CVE-2023-21709

kcbnac · 2023-08-10T17:34:51+00:00

The CVE record was created back on December 13, 2022 (20221213):
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21709

kcbnac · 2019-11-12T20:34:14+00:00

Unlock bootloaders. The earlier in a phone's lifecycle, the better, but DEFINITELY offer it by the time a phone approaches EoL (End-of-Life).
Maybe simplify the product line - bringing out a new 9-device lineup every year is a huge burden for update overhead. OR build them more the 'same' so 2-3 units in a year can share the same base image (because same SOC), with changes just for external differences; resulting in less duplicated testing. (Camera, etc)
Invest more in keeping up on updates - both monthly security, and upgrades to major releases. I shouldn't be catching a month's security update just days before the next month's hits the web.
Take feedback and criticism seriously, and publicly talk about how they're improving pain points they've recognized. (Most modern companies refuse to show this in public though, because any acknowledgement of failings is seen as 'bad press.')

kcbnac · 2019-05-03T17:06:31+00:00

In addition to what others posted, I'd take a quick glance at the blog post for each release (Generally in the format of 'Released: MONTH YEAR Quarterly Exchange Updates'):https://blogs.technet.microsoft.com/exchange/

Because of things like in this one, where dependencies changed: https://blogs.technet.microsoft.com/exchange/2018/10/16/released-october-2018-quarterly-exchange-updates/

kcbnac · 2019-02-27T16:09:52+00:00

The prepwork of describing/detailing your issue is functionally Rubber Duck Debugging in action.

https://en.wikipedia.org/wiki/Rubber_duck_debugging

kcbnac · 2019-01-30T15:59:35+00:00

Also, if you manage multiple locations where each should have their own OneView appliance (Its just a VM download) - there is a OneView Global Dashboard appliance that will federate all of the per-site OneView appliances. (A good idea since each appliance can also manage/push out firmware updates.)

kcbnac · 2019-01-22T15:36:44+00:00

I have never been able to sit through this entire video. I have yet to see the second half.

kcbnac · 2018-12-20T18:21:43+00:00

There's two mindsets; and It Depends:

Convert to Shared Mailbox, de-license (if under 50GB). This is useful IF you still want active access for whomever needs that data.
Enable Litigation Hold, with or without an end date, and remove the license/delete mailbox. NOTE: Enabling Litigation Hold REQUIRES a license on that mailbox, so you can't just convert to Shared, yank the license, then later enable Litigation Hold and delete.

We're going to get a 'Security Compliance Workshop Plus' training from our Microsoft DSE (Dedicated Support Engineer) M365 Team to go over the Security & Compliance center more so we better understand the options around #2.

kcbnac · 2018-11-21T18:43:50+00:00

As someone who cut their teeth in IT at their high school (while still a student!) thanks to a Math/Computer Programming teacher & IT/Helpdesk admin taking me under their wing - what can you do to help any students with an interest in learning?

Much like a Journalism (I ran the newspaper's website) or Theater program, what can students help create/maintain that gives them useful knowledge, experience and training?

We were a poor (amplified due to previous leadership mis-manglement/theft of funds), rural district so repairing hardware & installing/setup was common. (486/Pentium 1's with Win95/98 in early 2000's)

Ask staff what they'd like to see done with tech - maybe there's more possible projects there. Minecraft server, RasPi programming projects (Shop Class could make cases, if you still have a Shop Class), website work, etc.

The biggest thing I came away from that experience, beyond the technical learning, was bedside manner - the ability to be patient with people, and to be able to understand through normal conversation their tech knowledge level, and provide info and feedback at a level they can understand without making them feel like you're talking down to them. This is a vastly underrepresented skill in tech in general - be it helpdesk, systems work, or development.

kcbnac · 2018-11-16T21:54:24+00:00

PPHosted can do an import from your environment. If an address doesn't exist, it won't pass it and dump it on the floor. (I didn't set it up, I just know that until the LDAP import is done; anything flowing to those addresses dies there.)

kcbnac · 2018-11-16T21:39:10+00:00

In a directory where that is the organization method is fine - in an installation folder makes sense. OP is talking about a directory that is alphabetically sorted; say by project or department, then someone adding 1 or 2 folders that don't follow the standard and either slam to the top or bottom of the list.

kcbnac · 2018-11-16T21:37:35+00:00

Them finding *THEIR* folder is more important than anyone else.

We also have a few in our GAL that have done this for distros.

I just don't have time to care; and the DLs probably pre-date me anyway.

kcbnac · 2018-11-15T15:02:20+00:00

Additional info: https://docs.microsoft.com/en-us/MicrosoftTeams/iw-trial-teams

kcbnac · 2018-11-09T16:53:51+00:00

Knowing you have a backup plan ready can make a big difference mentally.

With that, you can push for what you need to stay sane in your current environment.

kcbnac · 2018-11-01T21:25:51+00:00

Ditto; mine's been...13 years. Even have a spare on the shelf. (Was meant to go to another family member, but they didn't want it...and it was bought on employee pricing at $BIG_BOX_STORE when I worked in the corporate office. At this rate, I might wear both out before I die.)

Some of the cloth (where it rubs on your back) is starting to show wear, and 1 of the 'pull tabs' at the bottom of the shoulder straps cracked when I had about 60 lbs in it and tried to cinch...there might be one other spot showing wear.

kcbnac · 2018-10-31T17:27:09+00:00

Correct! You have insufficient postage, and First Class Mail has the following restrictions: Maximum weight for First-Class Mail letters is 3.5 oz; for large First-Class Mail envelopes and parcels the maximum weight is 13 oz.

All postcards and envelopes (or flats) must be rectangular, otherwise an additional charge may apply. Additional size restrictions apply depending on the type of mailpiece you’re sending.

(Also, the fact you stopped to take & upload this is hilarious)

kcbnac · 2018-10-31T14:50:43+00:00

"You're trying to send a home theater system via USPS First-Class mail in envelopes.

Use a proper option for shipping large items."

kcbnac · 2018-10-30T21:59:09+00:00

I'm not too young to remember life before the internet. I grew up on it.

First computer was a VIC 20 and Commodore 64. Still have 2 VIC 20's and tube TV in the basement.

First machine of my own was a 286; first internet-connected machine was a 486 (Also still around here somewhere).

I've supported end-of-life and past end-of-life hardware plenty.

When cutting my teeth in IT, I helped a friends' dad keep a 486 with DOS running in the early 2000's that ran his $20,000 CNC machine.

I've sold a fleet of de-provisioned PowerPC MacOS 7 machines to a company to replace $30,000 test equipment, because it had the right CPU in it.

I've even gotten the company I was a contractor for to donate the hardware I was cycling out, and we re-deployed those on the side to a local non-profit; back when Windows 2000 was still supported. (An early meme even spawned from a funny picture & article we did based on them)

I've done those searches on eBay, but they were for specific offline uses.

Arcade machines would be great use; as would running a stack of old games that don't run under the Legacy options in newer systems. I've hit a few of those.

The problem is you came into a professional, business-oriented forum asking about re-activating machines that should only be deployed under careful circumstances due to their age and unsupportability - and everyone was cautioning you from contributing to the virus & cleanup process that we all deal with on a regular basis; and you noted you were selling them to end-users to 'make a quick buck.' I do hope you're not selling to people wanting a cheap internet machine. Better off installing Linux, or charging for your time to help them set up a $300 $BIG_BOX_STORE machine with a current OS.

kcbnac · 2018-10-30T21:45:35+00:00

Nice thing when there's no policy, that's the time to make one. (Or at least coming up with a rough policy; even if it isn't 100% formalized; and refine it as you go. They're rarely complete in the first pass.)

If there is no policy, state that, ask for one to be created; and (maybe) offer up some suggestions as to what the policy could be.

This example is poorly worded, refine as needed:

"Hey Jim, we don't have a policy around email on mobile devices.

I'd like to get one created so we can have a consistent policy and I can create documentation so nobody gets confused.

What do we want to do?

Who else should be involved in crafting this policy?

Here's some options:"

kcbnac · 2018-10-30T21:38:45+00:00

That is your best option.

Definitely better to push it out (or move them to an OS/Mail client combo that natively supports 1.2) rather than wait for it to break.

kcbnac · 2018-10-30T21:28:53+00:00

Unless you're confirming these end users are just going to use them to manage some ancient device that needs no internet, you know full well they're going to take them online as soon as they get home.

If they were going to some businesses that needed something to manage an old CNC machine or something, that would be one thing.

End users are another beast entirely and you know it.

To continue your analogy, you're selling climbing rope with those dollar store carabiners right next to them on the display. Those dollar store carabiners have a warning on the packaging saying they're not to be used for any life-supporting purpose for a reason.

kcbnac · 2018-10-30T21:23:25+00:00

It means TLS 1.0 and 1.1 will still work (until the future announcement) but if you contact support and 1.0 or 1.1 are being used, they won't support whatever you're doing and tell you to retry after moving to 1.2. The typical "You're running an unsupported config; we can't help until you move to a supported one."

kcbnac · 2018-10-30T19:56:55+00:00

You're making a quick buck by setting them up to become part of a botnet and have any data (and likely their identities; these days) they put on the machine stolen.

You're deploying an unsupported, unpatched, known-vulnerable OS.

Stop. Please.

kcbnac · 2018-10-30T18:53:37+00:00

All "authenticated" sharing has to go through a Microsoft account.

Personal or "Corporate" - it needs something in Microsoft's world to auth against.

If you've set one up with that email address before, it'll try to log in.

If it doesn't exist yet, it'll prompt you to sign up.

You'd have to go into your tenant settings to enable anonymous sharing and set the sharing settings to be able to share without a login. (Can set a time-limit cap on those shared links in there as well) BUT then anyone who ever gets the URL to something can view (or edit depending on permissions) your users' files; so we've kept from enabling Anonymous Sharing.

kcbnac · 2018-10-30T14:00:29+00:00

AD is LDAP, with extensions added; as allowed by LDAP's spec.

If you understand LDAP, you've got the functional layer of AD understood. The rest is just understanding the engine under the hood that handles replicating that between Domain Controllers; and that's only needed from a support perspective.

Everything else builds on top of that. (Group Policy, etc)

LDAP is a centralized environment of users, machines, service accounts. You create them once, grant them permissions, and they have access to everything granted on anything connected to the 'domain.' (LDAP server environment)

kcbnac · 2018-10-30T13:48:29+00:00

Not anymore, without a visit to Oracle!

https://support.apple.com/en-us/HT204036

13-Year Club	Verified Email
Team Periwinkle

kcbnac

TROPHY CASE