@thanksajdotcom said in What Are You Doing Right Now:

@EddieJennings said in What Are You Doing Right Now:

User: We need to find a file about [possible subject] created in 2015. We don't know any part of a file name nor where the file could be located.

Me: . . . .
[45 minutes later]

Me: Here's what I found.

User: This looks like what I need. Thank you!

Me (internally): So I've just set a precedence that I can find anything using absolute minimal amount of information. /sigh

I feel you there...

My favorite was my first real IT job. We were upgrading machines from XP to 7 (this was in 2012) and it was a bond-trading desk. They used Act! 2000 and it wasn't a licensed product but we didn't have the installer. I managed to use Google and some regex to find the installer buried on some FTP server online and it worked! A month later, I was able to, barely, replicate finding it, and now have no idea how I found it in the first place besides persistence and luck. Lol

@EddieJennings said in What Are You Doing Right Now:

User: We need to find a file about [possible subject] created in 2015. We don't know any part of a file name nor where the file could be located.

Me: . . . .
[45 minutes later]

Me: Here's what I found.

User: This looks like what I need. Thank you!

Me (internally): So I've just set a precedence that I can find anything using absolute minimal amount of information. /sigh

I feel you there...

@Dashrender said in Dual-WAN Router Recommendations:

@scottalanmiller said in Dual-WAN Router Recommendations:

@thanksajdotcom said in Dual-WAN Router Recommendations:

@Dashrender said in Dual-WAN Router Recommendations:

@thanksajdotcom said in Dual-WAN Router Recommendations:

@scottalanmiller said in Dual-WAN Router Recommendations:

The point was, misusing revert is wrong, using the needful is just regional. Unrelated items. And I've found the UK to use revert and defend it more than any other region.

Yeah but the Brits are weird. Lol

I know - they like to get pissed and suck on fags...

Accurate lol
Trying to quit my habit of taking drags on fags. Hard habit to break...

TMI

No shit right ?!

I'm talking about smoking...perverts

@Dashrender said in Dual-WAN Router Recommendations:

@thanksajdotcom said in Dual-WAN Router Recommendations:

@scottalanmiller said in Dual-WAN Router Recommendations:

The point was, misusing revert is wrong, using the needful is just regional. Unrelated items. And I've found the UK to use revert and defend it more than any other region.

Yeah but the Brits are weird. Lol

I know - they like to get pissed and suck on fags...

Accurate lol
Trying to quit my habit of taking drags on fags. Hard habit to break...

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@JaredBusch said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

What it boils down to is Knowbe4.com is a known security source, and ML is not a well known source. I enjoy ML and learn more about security from ML than any single blog, but in the instance of sharing information with higher up managers it is much easier to have easily verifiable source.

And a thread that does not get overrun by @scottalanmiller's ego.

Just pointing out the logic that both are blogs/communities. Feeling that blog is good and community is bad is not a good security practice since it is purely an impression alone that separates the two.

And we've established that in this case, sending a KB4 link would be best practice. If citing ML as the source or at least as the place it was discovered helps drive traffic to ML, great! But get the boss the info direct from an, assumedly, pre-validated source so that it can be addressed, and then go back and worry about ML had it first, the info was found there, etc etc.

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

What it boils down to is Knowbe4.com is a known security source, and ML is not a well known source. I enjoy ML and learn more about security from ML than any single blog, but in the instance of sharing information with higher up managers it is much easier to have easily verifiable source.

I get that, but feel it only counts if the site was pre-validated. If it was not, then both are equally easy to validate as the thing that provides them credibility (the identity of the author) is the same.

But you're assuming that KnowBe4 was not pre-validated, and I'm telling you that given the nature of the work, it almost certainly was, and so therefore a link to KB4 direct makes more sense. Letting the boss know it was posted here first is a great after-thought, but not more important.

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

Still, it can create a negative association.

This just doesn't make any sense. What if it was published here first? You are making weird assumptions and things that aren't what we are discussion. Your points are not disputing what I was saying they are just off on a tangent.

I get that the person in question might already know one blog and not another. My point was that if they did, they likely didn't need a link and if they didn't, the security perception is a risk because it's not a good one.

Except you're not accounting for someone who is aware of the site (KB4) but wasn't aware of the article about the threat. That's the flaw in your logic. Doesn't matter if it was published here first. That is secondary at the time the boss would be seeing it.

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

2. Anybody can log into a forum and make an account.

But not as a certified vendor, which we've established was the point. KnowBe4's site could easily be copied, completely, and set up at a different domain with alternative content here and there. The "look and feel" of a site is not a good security protocol to use. If you know a site / forum and frequent it that is one thing. But if you need someone to bring you information about something, that's not a reliable way to tell. If the fear is that the blog has misleading information meant to mislead you, then taking the small time to copy a site from somewhere else is no big deal.

Yes, but you're assuming management will not just assume it's BS, and management is often stupid and goes against its own interests. I get what @IRJ is saying.

Also, they are a certified vendor. But that's assuming management will:

1. Check
2. Has at least some information and context as to how the site works, is laid out, etc
3. Trusts the judgment of ML to "certify" a vendor

No, my point was that the same verification would be needed in both cases. So if the same diligence isn't done in both cases, then my point about security should be correct.

And that's true, the same verification would be needed. But one is already established in the field as such, whereas following a process that was probably already done at a previous time for this site would be extraneous work for a manager just to drive clicks. In this case, it makes more sense, from a business standpoint, to just use the original blog post link.

You missed my point. What makes it easier?

Because I'd be willing to bet Joel's boss already knows about KnowBe4.com and has used it as a resource before. So having him take an extra step to verify ML to just get a link to KnowBe4 makes more work for him. And people who send links so you can go to some page to get to the actual link are annoying. And with security threats, speed is imperative, which means it's faster to just send the original link, and they can verify ML at another time.

That's a valid point, but if they know KnowBe4 already, they'd likely already know it

Maybe, or maybe they hadn't seen it yet. But using an established source to save time during what is already regarded as a very serious, and successful, phishing attack, is a much more pragmatic decision than expecting the boss the find the link in the comments or certify ML as a source.

Not ML as a source, the CEO of KnowBe4 as a source. ML is just a forum. Just like any blog, you need to verify the authors.

Yeah but let's not make him dig and then have resentful feelings towards ML. Better to show times it solved problems, not just was a news repository. Has the appearance of more tangible benefits.

That won't apply in this instance. Why would the CEO or other non-security manager care about the technical merits of non-verified community discussion? We are talking about a specific security related verification of an author. You are getting distracted by ancillary issues.

It's psychology and having a negative association of being sent a link about a security threat that then he/she has to go through the forum to find the link.

That's why you send the link to the article, which was published here. You are not making any sense. That doesn't apply to the discussion at hand.

It's about perception. At first glance, someone new to the site has no way of knowing that the user who posted that is the CEO of KnowBe4 or any of the other context you are saying as if it's somehow common knowledge. Perfect example, until you said so, I was not aware the OP was the CEO, and I'm a regular user on the site. How would someone who would probably be a first-time visitor have that context?

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

2. Anybody can log into a forum and make an account.

But not as a certified vendor, which we've established was the point. KnowBe4's site could easily be copied, completely, and set up at a different domain with alternative content here and there. The "look and feel" of a site is not a good security protocol to use. If you know a site / forum and frequent it that is one thing. But if you need someone to bring you information about something, that's not a reliable way to tell. If the fear is that the blog has misleading information meant to mislead you, then taking the small time to copy a site from somewhere else is no big deal.

Yes, but you're assuming management will not just assume it's BS, and management is often stupid and goes against its own interests. I get what @IRJ is saying.

Also, they are a certified vendor. But that's assuming management will:

1. Check
2. Has at least some information and context as to how the site works, is laid out, etc
3. Trusts the judgment of ML to "certify" a vendor

No, my point was that the same verification would be needed in both cases. So if the same diligence isn't done in both cases, then my point about security should be correct.

And that's true, the same verification would be needed. But one is already established in the field as such, whereas following a process that was probably already done at a previous time for this site would be extraneous work for a manager just to drive clicks. In this case, it makes more sense, from a business standpoint, to just use the original blog post link.

You missed my point. What makes it easier?

Because I'd be willing to bet Joel's boss already knows about KnowBe4.com and has used it as a resource before. So having him take an extra step to verify ML to just get a link to KnowBe4 makes more work for him. And people who send links so you can go to some page to get to the actual link are annoying. And with security threats, speed is imperative, which means it's faster to just send the original link, and they can verify ML at another time.

That's a valid point, but if they know KnowBe4 already, they'd likely already know it

Maybe, or maybe they hadn't seen it yet. But using an established source to save time during what is already regarded as a very serious, and successful, phishing attack, is a much more pragmatic decision than expecting the boss the find the link in the comments or certify ML as a source.

Not ML as a source, the CEO of KnowBe4 as a source. ML is just a forum. Just like any blog, you need to verify the authors.

Yeah but let's not make him dig and then have resentful feelings towards ML. Better to show times it solved problems, not just was a news repository. Has the appearance of more tangible benefits.

That won't apply in this instance. Why would the CEO or other non-security manager care about the technical merits of non-verified community discussion? We are talking about a specific security related verification of an author. You are getting distracted by ancillary issues.

It's psychology and having a negative association of being sent a link about a security threat that then he/she has to go through the forum to find the link. It's not really the fault of the forum but just impatience by the user. Still, it can create a negative association. It'd be better to send the link direct and maybe send the link to ML as a side note of "btw, I saw it here first". The original link to KnowBe4 is going to be already respected and the site gets seen as providing accurate, up-to-date information. Win win.

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

2. Anybody can log into a forum and make an account.

But not as a certified vendor, which we've established was the point. KnowBe4's site could easily be copied, completely, and set up at a different domain with alternative content here and there. The "look and feel" of a site is not a good security protocol to use. If you know a site / forum and frequent it that is one thing. But if you need someone to bring you information about something, that's not a reliable way to tell. If the fear is that the blog has misleading information meant to mislead you, then taking the small time to copy a site from somewhere else is no big deal.

Yes, but you're assuming management will not just assume it's BS, and management is often stupid and goes against its own interests. I get what @IRJ is saying.

Also, they are a certified vendor. But that's assuming management will:

1. Check
2. Has at least some information and context as to how the site works, is laid out, etc
3. Trusts the judgment of ML to "certify" a vendor

No, my point was that the same verification would be needed in both cases. So if the same diligence isn't done in both cases, then my point about security should be correct.

And that's true, the same verification would be needed. But one is already established in the field as such, whereas following a process that was probably already done at a previous time for this site would be extraneous work for a manager just to drive clicks. In this case, it makes more sense, from a business standpoint, to just use the original blog post link.

You missed my point. What makes it easier?

Because I'd be willing to bet Joel's boss already knows about KnowBe4.com and has used it as a resource before. So having him take an extra step to verify ML to just get a link to KnowBe4 makes more work for him. And people who send links so you can go to some page to get to the actual link are annoying. And with security threats, speed is imperative, which means it's faster to just send the original link, and they can verify ML at another time.

That's a valid point, but if they know KnowBe4 already, they'd likely already know it

Maybe, or maybe they hadn't seen it yet. But using an established source to save time during what is already regarded as a very serious, and successful, phishing attack, is a much more pragmatic decision than expecting the boss the find the link in the comments or certify ML as a source.

Not ML as a source, the CEO of KnowBe4 as a source. ML is just a forum. Just like any blog, you need to verify the authors.

Yeah but let's not make him dig and then have resentful feelings towards ML. Better to show times it solved problems, not just was a news repository. Has the appearance of more tangible benefits.

@scottalanmiller said in Dual-WAN Router Recommendations:

The point was, misusing revert is wrong, using the needful is just regional. Unrelated items. And I've found the UK to use revert and defend it more than any other region.

Yeah but the Brits are weird. Lol

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

2. Anybody can log into a forum and make an account.

But not as a certified vendor, which we've established was the point. KnowBe4's site could easily be copied, completely, and set up at a different domain with alternative content here and there. The "look and feel" of a site is not a good security protocol to use. If you know a site / forum and frequent it that is one thing. But if you need someone to bring you information about something, that's not a reliable way to tell. If the fear is that the blog has misleading information meant to mislead you, then taking the small time to copy a site from somewhere else is no big deal.

Yes, but you're assuming management will not just assume it's BS, and management is often stupid and goes against its own interests. I get what @IRJ is saying.

Also, they are a certified vendor. But that's assuming management will:

1. Check
2. Has at least some information and context as to how the site works, is laid out, etc
3. Trusts the judgment of ML to "certify" a vendor

No, my point was that the same verification would be needed in both cases. So if the same diligence isn't done in both cases, then my point about security should be correct.

And that's true, the same verification would be needed. But one is already established in the field as such, whereas following a process that was probably already done at a previous time for this site would be extraneous work for a manager just to drive clicks. In this case, it makes more sense, from a business standpoint, to just use the original blog post link.

You missed my point. What makes it easier?

Because I'd be willing to bet Joel's boss already knows about KnowBe4.com and has used it as a resource before. So having him take an extra step to verify ML to just get a link to KnowBe4 makes more work for him. And people who send links so you can go to some page to get to the actual link are annoying. And with security threats, speed is imperative, which means it's faster to just send the original link, and they can verify ML at another time.

That's a valid point, but if they know KnowBe4 already, they'd likely already know it

Maybe, or maybe they hadn't seen it yet. But using an established source to save time during what is already regarded as a very serious, and successful, phishing attack, is a much more pragmatic decision than expecting the boss the find the link in the comments or certify ML as a source.

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

2. Anybody can log into a forum and make an account.

But not as a certified vendor, which we've established was the point. KnowBe4's site could easily be copied, completely, and set up at a different domain with alternative content here and there. The "look and feel" of a site is not a good security protocol to use. If you know a site / forum and frequent it that is one thing. But if you need someone to bring you information about something, that's not a reliable way to tell. If the fear is that the blog has misleading information meant to mislead you, then taking the small time to copy a site from somewhere else is no big deal.

Yes, but you're assuming management will not just assume it's BS, and management is often stupid and goes against its own interests. I get what @IRJ is saying.

Also, they are a certified vendor. But that's assuming management will:

1. Check
2. Has at least some information and context as to how the site works, is laid out, etc
3. Trusts the judgment of ML to "certify" a vendor

No, my point was that the same verification would be needed in both cases. So if the same diligence isn't done in both cases, then my point about security should be correct.

And that's true, the same verification would be needed. But one is already established in the field as such, whereas following a process that was probably already done at a previous time for this site would be extraneous work for a manager just to drive clicks. In this case, it makes more sense, from a business standpoint, to just use the original blog post link.

You missed my point. What makes it easier?

Because I'd be willing to bet Joel's boss already knows about KnowBe4.com and has used it as a resource before. So having him take an extra step to verify ML to just get a link to KnowBe4 makes more work for him. And people who send links so you can go to some page to get to the actual link are annoying. And with security threats, speed is imperative, which means it's faster to just send the original link, and they can verify ML at another time.

Granted, that's an assumption on my part, but I'd be willing to bet it's a safe one.

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

2. Anybody can log into a forum and make an account.

But not as a certified vendor, which we've established was the point. KnowBe4's site could easily be copied, completely, and set up at a different domain with alternative content here and there. The "look and feel" of a site is not a good security protocol to use. If you know a site / forum and frequent it that is one thing. But if you need someone to bring you information about something, that's not a reliable way to tell. If the fear is that the blog has misleading information meant to mislead you, then taking the small time to copy a site from somewhere else is no big deal.

Yes, but you're assuming management will not just assume it's BS, and management is often stupid and goes against its own interests. I get what @IRJ is saying.

Also, they are a certified vendor. But that's assuming management will:

1. Check
2. Has at least some information and context as to how the site works, is laid out, etc
3. Trusts the judgment of ML to "certify" a vendor

No, my point was that the same verification would be needed in both cases. So if the same diligence isn't done in both cases, then my point about security should be correct.

And that's true, the same verification would be needed. But one is already established in the field as such, whereas following a process that was probably already done at a previous time for this site would be extraneous work for a manager just to drive clicks. In this case, it makes more sense, from a business standpoint, to just use the original blog post link.

You missed my point. What makes it easier?

Because I'd be willing to bet Joel's boss already knows about KnowBe4.com and has used it as a resource before. So having him take an extra step to verify ML to just get a link to KnowBe4 makes more work for him. And people who send links so you can go to some page to get to the actual link are annoying. And with security threats, speed is imperative, which means it's faster to just send the original link, and they can verify ML at another time.

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

2. Anybody can log into a forum and make an account.

But not as a certified vendor, which we've established was the point. KnowBe4's site could easily be copied, completely, and set up at a different domain with alternative content here and there. The "look and feel" of a site is not a good security protocol to use. If you know a site / forum and frequent it that is one thing. But if you need someone to bring you information about something, that's not a reliable way to tell. If the fear is that the blog has misleading information meant to mislead you, then taking the small time to copy a site from somewhere else is no big deal.

Yes, but you're assuming management will not just assume it's BS, and management is often stupid and goes against its own interests. I get what @IRJ is saying.

Also, they are a certified vendor. But that's assuming management will:

1. Check
2. Has at least some information and context as to how the site works, is laid out, etc
3. Trusts the judgment of ML to "certify" a vendor

No, my point was that the same verification would be needed in both cases. So if the same diligence isn't done in both cases, then my point about security should be correct.

And that's true, the same verification would be needed. But one is already established in the field as such, whereas following a process that was probably already done at a previous time for this site would be extraneous work for a manager just to drive clicks. In this case, it makes more sense, from a business standpoint, to just use the original blog post link.

And we don't want to cause issues for our loyal people, like @IRJ

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

2. Anybody can log into a forum and make an account.

But not as a certified vendor, which we've established was the point. KnowBe4's site could easily be copied, completely, and set up at a different domain with alternative content here and there. The "look and feel" of a site is not a good security protocol to use. If you know a site / forum and frequent it that is one thing. But if you need someone to bring you information about something, that's not a reliable way to tell. If the fear is that the blog has misleading information meant to mislead you, then taking the small time to copy a site from somewhere else is no big deal.

Yes, but you're assuming management will not just assume it's BS, and management is often stupid and goes against its own interests. I get what @IRJ is saying.

Also, they are a certified vendor. But that's assuming management will:

1. Check
2. Has at least some information and context as to how the site works, is laid out, etc
3. Trusts the judgment of ML to "certify" a vendor

No, my point was that the same verification would be needed in both cases. So if the same diligence isn't done in both cases, then my point about security should be correct.

And that's true, the same verification would be needed. But one is already established in the field as such, whereas following a process that was probably already done at a previous time for this site would be extraneous work for a manager just to drive clicks. In this case, it makes more sense, from a business standpoint, to just use the original blog post link.

@scottalanmiller said in Dual-WAN Router Recommendations:

Doing the needful is an uncommon turn of phrase, but totally appropriate.

It's not commonly spoken anywhere outside of India that I've ever heard. At a former job, they gave all the customer-facing reps "American" names to use, and when I'd see: "Mrs. Jones, we've resolved this on our end. Please do the needful. -Mike" I would just facepalm, because, no. It was a dead giveaway but even after telling the staff that, it was not changed. Oh well, the company was dishonest anyways.

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

2. Anybody can log into a forum and make an account.

But not as a certified vendor, which we've established was the point. KnowBe4's site could easily be copied, completely, and set up at a different domain with alternative content here and there. The "look and feel" of a site is not a good security protocol to use. If you know a site / forum and frequent it that is one thing. But if you need someone to bring you information about something, that's not a reliable way to tell. If the fear is that the blog has misleading information meant to mislead you, then taking the small time to copy a site from somewhere else is no big deal.

Yes, but you're assuming management will not just assume it's BS, and management is often stupid and goes against its own interests. I get what @IRJ is saying.

Also, they are a certified vendor. But that's assuming management will:

1. Check
2. Has at least some information and context as to how the site works, is laid out, etc
3. Trusts the judgment of ML to "certify" a vendor

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

2. Anybody can log into a forum and make an account.

But not as a certified vendor, which we've established was the point. KnowBe4's site could easily be copied, completely, and set up at a different domain with alternative content here and there. The "look and feel" of a site is not a good security protocol to use. If you know a site / forum and frequent it that is one thing. But if you need someone to bring you information about something, that's not a reliable way to tell. If the fear is that the blog has misleading information meant to mislead you, then taking the small time to copy a site from somewhere else is no big deal.

Yes, but you're assuming management will not just assume it's BS, and management is often stupid and goes against its own interests. I get what @IRJ is saying.

@scottalanmiller said in Dual-WAN Router Recommendations:

@thanksajdotcom said in Dual-WAN Router Recommendations:

@scottalanmiller said in Dual-WAN Router Recommendations:

I've only noticed in the last few months a sudden shift in using it correctly to people thinking that random other letters could be used to mean bits or bytes. People not knowing how to use it at all I've always seen. But the K/k or M/m thing I've only noticed recently. Some new trendy misinformation I can only imagine. Like people trying to sound cool using "revert" to mean "reply".

I've seen it longer than that but never consistently. It seems to fade in and out of popularity, especially when it comes to commercials for ISPs. And I hear revert instead of reply all the time, but that's because my support team is in India.

YOu mean they try some fake English then.... revert to the real meaning again?

They are just doing the needful at least when they actually do something and not just ignore all our emails