Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
Eleeleth
Jun 21, 2009

Damn, that is one suave eel.
My org is on day 3 of all contractors being locked out of user accounts, email, etc.

On-site IT doesn't have permissions to fix this, so they're continually escalating to offsite IT, who are continually not fixing the problem (but marking the ticket as Fixed or Needs Client Input) :negative:

Adbot
ADBOT LOVES YOU

Samizdata
May 14, 2007

Zil posted:

That is a great domain, not sure if I want to go to it or not though.

It is horses and horse related kit, like trailers. I HAD to click it.

Proteus Jones
Feb 28, 2013



Samizdata posted:

It is horses and horse related kit, like trailers. I HAD to click it.

The internet has ruined us, hasn't it.

Samizdata
May 14, 2007

Proteus Jones posted:

The internet has ruined us, hasn't it.

Done made us stupid, even.

Zil
Jun 4, 2011

Satanically Summoned Citrus


Samizdata posted:

It is horses and horse related kit, like trailers. I HAD to click it.

Thank you for your service proud goon.

Samizdata
May 14, 2007

Zil posted:

Thank you for your service proud goon.

o7

Zamboni Apocalypse
Dec 29, 2009
I must be too old and paranoid to just click it.

Googled it instead. :v:

Kurieg
Jul 19, 2012

RIP Lutri: 5/19/20-4/2/20
:blizz::gamefreak:
So apparently microsoft made a children's book or something?

Dick Trauma
Nov 30, 2007

God damn it, you've got to be kind.

:smithicide:

Renegret
May 26, 2007

THANK YOU FOR CALLING HELP DOG, INC.

YOUR POSITION IN THE QUEUE IS *pbbbbbbbbbbbbbbbbt*


Cat Army Sworn Enemy

*sighs deeply*

Kurieg
Jul 19, 2012

RIP Lutri: 5/19/20-4/2/20
:blizz::gamefreak:

Renegret posted:

*sighs deeply*

Renegret
May 26, 2007

THANK YOU FOR CALLING HELP DOG, INC.

YOUR POSITION IN THE QUEUE IS *pbbbbbbbbbbbbbbbbt*


Cat Army Sworn Enemy

dats me

because at 3PM when I was supposed to go home, I offered to work overtime

Renegret
May 26, 2007

THANK YOU FOR CALLING HELP DOG, INC.

YOUR POSITION IN THE QUEUE IS *pbbbbbbbbbbbbbbbbt*


Cat Army Sworn Enemy
now I'm sitting here getting paid to watch TV because I murdered the queue too fast

which sounds great but I've been here for 12 hours and my gf has a nice hot dinner waiting for me at home

incoherent
Apr 24, 2004

01010100011010000111001
00110100101101100011011
000110010101110010

Amusingly this was for their Windows Home Server efforts where they attempted a very v1.0 of storage spaces. Way ahead of its time and had no engineering team to back it up.

incoherent fucked around with this message at 00:21 on Jan 5, 2018

Thanks Ants
May 21, 2004

#essereFerrari


ms.txt

Data Graham
Dec 28, 2009

📈📊🍪😋



You can tell that’s from a million years ago because cubicles instead of open floorplans


Oh how I yearn for a simple half-high

Dick Trauma
Nov 30, 2007

God damn it, you've got to be kind.
I would like to see an office cubicle farm where all the walls are only knee height.

SeaborneClink
Aug 27, 2010

MAWP... MAWP!

:justpost: KEEP GOING

Kurieg
Jul 19, 2012

RIP Lutri: 5/19/20-4/2/20
:blizz::gamefreak:


LethalGeek
Nov 4, 2009

I am not high enough for this

Renegret
May 26, 2007

THANK YOU FOR CALLING HELP DOG, INC.

YOUR POSITION IN THE QUEUE IS *pbbbbbbbbbbbbbbbbt*


Cat Army Sworn Enemy

LethalGeek posted:

I am not high enough for this

MrMojok
Jan 28, 2011

Welp, I guess we got Kevin Mitnicked today.

I had just gotten off the phone and a couple of users crept up to me, wide-eyed. One almost in tears. "Mojok, something is wrong with our phone system. A bunch of us are getting calls from some super pissed-off people screaming "STOP CALLING US!"

https://www.drvoip.com/blog/shoretel-support-and-service/hacking-shoretel-for-fun-and-profit/


"So lets put this simple ShoreTel hack together – the hackers gained control of a voice mail box, then called into the ShoreTel Voice Mail system with a spoofed Caller ID and the left a brief message. Calling back into the system, this time to check their voice messages and then hit the “return call” option key, which then placed a call to an International Middle East location all billed to the the ShoreTel system owner and showing up only as a Call Detail Record owned by the Automated Attendant."

In our case these bad men weren't calling a middle east location, they were... calling and hanging up in some cases? And some of the irate people calling in here said when they picked up someone was on the line trying to sell them insurance or scam them or some poo poo.

I opened the Shoretel trunk test tool and all our trunks were lighting up like Christmas trees as these vermin used their autodialer on us. It was incredible, never experienced anything like that before.

e: I think they compromised the user accounts whose voicemail password had never been changed from the default “12345”

MrMojok fucked around with this message at 02:09 on Jan 5, 2018

kensei
Dec 27, 2007

He has come home, where he belongs. The Ancient Mariner returns to lead his first team to glory, forever and ever. Amen!


MrMojok posted:

Welp, I guess we got Kevin Mitnicked today.

I had just gotten off the phone and a couple of users crept up to me, wide-eyed. One almost in tears. "Mojok, something is wrong with our phone system. A bunch of us are getting calls from some super pissed-off people screaming "STOP CALLING US!"

https://www.drvoip.com/blog/shoretel-support-and-service/hacking-shoretel-for-fun-and-profit/


"So lets put this simple ShoreTel hack together – the hackers gained control of a voice mail box, then called into the ShoreTel Voice Mail system with a spoofed Caller ID and the left a brief message. Calling back into the system, this time to check their voice messages and then hit the “return call” option key, which then placed a call to an International Middle East location all billed to the the ShoreTel system owner and showing up only as a Call Detail Record owned by the Automated Attendant."

In our case these bad men weren't calling a middle east location, they were... calling and hanging up in some cases? And some of the irate people calling in here said when they picked up someone was on the line trying to sell them insurance or scam them or some poo poo.

I opened the Shoretel trunk test tool and all our trunks were lighting up like Christmas trees as these vermin used their autodialer on us. It was incredible, never experienced anything like that before.

I don't miss administrating ShoreTel at all. Not. One. Bit.

Thanks Ants
May 21, 2004

#essereFerrari


Same but all phones

mewse
May 2, 2006

MrMojok posted:

Welp, I guess we got Kevin Mitnicked today.

I had just gotten off the phone and a couple of users crept up to me, wide-eyed. One almost in tears. "Mojok, something is wrong with our phone system. A bunch of us are getting calls from some super pissed-off people screaming "STOP CALLING US!"

https://www.drvoip.com/blog/shoretel-support-and-service/hacking-shoretel-for-fun-and-profit/


"So lets put this simple ShoreTel hack together – the hackers gained control of a voice mail box, then called into the ShoreTel Voice Mail system with a spoofed Caller ID and the left a brief message. Calling back into the system, this time to check their voice messages and then hit the “return call” option key, which then placed a call to an International Middle East location all billed to the the ShoreTel system owner and showing up only as a Call Detail Record owned by the Automated Attendant."

In our case these bad men weren't calling a middle east location, they were... calling and hanging up in some cases? And some of the irate people calling in here said when they picked up someone was on the line trying to sell them insurance or scam them or some poo poo.

I opened the Shoretel trunk test tool and all our trunks were lighting up like Christmas trees as these vermin used their autodialer on us. It was incredible, never experienced anything like that before.

e: I think they compromised the user accounts whose voicemail password had never been changed from the default “12345”

I'm a shoretel admin (kill me)

Configuration and call records are stored in mysql databases that have default usernames and passwords and aren't limited to connections from localhost.

User account passwords are hashed with non-salted MD5.

There's more but I don't want to think about it right now.

DigitalMocking
Jun 8, 2010

Wine is constant proof that God loves us and loves to see us happy.
Benjamin Franklin

MrMojok posted:

e: I think they compromised the user accounts whose voicemail password had never been changed from the default “12345”

:negative:

Ursine Catastrophe
Nov 9, 2009

It's a lovely morning in the void and you are a horrible lady-in-waiting.



don't ask how i know

Dinosaur Gum

Inspector_666
Oct 7, 2003

benny with the good hair

If it's anything like systems I've seen, there's no way to force a user to reset the VM password.

Oswald Kesselpot
Jan 14, 2008

HONK HONK HONK
My boss has decided that in addition to being the dept. manager, he is going to be a project manager. After much deliberation, research, and discussion with outside sources, he has concluded that waterfall project management simply won't work for our small, chronically underfunded and understaffed IT department, and that Agile is the best way to go. In order to realize this dream of being an Agile Project manager, he is studying to take the PMP cert exam.

LethalGeek
Nov 4, 2009


oh it's cool I am now. Go nuts.

The east coast weather utterly hosed us as I gather everyone came in around 10-11AM across the country and blew up all things IT with a ton of calls. I rarely get bothered but there has been too much of this the last month it needs to slow down.

Dick Trauma
Nov 30, 2007

God damn it, you've got to be kind.

Inspector_666 posted:

If it's anything like systems I've seen, there's no way to force a user to reset the VM password.

I think it's just a checkbox on the user page where you can enter the client and VM passwords.

Data Graham
Dec 28, 2009

📈📊🍪😋



This may be off-topic since it's more of a developer problem than an IT problem, but uughh I just have to vent somewhere

I built an inventory management system a couple of years ago for a small local boutique packaging company. They've been gradually moving their processes toward using it more and more, and I've been adding features as we go. Now they're finally at a stage where their incoming deliveries and outgoing shipments are all handled through the software and tracked so you can look at the history of every individual product and see what the quantity was after each transaction.

Since the early days there have been persistent issues with the quantity numbers not adding up. They'd open up the history for a product, trace all the incoming/outgoing transactions back from the current number to the beginning of time and find out that it doesn't add up to zero. I changed tactics several times, going back and forth between a "log the current quantity at the time of transaction" approach and a "just take the current number and calculate the historical numbers on the fly" approach, chasing software phantoms, the works. I told them that the only way I could see this happening was if someone was manually changing the quantity value, which naturally would screw up the historical counts. But they kept giving me the side-eye when I told them this.

Finally, a few months ago I added a global logging page that lets you see every event that changes the quantity for a given product, from what number to what number, along with the timestamp and the name of who did it. Immediately afterwards they emailed me asking me to look into a couple more discrepancies they'd found. "See," they said, "we took an incoming of 24 cases, but then we were doing reconciliation and found it comes out to only 22. Is there a glitch?"

I opened up the logs and sure enough, Joe the warehouse guy is in the logs manually changing 24 to 22, half an hour after taking an incoming of 24.

I told them this, and they said "ok thanks" and I never heard another word about it.

Until today. They sent me a flurry of new emails, with screenshots of the history showing a value of 239 that had mysteriously changed to 0, and a value of 67 that should have been 68, and then more emails with more discrepancies, all marked up with red screenshot circles and the strong implication that the software was glitching out and loving up their bookkeeping. "Also is there a way to get a search bar for the log page?"

I looked into each case. Every single one took five seconds to find the obvious glaring line where Joe had manually changed the quantity in inventory, resulting in exactly the discrepancy they're pointing out.

I'm writing back now, trying as delicately as I can to ask them whether they're, like, actually looking at the logs? Clearly they know about them because they're asking for more search features, but good lord you don't need them in order to see this. You click the little "Logs" link and up pops a window saying JOE CHANGED THE NUMBERS YOU FOOL.

Ugh now that I'm typing this out I'm realizing they probably aren't using the actual "Logs" link on the product itself (which filters to the product) and are instead launching the global log viewer which admittedly isn't very navigable so they probably can't figure out how to use it. But holy gently caress that link is in every single one of the marked-up screenshots they've inundated me with today

Anyway thanks for indulging me, this probably explains what happened

Proteus Jones
Feb 28, 2013



Data Graham posted:


<Joe'sCrimes.txt>


So, Joe is embezzling?

Also, and I'm not trying to slam you, why can a user alter transaction logs? or have I misunderstood and he's actually changing the "received" items like a correction?

Nvm. I see he's actively adjusting the inventory counts and you're correctly logging that interaction.

Proteus Jones fucked around with this message at 04:20 on Jan 5, 2018

Data Graham
Dec 28, 2009

📈📊🍪😋



Maybe he's embezzling manufactured logo packaging items, which would be .. weird, but who am I to judge

Virigoth
Apr 28, 2009

Corona rules everything around me
C.R.E.A.M. get the virus
In the ICU y'all......



Data Graham posted:

This may be off-topic since it's more of a developer problem than an IT problem, but uughh I just have to vent somewhere

I built an inventory management system a couple of years ago for a small local boutique packaging company. They've been gradually moving their processes toward using it more and more, and I've been adding features as we go. Now they're finally at a stage where their incoming deliveries and outgoing shipments are all handled through the software and tracked so you can look at the history of every individual product and see what the quantity was after each transaction.

Since the early days there have been persistent issues with the quantity numbers not adding up. They'd open up the history for a product, trace all the incoming/outgoing transactions back from the current number to the beginning of time and find out that it doesn't add up to zero. I changed tactics several times, going back and forth between a "log the current quantity at the time of transaction" approach and a "just take the current number and calculate the historical numbers on the fly" approach, chasing software phantoms, the works. I told them that the only way I could see this happening was if someone was manually changing the quantity value, which naturally would screw up the historical counts. But they kept giving me the side-eye when I told them this.

Finally, a few months ago I added a global logging page that lets you see every event that changes the quantity for a given product, from what number to what number, along with the timestamp and the name of who did it. Immediately afterwards they emailed me asking me to look into a couple more discrepancies they'd found. "See," they said, "we took an incoming of 24 cases, but then we were doing reconciliation and found it comes out to only 22. Is there a glitch?"

I opened up the logs and sure enough, Joe the warehouse guy is in the logs manually changing 24 to 22, half an hour after taking an incoming of 24.

I told them this, and they said "ok thanks" and I never heard another word about it.

Until today. They sent me a flurry of new emails, with screenshots of the history showing a value of 239 that had mysteriously changed to 0, and a value of 67 that should have been 68, and then more emails with more discrepancies, all marked up with red screenshot circles and the strong implication that the software was glitching out and loving up their bookkeeping. "Also is there a way to get a search bar for the log page?"

I looked into each case. Every single one took five seconds to find the obvious glaring line where Joe had manually changed the quantity in inventory, resulting in exactly the discrepancy they're pointing out.

I'm writing back now, trying as delicately as I can to ask them whether they're, like, actually looking at the logs? Clearly they know about them because they're asking for more search features, but good lord you don't need them in order to see this. You click the little "Logs" link and up pops a window saying JOE CHANGED THE NUMBERS YOU FOOL.

Ugh now that I'm typing this out I'm realizing they probably aren't using the actual "Logs" link on the product itself (which filters to the product) and are instead launching the global log viewer which admittedly isn't very navigable so they probably can't figure out how to use it. But holy gently caress that link is in every single one of the marked-up screenshots they've inundated me with today

Anyway thanks for indulging me, this probably explains what happened

Tell them your going to implement block chain for accuracy.

Volguus
Mar 3, 2009

Data Graham posted:

Anyway thanks for indulging me, this probably explains what happened

It doesn't explain anything because, you see, the next email they're gonna send they will say that Bob, and Jane and John, and actually the entire floor is using Joe's credentials when using the system because nobody could be bothered to add more users to the system. So you are to blame for not knowing what's going on (obviously a software glitch, why did we even pay you?).

Ghostlight
Sep 25, 2009

maybe for one second you can pause; try to step into another person's perspective, and understand that a watermelon is cursing me



Bigass Moth posted:

I’d like to know why anyone thought “Clutter” was a good idea.

My boss loves it because it makes not reading his emails even easier.


In book news, my mum bought me this for Christmas



and it is both an enjoyable send up as well as horrifically accurate to all of my experiences helping family with computers.

FungiCap
Jul 23, 2007

Let's all just calm down and put on our thinking caps.

Bob Morales posted:

*** This is a system generated email. Please do not respond to this message. ***


Dear Customer,

This email is to inform you that your ticket has been updated.

Ticket Title: Fortigate stopped responding
Ticket Status: Researching
Updated by xxxxxxxxxx at 1/4/2018 11:01:25 AM
Hello xxxxxx

Thank you for taking my call today.
The unit became irresponsiv
Looking into the crashlog we did not see any clue related to the non responsiveness of the Fortigate.
-The system log shows high cpu or high memory
-The unit does not seems to have been rebooted for more than a year, which can cause some processes to hang. In this case only a reboot can solve the issue.


Glad to see nothing has changed with Fortinet since I stopped working for a company that used quite a few of them. I can't tell you how many times the web daemon would crash for the Fortigates (in HA pairs no less) and other unexplainable poo poo like the NTP server feature ceasing to function randomly (which was a big deal for us). Shame because I actually like the feature-set and how things are organized for FortiGate's but their reliability is so poo poo I would never put them in production again as a network engineer if I had the option.

Proteus Jones
Feb 28, 2013



FungiCap posted:

Glad to see nothing has changed with Fortinet since I stopped working for a company that used quite a few of them. I can't tell you how many times the web daemon would crash for the Fortigates (in HA pairs no less) and other unexplainable poo poo like the NTP server feature ceasing to function randomly (which was a big deal for us). Shame because I actually like the feature-set and how things are organized for FortiGate's but their reliability is so poo poo I would never put them in production again as a network engineer if I had the option.

When they're working, they hum along with nary a complaint. Until they don't and all hell breaks loose. And it's *always* something stupid like "oh, well. when we sourced the flash disk it was a bad lot. You'll have to turn off internal logging or it causes instability resulting in a lock-up".

That's what's so frustrating about about Fortigate. All this potential, right there lying just beyond my fingertips because I can't count on it for the long term.

Adbot
ADBOT LOVES YOU

Bob Morales
Aug 18, 2006


Just wear the fucking mask, Bob

I don't care how many people I probably infected with COVID-19 while refusing to wear a mask, my comfort is far more important than the health and safety of everyone around me!

FungiCap posted:

Shame because I actually like the feature-set and how things are organized for FortiGate's but their reliability is so poo poo I would never put them in production again as a network engineer if I had the option.

When we first got them, we were breaking the internal storage because we had logging turned on, so we switched over to Foritcloud after they realized that was hapening to people (took them two months) and pushed out some updates.

I also just racked a couple of those for my old employer, they switched to Fortigate company-wide....ugh

  • 1
  • 2
  • 3
  • 4
  • 5