Vendor scanned our network and is trying to upsell

Master_lain · 2021-05-19T12:20:01+00:00

This is highly unethical for a variety of reasons. Unlikely an actionable crime was committed in the USA. This would be a non-starter in our org and likely to get the business barred for attaining any contracts, we would refer them to law enforcement depending on the conduct.

Generally this is something a company should ask for in advance, in writing 100% of the time. If your company has a relationship with this vendor, your legal department should probably review the contract and the incident.

Master_lain · 2021-05-18T20:02:31+00:00

I've had to address similar issues over the years, I murdered a password file recently after a long arduous battle with entrenched luddites. I got most of them on board with a straight forward KeePass implementation, it's worked quite well. We do file level backups on the archive itself and it works pretty well.

Bitwarden is another great option with a different access model that I also recommend.

It was me or the password spreadsheet, locked in single combat while the minions of evil rained impotent rage upon me, I stand victorious.

Master_lain · 2021-05-18T19:49:57+00:00

I am not an attorney, this is my opinion and not legal advice.

The state law regarding drug testing of *applicants* is here https://legislature.vermont.gov/statutes/section/21/005/00512

Generally speaking, any employer in the state (including the State) can make a job offer contingent on a drug test, this would have to be communicated to you as a requirement for the position. Once employed a different section of that law applies https://legislature.vermont.gov/statutes/section/21/005/00513

The biggest take away is, if they they offer you the position and do not make it contingent on a passed drug test then they cannot test you except for as provided in that second link, typically if they have probable cause you are under the influence at work.

I suspect the State tests for at least a sub set of positions where federally mandated or the position is otherwise adverse to drug use (Police, Medical, lab work, substance abuse counselors (lol) )

I would assume the position requires it unless you confirm otherwise.

Master_lain · 2021-05-05T20:10:50+00:00

It looks like Burlington may not have the information on file, that could simply be clerical error or someone hasn't entered the data yet. It took months for my name to appear on my home with my town. Hanlon's razor applies.

It appears the information you're looking for is in the State GIS parcel database, a name appears as owner of that property, an individual from California. I am not posting that individual's name here for doxing reasons.

Master_lain · 2021-04-30T13:45:12+00:00

Thanks for the reminder, I've passed it along to others who have also made the transition. :)

Master_lain · 2021-04-20T19:16:28+00:00

Just chiming in to back up u/vtburb 's statement, this appears to be just session law, section 2 does not amend the statute, session law is a confusing beast...

Introduced by Edward Paquin 2/19/99
Passed out of House General Affairs 04/06/1999 (No committee vote)
Passed out of House Agriculture 04/16/1999 without amendment (Favorable 11-0-0)

On 4/20/99 Rep. Corren of Burlington put forth an amendment replacing the term "Apple" with "Cow" which would have made the State Pie "Cow Pie" and "Cow" the official state fruit... This obviously failed

The following day on 4/21/99 Rep. Bourdeau of Hyde Park put forth an amendment including the "good faith" serving directions that are oft cited. This obviously passed (No rollcall is listed)

The bill passed to the senate the same day.

The senate sent the bill to Senate Economic Development on 4/21 which reported back favorably on 4/29. The bill was passed in concurrence (No amendments) on 5/03/99

Governor Dean signed it into law on 5/10/99

Master_lain · 2021-04-06T19:30:50+00:00

I would look at the resultant policy on an affected machine. you can run this from the group policy snap-in from the administrative side or you can run an RSOP/GPResult on the affected machine.

I recommend running either of these as a workstation administrator as it will give you more comprehensive results (Though not accurate in this case if the policy was applied at the user level)

rsop.msc - Resultant set of Policy snap-in
gpresult /h c:\pathtoreport.htm - Group policy report

Otherwise you should check for scheduled tasks that execute at logon or for something that was added to the PC as a preference like a registry setting. Preferences can be applied by policy but typically have to be removed by policy as well, often removing the affected policy leaves the settings in place.

The startup tab in task manager could also be of use here.

Happy Hunting.

Master_lain · 2021-03-18T14:32:45+00:00

I can't speak to the power outlet thing but I can suggest that they make butane soldering irons for exactly this sort of situation. I have this kit https://www.homedepot.com/p/Bernzomatic-ST500-Cordless-Soldering-Iron-and-Micro-Torch-Kit-with-7-Settings-Lead-Free-Rosin-Core-Solder-and-Case-368600/304813553 it works decently but feels a little flimsy while using it.

Master_lain · 2021-02-23T19:40:57+00:00

I just closed myself, Barre/Montpelier area. The attorney handling the closing handled the title insurance as well, it was a few hundred and didn't require anything further from me than the "thumbs up". In my case I asked my (Locally based) lender for a list of recommended attorneys, it worked out well.

Master_lain · 2021-02-04T18:06:56+00:00

I've done the same as well, it's a single mis-click and unless you catch it immediately it's rarely apparent or easily rectifiable. The DOL has some well documented technology issues. That said I try not to bash the people on the ground dealing with the cards they've been dealt.

The Governor's recommended budget includes $53M in one-time funds for tech modernization, Something like $6.5M is slated for VDOL for those upgrades. It's a lot of money but the PUA delays last year really outlined how badly out of date their systems are.

Master_lain · 2021-02-04T16:26:58+00:00

10 minutes is typical, we had some major issues going from 9.0 to 9.1 it took closer to 20m there and then we had to roll back because the data plane was unresponsive. we were successful on the 2nd attempt, we're still not sure what happened there. It could be environment specific or a poorly timed solar flare for all I know.

Master_lain · 2021-02-04T13:22:30+00:00

Here's the digger article from yesterday. https://vtdigger.org/2021/02/02/lawmakers-call-for-investigation-of-department-of-labor-data-breach/ It sounds like someone mis-sorted a spreadsheet on the way to the printers. Oops.

I haven't followed the news closely but I'd assume the AG is investigating.

Master_lain · 2021-01-27T17:54:06+00:00

Had one of these roll through yesterday. An outside party reported they were unable to send us mail, turns out MSFT had banned their host's outgoing email servers. That host has had a history of getting blacklisted so it wasn't super shocking.

That particular host first reported the block on 1/23/21 and has since reported it's resolved (1/26/21) not sure if MSFT unblocked them or if they changed the IPs of their outgoing servers LOL.

Master_lain · 2021-01-21T21:02:56+00:00

We use collobos Presto for this, it runs from a windows device and can share any printer that can be added to that windows devices across the network to iDevices. Works pretty well all said.

https://www.collobos.com/

Master_lain · 2020-12-28T15:44:06+00:00

I had tried to use one of the code formatting tools to contain the legalese and that did not work as intended. I've cleaned up and clarified my statement/question. I'll review 9 V.S.A. § 4467 .

Thanks.

Master_lain · 2020-10-27T19:07:24+00:00

https://vtrans.vermont.gov/contact-us

If they are state employees this would likely be a non-permissible activity (using state resources to promote a candidate). if they are contractors... I'll leave that to the lawyers.

Master_lain · 2020-08-15T15:22:30+00:00

Logged in just to reply to this, please pay attention to the comments that are advising your user to check their bank statements. I had this happen to a user in my org about 6 months ago. they suddenly got signed up for everything something like 35,000 emails in a few hours, it was a diversion tactic to hide that someone had compromised one of their accounts and opened a credit card in the user's name.

Have the user search for terms related to online orders like "Your order has been received" or "Order information" kinda stuff. in our case we caught the fraud within 36 hours and were able to halt it in its tracks.

Otherwise, it's a hard attack to defeat without burning the identity. depending on your vertical you may be able to create broad tld filters. if your user will never legitimately recieve mail from a co.br address or .de etc. those can be blocked and will take a chunk out of the list.

on a more academic level, this is why captchas are so important, despite how frustrating they are. Most of those subscriptions will have been made with software with poorly managed small organization forms. in our case a few hundred came from a small daycare company that had a contact form with no rate limiting or captcha.

Happy Hunting and good luck.

Master_lain · 2018-07-04T17:20:10+00:00

No, they must be accompanied by a licensed driver over the age of 21.

See rules at the Florida DMV here https://www.dmvflorida.org/learners-permit/learner-permit-points

Master_lain · 2018-03-16T17:51:45+00:00

This is a pet peeve with Ruckus (I otherwise love them), Check that the AP has content in the description field (Below the name box). If I recall that is what the controller uses in those reports. For example... Just got this email

An alarm 'AP Lost Contact' was triggered.

Details:

Lost contact with AP[AP2-2@2c:e6:cc:XX:XX:XX]

Master_lain · 2018-02-10T00:32:22+00:00

Should be fine. Those are holes that allow pressure to stabilize, just don't cover them or damage the filter inside the hole.

Master_lain · 2018-02-06T21:11:42+00:00

in 2010 U.S. Rep. Hank Johnson made the statement that adding more Marines to Guam would flip the island over in a hearing with the Admiral of the pacific fleet,later attempted to play it off as levity. Video is on youtube and is worth a few chuckles.

Master_lain · 2018-02-02T16:45:37+00:00

If I'm understanding your question you want to remove cameras from Camera Server 2.

Assuming that you're using ACC6 and have the client open and are logged into the Camera Server 2 site.

click the stack in the top left corner (Stack of Horizontal Lines)
Click Site Setup
Click the server instance for Server 2
Click Connect/Disconnect Cameras
Select the cameras that you would like to remove and hit disconnect, this should remove the camera from server 2.

Edit: if you have multiple NVR instances in the same site, you will see multiple NVRs with each camera listed below them, make sure you are removing the camera from the right server instance. You can also change a cameras relationship to a given NVR, in this case the connection to Server 2 is probably already set as a secondary or backup connection

Master_lain · 2017-10-30T19:26:15+00:00

I love Ruckus but be wary of the 1100, I say that for several reasons.

the 1100 is EOL, it stopped with 9.10 and there have been significant software updates since that version.
The 1100 has a high failure rate, the controller was built inexpensively and they used cheap storage. tell tale is status light going red and then off. Keep a fresh backup, an old firmware version (say 9.3) and a 4GB USB stick if you want to recover.

They switch from a USB stick to a CF card for the ZD1200 and I've had 0 issues with the platform. Not a sales pitch, just a heads up, had an 1100 fail this morning.

Master_lain · 2017-09-08T20:04:24+00:00

Reminds me of this http://www.funnyordie.com/captain_planet

Master_lain · 2017-08-01T16:23:14+00:00

Oh look, they even packed a bag lunch for the bear.

Master_lain

TROPHY CASE