@dafyre Connection closed by foreign host after a couple seconds lol

@fredtx This is really GoDaddy breached. That they were running WordPress is kind of an aside.

@scottalanmiller said in Technologies Begging to be Ransomwared:

@dashrender said in Technologies Begging to be Ransomwared:

FYI - my experience in all of this is through the use of shares - so if shares aren't enabled.. then I'm guessing you're probably correct due to configuration.

Shares aren't on by default. But even when they are, nothing is shared out that a local non-admin user could access.

Yeah, and this is ultimately what saves you - OK now we're on the same page.

Thanks

@jaredbusch said in Looking for Security camera options:

@travisdh1 said in Looking for Security camera options:

it requires Windows if you use the Axis Camera Station for the server

That is a nope. This site has almost completely left Windows.

Good on them!

I've had very little involvement in the project besides being told about it after the first server arrived at my house(office) for deployment (5 servers for 5 sites).

@scottalanmiller said in Anyone used Infection Monkey?:

@ambarishrh I meant that YOU should make one.

I'm too subtle, I guess.

lol! Yes, will make one for sure! Just need to test it on a lab and see how it goes. Its an interesting project 🙂

@DustinB3403 said in Solarwinds Blames Intern for Laughable Password:

@scottalanmiller said in Solarwinds Blames Intern for Laughable Password:

@IRJ said in Solarwinds Blames Intern for Laughable Password:

They should be required to do audits and pen testing yearly due to requirements of government systems. It sounds like solar winds worked with pen testing firms that that just gave passing grades. Sometimes organizations purposely hire bad security talent so they don't get exposed as doing a bad job.

You mean like how the government hires Solarwinds?

I have a client that uses at least one solar wind product and I shudder....

Me too.

@DustinB3403 said in Microsoft Hid Known Vulnerability According to Senator:

@scottalanmiller said in Microsoft Hid Known Vulnerability According to Senator:

@Dashrender said in Microsoft Hid Known Vulnerability According to Senator:

you're saying that they can't ever be wrong in their releases?

No, I'm saying that whether right or wrong is irrelevant. That it happened is what matters. Deciding if it happened accidentally or on purpose is a different discussion. Things that happen on accident doesn't make them not have happened.

Like teen pregnancy....

LOL, exactly.

@Obsolesce said in Active Directory - User Attribute RFID/HID Badge:

@DustinB3403 said in Active Directory - User Attribute RFID/HID Badge:

@Dashrender I'm a 3rd party to the end customer here. Acting as the middle man as the customer's IT department wanted to engage outside support to try and vet different products.

I candidly told the customer that while this product will work, it won't work with all of the features they want without some substantial changes to their infrastructure and that the support (at least from this vendor) is pretty awful.

The simple approach here is to not integrate RFID/HID's to the system and simply use the AD Integration with the built-in QR codes that each member is assigned.

Just because something may be supported, doesn't imply that it is support.

Except in this case the vendor very clearly has stated they support you adding custom attributes within AD.

https://www.zdnet.com/article/microsoft-weve-open-sourced-this-tool-we-used-to-hunt-for-code-by-solarwinds-hackers/

@Dashrender said in Best practice security updates linux servers?:

saying Well - Johnny is just better employee than you, so I choose to pay him more, that isn't going to make people happy, it will likely make them less happy...

You are looking at it from the employer's perspective. Of course it doesn't help the employer. It helps the employee when they can see what X work is worth. If employee 1 makes X for a job, and employee 2 wants to know their own value, they have something to go on. If you don't know what others are paid you have almost nothing to go on.

Remember on Spiceworks when loads of people would claim that $65K was the IT industry cap? Imagine if people (and companies) were able to repeat that without anyone speaking up! People would surmise that if $65K is the top for a CIO, that a system admin must cap out at $50K and a helpdesk tech at $9/hr!

But in the real world, we know that CIOs make well into the seven figure range, admins can get well into the multiple six figures. Even good help desk leads can hit six figures. If we didn't have others to compare against, it's easy to see people misunderstanding the scope of the industry by an order of magnitude.

Sangoma has relased an updated (and likely final) statement.

https://www.sangoma.com/press-releases/sangoma-technologies-provides-update-on-ransomware-attack-expects-no-material-impact-on-sales/

The second paragraph has the relevant information from an IT point of view.

00a7b475-033f-4db6-8311-b115d6bb0a47-image.png

@Dashrender said in DNS Filtering with Ties to Google Groups:

the browser will use the system DNS if that DNS support DNS over HTTPS....

How can the browser know what the DNs mechanism is? DO you mean the browser will try a local DNS over HTTPS first? That I can see.

@dbeato said in Patch all your Windows DNS servers - CVE-2020-1350 - CVSS score of 10:

@pmoncho said in Patch all your Windows DNS servers - CVE-2020-1350 - CVSS score of 10:

Just wondering - Is anyone seeing a patch for 2019 with a reference to the KB article?
Checked yesterday, last night and this morning. No update that I can see.

Currently performing the workaround.

c46cc947-cad4-4bfc-877c-dbd1c1ddfd16-image.png

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4558998

Thanks. Forgot about the update catalog.