Podcasts about esxi

  • 56PODCASTS
  • 129EPISODES
  • 35mAVG DURATION
  • 1EPISODE EVERY OTHER WEEK
  • Dec 13, 2022LATEST

POPULARITY

20152016201720182019202020212022


Best podcasts about esxi

Latest podcast episodes about esxi

Cyber and Technology with Mike
13 December 2022 Cyber and Tech News

Cyber and Technology with Mike

Play Episode Listen Later Dec 13, 2022 10:20


In today's podcast we cover four crucial cyber and technology topics, including: 1.        New technique steals data from air-gapped networks 2.        City of Antwerp facing outages amidst ransomware attack 3.        Researchers find Python backdoor on VMware servers 4.        Twitter investigating claims of additional data leak impacting millions  I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

Hack Naked News (Video)
Chaos, Uberleaks, ESXi, Fortinet, Cloudflare, Praetorian, more News, & Jason Wood - SWN #262

Hack Naked News (Video)

Play Episode Listen Later Dec 13, 2022 29:16


Your money is gone, Chaos, Ublerleaks, Esxi, Fortinet, Cloudflare, Praetorian, Jason Wood, and more on the Security Weekly News.   Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn262

Hack Naked News (Audio)
SWN #262 - Chaos, Uberleaks, Esxi, Fortinet, Cloudflare, Praetorian, More News, & Jason Wood

Hack Naked News (Audio)

Play Episode Listen Later Dec 13, 2022 29:14


Your money is gone, Chaos, Ublerleaks, Esxi, Fortinet, Cloudflare, Praetorian, Jason Wood, and more on the Security Weekly News.   Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/swn262

Paul's Security Weekly
SWN #262 - Chaos, Uberleaks, Esxi, Fortinet, Cloudflare, Praetorian, More News, & Jason Wood

Paul's Security Weekly

Play Episode Listen Later Dec 13, 2022 29:14


Your money is gone, Chaos, Ublerleaks, Esxi, Fortinet, Cloudflare, Praetorian, Jason Wood, and more on the Security Weekly News.   Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/swn262

Paul's Security Weekly
SWN #248 - YeBots in Space, BlackLotus, Venus, ESXI, Act4shell, Zoom, & ICS

Paul's Security Weekly

Play Episode Listen Later Oct 18, 2022 28:13


This week, Dr. Doug discusses: YeBots, BlackLotus, Venus, ESXI, Act4shell, Women in cyber, Zoom, and ICS growth along with the expert commentary of Jason Wood on the Security Weekly News!   Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/swn248

Hack Naked News (Video)
YeBots in Space, BlackLotus, Venus, ESXI, Act4shell, Zoom, & ICS - SWN #248

Hack Naked News (Video)

Play Episode Listen Later Oct 18, 2022 28:36


This week, Dr. Doug discusses: YeBots, BlackLotus, Venus, ESXI, Act4shell, Women in cyber, Zoom, and ICS growth along with the expert commentary of Jason Wood on the Security Weekly News!   Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn248

Hack Naked News (Audio)
SWN #248 - YeBots in Space, BlackLotus, Venus, ESXI, Act4shell, Zoom, & ICS

Hack Naked News (Audio)

Play Episode Listen Later Oct 18, 2022 28:13


This week, Dr. Doug discusses: YeBots, BlackLotus, Venus, ESXI, Act4shell, Women in cyber, Zoom, and ICS growth along with the expert commentary of Jason Wood on the Security Weekly News!   Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/swn248

Cyber Security Today
Cyber Security Today, Oct. 17, 2022 - Warnings to VMware hypervisor and Office 365 administrators

Cyber Security Today

Play Episode Listen Later Oct 17, 2022 7:06


This episode reports on the end-of-life support for two versions of ESXi hypervisors, an encryption issue with Office 365 email, a new threat to NPM libraries and more

Cyber and Technology with Mike
21 July 2022 Cyber and Tech News

Cyber and Technology with Mike

Play Episode Listen Later Jul 21, 2022 11:23


In today's podcast we cover four crucial cyber and technology topics, including: 1.Kaspersky identifies new Luna ransomware strain 2.Criminal steals user data from Neopets.com, selling it on darkweb 3.Belgium says China-linked actors behind government cyber attacks 4.Microsoft reverses course, says it will block VBA macros by default I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

InfoSec Overnights - Daily Security News
Knauf Knocked Out, Rusty Luna, Magecart Skim, and more.

InfoSec Overnights - Daily Security News

Play Episode Listen Later Jul 20, 2022 3:03


A daily look at the relevant information security news from overnight - 20 July, 2022Episode 269 - 20 July 2022Knauf Knocked Out- https://www.bleepingcomputer.com/news/security/building-materials-giant-knauf-hit-by-black-basta-ransomware-gang/Rusty Luna - https://thehackernews.com/2022/07/new-rust-based-ransomware-family.htmlGPS Over-Tracking - https://www.zdnet.com/article/flaws-in-a-popular-gps-tracker-could-allow-hackers-to-track-or-stop-vehicles-say-security-researchers/Oracle Patchfest- https://www.securityweek.com/oracle-releases-349-new-security-patches-july-2022-cpu Magicart Skim - https://docs.google.com/document/d/1Kse6lMi7hJEg1wDnVS_ZEND2pZOEMT4a9We3erCPsXE/editHi, I'm Paul Torgersen. It's Wednesday July 20th, 2022, and from Victoria, this is a look at the information security news from overnight. From BleepingComputer.com:The Knauf Group, a large Germany based building materials company, has announced it has been the target of a cyberattack that has disrupted its business operations. Their global IT team has shut down all systems to isolate the incident. Knauf has not confirmed it is a ransomware attack, but the Black Basta group has claimed responsibility for the attack on their extortion site. So far they claim to have released about 20% of the information they stole, which indicates they are likely still hopeful to receive a ransom from the victim. From TheHackerNews.com:Researchers have disclosed a brand-new ransomware family written in Rust, that Kaspersky Labs has named Luna. The ransomware is fairly simple and appears to be in its early development. It is designed to be used by Russian speaking threat actors, and can run on Windows, Linux, and ESXi systems. From ZDNet.com:Critical security vulnerabilities in the MiCODUS MV720 vehicle GPS tracker could be used to remotely track, stop or even take control of vehicles in which it is installed. These devices are popular with large companies and government entities, with approximately 1.5 million of them currently in use in 169 countries. Researchers at BitSight, who found the flaws, say these devices should not be used until patches are available. No word from MiCODUS on when that might be. From SecurityWeek.com:Oracle's quarterly Critical Patch Update has a total of 349 new security patches, including 230 for vulnerabilities that can be exploited by remote, unauthenticated attackers. 64 of the vulnerabilities are rated critical, with four of those scoring a ten out of ten. Financial Services Applications received the largest number of fixes, followed by Oracle Communications, then Fusion Middleware. Get your patch on kids. And last today, from ThreatPost.com:A Magecart campaign has been skimming payment-card credentials from customers using three online restaurant-ordering systems. The attack has affected over 300 restaurants and compromised at least 50,000 cards so far, which have already been offered up for sale on the dark web. The platforms impacted are MenuDrive, Harbortouch, and InTouchPOS. That's all for me today. Have a great rest of your day. Like and subscribe, and until next tomorrow, be safe out there.

5bytespodcast
Marriott Breached Again! Ransomware Gang Targeting ESXI! Cloud Computing Constraints!

5bytespodcast

Play Episode Listen Later Jul 8, 2022 27:44


This week I cover worrying news of a new ransomware gang plus the interesting ongoing situation of public cloud resources running out creating uncertainty for the short-term growth of cloud computing and much, much more! Reference Links: https://www.rorymon.com/blog/episode-237-marriott-breached-again-ransomware-gang-targeting-esxi-cloud-computing-constraints/

InfoSec Overnights - Daily Security News
North Korean Maui Zowie, Linux and Windows RedAlert, Linux in OrBit, and more.

InfoSec Overnights - Daily Security News

Play Episode Listen Later Jul 7, 2022 2:58


A daily look at the relevant information security news from overnight - 07 July, 2022Episode 260 - 07 July 2022North Korean Maui Zowie- https://www.zdnet.com/article/fbi-these-hackers-are-targeting-healthcare-records-and-it-systems-with-maui-ransomware/ Linux and Windows RedAlert - https://www.bleepingcomputer.com/news/security/new-redalert-ransomware-targets-windows-linux-vmware-esxi-servers/CuteBoi NPM Mining - https://thehackernews.com/2022/07/over-1200-npm-packages-found-involved.htmlSHI Attacked- https://www.bleepingcomputer.com/news/security/it-services-giant-shi-hit-by-professional-malware-attack/Linux in OrBit - https://thehackernews.com/2022/07/researchers-warn-of-new-orbit-linux.htmlHi, I'm Paul Torgersen. It's Thursday July 7th 2022, and this is a look at the information security news from overnight. From ZDNet.comSeveral US agencies have issued an alert that North Korean sponsored attackers are targeting healthcare and public health organizations with the Maui ransomware. The warnings say these attacks have been going on since at least May of 2021, but they are still not sure of the initial attack vector. Early analysis suggests the malware is designed for attackers to manually select files for encryption, as opposed to encrypting all files wholesale. Details and a link to the advisory in the article. From BleepingComputer.com:A new ransomware operation called RedAlert, or N13V, targets both Windows and Linux VMWare ESXi servers with command-line options that allow the threat actors to shut down any running virtual machines before encrypting files. Victims are directed to a TOR site to pay a ransom in Monero to receive the decryptors. Details in the article. From TheHackerNews.com:Researchers have found a large-scale crypto mining campaign targeting the NPM JavaScript package repository. The malicious activity, attributed to a threat actor called CuteBoi, involves an array of 1,283 rogue modules from over 1,000 different user accounts using automation which includes the ability to pass the NPM 2FA challenge. Much of the source code in this attack is nearly identical to EazyMiner. From BleepingComputer.comSHI International has confirmed that a malware attack forced them to bring some of their systems, including email and public websites, offline. They described it as a coordinated and professional malware attack. The company says no customer data was exfiltrated and that third party systems in its supply chain were unaffected. No word on the threat actor or malware strain involved. And last today, from TheHackerNews.comResearchers have uncovered a new Linux threat dubbed OrBit, the fourth Linux targeting malware discovered in the past three months. This one can be installed either with persistence capabilities or as a volatile implant, and implements advanced evasion techniques. It ultimately provides the threat actors with remote access capabilities over SSH, harvests credentials, and logs TTY commands. Details on the article. That's all for me today. Have a great rest of your day. Like and subscribe, and until tomorrow, be safe out there.

CiberAfterWork: ciberseguridad en Capital Radio
Episodio 178. Las mujeres y el emprendimiento en Ciberseguridad

CiberAfterWork: ciberseguridad en Capital Radio

Play Episode Listen Later Jun 17, 2022 51:13


En este programa hablamos con Daniela Kominsky, miembro de la Junta directiva de Women4Cyber y con Nazareth Rodrigáñez del área de Alianzas Estratégicas de Tetuan Valley Con Daniela y Nazareth pudimos hablar de una iniciativa muy interesante en la que Woman4Cyber y Tetuan Valley han unido esfuerzos. Esta iniciativa es fomentar el emprendimiento de las mujeres en el mundo de la ciberseguridad. Es un hecho que en las áreas STEM la participación de las mujeres no es algo mayoritario y sin la diversidad de pensamiento y puntos de vista que aportan las mujeres, el mundo STEM y en concreto el mundo Ciber pierde un importante valor. En nuestro apartado de noticias hablamos de varias noticias importantes que han ocurrido en esta semana. Por un lado parece que el buscador duckduckgo tiene alguna fisura en su privacidad, esto es importante ya que su principal eslogan es que no utilizan los datos que generan los usuarios en su uso. Hablamos de dos vulnerabilidades importantes, una encontrada en la popular aplicación Zoom y otra en un elemento quizás mas desconocido para el publico en general como es el gestor de arranque U-Boot. Por último nos hacemos eco de un caso en el que el grupo “Black Basta” ha sido capaz de cifrar los ficheros de un servidor ESXi de VMWare, paralizando así el uso de las máquinas virtuales que contenía A lo largo de la entrevista con Daniela y con Nazareth estuvimos conversando sobre los distintos elementos que favorecen o perjudican el emprendimiento en general, pero también sobre las causas especificas que afectan más a las mujeres que en ocasiones no encuentran referentes en el mundo Cyber otras veces las obligaciones familiares les impiden afrontar los retos que supone el emprendimiento. También hablamos sobre algunas circunstancias que pueden hacer más fácil emprender en otras partes del mundo. Pero sobre todo nos centramos en la iniciativa que tanto Women4Cyber como Tetuan Valley han lanzado y que gracias a la Startup School estan ayudando a emprendedores con sus proyectos y el día 30 de Junio podremos ver todo el trabajo que llevan haciendo desde finales de Mayo en el DemoDay al que os invitamos a apuntaros. Twitter: @ciberafterwork Instagram @ciberafterwork +info: https://psaneme.com/ https://bitlifemedia.com/ Noticias: https://unaaldia.hispasec.com/2022/06/duckduckgo-no-es-tan-privado-como-piensas.html https://unaaldia.hispasec.com/2022/06/ejecucion-de-codigo-remoto-en-zoom-sin-que-el-usuario-llegue-a-interactuar.html https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/ https://securityaffairs.co/wordpress/132037/hacking/black-basta-ransomware-vmware-esxi.html?web_view=true Píldora SASE: https://www.netskope.com/ Women4Cyber: https://www.women4cyberspain.es/ https://www.eventbrite.es/e/entradas-w4c-startup-school-demo-day-335242067047 Tetuan Valley: https://www.tetuanvalley.com/

The Cyber Threat Perspective
June 10th 2022 CTP Week in Review: Dogwalk - Qakbot - Follina - ESXi Ransomware

The Cyber Threat Perspective

Play Episode Listen Later Jun 10, 2022 23:15


In this week's review:A DFIR Report with no Ransomware and no Cobalt StrikePath Traversal & MOTW Bypass - DIAGCAB Windows Zero-day aka "Dogwalk"Linux version of Black Basta ransomware targets VMware ESXi serversTA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt)Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

7 Minute Security
7MS #524: How to Update VMWare ESXi From the Command Line

7 Minute Security

Play Episode Listen Later Jun 10, 2022 33:52


I'm extra psyched today, because today's episode (which is all about updating your VMWare ESXi version via command line) is complemented by video: https://www.youtube.com/watch?v=0-XAO32LEPY Shortly after recording this video, I found this awesome article which walks you through a different way to tackle these updates: List all upgrade profiles: esxcli software sources profile list --depot=https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml Grep for just the ones you want (in my case ESXi 7.x): esxcli software sources profile list --depot=https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml | grep -i ESXi-7.0 Apply the one you want! esxcli software sources profile list --depot=https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml | grep -i ESXi-7.0    

Cyber and Technology with Mike
08 June 2022 Cyber and Tech News

Cyber and Technology with Mike

Play Episode Listen Later Jun 8, 2022 9:13


In today's podcast we cover four crucial cyber and technology topics, including: 1.Lockbit slams Mandiant, denying link to EvilCorp 2.Qbot now abusing Follina to target Windows product users 3.Black Basta updates ability to target Vmware on Linux 4.FBI shutdown SSNDOB illegal marketplace with aid from Cyprus I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

Dell Technologies PowerofStorage Podcast
SmartNIC and ESXi Offloading

Dell Technologies PowerofStorage Podcast

Play Episode Listen Later Apr 20, 2022 8:28


SmartNIC provides a way to run vSphere more efficiently and provides new opportunities for application modernization.

Data Center Therapy
#074 - Retro Gaming and Hypervisor Boot Devices

Data Center Therapy

Play Episode Listen Later Feb 24, 2022 39:19


Away crew, prepare to set your phasers to ‘fun'!    On this episode of Data Center Therapy, your fabulous hosts, Mr. Matt “SCUMM For Life” Yette and Mr. Matt “Bring up your Inventory Screen!” Cozzolino drive the DeLorean Time Machine and drop you, our loyal listeners, off at the Pizza Hut with a huge stack of quarters for the Pac-Man, Galaga, and pinball machines.  Come on a retro journey with the IVOXY gang as they share their thoughts on their favorite games of years past, including: Beloved Nintendo64 and PlayStation classics such as GoldenEye and Final Fantasy VII. The finest Nintendo classics like Track & Field and Zelda, and must-play-back-in-the-day arcade games (with special respects paid to NBA Jam!). And the best adventure games from Sierra Online (King's Quest, Leisure Suit Larry) and LucasArts (Sam & Max, The Secret of Monkey Island, Grim Fandango, Full Throttle, Maniac Mansion, and Day of the Tentacle). You'll feel a nostalgic thrill as you hear Cozzolino recalling him and a friend staying up all night to play Resident Evil (and scaring the heck out of themselves while doing so!).  You'll learn how Cozz took a fancy to EverQuest and World of Warcraft, but not older titles and games (and why!).  You'll also get to hear about the latest advances in retro gaming, including Field Programmable Gate Arrays that let newer hardware become the awesome custom hardware that powered the games of old.   Finally, the boys also open the podcast with their take on VMware (suddenly and without much warning) deprecating the use of inexpensive USB and SD card boot devices for the ESXi Hypervisor, and what you can do about it.  Though the Matts mention Boot-from-SAN and Netbooting, you'll want to listen in so you can stay informed and knowledgeable as you, our loyal listeners, embark on your own quest to remediate that challenge! As always, if you enjoy this podcast, wherever you found it, please be sure to like, share, and subscribe, and do reach out to IVOXY should you need assistance transitioning your hosts to supported boot mediums in your ESXi 7.0 journeys.  Be safe, be in the know, have some (retro gaming) fun, and catch you on our next episode, DCT friends!

VMware Communities Roundtable
#593 - What is Bare-Metal Cloud w/Jason James & Komal Khungar

VMware Communities Roundtable

Play Episode Listen Later Feb 23, 2022


Learn what Jason believes is the value of having ESXi underneath your Telco Solution, as many competitors market Bare-Metal solutions.

La French Connection
Episode 0x196 (Hebdo) - 3 février 2022 - Attaques sans merci!

La French Connection

Play Episode Listen Later Feb 3, 2022 60:27


3 février 2022 - Attaques sans merci! Merci à notre partenaire! Télécharger Téléport Shamelessplug Revoir le Byebye de la sécurité 2021 Hackfest Shop Join Hackfest/La French Connection Discord Déplacé en mai 2022 - Conférence LePoint - 10 Février 2022 Bonjour Cégep de l'outaouais et TheRage Nom du hackfest 2019 Shownotes and Links Opinion Québec achat local pas plus bas soumission Nouvelles Vulnérabilité Linux pkexec La Corée du Nord l'a piraté. Alors il a coupé son Internet Un « cyberincident » s'est produit à Affaires mondiales Le Google Play Store supprime une fausse application 2FA cauchemardesque contenant un logiciel bancaire malveillant. https://blog.pradeo.com/vultur-malware-dropper-google-play La Croix-Rouge implore des hackers de ne pas divulguer les données de 515 000 personnes hautement vulnérables. La version Linux du ransomware AvosLocker cible les serveurs ESXi de VMware Vulnérabilités Log4j dans VMware Horizon Des activistes affirment avoir piraté le système ferroviaire biélorusse pour stopper le renforcement militaire russe. Cyberattaque contre des programmes d'aide aux employés et à leur famille BlackCat Ransomware : un RaaS hautement configurable et basé sur Rust à la recherche de victimes Crew Patrick Mathieu Jacques Sauvé Gabrielle Crédits Montage audio par Hackfest Communication Musique par Dots On Maps - Ocean Star Empire - Embarking The Phantom Convoy Locaux virtuels par streamyard

YusufOnSecurity.com
49 - Mac Malware

YusufOnSecurity.com

Play Episode Listen Later Jan 9, 2022 28:14


In this episode we will look at a growing threat  facing the Mac world.  While not attacked as much as Windows platform, the signs are showing Mac is indeed not unvulnerableBefore we get into the main topic, lets have a look at a couple of trending security news. This will we briefly talk about Norton 360 which brings you a crypto-mining feature and an important bug patched by VMWare.-https://krebsonsecurity.com: Norton 360 now comes with a cryptominer- threatpost.com: Partially Unpatched VMware Bug Opens Door to Hypervisor Takeover- www.vmware.com: VMware Workstation, Fusion and ESXi updates address a heap-overflow vulnerability (CVE-2021-22045)-https://vuldb.com: Vulnerability database -http://objective-see.com: The Mac Malware of 2021Be sure to subscribe!If you like the content. Follow me @iayusuf or read my blog at [https://yusufonsecurity.com](https://yusufonsecurity.com/)You will find a list of all previous episodes in there too.

7 Minute Security
7MS #502: Building a Pentest Lab in Azure

7 Minute Security

Play Episode Listen Later Jan 5, 2022 51:56


Happy new year friends! Today I share the good, bad, ugly, and BROKEN things I've come across while migrating our Light Pentest LITE training lab from on-prem VMware ESXi to Azure. It has been a fun and frustrating process, but my hope is that some of the tips in today's episode will save you some time/headaches/money should you setup a pentesting training camp in the cloud. Things I like No longer relying on a single point of failure (Intel NUC, switch, ISP, etc.) You can schedule VMs to auto-shutdown at a certain time each day, and even have Azure send you a notification before the shutdown so you can delay - or suspend altogether - the operation Things I don't like VMs are by default (I believe) joined to Azure AD, which I don't want. Here's how I got machines unjoined from Azure AD and then joined to my pwn.town domain: dsregcmd /leave Add-Computer -DomainName pwn.town -Restart Accidentally provision a VM in the wrong subnet? The fix may be rebuilding the flippin' VM (more info in today's episode). Just about every operation takes for freakin' ever. And it's confusing because if you delete objects out of the portal, sometimes they don't actually disappear from the GUI for like 5-30 minutes. Using backups and snapshots is archaic. You can take a snapshot in the GUI or PowerShell easy-peasy, but if you actually want to restore those snapshots you have to convert them to managed disks, then detach a VM's existing disk, and attach the freshly converted managed disks. This is a nightmare to do with PowerShell. Deleting data is a headache. I understand Azure is probably trying to protect you against deleting stuff and not being able to get it back, but they night a right-click > "I know what I'm doing, DELETE THIS NOW" option. Otherwise you can end up in situations where in order to delete data, you have to disable soft delete, undelete deleted data, then re-delete it to actually make it go away. WTH, you say? This doc will help it make more sense (or not). Things that are broken Promiscuous mode - just plain does not work as far as I can tell. So I can't do protocol poisoning exercises with something like Inveigh. Hashcat - I got CPU-based cracking working in ESXi by installing OpenCL drivers, but try as I may, I cannot get this working in Azure. I even submitted an issue to the hashcat forums but so far no replies. On a personal note, it has been good knowing you because I'm about to spend all my money on a new hobby: indoor skydiving.

Virtually Speaking Podcast
ESXi System Storage

Virtually Speaking Podcast

Play Episode Listen Later Nov 12, 2021 37:46


This week on the Virtually Speaking Podcast we welcome Jatin Purohit to give us an ESXi System Storage overview and discuss the changes between versions. Enjoy! Links Mentioned ESXi System Storage Changes ESXi System Storage While Upgrading ESXi System Storage FAQs ESXi 7 Storage Requirements ESXi 7 System Storage warnings – VMware KB Article 85615 VMFS-L locker partition corruption Bootbank cannot be found at path ‘/bootbank' errors being seen after upgrading to ESXi 7.0 U2 Creating a persistent scratch location for ESXi 7.x/6.x/5.x/4.x Configure ESXi Dump Collector with ESXCLI Removal of SD card/USB as a standalone boot device option (KB Article 85685) https://blogs.vmware.com/vsphere/2021/09/esxi-7-boot-media-consideration-vmware-technical-guidance.html https://thenicholson.com/is-my-sd-card-is-resilient-enough-for-production-esxi-usage/ The Virtually Speaking Podcast  The Virtually Speaking Podcast is a technical podcast dedicated to discussing VMware topics related to storage and availability. In each episode, Pete Flecha and John Nicholson bring in various subject matter experts from VMware and within the industry to discuss their respective areas of expertise. If you're new to the Virtually Speaking Podcast check out all episodes on vSpeakingPodcast.com and follow on Twitter @VirtSpeaking.  

Syntax - Tasty Web Development Treats
Horror Web Dev Stories - 2021

Syntax - Tasty Web Development Treats

Play Episode Listen Later Oct 27, 2021 51:02


For episode 400, Scott and Wes talk about web dev horror stories - 2021 edition! LogRocket - Sponsor LogRocket lets you replay what users do on your site, helping you reproduce bugs and fix issues faster. It's an exception tracker, a session re-player and a performance monitor. Get 14 days free at logrocket.com/syntax. Mux - Sponsor Mux Video is an API-first platform that makes it easy for any developer to build beautiful video. Powered by data and designed by video experts, your video will work perfectly on every device, every time. Mux Video handles storage, encoding, and delivery so you can focus on building your product. Live streaming is just as easy and Mux will scale with you as you grow, whether you're serving a few dozen streams or a few million. Visit mux.com/syntax. Linode - Sponsor Whether you're working on a personal project or managing enterprise infrastructure, you deserve simple, affordable, and accessible cloud computing solutions that allow you to take your project to the next level. Simplify your cloud infrastructure with Linode's Linux virtual machines and develop, deploy, and scale your modern applications faster and easier. Get started on Linode today with a $100 in free credit for listeners of Syntax. You can find all the details at linode.com/syntax. Linode has 11 global data centers and provides 24/7/365 human support with no tiers or hand-offs regardless of your plan size. In addition to shared and dedicated compute instances, you can use your $100 in credit on S3-compatible object storage, Managed Kubernetes, and more. Visit linode.com/syntax and click on the “Create Free Account” button to get started. Show Notes 02:54 - Hi guys, love the show. I wanted to share with you something that happened just the other day (Oct 4th), I was starting my new job today at a large tech company. They use React for everything (even DNS!, don't ask me how, it's complicated). I figured I'd celebrate my first day and push some code to prod, (how hard could useEffect be right?) Next thing you know, they ended up bringing in a guy with an angle grinder to get access to the server cage. 04:15 - No one from Denver can buy 06:38 - Bug accidentally gives $90 million to users https://www.cnbc.com/2021/10/01/defi-protocol-compound-mistakenly-gives-away-millions-to-users.html 08:34 - Share Pointy Knives Hi! I'm a developer at a consulting firm in Sweden, writing C# on the backend and using React with either JavaScript or TypeScript and hosting things in Azure 99% of the time (and 1% in SharePoint). I was in my last week at my last job before I was due to start my new job. Worked 12 h/day to keep up with all the handovers etc. to colleagues so they would have a chance to continue working on the solutions I have taken care of. One project was a process tool hosted in SharePoint Online. The guy who would oversee it had -1% experience with SharePoint (which I pointed out to my bosses). But to make things a bit easier, I wrote a deploy script to ease things a bit. Starts the terminal and runs the script towards the acceptance environment. Umpteen million errors appear… Which is strange, because there would only be about 20 commands (which can cause errors like these). I log into the environment to double check if I now accidentally entered the wrong values in the script (which looked okay according to me). But I get a 404 error when I try to reach the environment… I log into the admin interface; I discover that the site is gone… Also checking the trash can, there are no things there. Very strange. I find that I'm in a different folder than the one where I saved my script… In that folder there is an old deploy script that was used when the project was started a thousand years ago (which was not used after the project was “finished”). The first thing the script does is force delete the site and then try to create a new empty site… The site is gone with lists and everything (lists are a SharePoint thing, think of it as sql-lite), there are no backups of the acceptance environment (although it is very important). I just feel a little panicked about how I'm going to solve this. However, I remember testing a tool six months ago to copy entire environments. Where the first attempt was made on the acceptance environment. Finds the cloned environment and can use the same tool to clone it back. It took only 8-12 hours of work to create all the new things done in the environment in the last 6 months instead of X number of hours to build everything from scratch. Once I updated a feature that saves accessories on orders (same solution). However, I failed to add all the new fields to the production environment. Which meant that accessories were not saved at all… Which was discovered after a week… I fixed the error in 5 minutes and the sellers had to contact x number of customers to double check what kind of accessories they would have for their orders… 11:22 - External HD One time I needed to format a server. It was an outdated Windows server. I selected all the files and copied and pasted to an external hard drive. My drive was pretty fast and it took like a minute. I was like: “Wow! That's a great external hd”. Formatted the server and, as soon as I realized it didn't copy 10% of the files, I had that face. We all know that face. Anyways. Tried to restore the files using some HD recovery tools but they were all corrupted, not by the formatting itself but for the installation of the new OS. My boss was pissed! I was very young so I blame it on the server. I'm not proud of it. But why the heck they would ask a developer to format a server in the first place? By the way, my birthday is on Halloween. Spoooky. 13:07 - Hey Loser I was testing new code to automate mass-mailings to our customers. Who knows what demon drove me but I wrote the “test” mailings like ransom notes: “Dear loser! Fork over all your $$$ or else!” Well, all was looking great and I wa s feeling pretty pleased with myself. Progress bars were sliding and counters were spinning. But I could hear a rising commotion from the marketing guys behind me. Phones ringing, voices raised. Turns out I had moronically wired myself to the production database! Even worse for me, I'd only been at the company a month or two. I thought my goose was cooked and the Big Boss was plenty mad, but I owned up right away and apologized. We put out a cover story that we'd been hacked and all was forgiven. 15:01 - HE HATE ME I was part of the developer team that accidentally leaked the 8 cities the XFL, an alternate football league, a week before their press conference. ewrestling.com/article/wwe-ac… We were using Contentful and Gatsby. A junior dev entered the information into the prod space instead of the UAT space and when we released some bug fixes, it picked up the contact us content update. I found out after seeing stories pop up in Google News when I was about to go to sleep. Was taking the content down when we started getting calls from the CIO of the WWE. The league went bust because of COVID. 19:23 - I Don't Have Memory of This I had two pretty bad code changes that only showed their problems when they went live in production. Around 6 years ago, I was running into a large performance issue with some of our queries running slowly against this giant DB. We were using JPA/Hibernate and we had a bunch of joins that were done lazily. I switched a few of them to eager so that they would create a single SQL statement instead of a bunch (or thousands). The change worked fine on my dev environment, QA, and staging. Staging was supposed to be representative of production. So we went live and within minutes the entire system went down because of out of memory errors. We quickly switched back to the lazy joins. We found out that staging had more memory and fewer DB records than production though they were supposed to be exactly the same. 21:05 - Your Performance is Slowing us down Back when VMWare was becoming a thing, like 2010 or so. I was working at an ecomm site and we were seeing slow performance between the app server and some data services. I decided to build a little multithreaded logger that could track when a query to Oracle Financials was running too slow and generate a warning. Oracle Financials was doing the credit card transactions, orders, and all the rest of the sites DB work. The code had no impact on my dev, QA, and staging environments. We were hitting well over our minimum number of concurrent users. We deployed it to production and then the system got slower and slower, but never crashed. Again, production and staging were set up differently. Staging was a bare-metal server. Production was running on an ESXi server on a host that was split 4 ways. The multi-threaded code meant to detect performance degradations was slowing the whole system down when it tried to synchronize data across threads. I was pretty embarrassed by both these two issues. It went to show that production is its own special thing and that you really don't know if your server-side code is really going to work until it starts running there. 23:15 - Dead Button Way back when mainframes were king, a guy I worked with pushed a button in, that if released, would immediately take down the entire company. He stood there for 4 hours, holding the button in, until we could let it crash after business hours. We gave him a chair after 2 hours. 25:12 - No Deploys on Fridays I was a junior dev working on our company's website. They were HTML + nunjucks templates that were later being integrated with the backend using some Python witchcraft. There was also a metric ton of JS libraries added (like Babra for page transitions, threejs for a cool interactive animation on the landing page etc.). Didn't really get much of all this package.json stuff at that seniority level. So after running yarn or npm or whatever, and seeing some warnings about a couple packages being outdated, I decided to update some of them. It ran great locally, but I didn't build the prod version, as I didn't know there could be any differences. I was working on some minor feature (or maybe even some minor bug) and the PM decided there's no time for code review. So I pushed it to the repo, the backend guy did his integration, and launched it on prod. As it turned out, there were some breaking changes in one of the libraries I decided to update. It crashed the entire site. On Friday. At 4:30PM. And that, kids, is why you don't deploy on Fridays. 27:33 - Stupid Selfie Horror story for you Wes. I work for one of the biggest retailers in the UK and we were working on an app that would go on a ‘media wall' in their flagship store in London. Basically a giant 200-inch screen in the middle of the store that social content can go on. Turns out that I left my local Dev version connected to the production API when I uploaded a couple of stupid selfies of my big head in the office. Get a call the next day to ask why my face is on the medial wall. 28:37 - Soda I was a computer operator back in the late 1960's, operating a Honeywell mainframe. The consoles were huge, about the size of a dishwashing machine, with the console typewriter and printer inset in the middle, on top. I had a soft drink on the console, next to the typewriter mechanism. We were told never to bring a drink into the room but we all did it, especially on third shift. Long story short, someone called my name, I turned around and knocked the glass of soda into the console. Had to be completely replaced – machine was down for two days. My boss was not happy. 31:22 - Oof A bigger horror story. I had my own software company in the 90's and was in Singapore, customizing my software package for Johnson & Higgins Insurance Brokers – I had their Asian contract for my Insurance Broker/Accounting package. I spent a good 40 hours on Saturday and Sunday, making all the changes they asked for, getting ready for a demo on Monday morning. I finished up about 4am on Monday morning and was cleaning up my files. All this work was done on a Novell server. Print files had an extension of .prt and I had a ton of them in the main directory from all of the testing I had done. I was cleaning out old files, getting ready to back everything up and I thought I would delete all of the print files. I mistakenly keyed in erase *.prg, instead of erase *.prt (or whatever the delete command was – can't remember it now). Programming files have a .prg extension – I had deleted all of my updated files from the weekend. In desperation I called Novell in Utah, hoping they could help me recover the files, but no-go. The demo Monday morning was not fun. 33:24 - Young Dev I was a young dev right out of college. My first job was at a child support company where we had desktop apps that would handle case information more efficiently than using Excel. My first project was to write a POC that would later be implemented into a new, bigger app that consolidated all the “POCs” for various parts of the child support process. For some odd reason, I still don't know why to this day, my boss wanted me to write this “new” app on top of an old app with a bunch of legacy code. I never understood why but as a young dev fresh out of school, you tend to just do what you're told. In school, I mainly used PHP/HTML/CSS for learning how to work with a database; this job however used C#/.NET for their desktop apps so I was doing a lot of learning as I went. I remember finally learning how to connect to the database and run some SQL after fighting with this old pile of legacy code. In early versions, I chose to handle creates/updates for these records in the same function. My young, dumb self wrote a try catch statement that would attempt to create the record and if it failed, it would try to update the record. Before the first production release, I updated the flow to handle creates/updates in separate functions - but never removed the update in the catch block of the original function now used for creates only. Somehow I, or any PM/QA, never failed on a create and hit this catch block while testing. Fast-forward probably 9-12 months later, I got a ticket to investigate why every case's data looked the same in Production. I login to the app, search a few case numbers and sure enough, every case's data is the same. I began freaking out as I had no clue how this could've happened. I mean it had never happened in all the dev work, testing, and months of live Production use. After I investigated with a senior dev, we realized the try block had failed and the update query in the catch block ran for that record - we also realized that I left off the where clause in the related SQL query to specify which record needs updating - so ALL records got updated with this data. Thankfully, we kept regular back-ups and were able to restore the data to a recent timeframe without users losing a ton of work. We commented out that database update call and redeployed the code ASAP. Also the senior dev was cool about it and was like “hey, it happens to all of us at some point”. Let's just say I've learned a ton since then and definitely steer clear from writing code like that. You live and you learn I suppose. 38:40 - Where Wolf Here's my development tale of terror: One night I was burning the midnight oil trying to get caught up on a never-ending workload. At the time I was working for an online travel booking site. It was after 11, and the last thing I had to do for the night was to rename one of the hotels in our production database. So I wrote my query: UPDATE hotels SET name=‘Some Hotel Chain'; One problem, I FORGOT THE WHERE CLAUSE. Suddenly, over 5,000 hotels in our production database all had the same name. This was around 2003, so well before the time of point-in-time restores, and we were only backing up the database every week at that point. I was panicking. Fortunately, I had a dump of the production database that I had created only a couple of hours earlier sitting on my local hard drive. So thankfully, I was able to restore almost all of the hotel names, save for a couple that signed up after that data dump, and my boss was none the wiser. That's when I learned that working late hours is not worth it, because at some point you are so tired that you can no longer make good decisions. 41:19 - I Want Your Job When I first started out I worked for a consultancy and they trained us in sales meetings to help managers get promoted because we were coming in to make them “look good”. This was okay b/c obviously, we were coming in as a contractor; however, after being laid off due to 9/11 (yes, this was about 20 years ago), I was looking for a new job and during an interview when asked where I'd like to be in X years, I mentioned to the hiring manager that I wanted to eventually do what he was doing. Well, I guess he didn't take it that I wanted to make him get promoted to then take his spot. Safe to say I didn't get hired.

Paul's Security Weekly (Video-Only)
LANtennas, ESXi & Python, Twitch Leaks, Facebook BGP, & iPhone Is Always On - PSW #713

Paul's Security Weekly (Video-Only)

Play Episode Listen Later Oct 11, 2021 94:20


This week in the Security Weekly News: Brushing that data breach under the rug? Get sued by the US Government!, all your text messages belong to someone else, beware of the Python in your ESXi, Twitch leaks, when LANtennas attack, zero-trust fixes everything, recalled insulin pumps, Apache 0-day, you iPhone is always turned on, Apple pay hacked, & more!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw713

SECTION 9 Cyber Security
Installing Windows 11 and VMware Updates - 217

SECTION 9 Cyber Security

Play Episode Listen Later Oct 11, 2021 16:24


We're talking Windows 11 and VMware Updates. Did an Install of Windows 11 in our VMware environment. This required a virtual TPM. Moved on to VMware updates. This included updates to ESXi and VCSA. Lots of moving parts to these projects. LINKS1. Create a Virtual Machine with a Virtual Trusted Platform Module 2. Configuring and Managing vSphere Native Key ProviderFIND US ON1. Twitter - DamienHull

Paul's Security Weekly TV
LANtennas, ESXi & Python, Twitch Leaks, Facebook BGP, & iPhone Is Always On - PSW #713

Paul's Security Weekly TV

Play Episode Listen Later Oct 10, 2021 94:20


This week in the Security Weekly News: Brushing that data breach under the rug? Get sued by the US Government!, all your text messages belong to someone else, beware of the Python in your ESXi, Twitch leaks, when LANtennas attack, zero-trust fixes everything, recalled insulin pumps, Apache 0-day, you iPhone is always turned on, Apple pay hacked, & more!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw713

Paul's Security Weekly
Feeling Really Lame - PSW #713

Paul's Security Weekly

Play Episode Listen Later Oct 8, 2021 184:22


This week, we kick off the show with an interview featuring Dan DeCloss, the Founder of PlexTrac, for a segment all about Survey Says: Improve Your Security Posture by Purple Teaming! Then, a segment aimed at getting YOU Up and Running With The Security Onion!! In the Security News: Brushing that data breach under the rug? Get sued by the US Government!, all your text messages belong to someone else, beware of the Python in your ESXi, Twitch leaks, when LANtennas attack, zero-trust fixes everything, recalled insulin pumps, Apache -day, you iPhone is always turned on, and Apple pay hacked!   Show Notes: https://securityweekly.com/psw713 Visit https://securityweekly.com/plextrac to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Paul's Security Weekly (Podcast-Only)
Feeling Really Lame - PSW #713

Paul's Security Weekly (Podcast-Only)

Play Episode Listen Later Oct 8, 2021 184:22


This week, we kick off the show with an interview featuring Dan DeCloss, the Founder of PlexTrac, for a segment all about Survey Says: Improve Your Security Posture by Purple Teaming! Then, a segment aimed at getting YOU Up and Running With The Security Onion!! In the Security News: Brushing that data breach under the rug? Get sued by the US Government!, all your text messages belong to someone else, beware of the Python in your ESXi, Twitch leaks, when LANtennas attack, zero-trust fixes everything, recalled insulin pumps, Apache -day, you iPhone is always turned on, and Apple pay hacked!   Show Notes: https://securityweekly.com/psw713 Visit https://securityweekly.com/plextrac to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

VMware Communities Roundtable
#569 - Administering ESXi Hosts with ESXCLI using PowerCLI w/Stefan Mc Tighe

VMware Communities Roundtable

Play Episode Listen Later Aug 25, 2021 52:35


Cyber and Technology with Mike
06 August 2021 Cyber and Tech News

Cyber and Technology with Mike

Play Episode Listen Later Aug 6, 2021 8:26


In today's podcast we cover four crucial cyber and technology topics, including: 1. Transamerica Corporation misconfiguration exposes customer data 2. BlackMatter updated to include Linux, WMware attack capability 3. VMware addresses two flaws that could lead to data theft 4. Conti affiliate leaks Conti ransomware playbook I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

The CyberHub Podcast
Practitioner Brief June 29th, 2021

The CyberHub Podcast

Play Episode Listen Later Jun 29, 2021 19:32 Transcription Available


  Today's Headlines and the latest #cybernews from the desk of the #CISO: Google Decides to step up security in the Play Store, About Time! NATO warns that cyber-attacks could lead to a military response REvil ransomware's new Linux encryptor targets ESXi virtual machines 700M LinkedIn users data posted for sale online NVIDIA Patches High-Severity GeForce Spoof-Attack Bug   Story Links: https://thehackernews.com/2021/06/google-now-requires-app-developers-to.html https://www.cpomagazine.com/cyber-security/nato-warns-that-cyber-attacks-on-member-states-could-trigger-a-coordinated-military-response/ https://www.bleepingcomputer.com/news/security/revil-ransomwares-new-linux-encryptor-targets-esxi-virtual-machines/ https://threatpost.com/data-700m-linkedin-users-cyber-underground/167362/ https://threatpost.com/nvidia-high-severity-geforce-spoof-bug/167345/   “The Microsoft Doctrine” by James Azar now on Substack https://jamesazar.substack.com/p/the-microsoft-doctrine   CISOTalk Webinar Series: Closing the Gap Between Endpoints and Identity Protection with Carolyn Crandall and Joseph Salazar from Attivo Networks: Sign up here: https://us06web.zoom.us/webinar/register/WN_UNRepQ7mST-D8j46os228Q   The Practitioner Brief is sponsored by: KnowBe4: https://info.knowbe4.com/phishing-security-test-cyberhub  Whistic: www.whistic.com/cyberhub Attivo Networks: www.attivonetworks.com **** Find James Azar Host of CyberHub Podcast, CISO Talk, Goodbye Privacy, Tech Town Square, and Other Side of Cyber James on Linkedin: https://www.linkedin.com/in/james-azar-a1655316/ James on Parler: @realjamesazar Telegram: CyberHub Podcast ****** Sign up for our newsletter with the best of CyberHub Podcast delivered to your inbox once a month: http://bit.ly/cyberhubengage-newsletter ****** Website: https://www.cyberhubpodcast.com Youtube: https://www.youtube.com/channel/UCPoU8iZfKFIsJ1gk0UrvGFw Facebook: https://www.facebook.com/CyberHubpodcast/ Linkedin: https://www.linkedin.com/company/cyberhubpodcast/ Twitter: https://twitter.com/cyberhubpodcast Instagram: https://www.instagram.com/cyberhubpodcast Listen here: https://linktr.ee/cyberhubpodcast   The Hub of the Infosec Community. Our mission is to provide substantive and quality content that's more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Need to Know with Dana Jonson
Summer isn't just a courtESY

Need to Know with Dana Jonson

Play Episode Listen Later Jun 23, 2021 45:13


Summer's coming!  So today, special education parent and advocate, Lisa Lightner, founder of A Day in Our Shoes, joins me to discuss Extended School Year services.  What are they?  Who gets them? And do you need them?   Check out ADayInOurShoes.com A transcript of this episode can be found here shortly after the episode is published:  https://specialed.law/summer-isnt-just-a-courtesy/ TRANSCRIPT (not proofread) SUMMARY KEYWORDS parents, child, ies, extended school year, iep, school, school district, hear, social skills, students, program, summer, services, lisa, special ed, offering, camp, regression, week, disabilities SPEAKERS Dana Jonson Dana Jonson  00:02 Hello, and welcome to need to know with Dana Jonson. I'm your host, Dana Jonson. And I'm here to give you the information you need to know to best advocate for your child. I'm a special education attorney in private practice, a former special education teacher and administrator, a current mom to four children with IPS and I myself have ADHD and dyslexia. So I've approached the world of disability and special education from many angles. And I'll provide straightforward information about your rights and your schools obligations, information from other professionals on many topics, as well as tips and tricks for working with your school district. My goal is to empower you through your journey. So please subscribe to this podcast so you don't miss any new episodes. And I want to know what you want to know. So like, follow and drop me a note on my need to know with Dana Jonson Facebook page. Okay, let's get started. Hello, and thank you for joining me today. I'm very excited to talk about the extended school year today. We are in mid June, which is the end of the school year. And so hopefully if your child requires Yes, why you've already established that in your IEP. But what we're going to talk about more is why do we have it? What is this? Why? Why do we have it? Why do we want it? And do we really want to use it. And I have with me Lisa lightner, who is a parent, and advocate and the founder of a day in our shoes, which is an amazing resource for parents a website with an amazing resource. And we'll get into all of that in a minute. But I wanted to first touch on the fact that if you have not heard yet, I will repeat myself I am going through a transition or not I am not my podcast is need to know with Dana Jonson is going through a transition. And next week will be the final episode as need to know with Dana Jonson. And then I will relaunch again in August as special ed on special ed, it will be special ed experts talking about special ed topics. So basically the exact same content. I'm just changing the name and the logo, because what I learned is that when you search for a special education podcast, need to know doesn't necessarily pop up on your screen. So I have a wonderful and solid loyal audience. And I love you all. And I want to reach more people. So we're just going to change do some cosmetic changes. But I'll be back in August with all the same great content. So I do hope to see you there. Now back to Yes, why? Hello, Lisa, thank you so much for joining me today. Yay. I want to talk to you because you have a lot of experience with special ed and also with helping parents and with going through the process yourself. So I was hoping you could give me a little background and maybe introduce yourself and how you and a day in our shoes came to be because that website is so amazingly full of information for parents, and probably teachers and administrators as well. I'm going to guess a few of those peruse your site. 03:03 Yes, I know that I do get a lot of school staff traffic, especially for my lists of IEP goals and the various disciplines or areas of need. So yeah, so it's good for both parents and school staff. Although my main goal from the get go and you know, as it continues to be today, as always been to help parents understand the IEP process. Actually, in March, the site just turned 10 years old, which is a little crazy. I know, I can't believe it. Prior to that I actually did have a different I had a separate site and I was working as a teacher, I used to teach a vocational program. And I had a sight completely unrelated to anything disabilities. But I did have a baby with disabilities, his preschool sent home a flyer to take training to become a special ed advocate. His school did. Yeah, he went to an arc preschool. Dana Jonson  03:55 Okay, that makes more sense. I'm envisioning the public school sending you out a flyer. I 04:02 know you went to an ark preschool. So they sent home a flyer to do this special ed advocacy training. And I did it merely because he was a toddler. And I said, you know, this seems like a lot. And I already understood that like, Whoa, this is pretty overwhelming because people were always coming to my house and explaining things to me and paperwork was just, you know, phenomenal. Dana Jonson  04:25 It Anyway, during the lab work and special ed. 04:28 But during the last recession, I lost my job during the 2008 recession. I lost my job, I was already in the training. So suddenly, I had a lot more time on my hands and became you know, was still going through the training, started volunteering, merge that into working part time for the arc as an advocate and then went on, you know, went off on my own started the website. And it's funny because I started the website actually with another friend who is also an advocate and we were like, oh, we're gonna like this website's gonna be about everything special. needs and like we live near where we live in Philadelphia. And we're like, we're going to list camps. And we're going to list programs and support meetings. And I mean, for Philadelphia alone, that amount of information is completely overwhelming. And what I, what I had learned early on is that parents really weren't just coming to the site for the IEP information. And, you know, some of my earliest posts are on things like what to do when your child's suspended manifestation hearings, and just because no one explains that to them and in language that they can understand and kind of walks you through the process. So you know, really, it was the parents who told me, this is what we need to hear, this is what we want to hear. So it's just grown since there. Dana Jonson  05:44 I love it. Because I feel like as you said, it breaks things down in a way that is consumable. You know, that makes sense. And I even find, for me, when I go to look something up, if I go to another attorneys page, sometimes about something in the law, and even I get bored, you know, like, this is so dry. So it's great to have that translation, you know, in what I call real, you know, I 06:07 do read Ida off and in the procedural safeguards, and the Federal Register that goes with it. And you know, it's those paragraphs, you have to go through them three and four times and the sentence at a time and well, then there's case law that defines it afterwards. And it's not really clear cut or black and white as we'd like it to be Dana Jonson  06:25 let's talk about is why does your child heaviest? Why did you have to have this battle at some point? 06:29 Well, first of all, let's let's just clarify, because I do this to ies y means extended school year. Dana Jonson  06:35 Yes. Thank you for slowing me down. I talked so fast. And sometimes I completely forget that. I'm just talking in my own language. But you're right, we're talking about extended school year services, not summer school, not camp, it's very specific service, that children who qualify are entitled to from their school district. And it's an extended school year. That's exactly what it sounds like. It means that your school year will continue beyond when the typical school year ends. So how do we get there? Lisa, why do we want it? What is it? 07:08 Right? Well, so first of all, you said, Did you ever do that battle? And I'd have to say No, I've never had to fight that battle with my child. That's great. Pennsylvania actually does have one case, he's in what is known as the Armstrong group. And it was based on a case you know, Armstrong versus someone I don't remember who it was. But the Armstrong group is kids whose needs are, you know, they're pretty high needs pretty severe autism, intellectual disability, situations like that. So it's kind of like says kids in the Armstrong group are always going to qualify for Yes. Why they're always going to need it. So he's in he's in that group. So it's not thankfully, that's one battle, I don't have to fight every year. Dana Jonson  07:54 Well, that is a good point. And and to start right off the bat, let's talk about why a student might need Yes, why. And I think that there is a misconception, there are several misconceptions about it. One is that it is only for regression. So right, only if you're going to regress, now, all students regress, right? So let, let's just start there, all of them regress over the summer, it's called the summer slide. That's why we have those silly packets, we have to force them to fill out and do over the summer. And you know, in the first month of school is really teachers trying to get kids back into the swing of things and caught back up and figuring out where their slides were. And for children with disabilities, if they are going to regress even more than that typical amount, then that's when we're looking at extended school year services. But what you're saying about this arm strong group in Pennsylvania, which is specific to your state, but we also argue here in Connecticut, which is and everywhere else is that if the nature of the disability is so severe, that the student requires those additional weeks or months to meet their goals and objectives, because that's what they require. They're continuing to work on those pieces, then they might also qualify for extended school year. 09:09 Yeah. And they're actually you know, as you know, there are other criteria, as far as is the child on the verge of an emerging skill, how long it takes them to recoup lost skills, and things like that. So I think that that is probably the biggest myth out there that, you know, he he doesn't regret he's not at fear, or he's not at one of the standard line that I hear from parents is that he's not at risk for regressing, so he doesn't qualify. Dana Jonson  09:34 Well, I think that's how do you define regression? Because as you said, if you're on the verge of an emerging skill, and if you wait till September to continue it, and you will lose that ground, that's called regression. I mean, I think that's how I look at it anyway, you know, so I think we have to look at it from a lot of different places, and sometimes I hear well, they're fine on Christmas break. So we don't have regression, 09:57 right? And that's where I tell parents that you know, It's you have to stay engaged in the process, you know, year round. And because a lot of kids, I mean, a lot of kids do regress, even over Christmas break, but the parent doesn't necessarily document that or it's not the things aren't as visible. And I have to remind parents all the time that, you know, teachers in schools only see what happens at school. So if you're seeing additional things at home, you need to start documenting that. Right. Dana Jonson  10:24 And that's been a neat change over COVID. Right, is that I think parents voices are getting a little louder. Yeah, because they're actually seeing this progression or understanding what regression is. And, and I think that's a good point, because maybe, as you said, an emerging skill. And I'm saying, I see that as regression. But if the parent doesn't know that emerging skill is happening in school, then the parent isn't going to know to document the regression either. Right? So a lot of that comes back to communication and understanding what's in the IEP and what your child is working on. 10:54 Yes. And I believe, and I, sometimes I get confused in my head, I'm like, is this Pennsylvania specific? Or is this Ida, but I believe it's in Ida that no single factors should decide whether or not the child gets Yes, why. So even if that alone, if you're saying, well, the child doesn't regress enough to get Yes. Why? Well, Ida says, it shouldn't be any one single factor, Dana Jonson  11:16 right? There should take in a whole bunch of components. And as we know, every child is different. And we individualize. So how do you find ies wise typically provided when you're advocating for students? And you're looking for extended school year programs? How do you find that that is typically provided to families? 11:35 Yeah, so one of the other tenets of ies why is that it's supposed to be individualized? No. Dana Jonson  11:45 I heard a rumor. 11:48 But that is honestly I would say, and I get it, I get that only certain teachers agree with their contract to work over the summer, certain therapists, things like that, and busing and, you know, bus, what's the word? I'm looking for contracts and therapist contracts, you know, because a lot of these things, therapies and you know, like bcbas, and transportation, mostly, you know, a lot of schools don't have their own they contract out. So I get that, from an administrative standpoint, it makes a lot of sense to just say, Hey, we're doing four weeks in July, Monday through Thursday, nine to one See you there. But around here anyway, that's getting to be just the norm. You know, hey, we'll see in July, Monday through Thursday, nine to one, Dana Jonson  12:32 right and less if it depending on when the Fourth of July falls? Yes. Right. Because that could add or eliminate a whole week, 12:39 right? And then we have a whole other situation where in the city, if the buildings aren't air conditioned schools get canceled. And a lot of you know, because I live in an old area. I live near Philadelphia, and a lot of these buildings aren't air conditioned. So then that throws in a whole other. Dana Jonson  12:55 No, yeah. And Connecticut schools can't go past the end of June because no schools are mandated to be air conditioned. And it's hot here. You know, we had a heatwave the other week, I was surprised, no schools closed. Because you need air conditioning in Connecticut in the summer. 13:10 Right. And they did actually, that was just You're right. That was just like last week, and Philadelphia schools did dismiss early they dismissed at lunchtime each day, because it just got too hot. So yes, I would say the biggest trend and but it's also the biggest concern is just that that whole individuality piece, as far as eBay just gets tossed out the window. And I think parents need to engage more and investigate. Like, I think they spend so much time focusing on whether or not their child qualifies. And oh, I just want them to get as why that they're not digging deep and saying, Okay, I gotta Yes, why now what's going to happen? Because it's to be based on your child's IEP. And if they're going to do you know, two hours of La each day and two hours of math and then send your kid home, and your child doesn't necessarily have needs in those areas, then you know why, you know, nobody wants to go to school in the summer, right? As Americans, we're just we're programmed to not think about school to not go to school in the summer, and nobody wants to do it. So if you're going to get your child in ies why let's make it meaningful, right? Let's, you know, if they're going to go and you're going to do that, let's make it meaningful. Dana Jonson  14:15 I hear that as well, that, you know, we want as why we want as why, and then, you know, maybe I get EMI for my client. And later they say, Well, that wasn't really what they needed. I have to remind clients that that you are the parent, and they're all these experts around you. And you know, I'm using air quotes for experts that you can't see. But there are all these experts around you telling you what it should be. And at the end of the day, as you said, if if it's focused on math and reading and your child's issues, their social skills, and schools can't mandate typical students to attend summer programs or ies. Why then is that program really benefiting your child? You have to figure that out. There's no one else around is going to do it for you. 14:55 The flip side of that is that parents who are fairly certain that their child is going to get the Guess why they some of them jump right to the so I found the summer camp. mean, I found the social skills summer camp, and I'm going to make the school pay for it. Meanwhile, social skills isn't even an identified area of need in the IEP. So right, you know, again, it has to be individualized. But it also has to be defined as an area of need in the IEP. And as you said, they cannot force non IEP students to attend Yes, why to enable that LRE. Dana Jonson  15:26 That's a very good point, because I have had parents call me and say, You know, I think my child really needs the social skills piece. But there is no social skills, as you said, in the IEP, that's a red flag, right? If, if you're looking for a service that is not in your child's IEP, it should be, then we need to revisit that whole component. Because, you know, some children, if they go the whole summer, and they don't have friends, their parents can do their level best to get those interactions, but they're not getting that peer interaction, like they get at school. And that's a really long time to go without that. 16:02 Right. It is, and especially this year, you know, because many had at least a year gap, if not more, you know, some stayed home through May or June and are not going back until the fall. So they haven't been there since last March. You know, and I know a lot of schools have been in the fall and it gradually more and more throughout the school year. But yeah, I mean, it's that is a long time. Dana Jonson  16:22 Did you find where you are or where you are now? Do you find that schools are opening up ies wise and or summer school and or recruitment programs? Not recruitment Brit re yeah recoup recoup not recruit programs to help students who had that that huge gap because I find there are some some schools around where I am that are doing that that are being more proactive and saying like last year, they said anyone who wanted to go to ESRI could 16:51 Yeah. So Laura. And I actually know Laura, who works for those of you missed it on Laura did was gracious enough to do a facebook live with me. And we talked about comp services due to COVID and getting the services. Because what another issue you know, of course, keep in mind, nobody ever comes to me when things are going well, they only come to me, right? things aren't going well, right? I have to constantly remind myself of that. But a lot of parents are inquiring about comp services like hey, my child missed a year of this and you know, you're have that. And then it's Oh, well, he can go to ies Why then he can go to ies Why? And again, it's about that digging deeper and saying well, but this is what he missed. So what is ies? Why, and and what's going to happen there? And is that sufficient? Because yes, I do see a lot of schools being more generous with offering EFI to students. But again, just bring them in for a couple of hours to do some reading and some math. Dana Jonson  17:47 Kids don't progress through osmosis. Right? Right, just appearing in the school, 17:53 they're not getting that pull out, or they're not getting their therapy, or whatever it is, because I hear all kinds of crazy stuff like, well, we don't do OT and E s y. And like, I don't you know, Dana Jonson  18:02 any any statement that starts with we don't, is usually incorrect. 18:08 The only thing the only one that I will say applies this time is that for as why the school cannot guarantee LRE. But other than that everything apply. Dana Jonson  18:18 And that's fair, because you can't compel typically developing students to go to a summer program. Right? I do hear that argument, though, for students who really require interaction with typically developing students that truly is what helps their progress and their success in the classroom or the environment that they're in whatever that may be. And so, you know, I often have situations where parents say, Well, why can't they do their ies? Why at a camp? Why can't they do that? And my responses they can, we can absolutely do that, if that's what's necessary. And how do we set that up to make that that argument that that is what your child requires. But that goes back to what you're saying about the individualization. And I think a lot of parents are trained to understand that are taught that this nine to one July program is actually what he is why it is, right. Yeah, you know, that they actually believe that's what it is. So because that's what it's called. And so, you know, when we're looking at extended school year, you know, programs and I hear schools say, well, it's really just about regressions, so we don't have to add anything new. So we're okay here. How do you go about working with parents to come up with creative ways to identify and and obtain those different kinds of extended school years? 19:43 Okay, so first of all, it depends. I have to tell you, it honestly depends on what time of year they come to me because the parents who are coming to me now and it is happening now, sometimes time is just not on your side, right? It just isn't, and so to Come to me, you know, Memorial Day or June 15, and say, Oh, well, I'm not happy with this ESP program from a time factor, there's usually not a lot I can do, because what I have always always preached is, you know, look at the present levels, present levels is what drives the IEP. And if this need is not in present levels, it's, then there's not going to be a goal for it. And if there's no goal for it, there's not going to be any supports and services for it. Right. And so that's, that's usually at the core of the issue is that there's an identified need. So then, okay, well, let's get it identified. Well, that takes time. And that's the kind of thing you know, like, he's, like you said, going back to their social skills example, if mom and dad are seeing that the child's struggles with social skills, but he's able to get through school day, and it's not an identified need on an IEP, you know, again, you can't go to the school and say, Well, this is the social skills camp is what he needs for EAS, why? What his child needs is some evaluations to show that he lacks social skills. And that's going to take time, and on June 15, you know, I can't necessarily help you there. So from the school's point of view, what I do always do say to parents, as you know, like, look at these camps, most of them are nonprofits, look for scholarships, look for, you know, go to your Lions Club, though, to your co Ana's club, your rotary and see if they do sponsorships for, you know, children in the community with disabilities. And if they would sponsor this camp for you, if you cannot afford it. And also, you know, if you, I get it, we're guaranteed faith, and that first word is free. But just because our kids are guaranteed fate doesn't mean that if you have a disabled child that you're never ever going to have to pay for anything for them ever again. So you know, some good point, yeah, and some parents are in a position to pay for these things. And that is, you know, what I call the path of least resistance. If I can't help you demonstrate this week, you know, that your child needs social skills, then I just don't really think that's going to be an option for you. Like, we can go through the motions and we can get things started. But the school is under no obligation in most cases to evaluate for this camp starts and things like that. Dana Jonson  22:09 I've seen that there was like a, as a plan on school districts part is that they make it a little difficult. So for parents who can pay for ies why they just do they just find something and pay for it. And again, the path of least resistance. And I do get that as well. But then I also find that what ends up happening is the people who can't afford to place are stuck and fighting their district. And the district is playing the same game with them. So they're having to push back and they can't afford to push back or to unilaterally place. And that's where we run into trouble. A lot of times, too, when I get that call, I also have to remind parents that hiring me to get the school district to say yes to Yes. Why may cost you more than the EMI program. 22:55 Right. A great example is several years ago, I had a family and they wanted this 15 $100 s y program, and we ended up going to mediation. And yes, the girl got it, the female student got the program in mediation that that we wanted. But I mean, I'm sitting there in mediation, looking at this table of like, seven or eight school staff. And it was this time of year. I mean, it was summer had already started school is out. And I thought you know, here, we have a superintendent and me, you know, they're paying me and all these people and to challenge us on a 15 $100 program. So and yes, I certainly acknowledge that, you know, of course, I go off on tangents and talk about this stuff all day. There certainly is a gap in a you know, in public education, certainly between the haves and the have nots. And having a parent pay for a program that they can afford, can exacerbate that gap. And I'm not I don't want to come across as that I'm comfortable with that, like, Oh, well, too bad for you. If you can't afford it, you know, again, that's how I understand Yeah, you can look into, you know, you can try to look into scholarships and things like that. But for the parent who can afford it, like I said, you know, you and I will probably still get one or two more calls this week, from parents. Yeah, from parents who are looking for EMI. And you know, in some cases, when you come to us at this time of year that if you want that program, they're like, well, it starts June 21. Like I These are your options, you sign up and pay for yourself or you know, Dana Jonson  24:22 well until that point, and I want to be really clear that neither Lisa nor I are giving any legal advice here. Lisa is not an attorney, but I am and I'm not giving legal advice and I don't know your your students situation. But to that point, if a parent were to do that, and go pay for their program themselves, and I always want to make this clear to any parent anytime. If you expect any money back from a district that you spend, you have to go through a very important legal process and document and note it properly. And the most, the most important part is you have to give 10 days notice so Before your child leaves the public school, not before they start the new program, before they leave the public school 10 days beforehand, at least, you must have given notice in writing that the school district did not offer an appropriate program, that you're in disagreement with their program, that you believe this is an appropriate program. And that you will be placing your child there, and that you expect to get reimbursement later that you're preserving your rights to reimbursement. That's very important. I also usually mentioned to parents, if you're spending money, you want to get back, talk to a lawyer, it's that simple. talk to a lawyer is the best way to make sure you've covered your ground. But so for those of you who are listening to us right now and thinking, Oh, I didn't get ies why yet I got to figure that out. Make sure that you talk to somebody, so you're doing it the right way. But for people who already have it in their IEP, and the issue is a dispute of where it is, you know, yes, there are a lot of options. So that kind of brings me to another question that Lisa, which is through your child does qualify and you do get it? Do you have to go? And I get that a lot from parents too, who say I don't want to say no to anything. I don't I don't want to say no, because you don't you don't want the IP to be weakened because you're going to visit grandma for the week. You don't want to not have it in there. So how do you advise parents who asked that question? Do I have to go to ies wire does my child have to 26:21 go? I know it's parents spend so much time and it is such a fight some time to get services that they're so they just don't want to decline? Anything that's offered to them. And I get it. I Dana Jonson  26:31 never did either. I mean, I bore kids with IPS. So I totally understand. 26:37 I mean, first of course, ask the special ed director or ask whoever's running the EFI program, you want to know what's going to happen there. Because as I said earlier, you want to make it meaningful, right? If you are going to send your child to school during the summer, which is going to affect you know, the entire household, right? You want to see what's going on? And is it appropriate for your child? Is it going to be meaningful? It's not talked about a lot, but school districts are not actually permitted. And it's not legal advice. But school districts are not permitted to retaliate against parents for refusing services. So in a perfect world, no, that shouldn't be held against you, as we all know what what the statute says and what happens every day is not necessarily the same thing. But no, they're not supposed to retaliate against you are not permitted to retaliate against you for refusing a service. That being said, I haven't This isn't an area where I would necessarily expect to see a lot of retaliation because they the school district has planned their ESP program. They've hired X number of teachers and X number of Paras and they do kind of have a cap on, you know, yep, this is how many kids we're going to offer. Yes. Why to? So being able to cut those numbers back, I wouldn't necessarily expect retaliation in this area, because it is going to save the district money, right? If five parents say no, that might be another pair that they don't have to hire for ESXi. So I wouldn't necessarily be afraid of that. I would you know, Dana Jonson  28:04 I also find that as wide disputes, and as soon as I say this, it's going to change. I'm going to jinx myself. But I tend to find that because yes, why programs, as you said you're fighting over a 15 $100 program, oftentimes as Why is not as cost prohibitive as a program during the school year. So I find that those disputes are often easier to resolve, because they're short term, they're short lived, and they're not tremendously expensive. So I see the bigger fights for ies wise, when you have a child who really requires a 12 month program, that's usually where we have like the more major disputes, and we don't have that in place. Or for students who require two months of extended school year, not just one, 28:47 right, that I that you're right, and that, you know, if they're offering where I see the disputes is the parents who are trying to buck the school with the you know, this, this nine to one monday through thursday camp program isn't appropriate for what my child needs. So and in fact, that 15 $100 program was just that we wanted something at the local university, which was completely appropriate for what this girl needed. And the camp program that the school was offering was not appropriate. So like he said, that's where I see the issues is when parents don't want to do the camp program, and they do want the summer camp or the something else, which in many cases may be really appropriate. You know, if social skills is your biggest is your child's biggest need, you know, but again, it's going back to getting that documented, and is that a you know documented area of need and all that Dana Jonson  29:34 I often recommend the parents if they are sending their child somewhere else that they explained to the school district how that will address some of the issues for us Why? Because a lot of times going to that summer camp. It's not a special ed camp. It's not providing those educational components, but it will address the special education needs of the child and that's what we're looking for. right we're looking for to address the special education needs of the child. And I think that oftentimes that puts the district at rest to Okay, well, you're doing your thing, but we know that at least that they're getting some services. So when we come back to the table in September, we're still on the same page. You know, school isn't going to say, I can't teach your kid because you didn't send them to us why, right? That's not gonna happen, right? Yeah, I 30:21 was for EFI, or for any really, you know, I guess, an alternative si program is really an out of District placement, right? Because you're not doing with the district, in district for any out of District placement, I say, go there, ask them or talk to them read the website, what are they doing at that placement that your child needs, that they are possibly, they're just never going to get that in what the district is offering, right. Dana Jonson  30:47 And a lot of times, it's the typically developing peers, the role models, the social skills, and I've had school districts send a para to the local camp, if a student was maybe going to the local camp, and the parent was paying for the camp, but maybe the school sent the para, that's not typical. So don't get excited about that. But I have seen it happen that way. I've also seen ies y in the form of like some one on one tutoring. 31:12 Yep. Oh, yeah, I've seen a lot of you know, some kids don't need nine to one every day. But they do need to keep up on some things. So once or twice a week might be you know, and now every school district in the country just about is set up to do things virtually. So if your child's needs are strictly academic, you know, maybe they don't need to leave the house, maybe they do only need an hour, a day or an hour a week of some online tutoring, or some you know, instruction or something like that, working with his teacher. Yeah, I mean, just, you know, like you're talking about an out of District, but they sent the para, you know, be creative and think about everything, you know, think about what you can offer them and because it is you know about being collaborative, Dana Jonson  31:51 and I find that the more options a parent comes to the table with and also though, to your point, understand what your school is offering going in and saying I know you're Yes. Why is canned? And doesn't do anything isn't an argument. Right? It's definitely not a legal argument. But it's also not an argument and you don't have a really good ground to stand on. You know, if you're and I think other parents are great resource, and we need them, and they help you. But you have to get the information yourself. 32:21 Yeah, I would ask to see like curriculum or lesson plans or something, because what I've found is a lot of parents will call an IEP meeting to talk about this. And then they say, Well, my child needs this and they go, okay, we do that. And they go, Well, my child needs this. Oh, yeah, we do that they do everything. Right. They do everything in these four hours, right. So it's, it's getting some not just verbal reassurance, but something else that like, you want to know what they're doing each day, I've found that a lot of them are just a lot of fun time to you know, a lot of outdoor games and, and I get it, it's summer, you want to keep things light, but you know, I'm not going to send my kids every day to go play in the playground for four hours, either, you know, because that's not helping him or anyone else. So Dana Jonson  33:05 right. So yeah, so I think, you know, understanding very thoroughly what the school district is actually offering and what that looks like, it's hard because parents can't observe the ESA, during the school year, because it's not there. So that's a bit challenging. So you do have to rely on other parents and their experiences. But yeah, going to your team and asking them to pull out specifically, what are we working on, I hear a lot of well, it's only to prevent regressions. So it's going to be a lot less, it's going to be minimal. It's going to be all these things. I actually this year had a an PPT or in Connecticut, we call them ppts. But an IEP meeting, where they said the formula we use is and I thought, okay, thank you for sharing, we're going to revisit that. You know, there's no one formula for ESP for every child on the planet. And that is really the key part. And I do believe that a lot of the ESP programs that schools have can address a lot of students needs, but not all of them, right? Not every child and not every need. So we do really need to take those those ideas and those thoughts and think outside the box. I also caution parents that a lot of times I find schools, at least I have found and again, I don't come in unless there's a problem. And there's another attorney at the table. So usually we're there to try and fix the problem. That's the goal. But I find that we can be very creative, and in a way that school districts can't always be at the IP table. So to also be a little flexible with the IEP team. Yeah. Could we could we maybe come to a better agreement outside of this meeting? Because I think we can resolve the issues. You know, if there's an issue and an easy way to resolve it, why wouldn't the school want to 34:51 Right, right. I think also, you know, obviously the internet and social media has been a complete game changer for IEP parents, right like One of my mentors has a disabled son who's my age. And so she tells me about in the 70s standing by her mailbox, like literally waiting for this newsletter to get to her home, you know, because that's was the 70s. Right? So it's been a complete game changer, the Dana Jonson  35:13 fact that she could find a newsletter in the 70s and 80s. I'm really impressed with. 35:19 But I think that it's it's been a mixed blessing because I think parents see other parents getting things doing things, and then they think, Oh, my gosh, I have to be doing that. And not every child with an IEP gets ies Why? And not every child with an IEP needs is why and you kind of have to go with your gut, I, you know, go with your gut instinct, and then work on defining that gut instinct, you know, with your IEP team, but it's okay, if your child doesn't need ies Why? Just because you see all these other parents doing it. And I feel like it has become kind of like the latest, like buzz word are out there like, Yeah, do you have Yes. Why do you have vs? Why? What do you know? And it's okay to not go to ies why it's okay. You know, again, it's okay to tell the school No, but it's also okay, if Dana Jonson  36:04 you can also get your accommodations for your summer packet, you know, so, so your child might not need Yes, why, but if they had that summer packet that everybody else has, you can be requesting things through their, their IP that they may need to assist them through that packet. And that may even include touching in with a teacher, or, or something like that, without necessarily being an extended school year. 36:29 And I but I see a lot of I think parents, IEP parents, we are so fists up ready for battle all the time, that as soon as we hear no, we're prepared to fight for it, you know, and so you're in your IEP meeting in January, February? And they say, okay, yes. Why we don't think your child qualifies. And just because they were told no, like, the parent automatically thinks, well, they told me no, so I better fight for this. And again, not every child needs it. And that's okay. Dana Jonson  36:57 You know, and I also like, when they say that in October, I usually say can we reconvene, and let's just reconvene and like may and talk about it again, we get a little closer. But I agree with you, just because it exists doesn't mean you have to have it or that your child can get it, you know, your child truly may not qualify. Right, right. And then you're fighting a losing battle. And I do see that because I think that if you feel like you're not getting everything that you need, or your child is not getting everything that they are entitled to over here. And then you see this other thing over there. And like, why can't we get that? And I try to remind parents to keep the focus, what is it that you want, just because you're not getting this thing over here doesn't mean we want to distract our efforts to fight for all this other stuff over there that maybe we don't really need. Let's stay here and get this piece here that we want. And I think that's a good point. You know, not everybody qualifies for it. And it's it's not the end of the world, 37:53 right. And also that I see a lot of parents put their hopes into, they think that in the summer program that their child is going to catch up, well, that's great, I'm going to send him to ies wine, he's going to catch up to his peers, I have never seen that happen. I mean, never Dana Jonson  38:07 well. And I like to say if your child didn't catch up with their peers over the school year, there's a good chance, they won't catch up in four weeks from nine to one, you know, so it's and it's not meant for that it's not summer school, it's not you fail the class. And so now you're taking it again, or you're improving your grade. it's specific to the IEP, and it's specific to the child's needs, and to ensure ongoing progress and a lack of regression. So you know, as we said, I do hope that everybody out there who wants to swipe either has it or has it lined up. But keep in mind that you don't necessarily require EMI. And if you don't require it, or if you don't like it, you don't necessarily have to go to it. The other piece I like to tell parents is you can disagree with it and send your child that's another one you have to remember, if you disagree with it, but you don't have an option. You can tell them you disagree with it to preserve your rights for later on down the road. If something else comes up, you can say I disagree with it. I don't think this is appropriate, but I am going to send them. So that's sort of a another piece to consider. Because I also know sometimes parents don't speak up because they're afraid if they say they don't that it's not appropriate. There won't be any other options. 39:17 Yeah. And it always goes back to what I've preached for 12 years is that all parents need to stay engaged in, you know, an IEP is not just an annual meeting, you have to stay engaged all the time. And yes, in Ida it says that you're supposed to be notified of the school's ies why decision with enough time to exercise their procedural safeguards. So, you know, again, I tell parents, if you're if you haven't heard anything by March or April, you know, it's okay to send an email, you know, look at your IP, see what it says and send an email and ask, you know, because you do need time to exercise your procedural safeguards, Dana Jonson  39:53 but don't wait for the school to come to you. Right, right. Exactly. It's sort of like if your point of my teenage I have three teenagers driving right now. And I told one of them, I was like, oh, look out for that. And they're like, oh, if they hit me, it would be their fault. And I thought, Well, yeah, it would be their fault. But you wouldn't have a car, or you might have broken bones. So a little bit of an extreme example, but you know, if you want, yes, why, and you're waiting, and you know, the school district hasn't done it, and you're waiting, then, you know, you're you're hurting yourself. It might be their fault. And they might be wrong, but your child won't have this. Why? 40:30 Right. And it's June 15. So it's June 15. You hire me or or Dana, you know, it's gonna take us weeks to you know, even get going on that. Dana Jonson  40:41 I mean, it would take me two weeks to even establish probably a first call with an attorney. Yeah, you know, cuz no one has time to breathe right now. So now, that's a good point. Thank you, Lisa. Is there any last points on eBay? I feel like we kind of covered it all. You 40:55 know what, I just want to ask you one question, because it's your house. I've only had one family in 12 years. Have you ever successfully, you know, with or without your services? Maybe they maybe they resolve it on their own? Or you heard it from another attorney colleague, you know, forever? I've been told that he is why is not just for summer. It's anything that goes above and beyond the school year. Have you ever been successful with like weekend or holiday Christmas holiday? Yes. Why? Things like that? I've only ever had one? Dana Jonson  41:24 a great question. I have not actually argued that. That is not in 15 years, I've been practicing as an attorney for 15 years in special ed. And I have not argued that. But that is a great question. Because you're right. Yes, extended school year is extended school year, we're trained to believe that extended school year is nine to one in July. Right. Right. That's how we've been conditioned. But it's not. It's an anything above and beyond that same as extended day. 41:55 There are advocates around here who preach that and they say, well, you can ask for stuff on Saturdays. And you can ask for stuff on Christmas break and things like that. I've never, like I said I've had one. But we have a we have a weird thing in pa where most kids with disabilities can get wraparound behavioral health. So we can get home services. And those folks are permitted to do community based instruction and go out in the community with your child. So we can go about it the Medicaid route and get that. Now mind you, that's nothing academic, it's only behavioral. Dana Jonson  42:27 But if it's impacting their education, it's educational right here, it's 42:30 not really even an issue because like, well, this is my wraparound services Dana Jonson  42:34 students I've had who require that level of intensity are usually in our placements. When I'm involved. That's usually my experience. So I haven't argued for that or really seen that as a problem. But it is a really good point. And I think the good piece about the vagueness of VSI is what if you want a service that you can only get on a Saturday, you know what, if there's something out there, then it really shouldn't matter when it's offered? Does that make sense? 43:02 Yeah, no, because we do have a university around here that does a lot of behavioral stuff, and a lot of social skills and executive functioning clinics and camps and sessions and, and they're all on Saturdays. Dana Jonson  43:14 So it shouldn't matter that it's on a Saturday, it should be you know, and if it's during the school year, you could argue it's extended school year, because it's additional school days, or extended school day. You know, I've had students where they say, Oh, well, if the student you know, they have to attend the homework Hall, if they have to attend it, that sounds like an extended school day to me, you know. So I think there there are definitely ways to argue that I just I have found typically when I have had students in cases where they required that level of intensity, they're already in a program that probably provides it and, and in Connecticut, we also have other agencies that provide Home Services, depending on your situation, depending on your disability, depending on your insurance, depending depending depending so many things. So but again, that goes back to individuality of the child. 44:03 And I was just curious, because I've just heard it exists, but it's like a unicorn. I've Dana Jonson  44:06 never really seen it in action. But if if anyone out there has seen this, please reach out to me. I would love to hear about it. If you have obtained extended school year services and in a unique manner. I would love to hear about it. Lisa, thank you so much for joining me today. This was really wonderful. I thoroughly enjoy all of your resources and your website and your video casts and your live streams. So I strongly recommend you check out a day in our shoes. And if you're listening to this, you can go back to the show notes. I will have all of Lisa's information on her website in there. If you feel like Lisa speaking my truth. She's the only person I can talk to. I'll ever contact information. And you know, hopefully everybody is set up and ready to go into summer God willing. Thank you so much for joining me today. Please don't forget to subscribe to this podcast so you don't miss any new episodes. And if there Anything you want to hear a comment on, go to our Facebook page and drop me a note there. I'll see you next time here on need to know with Dana Jonson have a fabulous day

Today in Health IT
Vulnerability in VMware product has a severity rating of 9.8 out of 10

Today in Health IT

Play Episode Listen Later May 26, 2021 4:39


VMware is pervasive in healthcare, it's time to check you servers if you haven't already done so.FTAThe security flaw, which VMware disclosed and patched on Tuesday, resides in the vCenter Server, a tool used for managing virtualization in large data centers. vCenter Server is used to administer VMware's vSphere and ESXi host products, which by some rankings are the first and second most popular virtualization solutions on the market. Enlyft, a site that provides business intelligence, shows that more than 43,000 organizations use vSphere.“Serious”A VMware advisory said that vCenter machines using default configurations have a bug that, in many networks, allows for the execution of malicious code when the machines are reachable on a port that is exposed to the Internet. The vulnerability is tracked as CVE-2021-21985 and has a severity score of 9.8 out of 10.---Time to get to work.#heatlhcare #cybersecurity #vmwarevsphere #healthit #cio #cmio #chime #himsshttps://arstechnica.com/gadgets/2021/05/vulnerability-in-vmware-product-has-severity-rating-of-9-8-out-of-10/

Ethical Hacking
Hypervisors father of virtual resource creation....

Ethical Hacking

Play Episode Listen Later May 19, 2021 10:20


hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 36 today we are discussing about When using virtualization, each emulated server runs its own operating system inside of a virtual machine, but the virtual machines are run on top of what's known as a hypervisor.A hypervisor may adjust the distribution of the physical resources of the server to the virtual machines.This includes the processor, the memory and the hard disk space.Hypervisors come in two distinct flavors,Type 1 and Type 2. A Type 1 hypervisor is known as bare metal, or native,since it runs directly on the host hardware and functions as a type of operating system.Microsoft's Hyper-V, Citrix's XenServer and VMWare's ESXi,and vSphere are all considered Type 1 hypervisors.A Type 2 hypervisor runs from within a normal operating system,something like Windows, Mac or Linux. For example, in the next lesson I'm going to demonstrate how we can install Windows 10 as an emulated desktop computer inside of a virtual machine that's being run by the software virtual box on my personal computer.Now, my personal computer is a Mac OS X desktop.But we're still going to be able to run windows inside of it.That's the power of using something like virtual box,because virtual box is an example of a Type 2 hypervisor.Another good Type 2 hypervisor is known as VMware.A Type 1, or a bare metal, hypervisor is faster and more efficient than a Type 2, or hosted, hypervisor.This is because a bare metal hypervisor doesn't have to waste any of the physical computer's resources by running a full desktop operating system,like Windows or Mac, first.Instead, a Type 1 hypervisor acts as a stripped-down, specialized operating system to provide the physical resources to the virtual machines that it hosts.Now, I know I said there's only two types of hypervisors.But there is a third type of virtualization that's becoming popular in our networks today.This is called Application Container-Based Virtualization.With this type of virtualization,the operating system kernel is shared across multiple virtual machines,but the user space for each of these virtual machines is uniquely created and managed.Often called Application Containerization, this allows an organization to deploy and run distributed applications without launching a resource-heavy, full virtual machine with a full operating system.This makes Application Containerization much more efficient than either a Type 1 or a Type 2 hypervisor,if it can meet the needs of your business and your organization.Container Virtualization is commonly used with Linux servers, and some examples of Container-Based Virtualization software include things like Docker,Parallels Virtuozzo,and the OpenVZ project.

ITR - IT Reality
S2E13 - "Anything Goes" April 2021

ITR - IT Reality

Play Episode Listen Later Apr 9, 2021 63:50


Recorded on April 6th 2021, a group of techies, with no particular place to go, got together to talk about... a bunch of stuff. Topics discussed: HTownVinny visits the ER BiWeekly VCDX Webcasts coming April 15th with @agmalanco & Ariel Sanchez Mora SRM Datacenter Design Shared around the world in multiple languages Ariel, VCDX in June 2022… Veeam Vanguard Program is awesome. Raspberry Pi Retro gaming project. 7 year old installs ESXi & learns some key IT concepts PizzaWars New York vs Florida Spirit Airlines Scuola going for CKA and all major cloud certs Covid Learning/certification Ariel’s take on Ticket Systems Question from Brad on KPI’s How to handle In Scope vs Out of Scope support requests? Policy driven efforts Existing deadlines have to be honored but give short advice in response Satisfying Business Auditors Compliance vs Security Backup/DR Testing Organizational expectations/Lessons Learned

Optrics Insider
Optrics Insider - Exchange Server Vulnerability, Qualisys Hit with Ransomware & VMWare Vulnerability

Optrics Insider

Play Episode Listen Later Mar 10, 2021 13:04


Join Scott Young and Shaun Sturby from Optrics Engineering as they discuss the Microsoft Exchange Server Hafnium patch, security vendor Qualisys being hit by ransomware and the Carbon Spider and Sprite Spider VMWare ransomware. For more IT tips go to: > www.OptricsInsider.com Timecodes: 0:00 - Intro 0:21 - Today's 3 topics 0:47 - Topic 1: Microsoft Exchange Server Hafnium patch 5:14 - Topic 2: Qualisys hit by ransomware 8:19 - Topic 3: Carbon Spider & Sprite Spider VMWare ransomware 11:46 - Closing remarks Learn more about the Exchange Server Hafnium Patch: > HAFNIUM targeting Exchange Servers with 0-day exploits > At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft's Email Software > US National Security Council urges review of Exchange Servers in wake of Hafnium attack Learn more about Qualisys being hit by ransomware: > Qualys hit with ransomware: Customer invoices leaked on extortionists' Tor blog > Qualys SSL Server Test Learn more about Carbon Spider and Sprite Spider VMWare ransomware: > Two ransomware strains target VMware's ESXI hypervisor through stolen vCenter creds --- Send in a voice message: https://anchor.fm/optrics-insider/message

La French Connection
Episode 0x172 (Hebdo) - 27 février 2021

La French Connection

Play Episode Listen Later Mar 1, 2021 62:48


27 février 2021 Shameless plug Hackfest 2021 - Novembre iHack 2021 - Juin Hackfest Blog Shownotes and Links 20210226 - Microsoft shares tool to hunt for compromise in SolarWinds breach Solarwinds blame un intern 20210223 - Airplane maker Bombardier data posted on ransomware leak site following FTA hack 20210222 - FireEye links 0-day attacks on FTA servers & extortion campaign to FIN11 group https://www.accellion.com/company/press-releases/accellion-provides-update-to-fta-security-incident-following-mandiants-preliminary-findings/ iRobot 20210224 - Perquisition au siège social: la SQ débarque chez Desjardins Peut-on empoisonner les bases de données d'applications prédatrices ? 20210225 - CrowdStrike 2021 Global Threat Report Check Point publie un rapport sur la guerre entre la cyberguerre Chine et les américains https://blog.checkpoint.com/2021/02/22/jian-the-chinese-double-edged-cyber-sword https://www.cyberscoop.com/chinese-hack-nsa-tool-check-point/ https://www.fireeye.com/current-threats/apt-groups.html Chronique Patch: VMWare vCenter et ESXi vulnérables à deux attaques majeures 20210221 - Apple Security Certifications and Compliance Center 20210225 - ANSSI - Le Rançongiciel Ryuk vu auto-réplicant via Wake-on-LAN 20210225 - Hackers Break Into ‘Biochemical Systems' At Oxford University Lab Studying Covid-19 20210224 - Le NES d'Inde et la US Federal Reserve subissent des passes avec leurs services de télécommunication https://www.bloombergquint.com/markets/two-telecom-lines-fail-to-protect-world-s-top-derivative-bourse Crew Steve Waterhouse Patrick Mathieu Guillaume Morissette Crédits Montage audio par Hackfest Communication Music One Dub Collection – Coasting - Digital Family Vol. 7 Locaux virtuels par 8x8

Data Center Therapy
#047 – Sizing with Shane Bradley (On-Demand Lab Part II)

Data Center Therapy

Play Episode Listen Later Nov 25, 2020 37:56


We welcome back Shane to share how our On-Demand Lab was conceived, sized and configured. Topics include the evolution from VMware Workstation virtual machine to full-on co-located infrastructure, NSX-T, Nested ESXi, Terraform, TrueNAS, ESXi on Arm and more. PS: We just announced an exciting event with Gene Kim coming up on December 15 – and the first 50 to RSVP & attend get a complimentary copy of his latest book: ivoxy.com/gene-therapy Learn more at ivoxy.com/sizing Save your seat for our Hands-on Network Automation with Ansible coming this January right here: ivoxy.com/ansible.

Daily Check-In with Ned1313
Running Ubuntu ARM on Raspberry Pi ESXi

Daily Check-In with Ned1313

Play Episode Listen Later Nov 6, 2020 13:21


It wouldn't matter much that you can run ESXi on a Raspberry Pi if you couldn't also fire up some virtual machines on it as well. Let's take a look at firing up Ubuntu 20.04 LTS ARM edition on a virtual machine. Then we'll see if we can VMotion that VM from one RPi to another without shared storage. Finally, we'll check out deploying from a template, just like you would on regular ESXi. It's wicked awesome! Ubuntu ARM download: https://ubuntu.com/download/server/arm VMware Tools for Ubuntu on ARM: https://www.virten.net/2020/10/vmware-tools-for-ubuntu-20-04-lts-arm64-on-esxi-arm/ Samsung 128GB thumb drive on Amazon: https://www.amazon.com/gp/product/B07D7PDLXC

BSD Now
375: Virtually everything

BSD Now

Play Episode Listen Later Nov 5, 2020 44:48


bhyve - The FreeBSD Hypervisor, udf information leak, being a vim user instead of classic vi, FreeBSD on ESXi ARM Fling: Fixing Virtual Hardware, new FreeBSD Remote Process Plugin in LLDB, OpenBSD Laptop, and more. NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) Headlines bhyve - The FreeBSD Hypervisor (https://klarasystems.com/articles/bhyve-the-freebsd-hypervisor/) FreeBSD has had varying degrees of support as a hypervisor host throughout its history. For a time during the mid-2000s, VMWare Workstation 3.x could be made to run under FreeBSD’s Linux Emulation, and Qemu was ported in 2004, and later the kQemu accelerator in 2005. Then in 2009 a port for VirtualBox was introduced. All of these solutions suffered from being a solution designed for a different operating system and then ported to FreeBSD, requiring constant maintenance. ZFS and FreeBSD Support Klara offers flexible Support Subscriptions for your ZFS and FreeBSD infrastructure. Get a world class team of experts to back you up. Check it out on our website! (https://klarasystems.com/support/) udf info leak (https://gist.github.com/CTurt/a00fb4164e13342567830b052aaed94b) FreeBSD UDF driver info leak Analysis done on FreeBSD release 11.0 because that's what I had around. + Fix committed to FreeBSD (https://svnweb.freebsd.org/changeset/base/366005) News Roundup I'm now a user of Vim, not classical Vi (partly because of windows) (https://utcc.utoronto.ca/~cks/space/blog/unix/VimNowAUser) In the past I've written entries (such as this one) where I said that I was pretty much a Vi user, not really a Vim user, because I almost entirely stuck to Vi features. In a comment on my entry on not using and exploring Vim features, rjc reinforced this, saying that I seemed to be using vi instead of vim (and that there was nothing wrong with this). For a long time I thought this way myself, but these days this is not true any more. These days I really want Vim, not classical Vi. FreeBSD on ESXi ARM Fling: Fixing Virtual Hardware (https://vincerants.com/freebsd-on-esxi-arm-fling-fixing-virtual-hardware/) With the current state of FreeBSD on ARM in general, a number of hardware drivers are either set to not auto-load on boot, or are entirely missing altogether. This page is to document my findings with various bits of hardware, and if possible, list fixes. Introduction of a new FreeBSD Remote Process Plugin in LLDB (https://www.moritz.systems/blog/introduction-of-a-new-freebsd-remote-process-plugin-in-lldb/) Moritz Systems have been contracted by the FreeBSD Foundation to modernize the LLDB debugger’s support for FreeBSD. We are writing a new plugin utilizing the more modern client-server layout that is already used by Darwin, Linux, NetBSD and (unofficially) OpenBSD. The new plugin is going to gradually replace the legacy one. OpenBSD Laptop (https://functionallyparanoid.com/2020/10/14/openbsd-laptop/) Hi, I know it’s been a while. I recently had to nuke and re-pave my personal laptop and I thought it would be a nice thing to share with the community how I set up OpenBSD on it so that I have a useful, modern, secure environment for getting work done. I’m not going to say I’m the expert on this or that this is the BEST way to set up OpenBSD, but I thought it would be worthwhile for folks doing Google searches to at least get my opinion on this. So, given that, let’s go… Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Ethan - Linux user wanting to try out OpenBSD (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/375/feedback/Ethan%20-%20Linux%20user%20wanting%20to%20try%20out%20OpenBSD.md) iian - Learning IT (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/375/feedback/iian%20-%20Learning%20IT.md) johnny - bsd swag (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/375/feedback/johnny%20-%20bsd%20swag.md) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) ***

Selfhosted-Adventures
Folge 7 - Sicherheit im Homelab und ESXi für den Pi

Selfhosted-Adventures

Play Episode Listen Later Nov 3, 2020 33:54


Hallo Leute, heute sprechen wir über die Sicherheit im Homelab und wie wir beide das regeln. Darunter fallen zum Beispiel, auch Lösungen wie TRASA und die Nutzung von SSH Keys. Des weiteren sprechen wir über ESXi für den Raspberry Pi. Wir wünschen euch viel Spaß und freuen uns natürlich, jederzeit über Feedback. Links: ESXi for ARM TRASA How to secure a Linux Server Blog: https://selfhosted-adventures.de/ Twitter: https://twitter.com/selfhosted_adv Instagram: https://www.instagram.com/selfhosted_adventures/ E-Mail: info@selfhosted-adventures.de

Data Center Therapy
#045 – VMworld 2020 REDUX Epilogue

Data Center Therapy

Play Episode Listen Later Oct 28, 2020 33:49


Our hosts Matt ‘Ask me about my Pi’ Yette and Matt ‘Barbecue-As-A-Service’ Cozzolino welcome back to the virtual studios our very own IVOXY Principal Consultant, Mr. Alec Taylor, who shares his camaraderie and technical perspective on this casual, fun edition of Data Center Therapy which was recorded #live at our VMworld 2020 REDUX event. You’ll get to hear about a few odds and ends that have the Matts and Alec thinking about the future like ESXi-on-ARM, DR testing, Carbon Black, and active-active data centers. PS: We're hosing one more chance for your to catch the full VMworld 2020 REDUX on November 5. This is our can't-miss event of the year – learn more and register here for free: ivoxy.com/redux. We hope to see you there, including at a very special episode of Data Center Therapy #Live to kick off the day!

Daily Check-In with Ned1313
Adding Raspberry Pi ESXi to vCenter

Daily Check-In with Ned1313

Play Episode Listen Later Oct 23, 2020 9:49


We are going to take a set of Raspberry Pi's running the new EXSi ARM Fling and get them joined to a vCenter server. Along the way I learned a few things about NTP and certificate issues.

Daily Check-In with Ned1313
ESXi on a Raspberry Pi

Daily Check-In with Ned1313

Play Episode Listen Later Oct 16, 2020 10:44


VMware recently released their Fling for running ESXi on ARM-based CPUs and that includes Raspberry Pis. Let's walk through the process of getting ESXi installed on a Raspberry Pi in my home lab. Here's the fling page where you can get the official bits for yourself: https://flings.vmware.com/esxi-arm-edition

Podcast de CreadoresDigitales
Recursos Humanos y el Ransomeware

Podcast de CreadoresDigitales

Play Episode Listen Later Oct 16, 2020 36:25


La enorme riqueza de miles de millones de dólares de las bandas de cibercriminales que subcontratan su trabajo: El negocio del Ransomware Hay un viejo refrán en la comunidad InfoSec que dice: "Todas las empresas están sometidas a pruebas de penetración, ya sea que paguen por ellas o no, alguien siempre lo hará por placer". Existen cientos de miles de anuncios en internet y en la deep web ofreciendo trabajo a pentesters para trabajar en el mundo underground del cibercrimen. Entrar a equipos y a grandes corporaciones no es problema, el problema real para ellos es contratar a las suficientes personas para sacar el mayor provecho a los accesos ilegales que tienen en las empresas. Una de las actividades que más generan dinero son los ataques con Ransomware. Pero en muchos casos, requiere de mucho tiempo (días, semanas o meses) para los cibercriminales desde el día que logran ingresar a las empresas, la instalación del ransomware hasta la obtención del pago de las víctimas. Esto se debe a que, por lo general, los intrusos necesitan tiempo y mucho esfuerzo para pasar de una sola PC infectada a tomar el control de suficientes recursos dentro de la organización víctima, para que tenga sentido lanzar el ataque (secuestrar la información). ¿Cómo logran esto? Solo necesitan ingresar a una computadora y obtener a una cuenta de usuario (con mínimos privilegios), posteriormente explotan vulnerabilidades en el equipo para obtener acceso a una cuenta de administrador para deshabilitar las herramientas de seguridad instaladas en el equipo, como un antivirus. La cuenta de administrador tiene mayores privilegios dentro del equipo y dentro de la red de la empresa. Con la cuenta de administrador escanean la red en busca de software de seguridad que los pueda detectar, una vez identificado el software de seguridad lo deshabilitan, realizan la búsqueda de sistemas de respaldos, identifican los sistemas o métodos de respaldos y la información respaldada para posteriormente destruirlos durante el ataque. La historia de un “empresario” que subcontrata criminales. Dr. Samuil, es un cybercriminal que tiene presencia en foros underground desde hace 15 años. Dr. Samuil coloca anuncios en algunos foros para contratar a expertos para las etapas de post-explotación. Una etapa post-explotación, se da cuando un atacante tiene acceso a un equipo y necesita obtener privilegios de administración, recolectar información y saltar a otros equipos dentro de la red para obtener acceso a la mayor cantidad de equipos posibles. Uno de sus anuncios de Dr. Samuil dice “Se le proporcionarán con regularidad accesos selectos que fueron auditados (estos son aproximadamente 10-15 accesos de cada 100), esto ayuda a todos los involucrados a ahorrar tiempo” A partir de otros anuncios clasificados que publicó en agosto y septiembre de 2020, parece claro que el equipo del Dr. Samuil tiene algún tipo de acceso privilegiado a los datos financieros de las empresas víctimas que les da una mejor idea de cuánto efectivo puede tener disponible la empresa víctima para pagar un rescate: “Existe una enorme información privilegiada sobre las empresas a las que nos dirigimos, incluida información si hay respaldos en unidades de cinta y/o en la nube, lo que afecta significativamente la escala de la tasa de conversión. Requisitos: - Experiencia con almacenamiento en la nube, ESXi. - Experiencia con Active Directory. - Escalamiento de privilegios en cuentas con privilegios limitados. * El nivel de información privilegiada de las empresas con las que trabajamos es alta. Hay comprobantes de pagos realizados por las víctimas, pero solo para LEAD verificados. * También hay un MEGA INSIDE privado, sobre el cual no escribiré aquí en público, y es solo para LEADs experimentados. * No miramos los informes de INGRESOS / INGRESOS NETOS. Reportes contables, este es nuestro MEGA INSIDE, en el que sabemos exactamente cuánto exprimir con confianza al máximo en total. La firma Intel 471 dice que dentro de la clandestinidad de los ciberdelincuentes, los accesos comprometidos a las organizaciones se compran, venden y comercializan fácilmente. Quien es Dr. Samuil? Al realizar la investigación para esta historia, KrebsOnSecurity descubrió que Dr. Samuil es el identificador utilizado por el propietario de multi-vpn [.] Biz, un servicio de red privada virtual (VPN) de larga duración comercializado para ciberdelincuentes que buscan anonimizar y cifrar su tráfico online haciéndolo saltar a través de varios servidores en todo el mundo. MultiVPN es el producto de una empresa llamada Ruskod Networks Solutions (también conocida como ruskod [.] Net), que de diversas formas afirma tener su sede en los paraísos de empresas offshore de Belice y Seychelles, pero que parece estar dirigida por un tipo que vive en Rusia. Los registros de registros de dominios para ruskod [.] Net fueron ocultos hace mucho tiempo por los servicios de privacidad de WHOIS. Pero según Domaintools.com, los registros de WHOIS originales para el sitio de mediados de la década de 2000 indican que el dominio fue registrado por Sergey Rakityansky. Este no es un nombre poco común en Rusia o en muchas naciones vecinas de Europa del Este. Pero un ex socio comercial de MultiVPN que tuvo una pelea bastante pública con Dr. Samuil en la clandestinidad le dijo a KrebsOnSecurity que Rakityansky es de hecho el apellido real del Dr. Samuil, y que él tiene 32 o 33 años que actualmente vive en Bryansk, una ciudad ubicada aproximadamente a 200 millas al suroeste de Moscú.

5bytespodcast
IBM to Split in Two, ESXi Ransomware, Patch News & More

5bytespodcast

Play Episode Listen Later Oct 15, 2020 25:00


On this week’s episode of the podcast I give an overview of this month’s Patch Tuesday news, I also dive into multiple stories about Ransomware attacks including one against some ESXi hosts plus much more! Reference Links: https://www.rorymon.com/blog/episode-146-ibm-to-split-in-two-esxi-ransomware-patch-news-more/

LINUX Unplugged
375: Wrong About Pop!

LINUX Unplugged

Play Episode Listen Later Oct 14, 2020 65:45


We're reminded that you can't judge a distro by its screenshots. We use Pop!_OS for a few weeks and share our embarrassing discovery. Plus our thoughts on the new Plasma release, a super handy pick, and more. Chapters: 0:00 Pre-Show 0:44 Intro 0:50 SPONSOR: A Cloud Guru 2:39 Plasma 5.20 7:50 Kernel 5.9 8:05 VMware Flirts with Arm 15:28 SPONSOR: Linode 18:54 Big News for Nebula 22:10 Code-Shaming the Kernel 27:40 Housekeeping 29:31 Pop!OS Exit Interview 31:44 Pop!OS Full-Time Staff 34:49 Pop!OS: The Last Ten Percent 37:46 Pop!OS: A Very Unique Distribution 43:13 Pop!OS: Driving Hardware Sales 47:40 Pop!OS: Strengthening the System76 Brand 49:51 Manjaro Arm 20.10 Released 50:48 SPONSOR: A Cloud Guru 51:48 Feedback: TLP Magic 53:23 Feedback: Chromebooks and Education 56:16 Pick: Autotier 59:09 Pick: Antennapod 2.0.1 1:00:30 SPONSOR: Core Contributors 1:01:10 Outro 1:03:18 Post-Show Special Guest: Neal Gompa.

Storage Unpacked Podcast
#177 – SmartNICs and Project Monterey

Storage Unpacked Podcast

Play Episode Listen Later Oct 9, 2020 36:13


This week Chris and Martin look at SmartNIC technology and the announcement of Project Monterey. SmartNICs are offload devices that provide networking, storage and security functions with additional benefits such as centralised management. VMware has announced Project Monterey, a preview solution that takes SmartNICs and offloads storage and networking tasks from the ESXi hypervisor. It’s […] The post #177 – SmartNICs and Project Monterey appeared first on Storage Unpacked Podcast.

Virtually Speaking Podcast
ESXi on Arm Fling

Virtually Speaking Podcast

Play Episode Listen Later Oct 7, 2020 47:33


This week on the Virtually Speaking Podcast we welcom eback William Lam and Andrei Warkentin to discuss the new Fling ESXi on ARM. Read more