Tuesday, December 27, 2022

My New Criteria for a Password Manager

December 27, 2022

by Steve Endow


On December 22, 2022, LastPass disclosed that they had discovered that an attacker had copied a backup of customer "vault data" following a cyberattack and data breach that occurred in August 2022.

Aside from the obvious bad news, I initially learned of two interesting things about LastPass that I never would have thought to consider when evaluating password managers.

1. While web site username and password values are encrypted, the URL for the web site entry is not encrypted by LastPass.  I believe this poses a security risk for LastPass users.

2. Prior to 2018, LastPass used 5,000 iterations in the key derivation process. In 2018, they increased that to 100,100 iterations.  Even if you don't know what key derivation iterations are, just make note of that significant change.  From what I've read, older vaults were not automatically upgraded to the more secure configuration.  In theory, this means that vaults created prior to the 2018 upgrade are potentially more vulnerable to brute force password cracking.

Sunday, December 18, 2022

Improving Personal Email Security

by Steve Endow

Last week I discovered that my personal information was included in 2 massive data breaches in under 24 hours.

This was the last straw for me.

Yet Another Data Breach


Background

Data breaches aren't new, and have unfortunately become so common that I don't think they garner any more than an eye roll or a shrug these days.  Here is just a partial list of breaches that occurred in 2022.  I happen to know that December 2022 is missing several significant entries.  And this doesn't include all of the shady data brokers who buy and sell your data constantly.

https://tech.co/news/data-breaches-2022-so-far

I don't see data breaches decreasing any time soon, and I assume that we will continue to see an increasing number of breaches in coming years.  It's going to get far worse before it gets better.

So what does this have to do with email?

The problem is that several of these breaches have included my "personal" email address.  

Wednesday, July 27, 2022

Disable The Annoying Dialog After Posting in Business Central

by Steve Endow

Why does this dialog appear by default after EVERY document posting in Business Central?

This is an annoying dialog

I was recently on a call with my colleague Tanya Henderson to review some accounts payable payment processes in Business Central.

After I posted a purchasing invoice, she told me to click No on this useless dialog, saying that she has to train all of her customers to click no, and she wished she could get rid of it.  

Can this dialog be turned off?  If not, can a PTE suppress it after posting?

Challenge accepted!

Friday, May 20, 2022

Exploring Business Central Custom Table Indexes

by Steve Endow

In my last post, I poked around in SQL to see what custom fields looked like in the database for a Business Central table extension.

While looking into fields, I happened to notice the table index that is automatically created for the table extension.

Automatic Table Extension Index

If we look at this index, we see it is a Clustered Unique index for the "No_" field only.

Default Clustered Index on Table Extension

Why is this default index created automatically?  This Table Keys docs page briefly mentions the default Clustered Index on table extensions.

Wednesday, May 18, 2022

Business Central Custom Fields and Default Field Values

by Steve Endow

When you add new fields to an existing Business Central table, what happens?  

What does Business Central do in the database?  How does Business Central handle default field values?  

I didn't know the answers to these questions, so I decided to do a few tests.  For fun, obvs!

To keep things simple, I created a Table Extension object in AL.  I assume this applies to creating custom tables and adding fields to an existing custom table, but I figured a Table Extension would be simpler and easier to test with, and I learned a few more things about table extensions in the process.

Simple Customer Table Extension 

Thursday, May 5, 2022

Mitigating WiFi deauth attack with Protected Management Frames in Unifi (aka 802.11w Management Frame Protection MFP)

by Steve Endow

Note:  In case the title didn't make it obvious, this post has nothing to do with Business Central.  I wanted to document my learning because I found very little reliable or current information on mitigating WiFi deauth attacks, as of May 2022.  If I got anything wrong or if you find a good resource covering this topic, please post a comment and let me know.


When I'm not trying to learn Business Central, I like to learn about computer security.  I'm not a computer security expert by any means, just someone who finds it interesting as a side hobby.

While learning about password cracking several months ago, I learned about Kali Linux, an amazing distribution that includes lots of different computer and network security tools pre-installed.

In order to learn how to use Kali Linux and the security tools it includes, I decided to try to learn how to crack my WiFi password.  It seemed like a fun exercise, and it was.  But it just happened to teach me something entirely unexpected.

While following the instructions in this "Hacking Wi-Fi" guide (which had some minor omissions--I recommend using this version instead), I was quite surprised when I read this step:

"...disconnect the clients connected to the target network..."

Wait, what?

Friday, April 22, 2022

Power Automate Business Central Journal Line Import Error

by Steve Endow

NOTE:  I'm encountering this error as of April 22, 2022.  If this ends up being a bug in the Power Automate BC connector that is fixed, I'll post an update.


A customer is interested in importing General Journals into Dynamics 365 Business Central using Power Automate.

Simple, right?  Just one Power Automate flow, right?  How hard could it be, right?

Well, it depends.

This is the error that I get in my Power Automate environment.

You must specify a journal batch ID or a journal ID to get a journal line

When I ask why it doesn't work, I get responses that seem to indicate that it should work.

"It works fine for me"

"You must be doing it wrong"

"Did you try doing it this way?"

But no matter what I try, the flow gives me the same error:

ErrorCode: Application_DialogException  You must specify a journal batch ID or a journal ID to get a journal line.  

How many digits can a Business Central Amount field actually support?

 by Steve Endow (If anyone has a technical explanation for the discrepancy between the Docs and the BC behavior, let me know!) On Sunday nig...