Random Tech/IT Thread

[zCommander]

30 minutes ago, TheGreatBuzz said:

So I’m not even really sure that this is the right thread but most of you sound like nerds and will find this interesting.  I met up with some family I haven’t seen in over a decade and caught up on life.  Apparently my cousin is in charge of putting together CES every year.  It is the Consumer Electronic Show.  Google tells me it is a pretty big deal.  I feel like I would be really impressed if I understood it.  Am I right?

 

CES is for nerds and geeks and electronic enthusiasts. CES is where some of the big tech companies reveal their new gadgets and stuff. It is a consumer electronics show and tell. 

[PokerPacker]

1 hour ago, TheGreatBuzz said:

So I’m not even really sure that this is the right thread but most of you sound like nerds and will find this interesting.  I met up with some family I haven’t seen in over a decade and caught up on life.  Apparently my cousin is in charge of putting together CES every year.  It is the Consumer Electronic Show.  Google tells me it is a pretty big deal.  I feel like I would be really impressed if I understood it.  Am I right?

It is, in fact, a big deal.

[tshile]

On 7/2/2021 at 6:50 PM, Renegade7 said:

Not saying 10 is a great OS, but forcing folks to upgrade because patches stop being made doesn't stop the old OS from floating around.  Its a self-inflicted wound from a security standpoint, imo.

the problem is that you then have to maintain this stuff. 

and you have to host it so the public can access it

 

the idea that we have to keep old **** around because some people won’t upgrade is costly and nonsense. 
 

I fully approve of moving on and for the people that won’t, it’s their risk they accept when they made their decisions to refuse to upgrade. 
 

majority of the Windows server vulnerabilities are from managing and maintaining and archaic GUI that only stays around because people won’t grow up and accept cli-style management. 
 

Run server core and have a smaller footprint, easier/quicker patching, and less exposure to zero days. 
 

but people don’t want to bother. 
 

it’s just an example of why keeping up old habits is dumb. Insisting they continue to patch old stuff (at their expense) is silly ness. Just keep your stuff up to date and accept things are changing. 

[tshile]

Stop printing. What the hell are you people printing anyways? Why do you waste so much money on copier leases and supplies? It’s 2021 why are you still printing?!?

[zCommander]

30 minutes ago, tshile said:

Stop printing. What the hell are you people printing anyways? Why do you waste so much money on copier leases and supplies? It’s 2021 why are you still printing?!?

 

One of my client is an accounting firm and they fax stuff all the times to the IRS. Land line still was and still is more secure then today's digital world. 

 

 

Edited August 12, 2021 by zskins

[tshile]

Um. Maybe. 
 

it’s certainly not encrypted in transit. 
 

and it’s landing in a public space where you have no ability to control who gets it

 

snooping faxes is super easy

 

The fact that many people use a service to accept faxes, and it gets emailed anyways, and as the sender you cannot control that…

 

also many places have fax route over voip so…. It’s in the digital world. 
 

or their fax machine dumps it to a sever share/email instead of on the floor 

 

there are secure ways to transfer documents so I don’t know how a fax could be considered more secure compared to any secure way. 
 

I mean I guess maybe you could argue it’s better than sending it unencrypted over email and then the sender and recipient not removing it from either mailbox, so it’s at risk to a compromise 18 months later…

 

but saying it could be better than this terribly unsecure way is not really saying it’s secure…… certainly not more secure than any of the actual secure options

 

 

[Renegade7]

On 8/12/2021 at 8:42 AM, tshile said:

the problem is that you then have to maintain this stuff. 

and you have to host it so the public can access it

 

the idea that we have to keep old **** around because some people won’t upgrade is costly and nonsense. 
 

I fully approve of moving on and for the people that won’t, it’s their risk they accept when they made their decisions to refuse to upgrade. 
 

majority of the Windows server vulnerabilities are from managing and maintaining and archaic GUI that only stays around because people won’t grow up and accept cli-style management. 
 

Run server core and have a smaller footprint, easier/quicker patching, and less exposure to zero days. 
 

but people don’t want to bother. 
 

it’s just an example of why keeping up old habits is dumb. Insisting they continue to patch old stuff (at their expense) is silly ness. Just keep your stuff up to date and accept things are changing. 

 

Hmm... I'm thinking more of embedded systems and ICS components.  It's not as simple to replace those, so when I hear infrastructure, I hope that comes with upgrading components that are pretty much trapped on these older operating systems because of the software that's installed on them.

[tshile]

Just now, Renegade7 said:

 

Hmm... I'm thinking more of embedded systems and ICS components.  It's not as simple to replace those, so when I hear infrastructure, I hope that comes with upgrading components that are pretty much trapped on these older operating systems because of the software that's installed on them.

Yeah… and I’ve got that stuff too. Not… hard core… but I’ve got some of it. 
 

 

[tshile]

https://practical365.com/another-exchange-vulnerability-revealed-with-attempted-exploits-seen-in-the-wild/
 

Quote

A new Exchange vulnerability has been disclosed this week known as ProxyToken that allows someone who can access an Exchange 2013, 2016 or 2019 server over HTTPS to perform configuration actions against mailboxes of their choosing, such as setting forwarding rules. 

lol wow 

[zCommander]

On 8/12/2021 at 3:11 PM, tshile said:

Um. Maybe. 
 

it’s certainly not encrypted in transit. 
 

and it’s landing in a public space where you have no ability to control who gets it

 

snooping faxes is super easy

 

The fact that many people use a service to accept faxes, and it gets emailed anyways, and as the sender you cannot control that…

 

also many places have fax route over voip so…. It’s in the digital world. 
 

or their fax machine dumps it to a sever share/email instead of on the floor 

 

there are secure ways to transfer documents so I don’t know how a fax could be considered more secure compared to any secure way. 
 

I mean I guess maybe you could argue it’s better than sending it unencrypted over email and then the sender and recipient not removing it from either mailbox, so it’s at risk to a compromise 18 months later…

 

but saying it could be better than this terribly unsecure way is not really saying it’s secure…… certainly not more secure than any of the actual secure options

 

 

 

Sure. But I was talking about snooping a phone a line to intercept a fax though. 

 

Why fax is better
Cloud faxing, and even manual faxing, are a different story entirely. Any kind of faxing uses the Public Switched Telephone Network (PSTN) which is inherently secure. When a document is sent by fax it is converted into base64 binary at its source, sent through the PSTN and then reassembled at the other end. Hacking into the PSTN would require direct manual access to the telephone line, and even if a file was intercepted it would appear as nothing but noise, making it impossible to interpret / read.

 

[The Sisko]

@tshileor any of you IT types, speaking of email I'm wondering if someone could point me in the right direction. My wife shuttered her law firm a couple of years ago. She still has her legacy email hosted by a business provider but would like to keep her domain and migrate over to a cheaper option. She'd need to save all her old emails in some secure form for compliance/liability purposes. She asked me to do it, but I rapidly came to the conclusion that I was in waaaaay over my head on this one. Any ideas on finding someone that knows what the heck they're doing to do this for us? How much might something like that cost, (ballpark estimate) assuming no major hiccups?

[tshile]

What’s the provider?

how many email addresses?

 

Should have a way to export them. 
 

what does she want to go to?

[zCommander]

42 minutes ago, The Sisko said:

@tshileor any of you IT types, speaking of email I'm wondering if someone could point me in the right direction. My wife shuttered her law firm a couple of years ago. She still has her legacy email hosted by a business provider but would like to keep her domain and migrate over to a cheaper option. She'd need to save all her old emails in some secure form for compliance/liability purposes. She asked me to do it, but I rapidly came to the conclusion that I was in waaaaay over my head on this one. Any ideas on finding someone that knows what the heck they're doing to do this for us? How much might something like that cost, (ballpark estimate) assuming no major hiccups?

 

Does she just want to download all of her email to her computer and then only use it when needed? Or does she also want to migrate the domain to another provider and get their email hosting package as well and then upload those emails to the new host?

 

As for migrating the domain that is easy. Takes about 24-48 hours. But first step would be to download all of the emails using Outlook (if you have that on your computer that is) before the switch though. 

 

 

[The Sisko]

Her current provider is Intermedia. She has maybe 30 - 50 email addresses of former employees and such but her future needs are probably no more than about 5 or so to provide aliases. If Aliases don't count as another mailbox, then one would probably suffice. So to answer the question about the domain, she would want to migrate to another provider's hosting package and probably upload at least some of the old emails to the new host.

 

She'd like to continue having access to recent emails - she still uses it for personal mail and the occasional firm related mail that might show up, but the older, business emails would need to be archived in such a way that they're tamper proof in the event there's ever some kind of legal action and easily searchable in the event someone just asks a question about an old matter. Most likely, I think she'd be OK with 365 but I don't think Mr. Softy offers the kind of archiving she needs.

Edited September 1, 2021 by The Sisko

[tshile]

5 minutes ago, The Sisko said:

Her current provider is Intermedia. She has maybe 30 - 50 email addresses of former employees and such but her future needs are probably no more than about 5 or so to provide aliases. If Aliases don't count as another mailbox, then one would probably suffice. So to answer the question about the domain, she would want to migrate to another provider's hosting package and probably upload at least some of the old emails to the new host.

 

She'd like to continue having access to recent emails - she still uses it for personal mail and the occasional firm related mail that might show up, but the older, business emails would need to be archived in such a way that they're tamper proof in the event there's ever some kind of legal action and easily searchable in the event someone just asks a question about an old matter. Most likely, I think she'd be OK with 365 but I don't think Mr. Softy offers the kind of archiving she needs.

 

https://kb.intermedia.net/Article/2328

 

Quote

Mailbox data can also be exported to PST files and provided via FTP/HDD. Contact Support Team for a quote.

contact them and get all the mailboxes exported to pst for the entire company. As if there are pubic folders, shared mailboxes or any other email-organization data to export. Download the files. Store them in multiple places - or use a cloud backup - or whatever. It’s your only copies of it. 
 

set up an account with a domain registrar (I used godaddy. There are much cheaper options. Just what I use)

 

get all your current dns records. Add them to your new account as a staged domain. Initiate a transfer. Click the links in the emails. 
 

go set up an office 365 subscription for like 6$/month, add your aliases to your one email user, call it a day. 

[The Sisko]

Damn. Thanks. I searched their site and googled it and still didn't find that info. Her domain is through GoDaddy. I've done a few things there before for my personal account and her business so I'm pretty sure I can figure the DNS stuff out.

 

As for the last sentence in my prior post, of course MS offers archiving dummy.🙄 ...even for compliance purposes. That didn't even sound/look right when I typed it. I'm not sure why I didn't see this when I searched earlier. Anywho, I'll probably do some version of what you mentioned about the PST files. Thanks a bunch y'all!

[tshile]

Yeah just make sure you have a cloud backup of them or multiple copies or something. 
 

don’t by godaddy’s o365 plan. It’s stupid. Buy directly from Microsoft 

 

Microsoft offers an official archiving solution but it’s an add on. 
 

what you could do is create a shared mailbox (no license required) for all the important ones you get exported, and import those pst files. Then she can just access them via outlook any time. Then you wouldn’t need cloud backup or something (pst copy on usb drive, and you have the shared mailbox copy)

 

 

[PleaseBlitz]

If anyone in the IT field could send me a link to a study or article or similar that effectively says "IT jobs are in high demand right now" I would greatly appreciate it.  

 

Thanks in advance. 

[The Evil Genius]

1 hour ago, PleaseBlitz said:

If anyone in the IT field could send me a link to a study or article or similar that effectively says "IT jobs are in high demand right now" I would greatly appreciate it.  

 

Thanks in advance. 

 

Ok boomer.

 

https://www.bostonherald.com/2021/09/13/technology-jobs-still-in-high-demand-with-bright-future/

[zCommander]

1 hour ago, PleaseBlitz said:

If anyone in the IT field could send me a link to a study or article or similar that effectively says "IT jobs are in high demand right now" I would greatly appreciate it.  

 

Thanks in advance. 

 

IT jobs have been in demand since the 1990's. I have been in tech field since 1996. I have my own IT company (small but I started it back in 2020 after splitting up with my biz partner - I worked with him or 10 years on a pervious company I created). 

[PleaseBlitz]

15 minutes ago, The Evil Genius said:

 

Ok boomer.

 

https://www.bostonherald.com/2021/09/13/technology-jobs-still-in-high-demand-with-bright-future/

 

7 minutes ago, zskins said:

 

IT jobs have been in demand since the 1990's. I have been in tech field since 1996. I have my own IT company (small but I started it back in 2020 after splitting up with my biz partner - I worked with him or 10 years on a pervious company I created). 

 

I know they are in demand, I just wanted someone else to do the research for me. 

 

TEGs is perfect.  This is likely going to end up in front of a judge.  

[The Evil Genius]

4 minutes ago, PleaseBlitz said:

 

 

I know they are in demand, I just wanted someone else to do the research for me. 

 

TEGs is perfect.  This is likely going to end up in front of a judge.  

 

That will be $650 for my 3 minutes of work. 

 

See..I can bill like a lawyer too. 

Edited September 17, 2021 by The Evil Genius

[Llevron]

Anyone here know how to understand splunk enough to recommend how to figure this **** out? 

 

Ultimately I need to figure out how to filter logs from an IPS into category and then send alerts to myself depending on the type of logs that are showing up. I have the IPS forwarding the logs correctly and thats about it. 

 

Driving me crazy 

[Renegade7]

7 minutes ago, Llevron said:

Anyone here know how to understand splunk enough to recommend how to figure this **** out? 

 

Ultimately I need to figure out how to filter logs from an IPS into category and then send alerts to myself depending on the type of logs that are showing up. I have the IPS forwarding the logs correctly and thats about it. 

 

Driving me crazy 

 

You tried looking in verbose mode, seeing all the avaliable fields in a 24 hour time period, then trying to make a table out of it yet?  When I'm having trouble finding something, i try to get as many cards on the table as I can and see what looks useful.  Search field=* to make sure if you find a field that you love that none of the results come back with that field blank.

Edited October 22, 2021 by Renegade7

[Renegade7]

I jus want to add that I believe splunk is one of the most terrifying things I've ever seen in IT, theres a reason they don't license to Russia for example...