|
"WE GOT HIM" oh man, inspector Mitch is on the case.
|
#
?
Jul 6, 2020 18:46
|
|
|
|
| # ? May 23, 2024 22:51 |
|
|
Craptacular posted:So they're decommissioning 47 servers. One of those servers had a business-critical USB licensing dongle/stick on it. Was the dongle not listed in the server inventory database? If it wasn't listed, was the dongle actually authorized? It's possible that the dongle is both business critical and unauthorized, if the proper approvals weren't given for an exception to the "no USB devices" rule before plugging in the USB licensing dongle. If the dongle was listed in the inventory database, you would assume that the database would alert that the USB licensing dongle would no longer be connected when the server it's attached to was decommissioned. But if it wasn't listed, then you get the "hey my licensed software stopped working for some strange reason" email. You're assuming one or more of the following: 1. There is a server inventory database 2. It can check for authorized, business-critical devices 3. It's able to scream about missing ABC devices 4. Mitch bothered to check the server inventory database before destroying an ABC device. dragonshardz fucked around with this message at 18:53 on Jul 6, 2020 |
|
#
?
Jul 6, 2020 18:49
|
|
|
Act V From: (warlock's boss) Re: FWD: Security Breach in LAX-DC-01 I spoke with warlock regarding this issue. *) To my certain knowledge, he has never been to LAX-DC-01. *) The "thumbdrive" that was destroyed held the license for the (mumble) system, which is why an entire department cannot work this morning. (Attached image of multi-thousand dollar USB license dongle) *) The server that was removed and wiped had the license cached, but that is gone now as well. (Please let me know AS SOON AS POSSIBLE if the servers were not actually wiped / disposed of yet.) *) (mumble) Co will not replace this dongle, as we are on v9 of the software, which is now End of Life. I am waiting for (vendor) to get back to me with a quote for the version they will support, which is v11. Expect that to be in the six figures, not including if we have to stand up another licensing server.
|
|
#
?
Jul 6, 2020 18:52
|
|
|
sfwarlock posted:Act V INJECT. THIS. RIGHT. INTO. MY. loving. VEINS.
|
|
#
?
Jul 6, 2020 18:53
|
|
|
sfwarlock posted:Act V 
dragonshardz fucked around with this message at 18:56 on Jul 6, 2020 |
|
#
?
Jul 6, 2020 18:54
|
|
|
WE GOT HIM
|
|
#
?
Jul 6, 2020 18:54
|
|
|
capitalcomma posted:WE GOT HIM New thread title.
|
|
#
?
Jul 6, 2020 18:56
|
|
|
This is the exact opposite of what you'd expect a Monday morning to be like. I loving love it.
|
|
#
?
Jul 6, 2020 18:56
|
|
|
capitalcomma posted:WE GOT HIM Serious Hardware / Software Crap > [SPAM] FW: RE: WE GOT HIM!
|
|
#
?
Jul 6, 2020 18:56
|
|
|
sfwarlock posted:Act V     
|
|
#
?
Jul 6, 2020 18:58
|
|
|
I swear I can picture Mitch looking at the nearest window and just contemplating his options for a brief moment after he read that. That man is fuuuuucked. Will he resign, or go down swinging until he's fired? I gotta know!!
|
|
#
?
Jul 6, 2020 18:59
|
|
|
I would put ten bucks on “goes down swinging”
|
|
#
?
Jul 6, 2020 19:00
|
|
|
I need a cigarette and a tissue.
|
|
#
?
Jul 6, 2020 19:00
|
|
|
GnarlyCharlie4u posted:Serious Hardware / Software Crap > [SPAM] FW: RE: WE GOT HIM! pls pls pls pls
|
|
#
?
Jul 6, 2020 19:01
|
|
|
Inject this story directly into my veins (and also the thread title) I presume you're talking about some other voip software and not actually mumble though?
|
|
#
?
Jul 6, 2020 19:03
|
|
|
sfwarlock posted:Act V 
|
|
#
?
Jul 6, 2020 19:04
|
|
|
Kurieg posted:
I think he's just using "(mumble)" as in "It's my birthday, I'm <mumblemumble> years old!" i.e. a standin for saying the actual name. I highly doubt any VOIP software is six-figures and uses a license-dongle mechanism, it's probably some CAD or chip design package. Mitch is definitely gonna go down swinging, he found UNAUTHORIZED JUMPDRIVES of COURSE he's in the right here. SECURITY IS PARAMOUNT.
|
|
#
?
Jul 6, 2020 19:09
|
|
|
I feel for that guy though. Yikes. We had two software packages that required a dongle. OrCAD and Labelview.
|
|
#
?
Jul 6, 2020 19:11
|
|
|
Yeah but it's the dick-swinging bravado with which they announced finding the unauthorised device, reminding people about the disciplinary process etc. I've gone off at support agents for things a couple of times in the past when it's turned out I was wrong and looked like a jackass, now I make sure I have checked everything multiple times before sounding off about anything.
|
|
#
?
Jul 6, 2020 19:13
|
|
|
I agree 100%. It's a lesson for the dude for sure.
|
|
#
?
Jul 6, 2020 19:15
|
|
|
sfwarlock posted:Act V Strange.... this sounds so much like the many thousand dollar software we use that also has a dongle. Wouldn't happen to come from a company called "2020 Technologies" would it? A single first license costs... a LOT. And they do offer networked licensing via a single dongle (or even software based/non-dongle licensing now). They stopped supporting v9 of their software some time ago, and only support v11 or the newly released v12. Though they have a dongle replacement policy; long as you can return the broken bits of an existing dongle they will replace for for a couple hundred bucks.
|
|
#
?
Jul 6, 2020 19:15
|
|
|
A one month scream test is way too short.
|
|
#
?
Jul 6, 2020 19:17
|
|
|
Thanks Ants posted:Yeah but it's the dick-swinging bravado with which they announced finding the unauthorised device, reminding people about the disciplinary process etc. I've gone off at support agents for things a couple of times in the past when it's turned out I was wrong and looked like a jackass, now I make sure I have checked everything multiple times before sounding off about anything. Its an amazing situation and I wish that I was this persons boss. You can't have a policy saying "no usb devices" in the year of our lord 2020 and not have that backed up by some kind of device control system. If all the protects people from plugging into storage devices is hopes and dreams, you have wasted everyone's time with writing the policy. When you see a USB drive plugged into a server your first thought should be "that can't possibly be working, lets check device control". At that point you should see an exception and investigate the exception. And who destroys the USB without inspecting it first? You can't destory unknown data without an investigation you loving twat. What if this was sensitive data of some kind and you need to investigate how it got there? What if this is something illegal? So much is wrong with this.
|
|
#
?
Jul 6, 2020 19:21
|
|
|
The destruction part is just the dumbest. "I don't know what this is so I'm just going to get rid of it."
|
|
#
?
Jul 6, 2020 19:23
|
|
|
Sickening posted:Its an amazing situation and I wish that I was this persons boss. You can't have a policy saying "no usb devices" in the year of our lord 2020 and not have that backed up by some kind of device control system. If all the protects people from plugging into storage devices is hopes and dreams, you have wasted everyone's time with writing the policy. But don't you understand? USB Devices aren't allowed! I'm willing to bet they took it out to the parking lot and went to town with it with sledgehammers because a user did something that wasn't allowed and they needed to feel better about it.
|
|
#
?
Jul 6, 2020 19:24
|
|
|
dragonshardz posted:You're assuming one or more of the following: 1) If they don't have something tracking their infrastructure, even if it's just a manually-updated spreadsheet, then there's a lot bigger problems than just a USB dongle going missing. 2) I didn't mean necessarily mean having the inventory system discover servers itself, or import from another system that does discovery. Though those would be best, even a column in the aforementioned better-than-nothing spreadsheet that said "THERE'S A BUSINESS-CRITICAL USB DONGLE CONNECTED TO THIS SYSTEM" would avoid the problem.
|
|
#
?
Jul 6, 2020 19:27
|
|
|
Kurieg posted:But don't you understand? USB Devices aren't allowed! worse than that, someone violated the sanctity of the data center
|
|
#
?
Jul 6, 2020 19:31
|
|
|
Sickening posted:Its an amazing situation and I wish that I was this persons boss. You can't have a policy saying "no usb devices" in the year of our lord 2020 and not have that backed up by some kind of device control system. If all the protects people from plugging into storage devices is hopes and dreams, you have wasted everyone's time with writing the policy. Agreed, it could have been used to boot the server and run some sort of tor silkroad site from, pulling it out and shredding it is the dumbest thing you could possibly do if the aim is to actually improve security. Surely leaving it attached and alerting the security team so more investigation can take place is step 1.
|
|
#
?
Jul 6, 2020 19:35
|
|
|
On top of that, what kind of guy is he that he thinks random rear end users are walking into the server room just plugging poo poo in?
|
|
#
?
Jul 6, 2020 19:48
|
|
|
sfwarlock posted:Expect further communication on this matter through your supervisor and/or HR. 
|
|
#
?
Jul 6, 2020 19:51
|
|
|
GreenNight posted:On top of that, what kind of guy is he that he thinks random rear end users are walking into the server room just plugging poo poo in? Not even a server room, it's a DATACENTER. Which, I mean, I'm presuming is an actual datacenter environment if they're decommissioning 47 physical servers (i.e. a normal server room isn't gonna house 100-200 physical servers, which would be a good guess as to the total number if 47 is the number that's being removed). Which is even stupider. Yes, someone got past the mantraps, security cameras, and all the other controls to plug a USB drive into a server. If you're gonna try and take over the network via USB drive, you'd start with the parking lot, not a guarded datacenter with video documentation of who was there when.
|
|
#
?
Jul 6, 2020 19:53
|
|
|
I dunno if I shared it here already, but have an autobiographical drawing from a time when I also had to deal with dongles
|
|
#
?
Jul 6, 2020 19:59
|
|
|
Super Soaker Party! posted:I think he's just using "(mumble)" as in "It's my birthday, I'm <mumblemumble> years old!" i.e. a standin for saying the actual name. I highly doubt any VOIP software is six-figures and uses a license-dongle mechanism, it's probably some CAD or chip design package. Right. Not mumble literally. Neddy Seagoon posted:Will he resign, or go down swinging until he's fired? I gotta know!! ConfusedUs posted:I would put ten bucks on “goes down swinging” Super Soaker Party! posted:Mitch is definitely gonna go down swinging, he found UNAUTHORIZED JUMPDRIVES of COURSE he's in the right here. SECURITY IS PARAMOUNT. Yeah, I would bet a lot on "goes down swinging." I just wish he hadn't dragged my name into the witch hunt, because at end of year reviews, people are going to remember that I was there and not why... stevewm posted:Strange.... this sounds so much like the many thousand dollar software we use that also has a dongle. ... They stopped supporting v9 of their software some time ago, and only support v11 or the newly released v12. After nearly being doxxed because of here once, I tend to slightly Dragnet my posts. Don't trust specific numbers like that. Or the 47 here: Super Soaker Party! posted:Not even a server room, it's a DATACENTER. Which, I mean, I'm presuming is an actual datacenter environment if they're decommissioning 47 physical servers (i.e. a normal server room isn't gonna house 100-200 physical servers, which would be a good guess as to the total number if 47 is the number that's being removed). Although it is a colo site at which we/they had ... quite a few racks in our/their name. Kurieg posted:But don't you understand? USB Devices aren't allowed! I'm kind of picturing him having a youtube channel with under 10 subscribers "Hi everyone, this is Security Guru Mitch speaking to you. Earlier today we found this unauthorized USB Mass Storage Device, or 'thumbdrive', in our datacenter, which is a critical security violation and carries penalties up to and including being terminated. What we're going to do is dig a little grave for this thing, and fill it with my special mixture of thermite... " GreenNight posted:On top of that, what kind of guy is he that he thinks random rear end users are walking into the server room just plugging poo poo in? Clearly they're walking in and just plugging poo poo in, because, look! poo poo that was plugged in! Geemer posted:Please tell me this was one of the licensing dongles that also has their exact purpose printed on them + serial no, making it really hard to mistake them for flash drives if you take a second to look at them. The one I dug up as an example from a google image search is plain black and has printed in white on one side "(LOGO) MUMBLE V9" and on the other "INSTALL AND LICENSING" Granted, knowing this guy, even if it had said "DO NOT REMOVE" and "END OF THE WORLD" he'd sneer and say "You're not fooling me, hacker!" EDIT: Dirt Road Junglist posted:I... uh... I bent my dongle. Goddamn it, I've been giggling over this for ten solid minutes. Clearly I am 12 today. sfwarlock fucked around with this message at 20:42 on Jul 6, 2020 |
|
#
?
Jul 6, 2020 20:20
|
|
|
sfwarlock posted:
Understood.. I
|
|
#
?
Jul 6, 2020 20:22
|
|
|
From a co-worker on me showing him thisquote:Here we see the self-righteous red-faced corpoarte security nazi in its natural habitat....it spies an easy meal and begins its crowing, not realizing that it's about to get turned to pudding by an elephant...
|
|
#
?
Jul 6, 2020 20:29
|
|
|
Kurieg posted:But don't you understand? USB Devices aren't allowed! What if it grows little robot legs and plugs itself into the CEO's laptop? Clearly taping a label to it that says "Found in server XYZ, do not use" and locking it into a desk drawer isn't good enough. ponzicar fucked around with this message at 20:48 on Jul 6, 2020 |
|
#
?
Jul 6, 2020 20:42
|
|
|
lol my company has dongles for licenses that are tens of thousands of dollars. holy poo poo I could not imagine just randomly destroying one with out reaching out to every business owner in the company even it it wasn't well labeled.
|
|
#
?
Jul 6, 2020 20:43
|
|
|
Lightning Jim posted:From a co-worker on me showing him this Is it still okay to be a security nazi about people sending their credentials for a HIPAA-compliant (supposedly) company's financial systems to the helpdesk?
|
|
#
?
Jul 6, 2020 20:44
|
|
|
22 Eargesplitten posted:Is it still okay to be a security nazi about people sending their credentials for a HIPAA-compliant (supposedly) company's financial systems to the helpdesk? Nope. Just deflect that poo poo straight to HR. Do not engage.
|
|
#
?
Jul 6, 2020 20:47
|
|
|
|
| # ? May 23, 2024 22:51 |
|
|
22 Eargesplitten posted:Is it still okay to be a security nazi about people sending their credentials for a HIPAA-compliant (supposedly) company's financial systems to the helpdesk? Sure, but are you being "self-righteous" at that point and not just "wholly reasonable"? Because that adjective surely is an important distinction here.
|
|
#
?
Jul 6, 2020 20:47
|
|