hate these ads?, log in or register to hide them
Page 405 of 405 FirstFirst ... 305355395402403404405
Results 8,081 to 8,098 of 8098

Thread: I don't need sanity, work in IT (thread) every day

  1. #8081

    Join Date
    May 31, 2011
    Posts
    3,166
    As a quick initial check, I'd check the file's owner first, perhaps that's already giving away who created them.

    I'd also check the common autostart locations (folder "Startup", registry "Run" key, Scheduled Tasks) to see if there's hiding some script which creates 'em.

    [Added]
    And last but not least, there may be some kind of 3rd party backup software, that creates them. Either installed directly on the machine or via some agent on the machine, that gets its commands from a backup software server elsewhere.
    Last edited by Hel OWeen; August 31 2017 at 01:55:48 PM.

  2. #8082
    Donor halbarad's Avatar
    Join Date
    April 9, 2011
    Posts
    4,737
    Working with another supplier for a customer. We're trying to install something automatically that the other supplier claims can't be done (or they've never seen anyone do it), they are experts in this software and doing custom dev for it apparently.

    I looked on the iso for it and there are batch files there to do it. They don't quite work for the infrastructure we have to use but luckily a mix of Orca and examining log files from manual installs shows me what I need to do and the MST values I need to add. Part 2 of the application needs Sharepoint and a bunch of config there, easy enough to handle since we've got that stuff scripted already, but still hitting issues with it.

    I decided to email their "specialist" some log files and a summary of the errors I'd seen in them to see if he knew anything and his response was "no but Google suggests these things....". I then get an email from their PM, who works in very strict time frames and doesn't seem to understand that as we're deploying to Azure x days of effort doesn't mean x calendar days. The email is basically summed up to "we were expecting it done for next week, will it be ready? Why haven't you asked us for help more often if you are having problems?"

    It's very tempting to reply with a few snide comments about how their experts claimed what were doing isn't possible but we've almost done it and how the times I've asked theyve just sent me Google results back. I suspect that wouldn't go down well with them or my bosses.

  3. #8083
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    11,970
    Quote Originally Posted by halbarad View Post
    doesn't seem to understand that as we're deploying to Azure x days of effort doesn't mean x calendar days.
    Is this some Azure-specific thing, or simply them not getting that e.g. 2.5 days of effort might be half a day every weekday of a week, as in it's not your only priority? Before accounting for some progress having to wait on others.
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

  4. #8084
    Donor halbarad's Avatar
    Join Date
    April 9, 2011
    Posts
    4,737
    Quote Originally Posted by Daneel Trevize View Post
    Quote Originally Posted by halbarad View Post
    doesn't seem to understand that as we're deploying to Azure x days of effort doesn't mean x calendar days.
    Is this some Azure-specific thing, or simply them not getting that e.g. 2.5 days of effort might be half a day every weekday of a week, as in it's not your only priority? Before accounting for some progress having to wait on others.
    A mix of both. I'm deploying the full stack as templates that take ~3 hours to fully deploy and configure. I can shortcut this a little and just deploy it once and keep reapplying the configuration script to the VM (PowerShell DSC in this case) and slowly iron out the bugs but at some point I'm going to have to redeploy the whole thing to make sure the full process works, and sometimes you end up with installs that just won't cleanly remove themselves if they fail so you need to redeploy at least some of it.

    The installation for this part of the platform takes anywhere between 10-30 mins before I hit errors. I think their problem mostly boils down to "we like the idea of automating this (especially if they get copies of what we're creating so they can reuse it) but we just want to get paid for the work and you're slowing us down by trying to do things 'right'" or something like that.

    Their PM is really focused on sticking to the timeline that they set out, to the degree that we spent about an hour on a conference call where they discussed every single step on this gantt chart and what was involved when they could have just went with "at each of these stages we'll do x, y and z unless otherwise noted".

  5. #8085

    Join Date
    April 13, 2011
    Posts
    5,179
    Quote Originally Posted by halbarad View Post
    Their PM is really focused on sticking to the timeline that they set out, to the degree that we spent about an hour on a conference call where they discussed every single step on this gantt chart and what was involved when they could have just went with "at each of these stages we'll do x, y and z unless otherwise noted".
    Everything after the second word is redundant.

  6. #8086
    Liare's Avatar
    Join Date
    April 9, 2011
    Location
    Denmark
    Posts
    10,712
    Viking, n.:
    1. Daring Scandinavian seafarers, explorers, adventurers, entrepreneurs world-famous for their aggressive, nautical import business, highly leveraged takeovers and blue eyes.
    2. Bloodthirsty sea pirates who ravaged northern Europe beginning in the 9th century.

    Hagar's note: The first definition is much preferred; the second is used only by malcontents, the envious, and disgruntled owners of waterfront property.

  7. #8087
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    11,970
    See also https://www.reddit.com/r/programming...struction_set/

    Still waiting for which CPU the halt vuln is on. https://twitter.com/xoreaxeaxeax
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

  8. #8088
    Liare's Avatar
    Join Date
    April 9, 2011
    Location
    Denmark
    Posts
    10,712
    if he where looking for "official" back-doors he should be looking for shared instructions rather than stuff that stands out per vendor, but then some things are best left undisturbed.
    Viking, n.:
    1. Daring Scandinavian seafarers, explorers, adventurers, entrepreneurs world-famous for their aggressive, nautical import business, highly leveraged takeovers and blue eyes.
    2. Bloodthirsty sea pirates who ravaged northern Europe beginning in the 9th century.

    Hagar's note: The first definition is much preferred; the second is used only by malcontents, the envious, and disgruntled owners of waterfront property.

  9. #8089
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    11,970
    Hey, at least we all recently gained the NSA's ability to disable the Intel Management Engine (sorry, enable "High Assurance Platform" compliance) if you don't trust networked black boxes inside your CPU.
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

  10. #8090
    Liare's Avatar
    Join Date
    April 9, 2011
    Location
    Denmark
    Posts
    10,712
    Quote Originally Posted by Daneel Trevize View Post
    Hey, at least we all recently gained the NSA's ability to disable the Intel Management Engine (sorry, enable "High Assurance Platform" compliance) if you don't trust networked black boxes inside your CPU.
    yea, because something better has been rolled out m8, i'd wager some sort of "escalate to ring 0 and trojan-horse the fuck out of the uefi system that no debugger can reasonably detect" being the norm.

    besides, it's really a enterprise level feature that has no place in the private computing space, AMT is fucking ace from a "i support these +1000 boxen around the world, and i cannot be arsed to deal with it" point of view.

    Hacking team was caught running a ghetto version of this, but if you're uncle america you can coerce the manufactors into giving you priviledged access all the way trough, so that the tools will not see your fucking malware, because the system pretends it doesn't exist.

    hacking team does supply a number of agencies, but notice who's missing. and the comparatively small sums involved w.r.t. american customers.
    Last edited by Liare; September 10 2017 at 09:23:30 PM.
    Viking, n.:
    1. Daring Scandinavian seafarers, explorers, adventurers, entrepreneurs world-famous for their aggressive, nautical import business, highly leveraged takeovers and blue eyes.
    2. Bloodthirsty sea pirates who ravaged northern Europe beginning in the 9th century.

    Hagar's note: The first definition is much preferred; the second is used only by malcontents, the envious, and disgruntled owners of waterfront property.

  11. #8091
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    11,970
    The wikipedia page for them reads like they're amateurs, just using regular vulns to gain root & install kernel modules for eavesdropping.
    The UEFI persistence doesn't sound novel, it's the weakness people have complained about since day 1, and the reason there's that undocumented HAP bit.
    What are you proposing that's lower & better than the UEFI or ME?

    The Intel ME leak is almost certainly not intended, it's much more likely the inevitable discovery of a backdoor to the backdoor that makes for compelling evidence against all the stupid shit politicians keep calling for while claiming they magically won't be exploited.
    Just like the other recent NSA toolkit leaks that then fed into negative publicity such as the UK's NHS systems being heavily impacted, with significant blame able to be placed on the NSA for not reporting flaws for years & gambling that they'd be better able to abuse them than anyone else in the world with other intent. Mainstream news was reporting it in layman's term as being like a biological/nuke weapons stockpile & making it obvious how this can blow up in your own face, as it just did.

    I would not assume that the NSA's able to perfectly coordinate burning 1 set of tools once they've found another, nor do they have any real incentive to do so, especially with how heterogeneous mitigation procedures are across the world's computer systems. Older mechanisms can live on for a very long time (especially in heavy industry & public infrastructure), certainly there'd be as many domestic commercial systems put at risk by publicising the old flaws as foreign systems made accessible by new ones. You just make more work & pressure for yourselves if you release a glut of flaws for the public/country you're charged with protecting & not looking incompetent in front of.
    Last edited by Daneel Trevize; September 11 2017 at 08:02:51 AM.
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

  12. #8092
    Liare's Avatar
    Join Date
    April 9, 2011
    Location
    Denmark
    Posts
    10,712
    Quote Originally Posted by Daneel Trevize View Post
    The wikipedia page for them reads like they're amateurs, just using regular vulns to gain root & install kernel modules for eavesdropping.
    The UEFI persistence doesn't sound novel, it's the weakness people have complained about since day 1, and the reason there's that undocumented HAP bit.
    What are you proposing that's lower & better than the UEFI or ME?
    hacking team more or less are amateurs meight, it's the sort of vendor second and third tier countries rely on.

    And i am not proposing anything lower than UEFI, but rather that the tools available will find nothing wrong in large part because the backdoor is designed in from the get-go with cloaked storage and what not, that's the insidious nature of something like that, if you assume that you cannot trust the underlying architecture then you're essentially fucked unless you go all in and fab the chips yourself from the architecture and up.

    The Intel ME leak is almost certainly not intended, it's much more likely the inevitable discovery of a backdoor to the backdoor that makes for compelling evidence against all the stupid shit politicians keep calling for while claiming they magically won't be exploited.

    Just like the other recent NSA toolkit leaks that then fed into negative publicity such as the UK's NHS systems being heavily impacted, with significant blame able to be placed on the NSA for not reporting flaws for years & gambling that they'd be better able to abuse them than anyone else in the world with other intent. Mainstream news was reporting it in layman's term as being like a biological/nuke weapons stockpile & making it obvious how this can blow up in your own face, as it just did.
    you still have to break into the proverbial house and browsers as well as attendant services are far too monitored to dicker about with, not that it has not been attempted mind you, there are also another aspect to consider, once you start using a exploit, intentionally added backdoor or otherwise, in the wild detection is a matter of time, you dont want to burn the golden eggs on chaff.

    I would not assume that the NSA's able to perfectly coordinate burning 1 set of tools once they've found another, nor do they have any real incentive to do so, especially with how heterogeneous mitigation procedures are across the world's computer systems. Older mechanisms can live on for a very long time (especially in heavy industry & public infrastructure), certainly there'd be as many domestic commercial systems put at risk by publicising the old flaws as foreign systems made accessible by new ones. You just make more work & pressure for yourselves if you release a glut of flaws for the public/country you're charged with protecting & not looking incompetent in front of.
    it's pretty easy to see a incentive to burn a tool like that, a "competitor" is caught using it and they have a alternative facility available.

    it's still going to be around of course, but putting it out in the public means it's solved come the next hardware cycle, you can always expedite a hardware refresh for the equipment "at risk".
    Viking, n.:
    1. Daring Scandinavian seafarers, explorers, adventurers, entrepreneurs world-famous for their aggressive, nautical import business, highly leveraged takeovers and blue eyes.
    2. Bloodthirsty sea pirates who ravaged northern Europe beginning in the 9th century.

    Hagar's note: The first definition is much preferred; the second is used only by malcontents, the envious, and disgruntled owners of waterfront property.

  13. #8093
    Donor Sparq's Avatar
    Join Date
    April 11, 2011
    Location
    Strayastan
    Posts
    8,649
    Assuming most people here already know about this, but;

    BlueBorne: Bluetooth bug could expose billions of devices to attack, cyber experts warn








  14. #8094
    root's Avatar
    Join Date
    April 26, 2011
    Location
    The Camel Empire
    Posts
    2,844
    A coworker told me it was already known half a year ago, why is it now all over the news?
    Is this a new attack?
    The Rapier is my love boat
    ~lowsec smallscale pvp 'n stuff~

  15. #8095
    tulip's Avatar
    Join Date
    April 11, 2011
    Posts
    1,971
    Quote Originally Posted by root View Post
    A coworker told me it was already known half a year ago, why is it now all over the news?
    Is this a new attack?
    I think it's just a security firm that has finished their counter-measure program drumming up business by releasing these videos.
    Quote Originally Posted by Tarminic View Post
    Just for the record, "sending a needy text" is never the right answer.

  16. #8096
    Daneel Trevize's Avatar
    Join Date
    April 10, 2011
    Location
    T L A
    Posts
    11,970
    Google & some others were contacted April 19th, but public disclosure was scheduled for Sept 12th.
    "Armis reached out to the following actors to ensure a safe, secure, and coordinated response to the vulnerabilities identified.

    Google – Contacted on April 19, 2017, after which details were shared. Released public security update and security bulletin on September 4th, 2017. Coordinated disclosure on September 12th, 2017.
    Microsoft – Contacted on April 19, 2017 after which details were shared. Updates were made on July 11. Public disclosure on September 12, 2017 as part of coordinated disclosure.
    Apple – Contacted on August 9, 2017. Apple had no vulnerability in its current versions.
    Samsung – Contact on three separate occasions in April, May, and June. No response was received back from any outreach.
    Linux – Contacted August 15 and 17, 2017. On September 5, 2017, we connected and provided the necessary information to the the Linux kernel security team and to the Linux distributions security contact list and conversations followed from there. Targeting updates for on or about September 12, 2017 for coordinated disclosure."
    Other platform-specific implementation vulns were found previously this year, e.g. CVE-2017-0646, CVE-2017-0423, but IDK which specific thing your friend might have been referring to ~6months ago.
    See https://cve.mitre.org/cgi-bin/cvekey...word=bluetooth
    Last edited by Daneel Trevize; September 14 2017 at 11:24:41 AM.
    Quote Originally Posted by QuackBot View Post
    Idk about that, and i'm fucking stupid.

  17. #8097
    Donor Aea's Avatar
    Join Date
    April 13, 2011
    Location
    Colorado
    Posts
    13,481
    Samsung got no fucks to give.


    Sent from my iPhone using Tapatalk

  18. #8098

    Join Date
    September 13, 2011
    Location
    Norway
    Posts
    857
    Anybody experienced with VMM? How do I create my logical network without them being available to my Virtual Machines? I'm trying to use VMM to create a Management network which should never be available as an option to VM's.

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •