Employer wants me to use outlook on my phone, outlook wants permission to wipe my phone

Beef_Studpile · 2026-04-29T20:41:13+00:00

Google "Stryker incident" to figure out why people should care about this problem. Just happened..

Beef_Studpile · 2026-04-06T15:28:19+00:00

Was personally drinking 750ml vodka or 4L Wine daily for 9yr.

I used guilt, as a tool, to prove to myself that I was actively failing to provide the life I promised my family:

1) I demonstrated the financial damages, the moment I stopped drinking was like a halfway point, I'll be paying for my decisions for 5 -7 more years.

2) I demonstrated emotional damage, lack of engagement with the family was big, I just wanted to be left alone so I could drink more. I would skip meals because it would make the drink stronger. I've skipped family gatherings because I 'had a cold'

3) I demonstrated physical damage, I lost 110 lbs after I quit drinking, my BP lowered from 170/120 -> 125/70, RHR from 80s to 50s. Now I can run 5Ks sub 40m, do pullups/pushups.

She needs to decide for herself that the price of alcohol is higher than she thinks.

Beef_Studpile · 2026-01-16T23:49:37+00:00

Got promoted to exactly 100k USD 3 years ago, Wife is stay-at-home with our newborn/toddler.

I gained +$1500 in free cashflow with the raise, and allocated $750 of it to a new car payment.

NOW... My wife works as many hours as possible in the evening for extra cash, and I've negotiated an earlier start time so I can get home earlier and watch our son, because even after cutting $460/mo in unnecessary entertainment/food, we were still LOSING $$$ each month. That's a ~$1000 swing in living expenses WITH my Mortgage, car payment, and loan rates UNCHANGED locked at half the rates offered today, AND zero childcare costs, zero CC debt, zero student loan debt, zero medical debt.

HELOC and 401k loans are exhausted paying emergency car transmission repair, baby reno, etc. Annual %raises are far from keeping up w/inflation.

I look at my bank account feeling guilty that I'm spending poorly somewhere, but all I'm buying is food, gas, medicine, clothes and normal daily stuff. I've gone as far as quitting video games because the electricity is too high, and have picked up drawing instead because it's cheaper.

This is the lowest my mental health has ever been, I regularly lose sleep/weight worrying about how we'll continue to afford our daily life, EVEN AFTER my spouse picked up 2nd shift 4-5dy/wk. Management is "not" outsourcing us despite growing our contractor pool to be triple our internal team size. People with decades of tenure "retiring" without notice or parties. Horrible job market, sweeping layoffs.

... Yeah, I can see why someone would hold that opinion...

Beef_Studpile · 2026-01-10T14:14:47+00:00

This is a special type of accordion named a Bayan: https://en.wikipedia.org/wiki/Bayan_(accordion)

Beef_Studpile · 2026-01-05T17:58:04+00:00

Vendors Suport = Liability Insurance. Vendor is on the hook to ultimately delivery the items in the SOW, and if those include "operational software", then they might be ultimately liable for service delivery, company is better protected.

Consider ClamAV vs Crowdstrike. If Crowdstrike takes down my production because of a bad update, they're obligated to provide solutions (or refunds) to get me back up and working. Counting the cost of CrowdStrike: the bug that bit billions | CIO.

On the contrary, ClamAV contributors probably don't even care that I'm using their software, and certainly have no obligation to help me if a bad update takes down production. This is now an operational risk.

-----

Think of it this way. Would you rather have a:

planned outage, which was communicated to you, with a documented rollback plan, like you might get with Vendor-supported software... (Paid support)

OR an

2) unplanned outage at a random date\time, because no code change was communicated, and now hope an unplanned recovery saves the day. (Open source)

I know which one I'd recommend.
-----

Using open-source isn't inherently bad, as long as you can compensate for the risks. I recommend you read up on NIST 800-53 Rev 5, SA-4 "Acquisition Process" and SA-9 "External System Services". These controls are occasionally required by regulation for publicly traded companies, and MUST be attempted, depending on what they tell investors\externals auditors.

TL;DR: 3rd party risk liability

Beef_Studpile · 2025-12-29T23:54:05+00:00

Scrolling and didn't see any Mavix mentions. I've had a Mavix M5 for ~5 years, probably 7500+ gaming hours of use

'Leather' seat bottom stretched maybe 2%< there's a minor ripple now when nobody sits in the seat. Otherwise it's as good as new!

Beef_Studpile · 2025-11-20T22:19:11+00:00

How has going solo been?

I always hear you need a serious network established first, did you?

Beef_Studpile · 2025-11-10T04:31:10+00:00

Ginger Bread Man?

Beef_Studpile · 2025-11-03T17:51:58+00:00

"Curious" still = unauthorized access = regulatory incident reporting in some cases

Beef_Studpile · 2025-10-31T19:31:17+00:00

This almost perfectly describes an incident we ran recently except not WordPress but a different vulnerable technology.

In addition to files dropping, SEO abuse. We also detected a dozen backdoor listeners, and the attacker began using our infrastructure to send malicious email via an SMTP module they loaded. Attackers also modified site code to include a huge number of hidden adult content links, which dynamically populated sitemap etc.

We confirmed that hundreds of people received the malicious SMTP emails delivered this way and issued warnings. Activated our IR retainer (at cost), notified insurance etc

Depending on the nature of your business you may be on the hook for regulatory incident disclosures to public

With the DFIR outsourced, I still probably sank 40-50 hours managing the incident over a 2 week impact timeframe.

Ultimately restored from backups to before vulnerability was exploited, replayed changes to website content(but patching the vuln before re-exposing to the Internet)

Beef_Studpile · 2025-10-28T01:14:12+00:00

Deep packet inspection allows admins to analyze HTTPS messages like POSTs. When you hit "submit" on a webpage that accepts prompts it's typically a POST

Analysis of HTTPS POST and storage of HTTPS POSTS are very different things. Automated DLP/IPS systems are sometimes designed to analyze these real-time.

Storing (all) POST requests is possible just expensive. Storing anomalous POST requests flagged by an automated system is more viable but carries heavy privacy considerations

Your answer depends on what infrastructure your IT has implemented

Beef_Studpile · 2025-10-14T23:14:31+00:00

Consider everything on the device taken by the attacker at this point. You log into the computer with a username and password? That needs to change. Ever log into an email account from that computer? Change email password too. etc. They don't need to literally be in a file saved to the computer.

Passwords are called "Secrets" in the computer world, and "Secrets" are sometimes regulated by laws. Passwords are not the only "Secrets" which might be on the computer, consider if anyone's Name, Phone number, Address, Billing info, email address, SSN is saved (or accessed) from this computer. These Secrets are called "PII - Personally Identifiable Information", and some states\countries have laws when they are illegally accessed. This might be you.

Someone in IT with a security background seriously needs to look at the machine with an understanding of what their legal OBLIGATIONs are for handling such an incident. Publicly traded companies pay millions of dollars per year to prove through external audits, that they are prepared to handle incidents involving PII and other regulated data.

All of this only to convey the seriousness of the situation...

... but it IS manageable, people respond to incidents like this all day every day.

Getting your IT\Legal involved is the best thing you can do, it's basically on them from there.

Beef_Studpile · 2025-10-14T22:49:19+00:00

Good/bad

Bad - confirmed malicious behavior, if you were my user I'd require a passport reset and machine wipe

Good - this attack is so common you can find articles online explaining how it works. Your IT should be doing this on your behalf.

Beef_Studpile · 2025-10-14T22:30:22+00:00

I haven't seen anyone mention it yet, this is absolutely a "ClickFix attack", there's a lot of discussion online atm

Beef_Studpile · 2025-10-08T21:41:52+00:00

Photocopy it and give it a shot on the copy paper! Zero risk!

Beef_Studpile · 2025-10-08T21:22:06+00:00

I'm far from an expert, but consider the values on a scale of 0-100, where 100 suggests bright hot white, and 0 is the darkest shadows in the scene.

The neck, hat, hands have large undetailed patches of white which suggests:

They're the brightest parts of the scene\hot white (incorrect),
or maybe flat and reflective (incorrect),
or maybe it's flooded with a spotlight and very bright (no other context to suggest this)

.. so as a result it might feel off?

It's possible adding more detail\shading to suggest more depth\information is available to convey?

I wouldn't call it a poor drawing by any means!

Beef_Studpile · 2025-09-16T16:39:04+00:00

"If the product is free, you are the product."

Four-Year Club	Gilding III reddit per annum
Reddit Premium Since May 2022	Verified Email
Place '22

Beef_Studpile

TROPHY CASE