015View Original