Oh man, Fortinet *yet again*! A symlink bug that *still grants* read-only access even after updates? Seriously, that's my kind of 'funny'!

It just goes to show how crucial manual testing really is. You know, the kind of thing automated scans often just don't catch. Our clients are *always* relieved when we spot these things before a malicious actor does!

So yeah, updates are vital, but *don't forget* to double-check those configs! Otherwise, attackers might still have a foothold, even after you've 'patched'.

Just remember: Security isn't just a product you buy; it's an ongoing process. And let's be real, it also needs to fit the budget.

What persistence tricks do you all have up your sleeve?

While Marco #Rubio oversees the rendition of innocent men to indefinite detention in foreign prisons, one of his top security personnel is arrested in Brussels for allegedly assaulting cops and hotel staff after demanding a drink after hours.

The best people? https://www.washingtonexaminer.com/news/3368419/
#MarcoRubio #PoliticalScandal #SecurityArrest #Brussels #PoliceAssault #PoliticalCorruption #Accountability #InnocentMen #ForeignPrisons #PoliticalHypocrisy #SecurityFail #PoliticalNews #BreakingNews #uspol

Was slightly amused earlier today when looking at Task Manager on a Windows server and found a properly ancient version of TeamViewer running on it.

Did I mention this server has direct internet access?

And is part of the security system for this site?

Das Tastenfeld des Hotelzimmersafes quittiert jeden Tastendruck mit einem lauten Piep. Und während ich nachvollziehen kann, dass man bei so schwammigen Gummitastaturen ein akustisches Quittier-Signal erzeugt, wissen jetzt halt die beiden Zimmer neben mir, dass ich an dem Safe dran war und wie viele Stellen die gewählte PIN hat. #abenteuerhotel #securityfail

Bank emails: Never click links in emails claiming to be from us, your bank! It's not safe.

Also Bank emails: To complete this transaction, click this link.

I'm not sure if I get something wrong, but I think #Microsoft #Entra ID #Password Protection is complete rubbish. E.g. when ban weak passwords with the ominous 5 points rule the results seem to be completely arbitrary.

Microsoft speaks of including commonly used weak or compromised passwords in their Global banned password list. But the list isn't based on any external data source, so leaked passwords not leaked by Microsoft are not included ​.

This leads to:
Known leaked passwords are accepted. Location name plus year is accepted. Dictionary word plus year is accepted!!!

Not sure if this applies only to German dictionary words.

It gets even worse. Reading the documentation, I found "Characters not allowed: Unicode characters" WTF

Coming back to the weird point system. A banned password is not really banned, it gives you "only" 1 point (and you need five).

This leads to the question how many points do none-banned words give?

If you think it can't get worse, you're wrong! It looks like each character of a none-banned word gives one point. Meaning "password1234" is an accepted password. (1 point for password and 4 for each digit)

And you can't do anything against it.

Anyone have a preferred method for physically disabling the microphone on an indoor security camera? (Wansview Q5)

I have the microphone turned off according to the app, but I'm getting audio feedback when I have the app running in the same room as the camera, so... I don't think it's really off.

Would polymer clay in the hole do the trick?

Wenn du ein altes Android Handy auskramst damit du "sicheres #Banking" machen kannst. #securityFail

Independent security analyst points out security flaws in an app the NZ government is developing, to provide citizens with access to their COVID-19 vaccination record:
https://www.rnz.co.nz/news/covid-19/453505/it-expert-says-my-covid-record-app-at-risk-of-security-breaches

I really should've put a few cable ties or something through the whole of that key before letting #BeardGrabber play with this #padlock.

(It's also why I prefer #locks that need the key to be inserted to actually lock them...)

Tried cutting a copy out of a tin can, but all I got out of that was a small cut. The metal probably was not thick and sturdy enough, or it might also have needed the raised edge on the side. Guess I could look up #lockpicking instructions for a #MasterLock no.130.

Fortunately I should still have some other locks in a storage box, and am not in urgent need for one. :) Might find a spare key too, if I look for it; else I can always cut or file through the key. :)

#parenting #securityFail #dadsOfMastodon

https://toot.cat/media/MhbJWbyUBX44BiF_p6E

@sophia after showing this to my wife, she shared this one from #TMobileAustria, from April 2018, with me: https://www.reddit.com/r/sysadmin/comments/8aem4n/tmobile_plaintext_password_data_breach_thought_to/
and from the same thread, also: https://twitter.com/hanno/status/982530027135922179

(Now I wonder/hope *they* have at least cleaned up their act by now)

From the tales of the solution is worse than the problem:
Business partner loses control of an email account; it emails all their contacts a malicious attachment. 1 hour later, that same account sends out an email , and puts Every. Single. Recipient in the 'TO' field warning them not to open the previous message.
Guess everyone knows all their business partners and customers now
#infosec #netsec #SecurityFail #sysadmin