|
MF_James posted:Someone's head (more likely multiple people's heads) are going to roll because of a crypto incident involving multiple clients, lack of 2FA and an unreported breach. Just glad the parent company is at fault and not our company; we're just being brought in to help mitigate and assess. I can see it now: “Yes, we backup everything every night!” code:
|
#
?
Aug 1, 2019 15:32
|
|
|
|
| # ? Apr 26, 2024 05:06 |
|
|
Server Drives dot JPEG
|
|
#
?
Aug 1, 2019 15:35
|
|
|
Homeslice just clicked a phishing link 4 times over 10 minutes, then sent it to a couple of his friends who clicked it at least once each, then sent it to us to complain that the "Stupid broken microsoft system" won't let him in to his email Mass password resets for everyone! This is after mandatory email security training, where I found that fully 70% of our staff will readily and happily click a link in a plaintext email from support@helpdesk.ru that claims to contain information about our new Pokemon Go policy.
|
|
#
?
Aug 1, 2019 15:44
|
|
|
What is your new Pokemon Go policy though? 
|
|
#
?
Aug 1, 2019 15:49
|
|
|
Antioch posted:Homeslice just clicked a phishing link 4 times over 10 minutes, then sent it to a couple of his friends who clicked it at least once each, then sent it to us to complain that the "Stupid broken microsoft system" won't let him in to his email At my last job I worked in desktop support and it was right after PokeGo came out so everyone in my department was playing it. Had a friend send me a neat location spoofer app that tied into PokeGo's API or something. Got a call an hour later from NOC saying there was a virus on a user's PC. My boss had a laugh at that one.
|
|
#
?
Aug 1, 2019 15:50
|
|
|
Arquinsiel posted:What is your new Pokemon Go policy though? The email, as built by Wombat/Proofpoint: Obvious Fake Email posted:To all employees,
|
|
#
?
Aug 1, 2019 16:18
|
|
|
Now that Team Rocket are a thing in Pokemon Go, they're probably being paid off by Giovanni. 
|
|
#
?
Aug 1, 2019 16:21
|
|
|
The biggest flaw is people agreeing to be bound by a no Pokémon go policy rather than feigning ignorance as they continue to play.
|
|
#
?
Aug 1, 2019 16:21
|
|
|
I'm just sad the Team Rocket pokestops seem to not be spawning as often. I never got a Shadow Snorlax 
|
|
#
?
Aug 1, 2019 16:22
|
|
|
Antioch posted:The email, as built by Wombat/Proofpoint: 
|
|
#
?
Aug 1, 2019 16:24
|
|
|
They really need to fix the healing item drop rates. Like, I get they want it to Team Rocket to be a challenge, but it's ridiculous spinning a few dozen stops and not even getting a single potion.
|
|
#
?
Aug 1, 2019 16:25
|
|
|
TinTower posted:They really need to fix the healing item drop rates. Like, I get they want it to Team Rocket to be a challenge, but it's ridiculous spinning a few dozen stops and not even getting a single potion. That's why microtransactions exist, man.
|
|
#
?
Aug 1, 2019 16:33
|
|
|
Thanatosian posted:I work for a financial institution, and while I can definitely see this happening on some level, the phishermen have definitely been stepping up their game over the last few years, and I really can't get too angry at people for falling for some of these. Also, I'd much rather people report when this happens to them than not. Lately my company has made things much worse by randomly signing us up for things without warning. One week it was an Amazon Prime Business account, yesterday it was some kind of ecard/employee recognition system. The legitimate phishing attempts coming through (mostly semi-official emails from coworkers asking to click a link to retrieve a secure document/set up a meeting) are bad enough, without them muddying the waters like this.
|
|
#
?
Aug 1, 2019 16:36
|
|
|
MF_James posted:Someone's head (more likely multiple people's heads) are going to roll because of a crypto incident involving multiple clients, lack of 2FA and an unreported breach. Just glad the parent company is at fault and not our company; we're just being brought in to help mitigate and assess. There’s at least one crypto variant that enables some kind of remote access, and I’m pretty sure it phones home to put the system in a queue, so that people on the other end can go in and delete/mess up peoples backups.
|
|
#
?
Aug 1, 2019 16:47
|
|
|
Nemo2342 posted:Lately my company has made things much worse by randomly signing us up for things without warning. One week it was an Amazon Prime Business account, yesterday it was some kind of ecard/employee recognition system.
|
|
#
?
Aug 1, 2019 17:04
|
|
|
Arquinsiel posted:That is an amazing level one softball to fail at. The gist of the policy is right there in the mail body! Yeah it's the easiest of the four I sent out. The others were classic 'Open this shared file' and 'Your password needs to be reset'. But our users are just not that bright. We've had to reimburse $4000 in Apple Gift Cards in the last 6 months, three separate people have fallen for the CEO impersonation scams. Luckily we managed to convince the moneygrubbing miser in Finance that we need to buy an email filtering system that works, so we ended up with Proofpoint which at least is better than the ancient Barracuda system we were using previously. Last week I got to field a call from the RCMP about Fraud Management. Someone at an unrelated company fell for a scam invoice that had our company name on it. Bless their little hearts the RCMP try really hard but I don't think I'm going to "run a forensic scan on my whole domain" because some unrelated third party used ourcompanynamespelledwrong.tw or whatever to defraud someone.
|
|
#
?
Aug 1, 2019 17:28
|
|
|
ConfusedUs posted:There’s at least one crypto variant that enables some kind of remote access, and I’m pretty sure it phones home to put the system in a queue, so that people on the other end can go in and delete/mess up peoples backups. One of the many reasons why tape is great, can't gently caress up backups when they're sitting in a tool box in your break room closet!
|
|
#
?
Aug 1, 2019 17:38
|
|
|
Unless you aren't verifying the backups 
|
|
#
?
Aug 1, 2019 17:50
|
|
|
Methylethylaldehyde posted:One of the many reasons why tape is great, can't gently caress up backups when they're sitting in a tool box in your break room closet! Are there any backup systems that offer a built-in write-access delay of (configurable up to) some hours just to prevent crypto attacks from quickly wiping them, while still letting overnight tasks be able to run? Might make a nice selling point if there's a big crypto scare again after some giant institution gets hit.
|
|
#
?
Aug 1, 2019 17:51
|
|
|
ConfusedUs posted:There’s at least one crypto variant that enables some kind of remote access, and I’m pretty sure it phones home to put the system in a queue, so that people on the other end can go in and delete/mess up peoples backups. mmm from what I've heard (I'm not part of the team dealing with this, I'm in the middle of bank audit time for a client) it was because the remote control tool they use didn't have 2FA enabled and someone's password was compromised.
|
|
#
?
Aug 1, 2019 17:55
|
|
|
D. Ebdrup posted:Well, you can try. There's a good chance that a ICMP Pong or TCP SYN-ACK will be de-prioritized or even dropped under any kind of load from any and every router on the internet - so you can't actually use it for what people use it for, which is to run traceroutes to determine if "something is broken on the internet". If your router is smokeping I would suggest putting it out!
|
|
#
?
Aug 1, 2019 17:57
|
|
|
An email request from a director with a second director (and a lot of external contractors) copied in. minusX please join this conference to setup VPN for these external contractors. There's a few issues with this. This was bypassing the normal ticketing system, e-mailing me directly. That's an issue and we had a critical issue where the company was down the night before so the service desk needed to be all hands and we were short two people. Also I'm just a tier 1 tech not a specialist so I shouldn't be getting any tickets directly to me, we should all be able to do this. I was the last person to assist the CCed director with a similar thing and it seems like I might've been pinned as his go to for things. I told them I need to know more information and get approval from my supervisor before I can be on an hour long conference call. He said no and told me to ask them to reschedule, I did. Other e-mails came in, after my scheduled hours (I'm hourly) setting up a call for today...as soon as my shift started without any feedback from me. After I got settled in at work (about 9:20 as other stuff was happening) and noticing an e-mail from Director who thinks I'm his go to saying hey make sure you join this call I'll be in a meeting I e-mailed saying I could not move forward without confirmation about the install being approved. The contractor e-mailed a third director and said they waited 30 minutes on the phone and couldn't get anything done. Which lead to an e-mail chain saying "minusX is working on it" which...isn't true outside of me saying I can't. Supervisor did some political discussions, said go ahead and do it even though it was ignoring our established protocol, so I started replying saying I could move forward and...no one was replying anymore. Took a few hours but someone finally replied and a new meeting is set tomorrow in a time that works for me being there  Also having a connection to my home PC worked for a website outage for external users and I've had people ask me to stay in this area of IT instead of the new job. It's good to be wanted 
|
|
#
?
Aug 1, 2019 18:08
|
|
|
Methylethylaldehyde posted:One of the many reasons why tape is great, can't gently caress up backups when they're sitting in a tool box in your break room closet! LOL if your boss isn't making you store a second set of monthly tapes, "off site," by which we mean, "in DRJ's garage that she shares with 3 other tenants in her apartment complex."
|
|
#
?
Aug 1, 2019 18:41
|
|
|
D. Ebdrup posted:Well, you can try. There's a good chance that a ICMP Pong or TCP SYN-ACK will be de-prioritized or even dropped under any kind of load from any and every router on the internet - so you can't actually use it for what people use it for, which is to run traceroutes to determine if "something is broken on the internet". it was one of ours. It was previously down due to a power outage. I was hitting the management interface but otherwise, yes I feel like half my job sometimes is yelling at the call center saying "TRACEROUTE CAN NOT BE USED TO DIAGNOSE LATENCY" Renegret fucked around with this message at 19:19 on Aug 1, 2019 |
|
#
?
Aug 1, 2019 19:00
|
|
|
Geemer posted:Are there any backup systems that offer a built-in write-access delay of (configurable up to) some hours just to prevent crypto attacks from quickly wiping them, while still letting overnight tasks be able to run? Unless it's something you can only configure via some kind of front panel that's 100% isolated from any network interface or admin page, it would still be worthless, since by the time they're actively loving with the backup server and services, they likely have a domain admin account to play with. I suppose you could set up something with a virtual tape library with the management interfaces on a completely isolated network, then setting all the tapes as WORM to prevent 'don't need this one anymore, overwrite with all zeros please from happening.
|
|
#
?
Aug 1, 2019 19:25
|
|
|
It shows that you don’t have the thinking-mindset to really be a C level. It doesn’t MATTER if it’s ultimately be useless. You aren’t selling it to people who fix things. You are selling it to directors and other C levels. Success or failure doesn’t mean jack shot, as long as you actually make sales.
|
|
#
?
Aug 1, 2019 19:34
|
|
|
Methylethylaldehyde posted:Unless it's something you can only configure via some kind of front panel that's 100% isolated from any network interface or admin page, it would still be worthless, since by the time they're actively loving with the backup server and services, they likely have a domain admin account to play with. Yeah sorry, I didn't really word it very well. I meant that the delay would be some device-level configuration, preferably through some physical switch w/o servos that allow remote access to it. Alternatively, selling it as snake oil for dumb C-levels is a good way to make a quick buck. Once it inevitably fails, just blame the admin for setting it up wrong. Then cite a $$$$$$$$$ course on correct setup and also threaten sue for defamation if they keep insisting its the system at fault.
|
|
#
?
Aug 1, 2019 19:49
|
|
|
Johnny Aztec posted:It shows that you don't have the thinking-mindset to really be a C level. 
|
|
#
?
Aug 1, 2019 19:51
|
|
|
Uhh... Is the logo supposed to look like a dick?
|
|
#
?
Aug 1, 2019 20:06
|
|
|
Kurieg posted:Uhh... You haven't seen some important television friendo.
|
|
#
?
Aug 1, 2019 20:07
|
|
|
Sickening posted:You haven't seen some important television friendo. That show hits way too close to home for me to enjoy it.
|
|
#
?
Aug 1, 2019 20:22
|
|
|
Dirt Road Junglist posted:LOL if your boss isn't making you store a second set of monthly tapes, "off site," by which we mean, "in DRJ's garage that she shares with 3 other tenants in her apartment complex."
|
|
#
?
Aug 1, 2019 20:47
|
|
|
Re: ransomware incident -- The company is thanking everyone for working so hard over the last week by bringing in the best ice cream in the city on Monday and by paying for a big party at Dave and Buster's at the end of August. In other news, the outage has finally overtaken my work hours, too. We're trying to get back to business as usual, but it's slow going. I got placed in charge of ticket triage for client VPN requests. Most of this involves assigning out work to our two overloaded interface engineers -- not hard work -- but the rest is all unfucking multiple teams all trying to work with the same client so that the client doesn't get eight different points of contact.  I've learned to hate the sound of Slack alerts.In the middle of today's chaos, the UPS at one of our offices literally blew up and took out that office's services for several hours. I was somehow roped into helping resolve this panic because I once touched a VM. Fortunately, the one dev on-site used to be THE tech support for them, so all I really had to do was push buttons when asked? Still kinda dizzying being thrown into these different roles all of a sudden. It's been a real poo poo few days.
|
|
#
?
Aug 1, 2019 23:59
|
|
|
You get to add "incident response" to your CV now though
|
|
#
?
Aug 2, 2019 00:12
|
|
|
Geemer posted:Are there any backup systems that offer a built-in write-access delay of (configurable up to) some hours just to prevent crypto attacks from quickly wiping them, while still letting overnight tasks be able to run? I have a backup server in my house that is powered off. It powers on via IPMI command at midnight. Then at 12:05 the backup job runs and the server shuts itself down. Of course this won’t prevent crypto-d files from being backed up, but I have enough capacity for three fulls and three weeks of diffs. I like to think I’d notice a crypto attack within 2-3 weeks. Agrikk fucked around with this message at 00:41 on Aug 2, 2019 |
|
#
?
Aug 2, 2019 00:39
|
|
|
Agrikk posted:I have a backup server in my house that is powered off. It powers on via IPMI command at midnight. Then at 12:05 the backup job runs and the server shuts itself down. I should do this but with a light timer Edit: What software do you use for incrementally backing up at home?
|
|
#
?
Aug 2, 2019 01:42
|
|
|
Arquinsiel posted:Are you charging rent for the space? I should have. Ugh. Lost opportunity.
|
|
#
?
Aug 2, 2019 01:52
|
|
|
klosterdev posted:I should do this but with a light timer A light timer! OMG how simple! I wish I’d thought of that a while ago... I use a ten thousand year old copy of BackupExec running on Server 2008, though both are long in the tooth. But it’s proven to be very reliable since the server spends 23 hours a day turned off. Robocopy with the archive bit as a flag works really well (I use it for identifying files that need to be copied to S3).
|
|
#
?
Aug 2, 2019 02:29
|
|
|
Dirt Road Junglist posted:I should have. Ugh. Lost opportunity.
|
|
#
?
Aug 2, 2019 02:39
|
|
|
|
| # ? Apr 26, 2024 05:06 |
|
|
Agrikk posted:I use a ten thousand year old copy of BackupExec running on Server 2008, though both are long in the tooth. But it’s proven to be very reliable since the server spends 23 hours a day turned off. Oh god, I had blocked the memory of BackupExec, and when I saw those letters in that specific order, I started yelling, "BACKUPEXEC NO NO NOT AGAIN NO."
|
|
#
?
Aug 2, 2019 03:59
|
|