Ah, will you not have a cup of tea father...
My go-to test strings are the Father-Ted favourites, "arse", "feck", "drink" and "girls".
Two of which once popped up in front of some bigwigs I was demoing something to. Wasn't the last two....
473 posts • joined 23 Mar 2007
Years ago, I re-purposed an old sparc station as a snort IDS. Being on a switched network, and not tapped into any kind of ideal port, it didn't really do anything useful of course. Except for the one day it did detect an unwanted intrusion - the pipe above it burst and electrocuted it.
Alerting left a little to be desired tho - I only found out when I came in to find the console was unreachable.
"For a fee, one organization will provide a system that detects and can hit back at hackers with its own arsenal of attacks. But this isn't some anonymous group on an underground crime forum. Instead, Pervade Software, a legitimate and public facing information security business based out of Cardiff, Wales, sells a platform designed for private companies to retaliate against hackers with DDoS and other digital attacks."
that it hasn't always updated all clients. I ran a script across a heap of our clients and found a significant number that are not auto-updating.
VERY quick and dirty Powershell detection script here for same, for your remote-admin tool of choice:
- what version is installed (not necessarily the one that's running)
- what version each user is running (for terminal service environments)
- what the minimum and maximum version number found running in the process list is
- highlights whether any vulnerable version was found running
As you may recall, WIPRO had an embarassing "security incident" a year or two ago. I was one of the users on the ground who felt the repercussions - because the miscreants had used Powershell to gain a foothold, they simply blocked Powershell EVERYWHERE to "Improve security".
Apart from of course not being able to run or develop anything any more (hi, automation guy here), I also was blocked from even opening my .ps1 files in notepad, so I couldn't copy the work to an off-domain dev machine and continue the work. Months that took to sort out...
Years ago, I had a spare SPARC, and being a curious fellow, I decided to deploy Snort on it and leave it running as an IDS. It never detected a single thing (not surprising as I didn't have clearance to run it, and thus it was "internal only" - and on a switched network of course).
Except for one day when it did. It detected water. A pipe above it burst and electrocuted it.
Brought up a new SCVMM server and pushed the updated client out to a few VMs. No issues, no reboot needed. So pushed it out to 3 hosts, each hosting 7 citrix xenapp VMs (so approx 200 users were being served).
The hosts didn't take too kindly to the new client, and promptly blue-screened. However, as the estate wasn't at its most stable at the time, users were conditioned to logging back on again when citrix disappeared. Not a single call came in. So I kept quiet, until now...
well, 1984-ish.. in my metalwork class at school, they had a poster on the wall. It was pretty to-the-point.
TWO WAYS TO BLOW YOUR BRAINS OUT
A picture of a fired gun against a head, with brains ejecting out the other side
A picture of a compressor and its hose against a head, with brains ejecting out the other side
You could say the message worked, as I remember it clearly over 30 years later.
I'm actually quite cheered by this - 1.6 million versus 100,000.
Sometimes, it feels as though the Trumpeteers are in roughly equal numbers, so if this is indicative then perhaps things aren't as bad as I'd thought.
Had to laugh at Britain First's saluting him as a patriot. Cowardice at its finest.
My friend asked me to look at her dad's PC and dropped it off. He'd left a DVD in the drive, which duly spun into action with lesbian porn.
Opening a beer, I decided to take a well deserved break from my IT investigations. As the can reached my lips, performer #1 crouched above #2 and let loose.... well... a #2.
Beer down, computer off, knocked on door, "sorry, nothing I can do with this one!"
Funny you should ask about the whole "trust us" thing.
I've come in to work this morning to find 175 servers out of ~600 that are refusing to install Endpoint Protection AV updates. No known cause as of yet.
I'll keep working on it, but thanks for reminding me we can totally trust you not to screw things up.
I was surprised to find I had a Yahoo account - it looks like it went over when I registered for flickr years ago.
Logged in to find an inbox that was full of nothing but incredibly-obvious spam. So their spam filters suck for sure. Oh, and the page design... it was like a teenagers Myspace page.. :(
Most-Recently-Used, most likely...
There's a lot of MRU lists populated in your typical windows installation - recent word, excel, publisher documents. Recent jpegs opened, recent folders visited, network locations browsed, internet history etc. Lots of places that a "real" machine will populate with evidence of actual work.
Biting the hand that feeds IT © 1998–2021