--- Log opened Tue Nov 24 00:00:07 2015
03:15 -!- sasquatc3 [~sasquatc4@2601:282:780:5959:719a:9dd4:cb94:79d9] has joined #se2600
03:15 -!- mode/#se2600 [+o sasquatc3] by ChanServ
03:18 -!- sasquatc4 [~sasquatc4@2601:282:780:5959:99da:e79c:3e7a:59dc] has quit [Ping timeout: 246 seconds]
05:08 -!- sasquatc4 [~sasquatc4@2601:282:780:5959:719a:9dd4:cb94:79d9] has joined #se2600
05:08 -!- mode/#se2600 [+o sasquatc4] by ChanServ
05:11 -!- sasquatc3 [~sasquatc4@2601:282:780:5959:719a:9dd4:cb94:79d9] has quit [Ping timeout: 246 seconds]
06:47 <@Dolemite> mr0ning, be0tches and h0ez!
07:04 <@Evilpig> no u
07:23  * aestetix hugs Dolemite 
07:50 -!- crashcartpro [uid29931@gateway/web/irccloud.com/x-aiixplhtmtxugsbc] has joined #se2600
07:55 -!- rattle [~rattle@tor/regular/rattle] has quit [Ping timeout: 246 seconds]
07:59 -!- rattle [~rattle@tor/regular/rattle] has joined #se2600
07:59 -!- mode/#se2600 [+o rattle] by ChanServ
07:59 -!- rattle changed the topic of #se2600 to: Just another day in the killing fields of the cyberwar.
08:00 < aestetix> ok
08:00 < aestetix> anyone here worked with logstash?
08:03 -!- sandcrawler [~sandcrawl@157.130.171.46] has joined #se2600
08:04 <@rattle> The whole ELK suite to a certain degree..
08:05 < aestetix> rattle: I'm trying to get it to store data compressed.
08:05 < aestetix> Will that impact the speed at all?
08:06 < aestetix> because otherwise all this data will fill up my drive in a couple days
08:07 <@rattle> Welcome to the joys of log management and SIEM.  Short answer, you're doomed.
08:07 < aestetix> :/
08:08 <@rattle> It's nearly impossible to deal with any sort of significant log volume and be able to use it in any meaningful way without investing a minimum of $80k, regardless of which solution you go with.
08:09 < aestetix> so the real answer is to dump it all onto s3 except for the last week's worth
08:09 <@rattle> For many orgs I've dealt with, it's upwards of $200k..
08:10 <@rattle> Key phrase there was "use it in any meaningful way".  If you just want to archive logs, have a blast with whatever cheap storage you got.
08:10 < aestetix> well the idea is, I can throw stuff on s3, and if I need to do a long term view I can make a temporary system
08:10 <@rattle> Have fun with that..
08:11 < aestetix> One thing to note
08:11 < aestetix> If I'm having this much trouble, I can't imagine what it's like for the NSA
08:13 <@rattle> In IR situations, you've got these stages to deal with:  Detection (human knows something happened) || Response (the point you've determined an action you can take) || Mitigation/Containment (you've put out the fire).
08:13 <@rattle> The gaps between them are all distinctly different in nature, and all tie into how fast you can either triage or dive deep into data.
08:14 < aestetix> ok now it sounds like you're narrating a powerpoint presentation to me
08:15 <@rattle> How much you invest in security information and event management capabilities, in addition to personnel resources, determines how big those gaps are..  And in turn, what an attacker's potential dwell time in your environment is.
08:15 < aestetix> Not even to me. Who the hell are you talking to? :p
08:16 < phy1729> p/
08:16 <@rattle> aestetix: Dude, if you've seen a powerpoint on this..  I'm one of the people that developed the doctrine it's based on.
08:16 < aestetix> I can totally see these as bulletpoints on slides with little corporate happy icons next to it
08:16 < aestetix> rattle: no, I'm mocking you for all the corporate buzzwords you're using
08:16 < phy1729> I'll listen to him rattle on
08:17 <@rattle> Don't ask me real questions if you don't want real answers.
08:18 <@rattle> There is nothing about anything that I said that's corporate.  It's doctrine.
08:18 < aestetix> IR, detection, response, mitigation/containment, "security information" "event management capabilities" "personnel resources"
08:19 < aestetix> Hmmm, let's see if I can rewrite this
08:19  * rattle snacks his head on the table.
08:19 <@rattle> THIS IS WHY WE CAN'T HAVE NICE THINGS.
08:19 < aestetix> It goes like this: some shit happens, you try to fix it, if you do it's all good, if not then you're fucked.
08:20 <@rattle> I used less characters and more descriptive terms.
08:20 < aestetix> You should get someone who knows their shit, otherwise you will see your private cat photos on 4chan.
08:20 < phy1729> and if you can't talk about thing precisely then you're wasting time explaining yourself
08:20 <@rattle> Rather, at least more descriptive terms.  You're basically wrong too, in your shortening.
08:21 <@rattle> Some shit happens, you investigate it, you figure out a way to respond, then you kick ass.  Better?
08:21 < aestetix> nice!
08:21 < aestetix> although investigate is a big word
08:21 <@rattle> Rather..  Some shit happens, you realize it happened, you investigate it, you figure out a way to deal with it, then you fucking go all boss on that shit.
08:22 < aestetix> ok rattle at the next phreaknic can I be your buzzword translator?
08:22 <@rattle> Incident --> Detection --> Response --> Containment/Mitigation
08:22 < aestetix> you do a slide on security management and I come out and say it in plain english
08:23 < phy1729> it really wasn't hard to follow before
08:23 < aestetix> My version keeps it real.
08:23 <@rattle> Moronic.  If you're praticing security, you should tie how you express what you are doing to the train of doctrine that goes back 3000 years or so.  Language is powerful, use it.
08:24 < aestetix> rattle: would you prefer to do it as a Socratic dialog?
08:24 < aestetix> You can ask me questions and let me stumble into logical fallacies where it looks like you proved me wrong
08:25 <@rattle> I think you're being argumentative for no reason.
08:26 < aestetix> Nah, just efficient.
08:27 <@rattle> Some shit happens (Incident), you realize it happened (Detection), you investigate it (Scoping), you figure out a way to deal with it (Response), then you fucking go all boss on that shit (Mitigation/Containment).
08:27 <@rattle> I think existing doctrine for these things is more efficient then wording them out.
08:27 < aestetix> What happens if you don't go all boss?
08:28 <@rattle> Dwell time extends.
08:28 < aestetix> It would also be funny to have a miniature picture of goatse as the image for a bullet in one of the slides
08:29 < aestetix> see how many eople notice it
08:29 < aestetix> phy1729: you have no sense of fun
08:29 -!- aestetix was kicked from #se2600 by rattle [Sometimes, I hate you.]
08:29 -!- aestetix [~aestetix@phalse.2600.com] has joined #se2600
08:30 < aestetix> rattle: lol
08:30 < phy1729> aestetix: I'm only a dick because I don't want to get pwned
08:30 < aestetix> actually what would be fun
08:30 -!- aestetix was kicked from #se2600 by rattle [L oh FUCKING l]
08:30 -!- aestetix [~aestetix@phalse.2600.com] has joined #se2600
08:30 <@rattle> aestetix: Hugs!
08:30 <@rattle> aestetix: (asshole)
08:31 < aestetix> Giving a security talk ala Gilbert and Sullivan
08:31 < aestetix> "I work in infosec!" ala I am an englishman
08:32 <@rattle> Honestly, I've been thinking a bit about hanging up my hat as a security practitioner.  This stuff sucks.
08:32 <@rattle> Maybe just do sales.  Easy money.
08:33 <@rattle> Just sell out..  Why not?
08:33 < aestetix> Just get a job with the NSA. It's a permanent stay-out-of-jail card
08:33 <@rattle> From what I've gathered, those jobs are worse than mine.
08:36 <@rattle> Anyway..
08:36  * rattle is back off to the killing fields.
08:37  * phy1729 assumes rattle is playing ingress
08:43 -!- klixa [~klixa@unaffiliated/klixa] has joined #se2600
08:43 -!- mode/#se2600 [+o klixa] by ChanServ
08:43 <@Evilpig> phy1729: rattle works in gubment, they're quite literal fields of killing
08:43 <@Evilpig> it's how his type blow of steam
08:43 <@Evilpig> they kill the little people
09:04 < dfused> and our souls
09:45 -!- robogoat [~robogoat@c-24-126-240-124.hsd1.ga.comcast.net] has quit [Ping timeout: 250 seconds]
09:52 -!- robogoat [~robogoat@c-24-126-240-124.hsd1.ga.comcast.net] has joined #se2600
10:17 < Healix> could just sell your body, even easier money
10:18 < aestetix> wow
10:18 < aestetix> I did a full reset on a samsung android
10:19 < aestetix> it is loaded with a bunch of shit
10:19 < Healix> i just want a pc on my phone. i wish someone would save us
10:20 < Healix> ...ubuntu..firefox...idc i just want a legit terminal
10:20 < aestetix> I did a fresh install, and noticed the battery died within 1 day
10:20 < aestetix> so I just went through and manually disabled just about everything
10:20 < aestetix> I can't believe how much shit there was
10:24 < Healix> unfortunatly i have a note 4, so i can do cyanogenMod on it. I never have instlaled it, but i cant even try it
10:25 -!- klixa [~klixa@unaffiliated/klixa] has quit [Quit: zzz]
10:37 <@Evilpig> FUCK!  I didn't grab my headphones this morning
10:38 <@Evilpig> the horror, oh god
10:40 < dfused> might as well off yourself now
10:40 < dfused> you'll never survive
10:42 <@Evilpig> I fear you might be right
10:46 -!- EnabrinTain is now known as Wyoming
10:47 -!- Wyoming is now known as EnabrinTain
11:20 -!- sync350 [~sync@c-24-99-250-250.hsd1.ga.comcast.net] has quit [Quit: wtfsleepomg]
11:50 -!- RangerZ [~Mike@c-98-240-43-56.hsd1.tn.comcast.net] has joined #se2600
11:50 -!- mode/#se2600 [+o RangerZ] by ChanServ
11:50 <@RangerZ> http://www.buzzfeed.com/juliegerstein/this-new-beard-trend-is-gonna-make-you-wanna-die-inside
11:52 < dfused> abso-goddamned-lutely no.
11:53 <@RangerZ> that is the correct answer
11:54 <@RangerZ> I'm pretty sure this is banned under the Geneva Conventions.........Even fucking Dick -The Emperor from Star Wars- Chaney wouldn't do this to captured foreigners 
11:54 <@Evilpig> isn't that what happens when you rub your beard up against a stripper?
11:55 <@Evilpig> could that just be considered an excuse for later?  
11:55 < dfused> if a stripper is wearing that much...shes doing it wrong
11:55 <@RangerZ> dfused: not the clubs Evilpig goes to
11:56 < dfused> heh
11:56 <@RangerZ> he's lucky if there are actually females there
11:57 <@Evilpig> think i'm gonna run to fat mo's over off white bridge
12:08 <@RangerZ> well... off to filming :/
12:08 <@RangerZ> FYI... I hate being on camera for this ... :/
12:08 -!- RangerZ [~Mike@c-98-240-43-56.hsd1.tn.comcast.net] has quit [Quit: Leaving.]
13:18 < dfused> hrm...so pearsonvue got hit with malware
13:29 <@Evilpig> sucks for them
13:29 <@Evilpig> what'd they get hit with?
13:30 <@sasquatc4> good god, its like everyone at my office has completely forgotten how to actually debug shit
13:30 <@sasquatc4> last week people get in a pissing match over software vs. hardware issue, when the problem could be fixed by going back 2 weeks in software revisions, go to recent and its gone
13:30 <@sasquatc4> so pretty obvious its software
13:30 < dfused> Evilpig:  http://home.pearsonvue.com/About-Pearson-VUE/Press-Room/2015/Public-Statement-Regarding-Pearson-Credential-Mana.aspx
13:31 <@sasquatc4> *recent and it exists
13:31 <@sasquatc4> now my boss is debugging some crap while im on vacation, completely ignores the 10 lines of errors before the last one and procedes to blame some other software guy, instead of you know, looking at the very first error that probably cascaded
13:35 <@Evilpig> sasquatc4: what'd you go and take vacation for?
13:35 <@Evilpig> seems like that is the first problem right there
13:35 <@Catonic> diiicks
13:36 <@Catonic> oh. now I know why Ray says "Dukes". If he said "dicks" it would be inapprops for TV, not to mention a faux pas since the character is gay.
13:37 <@Catonic> but I could be wrong on the exact syntax of that.
13:37 <@Catonic> sasquatc4: jeesus. I remember I learned that was a compiler issue on PowerC...
13:37 <@Catonic> fix the first error, because the following error may be a parsing error from the first one if you dropped a ]);
13:38 <@sasquatc4> yea, it just boggles my mind, and this isnt the first time, its happened multiple times in the past few weeks
13:38 <@Catonic> thinking about it from the perspective of package systems, it make sense to have signed binaries... which is what they do with RHEL/CentOS...
13:38 <@sasquatc4> its like they all forgot how to actually debug anything
13:39 <@Catonic> But roll-your-own CA... can be fux0r3d pretty quickly, i.e.: Dell.
13:40 <@sasquatc4> but this is why i took vacation, place was driving me insane
14:54 -!- crash180 [~Adium@199.91.139.248] has joined #se2600
14:54 -!- crash180 [~Adium@199.91.139.248] has quit [Changing host]
14:54 -!- crash180 [~Adium@pdpc/supporter/silver/CRasH180] has joined #se2600
14:54 -!- mode/#se2600 [+o crash180] by ChanServ
16:13 -!- Genphlux [~Genphlux@173-12-231-201-memphis.hfc.comcastbusiness.net] has joined #se2600
16:27 -!- Genphlux [~Genphlux@173-12-231-201-memphis.hfc.comcastbusiness.net] has quit [Ping timeout: 255 seconds]
16:35 -!- sandcrawler [~sandcrawl@157.130.171.46] has quit [Remote host closed the connection]
16:43 -!- sasquatc4 [~sasquatc4@2601:282:780:5959:719a:9dd4:cb94:79d9] has quit [Quit: Leaving]
16:45 <@crash180> Yay! It is almost Thanksgiving!
16:56 -!- robogoat [~robogoat@c-24-126-240-124.hsd1.ga.comcast.net] has quit [Ping timeout: 246 seconds]
16:58 -!- robogoat [~robogoat@c-24-126-240-124.hsd1.ga.comcast.net] has joined #se2600
17:11 -!- crash180 [~Adium@pdpc/supporter/silver/CRasH180] has quit [Quit: Leaving.]
17:56 -!- Shadow404 [~shadow404@c-73-184-233-72.hsd1.ga.comcast.net] has joined #se2600
17:56 -!- mode/#se2600 [+o Shadow404] by ChanServ
18:04 -!- Catonic [~catonic@adsl-98-83-119-206.bhm.bellsouth.net] has quit [Ping timeout: 265 seconds]
18:04 <@Evilpig> fuckin' movers broke one of the feet on my crockpot.  like how the fuck?
18:05 <@Evilpig> https://goo.gl/photos/1NWv4hXgXtr3xJii6
18:10 <@Shadow404> overstacking, heavy objects on top or object dropped on top on one section f the crockpot over stressed the leg and crack
18:13 <@Evilpig> I want to chain these asshole in their building and burn it down while they're forced to sit on comcast tech support calls
18:20 -!- klixa [~klixa@unaffiliated/klixa] has joined #se2600
18:20 -!- mode/#se2600 [+o klixa] by ChanServ
18:27 -!- klixa [~klixa@unaffiliated/klixa] has quit [Quit: zzz]
18:54 < RangerZ1> Evilpig: comcastic service?
18:54 < RangerZ1> ouch
18:54 < RangerZ1> that plus the pig they broke :/
18:58 <@Evilpig> and half of my drinking glasses, the leg of my table, the lamp, ....
19:03 < RangerZ1> ouch
19:07 < RangerZ1> jesus christ... today is the _first_ case of Chicago PD officer being charged with murder for actions when they were "on duty"
19:08 < RangerZ1> they have only had 1 police shooting _per week_ for the past 30 years....
19:15 -!- am1n0 [~devnull@unaffiliated/am1n0] has quit [Ping timeout: 250 seconds]
19:19 -!- robogoat [~robogoat@c-24-126-240-124.hsd1.ga.comcast.net] has quit [Ping timeout: 240 seconds]
19:22 -!- am1n0 [~devnull@psychonaut.iamdevnull.info] has joined #se2600
19:22 -!- am1n0 [~devnull@psychonaut.iamdevnull.info] has quit [Changing host]
19:22 -!- am1n0 [~devnull@unaffiliated/am1n0] has joined #se2600
19:23 -!- mode/#se2600 [+o am1n0] by ChanServ
19:30 -!- robogoat [~robogoat@c-24-126-240-124.hsd1.ga.comcast.net] has joined #se2600
19:45 -!- robogoat [~robogoat@c-24-126-240-124.hsd1.ga.comcast.net] has quit [Ping timeout: 260 seconds]
19:59 -!- sync350 [~sync@c-24-99-250-250.hsd1.ga.comcast.net] has joined #se2600
19:59 -!- mode/#se2600 [+o sync350] by ChanServ
20:09 -!- Catonic [~catonic@adsl-98-83-116-5.bhm.bellsouth.net] has joined #se2600
20:10 -!- mode/#se2600 [+o Catonic] by ChanServ
20:23 -!- klixa [~klixa@unaffiliated/klixa] has joined #se2600
20:23 -!- mode/#se2600 [+o klixa] by ChanServ
20:23 -!- klixa [~klixa@unaffiliated/klixa] has quit [Client Quit]
20:54 -!- crash180 [~Adium@199.91.139.248] has joined #se2600
20:54 -!- crash180 [~Adium@199.91.139.248] has quit [Changing host]
20:54 -!- crash180 [~Adium@pdpc/supporter/silver/CRasH180] has joined #se2600
20:54 -!- mode/#se2600 [+o crash180] by ChanServ
20:58 -!- robogoat [~robogoat@c-24-126-240-124.hsd1.ga.comcast.net] has joined #se2600
21:14 -!- crash180 [~Adium@pdpc/supporter/silver/CRasH180] has quit [Quit: Leaving.]
21:14 -!- robogoat [~robogoat@c-24-126-240-124.hsd1.ga.comcast.net] has quit [Ping timeout: 240 seconds]
22:02 -!- robogoat [~robogoat@c-24-126-240-124.hsd1.ga.comcast.net] has joined #se2600
22:05 -!- klixa [~klixa@unaffiliated/klixa] has joined #se2600
22:05 -!- mode/#se2600 [+o klixa] by ChanServ
22:06 -!- klixa [~klixa@unaffiliated/klixa] has quit [Client Quit]
23:40 -!- robogoat [~robogoat@c-24-126-240-124.hsd1.ga.comcast.net] has quit [Ping timeout: 240 seconds]
23:40 -!- robogoat [~robogoat@c-24-126-240-124.hsd1.ga.comcast.net] has joined #se2600
--- Log closed Wed Nov 25 00:00:09 2015