[L1S] Level1Security thread

Eden · April 11, 2017, 3:05pm

Format seems fine, you could link to a discussion thread or something else and keep this as news posts only. The forum already acts as an RSS feed.
just add .rss to the URL
example:

[L1S] Level1Security thread Tech Policy & News

I present to you: L1S The Level1Security Thread Starting a new Thread here for everyone to post all those news about the latest security news & events. Note: If you come across a piece of interesting news but dont have the time to post it here, feel free to post it in the lounge with @catsay tag or DM me with the link and I will make a nicely formatted version with attribution to you when I have time. Rules: When possible always link to original articles unless below exceptions apply Try to link the primary article references such as research PDF's to the article where possible. No direct links to doxxed or leaked information. No posting of personal/leaked information. No posting links in spoiler tags. Tin-Foil hats optional. Appreciated but not necessary: A short TLDR summary in quoted text of the article in question. Use the template below for posting links: Post Template ### Article Name http://www.articlelink.com #### Summary: > Summary Text Here in Quote #### Extra References (Optional) > Links here #### Severity & Fix > Is there a fix and/or where can it be found. Users and Mods suggestions and input wanted to make this a thing. Could use some help to improve the rules probably. In addition if enough people are interested. I would also like to make this into an RSS feed with everyones contributions and mine included in a nicely formatted and digesteable format. I'm interested in a L1S RSS Feed. Not yet I can suggest a better option[tag me in a reply] 0voters Show results

catsay · April 11, 2017, 3:10pm

I'm aware of the RSS forum feature. It's just really messy and all the discussion is also featured in it. I would be making a clean RSS feed that people can subscribe to and get just the articles and content.

And may be do what @Ethereal said and post them in the News section with [L1S] prefix and security tag at first, maybe separate category later. But we'll see I'll have to first do this for a while and see how it builds up.

Ethereal · April 11, 2017, 3:12pm

If they make it a category people can follow it in their preferences and get notifications whenever there is a post in that category.

Eden · April 11, 2017, 3:21pm

Problem is we cant stop people posting without them being nice.

There's possibly two solutions.

A single topic like this and make a "news group" that can reply in it.
Do it the same way but no groups, just trust people to follow the rules of the thread.
make separate topics for each news story (may get cluttered, but maybe we can work something out)

catsay · April 11, 2017, 3:27pm

Those where pretty much my concerns there. How to prevent clutter and keep the rules and in a nice readable format that isn't just a links dump.

I will start my RSS feed anyway since it's just the cleanest and most lightweight solution anyhow.
On the forum side, we'll still have to work something out.

Separate topics for each story in a category that can be followed is a nice idea. (Clutter be damned)
How would the news group work, only approved users may post? That could work, would then have to approve users that have proven themselves with quality submissions. But that adds a lot of work.
I somewhat trust that the community wont post rubbish in the thread, I have not been disproven yet, that's anyway what the lounge is there for, it diverts & absorbs all of the junk posts for the main part.

Zoltan · April 11, 2017, 3:45pm

There are 9 active mods:
@MisteryAngel
@Destroyed007
@Eden
@Alamar
@DeusQain
@Phantom
@GigaBusterEXE
@Zavar
@Zoltan
There are less active mods on top of that, but that is the main active mod group.

The active admins are @wendell and @kreestuh

Zoltan · April 11, 2017, 3:48pm

I like the thread, but it would be better to have a tag instead of a summarizing thread, because having a solution for those problems or a patch or workaround would be really useful info imo.

So I would prefer a thread for every problem, with the opportunity for people to post fixes for that problem. The list of problems would then be a search on the security tag.

If you want, an "InfoSec" tag that would only be used for these topics, would be a solution to group them.

Grouping in threads is something we would want to avoid, we'd rather have the community use tags to group content, out of search facilitation reasons.

catsay · April 11, 2017, 3:56pm

That seems like a plan. I've been leaning that way mostly after hearing everyones input.
The main thing is to just keep the format for the thread nice and clean so the first post can have the primary info and article + fixes and the rest can be discussion. With fixes commented in the discussion making it into the intro post.

Is there a specific name for a first post on a thread with all the info etc in it?

An InfoSec tag would be nice to group them by yes.

Yockanookany · April 11, 2017, 4:05pm

I considered making one of these at some point but didn't since this is a forum. Security is too fast paced for forum style posting since days after a post a fix is usually applied negating the benefit off the post. Then you have a megathread of just outdated risks. It could be useful though as lomy as the CVE is attached... maybe.

Zoltan · April 11, 2017, 4:09pm

An idea would be to make the title of the thread start with "InfoSec:" and then the subject. Makes it even easier to find them in a listing that is not filtered by the InfoSec tag.

catsay · April 11, 2017, 4:21pm

I'm usually quite involved with security so I often hear things before the CVE shows up. Myself I'm qualified in Information Security, Business InfoSys Risk Assessment & 'Ethical' hacking to keep it short. That term... :shudders:

My main aim of this thread is as the title [somewhat] implies. 'Level 1' security.
A way to bring Security and more in depth discussion to the less security involved that aren't able to keep up with everything but in a simpler form. It also gives the opportunity to cover aspects and topics that don't usually get coverage.

I'm planning to also write up some articles from time to time on various security topics and practices as regards to the power user (level1 community members).

Maybe covering some light hacking related topics, depending on interest and community policy.

Probably would be putting those on the L1T wiki since that seems to be in severe need of some TLC and attention.

dobzz · April 11, 2017, 4:46pm

You could use @Eden 's format of his LinuxNews threads that he used to do. Those worked well.

Eden · April 11, 2017, 4:49pm

I've been thinking of a way to make them contrubtable as I've not kept up with it as fast as i like. It would work for others.

It just gave me an idea as well. A news Room group with private sub forum for making news threads? Depends on numbers other option is a PM thread for each news topic for the week.

catsay · April 11, 2017, 4:49pm

Thanks I'll have a look for those

EDIT: That could work yes. Then I'd have to split them into sort of biweekly chunks of articles.
Linked here as reference:

Linux News #06 Linux

[image] Linux News 06 Gaming News Because this round deserves its own section. HITMAN Released [Imgur] Yup. It's currently half price on the Feral store where you can get the first season (All 6 episodes). You can see Gaming on Linux's port report here This release also supports AMD on MESA 13.0.3. Civ 6 Released [Imgur] This seems to be a decent port, performance is decent though not amazing, but not a big deal for the type of game it is. It officially only supports Nvidia, but unofficially works well on new AMD cards (likely requiring, amdgpu/radeonsi, openGL 4.3, LLVM 3.9) You can see Gaming on Linux's port report here Another Valve dev Working on MESA So it seems a new Valve employee is now working on the AMD stack on Linux, bringing Valves apparent numbers to 3 developers working on AMD drivers. https://www.phoronix.com/scan.php?page=news_item&px=Arceri-Joined-Valve MESA 17 Released Again another MESA release, again improvements to AMD GPUs. This release has improvements across the board, including Vulkan improvements, OpenGL 4.5 for Intel Haswell, Polaris 12 support, and more. You can check out the full changes here You can check the latest mesa features on mesamatrix, keep in mind, features may be implemented but not enabled or currently in your current distro. https://www.phoronix.com/scan.php?page=article&item=civ-vi-radeonsi 3k Linux Games on Steam <3 What else is there to say? Bring on 2017! http://store.steampowered.com/search/?sort_by=Released_DESC&category1=998&os=linux Wine 2.2 Released More continued improvements, I don't think there's any major feature additions. here's whats news Windows version set to Windows 7 for new prefixes. More steps towards the Direct3D command stream. Still more Shader Model 5 instructions. Initial support for double-buffered theme painting. Various bug fixes. https://www.winehq.org/news/2017021701 Its still a ways off newer directx support, but …

Yockanookany · April 11, 2017, 5:03pm

I'm with you, I'm a blue team member myself working is security for the financial secto. I'm more on the management side than anything though so, even though I do as much research as possible, I'm usually defending against known threats and putting in temporary fixed for zero days if possible.

I say all of that just to show you were on the same page here and I'm not just trying to dismiss your idea, it just needs to be done in a manner that makes it useful. I'll 100% be contributing to it if successful. I've been thinking about making videos on active directory hardening, golden ticket mitigation, proper security setups, etc. This would be a good place for me to start.

catsay · April 11, 2017, 5:08pm

I'm Red Team for the most part. Very very Red Team

But honestly for the most part I'm more acting as a Blue team assistant to test fixes etc.

Yockanookany · April 11, 2017, 5:10pm

That would only make the content better.

catsay · April 11, 2017, 5:14pm

Yeah I'm just not sure what the community guidelines are on that sort of thing.
I also don't exactly want to turn L1T forums into HackForums

Eden · April 11, 2017, 5:16pm

It's fine, i usually suggest people position it to show how its used in a good way, e.g for testing in companies etc.

catsay · April 13, 2017, 11:38am

Governments were also using MS Word 0-Day Exploit

Summary:

It turns out that the previously undisclosed vulnerability in Word (CVE-2017-0199) used for Dridex was also actively being exploited by government-sponsored hackers to spy on Russian targets since at least this January.
The news comes after security firm FireEye, that independently discovered this flaw last month, published a blog post, revealing that FinSpy spyware was installed as early as January using the same vulnerability in Word that was patched on Tuesday by Microsoft.

FinSpy or FinFisher is associated with the controversial UK-based firm "Gamma Group", which sells so-called "lawful intercept" spyware to governments around the world.

Extra References

Affects

Office/Word Pad
Internet Explorer
(All being actively targetted in the wild)

Fix

These fixes can now be installed automatically via Windows Update. Reboot and you're done. But there are caveats. For example, the patch bundles KB4015549, KB4015546, KB4015550, KB4015547 that install the security fixes on Windows 7 and 8 have an unfortunate side-effect on computers using AMD Carrizo-based processors – they'll be blocked from receiving further software updates until Microsoft sorts that out. (probably never)

"If the PC uses an AMD Carrizo DDR4 processor, installing this update will block downloading and installing future Windows updates. Microsoft is working on a resolution and will provide an update in an upcoming release," was Microsofts official statement.