Posts by big_D

Re: The new normal

It seems most companies write policies based on their own HQ jurisdiction and often don't consult or don't listen to local lawyers.

Even Apple got caught out with OS X retail boxed sets in Germany. They tried to sue users who bought the retail box and installed it on home-build PCs. It didn't go very well, the court pointed out that the terms and conditions regarding installing it on Apple branded devices was inside a shrink-wrapped box, which the purchaser couldn't read at or before the point of sale, therefore the terms and conditions were null and void - under German consumer law, you cannot apply any additional terms and conditions not known at the point of sale / point of sign up (contracts or online services).

Re: I also like shinny new kit

I love it, when my wife comes over and says, that I've bought her so much lately, that I should go and indulge myself and buy something that I want...

Re: The door

The Messerschmitt was even better. You turned off the ignition, then started the motor in the other direction, meaning you had 4 reverse gears!

The Isetta also, had a Robesto roof as an option, so you could roll it back and climb out the top. That or ask a passer-by to give you a little shove backwards.

As Paul said, without a reverse gear, it counted as a motorbike, so anybody with a bike license could drive it, without having to get a car license. Also, the road tax for motorbikes was less.

Hence the Reliant Supervan, and later, the Robin and Rialto and the Bond Bug - they were a hoot, or the Morgan 3-wheeler, a friend of my father's started a business selling replicas (Buckland).

Re: Is that good enough for mission-critical operations?

Possibly because of the anonymity. If they are pushing from their own, Israeli based IP address, it might look a bit fishy and is easy to trace.

Just another anonymous AWS/Google Cloud/Azure IP address going through your firewall? Easy to overlook and harder to block.

Re: The two are not equivalent

Also, Parler could have enacted safeguards to ensure that they stayed within the bounds of the T&Cs, so they were given a chance to clean up their act, before being dumped.

NSO's raison d'être is to push malware out to unsuspecting Internet users. That is illegal is most jurisdictions (misuse of computer acts around the world), at least without a warrant, and I very much suspect the French justice system didn't give the Moroccans, for example, a warrant to tap Macron's phone.

So, yes, criminal liability.

I used to work for a company that sold industrial terminals. We regularly had them back for repair for abuse - mainly the butchers on the meat production lines trying to operating the terminals with the point of their knives...

But one came back after a forklift driver tried to "operate" the terminal with the prongs of the forklift. (He was careless and drove straight into the terminal, pushing the LCD display out the back of the stainless steel terminal cabinet.

Re: This is one of those things...

I'm guessing proper access controls were in place. But the operations team were excluded from the Internet content filter.

It has been company policy at most places I've worked in the last decade to turn PCs and peripherals off when leaving the office.

The cost of wasted electricity for hundreds or thousands of PCs left running over night soon mounts up.

Re: Outrageous!

Exactly what I was thinking.

Do as we say, not as we do... as the old saying goes.

Re: Use early Microsoft formats where possible for interchange

Not really. I think we get maybe half a dozen requests a week to access and convert an attachment. That over a company with in excess of 300 employees and tens of thousands of emails in- and outbound.

All users' Office installations are set-up to use Open XML documents as standard, when saving documents.

Likewise, a majority of external contacts use PDF most of the time. Unless you need to collaborate on a document, you shouldn't be sending the original format. As most of ours is commercial, it has to be PDF or signed PDF.

Re: Use early Microsoft formats where possible for interchange

Then Office will refuse to open the file, because the contents are "corrupt".

Luckily renaming a file back to the correct extension is beyond most of our users.

And there is the AV software. But why rely solely on the AV software and user training, when you can stop a majority of the malware from even getting through the door.

Re: Surprised

Looking at the screenshots, I was surprised by how old-fashioned it looks and how much of the screen is taken up with toolbars and menus.

I'm not sure, if, for the screenshots, every possible toolbar was turned on, or whether that is the default, but it really put me off. It really looks like it comes from the Land that UI Design forgot, which is a real shame, because for people who aren't beholden to MS file-formats, it is a great product.

Re: Use early Microsoft formats where possible for interchange

We strip off the attachments before they even reach the users inbox. If it contains an old format Office file, or a zip file, among many others, including the macro variants of the new formats, the attachment is simply removed.

The IT department can see the attachments and we often have to convert them to the new formats and send them on to the users. But we prefer that the users contact their email partner and inform them, that the format is unsafe and does not arrive.

Re: Use early Microsoft formats where possible for interchange

Microsoft recommends not using the older formats.

As well as formatting and features being stripped out of documents, when they are saved, the formats are also insecure. There are many known malware strains that use old Office formats as an infection vector.

Our policy automatically rejects any attachments with .zip files, .doc, .xls, .ppt etc. and the new formats xlsm, docm etc. New formats, without macros, are the only ones allowed through the filter.

The new formats aren't 100% secure, but it is more manageable and you have to draw the line somewhere - like still allowing the dreaded PDFs through, as they are pretty much the defacto standard.

Re: Planned obsolescence

Every product has an end of life, especially in security, where ever more horsepower is required to cope with actual threats.

It is annoying that the kit gets too slow and under-powered to keep up, but that has been the IT way for over 40 years.

The question is, if people know the device that is keeping their network safe hasn't, itself, been safe for over half a decade, why is it still even online?

It is a pain, but a fact of life, that threats keep improving and the security hardware has to constantly play catch-up. I don't like it, but I have to keep my company protected, so I have to calculate in the regular maintenance and replacement of security kit...

Re: Marketing opportunity

What? They are offering a free workaround until the customers can sort out a supported solution - either from SonicWall or from somewhere else.

At least they are a) informing their customers and b) offering them a virtual solution to replace old kit that is out of support.

I don't know what more they could do? If the kit is so old that it can't be upgraded (and in one case for over half a decade), why are the devices even still in use?

We are talking about front-line security here, not an ancient CNC machine on the production line that can be isolated from the network, once it is out of support.

Re: Umm...

It means your employer doesn't need to provide you with a laptop for home office, they can argue, that you have a PC or tablet at home and can connect via that.

Letting private devices onto the corporate network is a big no-no in many sectors and providing home office users with a dedicated laptop is expensive, and, because it is also running on the home network, it is vulnerable to attacks from poorly configured devices on the home network.

Making the employee connect to a corporate image in the cloud (hopefully firewalled within the M365 instance) means that the vPC is secure (well, more secure than letting the user's malware riddled private device through the corporate VPN or a laptop on the user's network), can't be attacked by a malware infested device on your home network, it contains all the corporate (licensed) software, so no licensing problem or missing software and it means that it is under corporate group policies.

And if there is a problem, support can quickly bin the current vPC and roll a new one within minutes, instead of having to get the laptop delivered back to the office, reformatted, re-installed and delivered back to the user.

Re: Rational....and misses the point entirely!

It is supposed to get companies to take data protection seriously and to put in place security and procedures to ensure the data is safe. If they don't comply, they will face heavy fines, which are more expensive than doing things right in the first place.

It also ensures that all those affected by a data breach are informed in a timely manner.

At the companies I've worked for, it has generally worked well.

Moxa are brilliant. We used Moxa Ports to do Serial over Ethernet, from the production up to our server farm.

Lots of things still use serial.

We have a lot of lab equipment, specialist printers (legacy kit from the early 90s, a replacement costs upwards of 80,000€), production line equipment.

In the meat processing industry, things like the Fat-O-Meter (yes, a real thing) are often still serial based.

Simple, secure, reliable. If the cable breaks or there is a dodgy connection, the electrician can patch it quickly or rewire a new cable.

Re: Work from home

I agree.

A friend of mine switched his company over to an AutoCAD server, instead of individual workstations, about 6 months before COVID hit.

Up to 12 engineers can work off the server, which has multiple mid-range nVidia Quadro cards stuck in it and 4 Xeons and 512GB RAM and a dedicated SAN. It means all the configuration and high end kit is central, the users only need a relatively basic PC on their desks.

Re: Work from home

Yes, the workstation might be fine, bug finding a 10gbps synchronous broadband connection is going to be tricky in most places.