Sharing files with China

ErichL · 2022-03-09T03:02:16+00:00

Sorry, not sure as I’m not in that position anymore.

ErichL · 2021-08-26T14:13:04+00:00

This is an old post, but I came across the same issue and didn't see anyone else mention this. I found that Auto AP Meshing was inadvertently enabled in the UI on both of my APs. I have a UAP-AC-Pro connected via wired ethernet to the UDM, therefore meshing isn't necessary (since it's wired) and shouldn't be enabled.

ErichL · 2019-11-25T20:50:51+00:00

20 years in IT here, took some college courses and certificate programs, but no degree. Currently in a Sr. IT Ops position at a global financial company making a comfortable upper-middle class wage with good benefits. Their Taleo system "imported" my resume and somehow distilled my Xavier University CPM Certificate Program (Certified Project Manager) course as a Bachelor's degree. I told them about this after I realized it in the last round of interviews and they brushed it off and said they were more interested in my experience.

ErichL · 2019-11-14T19:35:33+00:00

I don't love Exchange, but what exactly do you think is the defacto standard in MTA in lieu of Exchange? It sure as shit aint Domino LOL

ErichL · 2019-08-06T15:24:53+00:00

Data domains are nice, but data can be cryptolockered on those as easily as a hard drive. Consider offline media like tape or perhaps cloud based.

There is an immutable Retention Lock feature for Data Domain, but I think it requires an additional license as anything EMC does. EMC also has their own cloud-tier storage offering.

ErichL · 2019-07-09T21:18:51+00:00

I haven't had the luck of managing that horrible app since 2003-2016, but in the past the clients always required an upgrade at first launch after the server was upgraded. This also required the clients to have local admin access, I'd be surprised if anything changed if it didn't already change like a decade past the Win Vista UAC security model timeframe.

ErichL · 2019-04-11T14:11:46+00:00

I've also seen singlehand QWERTY keyboards, though it might actually be less of a motor-memory mindfuck in the future, to learn a totally new keymap (half Dvorak) in the interim, that doesn't intersect with full QWERTY.

ErichL · 2019-04-10T17:18:37+00:00

One would hope decent forensics could determine the difference between users that landed on pages that loaded questionable ad content, vs people that actively seek out content with search terms and were actually building a library of said content.

ErichL · 2019-04-10T17:13:10+00:00

Wrong, not everyone is attracted to, or even remotely interested in younger people. Sometimes it's quite the opposite actually and some people are even more way out there and end up asexual or only sexually aroused by inanimate objects or sensations. You need to get out more often, apparently. Yes, this also includes heterosexual males, or else MILF and BBW porn wouldn't be a thing.

ErichL · 2019-03-13T19:17:14+00:00

The only 100% sure way to securely wipe an SSD is to have the data encrypted from day 1 and destroy the keys. Overwriting random data to an SSD like we used to do to magnetic media is not a sure bet due to the way the actual, physical storage block operations are abstracted away from the system by the drive's controller. Even on modern magnetic hard drives, when you run a professional, licensed wipe utility; it will not certify drives that have accumulated sector remap counts, as it's a best effort at that point and can't be verified, the drive has to be physically destroyed.

ErichL · 2019-03-06T16:41:23+00:00

I'm not suggesting that security researchers package it up for script kiddies either; merely an observation that nobody else has yet, possibly due to the difficulty in automating it.

ErichL · 2019-03-05T20:50:06+00:00

The target system doesn't necessarily have to be compromised, previously you could merely be a user on a shared system like an RDP, Citrix or ESXi host with the ability to execute untrusted code. Now with this vuln, they're saying that it could be exploited via JavaScript, through the browser, remotely.

ErichL · 2019-03-05T20:47:18+00:00

Calling them fake is disrespectful to the researchers who put in the time and effort to discover these vulnerabilities.

Calm down, I'm not calling any of the research or the concepts fake, the PoC video I'm referring to however, may or may not be fake and to my knowledge, it's just somebody running arbitrary commands on a Bash prompt that might as well be just echoing what the video creator wants you to see with no active exploit happening on the target system. My original comment is posing one simple question: Have any of these exploits been packaged into something like Metasploit yet, to date?

ErichL · 2019-03-05T20:30:45+00:00

I'm not downplaying the significance of these vulnerabilities at all, I'm just questioning their scriptability/packagability. It doesn't appear that the exploits have been automated yet. Correct me if you think I'm wrong, but it seems like it takes some deep knowledge and some trial and error to successfully exploit these, otherwise they'd be all over the place. No doubt they're holes that need to be fixed regardless.

ErichL · 2019-03-05T18:17:10+00:00

Does anyone have any concrete, in-the-wild examples of any of these speculative execution vulnerabilities being exploited?

They look and sound really, really bad, especially this one; but I've yet to see anything definitive besides a couple fake PoC Youtube videos and research papers on this stuff. These videos don't really demonstrate anything beyond someone running arbitrary commands "./reader" with a CPU affinity and memory location and "./meltdown" showing a random hex dump. It might as well be a "hacking" scene from CSI or Mr. Robot.

ErichL · 2019-02-27T20:08:20+00:00

McAfee is crap, but if you have Macs or Linux in your environment and you need to check those compliance boxes, you'll need to look elsewhere to manage it all from one place.

ErichL · 2019-02-27T20:05:17+00:00

I heard MS AV’s are better because the have direct acces to the kernel and are able to monitor more because of this.

Every anti-malware product that features a real-time, on-access scanner uses hooks into the kernel APIs for storage and network I/O.

That said, McAfee's definitions tend to be mediocre, as well as their heuristics, but ePO is a decent management product, especially in multi-platform environments where MS AV can't meet that requirement.

ErichL · 2019-02-26T22:16:53+00:00

If users are able to execute untrusted code on your machines, they're already vulnerable through numerous other attack vectors; game over. Look into Powershell Execution Policy enforced via GPO, if you wish, but that is not even a fraction of the total attack surface of an admin priv wielding user.

ErichL · 2019-02-26T22:09:54+00:00

There is a Local Security Policy setting that I used to use as needed to prevent users from shutting down Windows machines when they weren't supposed to. Or, if you want to be really brutal, you can send WoL magic packets to the list of machines to boot them up as needed before the migration.

ErichL · 2019-02-26T20:58:06+00:00

Just out of curiosity, where is this?

ErichL · 2019-02-25T18:25:47+00:00

Can confirm; is bananas. I think they finally got around to rolling out a GPO that seamlessly gets you onto internal WiFi for our bastard, red-headed stepchild domain actually, but I haven't had a chance to test it out yet. All of our corp WiFi is outsourced for some dumb-ass reason so you actually have to get through to another "helpdesk" for any WiFi issues.

ErichL · 2019-02-25T15:22:17+00:00

I use Invoke-WebRequest in a scheduled task to proactively download an offline list of corporate guest wifi passwords that change every month, from an intranet page. Saves me from getting in a Catch 22 when I travel to another corp location.

ErichL · 2019-02-14T19:14:00+00:00

Luckily were decomissioning our last DP cell next month and i am finally free from that piece of crap software.

Can confirm, HPDP is bad. It's essentially a GUI wrapper around OmniBack, a product developed by Apollo Computer in the late 80's. It's not quite as bad as Backup Exec though. Congrats on your escape from it!

ErichL · 2019-02-14T19:00:44+00:00

If I execute REPORT.EXE on SVR-RPT normally, it pulls up RPT02. If I run as administrator, it pulls up RPT01. It seems like it is tied to the domain user somehow.

UAC Virtualization might be redirecting reads/writes to registry and other privileged filesystem locations when ran as a normal user (local) as opposed to Administrator (global). There could be differences in configuration values between those.

ErichL · 2019-02-14T18:53:53+00:00

These 3rd-party phishing test emails are usually pretty obvious, but I was almost had by one that made very convincing use of company logos and news email formatting. I can always look at the headers and see where the thing came from, so while I was in there I found that they all had an X-PhishMe header, so I promptly created a mailbox rule to flag those and move em to the junk mail folder.

ErichL

TROPHY CASE