313: Addigy And More...
/Topics:
-Joe has spent time recently dedicating his focus on Addigy and Watchman Monitoring and understanding how to best leverage those tools
-Scripts has been what Joe has been concentrating on and he has found a tremendous amount of help and support through the MacAdmins Slack and the Addigy community
- Joe created a script to help ensure your client's Mac fleet gets restarted regularly, according to the best practice you decide. Initial prompt to gently suggest a restart after a "recommended" uptime, default to do nothing if ignored. Second prompt when uptime reaches "preferred", defaulting to gracefully restart if ignored. Final prompt when uptime reaches "limit", defaulting to try a graceful restart and then try a forcible restart if needed. Default values: 7 days, 21 days, 75 days. "I prefer HyperCard"
- Joe's script, for Addigy users: Restart Mac per Best Practice gets approved while recording the show!
-Sam talks about the “Easy Button” he learned while working with Jamf. He likes the thought of empowering the users to have them complete step 0 before calling support.
-These conversations seem to always point to how it weaves into your managed services or hourly plans. And having clients wonder why they have you if things are working so well.
-Joe also created a couple of great scripts to work with Watchman Monitoring functionality:
— This script to easily "Adjust Watchman Monitoring Time Machine Warning", default 21 days. For those users who just can't seem to run a backup regularly whether by circumstance or habit. Previously used to connect remotely to adjust this, since it can't be changed remotely in the Monitoring Client web interface. Now we can deploy it remotely, even across multiple machines or an entire client!
—Another script to "Adjust Watchman Monitoring Root Capacity Warning", default 95%. For those users who perpetually, or periodically, ride the edge of Apple's recommended best practice and you want to give them a bit more leeway. Again, it can't be changed remotely in the Monitoring Client web interface and we used to have to connect remotely to adjust this.
-Jerry gets a call from a new client in a remote location and discovers a 2011 iMac that was fairly unresponsive. Jerry is tasked with the job of migrating to a new iMac. He sees an old version of TeamViewer on the computer and discovers a surprise!
-Jerry & Joe discuss an episode of the CYBER podcast - Snowden on iPhone: with Android, patching landscape is a disaster because manufacturers discontinue phones quickly and don't continue providing software updates, and because phone vendors don't control chipset updates like for WiFi and cellular chips. This leaves many older phones vulnerable but in many different ways so there's no simple exploit or "skeleton key" for all devices. This mitigates the kind of widespread attack that can be developed for iPhone, since so many iPhones are running the same versions of iOS and have the same chips and firmware running on the chips.
-A worrisome story about sharing sensitive data with others on Dropbox is shared by Joe. It leads him to think of a method of phishing or scamming end users: create phony Dropbox accounts, create shared folders, share some data with strangers "accidentally" in a folder with a generic name like “SECURE”. Listen as Joe talks about how he would set his trap.
-Dave Provine brought up the SS7 vulnerability in the MacAdmins Slack, which was originally demonstrated at the Chaos Communication Congress hacker conference in 2014 and made some news on 60 Minutes in April 2016. It exploits vulnerabilities in a system called Signaling System No 7 (SS7), originally developed in 1975. So it's not just SIM hijacking that makes SMS a weak link. By hacking SS7, an attacker could silently snoop on SMS text messages, phone calls, and access phone location data. Yikes!
-iOS 12.3 and macOS 10.14.5: wow they fixed a lot of security issues! "An application may be able to execute arbitrary code with system privileges" and "A malicious application may be able to read restricted memory" and "A malicious application may be able to elevate privileges" and "A local user may be able to modify protected parts of the file system" and "Processing maliciously crafted web content may lead to arbitrary code execution"