Efficient Management of Multi-Server Queries: A T-SQL and PowerShell Approach

In today’s interconnected world, managing data across multiple SQL Server instances is a common scenario for many organizations. Whether for reporting, data aggregation, or monitoring, running the same query across these servers efficiently is paramount. This article explores practical techniques and tools to achieve this, focusing on T-SQL, linked servers, Central Management Server (CMS), and…

View On WordPress

Install SQL Server Management Studio 20 on Windows Server

SQL Server Management Studio (SSMS) is a powerful tool for managing SQL infrastructure, from SQL Server to Azure SQL Database. In this guide, we shall discuss how to Install SQL Server Management Studio 20 on Windows Server. Please, see how to Upgrade VBR to 12.3.1: Setup detected inconsistent configuration, how to deploy and integrate VHR with VBR, and how to perform In-place upgrade of Windows…

Alarm Management Software

MS SQL Tutorial in Bengali | সহজ বাংলায় শিখুন MS SQL Server - Part-1

Securing Your Website: Best Practices for Web Developers

As the digital landscape continues to evolve, website security has become a paramount concern for businesses and individuals alike. With cyber threats becoming increasingly sophisticated, it is crucial for web developers to adopt robust security measures to safeguard their websites and the sensitive data they handle. In this article, we'll delve into the best practices that web developers can implement to enhance the security of their websites and protect against potential threats.

Introduction

In today's interconnected world, websites serve as the digital storefront for businesses, making them vulnerable targets for cyber attacks. From data breaches to malware infections, the consequences of a security breach can be severe, ranging from financial loss to damage to reputation. Therefore, prioritizing website security is essential for maintaining the trust and confidence of users.

Understanding Website Security

Before diving into best practices, it's crucial to understand the importance of website security and the common threats faced by websites. Website security encompasses measures taken to protect websites from cyber threats and unauthorized access. Common threats include malware infections, phishing attacks, SQL injection, cross-site scripting (XSS), and brute force attacks.

Best Practices for Web Developers

Keeping Software Updated

One of the most fundamental steps in website security is keeping all software, including the content management system (CMS), plugins, and server software, updated with the latest security patches and fixes. Outdated software is often targeted by attackers due to known vulnerabilities that can be exploited.

Implementing HTTPS

Implementing HTTPS (Hypertext Transfer Protocol Secure) encrypts the data transmitted between the website and its users, ensuring confidentiality and integrity. HTTPS not only protects sensitive information but also boosts trust among visitors, as indicated by the padlock icon in the browser's address bar.

Using Strong Authentication Methods

Implementing strong authentication methods, such as multi-factor authentication (MFA) and CAPTCHA, adds an extra layer of security to user accounts. MFA requires users to provide multiple forms of verification, such as a password and a one-time code sent to their mobile device, reducing the risk of unauthorized access.

Securing Against SQL Injection Attacks

SQL injection attacks occur when malicious actors exploit vulnerabilities in web applications to execute arbitrary SQL commands. Web developers can prevent SQL injection attacks by using parameterized queries and input validation to sanitize user inputs effectively.

Protecting Sensitive Data

It's essential to employ encryption techniques to protect sensitive data, such as passwords, credit card information, and personal details, stored on the website's servers. Encrypting data at rest and in transit mitigates the risk of data breaches and unauthorized access.

Regular Security Audits

Conducting regular security audits helps identify vulnerabilities and weaknesses in the website's infrastructure and codebase. Penetration testing, vulnerability scanning, and code reviews enable web developers to proactively address security issues before they are exploited by attackers.

Choosing a Secure Hosting Provider

Selecting a reputable and secure hosting provider is critical for ensuring the overall security of your website. When evaluating hosting providers, consider factors such as security features, reliability, scalability, and customer support.

Evaluating Security Features

Choose a hosting provider that offers robust security features, such as firewalls, intrusion detection systems (IDS), malware scanning, and DDoS protection. These features help protect your website from various cyber threats and ensure continuous uptime.

Ensuring Regular Backups

Regularly backing up your website's data is essential for mitigating the impact of security incidents, such as data breaches or website compromises. Choose a hosting provider that offers automated backup solutions and store backups securely offsite.

Customer Support and Response to Security Incidents

Opt for a hosting provider that provides responsive customer support and has established protocols for handling security incidents. In the event of a security breach or downtime, prompt assistance from the hosting provider can minimize the impact on your website and business operations.

Implementing Firewall Protection

Firewalls act as a barrier between your website and external threats, filtering incoming and outgoing network traffic based on predefined security rules. There are several types of firewalls, including network firewalls, web application firewalls (WAF), and host-based firewalls.

Configuring and Maintaining Firewalls

Properly configuring and maintaining firewalls is crucial for effective security. Define firewall rules based on the principle of least privilege, regularly update firewall configurations to reflect changes in the website's infrastructure, and monitor firewall logs for suspicious activity.

Educating Users about Security

In addition to implementing technical measures, educating users about security best practices is essential for enhancing overall website security. Provide users with resources, such as security guidelines, tips for creating strong passwords, and information about common phishing scams.

Importance of User Awareness

Users play a significant role in maintaining website security, as they are often the targets of social engineering attacks. By raising awareness about potential threats and providing guidance on how to recognize and respond to them, web developers can empower users to stay vigilant online.

Providing Training and Resources

Offer training sessions and educational materials to help users understand the importance of security and how to protect themselves while using the website. Regularly communicate updates and reminders about security practices to reinforce good habits.

Monitoring and Responding to Security Incidents

Despite taking preventive measures, security incidents may still occur. Establishing robust monitoring systems and incident response protocols enables web developers to detect and respond to security threats in a timely manner.

Setting Up Monitoring Tools

Utilize monitoring tools, such as intrusion detection systems (IDS), security information and event management (SIEM) systems, and website monitoring services, to detect abnormal behavior and potential security breaches. Configure alerts to notify you of suspicious activity promptly.

Establishing Incident Response Protocols

Develop comprehensive incident response plans that outline roles, responsibilities, and procedures for responding to security incidents. Establish clear communication channels and escalation paths to coordinate responses effectively and minimize the impact of security breaches.

Securing your website requires a proactive approach that involves implementing a combination of technical measures, choosing a secure hosting provider, educating users about security best practices, and establishing robust monitoring and incident response protocols. By following these best practices, web developers can mitigate the risk of security breaches and safeguard their websites and the sensitive data they handle.

Unraveling the Power of Managed Cloud Server Hosting: A Step-by-Step Guide?

In today's digital era, businesses are increasingly turning to "cloud server management solutions" to enhance efficiency, scalability, and security. One of the most sought-after options in this realm is fully managed cloud server hosting. This comprehensive guide will take you through the ins and outs of managed cloud server hosting, providing a step-by-step understanding of its benefits, implementation, and best practices.

Understanding Managed Cloud Server Hosting Managed cloud server hosting refers to the outsourcing of server management tasks to a third-party service provider. This includes server setup, configuration, maintenance, security, updates, and troubleshooting. By "opting for managed cloud hosting", businesses can focus on their core activities while leaving the technical aspects to experienced professionals.

Benefits of Managed Cloud Server Hosting Enhanced Security: Managed cloud server hosting offers robust security measures such as firewalls, intrusion detection systems, data encryption, and regular security audits to protect sensitive data and applications.

Scalability: With managed cloud hosting, businesses can easily scale their resources up or down based on demand, ensuring optimal performance and cost-efficiency.

Cost Savings: By outsourcing server management, businesses can save costs on hiring dedicated IT staff, infrastructure maintenance, and upgrades.

24/7 Monitoring and Support: Managed cloud hosting providers offer round-the-clock monitoring and support, ensuring quick resolution of issues and minimal downtime.

Step-by-Step Implementation of Managed Cloud Server Hosting

Step 1: Assess Your Hosting Needs Determine your storage, processing power, bandwidth, and security requirements. Identify the type of applications (e.g., web hosting, databases, e-commerce) you'll be hosting on the cloud server.

Step 2: Choose a Managed Cloud Hosting Provider Research and compare different managed cloud hosting providers based on their offerings, pricing, reputation, and customer reviews. Consider factors such as server uptime guarantees, security protocols, scalability options, and support services.

Step 3: Select the Right Cloud Server Configuration Choose the appropriate cloud server configuration (e.g., CPU cores, RAM, storage) based on your hosting needs and budget. Opt for features like automatic backups, disaster recovery, and SSL certificates for enhanced security and reliability.

Step 4: Server Setup and Configuration Work with your "managed cloud hosting provider" to set up and configure your cloud server according to your specifications. Ensure that all necessary software, applications, and security protocols are installed and activated.

Step 5: Data Migration and Deployment If migrating from an existing hosting environment, plan and execute a seamless data migration to the "managed cloud server". Test the deployment to ensure that all applications and services are functioning correctly on the new cloud server.

Step 6: Ongoing Management and Optimization Regularly monitor server performance, security, and resource utilization to identify potential issues and optimize performance. Work closely with your "managed cloud hosting provider" to implement updates, patches, and security enhancements as needed.

Step 7: Backup and Disaster Recovery Planning Set up automated backups and disaster recovery mechanisms to protect data against hardware failures, cyber threats, and data loss incidents. Regularly test backup and recovery processes to ensure their effectiveness in real-world scenarios.

Best Practices for Managed Cloud Server Hosting Regular Security Audits: Conduct regular security audits and vulnerability assessments to identify and mitigate potential security risks. Performance Monitoring: Continuously monitor server performance metrics such as CPU usage, memory utilization, disk I/O, and network traffic to optimize resource allocation.

Backup and Restore Testing: Test backup and restore procedures periodically to ensure data integrity and recovery readiness. Compliance and Regulations: Stay compliant with industry regulations and data protection laws relevant to your business operations. Disaster Recovery Planning: Develop and implement a comprehensive disaster recovery plan with predefined procedures for data restoration and business continuity.

In conclusion, "managed cloud server hosting" offers a myriad of benefits for businesses seeking reliable, scalable, and secure hosting solutions. By following the step-by-step guide outlined above and adhering to best practices, businesses can leverage the power of "managed cloud hosting" to streamline operations, reduce costs, and drive business growth in the digital landscape.

Optimize Your SQL Server Management : dbForge vs. Navicat

When it comes to managing and administering Microsoft SQL Server databases, having the right tools is crucial for efficiency and effectiveness

Best Cloud Server Management Services in Dwarka Delhi By NWSPL

Cloud Server Management refers to the process of overseeing and controlling the various aspects of servers hosted in a cloud computing environment. In a cloud setup, servers are virtualized instances that run on physical hardware maintained by a cloud service provider. Effective management of these cloud servers is essential to ensure optimal performance, reliability, security, and cost efficiency. Here are key components and activities associated with cloud server management:

Provisioning and Deployment:

Description: Cloud server management involves the creation, configuration, and deployment of virtual servers as needed. This includes selecting the appropriate server specifications, operating system, and other settings based on the requirements of the applications or workloads.

2. Resource Scaling:

Description: Cloud environments allow for dynamic scaling of resources. Cloud server management includes the ability to scale server resources up or down based on changing demand. This ensures that the infrastructure can adapt to varying workloads efficiently.

3. Monitoring and Performance Optimization:

Description: Continuous monitoring of server performance metrics is a crucial aspect of cloud server management. Administrators use monitoring tools to track factors such as CPU usage, memory utilization, and network performance. Optimization strategies are then employed to enhance overall efficiency.

4. Security and Access Control:

Description: Ensuring the security of cloud servers is paramount. Cloud server management involves implementing security measures such as firewalls, encryption, and access controls. Administrators define user roles and permissions to restrict access to sensitive data and configurations.

5. Backup and Disaster Recovery:

Description: Cloud service management panel includes the implementation of backup strategies to safeguard data. Administrators set up regular backup schedules and develop disaster recovery plans to mitigate the impact of unforeseen events or data loss.

6. Patch Management and Updates:

Description: Keeping servers up-to-date with the latest patches and updates is critical for security and performance. Cloud server management services in dwarka delhi involves the systematic application of software updates to address vulnerabilities and improve functionality.

7. Cost Management:

Description: Cloud resources come with associated costs. Effective cloud server management includes monitoring resource usage and implementing cost-saving measures. This may involve rightsizing servers, optimizing configurations, and leveraging reserved instances.

8. Automation:

Description: Automation is a key element of cloud server management. Tasks such as provisioning, scaling, and configuration changes can be automated to streamline operations, reduce manual errors, and enhance overall efficiency.

9. Compliance and Auditing:

Description: Cloud server management includes ensuring compliance with industry regulations and organizational policies. Regular audits are conducted to assess and verify that servers adhere to security and compliance standards.

10. Troubleshooting and Support:

Description: In the event of issues or failures, cloud server management involves troubleshooting and providing support to ensure quick resolution. This includes identifying root causes, implementing fixes, and communicating with stakeholders.

In summary, cloud server management is a comprehensive set of activities aimed at maintaining the health, security, and efficiency of servers hosted in a cloud environment. It requires a combination of technical expertise, automation, and strategic planning to effectively leverage the benefits of cloud computing while meeting the specific needs of the organization.

Why Choose NWSPL for Cloud Server Management in Dwarka:

Expertise: Our team comprises seasoned professionals well-versed in the intricacies of cloud server management, offering unparalleled expertise to meet the diverse needs of our clients.

Comprehensive Solutions: From provisioning and scaling to security and compliance, NWSPL provides end-to-end cloud server management solutions, tailored to your specific business requirements.

Innovation: We stay at the forefront of technological advancements, incorporating the latest tools and best practices to keep your cloud infrastructure at the pinnacle of efficiency.

Reliability: Count on NWSPL for reliable, 24/7 monitoring, ensuring that your cloud servers consistently deliver peak performance and are ready to adapt to changing demands.

Cost Optimization: Our strategic approach to cloud server management includes cost-saving measures, ensuring that you get the most value from your cloud investments without compromising on performance.

Client-Centric Approach: At NWSPL, client satisfaction is paramount. We work closely with our clients, understanding their unique needs and delivering solutions that align with their business objectives.

Cloud Server Management Services:

NWSPL excels in providing best cloud server management services. Whether you are a startup or an established enterprise, our team of experts ensures the seamless operation of your cloud infrastructure. From deployment to maintenance, we handle it all, allowing you to focus on your core business activities.

Managed Cloud Hosting:

Our managed cloud hosting services offer a secure and scalable hosting solution tailored to meet your specific business needs. With NWSPL as your hosting partner, you can enjoy the benefits of high-performance hosting, automatic backups, and 24/7 support, ensuring your website or application runs smoothly without any downtime.

Server Monitoring for Peak Performance:

At NWSPL, we understand the critical importance of server monitoring cloud. Our proactive monitoring services ensure that potential issues are identified and resolved before they impact your operations. This proactive approach to server management guarantees optimal performance and minimizes downtime.

Software as a Service (SaaS):

In the era of cloud computing, NWSPL provides innovative SaaS solutions to streamline your business processes. From collaboration tools to customer relationship management (CRM) systems, our SaaS offerings are designed to enhance efficiency and productivity.

In conclusion, NWSPL in Dwarka, Delhi, stands as a comprehensive solution provider for your digital needs. By combining social media amplification, SEO strategies, and top-tier cloud server management services, we empower your brand to thrive in the dynamic and competitive online landscape. Partner with NWSPL to unlock the full potential of your digital presence and propel your business to new heights.

Learn how to install Microsoft sql server and management studio .

Open Source Note Taking

I know all of you have followed me for the horny posts about sexual violence but I have decided to post some recommendations for open source tools each Friday to promote my other insidious agenda of increased privacy, security, and independence from for-profit companies.

A lot of you here probably like to journal and take notes so I decided to start with some dedicated note taking apps. Of course you can also take notes in LibreOffice and Cryptpad, but those are more general office solutions similar to Microsoft Office or Google Docs.

Freeplane

For most of my my personal note-taking right now I like to use Freeplane. It's free and open source (hence the name), runs on pretty much every desktop, and provides a solid note taking environment. Notes are represented as graphs (typically trees) which can contain cells which have arbitrary data. These cells can be manipulated with a built-in scripting language which allows you to use it like a spreadsheet in addition to using to store notes. Nodes can be folded as well, and you can make decision trees, flowcharts, etc. very easily.

The interface may look somewhat intimidating since it's not just a regular note taking app, and many users take a mind-mapping approach, but you can just imagine it as a nested tree with the nodes closer to the root being broader concepts than the leaves.

Joplin

Joplin is a markdown based tool for note taking, though it provides a WYSIWYG style editor, intra-notebook links, the ability to store templates, to-do lists, and a few more advanced features. It has an android and iOS app as well. If you want to sync your notes between devices you can self-host a server, use some sort of file sharing tool (like KDE Connect), or pay for their service.

I no longer use it (having since moved to Freeplane, KDE PIM, and SQL), but it's a good program and it might be good for your problems since everyone has different needs.

KDE PIM (KOrganiser or Merkuro)

If you use KDE already, KDE has a PIM suite which allows you to create tasks, events, and schedule things. You can use these to take journal entries which can show up in any calendar you share CalDAV info with (which means that you can link most calendar services to it). It can also be used to share when you are free if you like to schedule meetings. I personally use it for my own daily journaling and task management.

Just Plain Markdown

You can also store things in just plain old markdown files (org mode in emacs or just regular .md

files). Many people swear by this and there are some compelling benefits (near universal compatibility with any text editor as well as a very simple interface for extending it). For this you don't really need any specialized tools, just a text editor of your choosing, ideally with some highlighting for markdown. Nearly every text editor has it, so there's not much to say there.

SQL Databases

This is a niche solution, but I am going to mention it anyways since it took me years to actually try it out despite knowing SQL since no one else mentioned it. If you know SQL just using straight up SQL with a SQL database management tool is actually really good. I have done it (and do it) since for some tasks like storing recipes the added structure is actually quite useful. (and you can do complex queries on the data as well) Essentially you just break your notes into different types (possibly even thinking about how to normalize your knowledge representation, though there's a lot of bikeshedding that way) and then turn those types into tables.

Postgresql is my preferred option simply because I use it at work (and let's face it, if you use SQL you probably do to). However, if you aren't already experienced with SQL it isn't something I would recommend. Though I would recommend learning SQL to everyone, since databases have a similar set of capabilities as spreadsheets but are even more powerful and useful.

Mastering Performance Monitoring with T-SQL on Azure Arc SQL

In the ever-evolving landscape of cloud computing, Microsoft’s Azure Arc stands out as a beacon for managing hybrid and multi-cloud environments seamlessly. Among its many features, Azure Arc enabled SQL Server offers a unique opportunity for database administrators and developers to monitor and enhance the performance of their SQL databases, irrespective of where they reside. This article delves…

View On WordPress

How to install Endpoint Configuration Manager on HyperV VM

Microsoft integrates Configuration Manager into the Intune family of products, offering an integrated solution for managing all devices. This integration simplifies licensing and eliminates the need for complex migrations. Users can continue leveraging their existing Configuration Manager investments while tapping into the capabilities of the Microsoft cloud at their own pace. This is a…

View On WordPress

Alarm Management Application

Ok I've had a very random train of thoughts and now wanna compile it into post.

Some MM characters computer-related (???) headcanons lol

Riley:

Has above average knowledge of Excel/Google sheets due to studying finance, but after four years with no practise forgot most of it.

The "Sooon, I have a problem" person in their family. Actually, surprisingly good and patient at explaining computer stuff to older people.

Has a higher responsibility of doing taxes (finance, after all). Even he never fails to do them right, Ed always double checks. Sometimes they get into argument, where inevitably Riley proves he is right but his father would never admit it.

Warren, Leeza, Ooker and other teens:

Also nothing outstanding in terms of skills, except few of them have interest in IT.

They have bunch of small local Discord servers and one big main server with some very stupid name.

Few times Bev tried to bring up importance of parental control over this "new and rapidly growing young community", but thanks God no one took her concerns seriously

Leeza moderates it and her moder role called "Mayor-mini". Like father like daughter.

All teens local jokes and memes were bourn/spread though that server.

Bev:

Rumors says she sacrificed her humanity to obtain such powers with Microsoft software package.

Can build up Access database from scratch, using basic SQL commands, assemble primitive, but surprisingly sufficient interface to it and synchronize it with Excel in span of one day or less.

In her laptop there're every pupil's personal file, countless Excel tables, several automatised document accounts, Google calendar with precisely planned schedule for next several months (for school, church, island and personal matters) and probably Pentagon files.

Probably can find all Pi numbers with Excel formulas.

Never lets anyone to her laptop.

Spends her free time at different forums, mostly gardening-related.

Wade:

Made a very fucking poor decision to let Bev do all the legwork with digital document accounting.

Now has no idea how some of things even work, so just goes with a flow and does what Bev tells.

No wander she got away with embezzlement.

Knows about kid's server. Very proud of Leeza for managing it :)

Because of that, he knows one or two memes from there, but keeps them in secret.

Has hobby of fixing office equipment. Does it with Sturge in spare time due to Dupuytren's contracture not letting him operate his hand fully.

Sarah:

There's no good medical technicians on island, so when something goes wrong with equipment electronics - tries to fix it herself to best of her ability.

Always monitors electronic e-shops for spare details or equipment. Grows more and more addicted to it.

Frequently updates her selection of sites with useful medical information, because Erin asked her for help guiding teens though puberty. For that receives glances from Bev, but doesn't give a shit.

Has reputation of cool aunt among kids, so she was one and only adult invited to main Discord server. Didn't accept it (doesn't even have Discord acc), but still grateful for trust.

Plays solitaire a lot.

John:

Back when he was playing Paul, Bev asked him to do something with Excel. In conclusion, poor bastard had to learn basic computer skills and Excel in span of several days. Now he is traumatized for rest of his life.

Will do all the work manually just to not touch laptop again.

Upsets very easly when does something wrong.

Doesn't own laptop. Don't give that man laptop, he will cry.

By his own will uses it only to watch baseball. Always asks someone to help with that.

The flood of text messages started arriving early this year. They carried a similar thrust: The United States Postal Service is trying to deliver a parcel but needs more details, including your credit card number. All the messages pointed to websites where the information could be entered.

Like thousands of others, security researcher Grant Smith got a USPS package message. Many of his friends had received similar texts. A couple of days earlier, he says, his wife called him and said she’d inadvertently entered her credit card details. With little going on after the holidays, Smith began a mission: Hunt down the scammers.

Over the course of a few weeks, Smith tracked down the Chinese-language group behind the mass-smishing campaign, hacked into their systems, collected evidence of their activities, and started a months-long process of gathering victim data and handing it to USPS investigators and a US bank, allowing people’s cards to be protected from fraudulent activity.

In total, people entered 438,669 unique credit cards into 1,133 domains used by the scammers, says Smith, a red team engineer and the founder of offensive cybersecurity firm Phantom Security. Many people entered multiple cards each, he says. More than 50,000 email addresses were logged, including hundreds of university email addresses and 20 military or government email domains. The victims were spread across the United States—California, the state with the most, had 141,000 entries—with more than 1.2 million pieces of information being entered in total.

“This shows the mass scale of the problem,” says Smith, who is presenting his findings at the Defcon security conference this weekend and previously published some details of the work. But the scale of the scamming is likely to be much larger, Smith says, as he didn't manage to track down all of the fraudulent USPS websites, and the group behind the efforts have been linked to similar scams in at least half a dozen other countries.

Gone Phishing

Chasing down the group didn’t take long. Smith started investigating the smishing text message he received by the dodgy domain and intercepting traffic from the website. A path traversal vulnerability, coupled with a SQL injection, he says, allowed him to grab files from the website’s server and read data from the database being used.

“I thought there was just one standard site that they all were using,” Smith says. Diving into the data from that initial website, he found the name of a Chinese-language Telegram account and channel, which appeared to be selling a smishing kit scammers could use to easily create the fake websites.

Details of the Telegram username were previously published by cybersecurity company Resecurity, which calls the scammers the “Smishing Triad.” The company had previously found a separate SQL injection in the group’s smishing kits and provided Smith with a copy of the tool. (The Smishing Triad had fixed the previous flaw and started encrypting data, Smith says.)

“I started reverse engineering it, figured out how everything was being encrypted, how I could decrypt it, and figured out a more efficient way of grabbing the data,” Smith says. From there, he says, he was able to break administrator passwords on the websites—many had not been changed from the default “admin” username and “123456” password—and began pulling victim data from the network of smishing websites in a faster, automated way.

Smith trawled Reddit and other online sources to find people reporting the scam and the URLs being used, which he subsequently published. Some of the websites running the Smishing Triad’s tools were collecting thousands of people’s personal information per day, Smith says. Among other details, the websites would request people’s names, addresses, payment card numbers and security codes, phone numbers, dates of birth, and bank websites. This level of information can allow a scammer to make purchases online with the credit cards. Smith says his wife quickly canceled her card, but noticed that the scammers still tried to use it, for instance, with Uber. The researcher says he would collect data from a website and return to it a few hours later, only to find hundreds of new records.

The researcher provided the details to a bank that had contacted him after seeing his initial blog posts. Smith declined to name the bank. He also reported the incidents to the FBI and later provided information to the United States Postal Inspection Service (USPIS).

Michael Martel, a national public information officer at USPIS, says the information provided by Smith is being used as part of an ongoing USPIS investigation and that the agency cannot comment on specific details. “USPIS is already actively pursuing this type of information to protect the American people, identify victims, and serve justice to the malicious actors behind it all,” Martel says, pointing to advice on spotting and reporting USPS package delivery scams.

Initially, Smith says, he was wary about going public with his research, as this kind of “hacking back” falls into a “gray area”: It may be breaking the Computer Fraud and Abuse Act, a sweeping US computer-crimes law, but he’s doing it against foreign-based criminals. Something he is definitely not the first, or last, to do.

Multiple Prongs

The Smishing Triad is prolific. In addition to using postal services as lures for their scams, the Chinese-speaking group has targeted online banking, ecommerce, and payment systems in the US, Europe, India, Pakistan, and the United Arab Emirates, according to Shawn Loveland, the chief operating officer of Resecurity, which has consistently tracked the group.

The Smishing Triad sends between 50,000 and 100,000 messages daily, according to Resecurity’s research. Its scam messages are sent using SMS or Apple’s iMessage, the latter being encrypted. Loveland says the Triad is made up of two distinct groups—a small team led by one Chinese hacker that creates, sells, and maintains the smishing kit, and a second group of people who buy the scamming tool. (A backdoor in the kit allows the creator to access details of administrators using the kit, Smith says in a blog post.)

“It’s very mature,” Loveland says of the operation. The group sells the scamming kit on Telegram for a $200-per month subscription, and this can be customized to show the organization the scammers are trying to impersonate. “The main actor is Chinese communicating in the Chinese language,” Loveland says. “They do not appear to be hacking Chinese language websites or users.” (In communications with the main contact on Telegram, the individual claimed to Smith that they were a computer science student.)

The relatively low monthly subscription cost for the smishing kit means it’s highly likely, with the number of credit card details scammers are collecting, that those using it are making significant profits. Loveland says using text messages that immediately send people a notification is a more direct and more successful way of phishing, compared to sending emails with malicious links included.

As a result, smishing has been on the rise in recent years. But there are some tell-tale signs: If you receive a message from a number or email you don't recognize, if it contains a link to click on, or if it wants you to do something urgently, you should be suspicious.

A melós laptopra ugye nincs admin jogom, szóval ilyen huncutsagok mint Logitech egérhez való szoftvert, meg SQL server management studio-t nem lehet csak úgy installalgatni....

Viszont ha kell, kapsz temp admin jogot - már bánom h nem raktam fel valamit a kurwa taskbar bal oldalra tolásához (természetesen a Logitech sw felment, azt majd én eldöntöm h szeretném konfigurálni az ergonomikus kis cuccaimat remote melókába)

Ja adtak monitort (valaki megrendelt egy random 24 collost amazonrol és hozzám szállították ki ..), de a laptopra alapból nem tudok 2 monitort kötni, mert van egy HDMI meg egy usbc/thunderbolt - de ugyanezen keresztül tölt is, és dokkolót persze nem adtak