The hacker compromised the firm’s global email server through an “administrator’s account” that, in theory, gave them privileged, unrestricted “access to all areas”.
Posts
-
Deloitte Hit By Cyber-Attackposted in News
-
RE: Notorious Short-seller labels Ubiquiti Networks $UBNT as FRAUDposted in News
@scottalanmiller said in Notorious Short-seller labels Ubiquiti Networks $UBNT as FRAUD:
They sound like Donald Trump writing Facebook ad copy.
Thanks a lot. Now my monitor has coffee all over it from laughing mid sip. Lol
-
RE: PiHole for Friends and Familyposted in IT Discussion
@jaredbusch said in PiHole for Friends and Family:
I don't get the point of this. I mean it is a cool concept, but it is to much work.
What's not to get? This is being used to limit who can access the cloud hosted Pi-hole server to only those whose DDNS domain (and ergo IP address) is listed. It makes the server DNS access non-public for those with dynamic IPs who are setup with a DDNS domain.
Do you have another recommendation for limiting server access for DNS services to a limited IP that is dynamically assigned by the ISP?
I agree it's been a lot of work for Romo who's kindly provided us with the script but in the absence of a better solution, this is extremely useful.
-
RE: Recommend options for project management for freelancerposted in IT Business
@guyinpv That's a pretty tall order indeed.
I've been poking around with Ryver. It's a hosted app that is free to use. You create your team and login and it combines your standard chat features (like the standard stream of content you'd see looking at Facebook Messenger - no context but threaded which is useful and not context sensitive). They also have "posts" which would be like posts here on ML that are context based and messages inside the posts as replies are kept related to the context at hand.
You can create sub teams where you remain the admin and invite others to join those private teams. In these, your communication on both chats and posts is limited to those with access.
If you want a global public forum, then anyone with login can view and participate in those chats and posts.
This allows you to create private teams per client and then use the chat + post functions to keep context sensitive information together and general chat threaded.
They also integrate with a number of other apps which may help close the gap for you.
This only addresses some of the features you're looking for so I'm interested to see what others will recommend.
https://ryver.com/ryver-vs-slack/
https://ryver.com/why-ryver/
https://ryver.com/feature-tutorials/ -
RE: Equifax Has 143 Million Americans Data Compromisedposted in News
@jaredbusch Oh, and good luck. Truly, I mean this. If you or anyone here is affected by this breach. This is not data that I would be comfortable having out in the open. No matter what lame "identity protection" Equifax may be offering as reparations.
-
RE: Equifax Has 143 Million Americans Data Compromisedposted in News
@jaredbusch said in Equifax Has 143 Million Americans Data Compromised:
@nashbrydges said in Equifax Has 143 Million Americans Data Compromised:
@jaredbusch That's totally relevant. Lmao. Agreed they suspect the breach took place between May and July when it was discovered, once it is discovered, the responsible thing to do is let the affected individuals know immediately. Not wait 6 more weeks. That's just stupid and irresponsible.
Not really. Because it also takes time to first, plug the hole, then figure out what was actually taken.
Now, I am not trying to defend Equifax because they have a horrid track record in the first place. But your assertion that it should be immediately announced it assinine.
It is this type of mentality that is wrong with so much of the public. Facts are important. Not your emotional reaction, that will very likely be proven wrong.
It's interesting you read this as an emotional reaction since I'm unaffected by this breach. I have no skin in this game. But what I am talking about is corporate responsibility. Something that I would think both you and I may understand better as SMBs.
Everyone recognizes when the wagons are being circled and no corporate entity would suffer this type of breach without their first reaction being one to cover their asses. I'm much closer to my clients and their needs. I understand the reputational impact this could have on my business. Yeah, they've taken a hit with their stock but my guess is, the full scope of the truth may never be discovered even with the class action lawsuits already being filed. Those are premature in my mind, but a responsible entity would not have waited this long, especially given the sensitivity of the data acquired in the breach.
-
RE: Equifax Has 143 Million Americans Data Compromisedposted in News
@dustinb3403 said in Equifax Has 143 Million Americans Data Compromised:
In 2014.. .
There were about 125.9 million adults in the US
So literally everybody is f***ed at this point. Time to go to creditors and tell them to refuse to provide credit based on the methods they've been using.
Yep. Freeze your credit profile.
https://krebsonsecurity.com/2015/06/how-i-learned-to-stop-worrying-and-embrace-the-security-freeze/ -
RE: Equifax Has 143 Million Americans Data Compromisedposted in News
@jaredbusch That's totally relevant. Lmao. Agreed they suspect the breach took place between May and July when it was discovered, once it is discovered, the responsible thing to do is let the affected individuals know immediately. Not wait 6 more weeks. That's just stupid and irresponsible.
-
RE: Equifax Has 143 Million Americans Data Compromisedposted in News
You have to ask yourself why they waited 6 weeks before disclosing this breach. I get that they want to investigate the breach and have as many answers as possible but the flip side is that, this means that for 6 weeks, people's data has been out there. That's 6 weeks of unknown exposure. That seems irresponsible.
-
RE: PiHole for Friends and Familyposted in IT Discussion
@aaronstuder I have a separate instance running Nginx but regardless, why would you not recommend on same server? I see no reason why that would be a problem.
-
RE: PiHole for Friends and Familyposted in IT Discussion
@aaronstuder That's the web server installed by default with the Pi-hole script for the admin page. Nginx would serve as the proxy.
-
RE: PiHole for Friends and Familyposted in IT Discussion
@aaronstuder Yeah, I've easily got Nginx running with standard sites on Apache for example but in this case, I think the complexity comes from the HTTPS redirect and the fact that lighttpd syntax is different and I've not used it.
-
RE: PiHole for Friends and Familyposted in IT Discussion
Now that I'll be testing Romo's script, I don't need to use VPN and I'd like to setup the admin page behind Nginx. Found a tutorial that allows admin page access using Nginx as a proxy but I can't get the HTTPS redirect to work right.
https://github.com/pi-hole/pi-hole/wiki/Nginx-Configuration
Anyone have a working Nginx config with HTTPS redirect for this?
Found this that shows how to setup Let's Encrypt with lighttpd but don't know enough to set it up for other proper security headers.
http://www.itzgeek.com/how-tos/linux/how-to-configure-lets-encrypt-ssl-in-lighttpd-server.html
-
RE: PiHole for Friends and Familyposted in IT Discussion
@romo This is f'ing brilliant! The downside is that now I HAVE to try this on Vultr. Anyone have a script to add more hours in the day?
Btw, what's your frequency for running this in cron? Every 5 mins? 15mins?
-
RE: Microsoft will block Office 2016 users from accessing Office 365posted in News
I wasn't able to find any information about if/how this would impact mobile devices, either using the official MS Outlook client or the native mobile email clients.
-
RE: Microsoft will block Office 2016 users from accessing Office 365posted in News
If I understand the article correctly, MS is only forcing users to use currently supported software to connect to Office 365 products so while even Office 2016 is no longer officially going to be able to connect to Office 365 services, whatever version of the then current MS Office would be able to (that's assuming they will produce another perpetual version by then - which would be doubtful now).
-
RE: Sodium: considerably updated uiposted in SodiumSuite
You may have improved the look for HTTPS fails on both Chrome and Edge browsers. Your Observatory by Mozilla score is also a "F".
Sorry, but no logging in for me until security is restored.
-
RE: Password Managersposted in IT Discussion
@nerdydad They were pretty clear in that article that free password managers aren't included because they have their own roundup.
-
Caddy vs. Nginxposted in IT Discussion
Has anyone used Caddy as a web server instead of Nginx?
If you have, what were your impressions?
-
RE: Fire fighting to project balanceposted in IT Discussion
@s-hackleman said in Fire fighting to project balance:
@dashrender said in Fire fighting to project balance:
This is like the HR problem often talked about around here. i.e. it's not IT's job to keep user's from surfing non work related websites, it's management/HRs job.
Same goes here, it's your boss's job to get with those other managers so the company can be efficient. Those managers should sit down and discuss the issues. And the management over the top of them all should welcome it because it makes the company as a whole more effective and efficient.
I guess that is where the disfunction exists. The other departments don't care they met their goals. Why do they care if it was hard for our team, we still got it done, we are just not happy about it.
That's part of the problem. When you bend over backwards to help out in such a rush, you are enabling the behavior rather than helping to change it.
You have turn time requirements, stick to those. When they begin to fail to meet their objectives, they'll learn very quickly.