@mlnews said in Miscellaneous Tech News:

New Fossil smartwatches are still stuck in the bad old days of Wear OS

Gen 6 watches are slower, costlier, and have older software than a Galaxy Watch 4.
Before Samsung showed up and took over the Wear OS ecosystem, the top Android smartwatch manufacturer was Fossil. Even after Samsung's arrival, Fossil is still going, and today the company announced the Fossil Gen 6 watches. The Gen 6 Fossil watches are the company's first to ship with Qualcomm's Snapdragon Wear 4100+, a 12 nm, Cortex A53-based ARM chip. The "plus" at the end of that 4100 model number means there's a low-power co-process on the SoC now, which can handle things like health tracking without waking up the big cores. It looks like the new SoC is the only upgrade over the gen 5 watches. There's still a 1.28-inch OLED display, 1GB of RAM, and 8GB of storage. Fossil doesn't say how big the battery is, but it charges to 80 percent in 30 minutes. The watch has GPS, NFC, Wi-Fi, a PPG heart rate sensor, and is water-resistant.

Just got a Gen 5 refurb and can't really complain. One of the guys at work is a die-hard Samsung fan but won't get another one of their watches until they either ditch the Samsung Pay or at least allow their stuff to work with the Google Pay ecosystem.

On a related subject, not looking forward to the eventual request(s) to have he/him, she/her etc added to AD and our automatically generated email signatures

One of the issues that we're hitting with a couple of vendors is that they don't want to do a PoC or allow us to trial / test the solution without a commitment. To throw another factor into the mix is that this has to play nice with non-persistent VDI. Since we're a VDI shop we have to protect the VD instances as well as the Windows PCs being used to access the VD. There seems to be a mix of user vs device licensing, but user licensing is generally our preference since it typically runs cheaper and is easier to manage.

@scottalanmiller I know you've said in the past that the smallest VPS from vultr or DO should be more than sufficient for a meshcentral server. Tactial's documentation specifies 2GB of RAM, would a VPS option like the $10/mth DO shared CPU option (2GB RAM, 1CPU, 50G HDD, 2TB transfer/mth) be sufficient or should something beefier be used as a minimum setup?

@pete-s said in POTS EOL?:

@dashrender said in POTS EOL?:

uh - whats IP? VOIP is IP, does it really matter if you have an ATA in the picture?

Hell, yes it matters. Alarm systems may dial the central with DTMF tones but when they start communicating it's a totally different ballgame.

If voip could transfer all the analog audio signals exactly as they appear without any jitter or compression then it would work flawlessly. But that is not how voip works. To save bandwidth voip compresses the shit out of the audio signal. If the receiving modem can understand what the sender is saying then it work, but if it's too garbled the receiving end can't understand and it won't work. That's why it might work sometimes and sometimes not.

So, to throw some relevant tech info from another lifetime (once upon a time I worked call center for VoIP and ISP). One of the main factors to be able to run alarm or fax over a voip ata is the ata's ability to support G711 or G722 audio. This is likely going to be impacted by latency and / or jitter on the underlying internet connection. If the ATA is left in an auto-selection mode (or is centrally managed by the VoIP provider) it might be too eager to use a lower bandwidth codec which might not transmit the full frequency range needed for analog systems.

https://www.oregonlive.com/politics/2021/08/gov-kate-brown-signed-a-law-to-allow-oregon-students-to-graduate-without-proving-they-can-write-or-do-math-she-doesnt-want-to-talk-about-it.html

What the actual fuck?

@travisdh1 said in NG AV / Endpoint Protection in 2021:

@notverypunny said in NG AV / Endpoint Protection in 2021:

Any vendors people want to recommend or warn off with regards to endpoint and server protection? We're shopping options to replace our current NG solution. Currently on a call and it's kinda meh.... I'm not a fan of sales in any context and this seems to be lots of sizzle and not a lot of steak (or bacon... substitute your delicious protein of choice)

What is NG?

NG = Next Generation.... in the AV or Enpoint Protection space it's vendor-speak for non-signature based, usually with other functions and integrations

Any vendors people want to recommend or warn off with regards to endpoint and server protection? We're shopping options to replace our current NG solution. Currently on a call and it's kinda meh.... I'm not a fan of sales in any context and this seems to be lots of sizzle and not a lot of steak (or bacon... substitute your delicious protein of choice)

@gjacobse said in I can't even:

Nothing like having a brand new $10,000 IoT device that has now 'crashed' and is outside of the scope of IT for support - and IT has to support it.... oFFS!

What IoT device costs $10k? A medical camera -

This is a prime example of why I don't miss healthcare.... so many instances of IT vs Clinical Eng. as to who was supposed to support what and how

Depends on what you want the end result to be and how much your org likes standards. I'd say to let him build / get it up and running with a bit of oversight / supervision and then show him the org's standard build / config procedures if it's going to be part of his day-to-day.

@adamf I've bought from their Canadian store before for home, no issues. Actually got an upgrade if my memory is correct. Had ordered a 3020 full tower and got a 7020 or 9020 instead (with same or better spec).

Refurb business grade. Either Dell Latitude 5xxx and up or an HP ProBook / EliteBook. Benefit is that you can get replacement parts for quite a while and they're so much easier to work on.

https://us.refurb.io/collections/dell-laptops/products/dell-5580-latitude-15-6-laptop-intel-i5-6300u-2-4ghz-8gb-ram-256gb-solid-state-drive-webcam-windows-10-pro-refurbished

@dustinb3403

Oh, yeah that changes things... advanced ip scanner as others have suggested might be the safest thing.

We've pushed the config to "Disable the “Allow Print Spooler to accept client connections:” policy to block remote attacks."

Option 2 at the link below:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

try crackmapexec on Kali with the equivalent of

#~ cme smb 192.168.1.0/24 -u UserNAme -p 'PASSWORDHERE' --shares

for your environment.

fun thing is that it dumps the results to a sqlite db that you can play with afterwards

@pete-s said in SMB Timeout?????:

@jasgot said in SMB Timeout?????:

I have an HP T830 plotter that scans and saves to a network share. It will not save a multi-page file if it is more than two pages.

My only hunches are Anti-Virus or SMB Timeout.

Do any of you have any experience with such an issue?

Saving to the USB in the plotter is no problem, sending through e-mail is nor problem. It is only the network share to a Windows 2012 Server share.

It's not a RAM size problem of some kind?

Wide format scanning would require the printer to hold a lot of data in memory that it can compress and turn into a file.

Often different destinations can have different settings. If for instance the resolution is set higher when you scan to SMB drive, then it needs more RAM than if you scan to something else using a lower resolution.

Do you get an error of some kind?

Valid point, but assuming that nobody's played with the prefs I would expect the local / USB settings to be set higher than the remote repository. Going to the easily overlooked possibility, is there enough free-space on the SMB share for the bigger jobs?

@jasgot To test the AV theory: either exclude the scan directory or temporarily disable the AV and try the job.

@braswelljay Check with the insurance carrier to see if there's any credentials / certifications etc that they require your auditing company to have. It'd suck to go through the audit only to find out that it didn't meet the insurance company's requirements.

@hobbit666 said in What Are You Doing Right Now:

What Linux desktop os would people recommend?

Echoing anything ubuntu or fedora based as the support is great and the skills / knowledge is relevant to corporate / real-world IT.

Personal preference for the last while has been Manjaro (arch-based) with Cinnamon DE since it's rolling release, everything just works and you have access to just about any software you want with AUR enabled.

Linux Mint is great to learn on too, great support from their community and the greater ubuntu and debian communities for upstream issues.

Would something like crackmapexec do the trick? I've started playing around with it to validate that some of our security configs are actually doing what they're supposed to and it can be used to dump user lists from a lot of the native windows locations. Not sure that it would get everything that you're looking for but "hacking" tools might be something to consider in addition to the typical bevy of PS and Windows commands.

So I ended up getting the go-ahead to build this out and for the time being have a stock setup running with the out-of-the box baselines for compliance and security.

Since one of the selling points was to get greater visibility into file and folder access I've been trying to get it to play with the AuditDetailedFileShare settings mentioned in my initial post.
Does anyone have any guides / resources / pointers as far as how I can configure the FAAM aspect of things based event 5145?

I've tried adapting the information here: https://wazuh.com/blog/how-to-monitor-folder-access-on-windows/.

I can see the events on the server but can't seem to get them to flow into Wazuh.

I've removed the relevant negation on the agent, and added an entry in the local rules on the server (wazuh-manager). I know that the following rule is pretty wide open and would create a stupid amount of overhead in production, but I'm still at the debugging point of things....

  <rule id="100111" level="5">
     <field name="win.system.eventID">^5145$</field>
     <description>Object access information into critical folders</description> 
  </rule>

services have been restarted on file-share server and wazuh-manager

I've played around in the fileshare, creating log entries (event viewer) on the windows host with the desired event ID but am not seeing anything in the events for the agent in the interface on kibana. Am I wrong in thinking that the rule needs to be configured on the manager? Is it supposed to be on the elasticstack/kibana server? I'm sure it'll be one of those "I'm such a dumbass" moments when I get the answer, but if anyone can point me in the right direction it'd be appreciated.