ZombieLoad Vulnerability

Yet another chip flaw allows attackers to steal any data that's recently been accessed by the processor. Almost every Intel chip manufactured since 2011 is vulnerable. The good news is that attackers must be able to run code on the machine, which requires the machine to have already been compromised in some other manner. 

 Microsoft, Apple, and Google have already issued updates to stop the vulnerability, which takes advantage of Microarchitectural Data Sampling. AWS has also patched their hypervisors and published this Security Release.

 Red Hat's YouTube channel has an excellent video detailing the MDS exploit.

Codedamn has a short video demonstrating the attack in action.

Blockchain 101

What is Blockchain?

Blockchain is a resilient, distributed, and decentralized digital ledger of transactions. It allows digital information to be distributed but not copied. Traditionally, central authorities were needed as an arbiter of trust between parties wishing to transact online. The blockchain makes it possible for peers to guarantee transactions in an automated, secure fashion. In short, blockchain makes possible the digital equivalent of cash exchanging hands.

Where did it come from?

Although blockchain saw its first effective use with the advent of Bitcoin, its roots can be traced back to 1976 in a paper titled New Directions in Cryptography1 written by Whitfield Diffie and Martin Hellman (Yep, those guys2), where they postulated the idea of a distributed ledger. Obviously certain things were required for this idea to come to fruition; a vast network of interconnected computers with enough computing power to crunch away at the complicated calculations required to validate the blocks (transactions) in a blockchain. Fast forward to 2009 and conditions are right for a real world application. Enter Bitcoin. Part of the brilliance of using blockchain to create digital currency is the ability to build in a financial incentive for users that are willing to use their computing power to validate the blockchain. Voluntarily validating Bitcoin transactions has the possibility of producing a percentage of a Bitcoin as compensation. This has given rise to the term miner and people building special purpose computers solely for the sake of high-performance mining.

An interesting aside, electricity usage for machines mining Bitcoin is expected to top forty two terawatts this year. That puts it just behind Peru in terms of energy demand.

How do cryptocurrencies use Blockchain?

Bitcoin and alternative currencies like Ethereum and Litecoin all utilize blockchain technology a bit differently. In the case of Bitcoin, a new block in its blockchain is created roughly every ten minutes. That block verifies and records new transactions that have taken place. In order for that to happen, mining computers provide a proof-of-work; a calculation that creates a hash which verifies the block and the transactions it contains. Several of those confirmations must be received before a bitcoin transaction can be considered effectively complete. This provides resiliency as multiple independent entities all verify each transaction. The entire blockchain is maintained in this way. This means that no single entity can control the market or manipulate the blockchain’s history without controlling 51% of all mining computers. A feat reasonably assumed to be impossible. This is a vital component, because it certifies everything that has happened in the chain prior, and it means that no one person can go back and change things. It makes the blockchain a public ledger that cannot be easily tampered with, giving it a built-in layer of protection that isn’t possible with a standard, centralized database of information.

What is the future of Blockchain?

It’s definitely too early to tell, but the possibilities are vast. Blockchains could drastically improve identity management online, reducing identity theft. Blockchain could also help secure the woefully unsecured Internet of Things as well as networking in general. Blockchain technology could be used to distribute social welfare in developing nations, and even completely disrupt the election process.

In the Cyber Security world (and others), non-repudiation is a huge deal. Blockchain could complete the trifecta, slotting in with digital signatures and cryptography.   

 

1 https://ee.stanford.edu/~hellman/publications/24.pdf

2 https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange

Memcached DDOS Attack Reaches 1.7 Terabits

There’s a new DDOS attack in town and it’s a doozy. This amplification attack takes advantage of unsecured (misconfigured) Memcached servers and the return-on-investment is staggering. Sending a forged request to a susceptible Memcached server on port 11211 will result in the intended target receiving a response that has been amplified by a factor of 51,000. The result is the largest sustained denial of service attacks in history. GitHub successfully withstood 1.3 Terabit-per-second attack and several days later an unnamed company in the United States was buffeted by a 1.7 Tbps attack.

According to Wikipedia, “Memcached is a general-purpose distributed memory caching system. It is often used to speed up dynamic database-driven websites by caching data and objects in RAM to reduce the number of times an external data source must be read.” The Memcached software is free and open-sourced and runs on Linux, OS X, and Windows, with wide spread adoption over the last decade.

Usually, these types of servers are used internally, disconnected from the public internet and only accessible within a trusted network to improve performance. But it appears lots of people have been leaving Memcached servers exposed to the open internet, where they can be discovered and exploited by just about anyone.

Indeed, tools have already started cropping up to enable the ‘script-kiddies’ to also take advantage without understanding the underlying technology. One such tool, written in C, comes complete with a pre-complied list of 17,000+ vulnerable Memcached servers. Another, written in Python leverages Shodan to search for and obtain a fresh list of vulnerable servers. Both tools automate the sending of spoofed UDP packets.  

The original version of Memcached, created by Brad Fitzpatrick, did not support the UDP protocol. That functionality was added in 2008 by Facebook. The change was made without providing for mean to authenticate as Facebook falsely assumed that these servers would only run inside trusted networks. Later versions of the software eventually added authentication support for TCP but again left UDP out of the loop. That was, of course, until terabit-level denial of service attacks broadsided several sites last week. The open-source project was quickly updated to lock down the UDP port by default.

Similar to herd immunity, sites will not be safe from this attack until enough Memcached servers are patched or otherwise secured. A process that many experts predict will take quite some time.

CES 2018

Every year hundreds of thousands of nerds descend on Las Vegas for the annual Consumer Electronics Show. 2018 was no exception as attendance records were shattered across the board. Here are some quick numbers; 4,000 companies exhibited across a sprawling 2.6 million square feet of show floor and entertained and interacted with 185,000 attendees.

The show ended almost exactly a month ago today. So now that the dust has settled, let’s take a look at the standouts and the upcoming trends for 2018.

Smart Home Speakers / Devices:  Amazon was the first into this arena all the way back in 2014 with its Echo and Echo Dot. Google, Sonos, and most recently, Apple have all jumped on the bandwagon. Expect to see more products from more companies, as well as a more robust app ecosystem.

Augmented Reality: Virtual reality and augmented reality are not interchangeable phrases. Virtual Reality consumes your vision, separating you from your surroundings and replacing them with an entirely virtual experience. Augmented reality, does just what it sounds like. Imagine strolling through a museum or a historical landmark and as you glance around, interesting facts and details are presented to your vision. Some are expecting augmented reality to surpass virtual reality in the near future, maybe even this year. Microsoft was one of the first into the modern iteration of AR with their HoloLens. Check out this video from the official Microsoft HoloLens YouTube channel.

Artificial Intelligence: AI has been gaining steam exponentially over the past couple of years. You may have even heard some the uber-nerd buzz-words like, machine learning and big data. AI is starting to wrap its tendrils around almost everything. Just a few days ago Google’s health-tech subsidiary, Verily, announced a breakthrough in being able to assess a person’s risk of heart disease by scanning the back of a patient’s eye and running the resulting data through their AI program.

Now onto some specific gadgets that this author found particularly compelling.

Of all the nerdy gadgets I own, Amazon’s Echo powered by Alexa makes me feel like I’m living in the future the most. Muse by Speak Music provides a dead simple way to bring Alexa voice commands to your car…If you’re lucky enough to have a car with a USB port. Mine has a tape deck. Imagine driving home from work and telling Alexa to turn the living room lights on and start playing Huey Lewis and the News. What a utopia. All for the low, low price of $69.

Like something straight out of a Sci-Fi movie. LG’s new 65-inch $K OLED TV can roll itself out of site when not in use. It can also only display part of itself, allowing for ultra-wide aspect ratios, like 21:9 without black bars.

Looking like a chandelier out of a Philip K. Dick novel, IBM’s 50-qubit Quantum Computer takes up 105 square feet and its processor must be kept at 10 milliKelvin, which apparently is about as close to absolute zero as is efficiently possible. Finding actual performance numbers has proven difficult but IBM says it’s capable of calculations that today’s supercomputers cannot even dream about.

Finally, my top pick from CES 2018. The FoldiMate laundry folding robot. Need I say more?

Book Review: Shoe Dog by Phil Knight

When a friend recommended this as a book worth listening to I was initially skeptical. I, for no reason what-so-ever, pictured Nike as a corporate machine churning out expensive shoes and wasn't very interested to hear what its founder had to say.

Well, lesson learned. Shoe Dog is one of my favorite recent books and tells a very vulnerable story of the company and it's founder struggling with one hardship after another. Phil Knight ran track in high school and founded Blue Ribbon with his high school running coach, Bill Bowerman.

I'm getting ahead of myself. Knight, fresh from graduating at Stanford wanted to travel the world and see all he could see and planned to stop in Japan to pitch his idea of selling Japanese running shoes in America. He and a buddy fly out of San Francisco and during a lay-over in Hawaii decide to just get jobs and stay in that paradise forever. Day one of their trip and plans are immediately derailed.

Knight eventually makes it to Japan where he cold calls running shoe companies until he gets a meeting with the Onitsuke shoe company. You're going to have to read the book to find out how he went from sitting in that board room, without even a name for his company, to being the 15th richest person in the world. It's certainly not a straight line and I would hazard to say, it's not what you might be expecting.

Shoe Dog offers a wonderful behind-the-scenes look at a company that believed they were not afraid to fail and that they would always learn from their failures, and be better for them.

Norbert Leo Butz does a wonderful job narrating the Audible version.

I Graduated Cum Laude!

I recently received my diploma in the mail and was surprised and excited to see it carried the Cum Laude distinction.

A distinction made all the better by knowing I was able to earn it while working full-time and pursuing multiple certifications.

Now the real question....MBA? I know that I will ultimately pursue an MBA, the actual real question is "when". I have other goals (and bills) that have to come first.

Off Topic - 500 Days Without Soft Drinks

Completely off topic and self-congratulatory, but I wanted to make a short post about giving up sugary drinks. I used to be a lot heavier before I got into running and learned to appreciate the calorie. I'm about 80 pounds down from my heaviest point (314lbs.), and while I could still stand to lose another 20 to 30 pounds, I'm proud that I was able to lose it and, so far, keep it off.

I didn't initially cut out all sugary drinks. I used to do construction work and water was the only thing one can drink on 100+ degree days. However, when I made the transition into IT, the first firm I worked for had a fully stocked "soda fridge" and cases of Coke, Dr. Pepper, Root Bear, etc. stacked high in the warehouse.

I knew then and there I would be in trouble if I didn't set some heavy ground rules. So I decided to see if I could give up _entirely_ on sweet tea, sodas (or pop depending on where you're from), and sugary fruit drinks. I even made the decision to start drinking my coffee black.

As of a few days ago, I crossed the 500 day mark without straying a single time.

 

Meltdown and Spectre - 2018 Is Off To A Crazy Start

Ready for a shamelessly sensational headline?

Every computer, phone, and tablet made in the last two decades has a hardware vulnerability that allows would-be bad guys to steal information.

Ouch

This flaw being in the hardware of all major CPU manufacturers makes remediation more difficult for everyone. So much so in fact that the United States Computer Emergency Readiness Team’s (US-CERT) initial solution was to replace CPU hardware. They’ve walked that back now, and indeed it does seem like this hardware problem can be solved using software.

Wait…What?

It’s true. Spectre and Meltdown take advantage of a fundamental piece of high-performance computing known as Speculative Execution, which allows computers to do some tasks ahead of time to speed up processing. The Red Hat blog has a great explanation. Imagine you go to the same restaurant every day at the same time and order the same thing. Eventually the chef catches on and starts to prepare your meal before you arrive so that it’s ready as soon as you sit down. Fast and efficient. But what happens to that meal if you change your mind and order something different? It gets tossed out. The same thing happens in computing and, unfortunately for literally everyone, the place that data gets tossed isn’t secure. This allows bad guys to sniff kernel memory. You don’t get any greater access than that.

Now for Some Good News

Bad guys must already have access to your computer through some other means. Meltdown and Spectre are not vulnerabilities that facilitate unauthorized access.

Furthermore, these two exploits only allow information gathering. They can’t modify or delete your data, or add any data such as a infecting your system with a crypto-virus. 

One last bit of good news; as mentioned above, the vulnerabilities can be fixed with software and many of the major players already have patches in place or are working around the clock to get patches out. Microsoft even issued a rare out-of-cycle patch, not wanting to wait for the normal second Tuesday of the month to release their fix.

Now for Some Bad News

The fix is going to slow things down. Some have speculated that fixing Speculative Execution will rob it of its performance benefits, slowing down processors by as much as 30%. However, in real-world testing on standard office tasks on desktop computers the numbers are far lower.

This exploit hits cloud providers the hardest. Because the attack is CPU-based, it’s able to bypass the normal constraints of virtualized computing. If a bad guy were to gain a foothold on a server belonging to a cloud provider, he could spy on all the software running on that server. Google, Amazon, and others are taking this very seriously.

What You Should Do

Update your phones, tablets, computers, and basically anything with a CPU as soon as an update becomes available.

Mastering Python Networking - Eric Chou

Eric Chou was a guest on Priority Queue episode 135 on the Packet Pushers network where he talked about his new book Mastering Python Networking. I ordered it from Amazon and it arrived yesterday. Chou has managed networks for Microsoft and Amazon and it a big proponent of automation.

I'm a few chapters in and enjoying it immensely thus far. The book starts with a refresher on networking basics; TCP/IP suite and the basics of the Python Language. Chapter 2 was all about low level network device interactions. Chapter 3 is focusing on APIs and intent-driven networking.

My favorite thing in the book so far is the following quote:

Bad automation allows you to poke yourself in the eye a lot faster.
— Eric Chou

YearCompass

I'm a huge fan of using the new year as a time to reflect on the previous year and re-evaluate your goals moving forward. It's important to not just set goals but to quantify what success in these endeavors looks like. "Read more" should be something like "Read a chapter per night of TCP/IP Illustrated" or "Read one career-oriented book for every sci-fi book I read this year". 

I know this is more work and some goals can be surprisingly hard to quantify, but the pay-off and satisfaction is far greater. 

To that end, I saw a post on /r/DecidingToBeBetter linking to http://yearcompass.com/. It's 100% free and well-worth your time. Follow their advice; print it out, find somewhere quiet, pour a drink, and give it three hours of your time.

 

Year in Review - 2017

I read a post on Reddit that advised people to write down accomplishments, important moments, etc., on strips of paper and put them in a jar. On December 31st grab the jar and a little bourbon and read through your past year. I...didn't do that, although I intended to. I also intended to write a blog post every week, and you can see how well that went. So without further ado, and completely off the top of my head, here are my 2017 list of accomplishments.

  1. Moved from Biloxi, Mississippi to Charlotte, North Carolina. This was a big one for my significant other and me. Mississippi was very good to us professionally but I wanted to see what path I could carve out for myself in a bigger city.
  2. Finished my Bachelor's Degree. What a doozy! It still hasn't settled in. Thank you to the University of Massachusetts for a top rate online degree program.
  3. Passed the Project Management Professional Certification (PMP). This has been on my road-map for a few years. After moving to Charlotte and getting settled in I decided it was time to make it happen.
  4. Passed the Certified Information Systems Security Professional (CISSP). Another huge certification that's been a pie-in-the-sky goal of mine ever since I first read about it. It's not up in the same rarefied air as the CCIE, but I'm still hugely proud for passing it.
  5. Went to Chicago! Chicago has been at the top of my list of cities to visit ever since I crossed San Francisco off the list. The pizza was not a let down.
  6. Tried Pappy Van Winkle...twice - This isn't the first year I tried Pappy's but it's the first time since I learned to appreciate Bourbon and Scotch.

That's all for now. Let's raise some Pappy to 2018!

Back to Basics - Network Troubleshooting

Last week I went on-site to a client that was completely down; phones, data, and all. The previous day one of our field techs spent hours trying to get them back online and ended up running out of time. Not the best scenario for the client and not the best look for my company.

The client's network isn't large or particularly complicated. Couple of switches, a few WAPs, phones, firewall, and cable modem. They rent space out of an office building and share a communal demarc.

I arrived first thing and was shown to the network closet. I asked our point of contact one question, "Has anything changed?". She told me that there is some construction going on in the building and she thought they were working in the closet at some point.

 I setup and gave everything a quick visual and took some pictures with my phone. Always have a fall-back plan and document before changing anything. Then I fired up a command prompt and started a continuous ping to 8.8.8.8.

There are several options at this point but I decided to simplify. I unplugged the WAN cable and went directly into my laptop. Nothing. Hmmm. I power-cycled the modem and started getting replies. Can't be that easy. I plugged the WAN cable back in back into the switch and plugged my laptop into the network. Almost immediately my computer became really unresponsive. I rebooted and fired up Wireshark. Within seconds Wireshark was showing over 300,000 packets, and I wasn't getting any replies to the continuous pings. 

Broadcast storm.

I unplugged everything from the switch except for the WAN cable and the cable running to my laptop, checked my ping to Google and starting plugging cables in one by one. Eventually, I found the culprit and left it dangling. I plugged everything else back in and the network was solid. Wireshark was averaging less than 100 packets a second. I traced the cable back to the patch panel and went to go consult with out client. Their entire network was back up and running. My best guess is that one of the construction guys saw a dangling cable and plugged it back in to be helpful. The patch panel mapped back to an office where I found a five-port switch. 

When I got back to the office I discussed with the technician that had been onsite the previous day. He was stuck on the idea that it had to be an IP address conflict and spent a lot of time on the server looking at DHCP and scanning the network.

 I have two main goals when troubleshooting; one - to fix the problem as quickly and thoroughly as possible, and two - learn from everything. I was reminded by my conversation how easy it is to create causation and chase evidence to support that theory. Always simplify where you can. 

Net's New Reality

For the past several months it’s been difficult to tune into any news outlet without hearing the words “Net Neutrality” and the discussion surrounding the FCC’s intention to repeal, which it did on December 14th. The entire issue is a political one, with passionate opinions on both sides of the argument. This can make the implications and effect difficult to extract.

I specifically have some thoughts on this that contradict with others in our office. I will not turn this into an editorial but given a few fingers of bourbon and an audience, I would climb the nearest soapbox.

What is Net Neutrality?

Since its inception, internet traffic has been treated equally. Regardless of the company you pay or the type of connection you use, once connected, the internet is your oyster. In 2015 the Federal Communications Commission voted to formalize this right, prohibiting internet service providers (ISPs) from prioritizing, slowing down, or blocking access to any website or service. Net Neutrality is the way the internet has always worked.

The 2015 adoption was based on Title II of the Communications Act of 1934, which replaced the Federal Radio Commission with the Federal Communications Commission, and opens with; “For the purpose of regulating interstate and foreign commerce in communication by wire and radio so as to make available, so far as possible, to all the people of the United States a rapid, efficient, nationwide, and worldwide wire and radio communication service with adequate facilities at reasonable charges, for the purpose of the national defense…”

It’s worth pointing out that the current FCC Chairman, Ajit Pai, is a former Verizon lawyer.

So what’s changing?

Previously, internet access was more akin to telephone service. With the repeal of Net Neutrality, internet access could soon look more like cable TV service. You only get access to Google and Facebook if you purchase the premium package for an additional fee. This isn’t sabre rattling, this ruling makes it legal for ISPs to block access to websites if they choose. Imagine browsing to Facebook only to receive a popup from your ISP that your current internet plan doesn’t allow access. Such a scenario was prohibited under Net Neutrality, but is no longer. This isn’t to say this will happen but simply that it could.

The major ISPs (Verizon, Comcast, AT&T, and Spectrum) now have the ability to slow down or even block traffic to a competitor’s website or service. For example, Comcast owns NBCUniversal, which in turn owns Hulu. Comcast will have the ability to slow down or outright block its customers from accessing other streaming services such as Netflix.

How does this affect American internet users?

The short answer is that no one but the service providers know at the moment. We will simply have to wait and see how they will wield their new-found power.

Historically, their track record isn’t great. Comcast has had the distinction of being named the worst company in American for 2014, 2015, and 2017.

Verizon received hundreds of millions of dollars in tax-payer subsidies from the state of Pennsylvania in exchange for promising to lace the state with fiber optic cabling. A promise left unfulfilled for 25 years and counting. Verizon is also currently being sued by New York City for the exact same thing.

If you think this is a case of big company bullying their way into the pockets of the consumer you are right. Wait... That’s my Opinion.

Here’s a fact. Time Warner covered their entire operating expense with 3% of the revenue from their high-speed internet services. That’s 97% profit according to their own SEC filings in 2013.

We just have to hope this does not come back to you and me as the regular consumer in the form of higher prices.

I passed the CISSP!

Another huge certification checked off the to-do list! On December 14th I sat and passed the Certified Information Systems Security Professional certification. I've had this on my radar for years, but made the decision to pursue the Project Management Professional certification first.

I started studying seriously back in October. I watched Kelly Handerhan's CISSP course on Cybrary. A great course even before you consider the price...free. I spend a fair bit of time on the road and try to walk during my lunch hour when I'm in the office. Simple CISSP by Phil Martin was a great audio book. This is the first audio book for a certification that I've ever felt comfortable recommending. A week prior to the exam I read 11th Hour CISSP by Eric Conrad from cover to cover. As with so many things, there is a wonderful and helpful community on Reddit dedicated to this exam. Seriously, that should be your first stop if you're thinking about embarking on the journey to becoming a CISSP.

I discovered that the exam was moving to an adaptive model on December 18th so I booked as late as possible before that date. I showed up to the testing center bright and early. Took a 10 minute break at question 175 and finished up. I'd flagged 43 questions for review, and only ended up changing my answer to two of them.

The CISSP is the first exam I've taken that doesn't tell you on screen whether or not you've passed. I've read on Reddit that if you pass, you only get a single page printout and if you fail you get several. I stood up and waited for the proctor and was lead out to the front desk. My heart jumped a bit when I saw the single sheet lying face down. When I was handed the page I saw the first line, "Congratulations..." and breathed a huge sigh of relief.

The biggest piece of advice I can give is to think like a manager and answer the question being asked. I saw several problems that had a technical solution as one of the answers. As IT nerds we jump at the chance to fix a problem, but that isn't always the correct answer. Think like a manager and always, ALWAYS follow the change control process.

Good luck!

 

ITPro.tv's Project Management Professional Prep Course

I've been a member of  ITPro.tv since early 2014. During that time I've used their courses to pass multiple CCNA tracks, as well as MCSA and MCSE Server 2012.

Most recently I passed the PMP certification using their 36 hour long video course, almost exclusively. The consensus over at www.reddit.com/r/pmp is that RIta Mulcahy's PMP Exam Prep book is a most for passing the exam. I tried multiple times to study with this book and kept finding myself putting it down. I decided to go for broke and switch over to ITPro.tv. Don and Ronnie really did a great job breaking down the entire exam and relating it to real-world scenarios, even going so far as to mock up a fake project to build an arcade cabinet for their office. The last eight or nine videos in the series are thorough walk-through's of the most common formulas and how to apply them, as well as calculating things like lag time, free float, etc. 

I can't recommend their services highly enough.

 

KRACK Attack

The Largest Wi-Fi Vulnerability Ever Discovered

What is it?

The attack is called a Key Reinstallation Attack, or KRACK for short (nerds love a tortured acronym as much as the next person) and takes advantage of a flaw in the handshake that Wi-Fi devices use to establish trust between one another. This is an important note; the flaw is within the standard itself and not particular products.

Whom does it affect?

The short answer is almost everyone. The flaw is present in WPA and WPA2 security protocols which, as luck would have it, are about as universal as a protocol can be. If your device supports Wi-Fi, it is most likely affected.

What can it do?

Taken directly from the researchers that discovered the flaw, “Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on.” This vulnerability can also make a network susceptible to the injection of ransomware and other malware. Luckily, exploiting this flaw requires proximity. An attacker needs to be close enough to be able to pick up on the Wi-Fi signal of the targeted network.

What can you do?

As of the writing of this article (October 18th, 2017), Microsoft has already issued a patch for supported Windows operating systems and Apple has released updates for macOS, iOS, watchOS, and tvOS. Google is "aware of the issue, and we will be patching any affected devices in the coming weeks." Check all of your devices for updates and apply them as soon as they become available.

Add a Little Color to Your Command Prompt

I use the Windows command prompt on a daily basis. Done so for decades. Whether I'm pinging 8.8.8.8 or finding a default gateway, the command prompt is a trusty companion. I never knew until today that you could change its entire look with eight characters. Next time you find yourself in that dreary old screen, type color ?.

The first hex character changes the background color and the second hex character changes the text color.

As you can see in the screenshot above, color f0 inverts the default command line.

Office 365 Bulk Complaint Levels (BCL's)

I've been working in the Office 365 Admin Center for a bit trying to dig up some numbers for a client I met with recently. They wanted to know how much legitimate email versus spam email they receive on an average monthly basis. Easy enough, right?

I logged into our Office 365 partner account and browsed to the Reports tab...

Not very helpful. 

I fired up Powershell and logged in to the same account.

After bit of googling, I had the following command ready to go:

Get-MailTrafficReport -Direction Inbound -EventType GoodMail -StartDate 07/01/2017 -EndDate 07/31/2017 | Export-Csv -Path C:\Users\jclements\data.csv

A quick AutoSum later and I had the total number of legit emails received by my client during July, 2017. Finding the amount of spam that was captured by Microsoft's spam filters was a little trickier. Firstly, there's no BadMail event type. Microsoft breaks down spam mail and malicious mail into  15 categories. Nine of which range from BCL0 to BCL8. The letters stand for Bulk Complaint Level and is a way for Microsoft to rate bulk mailers on the amount of complaints they generate.

Bulk mailers vary in their sending patterns, content creation, and list acquisition practices. Some are good bulk mailers that send wanted messages with relevant content to their subscribers. These messages generate few complaints from recipients. Other bulk mailers send unsolicited messages that closely resemble spam and generate many complaints from recipients. To distinguish these types of bulk mailers, messages from bulk mailers are assigned a Bulk Complaint Level (BCL) rating. BCL ratings range from 1 to 9 depending on how likely the bulk mailer is to generate complaints. A sender that has a rating of BCL 9 is likely to generate many complaints from recipients, whereas a rating of BCL 3 is unlikely to generate many complaints. Microsoft uses both internal and third-party sources to identify bulk mail and determine the appropriate BCL.
— https://technet.microsoft.com

Podcast of Note: How To Further Your IT Infrastructure Career - Packet Pushers 345

I recently went back into the Packet Pushers archive and listened to show 345: How to Further Your IT Infrastructure Career with guest Katherine McNamara. Katherine holds a CCIE and the title of Consulting Systems Engineer for Cisco. She referenced a blog post of hers on the show in regards to hiring, interviewing, and a seeming dearth of talented people in the job market. I went to her website network-node.com and found the post I'm referring to. 

Not trying to sound cynical or mean to anyone in the field here but for every 30-40 people we’d interview for the position, we’d get lucky if there was 1 would could answer CCNA-level questions. Obviously, I tried to give the people a fair shake by asking them questions based on the experience and skills they claimed on their resume but most failed at that. If we were hiring for entry-level positions, maybe some of these entry-level gaps could be excused but most companies have a business to run and desperately need someone who can hit the ground running. They can’t afford to stop their business for 2-3 years while they try to train up someone completely green on how to have decent skills and not everyone is willing to learn. That much is clear by the fact that there’s people with 10+ years of experience who either let their skills fade or didn’t try to learn anything outside of the daily tasks they were doing every day.
— Katherine McNamara

During the episode, Katherine said she would be more impressed by an applicant's blog than just about anything else. A resume is a snapshot in time, whereas a blog is a timeline. If someone is applying for a Network Engineer position and has posts on his or her blog discussing the merits of routing protocols or the latest and greatest hardware from Cisco, that person would stand out in a crowd of applicants.