|
Collateral Damage posted:You don't get echo replies from traceroute (except the last hop), you get ICMP time-exceeded Ah that's right. To be fair, if you're blocking port 0 for echo reply, it's extremely likely you're blocking less-known port 11 for ICMP time-exceeded packets. I guess it's still not a good troubleshooting step to ping google to diagnose tracert timeouts though.
|
#
?
Feb 26, 2016 18:27
|
|
|
|
| # ? May 12, 2024 15:59 |
|
|
The IT guy at my old company (my former assistant) looped me in on the latest gossip. Someone in the accounting department fell for an e-mail scam and wired $75K to the scammer  The scammer bought a slightly misspelled domain name and sent an e-mail to the accounting team pretending to be the owner (not even the correct e-mail too) and requested a wire transfer. The bank information came in the form of a word doc, not even official looking. And without any attempts at confirmation away the money went. ~whoops~ Glad I don't work there anymore.
|
|
#
?
Feb 26, 2016 22:09
|
|
|
Judge Schnoopy posted:Ah that's right. To be fair, if you're blocking port 0 for echo reply, it's extremely likely you're blocking less-known port 11 for ICMP time-exceeded packets. I guess it's still not a good troubleshooting step to ping google to diagnose tracert timeouts though.
|
|
#
?
Feb 26, 2016 23:52
|
|
|
pr0digal posted:The IT guy at my old company (my former assistant) looped me in on the latest gossip. Someone in the accounting department fell for an e-mail scam and wired $75K to the scammer Some of our clients received requests like that and looked to us for a technical solution. Erm, it's an email that passes all SPF/DKIM checks, isn't spoofing your own domain, seems to know a lot about your organisational structure and is requesting a transfer of funds. What technical solution are you expected to prevent those sorts of messages reaching you? Maybe pick up the phone before just sending funds to someone to double-check.
|
|
#
?
Feb 27, 2016 00:14
|
|
|
Thanks Ants posted:Some of our clients received requests like that and looked to us for a technical solution. Yeah the prevention method is not in technology, it's in common loving sense. No computer should have to explicitly tell you to not send tens of thousands of dollars to some guy without paperwork or confirmation.
|
|
#
?
Feb 27, 2016 04:37
|
|
|
I guess the big question is, if this request had come in the form of a letter, would it have still gone through? If yes, would we have blamed the Post Office?
|
|
#
?
Feb 27, 2016 04:44
|
|
|
I've gotten a Nigerian prince scam in the mail once before and it would have been my fault if I replied.  Then again it was at my home's mailbox so maybe it never touched the post office.
|
|
#
?
Feb 27, 2016 04:45
|
|
|
Thanks Ants posted:Some of our clients received requests like that and looked to us for a technical solution. Technical solution is an intranet application with line manager authorization signoffs.
|
|
#
?
Feb 27, 2016 04:50
|
|
|
Judge Schnoopy posted:Yeah the prevention method is not in technology, it's in common loving sense. No computer should have to explicitly tell you to not send tens of thousands of dollars to some guy without paperwork or confirmation. We actually forced everyone in the company to have [EXTERNAL] added to the beginning of the email's subjects when it comes from outside the company because we fell for this a few times. I won't say how much we wired away... but we're a Fortune 100 company and it happened 4 times in the last few months before the email change went into place. It hasn't happened since.
|
|
#
?
Feb 27, 2016 04:51
|
|
|
Mustache Ride posted:We actually forced everyone in the company to have [EXTERNAL] added to the beginning of the email's subjects when it comes from outside the company because we fell for this a few times. I won't say how much we wired away... but we're a Fortune 100 company and it happened 4 times in the last few months before the email change went into place. How is that enforced? It's not exactly difficult to spoof the From field of an e-mail.
|
|
#
?
Feb 27, 2016 05:39
|
|
|
ErIog posted:How is that enforced? It's not exactly difficult to spoof the From field of an e-mail. An email gateway device maybe that tags the message on the way in? We have a Proofpoint box to handle email poo poo before it even gets to exchange. It does a pretty good job of spam filtering and file blocking. Also works well on nuking emails with people's SSNs and credit card numbers. This apparently drove some outside company batshit to the point where they would send in multiple emails with the SSN spread across them.
|
|
#
?
Feb 27, 2016 05:49
|
|
|
They're a Google Apps house so he can block the domain from the admin panel. And user education assuming the execs let him since it's a rather sensitive subject. Apparently the two people that did it are still working there.  The funny thing is that when I worked there we were hit by Gmail phishing twice and both times people fell for it and both times I sent out "don't be dumb shits" emails. People never learn. I think he's more annoyed that they'll wire away 75k but not approve his POs for upgrades.
|
|
#
?
Feb 27, 2016 06:17
|
|
|
pr0digal posted:People never learn. I think he's more annoyed that they'll wire away 75k but not approve his POs for upgrades. There's a solution here
|
|
#
?
Feb 27, 2016 06:25
|
|
|
baquerd posted:Technical solution is an intranet application with line manager authorization signoffs. Line managers can and will rubber-stamp stuff if it looks even remotely legit.
|
|
#
?
Feb 27, 2016 06:27
|
|
|
Judge Schnoopy posted:There's a solution here Seriously, if it's that easy we're in the wrong line of business.
|
|
#
?
Feb 27, 2016 07:26
|
|
|
Penny shaving is so last millennium.
|
|
#
?
Feb 27, 2016 08:05
|
|
|
Neddy Seagoon posted:Line managers can and will rubber-stamp stuff if it looks even remotely legit. wiring half a million looks remotely legit? I mean it depends on the company but the amounts they request are generally much higher than usual. e: Here's a good example of one of those scam mails: https://www2.deloitte.com/lu/en/pages/about-deloitte/articles/fake-presidents.html
|
|
#
?
Feb 27, 2016 13:12
|
|
|
spankmeister posted:wiring half a million looks remotely legit? I mean it depends on the company but the amounts they request are generally much higher than usual. Oh god, no  .
|
|
#
?
Feb 27, 2016 13:46
|
|
|
Neddy Seagoon posted:Line managers can and will rubber-stamp stuff if it looks even remotely legit. My boss is also the coordinator for science teachers and 'technology' teachers. He approved a new camera for a videography teacher, only to learn upon its arrival that he approved a $1200 quad copter / camera.
|
|
#
?
Feb 27, 2016 15:39
|
|
|
Its odd considering how many of you work in big business but you're forgetting just how many people are there to simply do whatever task of them is assigned with no questions asked. The last time one of these drones sought clarity on instructions they got yelled at.
|
|
#
?
Feb 27, 2016 16:11
|
|
|
Nerdrock posted:My boss is also the coordinator for science teachers and 'technology' teachers. He approved a new camera for a videography teacher, only to learn upon its arrival that he approved a $1200 quad copter / camera. During my short stint processing smartphone sales, I quickly learned it was much easier to just CC in the authorizing manager when chasing outstanding contract fees via email. I'd get a response back from them within an hour or two that amounted to "yes, whatever, just do it" way before the actual person on the contract would.
|
|
#
?
Feb 27, 2016 16:37
|
|
|
go3 posted:Its odd considering how many of you work in big business but you're forgetting just how many people are there to simply do whatever task of them is assigned with no questions asked. The last time one of these drones sought clarity on instructions they got yelled at. business in general makes a lot more sense when you realise it's pretty much nothing to do with making a profit. Nobody cares about shareholder value, and the entire reason for everything that happens at work is ape tribal dominance hierarchies. This includes the people who supposedly do care about making a profit. Ahh it's wonderful stuff.
|
|
#
?
Feb 27, 2016 18:28
|
|
|
spankmeister posted:wiring half a million looks remotely legit? I mean it depends on the company but the amounts they request are generally much higher than usual. Ran into this a lot at my last job. As far as I'm aware no one ever bit but we did get asked an uncomfortable amount of times IF they were legit. And the ones we received were definitely not of even that caliber. They were usually less than 5 lines and usually got the names associated with the email wrong: Our addresses were [first letter of first name][last name]@[company].com. So we'll call the owner Bob. I can't tell you how many times the email was signed Bill instead and they still were curious if it was legit. They couldn't even pretend to think it was another Bill as it was a company that started as a family business so the name on the building was his last name. Ugato fucked around with this message at 21:22 on Feb 27, 2016 |
|
#
?
Feb 27, 2016 21:20
|
|
|
Had a student call in requesting help submitting an assignment to Blackboard, she's 60+ and hasn't had any prior experience with computers. It took 30 minutes for us to navigate to the bottom of the webpage, find her assignment, and submit it. She was extremely nice so it wasn't a terrible experience, but there was one thing bugging me... Ma'am, it's 3:30am Monday morning. Why now? e. She called back in right as I was submitting this post, she had to submit a 2nd assignment and wanted to make sure she was doing it right. She had it down pat! Actuarial Fables fucked around with this message at 13:31 on Feb 29, 2016 |
|
#
?
Feb 29, 2016 13:17
|
|
|
Hasaple posted:e. She called back in right as I was submitting this post, she had to submit a 2nd assignment and wanted to make sure she was doing it right. She had it down pat! These I'm okay with...until they do it every time. But awesome though. Some older folks kick rear end once they've been shown.
|
|
#
?
Feb 29, 2016 16:24
|
|
|
A blocked website came in. Apparently our Alumni page is being blocked on both our network and the college's network. Well, not really officially blocked. It just says the website can't be found, but works on any other network. Going to the website's IP address brings up the blocked page screen with the reasoning of "Alcohol." Turns out the Alumni Association was referring to itself as AA in the website and making the web filter think it was Alcoholic's Anonymous. Welp. That's my excitement for the day.
|
|
#
?
Feb 29, 2016 17:06
|
|
|
Better make sure no college students can get information about Alcoholics Anonymous!
|
|
#
?
Feb 29, 2016 17:12
|
|
|
odiv posted:Better make sure no college students can get information about Alcoholics Anonymous! I don't know about the college's firewall. That's their business, but ours is set to block AA. Granted, this is Mississippi, where abstinence education reigns supreme. We have state mandated firewall filters in place for sex education, AA, suicide prevention, drug prevention, and on and on. You see, if the kids can't learn about any of this, they won't know how to do it and it won't be a problem
|
|
#
?
Feb 29, 2016 17:16
|
|
|
A relative came in. I have family visiting and helping me out with some plumbing and woodworking on my new place. To be a good host, I set up my home computer with a guest account (heavily locked down, of course) so they could check their email and such. Apparently the website version of AOL still plays all the old sounds that the application version did in the 90s. There's nothing like being woken up 7am on a Saturday to a house-rattling 'YOU'VE GOT MAIL!'.
|
|
#
?
Feb 29, 2016 17:18
|
|
|
larchesdanrew posted:We have state mandated firewall filters in place for suicide prevention 
|
|
#
?
Feb 29, 2016 17:33
|
|
|
larchesdanrew posted:I don't know about the college's firewall. That's their business, but ours is set to block AA. I'll take "Reasons I'll stay on the East Coast" for $500 Alex. And this is a college you say?
|
|
#
?
Feb 29, 2016 17:39
|
|
|
It's Missisippi- best not to spend too much time thinking about it. I wouldn't be surprised if poison control was on the blacklist too.
|
|
#
?
Feb 29, 2016 17:40
|
|
|
Just Offscreen posted:It's Missisippi- best not to spend too much time thinking about it. I wouldn't be surprised if poison control was on the blacklist too. Well clearly poison control is the proper way to store poisons! We can't have that!
|
|
#
?
Feb 29, 2016 17:42
|
|
|
Just Offscreen posted:It's Missisippi- best not to spend too much time thinking about it. I wouldn't be surprised if poison control was on the blacklist too. Well clearly poison control is the proper way to store poisons! We can't have that!
|
|
#
?
Feb 29, 2016 17:42
|
|
larchesdanrew posted:A blocked website came in. My senior year at high school I had to do research on lobby groups. I tried looking up some LGBT group but it got blocked for the reason "lifestyle." I live in New York. Web filters are consistently the worst and most students just find web-based proxies to get around them (since it's easy enough for your average teen to use to plug in youtube.com into a website and most sysadmins deal with web-based proxies by playing whack-a-mole).
|
|
|
#
?
Feb 29, 2016 17:45
|
|
|
larchesdanrew posted:I don't know about the college's firewall. That's their business, but ours is set to block AA. They're doing it wrong. Clearly, the best way to deal with these issues is to keep the firewall open, log the username of the person accessing the site and contact their parents so they can receive a proper
|
|
#
?
Feb 29, 2016 17:45
|
|
|
pr0digal posted:I'll take "Reasons I'll stay on the East Coast" for $500 Alex. Ours is a high school, but it's for juniors and seniors, so it's not that much better. We're located on a college campus, but our networks are separate. And re: kids using proxies and otherwise just getting around all of our safeguards; playing whack-a-mole is 90% of my job. These kids are terribly smart and have a lot of free time to get around stuff. Our firewall and web filter are a loving garbage mess of custom filters and policies to try and account for it all. But at least they can't watch netflix.
|
|
#
?
Feb 29, 2016 17:51
|
|
|
Segmentation Fault posted:My senior year at high school I had to do research on lobby groups. I tried looking up some LGBT group but it got blocked for the reason "lifestyle." Yeah our high school filter only blocked DNS and not IP, good old lovely webfilter. You can also build your own proxy with an AWS server and SSH tunneling which is how I found out that I could bypass the web filter at my own job. A web filter I didn't have access to even though I ran the IT department.
|
|
#
?
Feb 29, 2016 18:26
|
|
|
larchesdanrew posted:Apparently our Alumni page is being blocked on both our network and the college's network. Well, not really officially blocked. It just says the website can't be found, but works on any other network. My high school's website had a letter from the principal on the front page including a jpeg of his signature. A couple of guys downloaded the signature image and pasted it into a letter to their classmate telling him he was expelled. The faculty's solution to prevent this from happening again was to block access to their own website for the entire school.
|
|
#
?
Feb 29, 2016 18:31
|
|
|
|
| # ? May 12, 2024 15:59 |
|
|
larchesdanrew posted:I don't know about the college's firewall. That's their business, but ours is set to block AA. Ironic considering their Darwinian approach to social problem solving.
|
|
#
?
Feb 29, 2016 18:40
|
|
