smb.conf [global] security = ADS workgroup = EUCARRIER realm = EU.CARRIER.UTC.COM client use spnego = yes server signing = auto server string = Samba Server winbind enum users = yes winbind enum groups = yes winbind use default domain = yes
idmap config * : backend = tdb idmap config * : range = 10000-20000 template shell = /bin/bash log file = /var/log/samba/log.%m max log size = 50 load printers = no
[scanin2] path = /data2/scan/in2 valid users = +”EUCARRIER\fr_mtl_carrier_user” public = yes browseable = yes printable = no comment = scanFolderFromMFD writeable = yes guest ok = no hosts allow = 172.30.
Our company suffered a phishing attack yesterday. While investigating about the attacker and the potential employees of ours who might have been phished, we ended up with the attacker database of phished users.
This database include user email and passwords (~40) from multiple companies (~10) who seems to be sharing the same phishing attack as us. Moreover, it seems that the target are high profile.
So far, here is what we have been accomplishing :
- Contact targeted companies and list phished users
- Contact websites where the phishing attack is happening (it is happening on multiple hacked websites so it’s hard to stop it)
However, we’re not sure this is the best way to deal with the following situation, here is why :
More and more users still enter their credentials and this is not our role to secure other companies users and we would like to stop wasting time on this (most of the companies following up to our email or calling us asking for more details).
We are worried that some companies (targeted companies being in the same industry as us) might not understand us well and think we are in some way associated to that phishing attack because we are one of their competitors
We are doing security for our competitors (so we’re spending money for them)
One solution could be to publish a blog post but it has downsides too such as being seen as a toxic player because we would be pointing fingers at our competitors security. Another solution would be not to contact this companies and let them get compromised.
What would be the best way to react to this phishing attack ?
I’m working with kernel 2.6.32. I have set a static ipv4 and ipv6 address on my machine.
ifconfig eth1 eth1 Link encap:Ethernet HWaddr 00:50:56:AB:8D:A1 inet addr:10.5.175.254 Bcast:10.5.255.255 Mask:255.255.128.0 inet6 addr: 2011:1::/32 Scope:Global inet6 addr: fe80::250:56ff:feab:8da1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4470 errors:0 dropped:2 overruns:0 frame:0 TX packets:22237 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:235138 (229.6 KiB) TX bytes:1389682 (1.3 MiB)
After that I toggled the interface
ip link set dev eth1 down ip link set dev eth1 up
Then the output
ifconfig eth1 eth1 Link encap:Ethernet HWaddr 00:50:56:AB:8D:A1 inet addr:10.5.175.254 Bcast:10.5.255.255 Mask:255.255.128.0 inet6 addr: fe80::250:56ff:feab:8da1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4470 errors:0 dropped:2 overruns:0 frame:0 TX packets:22240 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:235138 (229.6 KiB) TX bytes:1389940 (1.3 MiB)
How do I make the ipv6 comeback like the ipv4 ?
There is a solution in the newer kernels https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1218442
I’m looking if there is a solution or a workaround to make it work for 2.6.32 kernel.
My laptop (ZBook 15 G4) came with 1 drive with Win10 (lets call it Installation A) on it. I installed another SSD and put a fresh Win10 on it(installation B). I was planning to format the original drive to put Linux on it, but didnt get to it yet. So right now I have 2 drives, both with separate Win10 Pro 1803 on them. Pretty identical, one would think.
The problem: Installation A sees the NAS on my router (FritzBOX 5490) and the wireless printer(without installing any drivers first). Installation B doesnt see any of those plus I cannot access my router’s interface, neither by typing its IP adress nor by using the “adress” fritz.box. Both methods work on installation A and on other devices.
What I tried: Followed a few guides that did what worked for them in similar cases, like installing “Support for SMB 1.0/CIFS” and activated several services. If its relevant, I will edit the exact names in.
What I suspect: Maybe I missed a driver? What other difference is there between an OS installed by HP/vendor to a “self-installed”? That used the newest WiFi drivers from Intel’s site rather the ones from the model-specific collection?
Any other ideas?