Vol. 20, #26 - June 29, 2015 - Issue #1035
In this week's newsletter we'll catch up on some of the latest happenings in the information security world. Or maybe we should call it the IT insecurity world, considering all that's been happening lately. If only a solution as simple as a warm blanket existed for our IT insecurities. After all, as this video clip from "Happiness is a Warm Blanket Charlie Brown" shows, everybody has insecurities:
Take part in the WServerNews.com 2015 Site Survey for a chance to win! The survey runs until June 30th, 2015 and on completion of the survey all participants can sign up for a chance to win a Pluralsight Annual Plus subscription. The survey is estimated to take around 6 minutes to complete. You can take part in our survey by clicking the following link:
We've received the following request from a reader named Ira:
I was told you could possibly help me track down a product I have been looking for. I am trying to find a suggestion for a third party backup solution. I'd like a program that can run from a Windows Server (2003 to current) that could back up to a local drive (i.e. a USB connected device). I have two requirements. First, it MUST preserve NTSF permissions so that if I had to do a full restore these permissions would be restored as well as the files. My second requirement is that I'd like to be able to restore the files without having to use the applications itself - for example using Windows Explorer. I current use an Altaro backup solution (which works perfectly) but it does not preserve the NTSF permissions. Any help would be greatly appreciated.
Can any of our readers help Ira with his request? Email us at email@example.com
Ask Our Readers: WServerNews has almost 100,000 subscribers worldwide. That's a lot of expertise to tap into. Do you need help with some issue or need advice on something IT-related? Got a question you'd like us to toss out to our readers to try and answer? Email us at firstname.lastname@example.org
And now on to the main topic of this week's newsletter... security
If you use a password manager to store all your passwords, you might want to think twice. SecurityWeek recently reported that the internal network of company that created LastPass was compromised in a data breach:
LastPass Breached, Users Advised to Update Master Passwords
LastPass has also released a security bulletin to address the issue:
Ars Technica has an article that might interest road warriors who VPN into their company's corpnet using an open Wi-Fi connection at a hotel, airport or coffee shop:
Even with a VPN, open Wi-Fi exposes users
Want malware with that latte?
Security researchers have discovered some gaping holes in how applications are sandboxed in Apple's operating systems. They've reported their findings in a paper called "Unauthorized Cross-App Resource Access on MAC OS X and iOS" which you can read here (PDF):
This article on iDownloadBlog indicates that Apple has implemented a workaround:
But some problems remain and the article advises you not to download any software "from developers you don't know and trust" until the issue has been completely resolved.
Ars Technica reports on an HTTPS flaw in a number of popular apps for the Android platform:
Game-over HTTPS defects in dozens of Android apps expose user passwords
But if you can't trust your phone, who can you trust?
Favicons are those little graphics that appear in the address bar of your web browser when you visit certain sites on the Internet. Favicons have been around since 1999 and several W3C and IETF standards define how they are supposed to work. They also have some problems associated with them as the following Wikipedia article explains:
TechWorm reports that security researcher Andrea De Pasquale has identified a vulnerability in Firefox, Chrome and Safari that can cause the browser to crash if it attempts to download a favicon larger than 10 GB in size:
Apparently Internet Explorer is not vulnerable to this exploit.
Business Insider has a helpful article where they've asked different security experts how they safeguard their online identity and what you can do to prevent identity theft:
The best ways to keep your identity safe, according to the world's top security experts
After digesting all that bad news it might help if we have some good news. Remember the classic game Chip's Challenge? Millions of OEM PCs running Windows 3.1 came with that game preinstalled. Well, guess what: a sequel has finally been released on Steam:
And if you can still occasionally play the original game on your mom's PC, you might want to join the CC Zone:
If you have more recommendations or stories on migrating small businesses to the cloud, feel free to email us at email@example.com
Microsoft Public Cloud Services: Setting up your business in the cloud
Microsoft Press is pleased to announce the availability of Microsoft Public Cloud Services: Setting up your business in the cloud (ISBN 9780735697058) by Blain Barton. The book shows you how you can use Microsoft cloud services to help build a more competitive, agile business. Read more about it here:
Getting Started with Windows 10 for IT Professionals
Watch this on-demand training to find out how you can securely enable your organization with Windows 10. Our team of experts walks you through what's new in Windows 10 deployment and management, and much more. And you'll find out what Windows as a Service means for you and your organization.
"If you don't have a test environment, the production environment is your test environment." -- Anonymous
Until next week,
Note to subscribers: If for some reason you don't receive your weekly issue of this newsletter, please notify us at firstname.lastname@example.org and we'll try to troubleshoot things from our end.
Getting control of your network traffic and making sure that bandwidth hogs aren’t slowing everything down is quick and easy with the SolarWinds® Bandwidth Analyzer Pack (BAP)
Memtest86+ is free, open-source software aimed at memory failures detection
Bst5 (Bart's Stuff Test v5) is a small win32 application for long term heavy stress testing storage devices
Classic Shell provides a customizable start menu, toolbar and other features for Windows 7, 8, 8.1 and 10
GOT ADMIN TOOLS or other software/hardware you'd like to recommend? Email us at email@example.com
A reader named Phil recently emailed us with the following concern:
Recently while experimenting with the features of "Remote Desktop Connection", I uncovered what I consider a problem using Windows 10 and the new "Edge" (Spartan Project) Browser. It doesn't support "Remote Web Access". The error reads: "This function is supported only by Microsoft Internet Explorer" I submitted feedback to Microsoft on this, but I would like "WServer News" to take a look at this. (It does work fine in W10 using IE)
We reached out to some of our Product Group contacts at Microsoft concerning this matter, and here's what we heard back:
"Remote Web Access is based on ActiveX, which isn't supported by Edge but only by IE."
So it looks like we'll have to juggle two browsers if we want to use Remote Web Access on Windows 10.
When a Hyper-V host is properly shut down, the host attempts to properly shut down any virtual machines running on it before the host itself shuts down. However, if some VMs take too long to properly shut down, the host may simply turn them off instead, in effect "yanking the plug" from them. The reason for this behavior is to prevent badly behaving VMs from preventing a host from shutting down when it needs to, for example to finish applying a software update to the host.
By default the host allows 120 seconds for the VMs to properly shut down before it turns them off. If you feel however that you need to allow your VMs some extra time to ensure they are properly shut down, I've been informed by a colleague that you can do this by editing the following registry value on the host:
I haven't tried this yet so please use this tip at your own risk and use caution editing the registry.
Here is another helpful Outlook tip contributed to us by Scott Bueffel who is a Premier Field Engineer (PFE) working at Microsoft:
Here is my other custom macro, which adds a travel time appointment to or from a selected appointment item. (It works for single-occurrence appointments and meetings.) Like my other macro, your request gave me the opportunity to revisit it and fix something that didn't work the way I wanted it to. In this case, multiple calendars. Now it works with a non-default calendar or calendars in other accounts added to the profile (such as additional Exchange accounts). I modified the ribbon for appointment items to add buttons for traveling to and from the appointment (which run the respective macro). This macro has three subroutines and one function. One sub for creating a travel to appointment, one sub for creating a travel from appointment, one sub that actually creates the appointment item, and a function that opens the selected calendar folder (new for supporting different calendars).
Start by downloading this text file of Scott's VBA code and paste the code into ThisOutlookSession in the VBA editor and save it. Then follow these steps from Scott to add a button to the ribbon tied to the VBA macro so that when a calendar item is selected you can add a travel time appointment.
- Right-click anywhere in the ribbon and select Customize the Ribbon…
- Change the Customize the Ribbon drop-down list to show All Tabs.
- Under Calendar Tools, expand Appointment.
- Click on the Tags group, then click the New Group button to create a new group below Tags.
- Right-click on New Group (Custom) and select Rename, then name the group, for example, Create. (The icon is irrelevant.)
- With the Create group highlighted, in the drop-down list at the top left (Choose commands from), select Macros.
- Click on the name of the macro to add, which is Project1.ThisOutlookSession.CreateTravelToAppointment, and then the Add>> button.
- With the macro name already highlighted in the right pane, click the Rename… button.
- The dialog that opens lets you pick from a small assortment of icons for the button. Choose an icon, such as a right arrow, and a name, such as Travel To, that works for you.
- In the left pane, click on the other macro to add, which is Project1.ThisOutlookSession.CreateTravelFromAppointment, and then the Add>> button.
- With the macro name already highlighted in the right pane, click the Rename… button.
- Choose an icon, such as a left arrow, and a name, such as Travel From, that works for you.
- Click OK and OK again to return to the main window.
- In your calendar, click on an appointment or meeting (that isn't recurring).
- You'll now see a new group to the right of the Tags group with the buttons you named and icons that you selected. Clicking the appropriate one will run the corresponding macro (assuming you have your macro security settings configured to notify or enable all macros ).
GOT TIPS you'd like to share with other readers? Email us at firstname.lastname@example.org
AWS re:Invent on October 6-9 in Las Vegas, Nevada USA
PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 100,000 subscribers about? Contact email@example.com
PLANNING A WEBCAST you'd like to tell our subscribers about? Contact firstname.lastname@example.org
Microsoft OneNote certifications—a valuable credential for teachers, available at ISTE 2015 (Office Blogs)
Online Proctored MCP Exams Now Available in 30 More Countries (Born To Learn Blog)
Saying Goodbye to On-Premises Exchange (Part 1) (CloudComputingAdmin.com)
Getting Started With Azure Pack (Part 3) (VirtualizationAdmin.com)
10 lessons from EU CIOs of the Year and CIO CITY Summit (IT World Canada)
Patch Management: More Important than Ever (Part 2) (WindowsNetworking.com)
IPv6 for Windows Admins (Part 2) (WindowsNetworking.com)
Creating VLAN Pools and Layer 2 Bridge Domains in Cisco Application Centric Infrastructure (VirtualizationAdmin.com)
Is Operations Manager still relevant? (System Center Central)
How to create a Basic Configuration Item View and Type Projection showing Computers with their Primary User and Custodian (owner) (Antoni Hanus)
Archiving Data to Amazon AWS (Part 3)
Getting Started with AWS (Part 8)
Deep Dive into SCVMM 2012 R2 Networking and Storage (Part 3)
Windows 10 Trusted Computing Base a Comprehensive Security Strategy
Product Review: SolarWinds Server & Application Monitor
For many organizations today, cost savings is a major factor driving the move to the cloud. Unfortunately, these savings are far from automatic. In order to avoid strapped IT budgets and reap cloud's financial rewards, you must devise a cost optimization plan – find out more inside.
Moving workloads across virtual environments is significantly easier than it ever was with physical data centers, especially with help from features such as VMware's vMotion and Microsoft's Live Migration for Hyper-V. Still, some host servers might not be a good fit for every VM, so you need to establish custom VM placement ground rules to ensure success.
With so many options for VDI today, costs have never been lower, making it easier for VDI shops to deploy the types of virtual desktops they want without conceding performance. Discover new and lesser-known VDI options, and find out how to keep the cost of your VDI storage under control, without sacrificing or interfering with performance.
A major benefit of virtualization is the ease of producing multiple VMs to test changes and try new products. Unfortunately, if VM tests and trials are left in place, they can wreak havoc and eat up available resources. Learn how to prevent a VM infestation by removing VMs properly after completing a project.
GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at email@example.com
Besides inventing the cheese slicer and the paper clip, our friends in Norway have also pioneered something called "slow TV" which basically lets viewers watch live or recorded television coverage of the entire duration of what are essentially ordinary events. Since summer is upon us and IT pros tend to feel burned out around this time of year, watching a slow TV show can often be a form of therapy. If this is you, these examples of slow TV shows might be just the thing for you to glue your eyeballs to for a few hours:
Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit and has been author or series editor for almost fifty books mostly published by Microsoft Press. Mitch is also a ten-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com.
Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also manages research and marketing for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.