|
The Fool posted:I'm pretty sure Barrister is based in Louisiana. Also confirming that they're run by morons. They've been advertising the same minimum wage help desk position for, at least, 6 years.
|
#
?
Mar 25, 2015 15:34
|
|
|
|
| # ? May 31, 2024 16:04 |
|
|
vibur posted:Confirming Barrister is based in Louisiana. That doesn't surprise me at all. It certainly explains some of the bottom of the barrel service reps I've dealt with.
|
|
#
?
Mar 25, 2015 17:32
|
|
|
vibur posted:Confirming Barrister is based in Louisiana.  
|
|
#
?
Mar 25, 2015 20:12
|
|
|
This pleases me more than you can possibly imagine.
|
|
#
?
Mar 25, 2015 21:01
|
|
|
We had that poo poo pop on one of our sites because Amazon's s3 was triggering it.
|
|
#
?
Mar 25, 2015 23:42
|
|
|
bollocks got a call this morning from my manager saying that the screensaver had changed to some weird text, so i ran up to the server room, unplugged our NAS the popped up to the upstairs room and pulled the ethernet cable from the PC and found that the files on the pc are all hosed. I checked the NAS drive and that appeared ok, so connected it back up. Then 20 mins later someone else wandered over and mentioned that lots of ENCRYPTED files were appearing in the shared folders ... so I'm now looking for the second (or third, fourth...) pc that is also infected. It appears to have come from a 'CV' that was emailed to our group mailbox, that at least two people opened. I was almost expecting this to happen at some point, so I backup the NAS each night at 1AM, so we technically haven't lost any data, and I'm going to poke about with Shadow Copies to see if I can get some of the files back from the PC. Any tips on cleaning this up though ? I had cryptoprevent on all PCs (or so I thought) and up to date AV. I'm going to check each pc in turn (there are only 12 of us here) what are the best tools to scan with to check all is well. plus the age old question - whats a good AV for 15-ish computers on Active Directory ? cheers 
|
|
#
?
Mar 26, 2015 12:15
|
|
|
As long as you stay away from Symantec, Trend, and McAfee you should be fine, imo. A buddy of mine manages Kaspersky in his organization and he's very happy with it; meanwhile, I manage the Symantec SEP infrastructure and its a living hell. LUA is one of the most poorly designed update platforms every conceived.
|
|
#
?
Mar 26, 2015 13:38
|
|
|
spiny posted:
Forget about AV - the best solution is an application whitelisting product that only allows users to run .EXE files that are pre-approved. We use Appsense Application Manager, but Applocker (part of Group Policy) works almost as well. We have zero malware since implementing this. There is of course extra overhead in maintaining an approved list of applications.
|
|
#
?
Mar 26, 2015 13:45
|
|
|
And don't forget the stab vest because all your techie coworkers want to murder you.
|
|
#
?
Mar 26, 2015 14:00
|
|
|
In that small of an organization I'm going to guess that users have Admin rights on their machines, and in that case they should absolutely have some sort of AV/malware prevention installed. Anything internet facing should. From what it sounds like they're running with...nothing right now? Maybe Defender/Essentials but nothing else? Sounds terrifying.
|
|
#
?
Mar 26, 2015 14:02
|
|
|
Wrath of the Bitch King posted:In that small of an organization I'm going to guess that users have Admin rights on their machines, and in that case they should absolutely have some sort of AV/malware prevention installed. Anything internet facing should. From what it sounds like they're running with...nothing right now? Maybe Defender/Essentials but nothing else? 
|
|
#
?
Mar 26, 2015 14:10
|
|
|
After evaluating quite a few products we went with ESET Endpoint Security. We're about 35 machines I think. Nice balance of protection and ease of management.
|
|
#
?
Mar 26, 2015 14:17
|
|
|
Wrath of the Bitch King posted:In that small of an organization I'm going to guess that users have Admin rights on their machines, and in that case they should absolutely have some sort of AV/malware prevention installed. Anything internet facing should. From what it sounds like they're running with...nothing right now? Maybe Defender/Essentials but nothing else? Please. These people are experienced admins. They changed their desktops to pictures of their cats on a white background and removed boot.ini because it is an unnecessary waste of space! 
|
|
#
?
Mar 26, 2015 14:19
|
|
|
It takes a certain type of stupid to be in sales. Anne,email open it up, open email, connect to act (ok), open email close it, when she closes one email it closes out the whole program. Only happens when at started happening two weeks ago. not all the time
|
|
#
?
Mar 26, 2015 14:25
|
|
|
Bob Morales posted:It takes a certain type of stupid to be in sales. You broke my internal language parser. Now all words look like gibberish. Thanks.
|
|
#
?
Mar 26, 2015 14:27
|
|
|
Bob Morales posted:It takes a certain type of stupid to be in sales.
|
|
#
?
Mar 26, 2015 14:32
|
|
|
gallop w/a boner posted:Forget about AV - the best solution is an application whitelisting product that only allows users to run .EXE files that are pre-approved. We use Appsense Application Manager, but Applocker (part of Group Policy) works almost as well. We have zero malware since implementing this. There is of course extra overhead in maintaining an approved list of applications. The shitstorm that this has caused at my work is overwhelming. Somehow this company made it past 500+ users all with local admin rights. When I got hired I started filling out our software center through sccm to make applications available to users and self install as well as taking away local admin rights. Cue entire weeks of meetings where I am accused of changing the company culture for the worst and "LITERALLY" making it impossible for someone to do their job now, (that same person also blamed an increase in spam on this change).
|
|
#
?
Mar 26, 2015 14:36
|
|
|
It sounds like the same cryptowall attack I saw the other week (attachment in a "resume"). It was a .js rather than a .exe, so the mailfilter missed it and the user who opened it wasn't a local admin.
|
|
#
?
Mar 26, 2015 16:01
|
|
|
Where I work everyone is local admin. The AV is Symantec. There are more than 16k users. IE is pegged at 8 because of legacy software. The only malware issues we really see at helpdesk are dumb adware infections, usually from people using Bing to search for "google chrome" or "dropbox" and clicking the top sponsored result, which is invariably an adware-bundling download site.
|
|
#
?
Mar 26, 2015 16:01
|
|
|
anthonypants posted:They started reading emails from the preview pane instead of opening them in their own window, and clicking the red X in the top right closes Outlook altogether, so they need someone to reset their Outlook view back to whatever it was two weeks ago. That's why I prefer to use Thunderbird for the e-mail crap
|
|
#
?
Mar 26, 2015 16:02
|
|
|
nielsm posted:Where I work everyone is local admin. On one of our larger clients everyone is in the domain admin, schema admin and enterprise admin groups. This was apparently their previous IT support's workaround for getting a piece of software to work.
|
|
#
?
Mar 26, 2015 16:06
|
|
|
How do you explain how bad of an idea giving everyone admin rights is? Can you just tell them that it's best practices, or do you have to find a way to explain how dangerous it is without calling your users idiots? Edit: I'm pretty sure that the first result for Google chrome on Google is the right link, I just downloaded it on a new PC recently. So they probably used bing or Yahoo. 22 Eargesplitten fucked around with this message at 16:12 on Mar 26, 2015 |
|
#
?
Mar 26, 2015 16:06
|
|
|
nielsm posted:Where I work everyone is local admin. The AV is Symantec. There are more than 16k users. IE is pegged at 8 because of legacy software. The only malware issues we really see at helpdesk are dumb adware infections, usually from people using Bing to search for "google chrome" or "dropbox" and clicking the top sponsored result, which is invariably an adware-bundling download site. You must have non mouth breathing employees as users. Of course my environment also wont allow us to push out new updates because of fears of compatibility errors with our ERP software. We also cant get the money to invest in upgraded firewalls or IDS/IPS systems as well. What would you attribute your lack of malware to in your environment?
|
|
#
?
Mar 26, 2015 16:09
|
|
|
bitterandtwisted posted:On one of our larger clients everyone is in the domain admin, schema admin and enterprise admin groups. This was apparently their previous IT support's workaround for getting a piece of software to work. I've seen so many cases of people being made local admins just because a poorly written program tried to save its configuration in Program Files instead of the user's LocalAppData.
|
|
#
?
Mar 26, 2015 16:28
|
|
|
Our Firm has everyone as local admin due to the number of shitbox pieces of software we use. But we also have Bit9 app whitelisting installed, so we have maybe 50 cases of malware a year, on a 5k person firm. The bit9 software works pretty sweet, honestly.
|
|
#
?
Mar 26, 2015 16:46
|
|
|
bitterandtwisted posted:It sounds like the same cryptowall attack I saw the other week (attachment in a "resume"). It was a .js rather than a .exe, so the mailfilter missed it and the user who opened it wasn't a local admin. yeah, thats the one, after some digging and sheepish faces two people admitted opening it. They are both directors so have admin access there are only a few of us here so a few people have admin, most people do not - each new pc i put out is locked down enough to not be annoying. and yeah, just MS essentials too, we can't spend money on software!I'd like to lock down all the pcs, but it's not going to happen. still, it has been a good test of the disaster recovery setup I have cobbled together over the last year, and no data was lost
|
|
#
?
Mar 26, 2015 17:12
|
|
|
22 Eargesplitten posted:How do you explain how bad of an idea giving everyone admin rights is? Can you just tell them that it's best practices, or do you have to find a way to explain how dangerous it is without calling your users idiots? Step 1: Make sure your backups are valid. Step 2: Say "admin for everyone is bad" Step 3: Send three of the least-techy people cryptolocker exes from a burner gmail account. Step 4: Spend a day or two playing Nethack while "restoring backups", if anyone complains point to the email chain where you said this could happen. Step 5: Once someone with sufficient clout gets angry about how long it takes to get back up and running, have them sign off on removing local admin.
|
|
#
?
Mar 26, 2015 17:33
|
|
|
ReelBigLizard posted:After evaluating quite a few products we went with ESET Endpoint Security. We're about 35 machines I think. We're an ESET vendor and I'll admit that their documentation can be pretty sparse but as for the managed products themselves we couldn't be happier.
|
|
#
?
Mar 26, 2015 17:36
|
|
|
22 Eargesplitten posted:How do you explain how bad of an idea giving everyone admin rights is? Can you just tell them that it's best practices, or do you have to find a way to explain how dangerous it is without calling your users idiots? It's a whole lot less about the technical justifications, and a whole lot more about office politics. There will be the special office snowflakes who wail and scream about how they "can't do their job" when what really happened was their kid did something at home and got a UAC prompt. Sometimes these people are managers or C levels and have tons of clout in the office, and no amount of explanations will get you anywhere in that battle. You have to get management on your side to get policies enforced, otherwise the policies are useless. If your boss isn't poo poo, they will help you in that battle. If your boss IS poo poo,  That said, get everything in writing so that when cryptolocker shows up, your rear end is covered.
|
|
#
?
Mar 26, 2015 18:00
|
|
|
BaseballPCHiker posted:You must have non mouth breathing employees as users. Of course my environment also wont allow us to push out new updates because of fears of compatibility errors with our ERP software. We also cant get the money to invest in upgraded firewalls or IDS/IPS systems as well. I've only been in the place for a little less than a year, and I'm really just a phone monkey (yet), but it's probably a combination of factors. We have a general policy on replacement of hardware, nobody uses old machines unless there is some extremely good reason. That probably contributes to general trust from the users, that the IT department is on top of things. Additionally, while we don't use roaming profiles (that may in fact be a positive), the default setup of machines means that most users are able to log onto any computer and begin doing work almost immediately, there is good consistency in performance. All software users need to work is present by default, and good performance is also a factor in gaining user trust. Since many users are able to perform their work on any machine, they often never end up using a single one for so long they "take ownership" of it. The issues I do see usually happen on secretaries' workstations and machines used in telecommuting. There are more factors that probably gain trust from the users, in part timely and sufficient reports about planned and unplanned downtime. I've mostly focused on user trust towards the IT department. I think winning that trust makes guidelines for secure and sensible use more likely to be followed, and users more likely to report unusual behavior from computers early. Lastly, all our helpdesk, support, infrastructure and architecture management is in-house and every department/location has people with long histories and organizational knowledge. It's probably not cheap to run, but I believe the upper management recognizes the whole-org cost savings from larger IT spending, it looks that way from down here.
|
|
#
?
Mar 26, 2015 18:29
|
|
|
I got asked to move 5 phone lines Fine put a change request in... After this nurse recognised she was going to have to at least fill in a form in as I am not there for her sole amusement she did it To be fair she did it about a week ago and she walked past me this morning and said have you done my lines yet? No you are on my list... We should be top of your list! Yes that's where everyone wants to be Then I walked past her later this afternoon and said if I turn around right now and move all those lines you asked about doesn't that mean you won't be able to work where you currently are? Yeah but um um um let me get back to you... Sure you want to be top of my list??
|
|
#
?
Mar 26, 2015 20:12
|
|
|
gallop w/a boner posted:Forget about AV - the best solution is an application whitelisting product that only allows users to run .EXE files that are pre-approved. We use Appsense Application Manager, but Applocker (part of Group Policy) works almost as well. We have zero malware since implementing this. There is of course extra overhead in maintaining an approved list of applications. Curious, when you initially started how bad was the overhead? How did you get passed white-listing all the standard Microsoft backend programs?
|
|
#
?
Mar 26, 2015 20:16
|
|
|
Tab8715 posted:Curious, when you initially started how bad was the overhead? How did you get passed white-listing all the standard Microsoft backend programs? Just guessing here, but install a fresh image with all required default programs, collect a list of all executables and their signatures from that, manually comb the list for stuff you don't actually want, and voila?
|
|
#
?
Mar 26, 2015 20:21
|
|
|
spiny posted:
How effective is cryptoprevent? You had it installed and got nailed anyways and so far my data set is n=1. Anyone have any experience with this product before I install it on my PC along with Kaspersky I am an idiot: I got nailed by Cryptolocker on my DAW PC over the weekend. Since my main PC was down for hardware upgrades I decided to plug my DAW into our home network and use it for browsing as I worked on a research project. Well I clicked on some site that killed my PC and I ended up losing about six months of audio files from the EP I am working on. Bleh. So now I'm rebuilding two PCs instead of one.
|
|
#
?
Mar 26, 2015 20:34
|
|
|
Agrikk posted:How effective is cryptoprevent? You had it installed and got nailed anyways and so far my data set is n=1. Anyone have any experience with this product before I install it on my PC along with Kaspersky You might wanna look into if it's one of the versions that's already been "cracked" by something like bleepingcomputer or whatever. Some variations have had their encryption broken/figured out and you're able to get your poo poo back without backups or paying the scumbags.
|
|
#
?
Mar 26, 2015 21:00
|
|
|
It's too bad bitcoin doesn't use that as the computing goal. Then they would actually be doing something useful with all that heat and power.
|
|
#
?
Mar 26, 2015 21:11
|
|
|
Agrikk posted:I am an idiot: I got nailed by Cryptolocker on my DAW PC over the weekend. Since my main PC was down for hardware upgrades I decided to plug my DAW into our home network and use it for browsing as I worked on a research project. Well I clicked on some site that killed my PC and I ended up losing about six months of audio files from the EP I am working on. Bleh.
|
|
#
?
Mar 26, 2015 21:20
|
|
|
spiny posted:bollocks https://www.decryptcryptolocker.com has some good press on it from BBC but not sure if it'll help this variation.
|
|
#
?
Mar 26, 2015 21:21
|
|
|
22 Eargesplitten posted:It's too bad bitcoin doesn't use that as the computing goal. Then they would actually be doing something useful with all that heat and power. Well one of the conspiracy theories was that Bitcoin was an NSA front to break encryption, so...
|
|
#
?
Mar 26, 2015 21:25
|
|
|
|
| # ? May 31, 2024 16:04 |
|
|
The hits keep coming: TASK DETAILS: KB 26Mar15 1:32 Screen shot attached > FW Incident # - Response Required additional information is needed to proceed .msg I often read the National Post (over my lunch hour) to keep up to date with local, national, internal news and financial issues. We previously had access but now after a few reads it will not allow and asks for an on line subscription. Can online access be provided? ----------------------------------------------- The National Post charges a subscription fee, you doofus. You sent in a god damned screenshot of the website with "Subscriptions start at $0.99 for access" in giant letters. Why the screaming hell would you send this in as a ticket?
|
|
#
?
Mar 26, 2015 21:49
|
|
