Yep, indeed. I have some doubts regarding the level of complexity in finding a good solution. It's not that it is simple, but rather that it can be made to be eaiser to find when thinking outside the box of the old style "you should do this and that". Like 15% wage reduction if your computer isn't clean at the end of a day's work: you can have your freedom as long as the result isn't harmful. And don't rely on people to verify this, but on automated solutions.jsmorley wrote: ↑September 14th, 2020, 1:04 pm One of the biggest challenges for a security administrator is how to "balance" the security needs of the company with giving appropriate "freedom" to the end-users, to ensure that they can effectively do their jobs and be creative, and not have them live in some version of North Korea. It's a balance that is really, really complicated to find.
"Trust" and "assume" are not words that are, nor should be, in the vocabulary of any security administrator.
It is currently October 9th, 2024, 4:19 am
it firm softserve hacked locked down plundered
-
- Rainmeter Sage
- Posts: 8390
- Joined: February 27th, 2015, 2:38 pm
- Location: Terra Yincognita
Re: it firm softserve hacked locked down plundered
-
- Rainmeter Sage
- Posts: 8390
- Joined: February 27th, 2015, 2:38 pm
- Location: Terra Yincognita
Re: it firm softserve hacked locked down plundered
Ah, I see.jsmorley wrote: ↑September 14th, 2020, 1:10 pm There is the Rainmeter "group", which helps some with visibility. As long as an author adds their "submission", which is just thrown in the general pool, to the Rainmeter "group", that can make it a bit easier to find.
What there used to be is a Rainmeter "category", which allowed skins to be separately listed and found on the general site, and probably as important, restricted submissions to the .rmskin file type. That restriction is no longer supported on the site.
-
- Developer
- Posts: 22843
- Joined: April 19th, 2009, 11:02 pm
- Location: Fort Hunt, Virginia, USA
Re: it firm softserve hacked locked down plundered
Trouble is, once your company's system has been hacked, and 5 million credit card numbers belonging to your customers are out on the dark web for sale to the highest bidder, closing that particular barn door after 5 million horses are out hardly seems effective when your company is front page news on CNBC.com, and Jim Cramer is screaming at the TV audience to sell the stock.Yincognito wrote: ↑September 14th, 2020, 1:15 pm Yep, indeed. I have some doubts regarding the level of complexity in finding a good solution. It's not that it is simple, but rather that it can be made to be eaiser to find when thinking outside the box of the old style "you should do this and that". Like 15% wage reduction if your computer isn't clean at the end of a day's work: you can have your freedom as long as the result isn't harmful. And don't rely on people to verify this, but on automated solutions.
Your CEO is going to listen patiently while you explain that it happened even though you made all those employees promise not to download Rainmeter skins from sputnik.com, but trust me, while he is listening, he is texting security to clear out your office and disable your keycard.
-
- Rainmeter Sage
- Posts: 8390
- Joined: February 27th, 2015, 2:38 pm
- Location: Terra Yincognita
Re: it firm softserve hacked locked down plundered
Haha, yes, I know - but I just said that the way I'd do it is not looking for empty promises, but prevention measures through automated systems and a hefty financial penalty for non-compliance. Anyway, I still believe doing things like people use to do is going to bring back the issue again, this time for another program instead of Rainmeter. This isn't about Rainmeter being "unsafe" in a business environment, this is about almost every software out there being like that - it just happened that it was Rainmeter this time, but it could have been any other. Sure, your advice is probably correct and should be followed, but it doesn't guarantee that it won't happen again with another program - even one that was considered "safe" by the "experts", if you know what I mean.jsmorley wrote: ↑September 14th, 2020, 6:14 pm Trouble is, once your company's system has been hacked, and 5 million credit card numbers belonging to your customers are out on the dark web for sale to the highest bidder, closing that particular barn door after 5 million horses are out hardly seems effective when your company is front page news on CNBC.com, and Jim Cramer is screaming at the TV audience to sell the stock.
Your CEO is going to listen patiently while you explain that it happened even though you made all those employees promise not to download Rainmeter skins from sputnik.com, but trust me, while he is listening, he is texting security to clear out your office and disable your keycard.
-
- Posts: 172
- Joined: July 8th, 2018, 8:05 pm
Re: it firm softserve hacked locked down plundered
IMHO this discussion is a classic example of a "never ending" one...
At the foundation sit a very simple but very evil/good concept (it depend how you see it); in technology (and in science in general) always apply the principle "there's a countermeasure for each measure" (or viceversa..), it's embedded in human nature the willingness to find the smarter answer to the smartest question.
In IT security this "cat and mouse" game is even more amplified because money, at the end, (and lots of it!) are involved, as rightly jsmorley pointed out.
So, at least for now, considering this factors, that's why, in my opinion, this is a "never ending" discussion
With this is not my intention to criticize any of yours arguments, all pertinent and on point, just my 2 cents...
At the foundation sit a very simple but very evil/good concept (it depend how you see it); in technology (and in science in general) always apply the principle "there's a countermeasure for each measure" (or viceversa..), it's embedded in human nature the willingness to find the smarter answer to the smartest question.
In IT security this "cat and mouse" game is even more amplified because money, at the end, (and lots of it!) are involved, as rightly jsmorley pointed out.
So, at least for now, considering this factors, that's why, in my opinion, this is a "never ending" discussion
With this is not my intention to criticize any of yours arguments, all pertinent and on point, just my 2 cents...
-
- Rainmeter Sage
- Posts: 8390
- Joined: February 27th, 2015, 2:38 pm
- Location: Terra Yincognita
Re: it firm softserve hacked locked down plundered
I fully agree - any defence can be broken eventually. My point was that this did not happen because Rainmeter "isn't safe" in a business environment, but because of the company's employees behavior. This can happen for "safe" software as well - simple example: have a running antivirus but disabling it (or its relevant options). Even "dangerous" programs (like virus samples) can be made to not cause harm by using them appropriately.brax64 wrote: ↑September 14th, 2020, 9:42 pm IMHO this discussion is a classic example of a "never ending" one...
At the foundation sit a very simple but very evil/good concept (it depend how you see it); in technology (and in science in general) always apply the principle "there's a countermeasure for each measure" (or viceversa..), it's embedded in human nature the willingness to find the smarter answer to the smartest question.
In IT security this "cat and mouse" game is even more amplified because money, at the end, (and lots of it!) are involved, as rightly jsmorley pointed out.
So, at least for now, considering this factors, that's why, in my opinion, this is a "never ending" discussion
With this is not my intention to criticize any of yours arguments, all pertinent and on point, just my 2 cents...
Irresponsible behavior cannot be fixed by banning X or Y program from use in a specific environment, but by making the behavior to be responsible. I know it's often easier and more realistic to apply the former as human nature is rather difficult to control, but the effective solution is nevertheless the latter.
-
- Developer
- Posts: 22843
- Joined: April 19th, 2009, 11:02 pm
- Location: Fort Hunt, Virginia, USA
Re: it firm softserve hacked locked down plundered
Yes, but has often been said: "Everyone in the world is crazy except you and me Bob, and lately I've been wondering about you..."Yincognito wrote: ↑September 14th, 2020, 10:05 pm I fully agree - any defence can be broken eventually. My point was that this did not happen because Rainmeter "isn't safe" in a business environment, but because of the company's employees behavior. This can happen for "safe" software as well - simple example: have a running antivirus but disabling it (or its relevant options). Even "dangerous" programs (like virus samples) can be made to not cause harm by using them appropriately.
Irresponsible behavior cannot be fixed by banning X or Y program from use in a specific environment, but by making the behavior to be responsible. I know it's often easier and more realistic to apply the former as human nature is rather difficult to control, but the effective solution is nevertheless the latter.
-
- Rainmeter Sage
- Posts: 8390
- Joined: February 27th, 2015, 2:38 pm
- Location: Terra Yincognita
Re: it firm softserve hacked locked down plundered
We're wondering about everyone anyway, even ourselves...
-
- Posts: 33
- Joined: September 14th, 2020, 8:54 am
Re: it firm softserve hacked locked down plundered
Hello!
Good to hear all is well with SilverAzide!
Couldn't do without his Gadgets Suite!
Maybe off topic but I'm curious why browsers block this:
Is this normal?
All certificate looks identical to screenshots from jsmorley shown in here.
Best regards,
redorbroder
Good to hear all is well with SilverAzide!
Couldn't do without his Gadgets Suite!
Maybe off topic but I'm curious why browsers block this:
Code: Select all
Rainmeter-4.4-r3404-beta.exe
Opening "Issuer Statement" links to
https://secure.comodo.net/CPS
Browsers I tested (Firefox, Chrome, Waterfox).
All certificate looks identical to screenshots from jsmorley shown in here.
Best regards,
redorbroder
Code: Select all
A rough google translation from swedish:
The connection is not private
An attacker could try to steal your information from secure.comodo.net (such as passwords, messages, or credit card information).
Read more
NET :: ERR_CERT_DATE_INVALID
Help us make the web more secure for everyone by submitting URLs to certain pages you visit, certain system information and certain page content to Google's Privacy Policy
The server's identity as secure.comodo.net could not be verified because its security certificate expired 103 days ago. This may be because the server is incorrectly configured or the connection has been lost. The clock on the computer is currently set to Tuesday 15 September 2020. Is it working correctly? Otherwise, you should reset the computer clock and then refresh the page.
Continue to secure.comodo.net (unsafe)
-
- Rainmeter Sage
- Posts: 8390
- Joined: February 27th, 2015, 2:38 pm
- Location: Terra Yincognita
Re: it firm softserve hacked locked down plundered
Just guessing here, but Comodo's Wiki page might offer some clues about it. It may be nothing or it may be something, but I won't try to find out:redorbroder wrote: ↑September 15th, 2020, 11:47 amMaybe off topic but I'm curious why browsers block this:
Is this normal?Code: Select all
Rainmeter-4.4-r3404-beta.exe Opening "Issuer Statement" links to https://secure.comodo.net/CPS Browsers I tested (Firefox, Chrome, Waterfox).
All certificate looks identical to screenshots from jsmorley shown in here.
Best regards,
redorbroder
- the official site is listed as comodo.com, this one is comodo.net
- certificate hacking appears associated with Comodo, albeit the section is from a couple of years ago
- the WhoIs page for comodo.com isn't quite identical to the one for Comodo.net
But then, as I said, it could be nothing, although it's a bit strange. This and this seem to offer some sort of an explanation for it. Again, I won't try to find out, better safe than sorry.
So SilverAzide is back on DA? If so, that's good news - doesn't change my evaluation on them though. And his Gadgets Suite is available here on the forum as well (actually, downloadable from GitHub), so that was a non-issue.redorbroder wrote: ↑September 15th, 2020, 11:47 am Good to hear all is well with SilverAzide!
Couldn't do without his Gadgets Suite!
EDIT: Just checked his gadgets link on DA and doesn't work, so I'm not sure I understood what you meant by "all is well with SilverAzide" - maybe you know something that I don't, or I misunderstood something...