Dear Users... (A thread for Sysadmin, Technical Support, and Help Desk people)

Status
Not open for further replies.
So, last night I got a work email at home that said my email had been hacked, locked, and archived and that if I wanted access again I had to pay $300 in bitcoin to some account. As usual with such emails, I figured it was my company testing me to ensure I didn't click on such things. I checked my email, everything worked fine, so I figured it was an internal security test that if I didn't report I would have to take a security course. But, I couldn't report the email from home, so I decided to report it when I got to the office today.

I get to the office, and my computer had been restarted because of the normal Wednesday night updates my company does. Turning it on, Outlook would not start. I tried a few times, no soap. So, I bit the bullet and created a ticket noting the Outlook error message, the fact that I received the email mentioned above, and coincidentally was told my password was expiring in 3 days. I tend to provide any and all information, whether it applies or not, as who knows what may be the key element.

The tech guy comes to my desk and starts vexing that the email meant that the entire company may be compromised. He was unable to even get to the outlook account nor the settings. I suggested uninstalling outlook and re-installing, which he agreed was the next step. While he was doing that, I went home to get my personal computer so I could work.

I got back, and he was able to uninstall and re-install Outlook, and connect it to my account, no problem. He was still worried about the email claiming bad stuff. He reported the email via the appropriate button and sure enough it was a fake one the company was testing me with. Big sigh of relief by the tech guy.

Unfortunately, he had notified his management of the possible security breech. It moved up the management chain pretty quickly, and I received several emails through out the day describing actions taken for this non-issue.

If only the security team had notified the support team that they were doing this test, it would have saved a lot of sweat and angst all around.
 
The Greater Fool said:
So, last night I got a work email at home that said my email had been hacked, locked, and archived and that if I wanted access again I had to pay $300 in bitcoin to some account. As usual with such emails, I figured it was my company testing me to ensure I didn't click on such things. I checked my email, everything worked fine, so I figured it was an internal security test that if I didn't report I would have to take a security course. But, I couldn't report the email from home, so I decided to report it when I got to the office today.

I get to the office, and my computer had been restarted because of the normal Wednesday night updates my company does. Turning it on, Outlook would not start. I tried a few times, no soap. So, I bit the bullet and created a ticket noting the Outlook error message, the fact that I received the email mentioned above, and coincidentally was told my password was expiring in 3 days. I tend to provide any and all information, whether it applies or not, as who knows what may be the key element.

The tech guy comes to my desk and starts vexing that the email meant that the entire company may be compromised. He was unable to even get to the outlook account nor the settings. I suggested uninstalling outlook and re-installing, which he agreed was the next step. While he was doing that, I went home to get my personal computer so I could work.

I got back, and he was able to uninstall and re-install Outlook, and connect it to my account, no problem. He was still worried about the email claiming bad stuff. He reported the email via the appropriate button and sure enough it was a fake one the company was testing me with. Big sigh of relief by the tech guy.

Unfortunately, he had notified his management of the possible security breech. It moved up the management chain pretty quickly, and I received several emails through out the day describing actions taken for this non-issue.

If only the security team had notified the support team that they were doing this test, it would have saved a lot of sweat and angst all around.
Click to expand...
Damn! Nearly got $300 off you!
 
Co-Worker: sometimes AWS tools are just awesome. Cloudwatch monitoring :)
Me: I have AnxiousUser (tm) monitoring. It's instantaneous, yet shrill.



I mostly kid, but there have been many times that the users beat the alerts. They are on it 24x7 and freak out at the slightest little hiccup.
 
Faydra said:
Co-Worker: sometimes AWS tools are just awesome. Cloudwatch monitoring :)
Me: I have AnxiousUser (tm) monitoring. It's instantaneous, yet shrill.



I mostly kid, but there have been many times that the users beat the alerts. They are on it 24x7 and freak out at the slightest little hiccup.
Click to expand...

Yep. I once worked on a business-critical service, where the goal was to detect and alert on early indicators, before anything rose to the level of being noticed by a user. But that was a very very mature system, with a lot of functionality for making that feasible.

One advantage to AU monitoring is that I get to say, "if this were a problem with my service, my phone would be blowing up right now. Clear your cache and try again."
 
theprestige said:
Yep. I once worked on a business-critical service, where the goal was to detect and alert on early indicators, before anything rose to the level of being noticed by a user. But that was a very very mature system, with a lot of functionality for making that feasible.

One advantage to AU monitoring is that I get to say, "if this were a problem with my service, my phone would be blowing up right now. Clear your cache and try again."
Click to expand...

I have said these exact words many times. :)
 
Faydra said:
I have said these exact words many times. :)
Click to expand...

Hehe, been there.

"No, I can see other users successfully making an SSO connection. If you are the only one not able to log in, it's not likely to be a problem on my SSO server."

And, of course, during the time it takes me to get them to stop arguing on the phone that I'm wrong, I can open the event log and see where they typed in the wrong username, or the "invalid password" event in my log.
 
theprestige said:
One advantage to AU monitoring is that I get to say, "if this were a problem with my service, my phone would be blowing up right now. Clear your cache and try again."
Click to expand...


The opposite scenario being when you get a call from a tech with an actual edge case problem. "Before you go into "if this were a problem", I'm also a tech and I have tried everything. We have an edge case here. You should go freshen up your coffee."
 
arthwollipot said:
Just lots of calls. RAS is down until Wednesday, which has made some people unhappy. But for some reason all passwords were expired and had to be reset at login. It's a straightforward process, but of course a lot of people had problems with it.

It's just one of those tiring times where you don't get a break.
Click to expand...
Hey, remember this? This was three months ago. Guess what our password expiry cycle is! Guess what kind of calls we've been inundated with today!

The fun never ends!
 
arthwollipot said:
Hey, remember this? This was three months ago. Guess what our password expiry cycle is! Guess what kind of calls we've been inundated with today!

The fun never ends!
Click to expand...
I'm sorry you have to put up with this. You have idiots running your security team. Security research concluded a long time ago that periodic forced password resets decrease security. I'm all for expiring passwords on accounts that haven't been used in three months, but forcing everyone in an organization to change their password four times a year is just stupid.
 
"Give me access to your project in Jira."

Translation:

"Give me access to somebody else's project in Confluence."

Double irony: He made the request via an item added to my project in Jira. He already had exactly what he asked for.
 
Blue Mountain said:
I'm sorry you have to put up with this. You have idiots running your security team. Security research concluded a long time ago that periodic forced password resets decrease security. I'm all for expiring passwords on accounts that haven't been used in three months, but forcing everyone in an organization to change their password four times a year is just stupid.
Click to expand...

Yeah, but it takes time for that to translate to policy.

Current security standards (i.e.-HiTRUST) require changes every 90 days, 60 for privileged accounts.
 
Blue Mountain said:
I'm sorry you have to put up with this. You have idiots running your security team. Security research concluded a long time ago that periodic forced password resets decrease security. I'm all for expiring passwords on accounts that haven't been used in three months, but forcing everyone in an organization to change their password four times a year is just stupid.
Click to expand...

A colleague told me that they had such rules for one of his previous employers. IT also continuously ran a password cracker on all the accounts and in the end realised that.

None of the engineers' passwords were cracked, but several of the managers were.

The management at that particular British multinational were dinosaurs. One in the late 1990's had his secretary log in for him, and when she was made redundant, he asked for his password. It was "bastard".
 
Blue Mountain said:
I'm sorry you have to put up with this. You have idiots running your security team. Security research concluded a long time ago that periodic forced password resets decrease security. I'm all for expiring passwords on accounts that haven't been used in three months, but forcing everyone in an organization to change their password four times a year is just stupid.
Click to expand...
Government is very slow to react.

In other news, my TL has now instructed me to recommend the self-service password reset facility to everyone who calls for a password reset.
 
alfaniner said:
"Can't you just do it since I've got you on the phone???"
Click to expand...
*smile sweetly voice* Actually, there's a backlog of password resets to do just now. So you can wait 30 minutes or more on the line until I get to your password, or you can do it yourself in about 30 seconds with the self-service portal. What would you like?
 
Norman Alexander said:
*smile sweetly voice* Actually, there's a backlog of password resets to do just now. So you can wait 30 minutes or more on the line until I get to your password, or you can do it yourself in about 30 seconds with the self-service portal. What would you like?
Click to expand...
The problem with that is that they have to pre-register for the password reset portal by selecting security questions and answers. Name of first pet, street where you grew up, etc. And for that you have to be already logged on.
 
arthwollipot said:
The problem with that is that they have to pre-register for the password reset portal by selecting security questions and answers. Name of first pet, street where you grew up, etc. And for that you have to be already logged on.
Click to expand...

I often have that problem with one of the Microsoft logins. I have to login with my old password to send an email with my "reset forgotten password" code.
 
Our HR department has basically given up on even the slightest bit of prepping people to start working. Orientation is just about getting people to watch the welcome video, sign the right forms, and off you go. The fact that new employees spend the next 3 days fumbling about stuff that could have been addressed in 15 minutes in orientation isn't their problem.

And those are full time employees. Contractors and interns get no actual orientation.

But hey, my time isn't valuable or anything. I love fumbling with people trying to explain they have to update their domain password when they log in or that it is different from the company software platform.
 
Just got a bit of a funny one. Made me laugh, a little.

The caller was helping a person get access to their (the caller's) network drive. The drive was one that was based on the organisational structure, so all members of the team should have access to it. Ah, but this was a person from another team who was doing a cross-team collaboration. So they needed to access another team's network drive and they were trying to use the wrong form.

The form is literally titled "Access Another Teams Network Drive" and it's the very top form listed in the Forms Catalogue.
 
Status
Not open for further replies.

Back
Top Bottom