|RSS | MY PROFILE | PRIVACY|
Vol. 19, #39 - September 29, 2014 - Issue #999
This week's newsletter is all about a new scam that seems to be going around these days, namely someone who says they're from Microsoft Support and tells you your computer has been infected with malware and you need to follow their instructions and/or pay money immediately or the FBI or RCMP or Interpol or whatever will soon be pounding on your door.
Well of course this isn't really a new type of scam, it's as old as the hills. But I've heard numerous reports from friends and colleagues who have recently received these calls, so it seems there's some group out there that's decided to make a concerted effort to use this approach to scare people into either installing malware on their computers or forking over a chunk of their hard-earned money.
How do you handle scams like this whenever you encounter them? And how do you protect your organization in general from different kinds of social engineering attacks?
Speaking of scams, here's one that Dogbert has used with a lot of success in this Dilbert comic strip:
It's amazing how stupid people can be, isn't it? Hey, I'm people too...oh-oh.
Here are two links to recent posts on the Microsoft Press blog you should add to your favorites/bookmarks:
Windows Server 2012 lineup of books and ebooks
Lineup of Windows books and ebooks
The following question was submitted by Tom, an English IT Consultant now based in Wellington, New Zealand.
Hi Mitch, hopefully you can help with an idea I've had, as no doubt someone out there has had it already.
Have you heard of a website or other resource that lists administrative tasks that Sys Admins might come up against? I am thinking everything from the basics of setting up a user in AD to Lync / Exchange integration, SQL mirroring, SharePoint farm implementation, troubleshooting etc.
I think such a resource would be invaluable to people trying to get into or work their way up in IT, and would provide much better and more applicable skills than the exams we sit. (I'm currently working on Lync and don't see how memorizing lots of PowerShell cmdlets makes me a better admin!)
So my question is, Do you or any of your readers know of such a resource? And if not is there anyone out there who would like to work with me to set one up? I think it would be too big of a job to do by myself, but could be fun if we get a small team of us together.
Email us at firstname.lastname@example.org if you would like to respond to either of Tom's questions above.
Ask Our Readers: WServerNews has 100,000 subscribers worldwide. That's a lot of expertise to tap into. Do you need help with some issue or need advice on something IT-related? Got a question you'd like us to toss out to our readers to try and answer? Email us at email@example.com
In Issue #997 IT Job Hunting, we heard from Rideout, a Canadian IT pro, who gave some advice about finding a new IT job when you've been downsized from your previous position. A reader named Garry shared one additional thought on this topic: I agree with most of what you brought up in the article.
There is one area that you didn't address: Age Discrimination.
There have been a number of research article done and it has shown a 75 to 80% of IT people can't get hired if they are over 50. I'm 61, have a bunch of the alphabet soup behind my name (MCSE, CCIE, etc.) and still can't land a job. I've been to over 16 interviews and never get a call back after they meet me.
I read like a dream on paper, over the phone they loved the voice and the responses, and the depth of knowledge was perfect for what they needed. But they never thought I was as old as over 60, maybe 45 when they read the resume, but never expected someone older than their dad.
I had a couple of places that wrote me and said "We've decided not to fill that position".
Some of the jobs I applied for were in upper management. I found out later they already had someone they wanted that was already at the company, but to appear fair they had to do an open job posting.
At a large Pacific NW Power company I made it onto the short list for 3 different positions, only to have the positions stand still until they just got cycled out of the system.
Everything you mentioned in the article is good advice, but only if you're a 20, 30 or 40 something.
Don't forget your LinkedIn, Twitter and Facebook profiles also as it shows you like to socially interact.
We also received the following feedback from a reader named Aaron who is an IT Manager in the state of Washington, USA:
If it hasn't been said lately – I really appreciate what you all do for WServerNews. It is an excellent resource and I can't thank you enough for what you do and the community you support! Awesome!
Well that goes ditto for our readers--you readers are awesome too and help us make this newsletter a success and a useful resource to IT pros around the world. So THANKS!!!
And now on to the main topic of this issue...
I know this will be obvious to most of our readers, but let me say it anyways: Microsoft Support does not cold-call people and tell them their computer has been hacked and give them instructions on how to fix it. You have to call them for support; they won't call you unless you first call them with a problem.
Now that we've established this, let me give you an assignment. Phone, text or email all of your family, friends and non-IT colleagues and warn them about the latest scam of getting cold calls from someone claiming to be from Microsoft Support. Tell them that such calls come from malicious hackers who are trying to get you to install malware on your PC so they can remotely control it and use it for a botnet or other malicious purposes.
Why am I telling you to do this? Because IT security is more than about just safeguarding the perimeter of your own organization, it's about spreading a culture of security throughout the entire computing world. As IT professionals we need to see and care beyond our own little walled gardens and use our expertise to influence the entire ecosystem of computers connected to the Internet. Because it's what's out there on the Internet that constitutes the threat to the security of the computer networks we manage. It's your granny's compromised PC that might be used one day to launch an attack against your business and ultimately against your own personal job security as a MIS, sysadmin or helpdesk professional.
For an interesting article about this latest scam, see the following on Ars Technica:
And here's an official statement from Microsoft about these kinds of scams:
Finally, be sure to check out this video on YouTube for a very funny example of someone who pranked one of these scammers:
Send us feedback
Got feedback on this topic? Let us know at firstname.lastname@example.org
You have some OEM licensed PCs that came with Windows 7 preinstalled. The OS on these PCs has become corrupted and you need to reinstall Windows on them, but you've lost the OS restore media that came from the OEM that supplied you with your PCs. What should you do? (Choose all that apply)
A. Download Windows 7 from the Microsoft Volume Licensing site and install it on your PCs.
B. Download an evaluation version of Windows 7 from the TechNet Evaluation Center and install it on your PCs.
C. Use your MSDN subscription to install Windows 7 on your PCs.
D. Contact your OEM for replacement OS restore media and use it to reinstall Windows 7 along with OEM crapware on your PCs.
E. Give up--just bite the bullet and buy Windows 8.1 and install it on your PCs.
The correct answer is D or E.
Why is A wrong? Because the OEM license you have only applies to OEM preinstallations of Windows 7. If you want to install a copy of Windows 7 from the Microsoft Volume Licensing site, you're going to need to purchase Windows 7 volume licenses for all your PCs. Did you really want to spend more money on those old PCs?
Why is B wrong? It's an evaluation version! Do you really want to have to reinstall Windows 7 on your PCs every 90 days?
Why is C wrong? MSDN software is for testing purposes only! Have you ever read your MSDN subscription license?
OK why is D right? Because you bought your PCs from your OEM with Windows 7 preinstalled on them, your OEM not Microsoft is responsible for providing you with reinstallation media. In other words, it's OEMs that provide the support for OEM-installed Windows, not Microsoft. And by the way you better contact your OEM soon as this ZDNet article indicates:
But what if your OEM has gone out of business? There may be recourse available according to this KB article:
Finally, why is E right? Well, maybe it's not actually correct to say you should bite the bullet and begin deploying Windows 8.1 as I know many of you are waiting for Windows 9 to arrive before planning your next desktop refresh cycle. But you should probably at least be testing and evaluating Windows 8.1 as you can't keep your head stuck in the sand forever...
Got feedback on this tip? I'm sure you do! Send it to email@example.com
GOT TIPS you'd like to share with other readers? Email us at firstname.lastname@example.org
This week we have some soon-to-be-released books on the topics of information security and hacking which are available for pre-ordering:
Information Governance and Security: Protecting and Managing Your Company's Proprietary Information
Social Engineering: The Art of Human Hacking
Gray Hat Hacking The Ethical Hacker's Handbook, Fourth Edition
Breaking into Information Security: Crafting a Custom Career Path to Get the Job You Really Want
CHFI Computer Hacking Forensic Investigator Certification All-in-One Exam Guide
Principles of Computer Security Lab Manual, Fourth Edition
Have you checked out the list of free ebooks from Microsoft Press? You can find them listed on this page of the Microsoft Virtual Academy:
Mitch is the author and series editor for a number of these titles, and he'll be writing and editing more in the coming months so stay tuned!
"Good judgment comes from experience, and a lot of that comes from bad judgment." --Jason Statham in The Mechanic
Until next week,
Note to subscribers: If for some reason you don’t receive your weekly issue of this newsletter, please notify us at email@example.com and we’ll try to troubleshoot things from our end.
Start observing your users and vendors that have access to sensitive data in minutes. Know exactly who is doing what on your critical servers.
Total Network Inventory 3 now features comprehensive license management.
Need a USB-powered portable LCD monitor? Check out the AOC e1659Fwu:
Convert VMware to Hyper-V with Microsoft Virtual Machine Converter 2.0:
Mediasonic HF2-SU3S2 Pro Box is a 4 Bay Enclosure for 3.5" SATA I / II / III hard disk drives:
Microsoft SQL Server PASS Summit 2014 on November 4-7, 2014 in Seattle, Washington, USA
Convergence 2014 on March 16-19 in Atlanta, Georgia, USA
Microsoft will be hosting an inaugural, unified Microsoft commercial technology conference the week of May 4, 2015 in Chicago, Illinois, USA
TechEd Europe on October 27-31, 2014 in Barcelona, Spain
Convergence 2014 Europe on November 4-6, 2014 in Barcelona, Spain
PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 95,000 subscribers about? Contact firstname.lastname@example.org
PLANNING A WEBCAST you'd like to tell our subscribers about? Contact email@example.com
Storage planning for Hyper-V Hosts (Part 6) (WindowsNetworking.com)
Hyper-V Standalone: Configure the Host as Authoritative Time Server and Guests to Use It (Third Tier)
Understanding the vCenter Operations Manager Suite 5.8 (VirtualizationAdmin.com)
David Davis on vCenter Operations – Post #16 – Storage Throughput Analysis (VMware Blogs)
Maintenance tip for XenServer Hosting XenDesktop (Siva Mulpuru's Blog)
Enable Verbose Logging For The Remote Desktop\Citrix User Logon Process (Andrew Seeliger's Blog)
HP Rolls Out Converged HPC Solutions, Pushes Down Cost of All-Flash Arrays (Data Center Knowledge)
Brocade Updates SAN Management for EMC Storage (Data Center Knowledge)
As more and more important data and applications move to the cloud, cloud admins are facing greater demands than ever before to migrate data from source systems to analysis systems like Hadoop. Fortunately, Apache Sqoop is making it easier than ever to migrate to Hadoop from your database. Find out what sets this tool apart and learn how it will greatly improve your performance.
To alleviate some of the stress caused by having a tight IT budget, you should consider moving to a zero client model. However, with so many client options to choose from, selecting the most appropriate one can be difficult. Access this expert buyer's guide now for insight into four of the most popular zero clients and find out if any of these models is the right choice for you.
Gone are the days where IT professionals were completely glued to their computers and laptops. Today, it is relatively easy to manage your virtualized environment outside of the office on almost any device, without making too many sacrifices. Find out how tools like PowerShell Web Access allow IT to handle anything from a phone or a tablet, anytime/anywhere.
VMworld 2014 got off to an exciting start with VMware's announcement of EVO:RAIL and EVO:RACK, marking VMware's official venture into the hardware territory. Find out how these two new products from VMware stack up against the competition in this in-depth product comparison.
This Week's Links We Like. Tips, Hints And Fun Stuff
GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at firstname.lastname@example.org
An Alfa Romeo 4C is pitted against a Gibbs Quadski on and around Lake Como in Italy, famous for its narrow winding roads and stunning views:
Precision engineering at the Mercedes S-Class production line in Sindelfingen near Stuttgart, Germany:
How a thin spray coating can make things nearly unbreakable. From the National Geographic TV show 'Showdown of the Unbeatables.':
Spanish magician Younke performs his amazing disappearing tricks at the French TV show 'The world's greatest Cabaret' hosted by Patrick Sebastien:
Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit and has been author or series editor for almost fifty books mostly published by Microsoft Press. Mitch is also a ten-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com.
Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also manages research and marketing for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.