|
pr0digal posted:Girlfriend's company got hit with a phishing attack...except it was sanctioned. She told me someone opened a suspicious e-mail and sent me a screenshot of it. I followed the URL in a VM because I wanted to see how lovely of a site it was and a page with the following message popped up. Most of them were obvious but the last one was so well done I actually called our help desk to check on it, and there was a recorded message saying, "If you're calling about that email, yeah, it's fake. Good for you if you didn't click on it."
|
#
?
Mar 9, 2016 21:53
|
|
|
|
| # ? May 17, 2024 08:26 |
|
|
The last PhishMe campaign we sent out was hilarious. quote:Dear Mr. Sir, We (being the Security Team) base these off of real Phishing Emails we get in our environment. Yes, we actually saw this one sent to us. The campaign is still ongoing, but once its done I can post the results. Yes, the website is real.
|
|
#
?
Mar 9, 2016 23:28
|
|
|
dox posted:My company uses and resells a service called KnowBe4 that does something very similar. Highly recommend it as a way to train your users to spot phishing- we try to deploy it to all of our clients. I love KnowBe4. The training is fairly straightforward, the reporting is simple and not customizable yet, but they are good at taking customer feedback and improving their service. Plus it is tons cheaper than PhishMe. I run a monthly phishing campaign after training and the results were expected: The stats I have on hand: 36% before training  2% 1 month after training  28% a few months out of training  Good thing we train annually, plus clickers get reported to their managers now.
|
|
#
?
Mar 9, 2016 23:35
|
|
|
A ticket came in... from my boss.boss posted:
So I go digging into the issue. Move the AppleTVs from DHCP to static, make sure they don't sleep, all the troubleshooting I can find... but the Meraki event log keeps telling me that there is a conflict... and sometimes the conflict is on a totally different subnet? The gently caress? We have wireless and ethernet on different subnets, with the AppleTV's set up without ethernet cables, so they just sit on the wireless subnet. Not only is there no way for the DHCP server to be handing them an address on the ethernet subnet (which is what I see), but they have never BEEN on that subnet, so it can't be trying to claim it out of memory. On top of that, I can still ping the devices at the right IP. Ok, so I do some more digging. This issue only started on March 3rd. And it's only 2 out of 3 Apple TV's deployed at this location. And both of these devices are reporting as conflicting on the same IP... but not with eachother. No, they are conflicting with a MacBook Air that is on the wireless. Ok, so lets reserve that address and do ifconfig renew on the computer. New IP obtained, problem solved? Nope, both AppleTVs start conflicting over a new address. The same address as a MacBook Air. The same address as the SAME MacBook Air. But it's a different address than before. At this point I'm totally confused, so I go check to see if there are any OS updates for the AppleTVs. Two of the three AppleTVs in the office have Autoupdate enabled. One does not. The one with no problems, is, of course, the one that isn't up to date. Ok, that's indicative of something. I call my boss (who works in an office in another state) and ask if he can check if his AppleTV is set to autoupdate. Nope! Oh, but he just told it to update since he was checking it...  Alright, well, that can tell me something. I pull up the event logs for his location, and... yup, no IP conflicts showing... until just now. And now an AppleTV is throwing conflicts with a MacBook Air at this location. Well then! Now we know what the culprit is! Apple TV 3 OS 7.2.1 Update 8011 is doing something weird! Only... none of the computers with the conflict are having any problems. Or throwing an error. The Apple TVs are all working normally. The only evidence of a problem is the event log. I run Wireshark for a bit, and discover that... the AppleTVs are falsely responding to some ARP requests from the router. Somehow, the new update to the AppleTV OS is causing each AppleTV unit to find an Apple computer on the network, and bind itself to it. So long as that computer is on the network, the AppleTV will respond to ARP requests as if it had the address of that computer. I've brought this up to Apple, talked my way up to a "Senior Enterprise Advisor", and apparently having this on two networks with different network equipment isn't proof enough for a good on their end. Fuckers are making me take an AppleTV home and test it on a CONSUMER grade router to prove that it's an OS issue and not a network configuration bug.
|
|
#
?
Mar 10, 2016 00:34
|
|
|
pr0digal posted:Girlfriend's company got hit with a phishing attack...except it was sanctioned. She told me someone opened a suspicious e-mail and sent me a screenshot of it. I followed the URL in a VM because I wanted to see how lovely of a site it was and a page with the following message popped up. I get PhishMe emails at my job. I've been good so far, but apparently there are some people at risk of losing their jobs because they fall for the Phish every time. I just set up an outlook filter that scans the header for telltale signs.
|
|
#
?
Mar 10, 2016 01:08
|
|
|
KillHour posted:This is one of those things where you have to praise them for their initiative, but remind them that those things have to be vetted before action is taken. Also, lock yo drat network closet. They are locked, so its kind of a mystery where they got the key. Its a location 200 miles away, so we don't have anyone onsite to handle things like this. But generally they call first. Its a unfortunate reality of our company that we are spread out over multiple states that we have to rely on people locally for just about everything. In other news, we are putting in APs at a bunch of our locations and I've been working with the cabling contractors for the last week. They've been moving along pretty good except one site where it turned out we have a bad AP. One of the guys gets to the last site and comments "Hey, how do these ceiling mount grids work? Haven't seen one before." I walk him through it and then think, if he just now is seeing this, what happened with the other 3 sites he's done? Each location was supposed to hand them a AP and the mounting enclosure, but somehow that hasn't been happening, so this guy has been just mounting the AP's to the ceiling grid. And now he has to go back. Yay.
|
|
#
?
Mar 10, 2016 03:51
|
|
|
Oh gently caress other sites without support. I have one that before I took my job they fired the IT guy (6 months before I started). I've been here 6 months and they still haven't replaced him. Getting anything done there is a giant pain in the rear end. The site is 3,000 miles from me. It's also really difficult to talk techical to someone that has no technical background and doesn't speak good English. I end up asking for pictures of everything and circle what I want usually getting another picture. I somehow got a drive in a RAID swapped with just flip phone camera pictures and MS paint. Really could use a dedicated person, even an MSP. Last guy ended up infecting the poo poo out of the network being incompetent person with multiple virus scanners including fake ones and making some unholy mess. I just need someone help desk level part time person that does something else the rest of the day. They have some highschool kid they can sometimes get to stop in and do stuff. He seems to know reasonably well what is going on, but he's super flaky. Took 3 weeks to get a new UPS racked, that no matter how hard I tried I couldn't walk someone else through. Picture of my rack, I circle where I want it in their rack, send a copy of the mounting directions in Spanish "It doesn't fit". I still have no idea what they were trying to do with it. Took forever to get the kid in, but it didn't take him long to do.
|
|
#
?
Mar 10, 2016 04:24
|
|
|
A ticket came in, "I can't print or access network shares. Internet works fine, though." This is a user I had to re-do wireless router settings for last month so I assumed their wireless router decided to reset its settings again. I get there and find after doing some troubleshooting... somebody has apparently plugged an LTE router into the network and it's hijacking all the traffic. They're somewhere in this 9 story building. Gonna be a fun day.
|
|
#
?
Mar 10, 2016 04:56
|
|
|
FireSight posted:I run Wireshark for a bit, and discover that... the AppleTVs are falsely responding to some ARP requests from the router. Somehow, the new update to the AppleTV OS is causing each AppleTV unit to find an Apple computer on the network, and bind itself to it. So long as that computer is on the network, the AppleTV will respond to ARP requests as if it had the address of that computer.  Apple does some weird poo poo sometimes
|
|
#
?
Mar 10, 2016 05:07
|
|
|
mewse posted:
Seriously this is pretty hosed. I wanna try it now 
|
|
#
?
Mar 10, 2016 05:14
|
|
|
FireSight posted:A ticket came in... from my boss. I'd argue they are asking you to replace their stuff with another vendor's gear...but that's me.
|
|
#
?
Mar 10, 2016 05:29
|
|
|
pixaal posted:. Hot.
|
|
#
?
Mar 10, 2016 07:08
|
|
|
Some of our clients seem really proud that they fired their IT team to save money and then are quite confused when we tell them a list of highly technical things need to be done for their system to work with our software (that would always be done by IT and are trivial for them) and then quite angry when we won't do it for them because it's not our job and they fired the resources there that were qualified to do them.
|
|
#
?
Mar 10, 2016 07:22
|
|
|
FireSight posted:I've brought this up to Apple, talked my way up to a "Senior Enterprise Advisor", and apparently having this on two networks with different network equipment isn't proof enough for a good on their end. Fuckers are making me take an AppleTV home and test it on a CONSUMER grade router to prove that it's an OS issue and not a network configuration bug. This sounds reasonable, if they've never heard of this issue before it's probably something wrong with your switch / router configuration
|
|
#
?
Mar 10, 2016 08:47
|
|
|
That poor Nigerian astronaut. 
|
|
#
?
Mar 10, 2016 11:02
|
|
|
jre posted:This sounds reasonable, if they've never heard of this issue before it's probably something wrong with your switch / router configuration True, except it's apple, who haven't been averse I'm the past from trying to sell this sort of thing under the rug until enough media was talking about it.
|
|
#
?
Mar 10, 2016 11:07
|
|
|
Posting in to tell you the worst part of Firesight's issue. He mentioned this on IRC and I did some light googling, which revealed this has been an issue for some time. Some Apple forum posters claimed it was some sort of Bonjour Sleep Proxy thing, where the TV (i poo poo you not) keeps answering to the ARP requests on other Apple devices behest so that their leases don't expire or some poo poo. Posting this here so that everyone can see how pants-on-head this is. https://discussions.apple.com/thread/3417818?start=0&tstart=0 "ARP Cache Poison behavior by Apple TV" https://www.reddit.com/r/techsupport/comments/2dgync/apple_tv_is_stealing_ip_addresses_on_a_campus/ Sormus fucked around with this message at 11:39 on Mar 10, 2016 |
|
#
?
Mar 10, 2016 11:36
|
|
|
Can someone check I'm not being the idiot here. I'm not 100% sure but vmware doesn't seem to have the concept of "limited number of vcpus" In that you can have as many as you want, as long as the actual moment to moment usage doesn't consume all the mhz available to the host they are on. So when someone asks for "12 available cores prior to commencing work" there is of course that much available. Am I missing something fundamental or is it the guy doing the install who doesn't get it?
|
|
#
?
Mar 10, 2016 15:38
|
|
|
LordVorbis posted:Can someone check I'm not being the idiot here. I'm not 100% sure but vmware doesn't seem to have the concept of "limited number of vcpus" In that you can have as many as you want, as long as the actual moment to moment usage doesn't consume all the mhz available to the host they are on. It might have something to do with licensing of a product so make sure it has the correct amount of vCPU and that the NUMA alignment is correct. For most workloads having more vCPU than logical CPUs will bite you in the rear end with strange performance issues.
|
|
#
?
Mar 10, 2016 15:45
|
|
|
jre posted:This sounds reasonable, if they've never heard of this issue before it's probably something wrong with your switch / router configuration Apple strongly denied any problems with discoveryd for months before they removed it from OSX
|
|
#
?
Mar 10, 2016 16:22
|
|
|
Roargasm posted:Apple strongly denied any problems with discoveryd for months before they removed it from OSX Oh god. That poo poo show. I like and use Apple stuff. Love my rMBP and iPad pro, but god drat if they aren't ostriches whenever someone calls in complaining about legitimate and difficult to address bugs in their stuff. Most of the time, their customer service is efficient and helpful, but that other 2%? It's all "LALALALALA I CAN'T HEAR YOU!" and deleting posts from the support forums.
|
|
#
?
Mar 10, 2016 16:27
|
|
|
I guarantee if I look for them, I'll find about a billion instances of that Apple TV proxy ARP poo poo on my networks. We see it a lot with Netgear and Linksys routers, as well. Hopefully the Apple TV and the Mac have to actually be able to communicate with each other via unicast first and it'll get stopped by traffic segmentation... (I support residential internet connections for college apartments.)
|
|
#
?
Mar 10, 2016 16:29
|
|
|
LordVorbis posted:Can someone check I'm not being the idiot here. I'm not 100% sure but vmware doesn't seem to have the concept of "limited number of vcpus" In that you can have as many as you want, as long as the actual moment to moment usage doesn't consume all the mhz available to the host they are on. Reducing the number of cores can actually increase the speed of a VM. If you make a 10 core DC it wont be able to do anything until 10 cores have a free cycle, it will then use all 10 for the single thread it needed because the OS expects the 10 and will poll them for information. DCs should be 1 maybe 2 cores. Specs your machines correctly. Over provisioning is a common thing with VMs, give them what you think they will need and increase them as needed. If they are sitting mostly idle decrease their resources. The only thing that probably isn't an issue on is thin provisioned RAM and drive space. Even then a run away log could eat a ton of space, and the RAM might get used as a cache for something that only gets used once a year automatically because there is free RAM. Databases love to just use every meg of RAM you throw at them for doing stupid things.
|
|
#
?
Mar 10, 2016 17:34
|
|
|
An update: With Sormus's link, I was able to determine that, in fact, the devices causing the problem ARE showing as Bonjour Sleep Proxies, while the devices that are not causing problems don't show up. I'd say that's confirmation of a buggy change to the Bonjour Sleep Proxy feature on the AppleTVs.
|
|
#
?
Mar 10, 2016 17:40
|
|
|
FireSight posted:An update: With Sormus's link, I was able to determine that, in fact, the devices causing the problem ARE showing as Bonjour Sleep Proxies, while the devices that are not causing problems don't show up. I'd say that's confirmation of a buggy change to the Bonjour Sleep Proxy feature on the AppleTVs. I think that's just what bonjour sleep proxy does, but it looks like it can only be disabled on the Macs themselves and not just once at the TV.
|
|
#
?
Mar 10, 2016 18:49
|
|
|
Has anyone used Microsoft System Center as a ticketing system? My work is considering switching to it.
|
|
#
?
Mar 10, 2016 18:53
|
|
|
flosofl posted:Oh god. That poo poo show. Goddamn I hate that attitude with a passion - not just picking on Apple, but from any vendor. When I've gone through everything with a fine-toothed comb and proven that vendor equipment or software is the problem, I want to punch fuckers in the face who want me to drag their garbage around to other computers or locations to "test". No, gently caress you, do your job and quit trying to waste my loving time you lazy assholes. Wish I had the knowledge to invent a remote dick-punching machine for idiots like that. Same for Microsoft and their recent IE patch that basically throws the company IT under the bus for not allowing someone to upgrade to Windows 10. Yeah, gently caress you too MS, I'll keep circumventing your stupid bullshit patches just as fast as you circumvent my workarounds, you can kiss my rear end with this forced upgrade trash.
|
|
#
?
Mar 10, 2016 19:14
|
|
|
Just claim you did, how will they know? Yup did that over the weekend took company property off site to my house after signing a ton of paperwork. Then spent my free time, purchased a macbook and tested it at home same thing! Now can you cover all these costs? I bill at $300/hr for weekend work.
|
|
#
?
Mar 10, 2016 19:17
|
|
|
It's been a little while, but as an update to the masturbator: When he dropped trou, you could see only a flash of ding before he sat down and thankfully his crotch was out of camera view. But it was clear from, er, gestures, what he was doing. Almost instantly there were people talking all over each other to tell the guy to remember that his camera was on. The guy quickly leans forward and slams his laptop shut and he drops from the call, presumably because closing the lid put the laptop into hibernate. There were a couple of long seconds of complete silence on the call into which the account manager bravely stepped in to try to resume the conversation, but the damage had been done. The meeting never really recovered and you could hear everyone frantically typing at their keyboards. I know my IM lit up with versions of "holy poo poo, did what I think happen actually happen?" After maybe 10 minutes, the account manager gave up and wrapped up the call with a "okayGreatMeetingEveryoneBye!" My team of course hopped back on the bridge to laugh and holy poo poo for a bit. Yesterday the AM did share with us that he received a very delicately phrased email from the partner that masturbator had decided to resign suddenly and wouldn't be joining us further and we hope that our relationship was still "rock Despite my begging and pleading, the AM would not release the recording of the WebEx nor the email announcing his resignation.
|
|
#
?
Mar 10, 2016 19:18
|
|
|
Agrikk posted:It's been a little while, but as an update to the masturbator: Ah the good old "You can't fire me, I quit!" with a wonderful added twist 
|
|
#
?
Mar 10, 2016 19:27
|
|
|
https://www.youtube.com/watch?v=nsGnqf3CUW8
|
|
#
?
Mar 10, 2016 19:28
|
|
|
pr0digal posted:Ah the good old "You can't fire me, I quit!" with a wonderful added twist Probably more of a "You resign now, quietly, or we fire you, loudly"
|
|
#
?
Mar 10, 2016 19:28
|
|
|
pr0digal posted:Ah the good old "You can't fire me, I quit!" with a wonderful added twist
|
|
#
?
Mar 10, 2016 19:35
|
|
|
AlexDeGruven posted:Probably more of a "You resign now, quietly, or we fire you, loudly" Nah I'll bet when the first HR meeting request came in he handed his letter of resignation in to his boss to avoid all the awkward talk about what happened.
|
|
#
?
Mar 10, 2016 19:44
|
|
|
lambeth posted:Has anyone used Microsoft System Center as a ticketing system? My work is considering switching to it. Yeah I've used it in the past. It depends on what exactly you want out of a ticketing system. If you plan on using it along with config manager and orchestrator it can be cool. It just takes a TON of time and effort to get everything customized to your environment and integrated with config manager and orchestrator. If you need something more simple then just go with Zendesk or some other alternative. Personally after having worked with it I wouldnt bring it to a company unless they could devote a person to manage it along with SCCM or Orchestrator. It's just a beast of an unwieldy system.
|
|
#
?
Mar 10, 2016 20:25
|
|
|
lambeth posted:Has anyone used Microsoft System Center as a ticketing system? My work is considering switching to it. Please don't. I have. It's awful. BaseballPCHiker posted:Yeah I've used it in the past. It depends on what exactly you want out of a ticketing system. If you plan on using it along with config manager and orchestrator it can be cool. It just takes a TON of time and effort to get everything customized to your environment and integrated with config manager and orchestrator. If you need something more simple then just go with Zendesk or some other alternative. Personally after having worked with it I wouldnt bring it to a company unless they could devote a person to manage it along with SCCM or Orchestrator. It's just a beast of an unwieldy system. This guy is correct, you need at least 1 dedicated person managing it. It's also amazing easy to turn into a 500-required-field mess.
|
|
#
?
Mar 11, 2016 00:19
|
|
|
pixaal posted:Reducing the number of cores can actually increase the speed of a VM. If you make a 10 core DC it wont be able to do anything until 10 cores have a free cycle, it will then use all 10 for the single thread it needed because the OS expects the 10 and will poll them for information. DCs should be 1 maybe 2 cores. Specs your machines correctly. I'm not our VMWare dude, but our main VM guy believes in 1 VCPU per 4GB of RAM pretty much and sticks to this, no matter how often people ask for more CPUs. All of our VMs run like butter and restart stupidly fast. Its really nice having someone competent running the hardware infrastructure.
|
|
#
?
Mar 11, 2016 07:13
|
|
|
Urit posted:Please don't. I have. It's awful. Not my choice, unfortunately. I guess it can't be any worse than what we have now (PsSoft), which literally crashes once or more every day, but this sounds lovely too.
|
|
#
?
Mar 11, 2016 07:38
|
|
|
SCSM is a good backend but please don't try to use the console as your frontend.
|
|
#
?
Mar 11, 2016 08:03
|
|
|
|
| # ? May 17, 2024 08:26 |
|
|
It's time for.. GUESS WHAT HAPPENED This time our tech had taken the machine apart before I got there. What we're looking at is a daughterboard from a Dell laptop. Luckily this was the only damaged part in the machine, but still.. what happened?  
|
|
#
?
Mar 11, 2016 09:36
|
|
