@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:

@dashrender said in Whack a mole: Dealing with Spam/Phishing:

@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:

@dashrender said in Whack a mole: Dealing with Spam/Phishing:

@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:

@dashrender said in Whack a mole: Dealing with Spam/Phishing:

@pete-s said in Whack a mole: Dealing with Spam/Phishing:

@gjacobse said in Whack a mole: Dealing with Spam/Phishing:

@pete-s said in Whack a mole: Dealing with Spam/Phishing:

@gjacobse said in Whack a mole: Dealing with Spam/Phishing:

@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:

The problem is the process... why would someone be reporting spam and why is someone blocking it? That doesn't make sense. Get a good spam filter, configure, train people how to delete, done

"But this is the way we (they) have always done it... "

You mean they are "reporting" as in actually reporting it to someone? And not by marking it as spam in the email client?

Yeah, that doesn't make any sense. Far too time consuming.

Outlook Toolbar.. Reporting
d4517c20-ac54-44fd-a195-1b6ef87caf87-image.png

OK, but that just ends up sending an alert email to the designated phishing mail contact, which is IT right?

It would have made more sense if those emails had been forwarded to Trend Micro automatically and their adaptive algorithm would have learned how to detect them.

Right now Trend Micro doesn't have a clue what emails their user are classifying as spam or phishing attempts. Because that happens way after the email has passed through their gateway.

That's interesting.

With Appriver - we forward emails to [email protected] and appriver deals with it. Other than constantly reminding people that's where the report needs to go - I don't really deal with it.

Thought as Scott mentioned - so much spam is a once and done situation - so reporting it is often pointless.

That's not a bad process. But still a bit more than just "mark as spam" which is really simple.

oh, that most definitely is. and it's an option we have in O365.... but we now have two layers of spam filtering - appriver and MS...

So people have to report to O365 AND AppRIver? Do they really catch enough different to justify filtering twice?

no, they don't - and likely they aren't. I've shown nearly no one how to report to MS - so that's the one that's skipped. Everyone has been told about forwarding email to spam@appriver - and yes, it's more work than just right click - mark as spam, but not so much so that people don't do it.

Why report to that one when O365 is the important one and the one that's like 10x more likely to be permanent instead of being clearly in the "should be removed" category? Less work, better results, less long term risk.

Time, the old process is already in place. It's just a matter of informing people at this point - it just hasn't happened yet.

@dashrender said in Recommendation: Non-Profit Site hosting:

Why do you need WordPress?

Do you need that level of functionality?

We're going to be looking at redoing my company's website this year (I think). it's on WP now, but really, it's completely just static pages, there is no need for on the fly changes - unless they wanted to change the whole theme.

It's more of the feature set... being able to use a WYSIWYG editor for events, announcements and such. In some regard- yes WP is over powered, but it also allows for the tie ins like Calendar, Mailing list, and more.

@obsolesce said in Dreaded Windows Recovery:

@gjacobse said in Dreaded Windows Recovery:

Just over a week ago I let my older laptop install updates - and now - the dreaded Windows Recovery screen is all I see.

6cb44c85-48b2-4167-946f-a62a1f991495-image.png

I've backed out Quality and Features with no success. There are no System Restore Points and even trying to Reset all fail.

While I am able to recover my data - before I go and kill it, I wanted to ensure that I hadn't missed anything on trying to recover what I have...

BIOS is up to date, same version as was installed, and no new hardware has been installed.

Is this a lost cause - and best to just duck my head and re-install, or just migrate this poor soul to Ubuntu.

You should also check the health of the drive in the system. For example, if it's a Samsung SSD, run Samsung Magician to verify the drive is still in good health. A drive going bad can corrupt a Windows install and updates or something similar can be disk intensive enough to make it noticeable.

Installing Linux on an otherwise failed or failing drive can be brewing storm. So I'd still check the drive first before doing that.

Good point. I don't recall what brand of drive I have installed. I may hold this drive if I have another that I can use...

@scottalanmiller said in Active Directory Domain name:

@stacksofplates said in Active Directory Domain name:

@dbeato said in Active Directory Domain name:

@scottalanmiller said in Active Directory Domain name:

used that way. No certificate maker should ever have included it (and I've never heard of that as it would always indicate a scam CA as you cannot own that domain by definition).

The Majority if not all did add the .local, .lan and others, unless you think all CA are scams then I wouldn't say they are a scam.

Yeah from a quick search looks like at least GoDaddy and Digicert offered them.

Nov 2015 is when CA/Browser Forum set the standard to not allow internal domains. So looks like most if not all would have supported it before that.

https://cabforum.org/internal-names/

Damn, that's a major security hole! So I could go get a cert issued for a domain someone else used and there had to be zero verification since.... there was nothing to verify!

Yup.

@gjacobse said in Mesh Central: Display Change on remote:

Does MC all for full interaction when making Display Changes? Specifically - When applying settings, can you click the Keep Changes?

It must because I do that all the time.

@gjacobse if you are going to link an image it has to be https, http links are ignored.

@irj said in ADUC Set Password Expiry:

@gjacobse said in ADUC Set Password Expiry:

@irj said in ADUC Set Password Expiry:

You gotta teach good culture

Good Luck

Sometimes people have to be inconvenienced for security

Don't disagree - but can't stop doing business either.

Managing all these exceptions is an operational nightmare that will create a load of technical debt.

No lie - and no argument there. But resetting the expiry date/time doesn't seem all that different than resetting any password. few clicks and poof.

I can understand your point, but some responsibility for security must fall on the user. Management of course has to buy in on this and/or give full control of IT policies to a CISO/IT manager/generalist (depending on size of business).

Again - no disagreement. Barring this - being able to set a date for the password to expire that isn't to far out of policy seems better and more ideal than some of the options.

@gjacobse said in Annoying issue: iOS and chrome:

Today's refresh has me not being signed into the forum. .. (eyeroll)

I suspect there's a link between not closing the tab, and exiting the browser.
Then when loading the browser and the tab, problems.

@gjacobse the article is a little misleading. Linux doesn't provide DNS services. So Linux can't be the issue. Any given Linux distro might have one or more default DNS server options, so Ubuntu or RHEL might have this issue, but Linux itself cannot.

In the article, you have to dig before they mention BIND, a DNS server, as being a problem with this issue. BIND is certainly the de facto standard on Linux and represents a problem for the community and ecosystem, but the article presents it in very much a click bait sort of way.

And then it appears to describe the issue as a protocol issue, not an implementation issue and seems to feel that the issue is just that the protocol used for DNS was insecure.

@scottalanmiller said in New secret-spilling hole in Intel CPUs sends company patching (again):

If you build in a back door, people will use it.

So tired of Intel's messes.

I do the same thing for QuickBooks Database Manager that runs on a domain controller. Intuit made the decision to use ports that overlap the DNS Server ports and cause QBDBMgr to stop running. My powershell script checks the status of the QuickBooks services and if they are stopped restarts DNS Server and the QB services. Ugly but it works.

@gjacobse said in Palo Alto Networks patches critical buffer overflow bug:

Researchers wait 12 months to report vulnerability with 9.8 out of 10 severity rating

Palo Alto Networks patches critical buffer overflow bug in its GlobalProtect VPN.
DAN GOODIN - 11/11/2021, 8:30 AM

About 10,000 enterprise servers running Palo Alto Networks’ GlobalProtect VPN are vulnerable to a just-patched buffer overflow bug with a severity rating of 9.8 out of a possible 10.

Security firm Randori said on Wednesday that it discovered the vulnerability 12 months ago and for most of the time since has been privately using it in its red team products, which help customers test their network defenses against real-world threats. The norm among security professionals is for researchers to privately report high-severity vulnerabilities to vendors as soon as possible rather than hoarding them in secret.

(Click link for remainder of article)

I'm not sure this bolded part can actually be claimed. that's definitely the desired effect, but how can they know that it IS the norm?

@scottalanmiller said in HTML Editing:

@stacksofplates said in HTML Editing:

@jaredbusch said in HTML Editing:

I only use VS Code today.

Even if I was only Windows, I would use VS Code over Notepad++ now.

There is nothing better available since it can be universally installed on Linux, Windows, or macOS.

I've been using a Mix. I use VSCode some days and I use Pycharm/GoLand other days. I like different things about both.

I like PyCharm and its related tools a lot. I just don't use them enough (or like them enough) to justify the extra price.

Pycharm is free. I did pay for Goland because the debugging and some extra features are worth it. I don't need to use pycharm because you can use the Python plugin in Goland but I had a couple issues one time and just decided to use pycharm separately.

Updated Script - Which does work.

@Echo Off Echo. Echo. POWERSHELL Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -force Echo Setting ExecutionPolicy timeout 2 >nul POWERSHELL Install-Script -Name Get-WindowsAutoPilotInfo -force Echo Getting AutoPilotInfo timeout 20 >nul POWERSHELL New-Item -Type Directory -Path "C:\HWID" POWERSHELL Set-Location -Path "C:\HWID" POWERSHELL Get-WindowsAutoPilotInfo -OutputFile "C:\HWID\AutoPilot_HWID-%computername%.csv" Echo Saving AutoPilot Info timeout 5 >nul Echo Copy to NAS xcopy "C:\HWID\AutoPilot_HWID-%computername%.csv" "\\10.7.20.27\IT Resources\!!!_HWID_!!!" rmdir /Q /S "C:\HWID" pause

Added rmdir for clean up.

@gjacobse said in Windows Terminal: Runas:

@Obsolesce
That didn't help either....
465abf1b-b0c7-4e97-8d88-29df801bb63e-image.png

Are you sure there isn't a policy from something blocking the execution of it?

@gjacobse said in SAS 10k 600GB Drive RAID Adapter:

I haven't done any research as of yet, but a friend has more than 30 SAS 10k 600GB drives that he'd like to see about testing for use. Only thing is that he's having some trouble finding an appropriate controller.

Hitachi and HGST are the main ones, with some Seagates in the mix.

Is there a suggested card that would drive, that doesn't require server class hardware?

Cards rarely, if ever, have hardware requirements. But also, a card doesn't likely make any sense for this use case. Plus the key factors in the use case, like cache and RAID level, are not mentioned.

But 99% chance, software RAID is appropriate here.

@dafyre said in AD/AAD and VPN integration:

I can't quote much on the VPN side of things, but we use MFA here for nearly everything now.

Duo Security (duo.com) is great. You can use hardware keys or the app on your phone, and it's quick and easy enough to manage.

Edit: Even our VPN now requires MFA, lol.

Not everything supports Duo, though, such as WHfB unless you go through another IDP that does support it.