March 11, 2019 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | >
March 11, 2019 [04:22:19] *** stormlights <stormlights!~stormligh@c-73-70-50-103.hsd1.ca.comcast.net> has quit IRC ()[05:03:47] *** geheimnis` <geheimnis`!~geheimnis@23.226.237.192> has quit IRC (Ping timeout: 240 seconds)[05:04:47] *** geheimnis` <geheimnis`!~geheimnis@23.226.237.192> has joined #Citrix[11:16:33] <hardlock> https://thehackernews.com/2019/03/citrix-data-breach.html[11:21:16] <hardlock> that sounds much worse that citrix wrote on their blog[12:13:22] <Olivier83> indeed[12:26:05] *** Olivier83 <Olivier83!~Olivier83@31.221.4.66> has quit IRC (Read error: Connection reset by peer)[12:38:24] *** kahnibus <kahnibus!~Alex@129.3.29.171> has joined #Citrix[12:45:56] *** Olivier83 <Olivier83!~Olivier83@31.221.4.66> has joined #Citrix[13:39:51] *** braynyac <braynyac!uid6699@gateway/web/irccloud.com/x-gfkhzgernjbjulxv> has joined #Citrix[13:49:58] *** SixStr <SixStr!~SixStr@pool-100-2-219-130.nycmny.fios.verizon.net> has joined #Citrix[13:50:23] *** SixStr <SixStr!~SixStr@pool-100-2-219-130.nycmny.fios.verizon.net> has quit IRC (Client Quit)[14:30:47] <Biny> eesh.[15:05:03] <tabularasa> morning peeps[15:05:14] <Biny> mornin[15:13:51] <braynyac> 10 YEARS!!![15:13:52] <braynyac> Dang[15:42:29] * hardlock sends a bud light[15:44:49] <tabularasa> heh[15:49:12] <Olivier83> 10 years of what?[15:54:31] <BobFrankly> citrix network comprimisies[15:58:02] <braynyac> That Iran was allegedly inside Citrix's network, according to the report(s).[15:58:36] <hardlock> Citrix network = Citrix cloud too?[15:58:59] <braynyac> unsure. My reading is Citrix internal network only, but at this point, who knows[15:59:51] <braynyac> Olivier83: Here's another article - https://www.brianmadden.com/opinion/Citrix-security-incident-2019[16:10:19] <hardlock> Citrix said it was warned by the FBI on Wednesday of foreign hackers compromising its IT systems and stealing "business documents," adding that the company does not know precisely which documents the hackers obtained nor how they got in[16:10:28] <hardlock> this story is so weird[16:10:45] <hardlock> how comes that FBI knows what happened but Citrix does not?[16:11:39] <BobFrankly> FBI's probably watching the Iranians[16:13:18] * BobFrankly wonders if "business documents" = source code[16:20:04] <hardlock> i checked darknet markets for ADC source code[16:20:06] <hardlock> nothing yet[16:20:10] <hardlock> :P[16:21:16] <BobFrankly> well if it's nation-state hacking, they're probably less likely to share[16:21:38] <hardlock> i can imagine ransom soon[16:22:26] <hardlock> or maybe this already happened and thats why they know[16:23:03] <BobFrankly> I see hacking Citrix as a means to an end, not the end initself[16:24:47] <BobFrankly> if the got a customer list and source code, if/when they find a weakness to exploit, they'll know who to aim it at[17:20:42] *** marie1972 <marie1972!~changeme@cpe-72-128-5-100.kc.res.rr.com> has joined #Citrix[17:45:32] <tabularasa> powershell people...[17:46:00] <tabularasa> https://docs.microsoft.com/en-us/powershell/module/az.resources/?view=azps-1.4.0[17:46:15] <tabularasa> I want to export ALL the commands to notepad so i can search them... (unless there is a better way to do this)[17:46:25] <tabularasa> Get-Command -Module Az doesn't return shit[17:46:47] <tabularasa> i could do Get-Command -module Az.Resources, and that works, but if you look at that link there is like Az.100modules[17:46:50] <tabularasa> suggestions?[17:51:35] <BobFrankly> tabularasa: use the proeprties and |Select[17:51:54] <BobFrankly> blah[17:52:02] <BobFrankly> use properties and where-object[17:52:14] <tabularasa> ?[17:52:40] <tabularasa> talk to me like i'm a powershell dummy (because i am)[17:52:50] <BobFrankly> gcm -module az.resources returns a bunch of stuff....so[17:52:59] <BobFrankly> gcm -module az.resources | Select -first 5[17:53:17] <BobFrankly> figure out what propertyname you want to filter by[17:53:49] <BobFrankly> gcm -module az.resources | ? {$_.propertyname -match "thingIwant"}[17:54:46] <tabularasa> i understand that... but i want ALL of Az.stuffhere[17:54:47] <BobFrankly> alternativly, you can mix on module and name filters gcm -module az* get-*[17:54:56] <tabularasa> and stuffhere is like 100 things[17:55:08] <BobFrankly> gcm -modulename az*[17:55:08] <tabularasa> Az.VirtualMachines, Az.REsources, Az.Marketplace[17:55:09] <BobFrankly> ?[17:55:34] <tabularasa> yes, that works[17:56:20] <BobFrankly> you can also gcm -modulename az* | out-gridview[17:56:26] <tabularasa> perfect, thank you.[17:56:29] <tabularasa> that's what i needed[17:56:51] <BobFrankly> np[17:57:02] <tabularasa> My Hero. :)[17:57:08] <tabularasa> i'll put you on the toffee list for this year[17:58:09] <tabularasa> it sucks sucking at powershell[17:58:25] <BobFrankly> get good with select-object and where-object[18:09:04] <hardlock> https://www.ssllabs.com/ssltest/analyze.html?d=ftlaaa.citrix.com&hideResults=on[18:09:11] <hardlock> and then they wonder why they get hacked[18:09:45] <hardlock> https://www.ssllabs.com/ssltest/analyze.html?d=go.citrix.com&hideResults=on[18:10:01] <hardlock> i informed them last year about this[18:15:30] *** echelog-2 <echelog-2!~echelog-2@108.61.103.42> has joined #Citrix[18:15:37] <BobFrankly> hardlock: sounds more likely that some employees had weak passwords giving the iranians a foothold to expand from[18:15:44] *** BGL <BGL!fifty@75-149-171-58-Washington.hfc.comcastbusiness.net> has quit IRC (Ping timeout: 268 seconds)[18:15:53] <BobFrankly> at least, according to the articles[18:19:31] *** tris <tris!tristan@camel.ethereal.net> has quit IRC (Excess Flood)[18:20:11] *** tris <tris!tristan@camel.ethereal.net> has joined #Citrix[18:21:39] <hardlock> whats what they want you to believe of course[18:21:49] <hardlock> but actually password spraying is not even needed anymore[18:22:01] <hardlock> you can download gigabytes of hacked/leaked passwords[18:22:35] <hardlock> there are torrents containing emails and password combinations of most companies[18:22:45] <hardlock> i downloaded once such a db. 40gb of data[18:22:53] <hardlock> my email was in there with my password[18:23:08] <hardlock> but it was my trash mail - exactly for such reasons[18:23:53] <BobFrankly> of course, where do you think they get the passwords for spraying?[18:24:03] <hardlock> some quick checks gave me logins of most big companies in my country[18:24:22] <hardlock> well they say weak passwords[18:24:34] <hardlock> but if you work with such a dump, you have complex passwords aswell[18:25:00] <hardlock> weak passwords = nsroot/nsroot[18:25:01] <hardlock> :P[18:25:06] <Biny> nsr00t[18:25:08] <BobFrankly> *weak* may mean one thing to you, and another thing to someone else :)[18:25:09] <hardlock> that maybe worked on the internal netscalers[18:25:12] <Biny> i am gr00t[18:25:31] <BobFrankly> no, Biny is N3wt(erd)[18:26:05] <hardlock> the netscalers i scanned are running a vulnerable version[18:26:17] <hardlock> and use CBC or RC4 ciphers[18:26:56] <hardlock> if they dont even care on their own product, imagine a vpn or firewall setup[18:27:15] *** Olivier83 <Olivier83!~Olivier83@31.221.4.66> has quit IRC (Read error: Connection reset by peer)[18:27:19] <hardlock> but i should stop talking. fbi probably reading here[18:27:22] <hardlock> :o[18:27:45] <hardlock> my ip is logged now. ding dong. men in black suites at the door[18:28:19] <hardlock> *suits[18:29:03] <hardlock> sunglasses and this "men in black" device which wipes my memories[18:29:06] <BobFrankly> that'd only happen if they were involved in some nation-sta....yeah. you're probably best leaving this alone[18:36:08] <hardlock> btw: nobody ever wondered why they forced a password reset of all sharefile accounts last year?[18:36:34] <hardlock> there was never a reasonably statement about that[18:41:13] <cs-bot> <david62277> hardlock i just brought that up in the CTA slack channel[18:41:31] <cs-bot> <david62277> awefully suspicious[18:47:23] <hardlock> but the cloud is secure they say[18:51:55] <BobFrankly> nothing is secure[18:52:09] <BobFrankly> it's just different grades of difficulty to access[18:53:00] <hardlock> oh so they are lying to me?[18:53:09] <Biny> "no".[18:55:29] <BobFrankly> there's industry terminology for "secure" that includes accessibility. Anything that's accessible by nature (but not that terminology) has a level of insecurity.[18:56:31] <BobFrankly> leave it to lawyers and think tanks to change the meanings of words[18:59:28] <hardlock> im just acting like a noob[18:59:51] <hardlock> but actually im surprised[18:59:59] <hardlock> most people just trust the cloud[19:00:09] <hardlock> thinking that having more engineers makes something more secure[19:00:31] <hardlock> things like meltdown, heartbleed and others just showed that this is not the case at all[19:00:42] <hardlock> even worse. one vulnerability. thousands of victims[19:01:24] <BobFrankly> https://miro.medium.com/max/596/1*el4nHcOQdfHxzzcTC99jDw.png[19:02:49] <hardlock> you know my twitter right?[19:03:08] <hardlock> https://twitter.com/_kolbicz[19:03:21] <BobFrankly> I own my own bird. I don't flock with the twitters[19:03:27] <hardlock> i even have that shirt[19:03:36] <hardlock> i had it on at synergy when we met[19:03:38] <hardlock> :P[19:03:41] <BobFrankly> oh yerah[19:03:43] <BobFrankly> lol[19:03:59] <BobFrankly> my brain is killing me with a headache[19:04:08] <BobFrankly> I'm not making the obvious connections today[19:04:14] <hardlock> did you have a visit of the men in black?[19:04:27] <BobFrankly> no, just the regular migraine[19:04:35] <BobFrankly> yesteday and today[19:04:38] <hardlock> you mean the Citrix headache?[19:04:55] <BobFrankly> the earth one[19:04:58] <hardlock> its normal when you work with their products :)[19:06:08] <BobFrankly> I've been more focused on authring a SCOM management pack for Linux lately[19:08:12] *** BGL <BGL!twenty@75-149-171-58-Washington.hfc.comcastbusiness.net> has joined #Citrix[19:08:40] *** thiagoc <thiagoc!~thiagoc@unaffiliated/thiagoc> has joined #Citrix[19:11:46] <thiagoc> Hi all... I trying to configure a domain redirect on NetScaler Virtual Appliance 450010[19:12:13] <thiagoc> in AppExpert > Responder > Policies[19:12:38] <tabularasa> ok, what's going wrong?[19:12:41] <thiagoc> but the policy stays with the flag "not active"[19:13:12] <thiagoc> it doesn't have a "activate" button or anythinh[19:14:14] <thiagoc> I don't know how netscaler check/define the policy to mark as active=no[19:15:10] <hardlock> you must bind a policy somewhere[19:16:12] <thiagoc> hmmm let's check another working rule[19:16:51] <tabularasa> you set a "profile" to do "something, then you set a "policy" to say WHEN to apply the profile.. then you have to BIND the policy to a vserver[19:17:50] <thiagoc> right... I think that's the problem... thank you mates![19:19:33] <tabularasa> :thumbsup:[19:40:04] <cs-bot> <david62277> tabularasa - you messed with these nvidia grid/tesla cards before?[19:44:26] <tabularasa> it's been years, my friend. What's up?[19:44:36] <tabularasa> oh[19:44:44] <tabularasa> i do not know the answer to that question, sadly[19:45:18] *** Thuryn <Thuryn!~Thuryn@216.106.72.146.reverse.socket.net> has joined #Citrix[19:45:56] <tabularasa> wow, only 2350 Az commands...[19:46:00] <cs-bot> <david62277> guess ill figure it out wednesday :slightly_smiling_face:[19:46:06] <tabularasa> :)[20:15:27] *** hardlock <hardlock!~hl@81.6.37.6> has quit IRC (Ping timeout: 240 seconds)[20:16:19] *** hardlock <hardlock!~hl@81.6.37.6> has joined #Citrix[21:34:40] *** SixStr <SixStr!~SixStr@pool-100-2-219-130.nycmny.fios.verizon.net> has joined #Citrix[21:35:05] *** SixStr <SixStr!~SixStr@pool-100-2-219-130.nycmny.fios.verizon.net> has quit IRC (Client Quit)[21:40:25] <cs-bot> <david62277> got some good feedback in the CTA slack channel, so going into it a little less blind[21:53:18] *** Thuryn <Thuryn!~Thuryn@216.106.72.146.reverse.socket.net> has quit IRC (Quit: Leaving)[22:01:10] <Biny> speaking of nvidia[22:01:12] <Biny> https://www.engadget.com/2019/03/11/nvidia-acquisition-mellanox/[22:01:22] <Biny> and F5 bought nginx[22:22:24] *** thiagoc <thiagoc!~thiagoc@unaffiliated/thiagoc> has quit IRC (Quit: leaving)[23:56:46] *** braynyac <braynyac!uid6699@gateway/web/irccloud.com/x-gfkhzgernjbjulxv> has quit IRC (Quit: Connection closed for inactivity)