Thanatosian posted:We had an attack from someone spoofing an Office365 address today. They emailed out a pretty well-put-together phishing attack with a link to an Office365 Sharepoint page. Can I get an image of the email? Always good to help the less fortunate know what one looks like. SeaborneClink posted:Nobody will bother keeping track this time as you find out either insert the smiley of the dude throwing away his book and shaking his head here e: Polio Vax Scene fucked around with this message at 00:03 on Oct 3, 2018 |
|
# ? Oct 2, 2018 23:59 |
|
|
# ? May 28, 2024 11:28 |
|
Two separate phishing incidents in the last two weeks. First one nailed a VP with the CEO scam, got to the 3rd response before he clued in. Second one was a very well meaning and far too eager to please administrative assistant who cheerfully went out and bought $2000 in iTunes cards yes sir right away I'd be happy to its my pleasure! I generally like this new place but there's a lot of tech debt and some basic security practices I need to implement. Step one is getting KnowBe4 or Wombat training, and making it mandatory.
|
# ? Oct 3, 2018 07:59 |
|
Antioch posted:Two separate phishing incidents in the last two weeks. First one nailed a VP with the CEO scam, got to the 3rd response before he clued in. Two-Factor-Auth. Pay for okta. It doesn't fix everything, but your chances of getting your users email hijacked decreases dramatically.
|
# ? Oct 3, 2018 14:45 |
|
Antioch posted:Two separate phishing incidents in the last two weeks. First one nailed a VP with the CEO scam, got to the 3rd response before he clued in. On the plus side at least everyone can get a iTunes gift card as company gift for the holidays
|
# ? Oct 3, 2018 15:11 |
|
64bit_Dophins posted:On the plus side at least everyone can get a iTunes gift card as company gift for the holidays You think they didn't give the scammer all the codes already?
|
# ? Oct 3, 2018 15:33 |
|
Pissing me off today, Spectrum Communications.. We have 2 locations that are only 15 miles apart, but one was formally Charter and the other was formally Time Warner. Both locations have the exact same level of service. Spectrum called to offer us lower rates at both locations which is great... Except for one thing. You would think both locations, given they have identical service, would be offered the same rate. Nope! One location is $55 per month higher than the other, again for the same same services. And it's not taxes/fees making up the difference. It's the actual base rate Spectrum is charging. When I pressed them on this issue, the rep stated that because of how the account was originally set up (this would have been 14 years ago) their system will not allow them to offer the same rate, for the same service. Why the hell does what happened 14 years have anything to do with the price today? He had no answer... I refused to accept his explanation and reasoning. They promised to have a manager get in contact with me, but I don't expect that to ever happen. stevewm fucked around with this message at 15:45 on Oct 3, 2018 |
# ? Oct 3, 2018 15:43 |
|
Sickening posted:Two-Factor-Auth. Ugh we just added this to cover similar security stupidity. I love having to get a code on my cellphone literally every time I want to log into the VPN to test something in a QA environment, log into my email every morning, etc. I get why it's there, I just wish the stupidity of others wasn't such an inconvenience since I need to log into various things constantly throughout the day and get a code every single time. Oddly, our texts always come from a different number each time, which is both weird and mildly irritating.
|
# ? Oct 3, 2018 15:43 |
|
It seems like a lot of O365 users end up getting various 3rd party services to fix shortcomings in O365 itself... Is it really that bad in those areas? Being a long time GSuite user I guess I've gotten used to the fact that the default security services just work... 2 factor auth works great via multiple methods, it's great about catching logins from out-of-pattern locations (should someone's credentials get compromised), phishing emails basically never make it through, Gmail plasters the screen with warnings if anything slightly suspicious actually makes it through, suspicious links/attachments that end up in SPAM are actually blocked so a user can't even click on them if they wander in the SPAM box, etc..
|
# ? Oct 3, 2018 15:56 |
|
pixaal posted:You think they didn't give the scammer all the codes already? Yeah you're probably right stevewm posted:Pissing me off today, Spectrum Communications.. I worked in a call center for almost a year out of college and that was the go to line for anyone trying to get someone off of the phone. "Oh give me your contact information and I'll have my manager follow up with you." I mean it sucks but most of the time management would yell at us if calls got escalated to them and even if we did ask them to take the call they would usually just have the calls sent to voicemail or promise a follow-up that never ever happened. So yeah if you hear that on a customer service line just know that nothing is going to get done.
|
# ? Oct 3, 2018 15:56 |
|
BaronVonVaderham posted:Ugh we just added this to cover similar security stupidity. I love having to get a code on my cellphone literally every time I want to log into the VPN to test something in a QA environment, log into my email every morning, etc. We run our VPN mfa through Duo mobile. It's worked really well for a few years now. One activation text to your phone and it's done. Granted I've only got end user experience. Our office MFA is still through texting a cell, but since most users are in the same location (we have a large remote user base) it's not as onerous and only comes up on password expirations. Of course since mfa got enabled the expiration time went from 3 to 6 months which has been awesome.
|
# ? Oct 3, 2018 15:57 |
|
DelphiAegis posted:We run our VPN mfa through Duo mobile. It's worked really well for a few years now. One activation text to your phone and it's done. Granted I've only got end user experience. Our 2-factor auth at work is also Duo Mobile and it's smooth as heck. Again, only end user experience, though.
|
# ? Oct 3, 2018 16:00 |
|
From the admin side Duo has been super simple to implement for everything we needed to protect.
|
# ? Oct 3, 2018 16:05 |
|
gently caress every MFA system that requires a text message instead of an app-generated code or a push notification.
|
# ? Oct 3, 2018 16:33 |
|
64bit_Dophins posted:Yeah you're probably right Surprisingly they did get back! But nothing changed... they just keep repeating the same bullshit "because of how your account was setup 14 years ago we cannot offer the same rate". Any sane business would just do it, but telecom companies are far from sane. Told them to just go ahead with it, but I will be switching away at my earliest convenience. Not that it matters to them anyways. There is no such thing as telecom competition in most places.
|
# ? Oct 3, 2018 16:33 |
|
Our AT&T BVoIP line is hosed up. Can call out, but not in AT&T's support number for BVoIP is also down
|
# ? Oct 3, 2018 16:56 |
|
stevewm posted:Surprisingly they did get back! But nothing changed... they just keep repeating the same bullshit "because of how your account was setup 14 years ago we cannot offer the same rate". Any sane business would just do it, but telecom companies are far from sane. Told them to just go ahead with it, but I will be switching away at my earliest convenience. Not that it matters to them anyways. There is no such thing as telecom competition in most places. Yeah it's one of those industries where they don't even have to try. If they don't want to change your plan they don't have to. What they mean is "We don't want to change the account because it was setup a long time ago on a different system and it's hard."
|
# ? Oct 3, 2018 16:59 |
n-thing Duo Mobile. Most painless 2fa I've ever used.
|
|
# ? Oct 3, 2018 17:06 |
|
In the past I would also recommend duo mobile The bad news is that they are being acquired by Cisco. Its probably fine a for a while but i have exactly zero faith that Cisco won't eventually make it loving terrible. But in fairness: I admin it right now for work and its /smooth/ I love it. I'm just really worried it won't be long term
|
# ? Oct 3, 2018 17:28 |
|
Putting in a good word for Azure MFA here
|
# ? Oct 3, 2018 17:33 |
|
AuthAnvil isn't bad and relatively cheap, we use it for a few different functions and it integrates decently; there are a few quirks but you'll learn them quickly and they take a few minutes to workaround when you do hit them (eventually you'll remember to not hit them!)
|
# ? Oct 3, 2018 17:55 |
|
Inspector_666 posted:gently caress every MFA system that requires a text message instead of an app-generated code or a push notification.
|
# ? Oct 3, 2018 18:27 |
|
The Fool posted:Putting in a good word for Azure MFA here
|
# ? Oct 3, 2018 18:41 |
|
Azure AD phone sign-in is good
|
# ? Oct 3, 2018 19:18 |
|
Thanks Ants posted:Azure AD phone sign-in is good What's going to be good is being able to do password-less auth with ADFS.
|
# ? Oct 3, 2018 19:23 |
|
Spring Heeled Jack posted:From the admin side Duo has been super simple to implement for everything we needed to protect. It's now owned by Cisco, so get ready for it to both turn lovely and cost a lot more.
|
# ? Oct 3, 2018 19:57 |
|
Oh, for Christ's sake. I hadn't heard about this til now but apparently the WiFi Alliance is pushing to rename the upcoming 802.11ax wifi amendment "WiFi 6," ostensibly to make it easier for consumers to differentiate wireless generations. This will involve retconning the names of previous 802.11 amendments, so that 802.11b is now "WiFi 1" etc. Those of you who are up on your wireless networking terminology, which I recognize is something of an alphabet soup in the current state of affairs, are probably now screaming, given that the assorted 802.11 amendments have more differences than just performance improvements -- for example, 802.11a provides for faster throughput than 802.11b, but the former works on the 5Ghz band only and the latter on the 2.4Ghz band only. Certain amendments apply to both bands and certain ones don't. In sum, the WiFi Alliance can get hosed, and this is potentially a nightmare in the making.
|
# ? Oct 4, 2018 00:39 |
|
guppy posted:Oh, for Christ's sake. I hadn't heard about this til now but apparently the WiFi Alliance is pushing to rename the upcoming 802.11ax wifi amendment "WiFi 6," ostensibly to make it easier for consumers to differentiate wireless generations. This will involve retconning the names of previous 802.11 amendments, so that 802.11b is now "WiFi 1" etc. They should keep them how they are but approve aliases for branding called Wifi 1-6. It's really wouldn't be that hard to go "I need at least wifi level 4 to connect to this" and let your network admins worry about the backend that level 4 is n. You can keep all the command line stuff the same. It's getting really confusing honestly for consumers where they go we went from g to n what happened to h i j k l and m?
|
# ? Oct 4, 2018 00:44 |
|
pixaal posted:They should keep them how they are but approve aliases for branding called Wifi 1-6. It's really wouldn't be that hard to go "I need at least wifi level 4 to connect to this" and let your network admins worry about the backend that level 4 is n. You can keep all the command line stuff the same. It's getting really confusing honestly for consumers where they go we went from g to n what happened to h i j k l and m? Yeah, it’s pretty much a non-issue as far as I can see. This is simply an internal matter for the WiFi alliance and recommendations on a unified marketing and branding scheme. There is zero chance that IEEE is going to change their established nomenclature for standards and amendments.
|
# ? Oct 4, 2018 01:12 |
|
You're right, I probably am overreacting. It's been a long day. (I understand this isn't going to change the IEEE's naming conventions, of course.) In some ways I still think we are headed for some pain and consumer confusion around interoperability, mostly with regard to the 2.4Ghz band, but we are already on that path with 802.11ac, and it looks like 802.11ax is going to have some new tricks to address some of the issues.
|
# ? Oct 4, 2018 02:32 |
|
BaronVonVaderham posted:Oddly, our texts always come from a different number each time, which is both weird and mildly irritating. ...2FA over SMS. No. No. Noooooo. YubiKeys or Authy or literally anything but SMS. Inspector_666 posted:gently caress every MFA system that requires a text message instead of an app-generated code or a push notification.
|
# ? Oct 4, 2018 05:17 |
|
Inspector_666 posted:gently caress every MFA system that requires a text message instead of an app-generated code or a push notification. Although not required it's always a hoot when people who have opted for SMS or Call verification come crying with "Is the VPN down? I live in a cave in mongolia and nothing is coming through to my phone!"
|
# ? Oct 4, 2018 12:44 |
|
dragonshardz posted:...2FA over SMS. No. No. Noooooo. YubiKeys or Authy or literally anything but SMS. It comes from a different number each time, too! At least Teams lets me say "don't verify me again for 30 days", but that's about it. I need to get a code via text literally every time I connect to VPN for testing. The company used to use google apps with a much simpler system using some app, but they apparently changed over to Microsoft EverythingTM because why listen to your technology department saying FOR THE LOVE OF GOD WHY?!
|
# ? Oct 4, 2018 14:07 |
|
If they are Microsoft Everything they should be using Azure MFA with the authenticator app and push notifications with OTP backup.
|
# ? Oct 4, 2018 14:49 |
|
Earlier today my nightmare coworker (the one that doesn't stop talking ever) asked my team lead to "compare paychecks" because she wanted to see how much money he was making. He tried to be cool about it and just kind of dismissed and ignored the comment but it made me so uncomfortable. I have no idea how she can do that sort of thing without consequence.
|
# ? Oct 4, 2018 15:17 |
|
Not to defend the way she goes about things, but talking about salaries shouldn't taboo. Get paid!
|
# ? Oct 4, 2018 15:26 |
|
Thanks Ants posted:Not to defend the way she goes about things, but talking about salaries shouldn't taboo. Get paid! Also isn't it actually illegal to stop employees from talking about their pay or something?
|
# ? Oct 4, 2018 15:29 |
|
Inspector_666 posted:Also isn't it actually illegal to stop employees from talking about their pay or something? It is illegal
|
# ? Oct 4, 2018 15:33 |
|
Proteus Jones posted:It is illegal Huh I didn't know that. Good to know. I still think the way she went about it was inappropriate though.
|
# ? Oct 4, 2018 15:34 |
|
64bit_Dophins posted:Earlier today my nightmare coworker (the one that doesn't stop talking ever) asked my team lead to "compare paychecks" because she wanted to see how much money he was making. I can understand if you personally don't want to talk about your salary with coworkers for whatever reason, but to want others to not ask someone that isn't you and/or be punished for it is DUMB. Don't be dumb okay?
|
# ? Oct 4, 2018 15:34 |
|
|
# ? May 28, 2024 11:28 |
|
Inspector_666 posted:Also isn't it actually illegal to stop employees from talking about their pay or something? It's a good thing to know what everyone makes. Everyone would make more (except for CEOs, but they are already making too much). There's a ton of people that are horribly underpaid. When this information isn't shared you don't know your market value, and if you don't know it, someone can scoop you up for half of what your worth and you think you are making a good amount. edit: if you aren't in the US there is a large stigma about asking how much someone makes. It's considered extremely rude for some reason. I'd be happy to share and not be offended with anyone that asked, but I'd never ask outside a few friends who are also open with their wages.
|
# ? Oct 4, 2018 15:37 |