Jump to content
Washington Football Team Logo
Extremeskins
Forum Rules and Guidelines

Random Tech/IT Thread

Gamebreaker

By Gamebreaker
in The Tailgate

 Share

Recommended Posts

Renegade7

Renegade7

Posted
Posted

https://www.theverge.com/2013/1/10/3861434/ibm-removed-the-urban-dictionary-from-watson-memory

 

IBM removed the Urban Dictionary from Watson's memory after it got too sassy

 

Like a parent washing out their child's mouth with soap, IBM was forced to cleanse its supercomputer Watson's memory after it learned a thing or two from the Urban Dictionary. According to CNN, the Jeopardy champion began memorizing entries from the slang-filled site when the supercomputer was in development years ago, but sadly, Watson was unable to separate polite and proper language from the crude phrases found in the Urban Dictionary. So while terms like "LOL" and "cool story, bro" likely caused no issues for IBM research scientist Eric Brown, Watson's vocabulary also extended into the vulgar, with Brown recalling a time when the computer responded to a query by saying "bull****." Ultimately, the entries were removed from Watson's memory, but we can't help but think about how entertaining its interactions with Alex Trebek would have been had they been left untouched.

  • Haha 2
Link to comment
Share on other sites
  • 3 weeks later...
Renegade7

Renegade7

Posted
Posted
49 minutes ago, PokerPacker said:

So how about that big Intel CPU hardware security flaw?

https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-every-modern-processor-has-unfixable-security-flaws/

 

I manage a couple virtual hosts, and this doesn't shock me.  I asked about this in concept in college, and the teacher thought I was trying to be a smart ass. HP has already said it affects proliant servers, so looks like I'm gonna have to schedule some overnight firmware updates.  Lenovo supposedly is putting out patches for their servers, of course HP passing the blame and will take longer.

Link to comment
Share on other sites
PokerPacker

PokerPacker

Posted
Posted (edited)
22 minutes ago, Renegade7 said:

https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-every-modern-processor-has-unfixable-security-flaws/

 

I manage a couple virtual hosts, and this doesn't shock me.  I asked about this in concept in college, and the teacher thought I was trying to be a smart ass. HP has already said it affects proliant servers, so looks like I'm gonna have to schedule some overnight firmware updates.  Lenovo supposedly is putting out patches for their servers, of course HP passing the blame and will take longer.

It affects every Intel processor of the past, what, twenty years?  The software-fixes from OSes come with, apparently, a 30-35% performance hit.  Have you seen the benchmarks Phoronix have done with the fix in the Linux kernel? https://www.phoronix.com/scan.php?page=article&item=linux-415-x86pti&num=2

 

edit: apparently there are actually two separate attacks.  "Meltdown", which is the Intel bug that allows write-access to the kernel, and "Spectre" which is affects practically everything. https://spectreattack.com/

Edited by PokerPacker
Link to comment
Share on other sites
Renegade7

Renegade7

Posted
Posted
3 hours ago, PokerPacker said:

It affects every Intel processor of the past, what, twenty years?  The software-fixes from OSes come with, apparently, a 30-35% performance hit.  Have you seen the benchmarks Phoronix have done with the fix in the Linux kernel? https://www.phoronix.com/scan.php?page=article&item=linux-415-x86pti&num=2

 

edit: apparently there are actually two separate attacks.  "Meltdown", which is the Intel bug that allows write-access to the kernel, and "Spectre" which is affects practically everything. https://spectreattack.com/

 

Azure is rebooting our VMs in the cloud to apply their patch, been getting the alerts on my phone.

Link to comment
Share on other sites
SoulSkin

SoulSkin

Posted
Posted

Here's a link to a google doc showing the status of where AV vendors are at in testing their products so that registry key can be added, and Microsoft Security updates will resume:

https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?usp=sharing&sle=true

Also has links to most of the vendors specific informational webpages.

 

 

This is where I saw it linked:

https://doublepulsar.com/important-information-about-microsoft-meltdown-cpu-security-fixes-antivirus-vendors-and-you-a852ba0292ec

Link to comment
Share on other sites
  • 2 weeks later...
SoulSkin

SoulSkin

Posted
Posted

If you updated the BIOS on Dell servers with Intel processors recently because of Spectre or Meltdown, good luck!

 

Support Article

 

"Intel has communicated new guidance regarding "reboot issues and unpredictable system behavior" with the microcode included in the BIOS updates released to address Spectre (Variant 2), CVE-2017-5715. Dell is advising that all customers should not deploy the BIOS update for the Spectre (Variant 2) vulnerability at this time. We have removed the impacted BIOS updates from our support pages and are working with Intel on a new BIOS update that will include new microcode from Intel."

 

Link to comment
Share on other sites
Renegade7

Renegade7

Posted
Posted (edited)
6 minutes ago, SoulSkin said:

If you updated the BIOS on Dell servers with Intel processors recently because of Spectre or Meltdown, good luck!

 

 

Sounds about right. 

 

From what we've been seeing from an HP standpoint, there's supposed to be Windows Updates and Firmware updates that both need to be applied in regards to Proliant systems.  Linode and Azure are already applying what's been made avaliable from a patch standpoint, but I've seen performance issues reported all over the place. It doesn't not sound like this has been figured out yet, harder to actively address then it was with POODLE. 

 

Are you applying firmware patches anyway?

Edited by Renegade7
Link to comment
Share on other sites
SoulSkin

SoulSkin

Posted
Posted
1 hour ago, Renegade7 said:

 

Sounds about right. 

 

From what we've been seeing from an HP standpoint, there's supposed to be Windows Updates and Firmware updates that both need to be applied in regards to Proliant systems.  Linode and Azure are already applying what's been made avaliable from a patch standpoint, but I've seen performance issues reported all over the place. It doesn't not sound like this has been figured out yet, harder to actively address then it was with POODLE. 

 

Are you applying firmware patches anyway?

 

No,we haven’t been doing firmware updates because of scenarios just like this. We just got a few new servers too, but didn’t even look for hardware updates until this stuff is all sorted out. Just sticking with software updates and patches. We use Vipre AV mostly, and they were pretty quick to verify comparability and get that reg key fix to resume Windows updates. I didn’t even notice a lapse in the normal update schedule.

  • Like 1
Link to comment
Share on other sites
  • 3 weeks later...
Zguy28

Zguy28

Posted
Posted (edited)

Anybody have any experience with MS Intune for MDM or MAM? We have a mix of Blackberry UEM (formerly Good for Enterprise) and Mobile Iron. Looking to leverage a new EA, which includes Intune, for mobile Exchange and Skype for Business (both on prem).

Edited by Zguy28
Link to comment
Share on other sites
tshile

tshile

Posted
Posted

anyone doing DPI/tls inspection on their environments?

 

came up as an idea and i kind of shot it down because I'm trying to avoid doing such things... police state, MITM, etc. 

 

just curious if anyone was doing it and thought the reasons were valid, and the results were justified and worth it?

Link to comment
Share on other sites
SoulSkin

SoulSkin

Posted
Posted
6 minutes ago, tshile said:

anyone doing DPI/tls inspection on their environments?

 

came up as an idea and i kind of shot it down because I'm trying to avoid doing such things... police state, MITM, etc. 

 

just curious if anyone was doing it and thought the reasons were valid, and the results were justified and worth it?

 

Not sure if I'm understanding the question, but we've implemented DPI/SSL on a few SonicWalls. You have to find a way to get certificates (issued from the SonicWall) onto every device/browser that is behind it and using the wireless network. The advantage is it's supposed to examine encrypted traffic for threats. A secondary advantage we found was it kept people from using WiFi on their devices that we didn't manually get those certificates on, because they'd just get a bunch of certificate errors. It also can help keep people from using proxy servers to get around content filtering, etc. I have a feeling that you're talking about something entirely different and over my head though.

Link to comment
Share on other sites
tshile

tshile

Posted
Posted (edited)

nope, that's exactly what i'm talking about.

 

you're basically man-in-the-middle'ing encrypted traffic of your employees. you're decrypting it, examining it, then re-encrypting and passing it along.

 

it just doesn't sit right with me...

 

edit: I do like the advantage of no one can use your network without you setting them up with the certs... that's actually kind of nice lol. other ways to accomplish that though if it was the goal.

Edited by tshile
Link to comment
Share on other sites
SoulSkin

SoulSkin

Posted
Posted
3 minutes ago, tshile said:

nope, that's exactly what i'm talking about.

 

you're basically man-in-the-middle'ing encrypted traffic of your employees. you're decrypting it, examining it, then re-encrypting and passing it along.

 

it just doesn't sit right with me...

 

edit: I do like the advantage of no one can use your network without you setting them up with the certs... that's actually kind of nice lol. other ways to accomplish that though if it was the goal.

 

FWIW, you don't actually see the packets' decrypted contents, at least in our case. The SonicWall does the decryption, examines for threats, re-encrypts it, and moves it along. Honestly, it never occurred to me to try to snoop on it and see what I could see. Maybe you can. I don't wanna though. The less weird crap I know about people, the better. 

Link to comment
Share on other sites
tshile

tshile

Posted
Posted
2 minutes ago, SoulSkin said:

 

FWIW, you don't actually see the packets' decrypted contents, at least in our case. The SonicWall does the decryption, examines for threats, re-encrypts it, and moves it along. Honestly, it never occurred to me to try to snoop on it and see what I could see. Maybe you can. I don't wanna though. The less weird crap I know about people, the better. 

 

Yeah, I get that.

 

But it's being decrypted and reencrypted so it can be obtained, if you wanted it.

 

I just don't like having two sides of a communication use secure methods and you just walk between and break that without them knowing. It doesn't sit right with me.

  • Like 1
Link to comment
Share on other sites
SoulSkin

SoulSkin

Posted
Posted
3 minutes ago, tshile said:

 

Yeah, I get that.

 

But it's being decrypted and reencrypted so it can be obtained, if you wanted it.

 

I just don't like having two sides of a communication use secure methods and you just walk between and break that without them knowing. It doesn't sit right with me.

 

You ever run into people that want you to help them spy on what their employees are doing (screenshots, messaging, etc.)? We've had a few instances where we refused to do that, and even lost a client because we wouldn't help. We put the onus on them. Here's a link to program. You buy it. You install it. You use it. We'll do an AV exclusion for it, so it doesn't get flagged as spyware, which it is, but that's about it.

Link to comment
Share on other sites
tshile

tshile

Posted
Posted
1 minute ago, SoulSkin said:

 

You ever run into people that want you to help them spy on what their employees are doing (screenshots, messaging, etc.)? We've had a few instances where we refused to do that, and even lost a client because we wouldn't help. We put the onus on them. Here's a link to program. You buy it. You install it. You use it. We'll do an AV exclusion for it, so it doesn't get flagged as spyware, which it is, but that's about it.

 

Yup. I quit a job because of it.

 

It never fails that the people who want that have lawyers that tell them they don't have anything to worry about, that everything is theirs.

 

Usually what we do is put everything in writing and get written acknowledgement back that they understood our advice on the situation. 

 

Most of the time it's just email, but when it goes beyond that we usually just refuse.

 

The worst are people who just want things cut off or spied on because they think their employees are screwing around. You're the manager, do your job and make them do their job. 

  • Like 2
Link to comment
Share on other sites
Renegade7

Renegade7

Posted
Posted

Ya'll would appreciate this:  We've been having intermittent Internet connectivity issues that's affecting our HQ and Colocation (within 15-20 minutes driving from each other), setting off false alarms on our monitoring software at the colocation.  We have evidence to show why we believe its the ISP, and when I called they escalated the original ticket to their highest level above Tier 3.  That highest level doesn't work on weekends, smh. 

Link to comment
Share on other sites
Zguy28

Zguy28

Posted
Posted (edited)
On 2/14/2018 at 2:45 PM, tshile said:

nope, that's exactly what i'm talking about.

 

you're basically man-in-the-middle'ing encrypted traffic of your employees. you're decrypting it, examining it, then re-encrypting and passing it along.

 

it just doesn't sit right with me...

 

edit: I do like the advantage of no one can use your network without you setting them up with the certs... that's actually kind of nice lol. other ways to accomplish that though if it was the goal.

Been doing it in the current environment with a commercial product. The web proxy decrypts SSL traffic. The proxy's CA cert is issued by our internal root CA which is pushed via GPO. But that's only for internal LANs. When a laptop goes off site, it has endpoint-based DLP. Company owns the machine and all information on it and coming out of it. We exclude certain categories of course e.g. online banking, .gov and .mil, bandwidth hogs, etc. We also do DLP with policy to block all, whitelist only. When you get breached by a major nation state, personal privacy takes a back seat.

Edited by Zguy28
Link to comment
Share on other sites
Zguy28

Zguy28

Posted
Posted
On 2/14/2018 at 3:14 PM, SoulSkin said:

 

You ever run into people that want you to help them spy on what their employees are doing (screenshots, messaging, etc.)? We've had a few instances where we refused to do that, and even lost a client because we wouldn't help. We put the onus on them. Here's a link to program. You buy it. You install it. You use it. We'll do an AV exclusion for it, so it doesn't get flagged as spyware, which it is, but that's about it.

Google Dtex and be prepared to get paranoid. The DoD mandated, as of Dec 31 2017, that cleared contractors would have Insider Threat solutions in place. It can be anything from Dtex, which can tell you that an employee was actually watching Youtube on a second monitor when he said he was working through lunch, all the way up to posting signs around the workplace to report suspicious activity.

 

Regarding IM, our company takes the opposite approach, legal had us turn off all archiving and conversation history for Skype for Business to avoid e-discovery. Written policies state that IM is not for substantive business transactions, only e-mail. We get so many gripes about conversation history. lol

  • Like 1
Link to comment
Share on other sites
  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...