|
App13 posted:Got an absolutely cursed request that I am trying to implement in the least damaging way. If they launch the client using a desktop icon you may be able to create a shortcut that automatically bypasses UAC for that single app. Your mileage may vary depending on what other processes the client launches. Edit to add quote for new page context.
|
#
?
Nov 16, 2022 16:53
|
|
|
|
| # ? Jun 3, 2024 01:49 |
|
|
App13 posted:Got an absolutely cursed request that I am trying to implement in the least damaging way. Can you give it a static IP and then firewall it off that way? Make a secure subnet that is for old rear end lab equipment that only has needed access to internal resources?
|
|
#
?
Nov 16, 2022 16:55
|
|
|
GreenNight posted:Can you give it a static IP and then firewall it off that way? Make a secure subnet that is for old rear end lab equipment that only has needed access to internal resources? This should be possible, though the networking team may get a little crotchety. The internal resources needed are basically various network share drives and databases. The share drives are what I’m most worried about
|
|
#
?
Nov 16, 2022 16:58
|
|
|
App13 posted:This should be possible, though the networking team may get a little crotchety. Does it need internet access? If not, block it. Create a network account for the pc that has only specific folder access on the shared drives.
|
|
#
?
Nov 16, 2022 17:00
|
|
|
App13 posted:Got an absolutely cursed request that I am trying to implement in the least damaging way. That does sound like a Grade 4 Shitshow. When you say "internal network", what exactly do you mean? Does it just need to be able to upload files to a single server, or does it need to be joined to AD and send email and open PowerPoints and that Access database you don't know about but contains 35% of your critical company/research data? I'd go a step farther than depending on the Windows firewall and segregate this device to its own VLAN that can only talk to the specific hosts required. If it absolutely needs to be part of the domain, that VLAN can talk to a single DC. Ideally there'd be a single service account that can only log into that one machine, and all other accounts blocked from logging in. It's probably a good time to produce some basic CYA documentation too. Point out that the OS is no longer supported by Microsoft, and likewise the hardware underneath it is almost certainly out of warranty and probably replaceable only at significant cost. It's probably lab equipment that will cost $X0,000-$X00,000 to replace, but you want to build out your "you were warned it would be expensive" letters now. Your goal for this isn't to actually kill the request right now, but cover your rear end when it inevitably fails at the worst possible time. Any internal security teams need to be aware and signing off on the exceptions, too. Good luck and goonspeed.
|
|
#
?
Nov 16, 2022 17:01
|
|
|
"Closing every non-essential port" feels like it should be standard operating procedure for every system
|
|
#
?
Nov 16, 2022 17:03
|
|
|
Wizard of the Deep posted:That does sound like a Grade 4 Shitshow. Internal network in this instance is our GLP compliant electronic lab notebooks, so that should be easy enough to isolate. My first thought was to airgap the PC entirely and exfil data manually, but that is of course a GLP no-no. I’m thinking this may be a good opportunity to get that whole system reassessed for an upgrade by outlining how much we’d be turbofucked by fines and loss of confidentiality of customer IP if something goes awry. If QA/C-levels read the risk assessment and give the go ahead, that’s fine by me. Wont be my signature. Anyway thank you all for the multitude of replies. I read them all and they are incredibly helpful. I love this thread.
|
|
#
?
Nov 16, 2022 17:24
|
|
|
App13 posted:Got an absolutely cursed request that I am trying to implement in the least damaging way. I got one of those requests. I saved the email as a record, just in case.
|
|
#
?
Nov 16, 2022 17:28
|
|
|
Ha! After a long meeting we’ll be airgapping the PC and simply printing hard copies of the generated reports for our customer. Management assumed this would greatly complicate our compliance stuff, but when I outlined the requirements they were all about it. Securing/revalidating the system was going to cost north of $60k, and this is for a project that will be done by Q1. After that I’m authorized to yeet the whole thing. Everything old is new again.
|
|
#
?
Nov 16, 2022 20:12
|
|
|
App13 posted:After that I’m authorized to yeet the whole thing. the lie that management tells us every time.
|
|
#
?
Nov 16, 2022 20:20
|
|
|
YOU CAN'T YEET OUTDATED TECH! YOU WILL REGRET THIS!
|
|
#
?
Nov 16, 2022 20:39
|
|
|
xzzy posted:the lie that management tells us every time. It’s this or someone coming to your desk in 6-12 months saying they really need it one more time (for real now) and you’ll need to restore the backup.
|
|
#
?
Nov 16, 2022 22:02
|
|
|
What's up with this places that want you to record a video of explaining your resume and why you'd be a good fit? Eat my entire butt.
|
|
#
?
Nov 16, 2022 23:41
|
|
|
Send them the YOSPOS instructional video
|
|
#
?
Nov 16, 2022 23:42
|
|
|
GreenNight posted:What's up with this places that want you to record a video of explaining your resume and why you'd be a good fit? Same companies that only want Rock Stars to apply
|
|
#
?
Nov 16, 2022 23:47
|
|
|
You gotta be hardcore
|
|
#
?
Nov 17, 2022 00:10
|
|
|
GreenNight posted:What's up with this places that want you to record a video of explaining your resume and why you'd be a good fit? Is this to prevent interview fraud?
|
|
#
?
Nov 17, 2022 00:13
|
|
|
H110Hawk posted:Is this to prevent interview fraud? One part that, and at least two parts of making it less obvious that they already have a candidate in mind and are just going through the motions. It's a great timesaver for everyone in the hiring process. Except for the candidates who record a video that never gets watched.
|
|
#
?
Nov 17, 2022 00:18
|
|
|
I did Easy Apply on LinkedIn. Then I got a message from someone at the org that I should fill out the complete application and then we'll talk. An hour later I got another message from someone else at the org saying "hey I see you only filled out half the app, how about we have a call tomorrow? Here is my calendar". So I don't know.
|
|
#
?
Nov 17, 2022 00:21
|
|
|
Video interviews for hotties only
|
|
#
?
Nov 17, 2022 01:41
|
|
|
Who's going to watch that though? Not the hiring manager
|
|
#
?
Nov 17, 2022 01:54
|
|
|
Just be extremely hardcore
|
|
#
?
Nov 17, 2022 01:54
|
|
|
This is me at hard at work *8 hours of a still image*
|
|
#
?
Nov 17, 2022 02:34
|
|
|
Mustache Ride posted:Who's going to watch that though? Not the hiring manager God I can't imagine watching a series of self-interview videos. I'd rather be dead.
|
|
#
?
Nov 17, 2022 03:42
|
|
|
I watched my own after I joined the company and it was like watching a recording of myself masturbating
|
|
#
?
Nov 17, 2022 03:44
|
|
|
Mustache Ride posted:Who's going to watch that though? Not the hiring manager Your innie
|
|
#
?
Nov 17, 2022 04:23
|
|
|
App13 posted:I watched my own after I joined the company and it was like watching a recording of myself masturbating Is that required now?
|
|
#
?
Nov 17, 2022 04:48
|
|
|
Cup Runneth Over posted:Your innie Your innie is kind. Your innie likes to rake rocks as an additional duty.
|
|
#
?
Nov 17, 2022 04:57
|
|
|
App13 posted:I watched my own after I joined the company and it was like watching a recording of myself masturbating OnlyFans will hire anyone... (not a shot at you!)
|
|
#
?
Nov 17, 2022 05:03
|
|
|
kensei posted:OnlyFans will hire anyone... My comrade this is cspam you can make jokes at other posters' expense. It's fine
|
|
#
?
Nov 17, 2022 05:48
|
|
|
Cup Runneth Over posted:My comrade this is cspam you can make jokes at other posters' expense. It's fine Is it, though? Is it CSPAM?
|
|
#
?
Nov 17, 2022 05:56
|
|
|
TIL this is cspam
|
|
#
?
Nov 17, 2022 06:10
|
|
|
Internet Explorer posted:Is it, though? Is it CSPAM? If you look inside yourself you will know that if it isn’t fyad, iz, byob, or d+d, it is cspam.
|
|
#
?
Nov 17, 2022 06:42
|
|
|
All threads lead to CSPAM.
|
|
#
?
Nov 17, 2022 06:51
|
|
|
ASAPRockySituation posted:If you look inside yourself you will know that if it isn’t fyad, iz, byob, or d+d, it is cspam. yospos bithc
|
|
#
?
Nov 17, 2022 06:58
|
|
|
I’m sorry. Yospos is computer byob.
|
|
#
?
Nov 17, 2022 07:00
|
|
|
Vale, subjects. Your consoul has widely chosen be integrated into the empire. Ave CSPAM! We'll conquer \  tokin opposition fucked around with this message at 07:21 on Nov 17, 2022 |
|
#
?
Nov 17, 2022 07:06
|
|
|
Internet Explorer posted:Is it, though? Is it CSPAM? You meant this to come off as snarky but in your heart of hearts, you know you asked because you're terrified they're right.
|
|
#
?
Nov 17, 2022 07:11
|
|
|
tokin opposition posted:Vale, subjects. Your consoul has widely chosen be integrated into the empire. Ave CSPAM! We'll conquer https://twitter.com/CSProfKGD/status/1591456435359064064 not pictured: the part where the reviewer literally said "what if instead of the Prisoner's Dilemma we called it the [n-word]'s Dilemma" (censorship mine, not theirs) cause they reviewer removed it DACK FAYDEN fucked around with this message at 14:21 on Nov 17, 2022 |
|
#
?
Nov 17, 2022 14:17
|
|
|
|
| # ? Jun 3, 2024 01:49 |
|
|
KillHour posted:You meant this to come off as snarky but in your heart of hearts, you know you asked because you're terrified they're right. I'm a complex man, I can be snarky and terrified at the same time!
|
|
#
?
Nov 17, 2022 15:56
|
|