|
Crowley posted:I'll drop my MS rep a mail on Monday asking about this. I am honestly really curious what you thought you needed cals for. Crowley posted:(I'll still on ahead with the project though.) I am not emotionally invested in it. Delete whatever you want. Sickening fucked around with this message at 20:46 on Dec 11, 2015 |
# ? Dec 11, 2015 20:42 |
|
|
# ? Jun 8, 2024 04:10 |
|
Sickening posted:I am honestly really curious what you thought you needed cals for. Boss' idea. It's become a Powershell exercise.
|
# ? Dec 11, 2015 20:57 |
|
I actually just found two cisco umis in my office, and I can honestly say that I have zero idea how they arrived here and I have nothing that says I purchased them...
|
# ? Dec 11, 2015 20:57 |
|
Sickening posted:I am honestly really curious what you thought you needed cals for. My understanding is that it's a Client ACCESS License, so only used when some directly accesses the product, you can make as many users as you want, be it in a SQL CAL license environment or Server OS.
|
# ? Dec 11, 2015 20:59 |
|
Judge Schnoopy posted:I'm so glad HTML5, Android, and IOS is killing Java. The faster this happens the happier everybody can be. Flash too.
|
# ? Dec 11, 2015 21:01 |
|
GoatShaver posted:I actually just found two cisco umis in my office, and I can honestly say that I have zero idea how they arrived here and I have nothing that says I purchased them... Were they a shorter lived product than the Flip acquisition? It's hard to tell with Cisco.
|
# ? Dec 11, 2015 21:07 |
|
iajanus posted:Been dealing with calls about this all morning since we have an addin that is critical for all our customers that obviously doesn't run in safe mode. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\14.0\Outlook\Security] "DisableSafeMode"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\14.0\Outlook\Security] "DisableSafeMode"=dword:00000001 Create a .reg file paste that in it, deploy. I've never had an issue with outlook that made me think "Yeah safe mode will fix this" that didn't eventually result in me just rebuilding the profile anyways.
|
# ? Dec 11, 2015 21:09 |
|
Judge Schnoopy posted:I'm so glad HTML5, Android, and IOS is killing Java. The faster this happens the happier everybody can be. You realize that Android apps are written in Java right?
|
# ? Dec 11, 2015 21:40 |
|
Volmarias posted:You realize that Android apps are written in Java right?
|
# ? Dec 11, 2015 21:53 |
|
Their killing web-based java apps, which is great since it's poo poo for web use. It's still widely used for desktop apps in addition to Android. I seem to recall a certain block building program built in java.....
|
# ? Dec 11, 2015 21:57 |
|
Volmarias posted:You realize that Android apps are written in Java right? Android is based on Java, yes. It's been modified to meet the needs of Android, which means the applications built for it are non-transferable to Windows or Apple OS. This actually helps because java developers have somewhere to go to be productive without dropping lovely apps on laptops and desktops. Porting android apps to Windows requires a lot of work, so the hope is that Windows software development frees itself from every Java developer and client programs are made correctly.
|
# ? Dec 11, 2015 22:09 |
|
Judge Schnoopy posted:Android is based on Java, yes. It's been modified to meet the needs of Android, which means the applications built for it are non-transferable to Windows or Apple OS. This actually helps because java developers have somewhere to go to be productive without dropping lovely apps on laptops and desktops. You're technically correct but there are libraries like libGDX which do allow this, to say nothing of frameworks like Cordova which aren't Java but do provide apps for both Android and iOS. Regardless, new Java client software development as in applets or JavaFX is realistically dead, so I'm not really sure what you're talking about.
|
# ? Dec 11, 2015 22:18 |
|
It's worth remembering that there are plenty of Java applications out there that are really quite tied to a particular OS. Many of them people have to use at work all day! Java Android programs aren't special for being like that.
|
# ? Dec 11, 2015 22:31 |
|
God I love it when pentesters pop Enterprise Admin accounts. Monday is going to be so much fun.
|
# ? Dec 11, 2015 22:59 |
|
Mustache Ride posted:God I love it when pentesters pop Enterprise Admin accounts. Someone is getting a pr0digal fucked around with this message at 23:08 on Dec 11, 2015 |
# ? Dec 11, 2015 23:02 |
|
Mustache Ride posted:God I love it when pentesters pop Enterprise Admin accounts. That's gotta be the highlight of a pentester's week/month, no?
|
# ? Dec 11, 2015 23:06 |
|
Volmarias posted:You realize that Android apps are written in Java right? They were. Dalvik, Android's implementation of Java, has been replaced with Android RunTime as of Android 5.0 (4.4.4 if you had a supported device). The specifics of ART are a little wordy to discuss fully here, but the gist of it is that when you download an app, the server checks the capabilities of your android device and compiles the app specifically for your phone on the fly. Of course there are still apps that haven't been updated but Android has indeed shrugged off its' Java roots.
|
# ? Dec 11, 2015 23:09 |
|
Japanese Dating Sim posted:That's gotta be the highlight of a pentester's week/month, no? Yeah, she's at the end of her first week of a 2 week engagement. We're going to leave the EA/DA account she created for herself and get her to do it another way for next week.
|
# ? Dec 11, 2015 23:17 |
|
RyuHimora posted:They were. Dalvik, Android's implementation of Java, has been replaced with Android RunTime as of Android 5.0 (4.4.4 if you had a supported device). The specifics of ART are a little wordy to discuss fully here, but the gist of it is that when you download an app, the server checks the capabilities of your android device and compiles the app specifically for your phone on the fly. Of course there are still apps that haven't been updated but Android has indeed shrugged off its' Java roots.
|
# ? Dec 11, 2015 23:40 |
|
RyuHimora posted:They were. Dalvik, Android's implementation of Java, has been replaced with Android RunTime as of Android 5.0 (4.4.4 if you had a supported device). The specifics of ART are a little wordy to discuss fully here, but the gist of it is that when you download an app, the server checks the capabilities of your android device and compiles the app specifically for your phone on the fly. Of course there are still apps that haven't been updated but Android has indeed shrugged off its' Java roots. You are confused. Dalvik and ART are both different virtual machines to be targeted, they do not change the language you use. ART opens up access to newer APIs of course, but so did newer versions of Dalvik compared to older versions.
|
# ? Dec 11, 2015 23:48 |
|
A page-out came in for a couple devices offline. We did a moderate upgrade last night, so I was a bit worried. When I checked the logs, I found they'd been rebooted 6 hours after our change window, and a good 10 hours after we stopped doing any work. Somebody did a "UPS Test" at a major data center. Somehow, this brought down EVERYTHING. Test failed!
|
# ? Dec 12, 2015 00:09 |
|
Just curious, for those of you out there maintaining a Windows Server infrastructure, how do you manage Windows Updates? Do you take care of it manually? For my needs I run SCCM against the servers for updates and have dedicated monthly maintenance windows where they can be installed/rebooted, with some script automation used to automatically remove these from monitoring when they go down. For more complicated servers where we need to validate specific services/functions or reboot the servers in a specific order I'm looking into System Center Orchestrator. It's somewhat obtuse but seems like it's a perfect fit for managing a complicated reboot/update runbook in an automated fashion.
|
# ? Dec 12, 2015 00:13 |
|
quote:Subject: QuickBooks is making me cry Internally, I posted:"admin permissions needed" would have fit the 7-syllable structure, actually
|
# ? Dec 12, 2015 00:38 |
|
In the continuing adventures of "Clients do dumb things with SANs" the facilities department of a client found a stack of old Xserve RAIDs in a storage closet which is troublesome itself. The first thing the client thinks of doing when they find out is to use the RAIDs to expand their SAN volume because they're "running low on space". My reaction was a mix of and as I nicely told him that really wasn't a good idea.
|
# ? Dec 12, 2015 00:43 |
|
pr0digal posted:In the continuing adventures of "Clients do dumb things with SANs" the facilities department of a client found a stack of old Xserve RAIDs in a storage closet which is troublesome itself. Expand their SAN by what, tens of gigs?
|
# ? Dec 12, 2015 00:56 |
|
quote:Although the Xserve RAID contained 14 drives, they were split into two independent groups of 7 drives each managed by an identical RAID controller. Importantly, the controllers were independent, but not redundant; each managed seven of the storage array's fourteen drives, given a failure of one of the controllers those 7 drives were not accessible: the other could not take over its duties. Xserve RAID did, however, have redundant cooling units and power supplies. I guess maybe they were good at the time? I still see people using them today and they're always the clients to run away from because you can tell they've been told hundreds of times before to replace their ancient storage and haven't because "it's working fine!".
|
# ? Dec 12, 2015 01:42 |
|
Thanks Ants posted:I guess maybe they were good at the time? I still see people using them today and they're always the clients to run away from because you can tell they've been told hundreds of times before to replace their ancient storage and haven't because "it's working fine!". One day it explodes, and whoever is currently contracted gets "How could you let this happen?" screamed at them, then taken to court for lost earnings and a new SAN.
|
# ? Dec 12, 2015 02:03 |
|
Mustache Ride posted:God I love it when pentesters pop Enterprise Admin accounts. About four years ago I was working for a mid-size retail company. The network director didn't notify anyone that he was doing an aggressive pentest internally, and gave the pentesters a port configured with the same firewall/acl rules as if someone plugged in a laptop/rasbpi with 3g into am open network port in a store. I knew there were consultants in one day, but didn't know they were pentesters. Around lunchtime I start getting virus alerts on one of our domain controllers, and start flipping the gently caress out. I hit up my boss and drag him into the network director's office, and go "we have a big loving problem." It was only at this point that we both were notified about the pentesters. In the after action review, they got domain admin through the following steps: A network admin was running vnc without a password on a secondary workstation on a kvm under his desk. Logged in with local admin privileges. From that they got the Sam file, and had it cracked within an hour due to a weak password. From there they had admin access to every desktop. From there they were able to scan cached credentials and found a workstation in one of our datacenters that had a logged in domain admin. Through some local escalation privilege they were able to get the password, and the rest was history. When they came back the following year, the worst thing they could find was a default password for websphere on a third party vendor system that we had no control over.
|
# ? Dec 12, 2015 02:16 |
|
devmd01 posted:open network port in a store. Wha?
|
# ? Dec 12, 2015 02:24 |
|
Thanks Ants posted:Wha? You know the old saying. Any port in a store.
|
# ? Dec 12, 2015 03:03 |
|
Thanks Ants posted:Wha? Retail. Physical store location. As if someone walked in off the street, unplugged a printer or whatever, and plugged in a device to start scanning the network.
|
# ? Dec 12, 2015 03:13 |
|
McNally posted:You know the old saying. Any port in a store.
|
# ? Dec 12, 2015 04:59 |
|
devmd01 posted:About four years ago I was working for a mid-size retail company. The network director didn't notify anyone that he was doing an aggressive pentest internally, and gave the pentesters a port configured with the same firewall/acl rules as if someone plugged in a laptop/rasbpi with 3g into am open network port in a store. God, I wish more companies realized this is the way to test your security. When I did internal testing, our only constraints were no exploits that could crash the system, no DoS, that kind of thing. And absolutely no-one was to be informed of the test other than the C-levels and the team members actually doing the test. Part of what is being measured is not just "how do I get in?", but also "how well is incident response handled?" so even other members of the security group never knew if an incident was a test or legit.
|
# ? Dec 12, 2015 05:32 |
|
devmd01 posted:A network admin was running vnc without a password on a secondary workstation on a kvm under his desk. Logged in with local admin privileges. Please tell me someone tied him up with old Ethernet cables and went all "blanket party" beating him senseless with old surge protectors
|
# ? Dec 12, 2015 07:06 |
|
Ozz81 posted:Please tell me someone tied him up with old Ethernet cables and went all "blanket party" beating him senseless with old surge protectors "Liven" the offending port with an etherkiller. No more issues from the KVM.
|
# ? Dec 12, 2015 07:17 |
|
devmd01 posted:Retail. Physical store location. As if someone walked in off the street, unplugged a printer or whatever, and plugged in a device to start scanning the network. That was the bit I was confused by, that a port in a public area would allow that, and that those ports could talk back to a little box plugged into the subnet that the IT team use. I guess that's what you pentest for though and add to the list of things to look out for in future.
|
# ? Dec 12, 2015 14:21 |
|
Thanks Ants posted:That was the bit I was confused by, that a port in a public area would allow that, and that those ports could talk back to a little box plugged into the subnet that the IT team use. I guess that's what you pentest for though and add to the list of things to look out for in future. Well, usually they don't. That's the point of a pen-test though. To make sure IT is making valid design choices and assumptions and that exploitable vulnerabilities are either locked away or patched. I'm pretty sure going from Retail Store switch port to Domain Admin account involved a lot of exploits leveraging poor patch management and weakness in the systems and network architectures.
|
# ? Dec 12, 2015 17:07 |
|
Obama started a speech in the middle of the second day of my SAN upgrade at a major news outlet. This is going to be fun. Thanks Obama!
|
# ? Dec 12, 2015 22:49 |
|
Maniaman posted:A user ordered one of the new Surface Books. It's the first one that we've gotten, so we're taking a look at it and seeing how it works. We fire it up and then press the button to eject it from the keyboard. It instantly blue screened and then would no longer boot. We were eventually able to get into recovery settings and factory restore it, hopefully thats not a common problem.
|
# ? Dec 13, 2015 03:47 |
|
|
# ? Jun 8, 2024 04:10 |
|
Wrath of the Bitch King posted:Just curious, for those of you out there maintaining a Windows Server infrastructure, how do you manage Windows Updates? Do you take care of it manually? We use WSUS and take care of our backend servers manually. WSUS we do 2 pilot groups and then roll out 100-400 machines every 2 days until we're done. The backend we have 2 of "everything" (almost) so, we will patch 4-5 systems a day, the guy doing them checks important services/eventlog before and after patching, some servers need to be rebooted in a specific order and stuff like that, and if the server has a mirror both are not done on the same day (generally a few days apart). It takes a bit and is convoluted but we just don't have a better system in place, yet.
|
# ? Dec 13, 2015 10:27 |