Problems connecting to Cisco devices using ssh

Accessing Cisco devices from native ssh tools often generators an error due to mismatched key exchanges. This will fix that issue.

Issue

Unable to access Cisco-based devices via native ssh command due to no matching key exchange found.

1
2
~ » ssh admin@ciscodevice
Unable to negotiate with 1.1.1.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,kex-strict-s-v00@openssh.com

Verification

Check to see if diffie-hellman-group14-sha1 and are enabled. You can see below that diffie-hellman-group14-sha1 is listed, but kex-strict-s-v00\@openssh.com is not.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
~ » ssh -Q kex                                                                 
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
curve25519-sha256
curve25519-sha256@libssh.org
sntrup761x25519-sha512@openssh.com

Cause

The kex cipher is not enabled by default in OpenSSH.

Workaround

Enable the required exchanges using command line parameters.

1
ssh -o KexAlgorithms=diffie-hellman-group14-sha1 admin@ciscodevice

Resolution

Enabled the required exchanges in the OpenSSH machine-wide config.

1
2
3
4
sudo nano /etc/ssh/ssh_config
## scroll to end of file, add this line
KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
## ctrl-x and save the file.

Using Kerberos Configuration Manager to configure SPNs for SQL Server

SQL Server Logo

Microsoft SQL Server requires Service Principal Name (SPN) records to be set up for authentication because of the way it interacts with Windows Authentication using Kerberos protocol. When a user attempts to connect to the SQL Server instance, the client’s operating system requests a Kerberos ticket from the server, which is then verified by checking if an SPN record has been registered for the service instance. If no valid SPN record exists or is incorrect, the Kerberos protocol fails and authentication fails, resulting in an error. This mechanism ensures that the server can verify the client’s identity and authenticate the connection securely, making SPN records a crucial component of Windows Authentication in SQL Server.

Configuring the SPN records

  1. Log in to the server’s console with your RT account.
  2. Download the tool: Microsoft Kerberos Configuration Manager for SQL Server
  3. Install the tool using the default options.
  4. Open the File Explorer and navigate to C:\Program Files\Microsoft\Kerberos Configuration Manager for SQL Server. Right-Click on KerberosConfigMgr and select Run as administrator.
    Image
  5. Click on Connect. 
    Image
  6. Type localhost in the Server name field and click on Connect.
    Image
  7. Review the SPN records to determine if they are correct. If none exist click the Generate All button. If some exist click the Fix All button. For most new server builds, clicking Fix All is the correct option.
    Image
  8. After clicking Fix All you will be presented with the list of changes. Click Yes and allow the process to finish.
    Image
  9. The process may take 15+ minutes to syncronize across the domain.
  10. Reboot the SQL server.
  11. Test the connectivity.

InfoSec News – August 2nd

Vulnerabilities & Patches

VMWare vulnerability allows easy Admin access: Rapid7, CISA, Microsoft where among several vendors that called out CVE-2024-37085 as an Active Directory privilege bypass vulnerability disclosed by Broadcom. Broadcom released a patch, but only for the latest versions of the affected platforms. Those using ESXi v7 can only leverage a workaround to combat the issue. Ransomware actors are actively exploiting this vulnerability to quickly gain admin access to a victim’s virtual infrastructure.

This is an easy bug to exploit if an attacker gets access to Active Directory. It simply involves creating the proper group and adding themselves to it. An attacker having administrative access to Active Directory is bad enough. Don’t let them get access to easily destroy all of your VMs as well.

IBM, Nike, Disney, others caught in Proofpoint phish palaver • The Register – Proofpoint’s insecure-by-default setup allowed phishing attack to piggyback on their email infrastructure to appear as legit messages. This flaw can happen with any improperly secured email infrastructure, so review your settings to be sure only your users can use it to send emails.

Critical security vulnerabilities in Voice over WiFi – It looks like cell providers made some less than ideal choices which could render WiFi calling insecure.

Threat Actor Abuses Cloudflare Tunnels to Deliver RATs | Proofpoint US – The Proofpoint blog post examins how attackers are exploiting TryCloudflare single-use tunnels to conceal their infrastructure and deliver RATs, complicating detection and response efforts.

Breaches & Attacks

AMI Platform Key leak undermines Secure Boot on 800+ PC models – BOIS maker American Megatrends (AMI) managed to leak a test key which allows Secure Boot to be bypassed in major manufacturers BIOS. This can (and likely will) be leveraged to install BIOS/UEFI level rootkits. This affects Acer, Aopen, Dell, Formelife, Fujitsu, Gigabyte, HP, Intel, Lenovo, and Supermicro. Here’s a list of the affected products. I do not know if this is a full list.

IBM Report: Escalating Data Breach Disruption Pushes Costs to New Highs – IBM’s annual report claims average breach costs are up to $4.8m in 2024.

Microsoft says massive Azure outage was caused by DDoS attack – This affected many services such as Azure, O365, Purview, Intune and Defender. Microsoft’s DDoS mititgation accidentally made the recent attack on Azure worse instead of better due to a configuration error. The final details aren’t out yet, but it’s another reminder that good quality control is hare for infosec.

DNS Early Detection – Breaking the Black Basta Ransomware Kill Chain | Infoblox – Infoblox highlights how early detection of DNS anomalies can disrupt the Black Basta ransomware kill chain and enhance cybersecurity defenses. The article contains a list of domains you should block if they aren’t already (InfoBlox & Umbrella already are).

FBI Warns of Scammers Impersonating Cryptocurrency Exchanges – Warn your members about this one.

Security

Blog | Too big to care? – Our disappointment with Cloudflare’s anti-abuse posture | Resources – Spamhaus criticizes Cloudflare for its inadequate response to abuse and spam issues, arguing that the company’s approach enables malicious activities to persist.

Twitter is training it’s AI on your data – Elon just gave his AI access to all your Twitter data. One more reason I’m glad I ditched this site a while ago.

GitHub – ssoready/ssoready: Open-source dev tools for enterprise SSO. Ship SAML support this afternoon. – If you’re building web apps, build in SSO. This open source package will help.

More CrowdStrike Fallout

Technology

There is no fix for Intel’s crashing 13th and 14th Gen CPUs — any damage is permanent – The Verge – Intel is not saying they will replace chips that have already failed.

GitHub – onceupon/Bash-Oneliner: A collection of handy Bash One-Liners and terminal tricks for data processing and Linux system maintenance. – A collection of handy Bash One-Liners and terminal tricks for data processing and Linux system maintenance.

How to get started with digital estate planning – 1Password wrote a nice white paper on handling your digital legacy.

InfoSec News – July 26th 2024

Server racks on fire

More on the Crowdstrike BSoD

Security

CU Loses Nearly $300,000 in Four Hours With ATM Skimming Device – ATM skimming is on the rise across the country, but it doesn’t get talked about very much. Make sure to take steps to protect yourself and your organization from these attacks.

Chrome will now prompt some users to send passwords for suspicious files | Ars Technica – The files will be deep scanned by Google, then the passwords and files will be deleted (they claim).

Ransomware ecosystem fragmenting under law enforcement pressure and distrust – (Courtesy Seriously Risky Business Newsletter) – The increased fragmentation is a good thing, but it’s no reason to back off controls and protections.

Breaches & Attacks

Following Ransomware Attack, Patelco Has Restored Many Services, But Others Remain Unavailable / Fresh Today / CUToday.info – CU Today – I have a hunch the offline services are all located in the credit union’s data center, which likely means they are being rebuilt from scratch or restored from offsite backups.

Russian ICS malware cuts heat to 600 Ukrainian buildings – This new malware appears to directly manipulate devices using the common MODBUS protocol instead of vulnerabilities in the devices themselves. MODBUS is common in ICS, HVAC, and power systems. The protocol is not encrypted or authenticated. Take care to segment these devices away from normal business networks.

Squarespace Status – Domain Hijacking – Squarespace finally published their version of the domain takeover incidents related to the Google Domains business they acquired. TL;DR – make sure MFA is enabled on your Squarespace account.

How a North Korean Fake IT Worker Tried to Infiltrate Us – KnowBe4 was victim of a North Korean social engineering attack. The attacker created a synthetic identity and managed to get hired to a key IT position.

Vulnerabilities & Patches

TuDoor – A new vulnerability affecting many DNS resolvers has been discovered which allows cache poisoning, denial-of-service, and resource consumption.

Windows 11, version 22H2 known issues and notifications | Microsoft Learn – KB5040442 might require you to enter the Bitlocker recovery key after rebooting on Windows 2022.

Technology

Framework | Fix Consumer Electronics – A nice looking laptop that is designed to be repaired and upgraded! I can’t wait to see someone review these.

The Minimal Company | Live More, Scroll Less. – A stripped down Android-based phone, eInk display, and hardware keyboard. Another product I would love to see in action.

GPS Alternative: New Technique Uses Cell Signals to Navigate – IEEE Spectrum – The Air Force is testing using cellular signal positioning in the event GPS is blocked or spoofed.

Failure to follow procedures caused US-wide AT&T outage • The Register – Many change control failures and lack of planning lead to the February outage. It’s amazing what a simple peer review/signoff can prevent.

Science & Space

One-dose nasal spray clears toxic Alzheimer’s proteins to improve memory – The spray delivers antibodies to target plaques associated with Alzheimer’s disease.

We’re building nuclear spaceships again—this time for real  | Ars Technica – DARPA and NASA team up to build nuclear rockets for both defense and exploration purposes, 40 years after Nixon killed the original program.

World’s first meltdown-proof nuclear reactor unveiled in China – Tech like this could be the bridge to aid our transition to cleaner power sources like fusion and solar.

Misc

Overcast – This is hands-down the best iOS podcast app! The dev just refreshed the interface and has been cranking out updates in the last couple

InfoSec News – July 20th 2024

It was a week…

Ever had one of those weeks where every day (especially Friday) felt like a Monday? I bet you did this week.

Botched Crowdstike Update takes down the world…kinda

The massive outage caused by a botched CrowdStrike update impacted hundreds if not thousands of organizations globally. Airlines grounded flights, hospitals cancelled surgeries, financial institutions couldn’t serve customers, and even Microsoft 365 experienced a wide scale disruption. I’ll like to the coverage below.

Did mainstream media overhype this one? While it’s true the impacts were widespread, the fix was relatively simple but time consuming. But that isn’t what we heard on CNN, CBS, NBC, or Fox. We heard about the end of the world, not being able to get your money, or how hospitals and airports were completely unable to function. This caused widespread panic. Every vendor had to publish an alert about not being impacted, including my credit union. We had to add a message to our IVR, website, and socials to calm our panicked members. Our only real impact was to a portion of our mortgage origination system, which was resolved by lunch time. So why stir up all that trouble except for the rating?

What was this so huge? Too many vendors build massive, homogeneous Windows environments because it’s easy, comparatively. Most significant back-office systems are based on Microsoft technology, running on Microsoft servers. Crowdstike has obtained a similar market share due to their solid security platform and services. But having all of your eggs in a couple baskets is a huge risk. All it takes is one small mistake in just the right subsystem to bring it all down. I am a firm believer in a heterogeneous system design. Put the right vendors in the right places, but with an eye to not giving one vendor too much. The loss of control with cloud systems can be an unacceptable risk for key systems.

Huge Microsoft Outage Linked to CrowdStrike Takes Down Computers Around the World | WIRED – (Courtesy CyberWire)

Faulty CrowdStrike update causes major global IT outage, taking out banks, airlines and businesses globally | TechCrunch

Using Intune Remediations to Fix the CrowdStrike Driver Bug – Here’s a novel way to fix your CrowdStrike issue with Intune scripts. These scripts could probably be adapted for other platforms and other issues.

A global tech outage brought many computer systems and businesses to a screeching halt. Here’s what happened | CNN Business – Blow-by-blow of the outage impacts.

Technical Details: Falcon Update for Windows Hosts | CrowdStrike – Crowdstike’s account of what happened.

CrowdStrike’s faulty update crashed 8.5 million Windows devices, says Microsoft – The Verge – Less than 1% of the global install based afflicted by this issue caused massive impacts.

And in other news…

Microsoft says its cloud services are back up after major outage | TechRadar – Microsoft experiences an Azure outage that primarily affected the US Central region overnight Friday. This impacted various services during that time. This was a separate issue from the Crowdstike outage, and Microsoft was back up in a reasonable amount of time.

Indiana county files disaster declaration following ransomware attack – Another local government grinding to a halt due to ransomware. Is it time the Fed offered subsidized security services to assist them?

Squarespace DNS hijack spree hits crypto sites – Squarespace disabled MFA on the accounts acquired from Google, which allowed attackers to hijack the domain’s DNS.

CISA broke into US federal agency, wasn’t spotted for months • The Register – (Courtesy TLDR InfoSec) How would you detect a stealthy attacker inside your network?

Cloudflare launches a tool to combat AI bots | TechCrunch – (Courtesy Daniel Miessler) It appears the basics of this tool are free to anyone with a Cloudflare account. I’ve enabled the protections on my blog to see if there are any issues with this.

Hackers use PoC exploits in attacks 22 minutes after release – (Courtesy TLDR InfoSec) This should not be a surprise to anyone. The window from PoC to wild exploitation is getting shorter, but not all patching policies are keeping up with this.

Rite Aid confirms data breach after June ransomware attack – RansomHub gang claims to have 10gb of customer data from the US pharmacy change. RiteAid has not confirmed the extent of the attack.

Reinstatement of net neutrality rules temporarily halted by appeals court – The Verge – It looks like Net Neutrality will be the first victim of the loss of the Chevron doctrine.

Vulnerabilities and Patches

Increase In The Exploitation Of Microsoft SmartScreen Vulnerability CVE-2024-21412 – Cyble – Attackers are using a multi-stage exploit to gain a foothold on machines and steal information. **get flowchart image from link to embed **

Exim vulnerability affecting 1.5M servers lets attackers attach malicious files | Ars Technica – (Courtesy TLDR InfoSec) EXIM bug allows an attacker to bypass file extension blocking, possibly allow malicious files. All but the lastest RC for Exim is affected.

GitLab Sends Users Scrambling Again With New CI/CD Pipeline Takeover Vuln – (Courtesy TLDR InfoSec) A new 9.6 CVE in Gitlab pipelines. Deploy the fix ASAP.

Critical Cisco bug lets hackers add root users on SEG devices – Cisco’s secure email gateway (formerly IronPort) has a critical file processing bug. Cisco PSIRT Post

Cisco Smart Software Manager On-Prem Password Change Vulnerability – Cisco Smart Licensing on-prem application has a critical bug affecting all but the latest version.

CVE-2024-38021: Moniker RCE Vulnerability Uncovered in Microsoft Outlook – 0day RCE in Outlook on Windows clients. MSRC’s post.

Security

Exchange Online Supports Inbound SMTP DANE with DNSSEC – DNSSEC and DANE can greatly improve your email security by verification of SMTP server security in DNS. This ensures a bad actor cannot easily redirect incoming email for a domain. Combine this with full DMARC compliance for a bi-directional security upgrade.

Introducing Windows 11 checkpoint cumulative updates | Windows IT Pro Blog – (Courtesy Risky.Biz) Windows 11/2025 patching will move to a more efficient checkpoint model, changing only what needs to be changed. This will definitely speed up patching, but you will no longer be able to skip patches. This will impact golden image maintenance, new PC builds, and various other processes that rely on cumulative patches.

Password Breaking A to Z | ElcomSoft blog – A great primer on password cracking: what it does, how it works, and what hardware works best. I would recommend for any experience level as there are a ton of links to more detailed articles.

Leadership

Your Company’s Problem is Hiding in Plain Sight – High Work-In-Progress (WIP) – (Courtesy Daniel Miessler) Too many active projects results in less output. “Being too busy isn’t a badge of honor. It’s a symptom of dysfunction. It’s a sign your system optimizes for keeping people busy over keeping the work busy moving.”

InfoSec News – July 12, 2024

I am switching to a weekly newsletter format for these posts. I spend a lot of time during the week scanning newsfeeds to find interesting and relevant information as part of my day job. I am already sharing these with my team, so why not share them with the wider infosec community?

My hope is to product at least one of these post weekly, then share it with the great community. It could be via social media or an email newsletter, or both. My goal is to drop the post and have the rest happen automatically. But for now, I’ll be happy with just a weekly post every Friday.

I hope you find this valuable! – Chris

Patelco CU Breach

Patelco CU Reported Data Breach in 2023, Affected 181,000 Members – Patelco suffered another data breach in late 2023 due to the MOVEit vulnerabilities. The Clop ransomware gang was appearantly able to gather sensative date on all 181,507 members. Members have files a class-action lawsuit related to this incident. It is unclear if this eventually lead to the June 2024 ransomware attack, but I suspect the forensic investigation will find that link.

Patelco CU Reports ‘Serious Security Incident’ – A large California credit union was crippled by ransonware over the last few weeks.

Pressure Mounts on Patelco, So Do the Class Action Lawsuits – Patelco now has several class-action lawsuits against it due to this ransomware attack.

Patelco’s Network Stabilized 8 Days After Ransomware Attack – The credit union has been able to start processing transactions again, but they still have a long way to go before they are back online for their members.

Vulnerabilities

CVE-2024-38021: Moniker RCE Vulnerability Uncovered in Microsoft Outlook – Remote code exec bug patched this week by Microsoft.

Resurrecting Internet Explorer: Threat Actors Using Zero-day Tricks in Internet Shortcut File to Lure Victims (CVE-2024-38112) – Check Point Research – 0-day RCE on all versions of Windows leveraging URL shortcut files. This has been actively exploited for the last 18 months. Roll this patch as soon as possible, but you should also be treating URL files like executables, LNKs, shortcuts, etc. Strip them from emails and prevent users from downloading them.

New Blast-RADIUS attack breaks 30-year-old protocol used in networks everywhere | Ars Technica – TL;DR this is a RADIUS MitM attack made possible by non-standard MD5, but only if you are not using TLS/DTLS. Best mitigation is to switch to TLS/DTLS transport. I believe the purported impacts of this are overblown. An attacker needs to be inside the network to catch these under typical corporate implementations. And how many RADIUS over the internet implementations are not using TLS? My guess is not many.

RADIUS Protocol Spoofing Vulnerability (Blast-RADIUS): July 2024 – TL;DR – Cisco isn’t sure what products are affected yet, but watch this for more updates.

Critical Ghostscript flaw exploited in the wild. Patch it now! – Threat actors are actively exploiting a Ghostscript vulnerability to escape the sandbox for remote code execution.

Breaches & Attacks

Troy Hunt: Telegram Combolists and 361M Email Addresses – Another huge dump of usernames and passwords hit the web. Some of this data is old/reused, but some of it appears to be relatively new. Time to rotate passwords??

Microsoft Orders China Staff to Switch From Android Phones to iPhones for Work – Bloomberg – Might be petty, but this made me chuckle. Please, employees, use our biggest competitor’s product!

SysInformation Healthcare Services, LLC Provides Notice of a Data Security Event – SysInformation Healthcare Services (TX, USA) suffered a major data breach a year ago, only recently disclosed. Attackers got name, date of birth, health insurance information, medical history, and treatment information. They recommended credit monitoring. And their victims recommended compensation: SysInformation Healthcare Services Data Breach Lawsuit | ClassAction.org

AT&T Says Phone Records Of ‘Nearly All’ Customers Breached – AT&T falls victim to the Snowflake breach.

Neiman Marcus data breach: 31 million email addresses found exposed – Troy Hunt found >31mil customer email addresses on the dark web. Another Snowflake related breach.

Security

ANOM – Darknet Diaries – Another great episode discussing the ANOM crime-phones and how the FBI was actually running the show.

Visual guide to SSH tunneling and port forwarding | ITTavern.com – SSH tunneling is always a good trick to keep in your toolbox.

Cyber Scarecrow – This is an interesting concept that has been leveraged with certain malware to prevent install. It’s almost like a vaccination for your PC. I have two concerns: How will they prevent malware from detecting the software rendering it ineffective? How will they prevent false positives by security software? Hopefully more to come from this project.

GitHub – Lissy93/web-check: 🕵️‍♂️ All-in-one OSINT tool for analysing any website – All-in-one OSINT tool for analysing any website.

Cloudflare 1.1.1.1 incident on June 27, 2024 – A Brazilian ISP attempted to blackhole 1.1.1.1, which was then published to the greater internet causing an outage for Cloudflare’s public DNS service. It’s not clear if this was intentional or an accident. My personal opinion: BGP security needs to become a priority across the globe. One rogue change shouldn’t take down a major internet service.

RockYou2024: 10 billion passwords leaked in the largest compilation of all time | Cybernews – Someone has gathered up all of the breached password dumps over the last several years to create another mega-list, but it appears the file is mostly garbage compared to RockYou2021. This Reddit thread talks more about better sources for password lists: https://www.reddit.com/r/hacking/comments/1dxb25f/whet_to_download_rockyou2024/

Overlooked Domain Name Resiliency Issues: Registrar Communications – SANS Internet Storm Center – Another weak point in the internet: registrars. Someone reported a major ISP domain for phishing, causing the registrar to stop resolving the domain. The registrar did not provide any workable resolution process which could be accessed by clients.

How do cryptocurrency drainer phishing scams work? – Great background on crypto-draining attacks and how to avoid them.

Wide World of Cyber: State directed cybercrime – Risky Business – I’ve enjoyed the thoughtful discussions on these episodes. Worth the listen.

Technology

LeonStraathof/pfsense-speedtest-widget – I recently switched to a pfSense router after missing the advanced features not found in my Eeros, but pfSense doesn’t have a built-in speedtest. This dashboard plugin fixed that. No more worrying if the results are skewed due to other hardware!

DNS Deep Diving with Serena DiPenti – YouTube – The first 10 minutes or so gives you a high level understanding of how DNS works. The rest describes common DNS attacks and how pentesters try to exploit DNS.

Interesting News

Secret meeting between Apple and TSMC reported; 2nm capacity – Courtesy Unsupervised Learning – Has Apple locked down all the 2nm chips? Does this give it market superiority? It certainly allows more power in a smaller space.

A Vast, Untapped Source of Lithium Has Just Been Found in The US : ScienceAlert – Courtesy Unsupervised Learning – It looks like the US may be closer to on-shoring our Lithium needs by extraction from fracking water.

US sues Adobe for ‘deceiving’ subscriptions that are too hard to cancel – The Verge – It’s not enough to milk your users for continued shareholder payouts, but you want to force them into a perpetual contract?

Apple is winning in financial services – Looks like Apple could be opening Apple Pay to additional “buy now, pay later” partners.

Supreme Court ruling on Chevron doctrine may upend future cybersecurity regulation | Cybersecurity Dive

HP discontinues online-only LaserJet printers in response to backlash — Instant Ink subscription gets the boot, too | Tom’s Hardware – HP is giving up on their “instant ink” printers, but they won’t unlock those printers from the service.

Thread by @lcasdev on Thread Reader App – Thread Reader App – Google has given their own API’s preference to detailed performance telemetry regardless of user choice, but not other vendors. This impacts all Chromium based browsers. This is a clear violator anti-trust laws.

The last few months

It doesn’t take long for me to forget how long it’s been since I did one of these posts! Here’s a quick update.

What I’ve been doing

Coding: I’ve actually been coding after almost 15 years! We needed to rewrite a custom URL handler to automatically open a member account based on incoming phone number. I’m surprised how fast I picked up VB.Net as I stopped developing just as .NET came on the scene. I forgot how fun it can be! I was able to repurpose a custom screen-pop application for our call center to work with a new contact center solution. My next trick is building powershell routines to keep the user and contact lists updated as the app doesn’t support SCIM user creation.

Cord cutting My wife recently left her positon, so we’ve been trying to downsize our discretionary expenses. Entertainment is a bit part of that expense, so I’ve taken the leap and dropped internet TV in favor of using an HDHomeRun box with the Plex Live TV services. I still need to experiment with how to best record TV shows, but the live TV works well enough. Bandwidth is the biggest issue with antenna placement the next. I’m still experimenting with these. I’ve also jumped on a few deals for older DVD’s and BlueRays to build up a legal movie collection. I’m still working on a solution for sports.

pfSense I’ve come into a few extra hand-me-down PCs, so I’m going to try again to setup a pfSense firewall. My main concerns right now is not getting the full throughput on my fiber connectivity, so I need to run some tests first. More on this as I experiment more.

Writing

Patch Tuesday updates for all! – Unstable Path – It’s patch week…like every other week.

Reading & Listening

Technology

CIO who dropped VMware 18 months ago now very pleased • The Register – Yet another story about how Broadcom is shooting itself in the foot and driving vmWare into the ground.

Security

LastPass Employee Targeted With Deepfake Calls – SecurityWeek – “In our case, an employee received a series of calls, texts, and at least one voicemail featuring an audio deepfake from a threat actor impersonating our CEO via WhatsApp,” LastPass says.

Special Edition: Chris Krebs, Alex Stamos and Patrick Gray – Risky Business – Excellent discussion on supply chain sovereignty! I highly recommend infosec nerds take a listen to a new spin on an old issue.

How it Works – Knocknoc – Interesting tech that I heard about on Risky.biz. Allows you to open ports and access services behind SSO that don’t typically support it.

iOS 17.5 bug undeleted sensitive photos—even on devices you no longer own – The Mac Security Blog – Oops Apple! One of the better descriptions of this issue. And another reminder to think twice before you click that pic.

Windows 11 to Deprecate NTLM, Add AI-Powered App Controls and Security Defenses – MS is putting some needed fixes into Windows 11 security.

Financial

U.S. Economy FAQ: Rising Insurance Prices, Stuck Inflation, and More – The Ringer – This discussion of what’s driving inflation rates contains a great explanation on how inflation is tied to the national debt.

Powershell

Invoke-WebRequest or Invoke-RestMethod? – Truesec – Simple answer – Invoke-WebRequest gives you the complete unfiltered results, where Invoke-RestMethod returns just the results in a custom PSObject.

How to use Invoke RestMethod in PowerShell — LazyAdmin – Great summary on how to use the Invoke-RestMethod in Powershell, including new features in Powershell v7.

Science

Britain says it is developing a radio-wave weapon that can take out a swarm of drones for just $0.12 a shot – This would be far more effective than trying to shoot down a drone.

Quantum networks are closer to reality – The Verge – Amazon is dabbling in quantum networking? I’m not sure what this gets us that current fiber technology doesn’t. My vision for quantum networking is instant communication across any distance, similar to Three Body Problem sophons or Eve Online’s fluid routers.

Ancient viral DNA in the human genome linked to major psychiatric disorders – Could viral DNA explain why humans develop these mental illnesses which appear to go against evolution?

Blogging

How and why to make a /now page on your site | Derek Sivers – If you have a blog, create a /now page and let folks know what you are up to!

sites with a /now page – A collection of /now pages.

Tools

ThomasKur/M365Documentation: Automatic Microsoft 365 Documentation to simplify the life of admins and consultants. – This project is a life saver for documenting your Intune configurations.

jordanbaird/Ice: Powerful menu bar manager for macOS – Awesome little tool to collapse your Mac menu bar icons to only display what you actually need until you need them.

Patch Tuesday updates for all!

Server racks on fire

Updates for March/April

Leadership: My employer decided to honor me with my first official leadership spotlight post! I was also blessed with the opportunity to participate in a fraud and cybersecurity panel during a recent CCUL Upstate Chapter Meeting.

Intune: I’ve been working on my out-of-the-box experience for iPads and MacBooks. I have been fairly successful in with my iPads using specific device configuration profiles, but these aren’t working so well on Macs. Software deployment for Macs is also sub-par, so I’ve been falling back to my current solutions.

Broken Shortcuts: Apple shortcuts has a bug which strips links from the Make Rich Text From tasks (More Info: Adding Rich Text to Note no longer works in iOS 17 : r/shortcuts). This broke my ability to draft my compilation posts in Apple Notes I’m bypassing this by writing directly to a Markdown file in my Shortcuts iCloud folder. My hope is this should work from both Mac and iOS as it has in the past.

Home Automation: I have been using Scrypted to link my cameras into Homebridge, but I am not able to get my smart motion notifications to work. Nor am I able to get my doorbell audio working bidirectionally. Scrypted is great otherwise and I would recommend it for anyone with compatible cameras. I’ll experiment with using Homebridge’s FFMPG plugins again.

Please stop trying to monetize me while I read! I don’t like Medium and other blogger platforms – they seem to be built for profit and drive you to subscribe either to the author’s newsletter or the service by limitingthe number of free views per month. I feel like this is going to backfire in the long run.

Reading

Career

The Curse of the Senior Software Engineer – Dmitry Kudryavtsev – This post resonated with me. I faced the same issue once my wife and I decided to move when my stepson graduated high school. (Can I speak more about this?)

Gen-Z is shunning college to take up traditional trades like welding and plumbing they say is far more satisfying and which doesn’t incur huge student debt | Daily Mail Online – My advice to my kids has been exactly this: find a trade, take the 2 year degree, then figure out life from there. I loved what my MS in Cybersecurity taught me, but it wasn’t worth the money I’m paying on it.

Industry News and Trends

After 114 days of change, Broadcom CEO acknowledges VMware-related “unease” | Ars Technica – I’ve been reading more Reddit posts and industry forums discussing huge increases in license renewals and poor support. This is mirroring how Broadcom destroyed Symantec during their acquisition. Folks are looking for alternatives like Nutanix, Proxmox, Azure/AWS, etc. What I don’t hear folks talking about is going to Hyper-V.

Microsoft is confident Windows on Arm could finally beat Apple – Microsoft could very well be faster than Apple’s M3, but the UI has a long way to be as clean and functional as macOS.

Introducing Google’s new Arm-based CPU | Google Cloud Blog – Google is rolling out their own custom silicon to support their own cloud and AI initiatives.

Mac Tips

Disk Utility now has full features for managing snapshots – The Eclectic Light Company – I discovered this neat feature only after reformatting my full backup drive.

Police warn of thieves using wifi-jamming tech to disarm cameras, alarms | KTLA – I feel like this is old news considering how many security cameras are wireless. Running CAT5 isn’t that hard or expensive, and it’s well worth the extra expense.

Health

A diet high in ultra-processed food is linked to a greater risk of many diseases : Shots – Health News : NPR – I’m not surprised by the findings here. The food industry has moved to faster, cheaper ingredients at the expense of consumers health.

From the strange files

Mysterious Drones Swarmed Langley AFB For Weeks | The War Zone – What’s happening here?