|
That’s amazing. I’d love to see a full deep dive into that thing.
|
#
?
Aug 22, 2018 21:27
|
|
|
|
| # ? Jun 8, 2024 11:17 |
|
|
Sickening posted:Our marketing people ordered a video conference solution straight from china! MAXHUB  It's like my $50 ip camera baby monitor but enterprise. Please post updates.
|
|
#
?
Aug 22, 2018 21:30
|
|
|
Tab8715 posted:One of my contract customers had a anti-fraternization policy with non-FTEs. I think all of my contracts have that. Or I'm just not liked anymore
|
|
#
?
Aug 22, 2018 21:36
|
|
|
Sickening posted:Our marketing people ordered a video conference solution straight from china! MAXHUB yup. I still remember when my company bought a bunch of cheap Chinese android tablets that flooded the market around Christmas 4-5 years ago and *SURPRISE* a wireshark of the device showed all sorts of traffic constantly being sent to Chinese IP addresses. Even after we flashed a vanilla version of android to one of them, it was still pinging the poo poo out of a bunch of Chinese IP's.
|
|
#
?
Aug 22, 2018 21:58
|
|
|
Sickening posted:Our marketing people ordered a video conference solution straight from china! MAXHUB Hell yes.
|
|
#
?
Aug 22, 2018 22:01
|
|
|
I went to a rooftop bar this evening during work and then stayed a bit past when I'd usually leave the office. The beers and a fairly decent cheeseburger + fries were covered by the company. Also please give that VC box to a security researcher to write a blog about, it sounds amazing.
|
|
#
?
Aug 22, 2018 22:06
|
|
|
lovely cheap chinese electronics getting into sensitive parts of the enterprise is always super fun. Get those from time to time that flag us when they start trying to call home. Really looking forward to rolling NAC out everywhere.
|
|
#
?
Aug 22, 2018 22:25
|
|
|
MF_James posted:Can we not have a slap-fight about hanging out with co-workers vs your family vs being an ugly goon troll hiding in a basement; that is probably my least enjoyable recurring IT threads fight. e: Depending on how you parse that sentence, I might be saying that our hero billed 4 times his usual rate for a picture of his testicles, which is certainly an option. MC Fruit Stripe fucked around with this message at 22:43 on Aug 22, 2018 |
|
#
?
Aug 22, 2018 22:39
|
|
|
Vargatron posted:As an aside, molding technicians are some of the hardest drinkers and profligates known to man, but holy poo poo are they fun to be around. I really enjoy drinking with field geologists.
|
|
#
?
Aug 22, 2018 22:44
|
|
|
MC Fruit Stripe posted:My personal favorite is the "my boss asked me to do something which would have taken until 5:01pm today, so I sent him a picture of my testicles, billed him quadruple for it, flicked my cigarette, and rode my Harley into the sunset" story we get every few weeks. What is 4x nothing? Also, I will gladly buy someone a beer that does exactly what you said.
|
|
#
?
Aug 22, 2018 22:46
|
|
|
Tab8715 posted:One of my contract customers had a anti-fraternization policy with non-FTEs. That seems excessive. I once had to remind a member of staff that because he arranged to go out for a meal with a contractor who was staying over nearby and said contractor picked up the bill - you are probably heading towards declaring gifts received blah blah anti corruption policy - which I don’t really care too much about - however - where it will cause a problem is when the dude goes to eat lunch with the estates teams and boasts that he got free food from a contractor, estates dudes then all moan that they don’t get any free food off contractors and someone grassses him up for not following the policy which I think is basically don’t accept gifts. I’m quite happy to take a don’t get caught attitude to it but wow don’t even talk to people in work haha Sickening posted:Our marketing people ordered a video conference solution straight from china! MAXHUB Our customer (the government!) queried our use of Lenovo computers for the potential risk of everything you have raised there Can you send me that, so I can put it in front of them and  as they have a breakdown please
angry armadillo fucked around with this message at 00:00 on Aug 23, 2018 |
|
#
?
Aug 22, 2018 23:57
|
|
|
Just did a round of interviews for some new 1st line guys, our service desk handles more than just IT issues so we are looking for all rounders. We had 108 applicants for 3 positions and I didn't realise until a couple of days before sitting down for interviews that the poor candidates had to sit in front of their laptops and do a video interview before getting to this stage. On one hand it was great, as we weeded out just under 100 applications so we only had 12 to meet with, I wasn't involved with that side as I am not managing this service desk I am just the local knowledge and they will be supporting me. The bad side is they had to do the video interview in one go, wtih a minute to record their answer to each question and only 30 seconds to read the question and formulate an answer before the recording started. I would not have made it through that myself, they were all super nervous when they came in. We had a weirdo, who came back to the office 5 times looking to find out if he had a job and made our receptionist very uncomfortable (huge alarm bells for me), but we also got three nice first choices who all accepted the role. Hooray! Two years of being the only person on the continent supporting three offices is finally about to end!
|
|
#
?
Aug 23, 2018 02:28
|
|
|
MF_James posted:Can we not have a slap-fight about hanging out with co-workers vs your family vs being an ugly goon troll hiding in a basement; that is probably my least enjoyable recurring IT threads fight. It was a fight?
|
|
#
?
Aug 23, 2018 10:03
|
|
|
Hahaha holy poo poo Imagine this happening to you https://twitter.com/JohnLaTwC/status/1032267977633087488?s=19
|
|
#
?
Aug 23, 2018 10:58
|
|
|
A friend of mine works there (not in IT). Said it was a pretty wild time.
|
|
#
?
Aug 23, 2018 11:27
|
|
|
They missed a great ransom opportunity at that office. All the hard work was done for them.
|
|
#
?
Aug 23, 2018 11:32
|
|
|
It's crazy to me that they didn't have backups of their DCs, don't you need that for ISO 27001?
|
|
#
?
Aug 23, 2018 11:37
|
|
|
orange sky posted:It's crazy to me that they didn't have backups of their DCs, don't you need that for ISO 27001? That was my first thought too, but I love a good sneakernet solution in this day and age.
|
|
#
?
Aug 23, 2018 14:34
|
|
|
I have a question on how an include in spf would work. I'm setting up spf for my domain (mydomain.com). I use a third party to host my email server (reseller.com). The spf for mydomain.com is this; "v=spf1 mx a include:reseller.com -all" Reseller.com uses the following spf record; "v=spf1 ipv4:10.1.1.10 ipv4:10.1.2.20 ipv4:10.1.3.30 ~all" Will the softfail (~all) in reseller.com's spf record cause any IP sending email as mydomain.com to softfail (other than mx/a for mydomain.com and the ipv4 entries in reseller.com)?
|
|
#
?
Aug 23, 2018 15:32
|
|
|
orange sky posted:It's crazy to me that they didn't have backups of their DCs, don't you need that for ISO 27001? I'm sure they had backups. The backups and backup systems were probably online and got encrypted as well.
|
|
#
?
Aug 23, 2018 18:56
|
|
|
Filthy Lucre posted:I have a question on how an include in spf would work. SPF include directives only return matching or non-matching, effectively ignoring the all directive on the included record.
|
|
#
?
Aug 23, 2018 19:23
|
|
|
skipdogg posted:I'm sure they had backups. The backups and backup systems were probably online and got encrypted as well. So...they didn't have backups? I mean even if you don't follow the 3-2-1 rule, at least have the 1 part, i.e. the offsite NOT ONLINE part. I know everyone hates tapes now or whatever, but this is exactly the loving problem they would have made completely irrelevant, other than the time to copy backups onto new servers from tape. And hell, maybe you don't have that for your entire infrastructure, but for your DCs at least? (I mean, you should have your cert authority backed up and in a safe, right? Why not just stick a copy of the DC in there as well every month, if you're a gigantic multinational). Also I liked the bit about reimaging laptops 20 at a time, with....USB sticks? What? Were they using good ol' Ghost or something (with duplicate SIDs)? I mean maybe if your laptops can't PXE boot, but what business laptops in this day and age can't do that, and why wouldn't you have SCCM. Or were they just (even worse) installing Windows manually on thousands of machines? Basically the takeaway is yet another company ignoring proper security and backup procedures because what's the worst that could happen. I don't know if we're supposed to feel sorry for them - I feel sorry for the IT staff that had to put up with that and deal with the aftermath, but every single manager that went "eh I don't know, that security upgrade seems expensive and I mean everything's working fine, let's just do it later" can go ahead and get hosed.
|
|
#
?
Aug 23, 2018 22:26
|
|
|
dogstile posted:It was a fight? In the past? Yeah they get pretty stupid. skipdogg posted:I'm sure they had backups. The backups and backup systems were probably online and got encrypted as well. Yeah, the wired article specifically calls out lack of network segmentation as one of the problems they'd identified but not bothered to solve, so it's entirely possible their backups were wrecked before they knew what was going on.
|
|
#
?
Aug 23, 2018 23:53
|
|
|
Lol to not fixing your problem areas because it won’t give you a fat bonus
|
|
#
?
Aug 24, 2018 00:29
|
|
|
Lol to having 20 people worth of work and only 2 people with which to do it. Catastrophic failures are almost never the sys admin's fault. They are the business's fault. You want everything to work like it should? Give me enough staff to catch my breath.
|
|
#
?
Aug 24, 2018 01:09
|
|
|
Money too. Proper backups and DR is $$$ no one wants to spend because most of the time you don't need it for anything.
|
|
#
?
Aug 24, 2018 01:14
|
|
|
We had a client get crypto’d last week and they only got their data back because of a combination of the malware crashing before it could trash all of the shadow copies, and a third party vendor taking a copy of a vital application folder before an upgrade a few days before. Three days after being dead in the water for half a week they were back on the “hmm I’m not really sure we need to go to the expense of proper backups” line of thought. If we don’t just drop them at this point I will be amazed.
|
|
#
?
Aug 24, 2018 01:19
|
|
|
One of my old companies clients were crypto'd 2 months ago. Since I still do work for them I was involved. They are super paranoid about security now, absurdly so. I implemented certificate based wireless authentication and they are running a POC to implement 2FA on top of it
|
|
#
?
Aug 24, 2018 01:57
|
|
|
Are there videos or something similar for a crash course on active directory? I know the basics of adding, removing users and resetting passwords. I've never been in a position to do much more with it at least. I don't need to learn every detail like for a certification I just want to sound like I know what I'm talking about for an interview. This going be at a tier 2 level. I just want to look and sound informed. At least look like I know what I'm taking for basic active directory using the technical terminology. DropsySufferer fucked around with this message at 02:02 on Aug 24, 2018 |
|
#
?
Aug 24, 2018 01:58
|
|
|
A little paranoia is a good thing when it comes to security.
|
|
#
?
Aug 24, 2018 01:58
|
|
|
DropsySufferer posted:Are there videos or something similar for a crash course on active directory? I know the basics of adding, removing users and resetting passwords. I've never been in a position to do much more with it at least. I don't need to learn every detail like for a certification I just want to sound like I know what I'm talking about for an interview. https://www.udemy.com/topic/active-directory/
|
|
#
?
Aug 24, 2018 02:02
|
|
|
Vulture Culture posted:Udemy is having another $9.99 sale right now This looks like exactly what I need. I'm unsure what version of windows server is going to be used at the company I'm interviewing for but I'll assume 2012 like my last company. Should I take the 2016 course or the 2012 one? Is there much difference between windows server 2012 and 2016?
|
|
#
?
Aug 24, 2018 02:30
|
|
|
DropsySufferer posted:This looks like exactly what I need. I'm unsure what version of windows server is going to be used at the company I'm interviewing for but I'll assume 2012 like my last company. Should I take the 2016 course or the 2012 one? Is there much difference between windows server 2012 and 2016? Go with whichever is cheapest or has better reviews.
|
|
#
?
Aug 24, 2018 02:35
|
|
|
All else being equal, generally stick to the more recent stuff if you're concerned with career development, but AD isn't exactly a fast-moving piece of software.
|
|
#
?
Aug 24, 2018 02:37
|
|
|
DropsySufferer posted:This looks like exactly what I need. I'm unsure what version of windows server is going to be used at the company I'm interviewing for but I'll assume 2012 like my last company. Should I take the 2016 course or the 2012 one? Is there much difference between windows server 2012 and 2016? Conceptually AD is pretty much the same across Server platforms, but 2012 and 2016 have different feature sets and tools.
|
|
#
?
Aug 24, 2018 02:39
|
|
|
Sepist posted:One of my old companies clients were crypto'd 2 months ago. Since I still do work for them I was involved. They are super paranoid about security now, absurdly so. I implemented certificate based wireless authentication and they are running a POC to implement 2FA on top of it And yet they probably insist on leaving SMB1 on for their MFC.
|
|
#
?
Aug 24, 2018 02:41
|
|
|
Not sure if it's me but I were learning AD I'd honestly look at the Windows Server 2008 R2 Material or even older. The new makes way too many assumptions about the reader experience and you won't really know how stuff works.
|
|
#
?
Aug 24, 2018 02:43
|
|
|
22 Eargesplitten posted:A little paranoia is a good thing when it comes to security. the problem is that the people who get stuck with it are usually infrastructure instead of applications Our application got owned because the admin page was publicly accessible using default credentials -> "Uh that never would have happened if there was a firewall in front of it!!" -> "Infrastructure, please implement web application firewalling"
|
|
#
?
Aug 24, 2018 03:10
|
|
|
DropsySufferer posted:Are there videos or something similar for a crash course on active directory? I know the basics of adding, removing users and resetting passwords. I've never been in a position to do much more with it at least. I don't need to learn every detail like for a certification I just want to sound like I know what I'm talking about for an interview. There’s some stuff on YouTube. Quite a few videos actually. You can probably find a copy of the oreilly ad book in pdf format by looking on a search engine. I take about 45 minutes to give my crash course. If you want I’ll setup a webex and answer any questions you have
|
|
#
?
Aug 24, 2018 03:23
|
|
|
|
| # ? Jun 8, 2024 11:17 |
|
|
We need to start a Goon IT School online series.
|
|
#
?
Aug 24, 2018 13:28
|
|