--- Log opened Fri May 27 00:00:57 2016
03:03 < aestetix> I brougut him back
03:03 < aestetix> https://trust.aestetix.com
03:03 < PigBot> Title: See who your friends trust (at trust.aestetix.com) http://tinyurl.com/zbq4he9
05:30 -!- Catonic [~catonic@153.sub-70-193-68.myvzw.com] has joined #se2600
05:30 -!- mode/#se2600 [+o Catonic] by ChanServ
06:29 <@Dolemite> mr0ning, be0tches and h0ez!
06:35 <@RangerZ> http://www.zdnet.com/article/googles-victory-over-oracle-a-win-for-developers/
06:35 < PigBot> Title: Google's victory over Oracle: A win for developers | ZDNet (at www.zdnet.com) http://tinyurl.com/j9oom3u
06:35 <@RangerZ> oh thank god
06:35 <@RangerZ> because we'd all be fucked in short order if it went the other way around...
08:48 -!- TheDukh [~thedukh@2607:fcc8:ac80:d900:1da0:eb34:d8f0:c370] has joined #se2600
09:37 -!- rattle [041c8581@tor/regular/rattle] has joined #se2600
09:37 -!- mode/#se2600 [+o rattle] by ChanServ
11:52 -!- fie_ [~fie@199.15.197.95] has quit [Ping timeout: 244 seconds]
11:56 -!- fie [~fie@199.15.197.95] has joined #se2600
12:27 < dasunt> What's in an old electric range that has value for scrappers?
12:28 <@oddball> metal
12:30 < dasunt> I'm just confused how our crap gets picked up so quickly when we list it for free on CL.
12:31 < dasunt> Neighbor did her (destroyed by dryer fire) electric dryer, which makes sense - copper in the motor is probably worth pulling.
12:32 < dasunt> But an electric range has no motors.  Probably a little copper in the control panel.  I'm not sure what the elements are.
13:16 -!- sicssssscam [~sicsscam@24.154.70.234] has quit [Quit: Leaving]
13:42 <@opticron> the elements are definitely not copper
13:51 < aestetix> penis
14:22 -!- rattle [041c8581@tor/regular/rattle] has quit [Ping timeout: 250 seconds]
14:24 -!- rattle [041c8581@tor/regular/rattle] has joined #se2600
14:24 -!- mode/#se2600 [+o rattle] by ChanServ
15:53 -!- rattle [041c8581@tor/regular/rattle] has quit [Ping timeout: 250 seconds]
16:01 -!- TheDukh [~thedukh@2607:fcc8:ac80:d900:1da0:eb34:d8f0:c370] has quit []
16:15 < aestetix> https://t.co/FnIjMyAFjq
16:15 < aestetix> fucking hell
16:15 < aestetix> http://www.allenbwest.com/matt-palumbo/professor-resigns-after-conservative-speaker-silenced-but-not-why-you-think
16:28 <@Catonic> ikr
16:34 -!- TheDukh [~thedukh@2607:fcc8:ac80:d900:2492:9b71:d0f5:7b52] has joined #se2600
16:34 -!- TheDukh [~thedukh@2607:fcc8:ac80:d900:2492:9b71:d0f5:7b52] has quit [Client Quit]
16:36 -!- rattle [b8994ab1@tor/regular/rattle] has joined #se2600
16:36 -!- mode/#se2600 [+o rattle] by ChanServ
16:37 <@rattle> Neoteric: Cassandra Butts died.
16:42 < aestetix> who?
16:43 <@rattle> Someone Tim and I worked with at CAP.  She's only like ten years older than the two of us, so it's odd, and sad.
16:47 < aestetix> aww
16:47 < aestetix> and what an unfortunate name
16:48 <@rattle> I know.  I was constantly seeing cbutts in logs and chuckling to myself.
16:49 < aestetix> ugh slides
16:51 <@rattle> I did a keynote two weeks ago, and decided to forgo any slides and just talk.  It was liberating.  I may try to never use powerpoint again.
16:52 < aestetix> Oh, the slides I do are generally just pictures.
16:54 <@oddball> Now for your daily stupid: https://scontent.xx.fbcdn.net/v/t1.0-9/13265998_967991270862_4241155244939985708_n.jpg?oh=88025060a5759085a850ac5656e69bfd&oe=57CEF893,
16:54 < aestetix> rattle: is there a video of it?
16:54 < aestetix> ..... or is it even worth watching
16:55 <@rattle> I'm pretty sure access to the video is restricted..
16:56 < aestetix> So much for liberation.
16:59 <@rattle> I don't even know if there is video.  It was chatham house rule, so I doubt it.
17:00 < aestetix> What did you speak about
17:01 <@rattle> Changes in endpoint security strategy/tactics since the mid 200x's, and using deception against advanced adversaries on compromised networks.
17:05 <@rattle> There was some stuff in there about security analytics and microsegmentation..
17:08 <@rattle> I basically made the argument that if you've scoped a compromise to the degree you are ready to remediate, it's usually better to leave the compromise in place, but place countermeasures to whack everything if C2 is activated, rather than immediately remediate.
17:09 <@rattle> That way the adversary things they still have a foothold in the organization, but they will not be able to successfully act on their objectives at a time of their choosing.
17:10 <@rattle> If you immediately remediate, they're likely to get back in again in a way you're not going to see, and you'll be back at the same disadvantage you were when you discovered the compromise.
17:12 <@rattle> So basically, deception tactics.
17:13 <@rattle> ... and denial by disruption.
17:14 < aestetix> This interests me a lot, actually.
17:15 < aestetix> As someone who just lost a week combating a really, really annoying DDoS/hack attempt.
17:15 <@rattle> Well, I just saved you about 40 minutes of listening to me talk.
17:15 < aestetix> lol
17:15 < aestetix> They were trying to log into our website, about 500,000 login attempts in 15 minutes.
17:15 < aestetix> Literally the day I was starting to focus on putting rate limiting on the load balancer.
17:16 < aestetix> Based on the emails they used, I suspect it's related to the linkedin hack.
17:16 < aestetix> I'm actually curious how many companes saw an increase in brute-force login attempts after that.
17:16 <@rattle> Not shocking.  Now that those creds have been dropped, I'm sure there are many a mutherfucker going to town on it..
17:17 < aestetix> But yeah. This whole week, it was a bunch of read haproxy docs, and start testing out load balancer config, and then drop everything and spend a few hours combatting the traffic load.
17:17 <@rattle> One of the only reasons I think short period password rotation is important, is because it forces mofos' to use different passwords for corp than personal sites..  Because no one is changing passwords every 30-60 days on their personal shit.
17:18 < aestetix> And given that it was around 400-500 ips attacking....
17:19 < aestetix> Actually, I think the best solution would have been Mozilla's Persona.
17:19 <@rattle> I was able to use the LinkedIn shit this week as a tool to encourage folks to setup 2fa on their LinkedIn and Facebook.  Based on proxy logs, a bunch of folks did..  So it was a gift to me.
17:19 < aestetix> But then politics happened at Mozilla and it got discontinued :/
17:19 < aestetix> Facebook Connect has the right idea, but the wrong implementation. Give me a tool where I can locally host an SSO tool, and I'm all about it.
17:20 < aestetix> rattle: 2fa is tricky for me since I have no phone. :)
17:22 <@rattle> Isn't there some sorta online voip thing you can use that can accept SMS?
17:22 < aestetix> You mean skype?
17:22 <@rattle> SMS isn't my preferred 2fa method, as it can be compromised with some telco/state collusion..  But it's better than nothing.
17:23 < aestetix> Of course I also have no facebook account and don't use linkedin
17:23 < aestetix> Although I still got an email because I used linkedin years ago :/
17:24 < aestetix> rattle: tbqh, for me 1password is the best tool I've found.
17:25 <@rattle> I don't use password managers for my personal stuff.  I do the memory neumonic transposition thing..
18:12 < aestetix> https://www.youtube.com/watch?v=eSt62K70o0E
18:12 < PigBot> Title: Milo Yiannopoulos tells lesbian she doesnt exist - YouTube (at www.youtube.com) http://tinyurl.com/jch7dm9
18:37 -!- rattle [b8994ab1@tor/regular/rattle] has quit [Ping timeout: 250 seconds]
22:43 -!- Mirage [~mirage@173.57.28.51] has quit [Ping timeout: 272 seconds]
23:18 -!- klixa [~klixa@unaffiliated/klixa] has joined #se2600
23:18 -!- mode/#se2600 [+o klixa] by ChanServ
--- Log closed Sat May 28 00:00:00 2016