Vol. 20, #26 - June 29, 2015 - Issue #1035

Security Briefs

  1. Editor's Corner
    • There's still time to take part in our survey
    • Ask Our Readers - Need a backup solution
    • Vulnerability of password managers
    • Risks of using a VPN over an open Wi-Fi connection
    • Leaky sandboxes in OS X and iOS
    • Android apps expose user passwords
    • Favicon vulnerability in web browsers
    • Tips to keep your identity safe
    • Classic gaming
    • Send us your feedback
    • Recommended for Learning
    • Microsoft Virtual Academy
    • Quote of the Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. This Week's Tips
    • Using Remote Web Access with Windows 10
    • Preventing Hyper-V virtual machines from being turned off
    • Adding a travel time appointment to a calendar item in Outlook
  4. Events Calendar
    • North America
  5. Webcast Calendar
    • Register for Webcasts
  6. Tech Briefing
    • Certification
    • Cloud computing
    • Enterprise IT
    • Networking
    • System Center
  7. Recommended TechGenix Articles
    • Recommended articles from websites in TechGenix Network
  8. Windows Server News
    • Cash in on cloud with cost optimization planning
    • When to create custom VM placement rules
    • Don't let VDI storage costs hinder performance
    • Protect vSphere from a zombie VM attack
  9. WServerNews FAVE Links
    • "Slow TV"
  10. WServerNews - Product of the Week
    • Deep Packet Inspection for Quality of Experience Monitoring

 

Deep Packet Inspection for Quality of Experience Monitoring

Read this whitepaper to get a detailed description of packet analysis techniques to measure high network response times, network delay, server processing times, client processing time, traffic distribution, and overall quality of experience.

Download Now>>

 

Editor's Corner

  • SAVE THIS NEWSLETTER so you can refer back to it later for helpful tips, tools and resources!
  • SEND YOUR FEEDBACK to wsn@mtit.com if you have any comments or suggestions!

In this week's newsletter we'll catch up on some of the latest happenings in the information security world. Or maybe we should call it the IT insecurity world, considering all that's been happening lately. If only a solution as simple as a warm blanket existed for our IT insecurities. After all, as this video clip from "Happiness is a Warm Blanket Charlie Brown" shows, everybody has insecurities:

http://www.wservernews.com/go/1435327791982

There's still time to take part in our survey!

Take part in the WServerNews.com 2015 Site Survey for a chance to win! The survey runs until June 30th, 2015 and on completion of the survey all participants can sign up for a chance to win a Pluralsight Annual Plus subscription. The survey is estimated to take around 6 minutes to complete. You can take part in our survey by clicking the following link:

http://www.wservernews.com/go/1435327890995

Ask Our Readers - Need a backup solution

We've received the following request from a reader named Ira:

I was told you could possibly help me track down a product I have been looking for. I am trying to find a suggestion for a third party backup solution. I'd like a program that can run from a Windows Server (2003 to current) that could back up to a local drive (i.e. a USB connected device). I have two requirements. First, it MUST preserve NTSF permissions so that if I had to do a full restore these permissions would be restored as well as the files. My second requirement is that I'd like to be able to restore the files without having to use the applications itself - for example using Windows Explorer. I current use an Altaro backup solution (which works perfectly) but it does not preserve the NTSF permissions. Any help would be greatly appreciated.

Can any of our readers help Ira with his request? Email us at wsn@mtit.com

Ask Our Readers: WServerNews has almost 100,000 subscribers worldwide. That's a lot of expertise to tap into. Do you need help with some issue or need advice on something IT-related? Got a question you'd like us to toss out to our readers to try and answer? Email us at wsn@mtit.com

And now on to the main topic of this week's newsletter... security

Vulnerability of password managers

If you use a password manager to store all your passwords, you might want to think twice. SecurityWeek recently reported that the internal network of company that created LastPass was compromised in a data breach:

LastPass Breached, Users Advised to Update Master Passwords
http://www.wservernews.com/go/1435328612221

LastPass has also released a security bulletin to address the issue:
http://www.wservernews.com/go/1435328618360

Risks of using a VPN over an open Wi-Fi connection

Ars Technica has an article that might interest road warriors who VPN into their company's corpnet using an open Wi-Fi connection at a hotel, airport or coffee shop:

Even with a VPN, open Wi-Fi exposes users
http://www.wservernews.com/go/1435328797171

Want malware with that latte?

Leaky sandboxes in OS X and iOS

Security researchers have discovered some gaping holes in how applications are sandboxed in Apple's operating systems. They've reported their findings in a paper called "Unauthorized Cross-App Resource Access on MAC OS X and iOS" which you can read here (PDF):
http://www.wservernews.com/go/1435328899261

This article on iDownloadBlog indicates that Apple has implemented a workaround:
http://www.wservernews.com/go/1435328913259

But some problems remain and the article advises you not to download any software "from developers you don't know and trust" until the issue has been completely resolved.

Android apps expose user passwords

Ars Technica reports on an HTTPS flaw in a number of popular apps for the Android platform:

Game-over HTTPS defects in dozens of Android apps expose user passwords
http://www.wservernews.com/go/1435329088820

But if you can't trust your phone, who can you trust?

Favicon vulnerability in web browsers

Favicons are those little graphics that appear in the address bar of your web browser when you visit certain sites on the Internet. Favicons have been around since 1999 and several W3C and IETF standards define how they are supposed to work. They also have some problems associated with them as the following Wikipedia article explains:
http://www.wservernews.com/go/1435329181537

TechWorm reports that security researcher Andrea De Pasquale has identified a vulnerability in Firefox, Chrome and Safari that can cause the browser to crash if it attempts to download a favicon larger than 10 GB in size:
http://www.wservernews.com/go/1435329210953

Apparently Internet Explorer is not vulnerable to this exploit.

Tips to keep your identity safe

Business Insider has a helpful article where they've asked different security experts how they safeguard their online identity and what you can do to prevent identity theft:

The best ways to keep your identity safe, according to the world's top security experts
http://www.wservernews.com/go/1435329309544

Classic gaming

After digesting all that bad news it might help if we have some good news. Remember the classic game Chip's Challenge? Millions of OEM PCs running Windows 3.1 came with that game preinstalled. Well, guess what: a sequel has finally been released on Steam:
http://www.wservernews.com/go/1435329353474

And if you can still occasionally play the original game on your mom's PC, you might want to join the CC Zone:
http://www.wservernews.com/go/1435329364940

Send us your feedback

If you have more recommendations or stories on migrating small businesses to the cloud, feel free to email us at wsn@mtit.com

Recommended for Learning

Microsoft Public Cloud Services: Setting up your business in the cloud

Microsoft Press is pleased to announce the availability of Microsoft Public Cloud Services: Setting up your business in the cloud (ISBN 9780735697058) by Blain Barton. The book shows you how you can use Microsoft cloud services to help build a more competitive, agile business. Read more about it here:
http://www.wservernews.com/go/1435329765897

Microsoft Virtual Academy

Getting Started with Windows 10 for IT Professionals

Watch this on-demand training to find out how you can securely enable your organization with Windows 10.  Our team of experts walks you through what's new in Windows 10 deployment and management, and much more.  And you'll find out what Windows as a Service means for you and your organization.
http://www.wservernews.com/go/1435329912245

Quote of the Week

"If you don't have a test environment, the production environment is your test environment." -- Anonymous

Until next week,
Mitch Tulloch

BTW feel free to follow me on Twitter and connect with me on LinkedIn

Note to subscribers: If for some reason you don't receive your weekly issue of this newsletter, please notify us at wsn@mtit.com and we'll try to troubleshoot things from our end.

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

Stay ahead of Exchange performance issues with SolarWinds® Server & Application Monitor with AppInsight for Exchange.
http://www.wservernews.com/go/1434711094317

Getting control of your network traffic and making sure that bandwidth hogs aren’t slowing everything down is quick and easy with the SolarWinds® Bandwidth Analyzer Pack (BAP)
http://www.wservernews.com/go/1435330936729

Memtest86+ is free, open-source software aimed at memory failures detection
http://www.wservernews.com/go/1435330198838

Bst5 (Bart's Stuff Test v5) is a small win32 application for long term heavy stress testing storage devices
http://www.wservernews.com/go/1435330202135

Classic Shell provides a customizable start menu, toolbar and other features for Windows 7, 8, 8.1 and 10
http://www.wservernews.com/go/1435330206292

GOT ADMIN TOOLS or other software/hardware you'd like to recommend? Email us at wsn@mtit.com 

This Week's Tips

Using Remote Web Access with Windows 10

A reader named Phil recently emailed us with the following concern:

Recently while experimenting with the features of "Remote Desktop Connection", I uncovered what I consider a problem using Windows 10 and the new "Edge" (Spartan Project) Browser. It doesn't support "Remote Web Access". The error reads: "This function is supported only by Microsoft Internet Explorer" I submitted feedback to Microsoft on this, but I would like "WServer News" to take a look at this. (It does work fine in W10 using IE)

We reached out to some of our Product Group contacts at Microsoft concerning this matter, and here's what we heard back:

"Remote Web Access is based on ActiveX, which isn't supported by Edge but only by IE."

So it looks like we'll have to juggle two browsers if we want to use Remote Web Access on Windows 10.

Preventing Hyper-V virtual machines from being turned off

When a Hyper-V host is properly shut down, the host attempts to properly shut down any virtual machines running on it before the host itself shuts down. However, if some VMs take too long to properly shut down, the host may simply turn them off instead, in effect "yanking the plug" from them. The reason for this behavior is to prevent badly behaving VMs from preventing a host from shutting down when it needs to, for example to finish applying a software update to the host.

By default the host allows 120 seconds for the VMs to properly shut down before it turns them off. If you feel however that you need to allow your VMs some extra time to ensure they are properly shut down, I've been informed by a colleague that you can do this by editing the following registry value on the host:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Virtualization\ShutdownTimeout

I haven't tried this yet so please use this tip at your own risk and use caution editing the registry.

Adding a travel time appointment to a calendar item in Outlook

Here is another helpful Outlook tip contributed to us by Scott Bueffel who is a Premier Field Engineer (PFE) working at Microsoft:

Here is my other custom macro, which adds a travel time appointment to or from a selected appointment item.  (It works for single-occurrence appointments and meetings.)  Like my other macro, your request gave me the opportunity to revisit it and fix something that didn't work the way I wanted it to.  In this case, multiple calendars.  Now it works with a non-default calendar or calendars in other accounts added to the profile (such as additional Exchange accounts).  I modified the ribbon for appointment items to add buttons for traveling to and from the appointment (which run the respective macro).  This macro has three subroutines and one function.  One sub for creating a travel to appointment, one sub for creating a travel from appointment, one sub that actually creates the appointment item, and a function that opens the selected calendar folder (new for supporting different calendars).

Start by downloading this text file of Scott's VBA code and paste the code into ThisOutlookSession in the VBA editor and save it. Then follow these steps from Scott to add a button to the ribbon tied to the VBA macro so that when a calendar item is selected you can add a travel time appointment.

  1. Right-click anywhere in the ribbon and select Customize the Ribbon…
  2. Change the Customize the Ribbon drop-down list to show All Tabs.
  3. Under Calendar Tools, expand Appointment.
  4. Click on the Tags group, then click the New Group button to create a new group below Tags.
  5. Right-click on New Group (Custom) and select Rename, then name the group, for example, Create. (The icon is irrelevant.)
  6. With the Create group highlighted, in the drop-down list at the top left (Choose commands from), select Macros.
  7. Click on the name of the macro to add, which is Project1.ThisOutlookSession.CreateTravelToAppointment, and then the Add>> button.
  8. With the macro name already highlighted in the right pane, click the Rename… button.
  9. The dialog that opens lets you pick from a small assortment of icons for the button. Choose an icon, such as a right arrow, and a name, such as Travel To, that works for you.
  10. In the left pane, click on the other macro to add, which is Project1.ThisOutlookSession.CreateTravelFromAppointment, and then the Add>> button.
  11. With the macro name already highlighted in the right pane, click the Rename… button.
  12. Choose an icon, such as a left arrow, and a name, such as Travel From, that works for you.
  13. Click OK and OK again to return to the main window.
  14. In your calendar, click on an appointment or meeting (that isn't recurring).
  15. You'll now see a new group to the right of the Tags group with the buttons you named and icons that you selected. Clicking the appropriate one will run the corresponding macro (assuming you have your macro security settings configured to notify or enable all macros ).

GOT TIPS you'd like to share with other readers? Email us at wsn@mtit.com

Events Calendar

North America

Microsoft Worldwide Partner Conference (WPC) on July 12-16 in Orlando, Florida USA
http://www.wservernews.com/go/1434542477494

AWS re:Invent on October 6-9 in Las Vegas, Nevada USA
http://www.wservernews.com/go/1434542479290

Add Your Event

PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 100,000 subscribers about? Contact michaelv@techgenix.com

Webcast Calendar

Register for Webcasts

Add your Webcast

PLANNING A WEBCAST you'd like to tell our subscribers about? Contact michaelv@techgenix.com

Tech Briefing

Certification

Microsoft OneNote certifications—a valuable credential for teachers, available at ISTE 2015 (Office Blogs)
http://www.wservernews.com/go/1435332144260

Online Proctored MCP Exams Now Available in 30 More Countries (Born To Learn Blog)
http://www.wservernews.com/go/1435332147432

Cloud Computing

Saying Goodbye to On-Premises Exchange (Part 1) (CloudComputingAdmin.com)
http://www.wservernews.com/go/1435332321276

Getting Started With Azure Pack (Part 3) (VirtualizationAdmin.com)
http://www.wservernews.com/go/1435332324213

Enterprise IT

10 lessons from EU CIOs of the Year and CIO CITY Summit (IT World Canada)
http://www.wservernews.com/go/1435332387198

Patch Management: More Important than Ever (Part 2) (WindowsNetworking.com)
http://www.wservernews.com/go/1435332390401

Networking

IPv6 for Windows Admins (Part 2) (WindowsNetworking.com)
http://www.wservernews.com/go/1435332485073

Creating VLAN Pools and Layer 2 Bridge Domains in Cisco Application Centric Infrastructure (VirtualizationAdmin.com)
http://www.wservernews.com/go/1435332492088

System Center

Is Operations Manager still relevant? (System Center Central)
http://www.wservernews.com/go/1435332567963

How to create a Basic Configuration Item View and Type Projection showing Computers with their Primary User and Custodian (owner) (Antoni Hanus)
http://www.wservernews.com/go/1435332571542

 

Recommended TechGenix Articles

Archiving Data to Amazon AWS (Part 3)
http://www.wservernews.com/go/1435572815401

Getting Started with AWS (Part 8)
http://www.wservernews.com/go/1435572817948

Deep Dive into SCVMM 2012 R2 Networking and Storage (Part 3)
http://www.wservernews.com/go/1435572822010

Windows 10 Trusted Computing Base a Comprehensive Security Strategy
http://www.wservernews.com/go/1435572825448

Product Review: SolarWinds Server & Application Monitor
http://www.wservernews.com/go/1435572828385

Windows Server News

Cash in on cloud with cost optimization planning

For many organizations today, cost savings is a major factor driving the move to the cloud.  Unfortunately, these savings are far from automatic. In order to avoid strapped IT budgets and reap cloud's financial rewards, you must devise a cost optimization plan – find out more inside.
http://www.wservernews.com/go/1435333235979

When to create custom VM placement rules

Moving workloads across virtual environments is significantly easier than it ever was with physical data centers, especially with help from features such as VMware's vMotion and Microsoft's Live Migration for Hyper-V. Still, some host servers might not be a good fit for every VM, so you need to establish custom VM placement ground rules to ensure success.
http://www.wservernews.com/go/1435333286104

Don't let VDI storage costs hinder performance

With so many options for VDI today, costs have never been lower, making it easier for VDI shops to deploy the types of virtual desktops they want without conceding performance. Discover new and lesser-known VDI options, and find out how to keep the cost of your VDI storage under control, without sacrificing or interfering with performance.
http://www.wservernews.com/go/1435333467885

Protect vSphere from a zombie VM attack

A major benefit of virtualization is the ease of producing multiple VMs to test changes and try new products.  Unfortunately, if VM tests and trials are left in place, they can wreak havoc and eat up available resources.  Learn how to prevent a VM infestation by removing VMs properly after completing a project.
http://www.wservernews.com/go/1435333688245

 

WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff

GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at wsn@mtit.com

"Slow TV"

Besides inventing the cheese slicer and the paper clip, our friends in Norway have also pioneered something called "slow TV" which basically lets viewers watch live or recorded television coverage of the entire duration of what are essentially ordinary events. Since summer is upon us and IT pros tend to feel burned out around this time of year, watching a slow TV show can often be a form of therapy. If this is you, these examples of slow TV shows might be just the thing for you to glue your eyeballs to for a few hours:

Cab Ride Norway : Trondheim - Bodø (Winter) Nordland Line

http://www.wservernews.com/go/1435334205948

BergensBanen minutt for minutt HD (Full video)

http://www.wservernews.com/go/1435334231057

"Nord-Norge" travel (4 hours)

http://www.wservernews.com/go/1435334244182

And if you want to learn more about the history of slow TV you can watch this video:

http://www.wservernews.com/go/1435334272745

WServerNews - Product of the Week

Deep Packet Inspection for Quality of Experience Monitoring

Read this whitepaper to get a detailed description of packet analysis techniques to measure high network response times, network delay, server processing times, client processing time, traffic distribution, and overall quality of experience.

Download Now>>

 

 

WServerNews - Editors

Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit and has been author or series editor for almost fifty books mostly published by Microsoft Press. Mitch is also a ten-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com.

Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also manages research and marketing for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.