Saturday, September 26, 2015

Password Reuse

 on  with No comments 
In ,  
I listen to a lot of MLB Network on XM Radio during my drive to and from work each day. So one of the big stories that I've heard a lot about recently is the case of St. Louis Cardinal personnel hacking into a database owned by the Houston Astros, allowing them to see proprietary data about player evaluations, amateur draft strategy, and potential trades with other teams. In other words, the keys to the Astros kingdom. At first it sounded like a front office person moved from Houston to St. Louis and continued to use their login credentials that had not been disabled. So like every time I see someone's Facebook status changed to "HA HA I Hacked Your Facebook!" my initial reaction was WTF? that's not hacking.

However, what really happened is that Jeff Luhnow left St. Louis for Houston, taking a number of staffers with him. Not long after arriving in Houston, the database in question (known internally as Ground Control) was built, which looked suspiciously like one in use in St. Louis (known as Redbird). Enough so that Correa did not believe it was coincidental. So the story goes that Chris Correa, who was the scouting director at the time of his termination (however it's not clear exactly what position he held during the time of these events) became suspicious of this new Astros database and wanted to investigate further. Using a master list of passwords left behind by Luhnow and the others who left, Correa and others were able to gain access to the Astros network.

Correa just recently plead guilty to five counts of unauthorized access to computer information, each charge carrying a maximum penalty of five years imprisonment and a $250,000 fine. Despite the light amount of access he plead guilty to, some reports are saying that Correa and/or other Cardinals front office staff were in the Astros database repeatedly for well over a year and saw pretty much everything.

So what's the point of all of this. Simple, good password security could have prevented this whole thing. The personnel who moved over to the Astros reused passwords, knowing that they were on a list given to the Cardinals when they left. Don't reuse passwords. Don't reuse passwords ESPECIALLY if someone has a list of your previously used passwords, which probably shows you have a history of password reuse. Me personally, I like to let Keepass generate good 15 - 20 character passwords for me (upper case, lower case, numbers, symbols, all random) and then I just need to remember the password to the computer, the password to my dropbox account where the keepass file is, and the password to the keepass file. There's even Keepass apps for Android and iOS.

Note: After rereading this post, I feel like it looks a bit like a paid advertisement for XM radio and/or Keepass. That is not the case, really.
Share:

Tuesday, September 15, 2015

Empty the Kaseya Email Queue

 on  with No comments 
In ,  
One of the problems I've seen with Kaseya is that when it is offline or loses it's network connectivity for a significant amount of time, it will assume that every machine with an agent is offline rather than it being the one that was offline. Depending on your configuration, this could result in dozens, or hundreds of emails being sent out once connectivity has been restored. This used to be easily solved by deleting the contents of a single folder on the Kaseya server, but it's not quite that simple any more. Here's what you can do. It's unsupported by Kaseya, but its worked fine for me a number of times.

First you'll need to open up SQL Server Management Studio on the server that hosts the ksubscribers database. Once this is up and you've logged into your database instance, on the left side of the screen, highlight the ksubscribers database and then press the button for "New Query" along the top. Enter these two lines into the query window that comes up, and then press "Execute."

TRUNCATE TABLE emailstatus;
DELETE FROM email;



It'll run for a few minutes, depending on the size of your database, and then that's it. Ideally you should run this before starting up the Kaseya core services to avoid any emails going out, but the sooner you can run it, the fewer emails there will be. Remember, Kaseya doesn't send them all out in one big bulk operation, it sends them in batches.
Share:

Sunday, September 6, 2015

White Noise

 on  with No comments 
In ,  

Today I started reading Kevin Wallace's "Your route to Cisco Career Success," and this passage really struck me.  In Chapter one, while discussing short-term and long-term career goals, he gives this little hint.  "If your creative juices just don't seem to be flowing, a shower might help.  (Seriously!)  I've heard and read different explanations for this phenomenon (everything from a chemical being released in your brain to the white noise created by the water), but whatever the scientific basis, taking a shower does seem to stimulate creative thinking for many people (including me)."
Share: