This is a bank that we refer to as a "Gold" bank because over 50% of their customer base have accounts with 1 million + in them, and their customers are notoriously picky (As is to be expected).
That_GuyI don't wanna be that guyRegistered Userregular
I'll spend an hour MAX trying to disinfect a PC before just wiping the thing and starting over. If it's a bad infection I don't even bother with that. I do everything I can to keep my client's setup simple to make reloads as painless as possible. Plus, when they get their PCs back they still have that fresh install snappiness.
0
lwt1973King of ThievesSyndicationRegistered Userregular
This is a bank that we refer to as a "Gold" bank because over 50% of their customer base have accounts with 1 million + in them, and their customers are notoriously picky (As is to be expected).
Also, HAHAHAHAHAHAHAHAHAHAHAHAHAHA, man, what?
The bank fees are so low for a reason.
"He's sulking in his tent like Achilles! It's the Iliad?...from Homer?! READ A BOOK!!" -Handy
This is a bank that we refer to as a "Gold" bank because over 50% of their customer base have accounts with 1 million + in them, and their customers are notoriously picky (As is to be expected).
Also, HAHAHAHAHAHAHAHAHAHAHAHAHAHA, man, what?
Yeah.
Not my term.
Mostly farmers who, despite what people tell you, are rich as fuck.
jungleroomx on
+3
RandomHajileNot actually a SnatcherThe New KremlinRegistered Userregular
Yeah, let me tell you a story (which I may have told before, but bear with me, because it is incredibly relevant to this discussion):
About 6 months after I started here (this would be 11 years ago), we got put on an email blacklist. Investigating the firewall, I found that it was misconfigured to allow all client PCs to connect outgoing to port 25 (I soon took over control of the firewall, but that's another story). This one PC (specifically designated as the "surfing computer" for a group of 24 hour guys) kept trying to connect to Microsoft's mx server on port 25. I went over to the PC and found that it had a pretty nasty virus that wasn't showing anything to the user, but there was a hidden process trying to send out spam. So I did some investigation and found a clear set of cleaning steps. This thing was running hooked into a dll and showed up in Task Manager as a reversed string of what the .exe was actually named. So I spent like four hours cleaning that thing up. The next day, I realized that I had missed a step, and went and spent another hour going through the whole thing double-checking every step. Later that day, I was watching the firewall, and I saw the PC trying to hit port 25 again. Well, I thought maybe I missed something, so I went back over and combed through everything I could think of: Autoruns, IE plugins, Task Manager, Process Explorer, HijackThis, etc. Every tool in my toolbox. Couldn't find a damn thing. Went back to the firewall, still trying to get out. Back to the PC, couldn't find a damn thing. That's the day I decided to make it a rule to nuke everything and start over. This was long before CryptoLockers and the like.
Incidentally, that PC has been a major problem for my entire career. You may remember a couple weeks back that I spent the better part of a late night cleaning up after a CryptoLocker hit us. This was the PC where it originated. The dude who got it didn't have local admin rights, either. He also made a snickering "huhuhuh, was it the Russians?" comment. I gave him a very terse "yes, it probably was" (you idiot) and walked out carrying the PC. They haven't had their surfing computer for a couple weeks.
if it's only used to surf can you give them a Linux Machine or a Chromebook or something?
Yeah, probably would have been a decent idea, but now they do something that is fairly critical on that PC in Access (against my advice) where they have to be logged in as themselves (rather than the generic user that they use on other PCs). So their boss told them not to surf on it. At all. He was pretty ticked off about the situation. Because of their history, he's the only supervisor who I will pull webfilter logs for if he asks.
I don't. It only soothes my worries so much though. I mean, how good can the IT system for my bank be if the default password for new accounts is the name of the bank in all lower case.
This is a bank that we refer to as a "Gold" bank because over 50% of their customer base have accounts with 1 million + in them, and their customers are notoriously picky (As is to be expected).
Also, HAHAHAHAHAHAHAHAHAHAHAHAHAHA, man, what?
Yeah.
Not my term.
Mostly farmers who, despite what people tell you, are rich as fuck.
Farmers have a crazy amount of money going into and out of their accounts. Dairy farmers especially.
This is a bank that we refer to as a "Gold" bank because over 50% of their customer base have accounts with 1 million + in them, and their customers are notoriously picky (As is to be expected).
Also, HAHAHAHAHAHAHAHAHAHAHAHAHAHA, man, what?
Yeah.
Not my term.
Mostly farmers who, despite what people tell you, are rich as fuck.
Farmers have a crazy amount of money going into and out of their accounts. Dairy farmers especially.
This. Back when I worked for a bank, one of my jobs was selling check scanners to farmers, so they could deposit checks from home, because their money needed to be that fucking fluid if they hoped to pay their hundreds of loans and offset the purchases they made earlier that morning.
There's a difference between everyone thinking it's your problem and it actually being your problem.
In IT we sometimes need to remind people of that.
I got tired of the puzzled looks and hurt expressions I suppose. That and my department head for some reason feels we should take care of things like physical security, key inventories, etc. My boss is wearing him down though.
This is a bank that we refer to as a "Gold" bank because over 50% of their customer base have accounts with 1 million + in them, and their customers are notoriously picky (As is to be expected).
Also, HAHAHAHAHAHAHAHAHAHAHAHAHAHA, man, what?
Yeah.
Not my term.
Mostly farmers who, despite what people tell you, are rich as fuck.
I work for an ag lender.
This is kind of true (mostly they are asset rich), but most are a bad season away from disaster as well. Usually though the really rich ones have enough land they can sell some and recover, just downsized a bit.
Why does the BIOS of the PC I'm creating the bootable USB on matter? I'm not intending to boot that PC with it, I'm creating it to use on a different PC.
Why does the BIOS of the PC I'm creating the bootable USB on matter? I'm not intending to boot that PC with it, I'm creating it to use on a different PC.
do not quote me on this, but I believe it is because when you use the tool it actually takes the boot files from the local PC and puts that into the image. That's how media is created manually, you take the boot files and stick them onto the media you plan to boot from. Since Windows 7 doesn't support booting from UEFI the tool can't work since it doesn't have any bootable files to grab.
jungleroomxIt's never too many graves, it's always not enough shovelsRegistered Userregular
edited January 2017
Update:
System is clean AF. Ran MBAM Chameleon and it did the trick (thanks!). Nice program!
Servers are quote "running better than they have in years!", asked me if I could put together a bit of training for her to get down security basics or if I could recommend a good resource. I did both and put a Security+ study guide link on there for her. I will always help people who want to help themselves.
The lady I've been working with (not the one who put the coupon shit on there) has been really cool about it, extremely empathetic, and very down to earth.
She said today she was probably going to fire the mom and pop company that's been administrating their machines locally because of this mess, and they fired the person who installed the coupon thing. Yeah, she told me (in not so many words).
they can only do what their budget allows them to do unfortunately
I've had to cut corners like that with shitboss-co because that was his policy. But if it were me and my business? I'd give them a bare minimum and then give them "bonus options" (more advanced stuff).
Without the bare minimum I wouldn't even touch it.
I can't stand cutting corners to make a buck, it annoys me because it makes you look like a fool, and it always bites you in the ass.
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
+3
jungleroomxIt's never too many graves, it's always not enough shovelsRegistered Userregular
they can only do what their budget allows them to do unfortunately
I've had to cut corners like that with shitboss-co because that was his policy. But if it were me and my business? I'd give them a bare minimum and then give them "bonus options" (more advanced stuff).
Without the bare minimum I wouldn't even touch it.
I can't stand cutting corners to make a buck, it annoys me because it makes you look like a fool, and it always bites you in the ass.
They installed the patch management system, gave them a report a week ago that all updates were going fine, meanwhile the last server update that actually installed did so on 12/13/2016.
they can only do what their budget allows them to do unfortunately
I've had to cut corners like that with shitboss-co because that was his policy. But if it were me and my business? I'd give them a bare minimum and then give them "bonus options" (more advanced stuff).
Without the bare minimum I wouldn't even touch it.
I can't stand cutting corners to make a buck, it annoys me because it makes you look like a fool, and it always bites you in the ass.
They installed the patch management system, gave them a report a week ago that all updates were going fine, meanwhile the last server update that actually installed did so on 12/13/2016.
Uh... that was the last MS patch Tuesday. That seems correct.
It really doesn't seem like the local shop's fault but it's also not our problem. People's heads roll all the time for things that weren't their fault.
If some bank comes to you and says "Do our IT for $$$." and then proceeds to tell you a bad set of restrictions that are counterproductive and harmful you have two choices. Take the $$$ and just do as they ask or walk away.
My guess is the local IT shop is not knowledgeable enough to know that the second option was the better choice.
Seidkona on
Mostly just huntin' monsters.
XBL:Phenyhelm - 3DS:Phenyhelm
0
jungleroomxIt's never too many graves, it's always not enough shovelsRegistered Userregular
they can only do what their budget allows them to do unfortunately
I've had to cut corners like that with shitboss-co because that was his policy. But if it were me and my business? I'd give them a bare minimum and then give them "bonus options" (more advanced stuff).
Without the bare minimum I wouldn't even touch it.
I can't stand cutting corners to make a buck, it annoys me because it makes you look like a fool, and it always bites you in the ass.
They installed the patch management system, gave them a report a week ago that all updates were going fine, meanwhile the last server update that actually installed did so on 12/13/2016.
Uh... that was the last MS patch Tuesday. That seems correct.
The win update manager said it was 11 updates behind.
Including the security rollup.
0
jungleroomxIt's never too many graves, it's always not enough shovelsRegistered Userregular
It really doesn't seem like the local shop's fault but it's also not our problem. People's heads roll all the time for things that weren't their fault.
They were the ones who performed the initial audit and said the banks updating system (which was 5 behind at the time) was unsatisfactory and they're the ones who put on that Solar Winds patch management system with SQL 2005.
When I went into Solar Winds, nothing was set up to run at all.
So, yeah, I can say it's their fault with a bit of authority.
It really doesn't seem like the local shop's fault but it's also not our problem. People's heads roll all the time for things that weren't their fault.
They were the ones who performed the initial audit and said the banks updating system (which was 5 behind at the time) was unsatisfactory and they're the ones who put on that Solar Winds patch management system with SQL 2005.
When I went into Solar Winds, nothing was set up to run at all.
So, yeah, I can say it's their fault with a bit of authority.
Ok. that was their fault. Is there an update that would have been installed between 12/13/2016 and now that would have prevented the coupon fiasco?
No.
This is a management issue and management not treating IT as a real thing that needs to be handled correctly.
Someone trying to milk them for a patch system isn't the disease it's a symptom.
Seidkona on
Mostly just huntin' monsters.
XBL:Phenyhelm - 3DS:Phenyhelm
+2
jungleroomxIt's never too many graves, it's always not enough shovelsRegistered Userregular
Also, any non-function of the server that causes issues with the banking software is immediately our problem.
So not only am I fighting against anew incompetent user, a sub-par and potentially catastrophic setup, and a system of intricate processes, configuration files, networking setups, AND the wonderful world of "everything is a different version", NOW I've got a local shop that has:
1) Updated to TLS 1.2 for no reason, crashing SQL Server completely and put the bank out of business for a few hours
2) Enabled SMB, which bluescreened everything
3) Uninstalled Net 2.0, which bluescreened their servers
4) Disabled our admin accounts
5) Now this shit with their "patch management".
Basically, every time I work with this bank, I see the name of that company and I vomit a little.
It really doesn't seem like the local shop's fault but it's also not our problem. People's heads roll all the time for things that weren't their fault.
They were the ones who performed the initial audit and said the banks updating system (which was 5 behind at the time) was unsatisfactory and they're the ones who put on that Solar Winds patch management system with SQL 2005.
When I went into Solar Winds, nothing was set up to run at all.
So, yeah, I can say it's their fault with a bit of authority.
Ok. that was their fault. Is there an update that would have been installed between 12/13/2016 and now that would have prevented the coupon fiasco?
No.
This is a management issue and management not treating IT as a real thing that needs to be handled correctly.
Someone trying to milk them for a patch system isn't the disease it's a symptom.
Oh I mean, yes, the management there is ridiculous. As it is most places.
I still hate them because they make my life miserable constantly.
+1
jungleroomxIt's never too many graves, it's always not enough shovelsRegistered Userregular
I am really not trying to defend them and let's get one thing straight. You definitely are NOT the issue here.
Only trying to point out that blame is very seldom so easy to place.
and yeah all of that shit is amateur hour except for TLS 1.2.
I'd say upgrading TLS to 1.2 was a pretty smart move had they actually done it correctly.
I know, I'm helpdesk venting.
The one phrase we mutter more than nearly anything is probably "Sorry, I'm not mad at you.. ", right behind "Are you fucking kidding me?"
The TLS update is touchy as hell and the combination of them not using Oracle stuff and their security by obscurity made the risk analysis point to "Wait until the MS SQL and TLS thing works a little better."
The only time a trackball was ever worth anything.
Being young enough to not be familiar with that, what even is that? I see a joystick/joypad and the trackball. What game made buying that in particular a necessity? Or was it more that other joysticks/joypads at the time simply lacked more than two buttons?
The only time a trackball was ever worth anything.
Being young enough to not be familiar with that, what even is that? I see a joystick/joypad and the trackball. What game made buying that in particular a necessity? Or was it more that other joysticks/joypads at the time simply lacked more than two buttons?
Well. . .
That joystick setup was a super niche controller designed for FPS games. You used the trackball for looking and the joystick for wasd.
I loved it and, yes, all of my LAN friends looked at me funny.
Seidkona on
Mostly just huntin' monsters.
XBL:Phenyhelm - 3DS:Phenyhelm
Posts
This is a clickable link to my Steam Profile.
The bank fees are so low for a reason.
Yeah.
Not my term.
Mostly farmers who, despite what people tell you, are rich as fuck.
This is a clickable link to my Steam Profile.
I can assure you, you don't bank with them.
Unless you live in a small town of 500 in North Dakota.
Farmers have a crazy amount of money going into and out of their accounts. Dairy farmers especially.
This. Back when I worked for a bank, one of my jobs was selling check scanners to farmers, so they could deposit checks from home, because their money needed to be that fucking fluid if they hoped to pay their hundreds of loans and offset the purchases they made earlier that morning.
I got tired of the puzzled looks and hurt expressions I suppose. That and my department head for some reason feels we should take care of things like physical security, key inventories, etc. My boss is wearing him down though.
Is that good or bad?
I work for an ag lender.
This is kind of true (mostly they are asset rich), but most are a bad season away from disaster as well. Usually though the really rich ones have enough land they can sell some and recover, just downsized a bit.
Farming equipment is freaking expensive.
That is fucking stupid.
Remember, Windows 7 is 8 years old now. For as many people that still use it... it isn't exactly modern by any stretch.
Have you ever tried installing it on a laptop with a nvme SSD? It's a goddamned nightmare.
Why does the BIOS of the PC I'm creating the bootable USB on matter? I'm not intending to boot that PC with it, I'm creating it to use on a different PC.
do not quote me on this, but I believe it is because when you use the tool it actually takes the boot files from the local PC and puts that into the image. That's how media is created manually, you take the boot files and stick them onto the media you plan to boot from. Since Windows 7 doesn't support booting from UEFI the tool can't work since it doesn't have any bootable files to grab.
System is clean AF. Ran MBAM Chameleon and it did the trick (thanks!). Nice program!
Servers are quote "running better than they have in years!", asked me if I could put together a bit of training for her to get down security basics or if I could recommend a good resource. I did both and put a Security+ study guide link on there for her. I will always help people who want to help themselves.
The lady I've been working with (not the one who put the coupon shit on there) has been really cool about it, extremely empathetic, and very down to earth.
She said today she was probably going to fire the mom and pop company that's been administrating their machines locally because of this mess, and they fired the person who installed the coupon thing. Yeah, she told me (in not so many words).
they can only do what their budget allows them to do unfortunately
I've had to cut corners like that with shitboss-co because that was his policy. But if it were me and my business? I'd give them a bare minimum and then give them "bonus options" (more advanced stuff).
Without the bare minimum I wouldn't even touch it.
I can't stand cutting corners to make a buck, it annoys me because it makes you look like a fool, and it always bites you in the ass.
They installed the patch management system, gave them a report a week ago that all updates were going fine, meanwhile the last server update that actually installed did so on 12/13/2016.
Don't know, don't know, all I know is that I've deleted almost 4gb of what amounts to digital chaff off of their servers. 1k at a time.
Uh... that was the last MS patch Tuesday. That seems correct.
If some bank comes to you and says "Do our IT for $$$." and then proceeds to tell you a bad set of restrictions that are counterproductive and harmful you have two choices. Take the $$$ and just do as they ask or walk away.
My guess is the local IT shop is not knowledgeable enough to know that the second option was the better choice.
XBL:Phenyhelm - 3DS:Phenyhelm
The win update manager said it was 11 updates behind.
Including the security rollup.
They were the ones who performed the initial audit and said the banks updating system (which was 5 behind at the time) was unsatisfactory and they're the ones who put on that Solar Winds patch management system with SQL 2005.
When I went into Solar Winds, nothing was set up to run at all.
So, yeah, I can say it's their fault with a bit of authority.
Ok. that was their fault. Is there an update that would have been installed between 12/13/2016 and now that would have prevented the coupon fiasco?
No.
This is a management issue and management not treating IT as a real thing that needs to be handled correctly.
Someone trying to milk them for a patch system isn't the disease it's a symptom.
XBL:Phenyhelm - 3DS:Phenyhelm
So not only am I fighting against anew incompetent user, a sub-par and potentially catastrophic setup, and a system of intricate processes, configuration files, networking setups, AND the wonderful world of "everything is a different version", NOW I've got a local shop that has:
1) Updated to TLS 1.2 for no reason, crashing SQL Server completely and put the bank out of business for a few hours
2) Enabled SMB, which bluescreened everything
3) Uninstalled Net 2.0, which bluescreened their servers
4) Disabled our admin accounts
5) Now this shit with their "patch management".
Basically, every time I work with this bank, I see the name of that company and I vomit a little.
Only trying to point out that blame is very seldom so easy to place.
and yeah all of that shit is amateur hour except for TLS 1.2.
I'd say upgrading TLS to 1.2 was a pretty smart move had they actually done it correctly.
XBL:Phenyhelm - 3DS:Phenyhelm
Oh I mean, yes, the management there is ridiculous. As it is most places.
I still hate them because they make my life miserable constantly.
I know, I'm helpdesk venting.
The one phrase we mutter more than nearly anything is probably "Sorry, I'm not mad at you.. ", right behind "Are you fucking kidding me?"
The TLS update is touchy as hell and the combination of them not using Oracle stuff and their security by obscurity made the risk analysis point to "Wait until the MS SQL and TLS thing works a little better."
I used to love them in the 80s
but I have not been able to use one in the recent past, just, everything requires far too much exactness now-a-days
Yeah, I'm just imagining trying to get the cursor to where it needs to be so I can scale a window, and....just....fucking.....god......
The only time a trackball was ever worth anything.
XBL:Phenyhelm - 3DS:Phenyhelm
I wish they had force feedback ones still.
Being young enough to not be familiar with that, what even is that? I see a joystick/joypad and the trackball. What game made buying that in particular a necessity? Or was it more that other joysticks/joypads at the time simply lacked more than two buttons?
Well. . .
That joystick setup was a super niche controller designed for FPS games. You used the trackball for looking and the joystick for wasd.
I loved it and, yes, all of my LAN friends looked at me funny.
XBL:Phenyhelm - 3DS:Phenyhelm