@FloridaMan said in Recording Employee Calls at Work in the US:

When I call a company, I often get an automated answer, alerting me to the fact that the call may be recorded, before being transferred to the menu or operator.

If an employee calls me, I'm not notified that the call may be recorded. Should the first thing the employee tells me is that the call might be recorded?

If the call might actually be recorded, heck yeah. There might be cases where they do not need to do that, but it is very unlikely that that employee could know when those cases might come up because it is the physical location of the other party, not the number that they call or where they are based or what their activity is, that matters legally. They could easily be violating federal, state or even international laws.

@travisdh1 said in "Thieves can guess your credit card data in seconds" well, duh:

@dafyre said in "Thieves can guess your credit card data in seconds" well, duh:

@DustinB3403 said in "Thieves can guess your credit card data in seconds" well, duh:

This is where credit fraud protection comes into place, and class action law-suits start for all of the declined claims from people who have had their credit cards used illegally, and the bills not dropped by Visa.

I'd be surprised if there aren't already commericals on TV for 'Do you have a Visa credit card? Has your credit card been used without your consent, and the charges not dropped by Visa, call us now, you may be entitled to X"

Call J. G. Wetworth! 1-877-CASH-NOW....

Sorry... I'll see myself out now.

Let's all jump on board for lawsuits that only make the lawyers money!

Hey I need that 30 cents!

@BRRABill said in How to Require TLS for Outbound SMTP Connections with MDaemon:

I think what he meant was encrypted from the e-mail client (Outlook, Webmail) to the MD server.

That's confusing because it isn't email at that point but is just an internal application API. If it is Outlook, for example, it talks directly with Exchange as a client manipulating stuff on Exchange. If it is OWA, it's Exchange that you are looking at directly (the "email" is still on Exchange.)

@scottalanmiller said in HPE Laptop Compromises US Navy Sailor's Personal Data:

@DustinB3403 said in HPE Laptop Compromises US Navy Sailor's Personal Data:

If it doesn't effect the government overall why do I really care?

all hardware developers (and mainstream software) are culpable when it comes to this.

Why the military hasn't moved to Linux "globally" is insane.

I'm very lost as to what you are saying. What does the OS, hardware developers or anything else random have to do with the situation?

ancient-aliens.jpg

Wow... Just wow.

When do the though trucks rollout?

@stacksofplates said in Open Firewall Ports on CentOS 7 and RHEL 7:

@coliver said in Open Firewall Ports on CentOS 7 and RHEL 7:

@stacksofplates said in Open Firewall Ports on CentOS 7 and RHEL 7:

@coliver said in Open Firewall Ports on CentOS 7 and RHEL 7:

@scottalanmiller said in Open Firewall Ports on CentOS 7 and RHEL 7:

@coliver said in Open Firewall Ports on CentOS 7 and RHEL 7:

Did anyone ever figure out if there was a way to setup files for firewalld? Or was the XML service files the way to go?

XML I think.

That's what I was afraid of. We're using IPTables on all of our OEL7 servers right now but I think moving to the default firewalld may be a good idea. I'll have to look into the XML config and see how much more difficult, if at all, it is over the IPTables file. It's a shame we can't just copy a single file around anymore but the XML files probably won't be too much more difficult.

Ya it's not bad at all. Here's the config from my Identity Management server. It's pretty similar to /etc/sysconfig/system-config-firewall on RHEL 6, just in zone specific XML files.

<zone> <short>Public</short> <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description> <service name="http"/> <service name="https"/> <service name="ntp"/> <service name="dhcpv6-client"/> <service name="kerberos"/> <service name="ldaps"/> <service name="ssh"/> <service name="dns"/> <service name="ldap"/> </zone>

Those services are predefined right? You can also build your own services via the same process.

Ya and you can define specific ports. I prob could have grabbed a better example.

No, I think I've got it just need to investigate actually setting these up.

So if it doesn't provide privilege escalation and only allows you to access processes which you are running, then how is it really any different from any normal hooking? So yes, it's unpatchable in the same way deleting all the files in your own home directory in Unix is unpatchable.

Looking at the code as well... we were doing this stuff years ago to see what was being sent wrapped in SSL for reverse engineering purposes, because tcpdump or whatever couldn't read it.

@stacksofplates said in Suddenly hit from lots of different places today.:

@travisdh1 said in Suddenly hit from lots of different places today.:

@stacksofplates said in Suddenly hit from lots of different places today.:

@travisdh1 said in Suddenly hit from lots of different places today.:

@dafyre said in Suddenly hit from lots of different places today.:

@travisdh1 I'm totally shocked... not a single hit for root as the login name!

I know right 😕

When I first started here, the website was hosted on a Windows Server VPS, so the administrator at least makes a little sense.

Also, remote root login (the only one available because it's a VPS) is key based. So go ahead and try logging in as root with a password.

Ha we can't log in with root at all over SSH.

While it's very tempting to do just that, the only user the system started with was root. If I have to burn it all down, I need some way to access the thing.

Ah ic. Do you not have console access?

I do, but the only user on the system was created after the OS/cPanel was installed. So if I have to nuke it from orbit, I kinda need that access.

@dafyre said in Actual Malicious LinkedIn Emails:

@ChrisL said in Actual Malicious LinkedIn Emails:

@dafyre said in Actual Malicious LinkedIn Emails:

@ChrisL said in Actual Malicious LinkedIn Emails:

I would always hope that someone isn't naive enough to think that a major financial institution with their contact info on hand would reach out to them through LinkedIn.

Buuuuuut, I've been wrong before.

Nah... Why would they do that, when they could impersonate a family friend and try to tell me that I won 150k from a non-existent government agency.

Congratulations!

Can I give them your bank account numbers? We can split the winnings.

I was afraid you'd never ask.

@stacksofplates said in WordPress Site Redirecting Sometimes to Hijacked Page:

What's in your index.php file?

I've looked through it before and must have just been stupid. There it was, a URLDECODE right in the middle. That was it!

@Dashrender said in Pentagon Warns Against Using Lenovo Equipment:

@brandon220 said in Pentagon Warns Against Using Lenovo Equipment:

I had to laugh about it. Last year I got dinged for not blocking github and the similar sites. This time they tell me I can go on github and get a piece of software that will compare my firewall config and detect any changes. The logic makes ZERO sense.

audiors are allowed to make up any damned rules they want. it's just nutz.

But companies are alllowed to hire any auditors that they want.

@bransona said in MS-CHAP on Ubiquiti EdgeRouter:

@scottalanmiller is correct. I have Edgerouter 2.0.9 and it STILL requires PAP in the Windows policy. Under Config Tree, there is no way to make the router use MSCHAP or MSCHAPv2 instead of PAP (cleartext). I went to notify Ubiquiti hoping they can potentially have this included in another firmware release soon, but Ubiquiti Support was apprised of this 5 years ago! https://community.ui.com/questions/Encrypted-Radius-Supported/7857b119-91d8-4365-8c2a-8c21de0937a4

Yup it has been a big issue for a while now on the EdgeSwitches too.

@gjacobse said in Surface Pro 3: Boot from USB:

@Minion-Queen said in Surface Pro 3: Boot from USB:

I would but it's a customer machine so off to MS to get fixed it goes.

I still like the sledgehammer option

Frisbee?

Updated map - while the effects are lessened,.. they coverage is nearly the same.

0_1477484733181_2016-10-26 08_23_03-Level3 outage_ Current problems and outages _ Down Detector.png

@martianx said in Modern Open Source Replacement for SSLExplorer:

Update: We prototyped integrating NoVNC with the Hypersocket VPN. It was relatively simple as it hooked straight into our forwarding mechanism that was already using websockets. Will be releasing an update to support this in the next month or so. We will also integrate our client-less SSH terminal at the same time. RDP is a little more complex so will need further research before we can support this.

Very cool, thanks for the update!