@gjacobse said in The Verge briefly censored YouTubers who mocked its bad PC building advice:

Just goes to show, that while there is good information on the internet, YouTube and other outlets, you must realize that some or most is done with some creative license.

YouTube videos can be used as a ‘guide’ and should not be (always) used as the rule.

But hell, if you use that video as a "guide", you'll be ruining your components quickly.

Another day, another security breach/problem.
Note to myself: Am I getting used to that?

@scottalanmiller said in Ajit Pai orders phone companies to adopt new anti-robocall tech in 2019:

Pai threatens "regulatory" action if carriers don't use Caller ID authentication.

The Federal Communications Commission will consider "regulatory intervention" if major phone companies fail to adopt a new anti-robocall technology this year.

FCC Chairman Ajit Pai has been pressuring phone companies to implement the "SHAKEN" and "STIR" robocall-blocking protocols, which perform Caller ID authentication. Most major providers have committed to doing so, but Pai issued a warning to laggards yesterday.

"I applaud those companies that have committed to deploy the SHAKEN/STIR framework in 2019," Pai said in his statement yesterday. "This goal should be achievable for every major wireless provider, interconnected VoIP operator, and telephone company—and I expect those lagging behind to make every effort to catch up. If it appears major carriers won't meet the deadline to get this done this year, the FCC will have to consider regulatory intervention."

I’ll need to reread the standard for this. I vaguely recall something in that not being all that helpful.

@scottalanmiller Try with another separator instead of dash, just to make check if it's the dash or something else. Maybe just remove it altogether.

@pmoncho said in Kerio Connect "license error: license exhausted, cannot allow another host":

Based on the couple posts I have seen, each registered user can have five devices. So, if they have 30 devices, they need 6 user licenses. Did they add any extra devices lately?

Easily, but more likely they just let their license expire.

I just had discovered on a recent audit a Barracuda Backup device, but I was able to get the account login for the cloud and local account. I used the email of the previous IT person and the administrator password.

If you don't know the account or password at this point is better to reset and start over or contact Barracuda Technical Support...

@CCWTech said in Restoring Google Drive Folders Instead of Individual Files:

Unfortunately what they did ended up orphaning the files.

https://support.google.com/a/answer/6008339?hl=en

Ouch

@stacksofplates said in Researchers use Intel SGX to put malware beyond the reach of antivirus software:

Did you see what Intel said regarding this:

Intel is aware of this research which is based upon assumptions that are outside the threat model for Intel SGX. The value of Intel SGX is to execute code in a protected enclave; however, Intel SGX does not guarantee that the code executed in the enclave is from a trusted source. In all cases, we recommend utilizing programs, files, apps, and plugins from trusted sources. Protecting customers continues to be a critical priority for us and we would like to thank Michael Schwarz, Samuel Weiser, and Daniel Grus for their ongoing research and for working with Intel on coordinated vulnerability disclosure.

Outside of the threat model?.........

Haha, whatever that means.

@Pete-S said in “Catastrophic” hack on email provider destroys almost two decades of data:

So if you make a backup to something like Backblaze. Would that be considered an offline backup?

Depends how it is done. It's online, not offline. But it can be airgapped.

Exciting stuff.

@Dashrender said in Amazon acquires Eero, maker of mesh Wi-Fi routers:

@coliver said in Amazon acquires Eero, maker of mesh Wi-Fi routers:

https://eero.com/shop/home-wifi-system

And it's not as cheap as the competitors.

It's hella expensive - just like the google mesh stuff.

Yeah, makes no sense.

@PhlipElder said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

@Pete-S said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

@PhlipElder said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

@Dashrender said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

@dafyre said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

@PhlipElder said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

All it takes is one absentminded click or drive-by that's completely shielded from us as we go about the day to day stuff and it's done. Game over. Say, "Bubbye".

There's always going to be that risk or one absentminded click.

Granted an Air-gapped PWA is a good way to handle it.... but so is not saving passwords in RDP files (I don't do this), and if you use an app like MobaXterm that can encrypt the files for you, use a good pass phrase.

However if your admin machine is owned, you have bigger issues to start with.

Well, the idea is that the air-gapped machine won't ever be in a situation to become compromised, is my guess. I haven't had a chance to look at the MS link Philip sent earlier.

There are several ways to implement with the simplest being the main machine having two VMs installed on it. One for day-to-day and one for client/systems management. Nothing is done on the machine itself with all designated tasks being done in their respective VM.

We have a number of laptops that came back from client refreshes. So, we're using them as our dedicated management machines. Asus makes a great external USB3 DisplayLink and DisplayPort external monitor that allows for two screens. That makes the work easier.

There is security leakage between VMs on a client machine for instance over clipboard.

Have a look at Qubes. https://www.qubes-os.org/

It's probably the best implementation of security separation to date.

Using the Hyper-V VM Console without RDS pass-through eliminates any access to the VM beyond console.

Same with KVM or whatever.

@Dashrender said in What SQRL Apps Are You Using:

@scottalanmiller said in What SQRL Apps Are You Using:

@Dashrender said in What SQRL Apps Are You Using:

@scottalanmiller said in What SQRL Apps Are You Using:

@Dashrender said in What SQRL Apps Are You Using:

@coliver said in What SQRL Apps Are You Using:

What's seems odd to me (even though it probably isn't) is that there are no major players also working on this in tandem. If this is supposed to be the next iteration of anonymous login there are a ton of security adjacent vendors that would love this.

No, they wouldn't because they can't make money off of it.

Actually they could, if it had any value. They could make a lot off of it. It's because it doesn't do anything useful that it has no value. OAuth already does all the good parts of SQRL and fixes the "not easy" problems.

No it doesn’t because oauth gives the control to that third party, it’s not trust no one.

SQRL does that too.

What no it doesn’t. You are the only one with your private key and everything is done on the fly based on that. No third party is ever involved.

That's the impression that they like to give, but it doesn't work that way. To share identities or have any "easy" between sites, it is still sharing just like OAuth (Actually, they state that they are just extending OAuth.)

So with SQRL you always have to trust at least one source, and if you want the features that most people want, then you have to trust a third party as well. The SQRL key carries no info, so is nothing more than a cookie, so requires the same third party sharing that we have now,. It's just a cookie that doesn't automatically get conveyed between unrelated sites.

It's not checked. However, some properties within are. But not all of it. It's telling you it's conditional. Still pointless though IMO.

@IRJ said in NTG Seeking IT Interns:

How many hours a week is recommended? I know someone who may be interested.

No official number set yet. Probably like ten, but flexible hours, so like weekends are fine.