Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
mllaneza
Apr 28, 2007


Veteran, Bermuda Triangle Expeditionary Force, 1993-1952





Executive assistants are my go-to for getting things I need fixed actually fixed. Back at the design studio our ISP (XO) put in a new CRM system, built in-house, the CTO had a big blurb in the 'about us' section of their website about it. They put me down as being in the Eastern timezone, I'm in Pacific. So whenever I had a ticket open, which was almost weekly because XO sucked, I'd get status calls starting at 5am. I begged my account manager to get it fixed for weeks. Nope, can't change someone's timezone.

gently caress that. I looked up their corporate HQ and whatever jackass is in charge of their internal systems (that's when I saw the blurb about the new CRM tool). I called HQ and asked for the jackass' secretary and left her a detailed voicemail. Two days later I got an "it's fixed now, sorry for the inconvenience" email.

loving XO man. Most of their management were the idiots who couldn't manage to get up to cool crimes with WorldCom but deserved to be in Stupidity Jail anyway.

Adbot
ADBOT LOVES YOU

Entropic
Feb 21, 2007

patriarchy sucks


6 hours of overtime on a Friday night because one of my predecessors didn't document poo poo or save backup configs. Oh, well. I get paid overtime and having to explain the bill to the customer isn't my problem.
I ended up having to manually factory reset a some switches and bunch of wireless APs in a hotel. Funniest thing about the job was when I got the keys to the protective wall-boxes that all the WAPs are in from the building maintenance guy I got handed this huge ring of dozens of keys.


Yes, they are all identical copies of a single industry standard key.

Neddy Seagoon
Oct 12, 2012

Hi, Everybody!


Entropic posted:

6 hours of overtime on a Friday night because one of my predecessors didn't document poo poo or save backup configs. Oh, well. I get paid overtime and having to explain the bill to the customer isn't my problem.
I ended up having to manually factory reset a some switches and bunch of wireless APs in a hotel. Funniest thing about the job was when I got the keys to the protective wall-boxes that all the WAPs are in from the building maintenance guy I got handed this huge ring of dozens of keys.


Yes, they are all identical copies of a single industry standard key.

https://www.youtube.com/watch?v=a9b9IYqsb_U

Entropic
Feb 21, 2007

patriarchy sucks


Deviant Ollam talks are always great. I love the one he did about doors.

Really though, the locks on so much stuff are not even really meant at all to stop a determined attacker who knows what they're doing, they're just there to stop random passers-by from touching your poo poo.
E.g. this was a hotel that has fairly low-ceilinged hallways without drop ceilings, their WAPs were just wall mounted up against the ceiling where someone walking by could easily reach up and touch them. So they all had these hard plastic cases covering them, which of course were keyed alike because they bought them in bulk. If someone goes in with the goal of messing with your access points, a proper lock would just delay them by a minute or so while they pick it, and would cost a lot more, while these are perfectly fine for the job "make sure a drunk guest doesn't slap the AP for fun as they're walking by and break it". It's kinda like how the locks on most filing cabinets probably come with a key you could find on ebay in 2 minutes, but they're not there to stop industrial espionage, they're there to stop an employee or guest who's wandering by from pulling the drawer open because they're bored and curious.
I mostly thought it was funny that they kept every single copy of the identical keys.

neogeo0823
Jul 4, 2007

NO THAT'S NOT ME!!


Came here to link that. Watch all of Deviant Ollam's talks. They're amazing.

This one here's another must-watch. Yes, it's long, but it's worth every minute.
https://www.youtube.com/watch?v=ZUvGfuLlZus

Data Graham
Dec 28, 2009





Ever since watching that video, whenever I see an elevator I look for the little holes in the doors and go

neogeo0823
Jul 4, 2007

NO THAT'S NOT ME!!


Data Graham posted:

Ever since watching that video, whenever I see an elevator I look for the little holes in the doors and go

A lot of it really makes you just stop and just notice things you never thought about before. That's what I love about talks like that.

Schadenboner
Aug 15, 2011

I MEAN, TURN OFF YOURE MONITOR, MIGTH EXPLAIN YOUR BAD POSTS, HOPE THIS HELPS?!

I never regret re-watching that elevator video. You'd think that spending 2 hours watching something you've already seen would be a waste but it's just like looping TLO Roll Call like 50 times and really: when aren't you doing that?

Buff Hardback
Jun 11, 2019


Entropic posted:

6 hours of overtime on a Friday night because one of my predecessors didn't document poo poo or save backup configs. Oh, well. I get paid overtime and having to explain the bill to the customer isn't my problem.
I ended up having to manually factory reset a some switches and bunch of wireless APs in a hotel. Funniest thing about the job was when I got the keys to the protective wall-boxes that all the WAPs are in from the building maintenance guy I got handed this huge ring of dozens of keys.


Yes, they are all identical copies of a single industry standard key.

I used to have 3-4 copies of CH751 at my old job.

Arquinsiel
Jun 1, 2006

"There is no such thing as society. There are individual men and women, and there are families. And no government can do anything except through people, and people must look to themselves first."

God Bless Margaret Thatcher
God Bless England
RIP My Iron Lady


The talk about IR door sensors is lol.

Dirt Road Junglist
Oct 8, 2010

There's a ghost in me
Who wants to say I'm sorry
Doesn't mean I'm sorry






Agrikk posted:

Then jackass from my team, the same jackass who complains that heís super slammed all the time and needs people to boss aroundtake on parts of his job, this jackass says, ďWhy not just send me the details and Iíll look into it for you.Ē

Okay fuckface: The reason why thy donít know best practices and how to be efficient is because you inject yourself into every process where you. are. not. needed. Also: I am support and you are pre-sales so stay in your loving lane. Go away forever.

I have two of those jackasses on my team. Iíll get a ping about something out of band, like a firewall exception or testing a security agent, and Iíll tell the person to use our intake form because we have a loving process.

Instead, Helpful Jackass 1 or 2 gets at mentioned over my head, they immediately drop everything to hop on it, fail to document anything, and act hurt when I have a meltdown in stand up over it several sprints later because now Iím on the hook for supporting their duct tape bullshit.

Thomamelas
Mar 11, 2009


Entropic posted:

Deviant Ollam talks are always great. I love the one he did about doors.

Really though, the locks on so much stuff are not even really meant at all to stop a determined attacker who knows what they're doing, they're just there to stop random passers-by from touching your poo poo.
E.g. this was a hotel that has fairly low-ceilinged hallways without drop ceilings, their WAPs were just wall mounted up against the ceiling where someone walking by could easily reach up and touch them. So they all had these hard plastic cases covering them, which of course were keyed alike because they bought them in bulk. If someone goes in with the goal of messing with your access points, a proper lock would just delay them by a minute or so while they pick it, and would cost a lot more, while these are perfectly fine for the job "make sure a drunk guest doesn't slap the AP for fun as they're walking by and break it". It's kinda like how the locks on most filing cabinets probably come with a key you could find on ebay in 2 minutes, but they're not there to stop industrial espionage, they're there to stop an employee or guest who's wandering by from pulling the drawer open because they're bored and curious.
I mostly thought it was funny that they kept every single copy of the identical keys.

With physical security it's about the trade off between security, cost and how much it interferes with day to day operations, along with the threat assessment. You'll never get perfection, you'll get the compromise you hope is enough.

CaptainJuan
Oct 15, 2008

Thick. Juicy. Tender.

Imagine cutting into a Barry White Song.

This is also true of IT security

Arquinsiel
Jun 1, 2006

"There is no such thing as society. There are individual men and women, and there are families. And no government can do anything except through people, and people must look to themselves first."

God Bless Margaret Thatcher
God Bless England
RIP My Iron Lady


Thomamelas posted:

With physical security it's about the trade off between security, cost and how much it interferes with day to day operations, along with the threat assessment. You'll never get perfection, you'll get the compromise you hope is enough.
That's all security.

Neddy Seagoon
Oct 12, 2012

Hi, Everybody!


Thomamelas posted:

With physical security it's about the trade off between security, cost and how much it interferes with day to day operations, along with the threat assessment. You'll never get perfection, you'll get the compromise you hope is enough.

Security is a journey, not a destination.


Data Graham posted:

Ever since watching that video, whenever I see an elevator I look for the little holes in the doors and go

I've certainly looked at our office elevators after watching that and realized just how stupidly unsecure the "secure" lift actually is.

Neddy Seagoon fucked around with this message at 07:25 on Oct 19, 2020

Weedle
May 31, 2006




a ticket came in

quote:

slow computer
computer

Thanks Ants
May 21, 2004

Bless You Ants, Blants



Fun Shoe

computer AS gently caress

TITTIEKISSER69
Mar 19, 2005

I'M JUST HERE TO KISS TITTIESS AND WIN FOOTBALL GAMES!
(AND GET EVERYBODY FIRED)


Pillbug

Weedle posted:

a ticket came in

dragonshardz
May 2, 2017




Weedle posted:

a ticket came in

Panicking about someone sending emails from a Comcast.net account that had been compromised and its display name changed to resemble that of our org.

"What can we do about it?"

Fuckall, that's what.

Internet Explorer
Jun 1, 2005


dragonshardz posted:

Panicking about someone sending emails from a Comcast.net account that had been compromised and its display name changed to resemble that of our org.

"What can we do about it?"

Fuckall, that's what.

If it's being sent to your domain, there is stuff like Mimecast's Impersonation Protection that can help to some degree, even for just display names.

https://community.mimecast.com/s/ar...ions-2027248726

I have had VIPs "tell" me to call the FBI over this. Ahahahaha

shortspecialbus
Feb 16, 2006

WOULD YOU ACCOMPANY ME ON A BRISK WALK? I WOULD LIKE TO SPEAK WITH YOU!!




I once sent my wife an e-mail from pope@vatican.va asking for nudes to prove a point that the sender e-mail address should not be trusted to be the actual source without digital signing.

The Fool
Oct 16, 2003



Internet Explorer posted:

If it's being sent to your domain, there is stuff like Mimecast's Impersonation Protection that can help to some degree, even for just display names.

https://community.mimecast.com/s/ar...ions-2027248726

I have had VIPs "tell" me to call the FBI over this. Ahahahaha

If you don't have mimecast it is super easy to do this with transport rules.

We killed probably 60% of our phishing e-mails with a transport rule that blocks e-mails trying to impersonate the executive team.

Internet Explorer
Jun 1, 2005


The Fool posted:

If you don't have mimecast it is super easy to do this with transport rules.

We killed probably 60% of our phishing e-mails with a transport rule that blocks e-mails trying to impersonate the executive team.

Do you just create a transport rule that blocks anyone with the same exact display name as someone on the exec team?

The Fool
Oct 16, 2003



Internet Explorer posted:

Do you just create a transport rule that blocks anyone with the same exact display name as someone on the exec team?

We have it a drop a report to the helpdesk so we can review for false positives, but otherwise yeah.

I'm sure the mimecast product does a bunch of additional fancy stuff, but you can get a lot of mileage with minimal work using transport rules.

Internet Explorer
Jun 1, 2005


That's a clever solution. Thanks for sharing. Might look into implementing it at the current place.

Thanks Ants
May 21, 2004

Bless You Ants, Blants



Fun Shoe

Isn't something like that built into O365 now anyway?

The Fool
Oct 16, 2003



Thanks Ants posted:

Isn't something like that built into O365 now anyway?

IIRC, it's a part of O365 ATP.

The Fool
Oct 16, 2003



You can also use transport rules to duplicate a basic version of Inky's service.

Sickening
Jul 15, 2007

BLack Summer was the Best Summer

Internet Explorer posted:

That's a clever solution. Thanks for sharing. Might look into implementing it at the current place.

This is okayish until you figure out someone in the executive team uses their gmail to forward funny things to their coworkers internal email addresses.

Internet Explorer
Jun 1, 2005


The Fool posted:

IIRC, it's a part of O365 ATP.

Interesting. One of the problems I've had at current place is that they were on the O365 and Azure bandwagon early, so they have all the old defaults and I am not intimately familiar with all the current best practices. Add on some aversion to change as an org, and presto!

Sickening posted:

This is okayish until you figure out someone in the executive team uses their gmail to forward funny things to their coworkers internal email addresses.

Hahaha, yes, for sure. Dealt with that when implementing any sort of impersonation protection. Just took some announcement beforehand and dealing with the fallout. Pros still outweighed the cons.

RFC2324
Jun 7, 2012

Http 418


Sickening posted:

This is okayish until you figure out someone in the executive team uses their gmail to forward funny things to their coworkers internal email addresses.

Executive teams are the reason one off exceptions exist, just poke a hole for their gmail account. Last I checked google signs gmail.

Sickening
Jul 15, 2007

BLack Summer was the Best Summer

RFC2324 posted:

Executive teams are the reason one off exceptions exist, just poke a hole for their gmail account. Last I checked google signs gmail.

Managing those exceptions is kind of my point. Okay, you have whitelisted the CEO's gmail so it doesn't get caught. gently caress, he just sent that from his icloud because he was on his phone. Repeat to infinity.

Thanks Ants
May 21, 2004

Bless You Ants, Blants



Fun Shoe

Yeah it's a losing battle, maybe try and get the lawyers on side and talk about compliance if you're regulated in some way

dragonshardz
May 2, 2017




Internet Explorer posted:

If it's being sent to your domain, there is stuff like Mimecast's Impersonation Protection that can help to some degree, even for just display names.

https://community.mimecast.com/s/ar...ions-2027248726

I have had VIPs "tell" me to call the FBI over this. Ahahahaha

I am a lowly Service Desk peon with no power to buy poo poo, so...thanks, but I can't do anything with that. :/

Internet Explorer
Jun 1, 2005


Fair enough, but at least now you know of a potential solution, and actually now I know of two more that are similar to it. Transport rules are free, and if you already have O365 ATP it sounds like there might be some options included there. "Managing up" is a good thing and if you're noticing that sort of thing, it might be worth trying to bring up the ladder.

Arquinsiel
Jun 1, 2006

"There is no such thing as society. There are individual men and women, and there are families. And no government can do anything except through people, and people must look to themselves first."

God Bless Margaret Thatcher
God Bless England
RIP My Iron Lady


shortspecialbus posted:

I once sent my wife an e-mail from pope@vatican.va asking for nudes to prove a point that the sender e-mail address should not be trusted to be the actual source without digital signing.
Looking at their SPF record that should have been caught trivially, assuming they haven't changed it recently.

RFC2324
Jun 7, 2012

Http 418


Arquinsiel posted:

Looking at their SPF record that should have been caught trivially, assuming they haven't changed it recently.

The easiest thing in the world is to set the name field to the email address you want to spoof, and watch 75% of people on the internet fall for it. It's probably the biggest thing we can focus education efforts on, imo

Thanks Ants
May 21, 2004

Bless You Ants, Blants



Fun Shoe

Yeah for all the effort that goes into SPF, DKIM, DMARC etc. there's still people who will just send emails from "Company CEO" <davejohn54321@gmail.com> asking for four figures of prepaid credit cards and get victims all day long.

The Fool
Oct 16, 2003



We add banners to incoming e-mail. One for all external e-mails and another for any e-mails that fail spf.

A lot of organizations fail spf.

Adbot
ADBOT LOVES YOU

Internet Explorer
Jun 1, 2005


The Fool posted:

We add banners to incoming e-mail. One for all external e-mails and another for any e-mails that fail spf.

A lot of organizations fail spf.

Ugh, I hate those stupid banners.

And if people fail SPF, I put my foot down. Failed SPF doesn't get delivered. It's been around for far too long and it's far too simple. I don't want to hear it.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply