 All right, welcome to vlog Thursday. Wow. What number was this again? I just got distracted very easily number 233 and Boy, there's a lot to talk about and let me make sure my phone's off as well. There is You know Let me look here. There. I don't even know where to start Because there's so many things. I you know, I did on these Topics of cyber security and it's hard because I was looking through my YouTube and going, okay Here's a row of videos that are all done on cyber security and it seems like I get stuck on it for a little while I actually really enjoy doing things that feel more creative than reporting on and I'm trying to give actual intelligence Not just report on but also talk about you know implementations how to secure things But between Microsoft and Kaseya, they've had a busy July here for cyber security issues and oh Man, it's it's such a big mess such a big mess. What are you gonna do? Let's see. Let's see what we got here. I'm following up on all the comments All right, we are alive cool seeing how many people are here and all that fun stuff The Kaseya hack should we I did a video about it then another video and then more information came out and That one's a pretty big mess. It's gonna take a while to Clean up and I Did I can't share this publicly, but one of my friends did Let me know essentially that the sales vultures are out there and they're down playing everything, of course So took them no time at all to get that engine and gear which yeah, so it's I You know, I think the CEO I get it that he's trying to get ahead of it I'm not trying to throw in a bust for it or anything like that I mean you want to be ahead of it you want to admit it happen But then it's and it's just human nature. Well, someone else had a bigger breach in us, you know things like that is what he said and It's just Yeah, um, they won't be back up till Sunday. I had heard the same thing In a couple different forum posts. I'm not a Kaseya user. So I did not I don't I didn't see that specific notification I don't know if it's public or not, but I heard a couple people say it looks like it won't be until Sunday Before they get systems up and running now a little bit of what happened there though Is that's just because there's so much code that has to be refactored and this is a big Undertaking when you have really old code And you also want it done right the first time you don't want to be in the news because you didn't do it So this is one of those it's better to err on caution and not release it until it's fixed and been tested and tested again Versus, you know releasing it and saying we fixed that one flaw and the reality is when you look at the latest posts out there right now especially from these Dutch organization It's really bad. I mean there is a series of flaws matter of fact. There's still more CVEs coming out of this Which is huge. This is you know, obviously a really big deal and right here. We'll go ahead and share the screen on this the Number of them Is just insane and that's why it's just it's gonna be hard to fix Share But when you look at this, I mean this is a lot there are and all these can't be Dumped fully, but there's a credential leak business logic fall. There is a sequel injection vulnerability a wrong code execution vulnerability There is a cross site scripting vulnerability a 2f I buy 2f a bypass So you can't even say if they would have had 2f a no as a 2f a bypass a local file inclusion vulnerability and an XML external so I mean there's a Lot to patch and part of the timeline is all broke down here on the disclosure so Yeah, that's gonna be just a lot to deal with on there So, thank you Grayson for the donation and it says how's it going? I received a message from PF since you're getting a crash after 2 5 to whoever pf since your report No PHP errors from BC crash data found. There may be just some bugs you had laying around for that I haven't seen that problem. I Did before I update when I was using a release candidate I would get that error, but there wouldn't be anything that went away after I went from release candidate to full So I don't know what's causing that in pf since I Do have the pf sense share screen Configured and loaded. This is the 2 5 to release. So this is up and running right now That probably makes a little bit easier to read. I'm getting better at this whole stream yard thing So I can share things on there One unfortunate thing that I mean, it's unfortunate, but there's not it's just FYI if you held off on even going to any of the 2 5 series if Well, I should say the 2 5 1 and we're waiting for 2 5 2 You do lose from 2.5 0 to 2.5 2 any Wireguard tunnels you have configured the reason you lose them is because when they changed it from being natively built in to Activated via a external package. There's not an easy way to get the configuration over because it's gone through a lot of Changes in a way it was implemented So sorry about that and hopefully not too many people were building that many where it tells us pretty new so I don't I mean There's gonna be some people who were but it really wasn't a business use case for us It was cool that it came sad that it went away Happy that it came back and that's where it's at 2 5 2 does have the still experimental where guard package It's still labeled as experimental, but nonetheless. It's still Is available and testing and updates are coming as fast as possible on this So that's actually pretty exciting. There's been a lot of work on the project. So yes wire guard is back So here you go where you can configure it, but yeah, there's not any way to instantly get your wire guard Settings on it, but then again, you know as people state this the idea of wire guard is that it's a simpler System therefore you should be able to Rebuild it relatively quickly. It's not as complicated as some of the other ones set up So I think they've done a nice job on this too the way they tie everything together the way they keep like even the settings here So we can Do a couple those little things that people were talking about a track system restore interval the Endpoint host name resolve that was actually kind of a cool little feature in there. Well tonight you want to hide the secrets I know people like that and then just from this standpoint here when you go to edit these Being able to jump right to the interface assignments interface groups when you're doing it. I'm gonna be Doing some more videos now that it's it's pretty much I'm gonna say interface stable But gonna get some more back-end updates So I'll probably be able to do a video on it because I don't think there's gonna be any Dramatic sweeping changes to the interface so I can go do some videos on that. So that's gonna be good So Yeah, the there's been a lot of nice quality of life improvements I you know it this is something I like when things are a web interface So right here is the assignment to the wire guard interface Well, that means we can make it a link back over to the interfaces it just saves you a click but saves you a click means something because Sometimes you get click fatigue after spending a long time clicking through things. So hey, why not? You know it takes you right to where you need to be and if you're not someone like myself who spends a lot of time doing firewall work you end up with a Looking for it too often going where was that other function at where was this at? So it's really nice that they added all that back in there. So that's definitely been some happy stuff here Let me pull up the full list though So pf cents 2.5 to change log two point 5.2 There we go damn it It's in the wrong window There we go. That's in the right window But they have a lot of changes they went through. That's why I'm gonna do a video on this. I'll do it fairly soon I just have a lot of things been going on lately actual tech work I've had to do and stuff like that the List of things in here is pretty solid though Just a lot of little bug fixes that were in here. There's they're annoying But it's good that they're getting to all of them. There's so many of them in there But the really big one and I got to find it on reddit so I can Share the link because I noted it on reddit been on reddit a lot more lately when there's security issues. I'm usually Hunter straight up. Yeah Where'd it go? Oh, there we go the edit post but right here One of the things is the port forward ran function, so that's this function right here And where did they put that note that would know it would be right here. There we go Part for rules only function through the default gateway interface reply to does not work on multi-wan So this has been fixed I know this was one of the issues that a lot of people had asked about was this particular methodology of handling this for Port forward replies on that so that has been resolved. That is something It was harder to fix than I think people realized That's one of the reasons it took a long time to do but definitely excited that they have that resolved I know that's one of those things that It's it was a buggy issue for a while And I know a lot of people were upset by that and it was probably one of the biggest reasons that people were holding off on The updates that break that so such as life that is fixed now. That's that's the good news Other than that, there's a lot of little minor things in here that updated open VPN and the kernel modules One of them is Fix uncoated variable. We not that one. Where's that? That's operating system Nat traffic this one right here Make it a little bigger the This one caused it says fixed harmless error when enabling traffic shaper. I think I know which error I think it said it's flow set busy It doesn't cause a problem, but it does cause a lot of people saying there's a problem and Is that what it says? Okay, that's a different one must not be the flow set busy one or maybe it I've seen it where it says something along the lines of flow set busy So hey, whatever they fix that so that's good Fixed ambiguous text in web interface. Yeah, that's an issue What else was in here? Ignore wire guard configurations under install package. Yes, that's that part of that package change I was saying for your not being able to pull that in there. I Get the flow set busy and I've seen it. It doesn't I get it I wish there were no errors in the log that didn't have actual meaning but sometimes logs have errors that don't have actual meaning and You report them you hope Someone fixes it but one of the challenges is one those errors are of the category harmless It ends up being just that like because it's harmless It's hard to get someone really on it because they're focusing on fixing the not harmless ones first It does that's just the nature of it then the not harmless definitely get a lot more attention than the harmless. So definitely one of those things there And I'm trying to figure out if I can share this Can I drag this somewhere that I can share it Info sec Twitter has been extremely helpful over the last few days trying to sort these Messes out I guess let me find it I'll just share the tweet actually so the Microsoft's inability to properly manage that printer update has been Ridiculous, I don't even know what to say about it like it's it's been a debacle. I used to the video on it It's been such a debacle Where is it at and also someone wanted to argue with me online because you know, it's the internet and And Where is that one tweet that was really on point There we go found it. You can do that Yeah, right here except it doesn't work. This was the challenge. So Microsoft. Yes, they did Patch the printer nightmare, but they didn't it didn't work. Ah, it's one of those things like It's uh, you know a small detail probably your your patch should work, but I'm I'm very agitated overall with the entirety of Microsoft's bungling of this and it's just like from the release They didn't really listen to the original threat researcher who sent it to him I get mistakes are made and that's fine They but it's like one mistake led to another mistake led to here We are in July still not having a fully patched system and one of the things I had done was may find the Other right up I have for this because I posted in that video, but it's worth mentioning here, too It really took other people other security researchers putting together Really more concise information and I have this in that same printer video This is your flowchart of whether or not you're safe from this printing nightmare I'm like if only Microsoft had a flowchart software They could have done this with to help let us know if we're vulnerable or not and I make jokes at it But this is a very serious thing on the other side of it because this is what my company does We have to secure our clients. How do we know if our clients are secure if we just you know And we don't do just blind patching. We don't just say oh we patched it I try to keep us on top of current security issues current security issues absolutely include things like printer problems and This is where Microsoft makes this a really big task for us because it's not just patching the printer problem it's patching it and trying to figure out if it worked right and You know, this is one of the reasons you kind of should have if you work at it And it's it's hard to do but it's part of the job in my opinion is having one foot in the security door following people in info sec Twitter Understanding it taking the time to go what are the implementations of the things going on around us and especially You know when we think we patch something we have a lot of clients that are running terminal servers with remote users locking in I don't want to make any assumption that just because we fixed a printer problem that it's fixed so, you know, you keep up with it and you read and It's just yeah, it's hard I Love the idea around not using printers. I mean I'm thrilled with that I'm just also living in the real world where we have clients that use printers Sorry Long day. I know we'll be awning. I know it's only um 430 my time Yeah patch but at least checked before tell clients it sorted. Yes, that is a Definite part of it. It's also it's kind of the flow of information is hard And one of the reasons I spend time because I'm at least doing a lot of this research That's why I also give back to the community by sharing it out in a video and letting people know that this is a broken aspect We're dealing with Don't make the assumption you're safe and everything's happy because it's not there are still more things. So Do you have a site where I can test if we'll win 10 is still vulnerable There's not a site you can test on you just kind of have to load a windows 10 and learn how the Vulnerability works and then test it. So that's there's not really I mean, I don't have a site for it We we do our own well we either do our own internal testing or we have friends in the security community That will let us know things by the way all the links in that video the video I just posted before this about the printing problems I listed all the Twitter sources by the way, those are all great people to follow on Twitter who talk about security. So They're it's kind of a strange thing that one of the best sources sometimes is directly from the infosec people because they tweet a lot and they will tweet their findings to kind of gain support or understanding and Communicate with other people and as we jokingly call it's just infosec Twitter Which sometimes infosec Twitter alone will blow up over dumb things, but that's okay. That's part of it. So At least You can if you spend any if you watch my other video the people in there have posted their proof of concept code They even posted different windows tools and I think Mimi cash You can find the printer nightmare Python code pretty easily It's not it's not that much of a secret. So it can be tested It's not been automated it's been automated to an extent, but not that much so Enough that you can if you're good enough with it, you can do it. So yeah, keeping it unplugged will keep it secure, but yeah Do you think a foster boat manager software will become a thing I don't know I think it's really difficult and the problem is And I've already seen this so bitwarden is I don't know how this if I don't know personally any money things about bitwarden But what I'm seeing is and this is kind of an annoying thing bitwarden builds bitwarden and Offers Docker images so you can self-host it so they have you know the whole build pipeline Automated to make it easy for people to self-host the product people don't want to pay license fees to bitwarden because they're like Oh my god, it's open source, but they charge a license fee for giving me the build pipeline So they forked it in a small other group of maintainers Takes from the code that comes upstream from bitwarden and puts it into a separate product that doesn't have licenses attached to it But still relies on the front-end interface of like the plug-ins for bitwarden to work because they made it You know compatible because it's a fork. So Here's where that problem comes in at some point if not enough people subscribe to a service like bitwarden You then end up with bitwarden not being able to fund the development and pay the hundred thousand plus dollars It takes to go through code reviews of which they do regular code audits and reviews so here's the challenge in If you want to build a product to make it fully open source, which I'm a big fan of You really have to figure out how the support model is going to work around it because if someone just forks it because you suck a License in there and the same thing with a remote tool Who's going to pay for all the engineering and security it takes to build and maintain that tool? That has to be answered and if you don't have a business model put around it Like I've really looked at how do we do a good open source documentation system? And I keep running into some big problems of I looked at how much I mean to really build this right? You could easily spend three or four hundred thousand dollars Okay, and then to maintain it. I need a programmer a security-minded programmer and Now I need a person who makes about a hundred and fifty or two hundred thousand dollars a year And then you need to hire Annually someone else who does this so now we're talking about I want to do an open source Documentation system with a high level of security and very helpful to someone shelling out several hundred thousand dollars a year just to maintain it Provided that we only maintain it with a couple people so How do we how do we build that and? It's it's not easy. It's not that it can't be done. It's just a tricky balance on there. So Yes, so I my goal is to do these things I'm excited about these things like I think they can be done in some ways but I also you know people ask you why I'm using bit warden and not the free one and I'm like Bit warden so inexpensive at how little they want. I really like helping the project upstream So I don't mind doing it But then again, I'm seeing that our project gained a lot of popularity I and I shut down all the people say please do you know give some attention to this other one I'm like, why would I it's a fork bit words already open source that all their code is free So for me to give attention to the competing project that doesn't donate back upstream seems like a non idea I don't know so Yeah, I Mean having enough people to donate back to the code, but will you write a public-facing? Really secure product that becomes very difficult to get enough people to support and fund back to it. So Yeah It's just it's not an easy system to do It's not like there's some one one methodology that makes this easy to get over to doing that And I did bring it up in the video that's included for my just quickly close out on the printer topic Stop print to prevent escalation. That's actually what's shown in that flow chart So Microsoft fix patches an aspect of it, but doesn't flip the registry settings to Getting it to the way it should be so but on the topic of you know open source remote management tools I think Zavix is really cool Zavix is one of the ones that I think could be retrofitted to work with Windows better because obviously windows is what we really have to manage remotely Linux is more suited to easier remote management and easier system changes there is though an open source project out there for Doing I'm not used it, but I'm aware of it for doing Open source remote management monitoring of windows. So it's not that nothing exists for it, but there's not It's not to me. It's not ready for prime time I don't know if I would want to trust my system to it I don't know that it's gone through that thorough of a code review. It's kind of a smaller project at this time Does bit warden work is fluent as last pass and work on Apple devices, I don't know So I don't really know on that. I don't use Apple devices at all. So I can't really answer that question on there I think it works just as good I Think it works just as good as last pass at least when I was last using last pass Which has now been over a year So if last pass works different today than it did a year ago, then I'm now forked myself away from it so far I don't know Good endpoint protection with AI installed don't rely on patches endpoint. It's all layers of security It's not like just patches or just endpoint security It's having everything in place that you could possibly have done within reason to put things in Layered approach. I don't know. It's just build on layers. Hopefully no one gets through every layer of your security So you've got several ways to mitigate your practicing principles of leaf privilege you've hardened the system disabled things you didn't use and Oh, you go, you know, hopefully you don't get hit Hopefully if one of those tools get hit the subsequent other tools will then be a layer of protection Against the hit that came from one of the other tools if it's a tool breach or if it's a, you know rogue Thing that happens on your system there. Oh Let's see What else do we have in here? Make sure I got all the questions answered Has anyone tried VMware or carbon black? I've not a big VMware user. So I haven't but Yeah, that's not not really something I don't know There's I don't know if anyone hears use it. Maybe a few people's popular product. So This is also, you know, we talked about this during the huntress. I was on the huntress panel and There's some pushback some people have for this But one of the things that's important when you talk about backups I see you know and right here says I see so many companies with bad security under backup servers Your backup server should be an independent server from your main server people tie it in frequently with domain credentials and They also will tie it in, you know single sign-on or whatever they're doing That's not the way to do it. It should be separate separate credentials some way that is Independent of the other systems, especially if you have domain admin credentials That's that's right away when threat actors get in there They go after domain admin credentials once they have that and you've tied domain your domain admin credentials with no Segmentation someone pop the administrator account and the administrator account has permission for the backup servers So they can now destroy your backup servers And then they can do ransomware or whatever the nefarious things threat actors will do when they're inside your network But having the backup server as a separate login separate authentication I think is huge some people like but that means it's hard I have to keep track of a different password just for that device or They don't and they just use the same password Even if they don't ties to the domain they use the same password which of course negates your backups at the same time This backups don't just protect you from catastrophic failures of drives or users deleting files It's supposed to also be a layer of protection and part of your business continuity plan in case a threat actor breaches your network so in Yes It's very important for there Not a good weekend IT print nightmare because say a print nightmare patch crap pretty much that that's uh, that's the too long didn't watch yep And the case is stuff's gonna get some mileage on there and it's I say wake up call And I know that gets thrown around a lot, but it does have other companies Auditing it does have other companies digging in deeper to look at things they got going on It's Just one of those times everyone should stop and reflect all right. How can this happen? How can we prevent this? What do we have to do in a future? I've never used data was a backup solution. We're still using the enable solution for backups We've moved to that for all of our clients because Keeping it in an easy way to handle But I know people use data. They seem happy with it So I have nothing I have no reason to tell you not to use it, but myself. I have not used it. So yeah Let's see What are using to print warranties, I don't we use invoices it for all of our invoicing. Oh, let's see So happy we did not use Kaseya what a flame that one is um I The problem with a lot of these companies is the older companies suffer from Bringing forward all the technical debt of writing code the way they wrote it Kaseya still runs on IIS server and IBC if they're doing everything I believe it's ASP and active server pages not exactly an expert on what they built it on I just know it runs on IIS, but that's old school stuff and that old school Way of doing things was never really thought about from a security standpoint the way things built today are This is an advantage newer companies have so if they were born in the cloud using modern technologies They have a distinct advantage by not having Whatever old code base that this stuff was built on because they know from the ground up provided They follow the right procedures, but there's at least an opportunity to do so when you have a product That's been around for many many years you have years and years ago when it was coded and no one wants to really take the time to Go back and refactor that old code to make it more modern to really do what it takes I'm they need to though. That's where a lot of this problem is so Yes, it's gonna be very Challenging Started working for my first MSP. Thanks for attending your content appreciate all your stuff. That's awesome, Ryan So you're now in the MSP space feeling the pain with the rest of us of trying to keep all these systems passion up to date Casay has a long road where I'm getting the news some stuff back So that one's a fuzzy one crebs it a hit piece and I did tweet it But it's a little bit more this actually the problem is different as what I'm understanding from some security people that commented they did not patch a Vulnerability in their customer portal from 2015 but they were supposed to be not using that customer portal anymore But it was still on so not using it but still got left on meant They didn't patch it because they moved somewhere else and weren't sending people there anymore But it still existed and was still on so someone forgot to shut it down So they were supposed to shut it down instead of patch it but neither happened So I don't know which one's worse, but that's what I heard. It's a rumor I don't have this absolutely confirmed yet either. It's either unpatched to bad or we were supposed to shut it down in bad I'm not sure which bad it is We'll just say it's bad read the Krebs article on that I tweeted it out the Krebs on security article related to let's say Krebs on security it's gonna be his latest one We've craigs updated this one at all. It's maybe always a maybe Maybe there's hope somewhere share Screen There we go to say a left portal vulnerable from 2015 fall off from its software. So Is there any updates in this? They were screenshotting the fact that it was still on and still vulnerable President account management Confirmed the cluster portal was taken offline in response to vulnerability report Sanders said the portal had been retired in 2018 in favor of more modern support and ticketing system Yes, somehow the old site was still left available online. So yep, that's in there So that is I don't know if that was part of the first post or not, but That's the problem Yes, that's just you know, what are you gonna do? What is that other one called so the question came up a couple times here people saying hey is there a Alternative that's open source is tactical RMM would be that this is a demo for some Remote management tools to go out and manage. I thought this is look pretty cool it is Reminds me a lot of the way solar winds the one we actually use works in terms of like the way it looks I should say now what works with the checks and things like that. I think it's coming a long way I would love to see some development on this It's a cool thing. I thought about reaching out to them at some point they have agents and deployment options and both commands and script and patch management systems I Like it all in concept, but it looks cool I don't know enough about the functionality behind it to say whether or not this is a You know really Viable replacement, you know what I mean, and let me drop the github link in here for you But that's it's a neat-looking product. I just said I'm aware of it. I have a bookmark It's in my things I follow on github say a Bug bounty So this is also something right here. This has been by a few people here Kaseya does not offer compensation compensation for vulnerabilities that are disclosed I don't know why so many companies are taking this posture They really want they really need to take a better security posture and participate in bug bounty programs if you If you're looking around you're just like yeah, I don't say a Bug bounty hold on you're one of them. I can't find there was a good there was a good tweet Kind of related to this, but yeah, they do not offer this, but if you go over to act wise after their breach they Kind of got into this so connect wise had their own series of problems that they were not great about and It took them getting slapped around in the news and me make I made a video about it and lots of cyber security people tweeting about it And you know the community is getting unrest about the way they handle things now They offer a program. They're actually part of hacker one. So they actually have So hold on an exact link There we go. They have a whole process and policy over here on hacker one exactly how to do it. So There's a lot of speculation whether or not they could say a backdoor was used For other hits, but it's it's not that simple the way that backdoor works It would have been tricky I mean, there's obviously some potential for that for other flaws But it seems like this was completely not used for any type of espionage or deployments, but then again I mean it's speculatively could be should I be worried about connects? I remove them for ticketing. No connectwise actually has changed your security posture from We don't need to have bug bounty programs to I guess we should have bug bounty programs That actually came from them mentioning legal things To Bishop Fox when they were called out on the floor for a few things. So Connectwise is really swung around the other way So in my opinion through the incidents that occurred at connect wise They came out on the other side of it much better and with a much better attitude against With security in general. So I'm hoping the same thing that would happen over and the world of The the case a world Removing the self-host is simple help does all core things we need not as fancies are remember like synchro But it comes back to debate about security over convenience I just don't know is simple help the one that's open source. I'm trying to remember Was that the paid one? Okay, this is one of the paid ones Yeah, I mean whichever one works for you The challenge with any of these companies is Their security and making sure they go through regular audits and have regular updates because obviously This is You know, I don't know what their security policy is. I know Through learning with bishop fox Bishop fox took apart connect wise and bishop fox is not your average company They're pretty heavy hitters in the industry when it comes to application testing and so bishop fox Yeah, they dove hard at connect wise so It still did a lot of other companies by the way too and There we go. I did a video on this too because this is back in january of 2020 bishop fox dove into problems they found with the system And this is where they had a back and forth with connect wise that was less than pleasant and so yes, that's definitely Ah, yes It's one of those things like you want someone at the quality level Doing it. This is going to be a challenge we run into in the in the compliance world that we're Slowly creeping around to where companies are required to do things because this is you know I posted a meme about this the other day, but it's a real problem of who does your pen testing Do they just use some automated scan or they actually do pen testing? Do they actually know how to do it as we've seen this before where companies have said they had a pen test But ah, did they have a pen test? What kind of pen test was it? Was it a really Good pen test was it from an average person? Was it from someone? In I know because like Xavier who you know, I've been he's been on my channel a couple times before Xavier does pen testing Xavier has gone after other people said they pen tested something and got into it and said no you guys didn't you missed this you missed this It's not easy. It's it takes a whole lot of skills. So to say you pen test you have to define Kind of the skill level of the person pen testing. Are you just looking for open ports? Are you looking for vulnerabilities? Are you good enough to really dive into it and uh stack vulnerabilities together and chain them together to build a solid exploit that is It's a little bit more involved to be able to do that. So this is where you kind of have to um You know, it's it how good is the pen test? There's nothing automated about pen test There's a lot of tools that help narrow down where to look and help automated scan and fuzz things to give you ideas but Yeah, pen test and automated tools are Exactly, it's a lot more than automated tooling. That is for sure so Uh, yes, I have upgraded a papa west 2104 I wanted to use it for a little while before I did a video on it But I'll I'll do a video on it because actually there's the new cosmic desktop really makes me happy. I like it a lot. So um Papa west is solid It's been the update took longer than expected but works great Uh, the menuing system is a little different, but i'm enjoying it. So Can only trust the pen test when they got in. Well, yes, if they do get in You have a high level of confidence that they're good at what they do Yeah, pen testing is not just running a tool. This is one of those challenges I mean, there's a lot of tools you can run that help narrow things down as a pen tester But that's just to give you the lay of the land and get you started on it um yes, so Yes, any test is better than no test. So you got to start somewhere any test is better than no test um But you know, we think a lot about this because obviously gaining access to any of the tools that we have is bad So i'm Pretty picky about what tools i'll choose whether or not i'll choose a new one Because unless I feel it has a security history or I know some of the people involved in a project Or it has gone through a code review or some application testing or penetration testing by a reputable Reputation uh reputable firm or individual like Xavier who I know does this and I can put some confidence in It's hard to try a new product right now It's just any product that has public exposure where it would be accessible and has to manage machines at scale like we do here Has to go through a series of audits and steps before I can just choose it as a product That's one of the reasons is When I kind of deny like I just don't have time to look at all the products It's also hard for companies that are starting up to Get a foothold in the market because they're going to get questioned And rightfully so like are you the one for this product because you know, what's your security record? Are you going to be able to Handle security issues have you gone through a series of testing to make sure your product can withstand the internet and being exposed to it? so Ah So fun stuff, um I also so the Um Pen testing right here. I've been doing with bit warden for a little while this pen is held up really well Oh There's tom's pen testing right I had to make a joke about it. It's been sitting on my desk This is my my one pen. I keep in my office. So So dark net diaries did some uh, one of the best deep dives on this topic. So it was the um What were that company's name The name eludes me, but it's a dark dark net diaries has a whole episode about the pen testers Let me find it diaries DRK and that diaries testers are Yep, there we go There's that but um Let's get you the exact link for the dark net diaries. There we go. It's episode 59 episode 59 of dark dent diaries Uh dives deeply and greatly into that right there dark dent diaries episode 59 um Great one diving into the all the events in the inner because they get the interview the people that were involved in it So you get the first hand story of everything that went wrong and how it went wrong and how the Small town politics played such a role in that particular thing Oh, let's see Yeah, I talked about pf sense earlier in the video So you'll have to rewind it to watch for the pf sense talk It says the minor update so there's not anything major of pf sense other than yes, you should load it Yes, it has wire guard back in it And there's lots of little bug fixes in there lots of little errata But I do have to wind this down. Um, I am so awesome seeing that there's a few hundred of you here 223 of you here. So if you could hit the like button And there's any final questions. I'll give it about 10 more minutes here But any final questions that people wanted to ask about some of the topics I brought up here besides pf sense because That one's a little bit. Yeah I Yeah, I was just a great episode. I'm a big fan of dark net diaries. I stay caught up with that podcast in general So, um, definitely really enjoy it So all the all the episodes of dark net diaries are good If you're not a little if you're not listening to that podcast Why not that one if you if you're interested in security at all it's it's just jack recited is such a great job on that so Anything else for the good of the class before tom wanders off because he's got more stuff to do and deal with all the Noise it's on the other side of this wall I know there's I have a handful of people at my office today trying to get everything sorted out I have some emails. I have to say Let's see anything else and no cool Ah do Oh, I see you're asking someone else that they like I like the cosmic desktop I think some other people if anyone else um in here if you're using popo west the cosmic desktop is really nice Um, it's definitely and I wouldn't say different but it definitely um Uh a solid thing now, uh Open source team viewer alternatives the problem is security so the Systems out there That do some of this I I have no way to vet And often they don't either solid ways to vet the security of those products So be careful what you wish for because I know there's a few different things out there years and years ago Well, man, it's been like 12 years ago. I used to use a custom written vnc solution That is it's that that project's long to function Um, I mean, but this is one of the problems is how secure are those solutions now? We didn't use it for persistent remote access. We were using it for one-off support maybe 12 or 13 years ago Um setting up some of the vnc Relay servers we'd host a relay server that would then connect with vnc I don't know the name of the tool that we used it was really slick setup Um, and it was all for temporary access, but obviously these are really um You know concerning in here in 2021 because all products are being looked at so when there's a flaw in a product Trust me. There is an automated system out there trying to exploit that flaw um So yes, definitely one of those things that you need to keep Really wrap your mind around before you say I'm just looking for something free and easy Okay, but is this secure? I always start with is it secure? All right. What's a good secure solution that is not unreasonably priced. So Yeah, I'll make a video about the papa west eventually. It's not on my uh To-do list right now. It won't be till probably next week sometime. I've had too many other things to cover I don't use too much ansible. I use it here and there. It's not part of my daily workflow, but I like ansible. It's great Oh, what else did we have in here? Uh, we don't disclose all of our clients on there. Um, more than one less than a million The um, I actually don't know exactly how many clients we have I think On the msp side, there's like 40 companies that we're an msp for somewhere around there I know because I had to look at some paperwork. I don't look at that side of it all the time. Um, I do know like in from consulting we booked A lot of businesses over 300 businesses we booked last year a lot of that's our consulting side though It varies a lot with how we do things. So it's not um It's it's I don't know. I'm trying to think of the right word It's not we're not huge as a company. We're I don't know. I don't even know what the scaling looks like on that What do you use to create scripts or does your rmm just have good enough power shell? We're we're fixing and maintaining windows servers not linux servers. That's my day job Here at loren systems is 99 of the servers. We're maintaining our running windows or desktops desktops and servers most of our windows we're using power shell And we use our rmm tool and power shell to set policies and change settings so Hopefully that makes sense So How do we handle without a ticketing system? We currently we moved to fresh desks for ticketing Because that was ticketing finally gets to the point where we needed to we were just before we just had everyone send us an email We had them emailing a single email address and then we would sort it out using google groups and we finally decided to Um move to fresh desks to make it easier. So fresh desk is how we handle that Uh best podcast listening client I use I'm partial to pocket casts So that pocket cast on android has been my go-to. I've been using it for years. I'm a pay. I bought the paid Um version of it. So I forget it wasn't much. It was like, I don't know $15 or whatever It was a little bit at the time I don't even know if they will they sell it for right now But that's the one I've been using you can also use the built-in google one if you want That one works pretty good too as I understand um To see anything else any other questions you have in here I think I've covered them So many of them are hey, that's the other one. I was looking for mesh central is that open source Uh went out there have no idea whether or not it's secure or well audited Um, I think it seems like they were working on that security So let's see look on that um Nope, I did not Mesh central security features guide. That's not helpful At least bring a link up for it so people can take a look at it. It's a neat product freely manage your devices Um, it's like I said download security youtube. They're called public server login It's a community driven open source built on node gs and freely available npm You can get started with public server logon I don't know about it's Like has it gone through it has like, you know, the usual things it's using Proper cryptography and everything else it's but it's not the cryptography. That's the problem. It's how was it implemented I don't know was it implemented well. Was it implement poorly? These are what security audits do so that i'm aware of or at least that i'm Seeing here Let's see if it's inter blog uh branding terminal details Signing I don't know if it's gone through a thorough security audit So use at your own risk Hey, thank you very much each network for the donation is much appreciated Uh, yes, we try to do as much as we can fix pricing for our contracts Um because fix pricing narrow scope everything else is billable not fix pricing everything's included Contracts they're fixed pricing and projects are billable essentially Yes, you can store your uh, you can use it when actually store your mfa codes The downside of course is now you've created a single point. So that can be I don't do that. I keep my 2fa separate, but obviously there's some tediousness to doing that. It's a trade-off The only thing I like about those attacks solar winds could say et cetera is that msp start looking if apps Uh, they use our security audit. Yes. I've been trying to get more people to do it because there's certainly been um a problem in that aspect I I still um Thank you very much for uh the bearded it dad for the donation is much appreciated but one of the problems really comes down to Is I I see this dumb argument where people start staring at products completely based on how it can save them or make them some more money And really kind of setting aside the security aspect. I mean making money is something you have to do That's why we're in business. I get it. But you have to Keep things Locked down and secure if you don't do that you're going to end up losing or being sued out of all the money You potentially would have made so um We don't run free pvx in the vm in vm anymore. We moved it over to a piece of hardware But it I we never had a problem with it and uh, we've done we still have a test server in xcp and g that seems to work perfectly fine I few people told me they run it all the time in there. My testing has never had a problem in Free pvx and xcp and g it seems to work. So yeah And I know what you meant so Uh Oh, okay I think you mistyped something but I get what you're saying Because of you we use xcp and g which is wonderful and are a full pop shop awesome. Good to hear All right anything else. I think now I can actually wind it down Hopefully all of you took some time to hit the like button because that would be very helpful I'm going to go reply to some messages send us some emails and I'm going to go home for the day I think I've been here enough Thank you very much for the donation much appreciated Yeah, the uh donations do help out folks the um Oh, you know, I wish I that's kind of weird. I guess I have to do this share Chrome tab The other way you can see the stickers when people send them. I guess is when you do it this way You can't see uh stickers when I'm in stream labs. Oh well So all right, you can find me on twitters and in the forums and at lorton systems.com Uh, if you have to reach out to me twitter is probably I don't I don't do tech support over twitter but for people that need to reach out to me for some reason I'm occasionally on discord less much so but occasionally Um, definitely I use to respond in the forums. I'm there a couple times a day. I try not to go more than Um, 24 hours without replying to requests on the forums. I'm pretty adamant about that I yeah as for those you don't know I do sometimes just reply on my phone. So Um, which occasionally has led to me going back and editing because you don't realize what you typed on the phone is often so Hopefully though. I uh, I'm not too crazy when I'm on there Hey, thank you very much Ryan for it. So awesome. It's greatly greatly appreciative of all the donations and everything else So all right. I think that's it. I'm getting I'm yawning again So I've been up to since too early because I started my day early reading everything I can Then I did this is my second live stream today and then also You know, I did a video in between and somewhere between I did get some work done Um, which I still have one more email to send because I have a quote on a storage server That is waiting on a send button for it somewhere I got to type some words around it too and the person probably wants to know I put the quote together Um, but I have a few questions for the client before I can just send it over about How they want to set up but if if it all goes well, maybe the storage server will pass through here for configuration And maybe I'll do a review on it because it's a nice all solid state Uh storage server design so but I've done I've done some of those before It'll it'll be a true dance build and uh, lots of fun. All right Once again easy to find you know where all my links are and thanks