|
RFC2324 posted:what? https://arstechnica.com/information...somware-attack/
|
![]() |
|
![]()
|
# ? Jan 20, 2021 06:38 |
|
https://arstechnica.com/information...somware-attack/ efb
|
![]() |
|
Methylethylaldehyde posted:Curling: The only Olympic sport where the silver medalists all look like various dads out drinking. Only? You know there are a number of shotgun and rifle events where dad bodies are on display in their full glory as well. Completely shameful that bowling isn’t an Olympic sport by the way.
|
![]() |
|
Today at work: "Town hall meeting" (i.e. a video presentation with attached all-hands moderated chat) about a new primary net connection / proxy server / etc which is going to be the Wave of the Future and Make Everything Better For Everyone: Todd Smith has raised a hand Moderator has unmuted Todd Smith (Todd Smith) With the new server, is the company doing any sort of man in the middle SSL monitoring? Moderator has muted Todd Smith (Presenter) We have not started HTTPS / SSL traffic inspection with this change. (Hmm. I noticed the careful way he phrased that without actually answering the question...) You have raised your hand Moderator has unmuted you (sfwarlock) Were we already doing https / ssl monitoring before the change? Moderator has muted you You have been permanently muted You have been removed from presentation audience "Tomorrow's Network Today"
|
![]() |
|
sfwarlock posted:Today at work: "Town hall meeting" (i.e. a video presentation with attached all-hands moderated chat) about a new primary net connection / proxy server / etc which is going to be the Wave of the Future and Make Everything Better For Everyone: Do not question our authority. Also hello to the packet sniffers at sfwarlock's place of work.
|
![]() |
|
Surely you'd know if SSL inspection was being done because the root certs would need to be on your machines
|
![]() |
|
Zil posted:Also hello to the packet sniffers at sfwarlock's place of work. Phone posting, yo. Thanks Ants posted:Surely you'd know if SSL inspection was being done because the root certs would need to be on your machines It's not something I would have thought to look for before. Then again, I don't do personal poo poo on work machines anyways.
|
![]() |
|
sfwarlock posted:Then again, I don't do personal poo poo on work machines anyways. This is a solid and good rule. And one that has not steered me wrong.
|
![]() |
|
I don't work in IT but a ticket came in regardless from my sister. She got a new job and she received training documents from her manager to read that turn out to be encrypted and she didn't get the details to decrypt them. So instead of following my careful suggestion of e-mailing her manager back for help on opening those files, she instead sees this as an opportunity to prove that she can come up with a creative solution and find the documents somewhere random on the internet. I'll be pouring one out for the IT personnel that'll be assisting her in the future.
|
![]() |
|
Thanks Ants posted:Surely you'd know if SSL inspection was being done because the root certs would need to be on your machines I'm uninformed in this regard, but curious. Can I get an explanation for this?
|
![]() |
|
Crowley posted:I'm uninformed in this regard, but curious. Can I get an explanation for this? If you want to do SSL inspection by MitM, the inspecting device needs to be able to decrypt and re-encrypt the data. Because the inspecting device doesn't generally have access to the private key to the certificate the originating server uses, the inspecting device needs to use a different certificate that looks like, but is not, the original certificate. Usually this certificate won't be signed by a commonly trusted authority (nobody would give you a cert for google.com if you aren't Google), so instead it's signed by a private authority. If the clients being MitM'ed for inspection don't trust this private root authority, the user gets the usual certificate warning about an untrusted chain. So you'd install your private root certificate on the internal clients via group policy. But the user will still be able to inspect the certificate chain on their client and see that it's not the regular root. However if you as a user can set up certificate pinning or similar, while your machine is not being MitM'ed, your client would still warn you that it's the wrong certificate for the service.
|
![]() |
|
I thought it'd be something like that. Thanks.
|
![]() |
|
Bob Morales posted:edit: that reminds me of the custom email filter the owner of a place I once worked at had me set up. It had a crazy word list of things that would cause an email to be silenty forwarded to him. Certain product names, companies, words like resume, pay, etc
|
![]() |
|
Bob Morales posted:edit: that reminds me of the custom email filter the owner of a place I once worked at had me set up. It had a crazy word list of things that would cause an email to be silenty forwarded to him. Certain product names, companies, words like resume, pay, etc This poo poo is beyond insane lol
|
![]() |
|
DACK FAYDEN posted:Hope nobody under him had the habit of phrasing restarting anything as "resume [X process]". I hope Bob had that habit after setting it up.
|
![]() |
|
Oh poo poo. Stuff is about to get exciting. Just had a talk with HR. At 3:45 they are firing someone who is 'known to get verbal and or physical'. I can think of a couple people out in the production floor that would fit the description, but they all go home at 3:00, so it has to be someone from the office. So here's the floor layout: ![]() They are going to bring the person into the conference room to sit down and talk. At that point they want me to go out to the front desk (the IT office is right by the front desk), get the lady that sits out there, and bring her into the IT office and close the door. Then I have to make sure the mystery person doesn't 'escape' or something and walks straight out the front door after they fire him. ![]()
|
![]() |
|
Bob Morales posted:Oh poo poo. Stuff is about to get exciting. I appreciate the diagram. Please report back
|
![]() |
|
Bob Morales posted:Oh poo poo. Stuff is about to get exciting. This is where you call the local police department and politely ask for someone to come visit if they have have someone to spare. Explain the past issues and the fear of this person being violent. At worst they say no. If they do send someone, simply wait for the officer to get there and fire them then. Easy and done with.
|
![]() |
|
Bob Morales posted:Oh poo poo. Stuff is about to get exciting. so you have to shut the front desk person in your office and then you yourself wait at the front desk to tackle this crazy person if they bolt? HALT RIGHT THERE! *tackle* THEY'RE NOT DONE FIRING YOU YET
|
![]() |
|
Bob Morales posted:Oh poo poo. Stuff is about to get exciting. So are you going to tell the front desk person "Come with me if you want to live"?
|
![]() |
|
Bob Morales posted:
You haven't diagrammed the tranquilizer dart supply, was that intentional?
|
![]() |
|
It must be pretty embarrassing to get tackled by the IT guy of all people.
|
![]() |
|
My mental image of bob is as a big hairy biker dude, so this story all checks out.
|
![]() |
|
Are they worried about the person being violent or about him/her talking to others or about others knowing who they are firing or they street the firing?
|
![]() |
|
Methanar posted:It must be pretty embarrassing to get tackled by the IT guy of all people. ![]()
|
![]() |
|
ilkhan posted:Are they worried about the person being violent or about him/her talking to others or about others knowing who they are firing? Apparently they might yell at the front desk lady or sucker punch her or something I don't know I don't know who the person is, they might be from her old department (she was in customer service until last week) so maybe they hate her or something.
|
![]() |
|
The Fool posted:My mental image of bob is as a big hairy biker dude, so this story all checks out. He’s a weightlifter who was completely obsessed with bench at the expense of everything else, so not far off. Seriously, though, they expect you to be ready to tackle the possibly violent employee? gently caress that. Bring front desk lady in, lock her and yourself in, wait until the guy is out one way or another.
|
![]() |
|
Current status is they are waiting for the owners of the company to leave (they have an appointment at 4:30 so they should be leaving any minute) before they do this.
|
![]() |
|
Bob Morales posted:Oh poo poo. Stuff is about to get exciting. Oh nooo, someone getting fired might have WORDS TO SAY ABOUT IT. BETTER GET OUT THE GODDAMN TASERS. WE GOT A TALKER HERE
|
![]() |
|
Bob Morales posted:Current status is they are waiting for the owners of the company to leave (they have an appointment at 4:30 so they should be leaving any minute) before they do this. You're going to shut the door and do nothing no matter what this guy does, right?
|
![]() |
|
![]() Absolutely nothing happened. They sat down with him, someone came out and boxed up his desk, and the he left.
|
![]() |
|
Bob Morales posted:
What a letdown. You coulda lied and said there was some gumballs and the deed to Draculas castle in his desk.
|
![]() |
|
Bob Morales posted:
There's still a valuable takeaway here about your current leadership's ability to manage risk.
|
![]() |
|
18 Character Limit posted:There's still a valuable takeaway here about your current leadership's ability to manage risk.
|
![]() |
|
Thanatosian posted:I think they did a great job at managing risk, here. The owners left before they fired the guy; pretty much zero risk, see? They never, ever fire anyone when they are here. When they go on vacation, they bring the axe down.
|
![]() |
|
Bob Morales posted:They never, ever fire anyone when they are here. When they go on vacation, they bring the axe down. good way to motivate people to never take pto
|
![]() |
|
Thanatosian posted:I think they did a great job at managing risk, here. The owners left before they fired the guy; pretty much zero risk, see? And they left the big IT guy there as their security force!
|
![]() |
|
A ticket came in:quote:Can someone please lock my account-my car has been stolen and it has my iPad and [company] email and contacts. Please call me at [wrong area code].111.2222. I'm reasonably certain she makes six figures.
|
![]() |
|
TITTIEKISSER69 posted:A ticket came in: Whats the issue? That she made a typo with her phone number or that her car was stolen? IDGI
|
![]() |
|
![]()
|
# ? Jan 20, 2021 06:38 |
|
That fact that she's notifying you that company data is out in the wild is a step in the right direction. If you are not able to remotely wipe the ipad, that's a different problem.
|
![]() |