TargetFree3831

I mean...how are these being exploited? I only see an attack vector through Fortigate SSL VPN which is disabled now in modern firmware. SSL VPN has been insecure for aeons now.

I think you're the upset one here, pal.

IMO dude you're on your way out...he's bringing in a 3rd party to manage this and won't spend any money on temporary tools he won't need.

The issue with your "tape needs to die" is the ability to move that much data to the cloud before the next backup is finished. People backup an insane amount of data these days, and tape is still slated to grow in capacity for the next 15 years - its not going anywhere. In our case, our lines simply cannot move enough data per night to the cloud - tape is the only way that makes sense instead of paying $25K/mo for the upload speed it would require to move it. The ability for tape to mindlessly process that data without saturating the internet lines is worth its weight in gold. Literally. Tape is literally saving us $2million dollars just in upload cost alone.

of course you dont need it, but you'd be a fool not to if you consult regularly in the IT-field. you need to protect your assets like your home, cars savings, etc. from lawsuits resulting from the work you do. plus, corporations would rather work with a business entity than an individual and many have legal requirements to do so, so you vastly increase the potential scope of work. if you do enough of it and make over $60k/yr, going to an s-corp is even better for tax benefits. end of year tax/paperwork is no big deal at all, your business profit "passes through" to your personal return. all you do is report income and expenses on schedule C on a standard Form 1040...no separate business tax return is required. it couldnt be easier. plus you can write-off all of your computer expenses, software subscriptions, home office, and internet costs. imo everyone should have one, even if they dont do a single side-job. if you make no money at all, you dont even need to report it and you just do a standard 1040 and skip schedule C. it couldnt be easier.

form an LLC online for like $2 and bill them for support. seriously. nobody works for free today and nice guys finish last. this wont be the last time and its a good thing to have regardless - imo every IT support person should have their own LLC for things like this. I do, and I support other companies as well through it as well as working full-time. you need to set your boundaries. if they need the help, they'll be more than happy to pay for your help to keep things running smoothly. if not, fk 'em. times are tough and people need to be compensated for their time now more than ever. for real.

I had this happen on a Dell XPS and it was related to the NIC gaming software installed on it. It's some performance software meant got "gaming" NICs and it absolutely crushed performance. Not that it's related to you, but that's an easy check. I just uninstalled the NIC management program in add/remove and performance was perfect from then on. I forgot what that POS software is called though...

Some of the arrogance in this sub kills me... "omg if you still have RC4 you suck, git gud or git packing" comments...not everyone even has a communications channel to get updates about things like this. There are tens of thousands of admins and 1-2 ppl IT shops who wear 20 hats who havent touched AD in a decade because it just works and have no reason to dig and realize RC4 is even a thing. I didnt and i've been doing this for 30 years. We run windows updates and things keep working - we don't check to sift through what policies MS decided to toss at us which will break our AD after 3 decades of working perfectly...MS would never do that, \*right???\* Some of you must understand this is how MS used to do things and thats what older admins have come to expect: \*compatibility no matter what\*. They have done the absolute worst job possible at communicating these critical changes clearly and effectively, Hell, they dont even enable the registry edits we need to audit this, so you can be a great 'lil admin and check your event logs daily and \*wont find jack about these sudden new events since they wont be logged\*. Anyway, if you have an old AD which predates 2008 server, watch your service accounts: those need their password changed TWICE in active directory users and computers against a 2008 or newer DC with a 2008+ DFL/FFL or those accounts will still use RC4. If you change the pass interactively via CTRL+ALT+DEL, you only need to do it once. Very simple to test, update the pw, klist purge on the machine that uses it, logoff, log back on, access a share, run klist tickets. It will tell you what you're using and you will clearly see an AES kerb ticket with an RC4 session key if it didnt work. KRBTGT account can still be 0x0, the domain functional raise to 2008 automatically enables AES so even if your krbtgt hasnt been reset since 1999, as long as you're on 2008 functional level, you will have AES keys available to use and there will also be an RC4 available. Set your msds-supportedencryptiontype to 28 on BOTH computers and user accounts which will enable AES128, AES256 and RC4 and nothing else. That will clear you through this patching phase next month no matter what and buy you more time to audit if you need it. All accounts, provided they changed their passwords (computers will have regardless), will be using AES regardless so it will be easy to find RC4.

Some of the arrogance in this sub kills me... "omg if you still have RC4 you suck, git gud or git packing" comments...not everyone even has a communications channel to get updates about things like this. There are tens of thousands of admins and 1-2 ppl IT shops who wear 20 hats who havent touched AD in a decade because it just works and have no reason to dig and realize RC4 is even a thing. I didnt and i've been doing this for 30 years. We run windows updates and things keep working - we don't check to sift through what policies MS decided to toss at us which will break our AD after 3 decades of working perfectly...MS would never do that, \*right???\* Some of you must understand this is how MS used to do things and thats what older admins have come to expect: \*compatibility no matter what\*. They have done the absolute worst job possible at communicating these critical changes clearly and effectively, Hell, they dont even enable the registry edits we need to audit this, so you can be a great 'lil admin and check your event logs daily and \*wont find shit about these sudden new events since they wont be logged\*. Anyway, if you have an old AD which predates 2008 server, watch your service accounts: those need their password changed TWICE in active directory users and computers against a 2008 or newer DC with a 2008+ DFL/FFL or those accounts will still use RC4. If you change the pass interactively via CTRL+ALT+DEL, you only need to do it once. Very simple to test, update the pw, klist purge on the machine that uses it, logoff, log back on, access a share, run klist tickets. It will tell you what you're using and you will clearly see an AES kerb ticket with an RC4 session key if it didnt work. KRBTGT account can still be 0x0, the domain functional raise to 2008 automatically enables AES so even if your krbtgt hasnt been reset since 1999, as long as you're on 2008 functional level, you will have AES keys available to use and there will also be an RC4 available. Set your msds-supportedencryptiontype to 28 on BOTH computers and user accounts which will enable AES128, AES256 and RC4 and nothing else. That will clear you through this patching phase next month no matter what and buy you more time to audit if you need it. All accounts, provided they changed their passwords (computers will have regardless), will be using AES regardless so it will be easy to find RC4.

$150k or walk. No exceptions.

Typical "I just got a sysasmin job", or "hey guise, im a new CISO" post

ipod/mp3 players changed the game

Wow. How you have 64 upvotes for this is astounding. If anyone truly thinks the AI bubble is going to pop they are 1) clearly not understanding what is happening and as a result, 2) going to be very unhappily unemployed, probably for the rest of their lives.

Samsung Galaxy Note 4 = best phone ever made, and it's not even close. Over a decade old and it can still do things an iphone could only dream of. I still have two of them as backups.

You got it. Broadcom hit the lottery with AI. Their diversification paid off = VMware? Flash in the pan. Dedicated HARDWARE runs this planet. NOT software. Not ever. Software is malleable and coded by damn fools getting dumber by the day who trust, ironically, AI to do their thinking for them. Push the shit code...another Cloudflare outage. Get used to it. Never forget this. Hardware holds all the power. It is more important now than at any point in human history. The dual BIOS saved personal computers and made firmware update worries a thing of the past. This will be what saves us from AI shitcoders.

Exactly. They have fingers in all infrastructure. They are pretty much diversification, defined, so they can pick and choose what they *can show on spreadshets* isnt worth it. Remember folks...we are nothing but a rows on a spreadsheet. You know this, right?? Anyway, SMB VMware = not worth the tech support calls alone.

Many very large MSPs are still on 7.

Oracle doesnt make highly power-efficient AI hardware Google, Meta and OpenAI rely on. Broadcom does.

nope, I loathe them. They canned my bro and forced us off esxi in mere months. fk broadcom. ...but I understand their place. I can respect a position despite vehemently disagreeing with its effect on a certain portion of the market. One *I* do not like, despite the position being what is probably best for the business as a whole, including its remaining employees. These are not idiots making multi-billion-dollar decisions, succesafully. We, as a whole, just dont look through their lenses as plebeians amd can't make sense. I promise you their balance sheet supports their positions. They are a public company, this is pure business, highly regulated and highly vetted.

its not a problem if that's your business model (broadcom has always been business-focused, long-term, pricey licenses) look at RAM prices right now. AI demand is crushing consumers worldwide and it will continue for *years*. consumers are secondary.  consumers want their chatgpt and gorgeous tech, and will pay anything to consume it amd make themselves feel good.  businesses have figured that out. they arent in it for vanity. they arent fleeting. they demand consistency, not volatility.  thank Apple for the wasteful consumerist vanity model. it was always a house of cards, bound to reduce itself to irrelevance...which it has.  cell carriers are giving iphones away. they are no longer a premium status symbol and have become commodities, just as they were always destined to be.  broadcom will still be standing when all the bravado and chest-pumping have ceased.  unlike Apple lying to their base, broadcom actually *does* run the world.

not broadcom, they are intrenched in too much already. all it will do is make them leaner and meaner. they are already too bloated (obviously) and vmware is an example. what you think is making them die is making them stronger. they are shedding fat hand over fist.

not a chance they own processes and infraatructure. they will still be around when nvidia is on fire.  broadcom = the cockroaches of tech

This is the way. Havent messed with a cert for 2 years, they automatically renew. 10 websites. It's glorious.

Do the security freaks here realize yet that the biggest threat to infrastructure isnt some russian teenager DDOSer, its the trusted employees youve been overworking and underpaying in charge of patching coming through a revolving door of experts mixed with noobs? INFRASTRUCTURE SIZE is the problem. It becomes unmanageable, efficiently, without great exposure to error. Human error caused this. Again. Not hardware or hackers. All these giant orgs do is allow you to skirt reaponsibility for sucking at providing your own reliable infrastructure. Cloud = Lazy, careless IT.

192.168..no prob. local admin..no prob. admins setting user passwords manually..no prob, not unusual, but there is probably a reason. more on that below... running out of ips..no prob, there are no vlans so its easy..servers wont care where they reside, its all connected, seamlessly. You are in a great position to make real impact with little risk. Your most important task is evaluating the domain controller situation and legacy protocol support. This is what makes me think admins setting passwords is why that is a thing. There are very critical, specific reasons for doing that. So, what is your domain controller situation..OS versions? What Domain Functional level? Forest functional level? DFSR for replication?

Your new job is to communicate and make it appear as though you are valuable. This is the job everyone wants but doesnt realize. <--- 25+ year guru at it here.

lol you guys crack me up with this false sense of security. "fire them" . "block access...use DLP" etc. do you realize how much PRODUCTION CODE is pasted into AI by devs? hardcoded passwords, logins, etc. what do you think the code review companies are using when you pay $30K/mo to make sure the devs arent opening sql injection vulnerabilities in their web portals? a regular user posting sensitive data is pretty small potatoes...there is litwrqlly nothing you can do to stop phone cameras from screenshotting and pasting. as other said, this is a policy problem, not a technical one. you cant secure everything, even with unlimited money.

Momma taught me not to be a quitter. 25years+ In this field guarantees substance abuse. Nobody is equipped to serve so many fucking morons on a daily basis without copious amounts of cope. If users weren't idiots and were competent, we wouldn't have jobs. Think about it.

It happens, happened to us as well. MSPs work off of momentum, rapid change and its inevitable nobody is going to scour over the language - we just want it done. IT peeps arent contract lawyers and they know it. It will be OK, you can push back and argue the spirit of the contract is being negated and without a correction you will be forced, financially, to look elsewhere. They'll work with you, this space is a literal goldmine for them. Paying them $100k/yr puts the leverage on your side and *really* incentivizes them to keep you happy: they are not the only provider in the space. They can focus on short-term profits by screwing you, but that will tell you that is the absolute worst company on this planet to trust with your infrastructure. They know this, they just need to be kept in-check. Could be an honest mistake, we had 2 during a 6mo on-boarding: billing is not aligned well with sales and tech.

Read your Master Agreements. The charges are based on something ya'll signed; there is no other explanation unless deception is at play, which you have a victorious lawsuit on your hands. What do you think is most likely?

lol, such reddit nobody cares, guys...these are good guys...vendors...there are far worse things they can do. if they host your VMware stack, you think they give a shit about a PFX? they literally own your entire businesses future... it makes me laugh how ideologically motivated so much of IT is nowadays. the vast majority of the security landscape is complete bs smoke and mirrors. you are trusting more people than you realize with your shit. we made fun of this in the early 2000's as well, the security push once everyone and their mother became MCSEs and needed to capitalize on their training...security firms came out of the woodwork to bolster the fear in the industry and the "expertise" all these MCSEs had...but it was the sales relationships they made at TechNet pushing new product they wanted to geek out on, not what was best for the business. but it was OK because it was all in the name of being more secure. doesn't every company want to be more secure!?! how could you possibly question that?? McAfee didn't get rich because he had the best product, that's for sure.. its ok, not even a blip on the radar. Just let them know and trust me, you will fuck up FAR worse than this. all good 👍

Any pass expiry is short-sighted. Passwords should never expire and be 16char+, non-dictionary. = Unhackable. I will give you the hash. You can't crack it with any tech on earth. Test me bro.

yup. Zoom excels in broad compatibility and Teams wants you in their walled garden a la Apple

Finally the true answer. No idea how they would both be successful for 30 years while he prides himself on knowledge, which is already outclassed by AI. IT Project Managers wont be replaced by AI anytime soon.

Globe + computer icon = computer is connected to a network but cannot access the internet. Could be ipv6 related - enabled on the NIC? Does the icon match what is by the clock in the taskbar, or is it windows explorer only? Mapped cloud drive? Eithwr way, shortcut to an offsite network location sounds like the right place to start.

Yup. If it's a clean OS you're happy with, snapshot it, in-place upgrade it, and be done. No need to create extra work. Done tons of them and it all falls intonplace like butter. If not, revert your snapshot and do it the slow way.

Nope. No password resets at all. I LOVE fighting audit on this, and I win every year. It blows their mind how LENGTH is so much more superior to complexity. Today's computing can crack a special case upper/lower 8char in 5 min. 16+char minimum, non-dictionary words, upper and lower (we coach users how to do it). Lowest probability to hack is 580billion years. Passwords are not why you got ransomware'd.

That's a literal LOL here... And so true.

Thoughts and prayers bro. We kill ourselves for idiots. Hence, WE ARE THE IDIOTS. The sooner you realize that and change it, the better off you will be.

Fuck 'em, it's not your job to babysit their internal politics. Your systems are yours to manage, not theirs. That's how you handle that.

Deduct the cost of hardware from any final pay, and when onboarding, they sign a document that states you're financially responsible if you do not return equipment. Send them a prepaid label to return any equipment. All else fails, pay for a letter sent certified that states you're suing their asses. They always return it ASAP after that one.

Truly understanding the Recovery process. You should never press a button, anywhere, without being able to undo it, and understand how to, without assistance. Before I do anything, I ask myself: if this breaks for some stupid reason, how will I recover? Nothing gets touched until I can confidently answer that question by going through the process in my mind. Anyone can "back up" but few truly understand efficient recovery for the systems they administer. It's the most underutilized skill out there, imo. Uptimes are high these days with HA, clusters, etc. It's easy to get lazy.

Do you still believe that? No proof was ever demonstrated. I've been running SM for 15 years and can promise you not a single connection to China has been made from any of them. https://www.supermicro.com/newsroom/pressreleases/2018/press181004_Bloomberg.cfm Or do you prefer iDrac just because you think theyre made in America? https://www.servethehome.com/idracula-vulnerability-impacts-millions-of-legacy-dell-emc-servers/

Do you still believe that? No proof was ever demonstrated. I've been running SM for 15 years and can promise you not a single connection to China has been made from any of them. https://www.supermicro.com/newsroom/pressreleases/2018/press181004_Bloomberg.cfm Or do you prefer iDrac just because you think theyre made in America? https://www.servethehome.com/idracula-vulnerability-impacts-millions-of-legacy-dell-emc-servers/

Screw Dell with their 4min reboots and bugged iDrac. Supermicro and Ipmi ftw.

LOL Fuck 'em.

Because the answer to life and everything is 42 bro. Add a high five, and you're at 47. Legit analysis.

Social media ruined the planet far more than climate change concerns have, it just was made worse with all of the misinformation spewed by any dingus with a mobile device. These people were laughed at and shunned before, now they have voices, platforms and influence. Now, like-minded morons have support systems rather than being corrected in the past, and their cockamamy ideas would get shut down right then and there. Accountability, critical thinking and responsibility are gone. It's about instant gratification now and what is true isn't important anymore. We've become a society rewarding popularity, likes, subscribes and views above ALL else. We are literally rewarding people for it. PAYING them to lie to our fkng faces, and nobody cares, "I WANT MY CONTENT NOW, DAMNIT!" It was easy to see a mile away 15 years ago...just never thought it would get so bad, so quickly. The only way out is a massive, extended event that takes out the internet for an extended period of time so people are FORCED to interact again, respectfully, like how it has been for all of humankind until social media. We literally lived right smack in the middle of the most advanced shift in humanity, ever, and saw both sides. We are the only generation, ever, to be proficient, stable and independent with and without internet. So, we *can* judge. *We created this * The irony is that in an effort to unite us and share more with each other, we have become more and more isolated as a species, right in front of each other's faces.

Had to go back to Adobe. What absolutely nobody got right was highlighting documents and adding text. Literally very one we tried screwed it up, was buggy or inconsistent. It is the ONLY reason we had to go back to Adobe, as we do that a lot. Foxit was close, but their highlighter sucks.

GoDaddy: The worst, most popular registrar on earth your mom starts her trinket website with. They shut it down, not Markmonitor. Great to expose this, should never happen again. There will hopefully totally be a "gee, this is a HUGE customer. Don't fk with them before contacting them!" button. This is why the robots will fail taking us over. For now.