Re: Not just that ...
(btw, when did the Anonymous option disappear ?)
Good question. I can't find it either ...
1215 posts • joined 15 Aug 2009
Ubuntu offer this: https://www.ubuntu.com/livepatch basically your box patches itself and kernel patches are spliced in whilst still running. Free for three systems.
On any Linux distro, install "needrestart". That will tell you what needs a restart after patching and in most cases will even do it for you.
"and enforcing SMB signing."
I haven't had time to get to the bottom of this snag yet but enabling SMB signing is a very quick, easy and low risk change. You probably have it enabled already if you're big enough to need an Exchange system cluttering up the place. Fire up gpmc.msc!
https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/ - Mitigations. Several low cost options there that are a good idea anyway.
"sharing a database engine is why Small Business Server died"
I do not think that is the reason that it died - there are far better reasons. Customers bought it once and then stuck with it for many years without upgrading (often out of fear) - not enough built in obsolescence. It was too hard to upgrade from. I recently did one and getting to Exch 2016 from 2007 involved an intermediate migration to 2010 and the full horror of each step. Took ages.
I deployed a chain saw to fix my home Free Sat reception. The prevailing wind eventually managed to push a bit of a fir tree in the way. It was felled at 2230ish and slightly annoyed my neighbours (I couldn't hear much through my ear defenders and was only mildly inconvenienced.)
Bad move. Mondelez is probably going to have to prove that the US is actually at war with whomever delivered NotPetya (NP). NP might well have been developed for the Russian state or not (who cares - its still nasty) but that does not constitute war.
The US and Russia are not at war: there is no merit in trying to claim otherwise. It might be considered inflammatory and perhaps reckless to imply a state of war might exist.
"Conversely do not use a defibrillator on a pc."
I once used a PC as a defib (well I passed the mains across my heart via both arms), luckily I was in my early 20s at the time and was able to shake it off. On the other hand I was in my early 20s and stupid enough to not treat electricity with due respect.
"I'm guessing we'll need "who monitors the monitors" in Latin now to make it sound impressive in reports, it's no longer about the watchers."
What you asked for is "quis custodiet ipsos custodes" what you will get in return from Equifax is "futue te ipsum et caballum tuum".
"How exactly does the Linux malware get onto the Linux system in the first place, without the user downloading and running the malware and providing the root password?"
Sadly many installers these days consist of something like this:
# curl https://bit.ly/script.sh | /bin/bash
Not everyone downloads the script first and analyses it before running it. To be fair it is no more dangerous than installing *anything* off say Tucows on a Windows box.
This is a proper nerdy article which has slithered onto el Reg. Me: I absolutely love it. You can try and use terms like "Linux supremo" to try and sound a little bit user friendly but in the end this is a complex subject that will have many readers glazing over before line three. STIBP THBIS NONBSEPNSE is close to genius (OK: I spat wine on my screen!) Well researched and documented article - thanks.
Now as to the meat: Spectre and Meltdown have yet to really *be* compromises as far as most of us civilians are concerned. We don't yet hear of any S&M compromises but they surely exist and will be deployed by the clever mob. The not so clever mob (the usual non govt haaxxor nob ends) will eventually come up with something and become a pain.
Keep patching, kids.
"Setting up your own VPN might look like a great solution but it is not as clear cut. For a start you probably end up renting a "machine" somewhere for always-on connectivity and a fixed IP address which will cost more and/or also have the question of who has physical access to it."
For starters you may already have a router capable of being a VPN concentrator already. If not then DD-WRT, Tomato, pfSense, Netgear, Draytek and many others can. You do not need a static IP either - there are loads of dynamic DNS operators available. Most routers will have a built in client for DDNS as well.
So, no: don't think you should rent a machine in the cloud unless you know what you are doing. Subscribe to /r/homenetworking on Reddit or the pfSense forums or whatever and find out how to get your home network in shape first. The only reason I can think of to not host your own VPN at home is if your ISP blocks all inbound access.
"After all, most people in the UK who want to look like they're connecting from the US"
Why on earth would I want to appear to be from the US? My use case is to appear to be from the UK when I am abroad so that iPlayer works and I can be confident that I am not being MitMd.
My OpenVPN relies on *my* CA trust working and if it refuses to connect then I reach for Wireshark to find out why not. If the "free" wifi is being naughty and doling out certs and intercepting TLS it soon becomes obvious.
"Now excuse me while I go and reboot my IOT immersion heater controller with which I replaced the old electrical timer switch that worked perfectly. I'm not joking either, I'm a moron. It must have been a pissed Amazon purchase but I can't remember."
What?? You haven't wired up an ESP8266 based thingie to it for that very purpose. Obvs, you'll need another one to restart the first and then its ESP8266s all the way down ...
We are all morons. You should see what I've done to my U/F heating. I nearly cooked the dog.
"The two features I buy Windows Pro for are the ability to join a domain, and RDP"
Well then we have you covered: Join the domain with winbind (Samba) and use xfreerdp - many GUIs available. I have Kerberized everything on this laptop I am using right now. I get my files by accessing folders in my home dir that magically mount shares via autofs. Libre Office for office stuff. email from Exchange through Evolution. Printing via CUPs. Teamviewer works for providing remote support. KeePass native for password management.
Quite right and go a bit further. Engineers should design against failure and not consider it a bit of a downside.
I am still putting together my IoT stuff at home and one of my requirements is that everything fails safe and has a manual control. So, for example, my home's underfloor heating is controllable via Home Assistant and via the thingies on the wall.
According to McAfee, the average business uses around 1,900 cloud instances, but most of the companies they surveyed only thought they used around 30.
Define average. I suspect that the word instance here is suffering from a severe case of mission creep to assist headline generation. If nothing else I bet that the thing that instance refers to in "1900 cloud instances" is not the same thing as the 30 instances that the companies know about.
"for anyone even daring to think about using IoT for this sort of thing."
Depends on how you do your IoT. I am spending months deploying IoT at home, each step building on the last and tested. My "hub" is Home Assistant running on a Lenovo Thinkcentre (which is properly designed to live in harsh environments). It is backed up and is on a UPS and ethernet connected. I also have a standby VM, just in case. https with a Lets Encrypt cert. and HA Proxy on the front (pfSense router). I have multiple VLANs, host firewalls deployed etc. I maintain my home network to as near to PCI DSS as is possible (yes, really! I'm CREST accredited and do ISO 9001 and 27001 at work) One other design requirement is that everything fails safe and/or has a manual control where applicable.
This lot has to be signed off by wifey ...
1/2 a trillion years?
I think you'll find that is 1/2 a treellion years (and could probably do with a few more eeeees). It is a staggeringly long time ago. In the age quoted (558 million years) even the least significant bit is rather a long time: eight million years. Start breaking down the timescales into bits and it all gets a bit overwhelming.
Biting the hand that feeds IT © 1998–2019