|RSS | MY PROFILE | PRIVACY|
Vol. 19, #43 - October 27, 2014 - Issue #1003
This week's newsletter is all about the SSL 3.0 vulnerability that Google security researches recently discovered and which they affectionately named POODLE which stands for Padding Oracle On Downgraded Legacy Encryption. Although SSL 3.0 has been largely superseded by TLS 1.x, many web servers and web browsers automatically downgrade to SSL when negotiation of an encrypted HTTP session using TLS fails for some reason. Of course, just because something LOOKS like a poodle doesn't mean it ACTUALLY IS a poodle...as this Dilbert comic strip illustrates:
It must be embarrassing for a tough guy to style his hair like that.
Last week in Issue #1002 More Shellshock for Windows admins a reader named Jim who is Chief of an IT group based in Pennsylvania, USA asked us the following:
We recently upgraded one of my users from Win7 Pro/Office 2007 to Win8 Pro/Office 2013 with a 'clean' install. When we went to restore his data, a problem arose. His PST file -- a whopping 4.4 GB -- would restore to the disk but couldn't be reattached to Outlook. We've restored the file to another Win7 Pro, equivalent to his old system, but have the same issue: "Corrupt File". We don't know if the issue was somehow caused during the backup process or if it is just too damn big. None of our usual repair tools, like ScanPST, will fix it -- most won't even open it because of the size.
Jim later followed up saying he had found an answer to question 3 as follows:
By the way, I just read that Outlook 2007 increased the PST file size limit to 20GB and 2010 increased it again to 50GB.
We've received a ton of responses from our readers concerning Jim's questions. Obviously a lot of you have had experiences similar to Jim as you manage the Exchange/Outlook messaging infrastructure of your organization. Here is a selection of the responses we thought might be most helpful to the original poster:
Do you have Exchange Servers? Create a tempuser mailbox:
New-MailboxImportRequest tempuser -FilePath c:\temp\my.pst -AcceptLargeDataLoss -BadItemLimit 10000000
--from Keith, Exchange Engineer for a food services company
This issue was fixed in Office 2003 but the PST MUST be converted to Unicode. After conversion it must be repaired. The new size limit will now be 50Gb.
It is easiest to convert in place on the old system before migrating. I have done this many times. It is fairly quick.
--from a reader named James
There may be no way to fix the problem. A lot depends on where the original PST file was created.
If you upgraded from 2002 in the past and didn't convert the PST to the new file type then the file is larger than the maximum file size for the older structure can handle. If so then you are probably hosed.
However there may be away around this:
- In your new outlook 2013 create a new PST file (when you add a new account it will create a new PST file).
- Once you have done this go to "File" then "Open" and select "Import" then "Import from another program or file".
- Click "Next" then select Outlook data file (PST) from the options and then "Next".
- Locate your file and let it proceed to import.
This may work but if the file is too large it may fail at some point.
--from a reader named John
There are a couple possibilities:
--from a reader named Luis
There is a great utility Kroll OnTrack EasyRecovery Pro that repairs .pst files. I have used it for many years:
--Howard, Network Administrator for an architectural firm
I got similar issue before. Just add physical memory then it works. For your reference and hope it helps.
--from a reader named Ching
One question comes to mind. Where is the .pst file stored, locally or on a network share? PST files on a network share are not supported any more and will show this symptom.
--from a reader named Lyle
This problem has been caused in our environment if the file was backed up while MS Communicator/Lync was still running on the user's PC.
--from a reader named Barry
Just wondering if they reattached the PST file by using the import feature or did they just stick it into the APP Data/Local folder hoping it would find and attach itself?--from a reader named Tom
Also in last week's issue was the following request we received from reader who works at an ISP in the eastern USA:
Hi, one of our readers asked us what we knew about CloudMark and which ISPs use it. Knowing virtually nothing about such things, we thought maybe you can help her. THX.
So far we've received two responses from our newsletter readers to the above request:
Just read the call out for feedback on Cloudmark in the 10/20 issue of WServerNews. I have been using Cloudmark -- both the Desktop and Exchange versions for years. I am, however, an end-user, not an ISP. So, I have no idea if this is going to help the reader who made this query, but the one thing I can tell you with absolute certainty is that you will not find a more accurate spam filter. And by accurate, I mean not only identifying spam, but also *not* identifying legitimate e-mails as spam (false positives).
I recently decided it was time to upgrade to an actual spam-filtering appliance and we installed a Barracuda Spam & Virus Firewall Model 200. Barracuda is undeniably a high-end product. My experience, however, is that it doesn't hold a candle to Cloudmark when it comes to false positives. Hope this is helpful.
--from Stewart, President of a hardware company
We've been experimenting with fighting SPAM at the desktop level. This free product is very very good at getting what our Symantec Filters cannot and it lets you mark them. You can download it here from their website:
--from Scott, Enterprise Server Programmer for the IT department of an educational organization
Ask Our Readers: WServerNews has almost 100,000 subscribers worldwide. That's a lot of expertise to tap into. Do you need help with some issue or need advice on something IT-related? Got a question you'd like us to toss out to our readers to try and answer? Email us at email@example.com
And now on to the main topic of this week's issue...
Things just seem to keep getting worse in IT, don't they? Just when you thought you had a handle on the ShellShock vulnerability a.k.a. BASH bug, another gaping flaw in the underlying protocols of the Internet raises its nasty head. So what is POODLE? Why should we worry about it? Can it affect Windows-based environments? If so, what can we do about it?
What is POODLE?
It's basically a flaw in version 3.0 of the SSL protocol which used to be the standard for encrypting web traffic but has since been superseded by an updated protocol named TLS.
Should I be worried?
If your company or organization does business over the web then you should probably be worried for two reasons. First, while your web servers are likely configured to use TLS by default for encrypting web traffic, they are also likely configured to fall back to using SSL 3.0 should negotiation between your web server and a customer's web browser fail with TLS for some reason. Second, if your users need to securely connect with their web browsers to any web servers that are outside your control, those web servers are vulnerable for the same reason described above. And if those web servers beyond your control get compromised, then users connecting to them are potentially exposed to various kinds of information disclosure attacks.
I want to know more about POODLE
Want to learn more about how POODLE works? Here is the original announcement concerning this vulnerability on the Google Online Security Blog:
The above blog post references a security advisory published on OpenSSL.org by some members of the Google Security Team (PDF file):
StackExchange also has an excellent "in a nutshell" explanation of how POODLE works:
OK what should I do?
There are basically two things you can do to protect your assets against POODLE:
What about Microsoft products?
SSL 3.0 is still supported (available for fallback purposes) in the following Microsoft products:
Yikes! OK how can I disable SSL 3.0 on Microsoft products?
See the Suggested Actions section of Microsoft Security Advisory 3009008 for some general workarounds (requires Windows ID sign-in):
This thread on ServerFault may also be helpful especially with regard to IIS:
And this tweet by Microsoft MVP Eric Lawrence shows an easy way users can disable SSL 3.0 if they use Internet Explorer as their web browser:
Eric later followed this up with another tweet:
What about other web servers and web browsers?
Scott Helme has a terrific post on his blog describing how to disable SSL 3.0 on:
Here is Scott's post:
Scott's article also includes links to sites where you can test your web server or web browser to ensure they have SSL 3.0 disabled.
George Chetcuti also published a note about the POODLE exploit on his blog on WindowsSecurity.com:
At the end of George's note he says "Go here to find out how to disable SSLv3 support in your browser" and points you to another good article that describes how to disable SSLv3 on various browser platforms:
Anything more for Windows admins?
We've found a few threads on various Microsoft forums that you might want to keep an eye on:
Send us feedback
Got any other recommendations or tips concerning POODLE you'd like to share with our readers? Let us know at firstname.lastname@example.org
This week's tip has been contributed by Hubert Heller who manages the Flixxy.com site that has the fun videos we include in the FAVE Links section of our newsletter:
Update for Windows 7 (32-bit) (KB2952664) FAILED
Just in case it happens to you (as it did to me and a friend of mine who also uses Windows 7), here is the fix. During my Windows update I received the above error message while attempting the Update for Windows 7 (KB2952664). I had to do this step to re-install:
Go to Windows update then click on View update history then click on Installed updates, search for the failed kb number and double click on it and it will prompt to uninstall. Uninstall then reboot and go back to Windows update and click Check for updates it should come up and re-download and install.
I hope this works for you. See here for more:
How can a company like Microsoft let this go through?
How indeed? I've actually become more concerned lately about the quality control Microsoft exercises over their update release process and have begun advising my family and friends to changed the Windows Update settings on their PCs from "Install updates automatically (Recommended)" to "Download updates but let me choose whether to install them." Then I tell them that when the Windows Update popup appears in their taskbar notification area, they should wait a week and haunt the Microsoft Answers forums to see whether any problems have been discovered with the newly released updates before they go ahead and install the updates on their PCs.
How do other readers feel about this issue and how do you deal with it? Email us at email@example.com
This week we have some books to recommend if you want to learn more about the different web server platforms available:
Learn Windows IIS in a Month of Lunches
IIS Fast Start: A Quick Start Guide for IIS
Professional Microsoft IIS 8
Pro Apache Hadoop
60 Recipes for Apache CloudStack: Using the CloudStack Ecosystem
Nginx HTTP Server - Second Edition
Web server 101 Success Secrets: 101 Most Asked Questions On Web server - What You Need To Know
Some announcements from the Microsoft Virtual Academy:
Here's a good one on Oct 28:
October 28: Modernizing Your Data Center Jump Start
If you're migrating from Windows Server 2003 and want to get ahead of the project, join Matt Hester and Jennelle Crothers for an informative look at modernization and data center transformation options in Windows Server 2012 R2 and Microsoft Azure. On October 28, this demo-rich Jump Start, "Modernizing Your Data Center," explores storage, networking, and the cloud. Discover what you need to update your data center to match your workloads, directly from the experts. Register today!
October 29: Using PowerShell for Active Directory Jump Start
Do you want to automate redundant tasks and do it right the first time? This live session will show you how. The training includes live Q&A with renowned experts Ashley McGlone and Jason Helmick, informative deep-dive drills and coding one-liners, plus a fast and fun round of "Challenge the Master." Learn how PowerShell works and make it work for you! Register today!
"The man who does not read good books has no advantage over the man who can't read them." - Mark Twain
Until next week,
Note to subscribers: If for some reason you don’t receive your weekly issue of this newsletter, please notify us at firstname.lastname@example.org and we’ll try to troubleshoot things from our end.
Active Directory® replication issues can be difficult to diagnose because there are so many root causes. Get your free Active Directory Healthcheck with SolarWinds® Server & Application Monitor.
Concerned about data loss during a data migration? “LinkFixer Advanced” is a software tool that fixes broken links in most file types, preventing data loss. Get your free trial version today!
StarTech SATA Hard Drive HDD Duplicator Dock lets you clone hard drives without having to connect to a host computer
R-Studio is a family of powerful and cost-effective undelete and data recovery software
Forensic Acquisition Utilities is a collection of utilities and libraries for forensic investigative use in a Windows environment
Microsoft SQL Server PASS Summit 2014 on November 4-7, 2014 in Seattle, Washington, USA
Convergence 2014 on March 16-19 in Atlanta, Georgia, USA
Microsoft will be hosting an inaugural, unified Microsoft commercial technology conference the week of May 4, 2015 in Chicago, Illinois, USA
Convergence 2014 Europe on November 4-6, 2014 in Barcelona, Spain
PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 95,000 subscribers about? Contact email@example.com
PLANNING A WEBCAST you'd like to tell our subscribers about? Contact firstname.lastname@example.org
Security-as-a-service, Cloud-Based on the Rise (Part 2) (CloudComputingAdmin.com)
Trustworthy Cloud Series: Managing Secure Cloud Operations (Microsoft Cyber Trust Blog)
Getting started with SaltStack (VirtualizationAdmin.com)
Product Review: Netwrix Auditor (VirtualizationAdmin.com)
Improving Network Performance in Windows Server and Client (Part 2) (WindowsNetworking.com)
Message Analyzer has Released -- A New Beginning (MessageAnalyzer)
Microsoft RDS Policies explained (Part 4) (VirtualizationAdmin.com)
Video: Generating Active Directory Group Members Recursively (WindowSecurity.com)
Recertification Exams Now Available for MCSE: Desktop Infrastructure, Server Infrastructure, & Private Cloud (Born To Learn Blog)
Want to Earn Your MCSA: Windows Server 2012 or SQL Server 2012? You Now Have More Options! (Born To Learn Blog)
It's crucial to be proactive when it comes to cloud network maintenance and monitoring to ensure optimal business performance at all times. Inside this exclusive guide, learn four essential tips for effectively maintaining and monitoring your cloud performance to avoid disasters down the road.
With virtualization, you can migrate your pre-existing physical servers to the virtual world without having to reinstall them. Though migrating is wizard-driven, there are some best practices that can help you become a P2V expert and ensure the health of your virtual environment -- find out what they are inside.
While data center hardware can last years, with 2015 on the horizon, it's time for you to think about updating your servers so you can regain a competitive edge by driving business innovation and productivity. Uncover the key reasons why you should budget for new servers in 2015.
When best practices aren't followed, it can be difficult to get your vCenter Server functioning properly. Get a firsthand account of one IT pro's vSphere vCenter troubleshooting experience. Find out what steps he took to figure out and fix the problem he was having and learn how to avoid his mistakes.
This Week's Links We Like. Tips, Hints And Fun Stuff
GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at email@example.com
A Russian soldier comes up with some 'clever' ideas to save a cat stuck in a tree:
Helmet camera view of an intense obstacle race through the narrow alleys of the old city of Porto, Portugal:
The Sukhoi Su-35 and Su-37 pilots show the amazing maneuverability of their aircraft at an air show in Dubai:
Young magician Moritz Mueller from Germany has a brilliant smooth touch and impresses even experienced magicians with his superb skill:
Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit and has been author or series editor for almost fifty books mostly published by Microsoft Press. Mitch is also a ten-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com.
Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also manages research and marketing for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.