Sysadmin

For a few years I'm noticing more and more weird and unexplainable behaviour in Outlook. We support mostly 365 Exchange Online clients on Windows workstations or RDS environments.

The amounts of unexplainable bullshit we face is staggering. Outlook not being able to open the folder set, weird MFA glitches, weird bugs in the UI and downright weird errors coming from nowhere is some of the stuff we face weekly.

Am I alone on this?

With version 142, Google Chrome just rolled out a new permission prompt for Local Network Access.

While technically a good feature, this caused me the better half of the day hunting a production bug in our SaaS product, which after all did not exist.

Turns out that Chrome will display the permission dialog also for requests which your company's IT-mandated Endpoint Protection solution is grabbing for inspection. In our case, it was Zscaler causing issues.

If you deny the request (which from an end user perspective is the only reasonable choice), your web application will act weird.

Lucky me, our devices had just upgraded to Chrome 142 at the very same day we rolled out a production release. That's how all hell broke loose.

Working on a machine that BSOD'd 3-4 times a week, couldn't find much wrong but then I saw this. An NVME drive from a company named "OEMGenuine".
Their website 404's, waybackmachine says it was last cached 2 years ago, and even then it was a broken Godaddy landing page.

Found in a Thinkpad purchased from Amazon, sold by a third-party reseller who "upgrades" the devices before reselling.

Machine seems just fine/stable with a credible drive in it.

What's the craziest shady "brand" name you've seen in the wild?

EDIT: NEW Discovery! One of the ancient waybackmachine cached pages previously redirected to oemgenuine.NET! It's shoddy as hell but the .net domain is still visible today! oemgenuine.net

AWS Us-east-1 has broken itself on a European Monday morning.

So far we have Slack being slow and image attachments preview broken.

No SSO auth with Atlassian (JIRA, OpsGenie, and Confluence)

Sadly, I looks to be resolving. Back to work 🥲

About a month ago NPM was compormised. It was advised to lock versions to before the compromise.

However, one eventually needs to unlock and start getting updates again. Does anybody know if the coast is clear, or possibly a place that is tracking known compromised packages and their current status?

Hi there, looking for a KVM for my home server to fix it remotely when having an important issue
because wel... My home server isn't at MY home but at my mother's home

I was looking at nanoKVM-USB which I would plug to a raspberry pi, enabling and disabling the remote app according to my need to avoid unnecessary security issues, maybe even unplug it and ask my mother to plug it when needed, what do you think of such a solution ?

Thanks !

This is nice for those tired of wrestling with TLS certs and CAs for your database

EDIT: I had mistakenly stated that Windows Update was where the issue was. I am experiencing this issue attempting to update my apps via the Microsoft Store. My question still stands, just added some clarifications and corrected my mistake.

I have the perpetual license for Clip Studio Paint. If you aren't familiar with their licensing model, basically I don't get the minor update versions (4.1, 4.2, etc). I only get security patches and hotfixes. My issue is every time Microsoft Store's update runs, it tries to install 4.1.0. Obviously, the Store is just seeing a new version present and isn't checking any licenses or anything. Is there a way to block CSP from ever updating through the Store?

If the program updates through the Store, then I have to uninstall it and reinstall the version I'm licensed for. When I do that the loop just starts over again because MS detects I'm not at the newest version anymore.

[Adding some answers to questions]

I did not install CSP via the Windows Store since some people have asked about that. I installed it via CSP's own installer downloaded from their website. The Microsoft Store update section seems to have recently started pushing 3rd party app updates which is where I believe this is coming from.

I also changed the picture to show more context as well as what is in the "..." menu option.

Had a fun occurrence today, the org is revoking JIRA licenses because some of us haven't used them is the last year. About an hour later a bunch of people on my team reported failing a phishing test because the org decided to do a your license is being revoked internal phishing test.

Well played security team, well played.

Who, Me?: 'This, many considered, was bad'

We are looking at upgrading our network equipment from old HP switches and Aruba access points, we have a Fortinet firewall that we are happy with, so we'll probably keep using them there, but for the rest we are looking for new stuff.

And we are looking closely at Ubiquiti for switches and APs, but two things have appeared on our radar.

Ubiquiti does have a cloud admin UI, this means that Ubiquiti needs to have access to our network controller to access this feature.

But what if we don't use that, will Ubiquiti still be able to access the network controller?

I guess that what I am asking is how does the access control work?

Also, updates, I see that they seem to be very frequent and also see some scattered reports that they have required admins to reset their configs and loosing camera footage, can you set updates to be delayed for X days?