Hal Pomeranz @hal_pomeranz

I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange

 Orlando, FL
deer-run.com/~hal/
Joined November 2008
  • Tweets 19,311
  • Following 237
  • Followers 13,672
228 Photos and videos
Filter
Exclude
Time range
-
Near
Load newest
Trivia Answer #33 - False. Any account with UID 0 has superuser privileges, and multiple accounts with the same UID are allowed. Attackers will sometimes create additional UID 0 accounts (or change the UID of an existing account) as a back door.
1
2
Daily Linux Forensics Trivia #33 - True or False: The only superuser account that can exist on a Linux system is the "root" account.
10
3
1
8
This means that web requests that take longer than usual to be fulfilled may be logged later than shorter duration requests that were actually received after the slow web request. Shout outs to @DfirNotes and @mboelen on this one!
1
Trivia Answer #32 - It is actually not uncommon to find Apache log entries out of chronological order. The log timestamps show the time the web request was received, but the log entries are not written until the web response is completed.
1
1
3
If you get a chance to see the musical “Six” you should definitely go. Super fun, high energy show!
Whew! Glad to hear it!
Replying to @timb_machine @paulvixie
Read the whole thread. "at" is definitely in there!
1
Replying to @paulvixie
RedHat still uses /var/spool/cron/crontabs I'm afraid
1
Replying to @Paul_IPv6 @k8em0
The fascinating part about that job is when you get down to the architecture as originally designed before all the other stuff got precariously piled on top of it.
4
Replying to @TaoCyberSec
I was filing bug reports on “Sunlink DNI” (DECNET over IP for SunOS) back in 1988. Nobody really cares about the resolution because, well, it’s DECNET over IP.
3
Joking with some colleagues and I said, “I have bug reports that are older than some of you!” And we all laughed until we realized it was actually true. And then it got real quiet.
3
2
62
Daily Linux Forensics Trivia #32 - You find entries in an Apache web server log whose timestamps are out of chronological order. Does this mean the log has been tampered with?
3
2
And finally systemd gets into the mix (like it always does) with /etc/systemd/system/timers.target.wants and $HOME/.local/share/systemd
Don't forget "at" jobs under /var/spool/at/spool or /var/spool/cron/atjobs
1
2
10
Then there's Anacron which owns the /etc/cron.{hourly,daily,monthly} jobs
1
1
5
Let's start with traditional aka "Vixie" cron (yes, named after @paulvixie who isn't just "that BIND guy") which uses /etc/crontab, /etc/cron.d, and /var/spool/cron/crontabs
2
2
Trivia Answer #31 - Kudos to @CraigHRowland for checking in with a scarily complete answer. Honorable mention to @jwmwi. The full answer is long, so buckle up friends...
1
2
The burning question on my mind this morning is this: "We've Got Tonight" - Kenny Rogers or Bob Seger?
3
1
Replying to @JohnJHarwood @falconsview
And their constituents don’t care because they view any opposition as an existential threat. Keeping score on political hypocrisy doesn’t move the needle anymore.
3
Replying to @falconsview
In all seriousness we’ve seen remote exploits with all of the popular brands with some regularity. The firmware in these devices seems like it’s mostly crap. Poor Fortinet is just the exploit du jour.
1
Load more