ID Ten T is far safer
68 posts • joined 24 Jul 2015
When I used to do desktop support we had many a drink end up in a keyboard and mouse. After getting to the its a Tea/Coffee the first question was "did you have sugar" which always threw the user. If thney did we directed them to take the KB to the sink and flow a lot of water through it. If there was no sugar we were a little more relaxed as the sugar is what caused the sticky damage. (soft drinks and hot chocolate were also sink runs)
Going back way before that I did have a user who wanted a "smaller" mouse. When I asked why and went to his desk he promptly showed me the mouse going over the mouse mat and diaganonally corner to corner, but the pointer on the screen not doing quite the same. His thoughts were a smaller mouse would make the journey
My misses can use the computers and ipad at her place all day long - as they are only exposed to corporate apps and there are no issues
Problem comes at home when it is just vanilla windows (not even going to head her to the unix devices)
The internet is "google", explorer meant IE and windows explorer
As she had an old imaging app with an old camera, it is no longer called "pictures", but "kodak pictures" (just a sub folder under pictures BTW) - which is even more fun when she talks to her mum (who is even worse) and says to look in "kodak pictures"
Depends if you need to have SOX compliance. If you do, you need to be pretty good with all the security updates and that will include builds.
However, running an old OS - as long as it is patched - is fine for compliance which is one of the many reasons it takes some companies time to update from Win7 to Win10
Businesses would be stupid to allow automated patching like this.
at a minimum TEST -> PILOT -> PROD
While MS are cuplable for a bad patch, the business is responsible for ensuring it does not cause problems for their staff. Very easy to do if you are using WSUS, BigFix, LANDesk
If you follow the minmum of a 3 step cycle and expose more machines each time, your TEST and PILOT phases - if correct - should cover most of your client and server configurations (of course, how you get these phases populated is up for discussion)
We had in a company a few years ago. He wrote a routine to clear down a specific folder on a cluster. all fairly simple. I did not find out for 3 weeks, but over the last three weekends one of our team had been in fixing an issue with a cluster node that had failed.
Eventually I was given the script and asked to look over and it all looked OK, nothing obvious, a few commands and a delete command. I then asked why they suspected this script and was told the node's boot drive had been wiped.
The following weekend and again a node went down. I looked at the script again and ran it line by line instead of just looking and when it got to the delete line instead of wanting to delete the intended folder it wanted to delete the C:\ instead.
Looked closer at the line and there was a trailing space after the folder name, so in those days Windows decided to erase the folder where it was (which due to how the task had been created it ran in c:\)
I would root my phone and remove this and some of the other "system apps" that I do not want, however I still want to use my banking apps and as soon as I root they stop
I have a 2nd phone which is rooted and has all the various xPosed and cloakers, but while some worked for a bit (except BarclayCard), when I currently try them the all fail.
I have even asked that they add a "I accept this phone is rooted and any losses caused by this phone will not be covered by <name of bank here> and I am responsible"
I also pointed out that on an older phone running an old Android (4.4) it was probably so bad that it being unrooted and running a banking app was possibly worse than a newer root android version
No answers on any of those
Saw similar at a previous job. A contractor had come in and written a few scripts to do some temp folder tidying on a large cluster. Unbeknown to me over the last few weekends said cluster had had some serious problems and a node had been completely vaped each weekend. - Someone else was checking these issues and it was not mentioned in our handovers.
I was asked to look at the scripts (just windows cmd) and they all looked OK - looked.
That weekend, down a node went again, so I took a closer look at the scripts.
In a sandbox I copied the suspect script and ran it line by line. All ran well until it came to a delete and there was an extra space after a wildcard. So instead of deleting the intended folder, it deleted the root of the drive it was running on (and this was the system drive)
My understanding is that some of these ransomware do not change date / time stamps so be interested to see what method you approach to detect changes
One way mirror can be good, but depends on how it detects changes. It may also copy over the encrypted files
Also most of the ransomware so far only works on mounted drives / volumes
I have 2 drives that are on my server. I have a routine that mounts them, unlocks, copies, locks and dismounts. One is weekly, the other monthly and for my data, they have numerous versions
I have a manual copy stored at a remote location
I have my own remote NAS running at a family friend that is constantly updated
I have a couple of online cloud providers that are backing up my key data with various version controls.
I can guarantee that someone will find holes in that too, or I may find I have been hit at some point and not been aware no matter how careful I am, or the creators of this crap get more inventive themselves
The GFS backup is good, but when I used to deal with backups' I'd prefer the Tower Of Hanoi approach often supplemented with additional daily and non overwritten monthly's
Shall we try putting into terms they may understand
you have your secure emails / accounts that only you can see - secured
you have your secure crtypto key
However, you need to give the police and whoever else a crypto bypass so they can go in and look when they feel like it
Now stop anyone else from either accidently getting the crypto bypass or working out how to create their own version and stealing all the emails / money
Of course, that is without there being initial errors in the crypto code making it easy to break (WPA)
translated for politicians
As a government you need to put all your money into a safe location... say a safe
You have your key
However, you need to give the police and whoever else a skeleton key so they can go in and look when they feel like it
Now stop anyone else from either accidently getting the key or working out how to create their own version and stealing all the money
Of course, that is without there being initial errors in the lock making it easy to break / bypass (bumping anyone)
Glad I still have this little beauties running even though they sold out to Logitech who dumped the whole shebang.
With the new EUDPA next year you just tell Sonos they have to remove ll the data they have and you do not give consent.
Cal then a week later ask for what they have on you and then if they have anything report them and hope the ICO or whoever use their teeth with the level of fines they can impose with the new act
Be nice if they stopped apps from installing from %appdata% or provided someway to force the apps to the relevant %programfiles% or %programfiles(x86)%
allowing apps to run form there is a major pain, and it is not always easy to just use security restrictions to block the option as a number of apps want to install there with no alternative option
HASHING is OK to a point and folders are a bit of a pain in a corporate environment
So the employees can only go via arbitration as per their contract, but when Oracle lost that case the first thing they did was go running to the courts.
The Judge should have increased the amount and pointed out to Oracle the double standards and that this extra payment is a warning for them not to do it again
That's why you have testing phases and an ability to ensure that if you are asked to stop patch KB1234 as it breaks Product A, you can still push KB1234 to all other devices except those that match the criteria
Also ensure you have an ability to do an emergency push - AKA patch KB1234 to everything NOW, even if it means a percentage of devices crash. What is the best case scenario you are prepared to accept.
Just needs a little planning and agreement
To be honest, I am also surprised with some of these companies that they are hit as certainly in the past I had to prove the patching to internal / external auditors and for SOX compliance.
They would accept small levels of devices not being patched fully or even missing from the relevant systems - especially if at a global / regional level you could prove you were doing all you could and chasing local IT to resolve the issues
Windows Server: PowerShell method (Remove-WindowsFeature FS-SMB1)
Windows Client: PowerShell method (Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol)
Not surprised about WPP - who are being named on R5 live a lot
IBM and no idea who or what they are doing about patching these days. Used to be good
I leave a set at work, - encrypted and off site
the ones I have at home for a weekly and monthly copies auto mount, unlock, copy, lock and then auto dismount - an ideal use for old HDD's that were replaced with SSD's and a cheap £5 caddy
Like to thnk of it as an immediate protection against ransomware
I do use some cloud backups as well
Contractors are easy pickings which is why they are being targetted, especially when you read articles this week about 2 consultancies who have taken billions from the government who have paid £0.00 corporation tax
Why not go after these companies instead and get the far richer pickings... Oh yeah, they can and will fight back where us the single contractor cannot do that
If that is in your contract then you are good as they cannot get out of it, but never seen that in a contract I have had.
If they could pay you nothing they would, but they have to pay the statutory minimum
At the company I was at, you can see which countries have good work laws as some countries still have some staff left behind as it is too expensive to get rid of them.
Just be glad you are not in the America's. I hear my old colleagues were really screwed
Probably worth less than that as IBM undercut everyone to get the deal, but the time they have paid the fines for being so appalling. Saying that, Lloyd's may make a profit out of IBM - won't have any IT though
And yeah, LBG may have paid good redundancies (and they still do to the floor staff), those over to IBM, statutory minimum here we come
Indeed that is the method they use
Whatever VR payments Lloyds use are down to them, all IBM have to do is provide Statutory minimum.
What irks IBM is when you come over with really nice holiday (30 days plus) and perks that are on your contract that they don't offer or some poor long term IBMer will have had to work for 20yrs + to get
Well, we know their security is good after the Aussie Census
Any Lloyds bods reading - leave now, you won't regret it - they will let you rot while you do a transfer of knowledge to the offshore team and then you will get made redundant with the statutory minimum.
Yes - Tuped over a little while ago. I left and am far happier than any of my colleagues who hung on and then got made redundant or left.
Biting the hand that feeds IT © 1998–2019