@JaredBusch said in Anyone using CrowdSec?:

This looks like a good tool. If it is performant at high volume that will be a huge improvment over fail2ban.

I am a little concerned about the global block process. But I assume they have that addressed someplace. I only read this page, nothing else yet.

yeah, that's what gave me pause too.

But definitely seems like a cool idea.

What I want to know is who's footing the bill for the centralized collection of these IPs and redistribution.

Looked at them a few weeks ago. Not free, didnt look interesting enough to test.

PetaSAN, at least in component form, would make an excellent backup target array, for example.

Here's another example in Kibana. You can pull the same data out and display in Grafana

business-analytics-reporting.png

This is how I sum up my problems with reviews:

Not enough people do reviews without being incentized to do so to offset those who are. There is no upside to doing reviews, so people don't. It's a silly system, and people know that. People who do reviews rarely understand how reviews work and don't have the experience or exposure to do one that is useful and not misleading.

it's really just math. It's not that mankind is so bad, it's that the fundamental concept of public reviews doesn't logically make sense given real world factors.

Problem resolved. The server was previously been hooked up to a Dell Powerconnect. Switched back to it and everything is now fine.

This is a rental home, so don't want to run cable throughout the house to connect the switch to the router. Resolved the issue by putting in a couple of powerline ethernet adapters.

Glad I could help JB in keeping his blood pressure in check. 😉

@dustinb3403 said in Hackers Hid Backdoor In CCleaner Security App:

@coliver said in Hackers Hid Backdoor In CCleaner Security App:

@dustinb3403 said in Hackers Hid Backdoor In CCleaner Security App:

@coliver said in Hackers Hid Backdoor In CCleaner Security App:

@dustinb3403 said in Hackers Hid Backdoor In CCleaner Security App:

@coliver said in Hackers Hid Backdoor In CCleaner Security App:

@marcinozga said in Hackers Hid Backdoor In CCleaner Security App:

And since when CCleaner is a security app? Original name was crap cleaner if I remember correctly, and that's what it does, cleans crap. How does that relate to security?

It's owned by Avast, a security company. Since when does a security company provide malicious software? Then when they are found out try and cover up the tool and the extent of the infection?

Avast recently purchases Piriform (the original developers of CCleaner).

Correct. So Avast transversely owns CCleaner.

Did avast own Piriform and CCleaner at the time of this breach? (I haven't looked that up)

Yes, the breach was live in August-September. Avast purchased Piriform in July.

Than Avast is squarely to blame for it. Rather than having a leg to stand on of "This happened before/during we bought Piriform. . ."

Still no hash entries on ccleaner's website. I guess Avast doesn't care about security after all.

Right? How simple is this. Any random open source project has that kind of stuff. How did Piriform miss that?

@danp said in Sodium --:

Just checked in Chrome and I get this --

Exception in template helper: TypeError: Cannot read property 'company' of undefined at Object.unitGroups (https://sodium.waxquixotic.com/app.js?hash=9a69b28b89efe0a1f976612c19bd1154b5baa7e4:1656:35) at https://sodium.waxquixotic.com/packages/blaze.js?hash=f33d3dfed63a491d24e3aa07ad66c24b5fe8c761:185:18 at https://sodium.waxquixotic.com/packages/blaze.js?hash=f33d3dfed63a491d24e3aa07ad66c24b5fe8c761:112:41 at https://sodium.waxquixotic.com/packages/blaze.js?hash=f33d3dfed63a491d24e3aa07ad66c24b5fe8c761:191:182 at Function.Template._withTemplateInstanceFunc (https://sodium.waxquixotic.com/packages/blaze.js?hash=f33d3dfed63a491d24e3aa07ad66c24b5fe8c761:714:12) at https://sodium.waxquixotic.com/packages/blaze.js?hash=f33d3dfed63a491d24e3aa07ad66c24b5fe8c761:191:74 at Object.Spacebars.call (https://sodium.waxquixotic.com/packages/spacebars.js?hash=ebf9381e7fc625d41acb0df14995b7614360858a:14:14) at https://sodium.waxquixotic.com/app.js?hash=9a69b28b89efe0a1f976612c19bd1154b5baa7e4:1:31142 at Blaze.View.<anonymous> (https://sodium.waxquixotic.com/packages/blaze.js?hash=f33d3dfed63a491d24e3aa07ad66c24b5fe8c761:172:181) at https://sodium.waxquixotic.com/packages/blaze.js?hash=f33d3dfed63a491d24e3aa07ad66c24b5fe8c761:120:252

That's just initial load. Won't effect anything. the client side threw that error before it read from the server side subscription. I just don't have a catch wrapped around it yet. Not a big deal.

Long term, as Jeremy implies, loads of filters and views are expected, everywhere in the system. It's not at the top of the list, but it gets higher and higher all of the time as it impacts a lot of basic usability. The system is heavily designed around filters and views being key components of how it all works, both user accessible and behind the scenes.

For example, we want to easily support use by normal users, individual companies, consultants and MSPs. But we don't want to the system to actually work differently, just look different for different people. For example, individual home users likely don't even want to know that there is ticketing. But an MSP might want is very much in the forefront. It will be a view engine making that all possible.

@danp said in Sodium Ticket Status:

@quixoticjeremy Appears to only occur under some situations. For example --

Select a ticket from the upper list Edit it, change the status to In Progress, and then save the ticket

At this point, you can click the edit icon and the ticket status is correctly maintained as In Progress. However, if you switch tickets and then come back to the current one before clicking edit, then the incorrect ticket status is shown (Open vs In Progress).

I think I see what is going on now, this is actually a symptom of another issue. Might take a tiny bit to fix but this will get resolved shortly.

Tagging @Sodium

Lenovo is nothing but horse droppings, if you know what I mean.

Webroot is going to start making soylent green? That would explain their brand colours.

@scottalanmiller said in Hackers could exploit solar power equipment flaws to cripple green grids:

@travisdh1 said in Hackers could exploit solar power equipment flaws to cripple green grids:

@scottalanmiller said in Hackers could exploit solar power equipment flaws to cripple green grids:

@dashrender said in Hackers could exploit solar power equipment flaws to cripple green grids:

@scottalanmiller said in Hackers could exploit solar power equipment flaws to cripple green grids:

@dashrender said in Hackers could exploit solar power equipment flaws to cripple green grids:

@scottalanmiller said in Hackers could exploit solar power equipment flaws to cripple green grids:

@tim_g said in Hackers could exploit solar power equipment flaws to cripple green grids:

Maybe a white-hat will "hack" in and patch it... why not?

Because... better things to do 🙂 And it still gets you arrested, so not worth the risk.

Yeah - Steve Gibson claimed that he went to the FBI and asked about making a virus that would find Code Red machines and patch them. He was told no, it's illegal.

Just showing why you should not listen to him. He actually asked that? How out of touch is he?

He claims to have friends there - so yes I'm sure he asked someone, did he officially ask? who knows.

Still pretty silly. I have cop friends, I don't ask them if kicking down the neighbour's front door is legal. The issue is not that he has access to the FBI, but that he has to ask the FBI about things so basic. Is this is first day working in IT?

He's NEVER worked in IT. Steve Gibson is the ultimate bench tech type person, very large blinders on very basic things.

Seems like a pretty run of the mill bench tech then. Good ones are still good.

Perhaps the better way to put it is more in-depth than most people take the time to do. Still not someone I'd take any advice IT wise from.

@danp said in Desktop wifi adaptor?:

Thanks for the feedback. Wasn't sure if I would get better results from a PCI card vs USB dongle.

I have used USB dongles in the past with a wide variance of 'luck'... They serve their need, but I have seen data channel performance issues.

@JaredBusch said in Veeam: All instances of the storage metadata are corrupted:

You correctly start the restore process by right clicking on the taskbar icon.

Thanks. I actually found the same thing by running File Level Restore from the Start Menu.

@fuznutz04 said in Digital Ocean adds free monitoring:

Great! Now we know it will be coming soon to all the other providers. That's why competition is great ! 🙂

I'd guess unlikely. Rackspace and Amazon have had this for years and it didn't spread. DO and Linode have load balancers, Vultr has firewall. They do different features and I've not seen too much rush to converge.

@Dashrender said in DNSMessenger malware:

That's all fine and dandy my point was that this hack is currently worthless on its own it requires a previous hack in order to make this one work

The point is not how the infection was started. The point is that the infection itself is completely fileless. Never writing data to the disk.

There are multitudes of ways into a Windows system that an attacker could use to execute the initial code.