Random Thoughts - Part Deux [NO POLITICS]

[Ultramaroon]

Quote:

Originally Posted by Leonardo

Hole + Fan!

I cut the hole using my new dewalt cordless jig saw. It is a HUGE upgrade compared to my older Skill jig saw! Anyway, the fan fits perfect!

Are you a fan of your fan? Does it suck?

[EAGLE5]

Quote:

Originally Posted by Ultramaroon

Are you a fan of your fan? Does it suck?

Your jokes blow.

[JD001]

Quote:

Originally Posted by jsimon7777

I didn't design the "like" only system that has since become the "I validate your feelings" button.

I was expecting a "thanks!"..

[Leonardo]

Quote:

Originally Posted by Ultramaroon

Are you a fan of your fan? Does it suck?

Yes, I am a fan of my fan. I ordered the least expensive model of MaxxAir MaxxFan Deluxe that is only an exhaust fan. The top model has suck and blow functions. (at double the cost) And has app connectivity, but I don't need that either...

Anyway, All the MaxxAir MaxxFan Deluxe models move 900cfm. This effectively exchanges the air in my van several times a minute. And is mainly to avoid condensation, but will come in super handy when our pup is smelly. (Toot toot! ) It keeps the van within a few degrees of the ambient air temp.

Really it is THE fan to get. The only other fan that comes highly recommended is the Fantastic Fan. And it doesn't have as nice of a rain cover. So, I got the MaxxFan.

[Ultramaroon]

Quote:

Originally Posted by Leonardo

(Toot toot! )

I need one of these.

https://www.bigassfans.com/

[ScoobsMcGee]

Had something interesting happen in the past few days, particularly for a security analyst: despite using unique passwords on every account that has financial data associated with it, one of my accounts were compromised. I had an old Dominos.com account that I had forgotten about, which had credit card information saved to the site. Last Thursday I received an email from Dominos thanking me for an order that was delivered to a private residence in Brooklyn, using a valid phone number. I called the Dominos store and instructed them that the order was fake, and they cancelled the charge (or said they did, and they weren't happy about it since they already delivered the food).

What else is interesting is that the card on file, while it has the same number as my current card, had expired years ago and didn't have a CVV supplied. Dominos.com still approved the charge and submitted the order, which turns out my bank declined anyway. Dominos also responded to my cancelling the order by deleting my account and banning my email from registering a new account. Which doesn't bother me any.

TL;DR: Enable MFA everywhere you can, and if you have a Dominos.com account, change the password. Now. Probably also removed saved CC info.







also i may or may not have signed up the mobile number they used for a couple of different spam call lists

[qcbaker]

Quote:

Originally Posted by ScoobsMcGee

Had something interesting happen in the past few days, particularly for a security analyst: despite using unique passwords on every account that has financial data associated with it, one of my accounts were compromised.
...

Speaking of using unique passwords...

I responded to an alert earlier this week saying one of our users logged in from an IP based in India. User was already signed up for MFA, but the specific authentication method didn't cause an MFA prompt in this case. Told our support team to walk the user through a password reset. They then came back to me and said it was done but that the user mentioned having a similar issue with their paypal account. So, I called the user and asked what email address they use for Paypal, then searched that email address on haveibeenpwned and found that their LinkedIn email/password combo had been posted online. I'm guessing when attacker got in to that account, they discovered the user's work email address, which they then used as a username (combined with the LinkedIn password) against Office 365, which worked because, you guessed it, the user was using the same password for our Office stuff as they were using for LinkedIn (and Paypal, and Facebook, and Amazon, etc.).

[EAGLE5]

Quote:

Originally Posted by JD001

I was expecting a "thanks!"..

I get a perverse satisfaction out of not giving it to you.

Quote:

Originally Posted by ScoobsMcGee

TL;DR: Enable MFA everywhere you can, and if you have a Dominos.com account, change the password. Now. Probably also removed saved CC info.

I can't stand MFA. It turns a simple login into a pain in the ass. Oh, sorry, phone is in the other room and now I need a text to log in. Gotta get up. Get the text. Type it in. Then half the time the sites don't remember my computer so I have to do it over and over. Poorly engineered shit 90% of the time.

[ScoobsMcGee]

Quote:

Originally Posted by jsimon7777

I can't stand MFA. It turns a simple login into a pain in the ass. Oh, sorry, phone is in the other room and now I need a text to log in. Gotta get up. Get the text. Type it in. Then half the time the sites don't remember my computer so I have to do it over and over. Poorly engineered shit 90% of the time.

PEBKAC

[Spuds]

Quote:

Originally Posted by Ultramaroon

I need one of these.

https://www.bigassfans.com/

I have been in a large building with one of these running. They work, but holyshit do I not feel comfortable underneath it...

[EAGLE5]

Quote:

Originally Posted by ScoobsMcGee

PEBKAC

If multi-factor auth were so good, Google, Apple, and others wouldn't be moving towards single point logins.

PEBOFSE. Problem exists because of stupid engineers.

[Sapphireho]

Quote:

Originally Posted by Ultramaroon

I need one of these.

https://www.bigassfans.com/

Canadian fan made out of hockey sticks?

[Spuds]

Quote:

Originally Posted by Sapphireho

Canadian fan made out of hockey sticks?

Winglets.

[ScoobsMcGee]

Quote:

Originally Posted by jsimon7777

If multi-factor auth were so good, Google, Apple, and others wouldn't be moving towards single point logins.

PEBOFSE. Problem exists because of stupid engineers.

Story time, although I'm pretty sure its a story I've told on here before.

When I was a Wee McGee in the fourth grade, maybe fifth, I was learning to play trumpet. I sucked at trumpet. My fat lips couldn't form half the notes let alone hold them, and I would frequently say there was something wrong with the instrument. At one point, the instructor asked for the trumpet, took out my mouthpiece, used his own, and proceeded to play Jericho perfectly fine. He then handed the instrument back to me and said "trumpet's fine." Kind of a jerk move to pull on a 10 year old, but it did stick with me to not blame equipment when I screw up.

Some people never learned that lesson.

That said, I don't have anything to do with engineering MFA, and actually prefer CA with machine authentication in a business environment; however, I've never had an issue with it either. Because it's simple. Really damn simple.