@scottalanmiller said in AMD chip flaw:

@zachary715 said in AMD chip flaw:

@scottalanmiller said in AMD chip flaw:

Very glad to see CTS not going by the 90 day "cover up" window so many so-called research firms do. That part is good, for sure.

Not sure why you see it this way.

Because I believe that security information should never, ever be kept from the people who are vulnerable. The vendor should not get "special secret information" that their customers are insecure. Sharing that information with anyone that isn't the customers should be illegal.

Imagine if your house's locks and security system were discovered by researchers to have vulnerabilities that with a special knock would let anyone just waltz into your house undetected, anytime that they wanted to.

Now imagine that instead of telling you, the home owner, that this was true, they secretly told it to third parties that you may or may not trust, and may or may not know, instead of you? Now someone, who isn't you, and isn't the researcher has been brought in on something that can be used illegally, but secretly, against you.

Would you be happy to find out that third parties are conspiring about YOUR security?

In this scenario, I wouldn't want them sharing this info with just anyone or third parties, but I wouldn't have a problem with them disclosing it to the manufacturer or those necessary to resolve the issue with time to fix before the public is notified. What good would notifying me do if I'm not equipped to fix it? All this does is make me stress while the "bad guys" learn how to easily bypass this mechanism. What few, maybe no bad guys were aware of beforehand is now made fully aware and can be used against me until fixed.

@scottalanmiller said in AMD chip flaw:

Very glad to see CTS not going by the 90 day "cover up" window so many so-called research firms do. That part is good, for sure.

Not sure why you see it this way. If an exploit or vulnerability is discovered, yet is probably getting little to zero traffic at the time, why disclose it publicly immediately before allowing the vendor/manufacturer to research the issue and patch. Otherwise, you run the risk of a lot more people trying to exploit this in the meantime. And I'm not specifically referring to this issue because I don't know much about the risks involved, I'm just speaking generally here.

But yes this does all look suspicious. Some short-selling firms involved trying to make a buck it looks like. Paid for by Intel??

My baby girl just turned 18 months. It indeed goes by quickly. You lose a lot of personal time, but they're worth it. Just gotta get creative with your time.

Freakonomics
Family of Motley Fool Podcasts

@dbeato First I've heard of this service (speaking of Second Chance, not KnowBe4). Definitely going to check it out.

@dustinb3403 said in I can't even:

What is a hazmat phone and why are they more expensive. . . do they come with the Black Plague preinstalled?

These are "Explosion Proof" phones rated for use in our chemical plant. The funny thing about that is they wouldn't even be supplying new phones for this, they would just supply the converters to go from SIP to analog, yet still want $10/mo for it. Oh, and a 5yr contract. :exploding_head:

Trying to find a good place to put this, I felt as though "I can't even" seemed appropriate.

Salesman wants to talk VOIP so I entertained him. Local company, nice guy, I'll hear you out. Just brought by this proposal with a straight look on his face.

For context, we currently only use about 2500 minutes per month. Who actually buys this stuff?!

@dbeato said in I can't even:

Why would someone have a pastebin like this?
https://pastebin.com/DNpQydtH

LOL this is great... (After I quickly searched to ensure my IP wasn't on the list)

I may have to check this out. Trying to use Google Voice currently for rental property management and it just doesn't seem to be cutting it. Most of our calls would be inbound and the extra features like virtual receptionist would be nice.

@jaredbusch said in Least Privilege Accounts Setup:

@jaredbusch said in Least Privilege Accounts Setup:

@zachary715 said in Least Privilege Accounts Setup:

@jaredbusch said in Least Privilege Accounts Setup:

I create an AD account specifically for local admin rights.

This account information is ususally given to department managers.
So if software or something needs installed, and they choose not to contact me, they can.

They are also warned that fixing something will be billed...

So you have one AD account setup that multiple department managers use when they need something that requires admin privileges? And then what you give that account local admin rights on each machine, or give it some sort of admin authority within the domain itself?

That account gets local admin rights only. No other access.

If I was an on site IT department, I woudl probably do it a bit different. I would have time to experiment and setup better methods.

Yeah this is what I'm going through now and why I'm coming to the community to get input. Trying to think through this carefully and make sure I do it right and the way I want it done the first time.

@jaredbusch said in Least Privilege Accounts Setup:

I create an AD account specifically for local admin rights.

This account information is ususally given to department managers.
So if software or something needs installed, and they choose not to contact me, they can.

They are also warned that fixing something will be billed...

So you have one AD account setup that multiple department managers use when they need something that requires admin privileges? And then what you give that account local admin rights on each machine, or give it some sort of admin authority within the domain itself?

@black3dynamite said in Least Privilege Accounts Setup:

Its easier to manage access to file shares using a role-based access control.

Try to avoid adding the user directly on the shares permissions or NTFS permissions. Use groups for that.

Yes I do this as much as possible already.

@dafyre said in Least Privilege Accounts Setup:

@zachary715 said in Least Privilege Accounts Setup:

One example: I'm currently working on a "remote" user in AD for when our plant manager and VP want to login remotely for various purposes such as accessing intranet, accessing file shares, or viewing some console stations.

When accessing something like file shares, do you just give that "remote" user the minimal access for all the things they need to see while logging in remotely, or is there some way to have a mapped drive or network share shortcut prompt for credentials every time you want to access the share?

If they are working remotely, why not just have them sign in as themselves? Seems like having a "remote" user is over kill.

We've had this setup just for simplicity, but I see what you're saying. Even if I had them sign in individually though, how would you go about their access privileges? Create a local admin account on the machine that they can use for escalation when necessary? What sort of risks am I running into there?

One example: I'm currently working on a "remote" user in AD for when our plant manager and VP want to login remotely for various purposes such as accessing intranet, accessing file shares, or viewing some console stations.

When accessing something like file shares, do you just give that "remote" user the minimal access for all the things they need to see while logging in remotely, or is there some way to have a mapped drive or network share shortcut prompt for credentials every time you want to access the share?

What I have setup is the Windows login user is "remote" with standard access privileges. I have then gone into computer management and added these two managers' AD accounts to the local Admins group so that if they need to escalate for whatever reason, they can enter their credentials and do so.

How would you do this differently?

I came into my current role a few years back after being under a supervisor who did things... less than best practice. I fixed a lot of the things I knew he had done wrong and have tried to go beyond that, but one thing I can't get my head around is using Least Privilege accounts and Service Accounts effectively.

So out of about 45 users I oversee, probably 10-15 are local admins on their machines. I've slowly been dwindling this down, but I do still have issues with higher-ups who may need some admin access for software or otherwise from time to time where I'm not always available to provide a password.

Question: How do YOU go about implementing Least Privilege accounts with Windows AD environment? Especially for a user who may need admin access from time to time therefore you want them to have it for when they need it.

On I believe a similar note, when we install server software and it asks for service credentials, I've always used administrator in the past out of ignorance. I understand now that this is inaccurate, but how should I resolve this? For example, our backup software software runs as admin. Do I create a new "backupuser" with a strong password and change all the services to point to it? What permissions within AD do I then give it to have the necessary access rights?

Hopefully I'm being clear here and some of you can enlighten me.

If you could bring your host count down to 3, you MIGHT be able to pull this off without additional licensing. I don't know that for a fact but something you may want to look into.

Otherwise, you're looking at a minimum of vCenter Standard ($7,500 including support) plus either vSphere Standard licenses (~$1500 per socket) or ROBO licensing. You're probably looking at a cool $10-15k if option 1 isn't available.

@dbeato From their forums, it looks like 5.6.30 may not have been all that stable after all. Could be why they haven't pushed it to the repo yet is they don't find it stable enough after initial release. They've already got a Stable Candidate for 5.6.31 which seems to address some issues (I'm not signed up for beta so I can't see them myself). May be best just to not worry about this one and wait for the next stable.

@danp said in Botnet Security Alert on Sonicwall:

Did you notify your bank?

Yes I did. It was forwarded to the mortgage department. Who knows what they'll do with it.

@dashrender said in Botnet Security Alert on Sonicwall:

Is it calling the IP of that website a botmaster?
I'm risking the thrashing of JB.
But I'm just curious.. does it maybe think your PC is infected because you're going to a banking like site? I mean I would hope not.. but WTFK?

I'm not totally sure what you're asking. Does what think my PC is infected? The Sonicwall? And I'm not sure why going to a "banking-like site" would make it scream infection. I login to Mint almost daily and my other bank accounts from time to time no issues.

Like I said I tried on different computers with same result. As soon as I would login to my account, my phone would start going off with email alerts constantly until I logged back out. The IP of the site (23.something) is not the same IP that it says is triggering the alert, so I don't know if it's some behind the scenes CDN or analytics or what. I was just looking to see if anyone had any suggestions on what to do beyond what I've done.

So just had an odd thing happen. I'm on my computer logging in to my bank's website to pay my mortgage when I start getting hammered with emails from Sonicwall about "Suspected Botnet responder blocked, Responder IP: 208.91.197.46" and my local IP address. I quickly search and see that this IP has been linked to Locky Ransomware so I immediately shut my computer down so I could research further.

I check the file server first to see if I can find anything that has been modified or changed. I check the FSRM logs since I've setup some blocks for known ransomware extensions to see if there were any hits, but there was nothing. I start my computer back in Safe Mode and run some scans which come up clean.

I then decide to fire it back up in normal mode and see if it was a particular site. I open back up my Chrome windows and keep watching my logs... no issue. I navigate to my mortgage site again and login. BOOM. Flooded with Sonicwall logs again. Log out and close the window and they immediately disappear. I tried to open it with Edge (which I rarely use) as well as Chrome which has uBlock Origin running in case there were any scripts it might block, but same result both times. I then tried a different machine just to see how it would react, and same issue.

How would you proceed from here? Is there reason to believe their site is truly compromised in some way, or potentially a false positive? I've logged into this site many times over the last few years without issues. My antivirus doesn't flag anything, only the Sonicwall botnet filter. I'm basically trying to decide if I have enough info or justification to alert them to this issue, or if it's a false positive from some CDN or hosting that was malicious at one time but may not be anymore, yet the IP address is still getting flagged.