Through John Gruber’s article at Daring Fireball, Gift Card database, an Australian website that tracks, well, gift cards has a fantastic guide to spotting when a physical gift card may have been tampered with. This is a rising problem where scammers tamper with a physical gift card in a store so that it is activated when you purchase the card but you are unable to redeem the money loaded onto the card, leaving them able to do so at their leisure.
this is the enshittification that Cory @doctorow@marmot.fr writes about. My partner has a Zettle terminal that was used maybe twice then put away for some time. Upon going back to it, it gives a code 02 error which indicates tampering…which I’m certain hasn’t happened unless the Cat knows more than she’s admitting. I have managed to get around this tamper lock by plugging an ‘unofficial’ usb C lead in, doing a factory reset, and avoiding the physical power-off button.
There’s a long thread on Edugeek about pay and conditions for IT staff in UK education.
I quit edu work about 6 years ago and my current employer in the private sector pays much better but is also much more respectful of its staff than anything I’ve ever seen in UK edu.
We’re seeing more and more private data being stored by schools who need to know about students and parents. We’re seeing more attacks on IT infrastructure, and we’re seeing the people protecting the security and integrity of children’s education and privacy being undermined. This can’t go on.
Anyone ordered a Mac Mini yet? I’ve not got a use for one, but I’m intrigued. I can live with the power button being on the bottom. @gruber@mastodon.social makes an interesting point about the Apple Mouse charge socket being on its bottom; you might not agree with Apple but these are design choices, not design mistakes.
I have recently been working on my professional development and was delighted to be awarded the status of Chartered Information Technology Professional (CITP) from the British Computer Society last year. Why does this matter? Chartered status can only be granted by organisations which have received a Royal Charter to make these awards and Chartered status should be equivilent across different professional fields, so CITP status is considered equal to other professional awards such as Chartered Engineer or Chartered Surveyor.
👋 Not written anything about my techie noodling 👩💻👨💻💻in ages, but busy migrating to micro.blog from Wordpress.
it’s been interesting to say the least. The Wordpress implosion, which I’m not qualified to write about, got me thinking about the why, if and how of blogs in 2024. Micro.blog turned out to be very easy to migrate to, and has some neat features. So yeah. I should redirect my domain name soon so let’s see how that goes. I might then write about the migration process and why micro.blog.
I’m going to continue my recent look at securing your Office 365/Azure AD directory with a quick dive into using Conditional Access rules to protect your directory’s most prized asset - accounts with admin roles. These are roles that can be used to accomplish admin tasks within your organisation’s Office 365/Azure AD and Azure estate and they are important because they are essentially the keys to the kingdom. While you should be looking to secure all your accounts because all your users probably have access to sensitive information, systems or services; admin accounts are the accounts that give their user access to your entire estate in one or two leaps.
As the pace of attacks continues against companies who use online services, major IAM providers such as Microsoft and Okta are looking for ways to improve theirs and your security game. I was fortunate enough to attend the 2019 Okta forum in London and one of the drums Okta beat throughout the entire presentation was Passwordless Authentication. Microsoft are also recommending this as a major improvement to Office 365/Azure security even on top of MFA.
I suspect most of you reading this article will already know this, but part of Microsoft’s Azure AD (AAD) / Office 365 Cloud directory service that you get when you pay for premium AAD is Conditional Access (CA), which can be used to allow quite sophisticated access controls for accessing Office 365 resources. Of course, you get basic Office 365 MFA with the basic Office 365 enterprise product, and you should absolutely look into enrolling your users and turning this on straight away if that is what you have.
Has this ever happened to you? You're using Teams like normal and one day it doesn't start. No reason, just the usual Teams error that tells you nothing. You try the usual workarounds (Mark Vale's write-up on cleaning the Teams Cache is invaluable) but nothing helps. So back to that error that doesn't tell you anything. Teams being helpful Or maybe it does tell you something. The error code in the bottom left corner: CAA70007.
Introduction When talking about how Intune works with a colleague, I likened assembling a working Intune configuration to protect corporate devices and data to working with small pieces of Lego to build a house. The reason for this comparison is that a managed Intune environment is built up of lots of different components that can all be slotted together - or left out - to build the environment you want.
Introduction to Microsoft Mobile Device Management I'm currently settling in to a new job where I'm spending a fair amount of time working with Microsoft's Mobile security management tools, mostly Microsoft Intune. This is largely what I was doing towards the end of my old job too, and while there's some great people writing great material out there, I think there's a lack of articles that try to start at the beginning with current (as of April 2019) tools and pull all the strands together, so that's what we're going to talk about here.
I talked previously about using Chocolatey for home use. It makes building a PC at home nice, simple and fast. It makes supporting non-technical friends and family nice and easy, ensuring you can build their computers how they want and keep them up-to-date with just a few simple commands (that can even be put in the scheduler, so neither you or they have to worry about them). We’ve recently just completed a Windows 10 rollout at my college.
Introduction So I think a lot of us take backups for granted. It's one of those things you look at once and then tend to not worry about too much. As long as its working, why worry? Except… if you don’t look at it, how do you know how well its working? I’m talking from the viewpoint of a senior engineer or manager here of course, hopefully if you’re a junior engineer who has been put in charge of backups you’re making sure that the current system works well and telling people about any concerns you might have.
IntroductionOne of the new features in Windows 10 1803 is the ability for "local Active Directory" Domain joined workstations to allow users to reset their password from the login screen. This was introduced for Azure Active Directory joined systems in Windows 10 1709. In this post I’m quickly going to run through what you need to do in order to configure this for your domain. I’m making the following assumptions:
Finally. Finishing up after Part 1 and Part 2, this is the end of my updated thoughts on an old Server Fault post with some final thoughts on reducing risks in the future. Reducing the risk in the future. The first thing you need to understand is that security is a process that you have to apply throughout the entire life-cycle of designing, deploying and maintaining an Internet-facing system, not something you can slap a few layers over your code afterwards like cheap paint.
Following on from Part 1 of my revision of an old Server Fault post, we will continue on to look at remediation after an intrusion. (Part 3 available here) Understand the problem fully: Do NOT put the affected systems back online until this stage is fully complete, unless you want to be the person whose post was the tipping point for me actually deciding to write this article. I'm not going to link to that post so that people can get a cheap laugh, but the real tragedy is when people fail to learn from their mistakes.
Introduction In this series of posts I’m revisiting an answer to a question that appeared on Server Fault way back in 2011. I’m pleased to say that it’s been viewed over 100,000 times, and I like to think its helped a few of them. But it’s time to look again. Since I wrote that post, there have been some huge intrusions, such as the well known Ashely Madison, Anthem Medical Data and JP Morgan breaches that affected millions of people.
One of the things that I’ve always been interested in is automation, and being able to reproduce a ‘known state’ reliably and consistently. This applies at work when building servers or workstations thanks to tools like SCCM and Fog, and should be in your grasp at home or in even the smallest office, thanks to Chocolatey. Not to make a fine point of it, between my last post and this one I’ve rebuilt my PC, installing windows from scratch and all my applications, prepared breakfast for my partner and myself, started some laundry, and dealt with the cat pulling the net curtains down in my study.
I’m currently reading /r/sysadmin on reddit at the moment, specifically this post from someone ranting that a user complain that “malware spam e-mail” went to their mail client’s spam folder. While this is classed as a rant on the site and not intended as deep analysis of a problem, their entire comment on this was: What the hell? This is exactly what it should have done! I'm really not sure what to say to this, or to the responses that suggest telling the "