Who Destroyed Three Mile Island? makes a compelling argument as to why organizations should focus on the systemic causes behind major failures, rather than just assigning blame. In this fascinating talk, Nickolas Means offers specific examples from the famous nuclear disaster that illustrate why the perspectives of key players must be examined if we want to make our teams stronger and avoid future problems. A valuable lesson that can help build truly strategic leadership skills for any IT manager!
Microsoft and Apple Working Together to Improve Exchange Online Security
Microsoft has been working for some time with several partners to come up with ways to smoothly transition users from Basic authentication to something more secure: OAuth 2.0-based authentication, or ‘Modern authentication.’ Recently, Microsoft announced that they were working with Apple to help users of their Mail app switch from Basic auth to Modern auth. Read more: Microsoft and Apple Working Together to Improve Exchange Online Security
Microsoft Reveals Cause Behind This Week’s Microsoft 365 Outage
Microsoft has revealed that this week’s Microsoft 365 worldwide outage was caused by an infrastructure power outage that led to traffic management servicing failovers in multiple regions. Starting on Monday, June 20, at 11:00 PM UTC, customers began experiencing and reporting several issues while trying to access and use Microsoft 365 services. Read more: Microsoft reveals cause behind this week’s Microsoft 365 outage
Microsoft 365: Top Customer-Asked Capabilities Available for Servicing Profiles
Microsoft recently announced the general availability of some all-new Servicing profiles capabilities. Their customers spoke, and MSFT listened. Based on input from admins from around the world, Microsoft added and extended controls for Servicing profiles. The overall goal remains unchanged: Provide a modern and easy way to manage your Microsoft 365 Apps updates. Read more: Top customer-asked capabilities now available for Servicing profiles
PWN2BTC: A smart contract & crypto hardware exploitation competition on June 7th, as a part of Off The Chain. If you pwn it, you keep the crypto.
LocoMocoSec: Registration costs increase after June 7th, so get your tickets soon! If you do, I’ll see you June 27-30 in Honolulu 😎.
ROOTCON: CFP open until July 25, conference September 28-30 in Manila.
The Art of Command Line offers a concise set of helpful notes and tips for using the command-line in Linux. The guide is intended for all skill levels, covering topics that range from basic to advanced—including some rather obscure hints that are nonetheless valuable. Adds, “…as many of us are constrained to windows environments in many scenarios (dang msft shops), this is a neat read to remind yourself of things, learn a few new things, etc.”
Top 10 Microsoft Graph PowerShell Cmdlets for Office 365 Admins is a nice tutorial on how to perform your O365 reporting with PowerShell cmdlets. Includes instructions on how to generate reports on users, licenses and groups; plus how to export Microsoft 365 Reports to a CSV and view in Grid View.
BurningIceTech YouTube Channel offers some great training courses on Microsoft products as well as a few featuring other vendors. Some courses are designed to help you pass an associated international certification exam, while others are aimed at general knowledge or troubleshooting. The material is presented by an internationally certified training pro with more than a decade of experience.
System for patch-cable labeling:
Use “a date-sequence number, like yyyymmdd-xxxx, where xxxx is a zero-padded sequential number. If new patches [are] added, [you don’t] need to try to figure out the last used number, as any day would start at 0001. You’re databasing the patches, so all you need is a unique id for the patch.”
Some perspective on interviewing candidates to avoid screening out good people:
“[M]ost people don’t interview well. It’s just not something they do much, and they’ve never learned how to do it. So if you hit them with vague questions, they’ll fall apart. Add to that: most people want the job. In some cases, they really NEED the job. That ratchets up the stress level.
I gave up asking bare technical questions. I just talk to them. And while doing so, I’m able to embed technical questions. Within a few minutes, I can tell what the person knows and also find out a lot of other things that simple technical questions won’t reveal.”
Bash Redirections Cheat Sheet is a convenient, one-page resource to help jog your memory for occasions when you’re working with redirections in bash. There’s also a nice companion blog post on the topic here. Explains, “If you do use Linux/Cygwin/WSL/whatever command line, [this] is a really valuable guide to redirection.”
BatteryInfoView is a utility for displaying all the essential information about a battery’s health and specs on laptops and netbook computers. Details include manufacturing info, charge status, capacity, voltage and more. Also provides a log window that can track battery status on whatever time interval you like.
Tmuxinator allows you to more-easily manage your tmux sessions using a single command. Explains, “without it, tmux is pretty much the same as screen for me… pseudo example: ‘tmuxinator clients’ would open a tiled window with 16 windows with ssh to 16 clients and sync input after login.”
paping is a cross-platform tool for TCP port testing that emulates the function of ping for cases when ICMP has been blocked. Allows you to repeatedly scan the same ports to determine if a service is responding. Calls it an “invaluable TCP port ping tool for Windows platforms.”
DNSQuerySniffer is a network sniffer utility that shows all the DNS queries being sent on your system. Displays: host name, port number, query ID, request type (A, AAAA, NS, MX, and so on), request time, response time, duration, response code, number of records, and content of the returned DNS record. Useful “to see who is still using the DNS server I’m trying to decommission.”
PrivateBin is an open-source online pastebin for absolute data privacy. Encryption/decryption occurs in the browser using 256bit AES in Galois Counter mode, so the server never has access to any of your data. Adds: “Requires hosting on something, but free open-source paste bin for sharing secure credentials, one-time burn after reading links, etc.”
WSL gives you the ability to integrate Linux tools like Bash or Grep within Windows tools like PowerShell or Visual Studio Code—without the need to dual-boot. Explains, “I use this for SSH instead of putty+pageant along with Ansible. It’s a much better experience. Plus, it’s nice having a quick and easy bash console sometimes.”
Uyuni (@UyuniProject) is an open-source solution designed to facilitate automated deployment and infrastructure management for those tasked with managing hundreds or even thousands of Linux machines. Adds, “It’s a fork of Redhat’s Spacewalk but fully up to date. Also known as suse manager, but supports many more distros.”
Microsoft Security Compliance Toolkit 1.0 is a set of tools to download, analyze, test, edit and store the recommended security config baselines for MS products as well as comparing them against other configurations. It can “export and import local group policy to human readable files.”
Appwrite is an end-to-end backend server that makes it easier to build a modern backend API from scratch as well as making it faster to build secure apps. Explains, “It’s a general purpose backend tool with a feature set comparable to Google’s Firebase, plus it’s self-hosted and open-source. If you’re building web apps, there’s probably something useful in Appwrite for you to use (you can disable unwanted services). You can do authentication, OAuth, user management, file storage, cloud functions, database, and a load of other features… It’s useful if you want to build and host your own web/mobile apps and own your own deployments and data. I use it personally for building Discord bots, ‘cause I don’t want people snooping my chat data.”
PoolMon can help you determine if you have a kernel-mode memory leak by monitoring the pool memory usage by pool tag name. Explains that it’s “from the Windows SDK/WDK package. [It’s] great for identifying memory leaks in programs!”
Jupyter Notebook is a simple, streamlined web app for creating and sharing computational documents, with support for over 40 programming languages. Help work through python for those of us that are inexperienced.
changedetection.io is a simple, self-hosted website change detection and notification service. This open-source tool is designed as a simpler alternative to Visualping or Watchtower that alerts you to any text changes on the monitored web pages. Kindly shared by the dev, dgtlmoon123.