Vol. 22, #16 - April 17, 2017 - Issue #1127
Reconsidering biometric security
- Editor's Corner
- Ask Our Readers - Dealing with GLOBE ransomware (a response)
- Ask Our Readers - Mac automation in the enterprise (some responses)
- Ask Our Readers - Windows Server Essentials in the cloud? (new question)
- Reconsidering biometric security
- Send us your feedback
- Recommended for Learning
- Microsoft Virtual Academy
- Factoid of the Week
- Admin Toolbox
- Admin Tools We Think You Shouldn't Be Without
- This Week's Tips
- Azure - Azure Automation DSC
- Internet Explorer - Launch IE in Private Mode with PowerShell
- Windows - Remove all network computers
- Events Calendar
- North America
- Add Your Event
- New on TechGenix.com
- Recommended articles from TechGenix.com
- Tech Briefing
- Office 365
- WServerNews FAVE Links
- Would You Qualify To Drive The President's Limo? This Driver Certainly Would!
- The Futuristic Flyboard Air
- Gravity Illusions On The Streets Of San Francisco
- Second Oldest Trick in Sleight of Hand
- WServerNews - Product of the Week
- Deep Packet Inspection for Quality of Experience Monitoring
- Deep Packet Inspection for Quality of Experience Monitoring
- SAVE THIS NEWSLETTER so you can refer back to it later for helpful tips, tools and resources!
- SEND YOUR FEEDBACK to [email protected] if you have any comments or suggestions!
This week's newsletter is all about whether biometric security is in fact secure. We also have some responses to Ask Our Readers items from previous issues, plus the usual tips, tools, and other stuff. Enjoy!
Speaking of biometric security, here's one from Dilbert that is guaranteed to work:
Ask Our Readers - Dealing with GLOBE ransomware (a response)
Back in Issue #1125 Windows Server 2016 resources a reader named Eduardo emailed us with the following request:
2 weeks ago my Word files (and some other from Microsoft Office 2013) were encrypted and they are demanding ransom. The "program" was GLOBE. Any software available to "open" and read my files? Thanks.
Mark, a Network Administrator working in the UK sent us the following comment:
Emsisoft has a Globe3 decrypter here:
Hope that helps!
Ask Our Readers - Mac automation in the enterprise (some responses)
In last week's issue of WServerNews we fielded a question from Kevin who is an IT Director for a company that supplies contamination monitoring systems and airborne particle counters. Kevin had previously offered his own thoughts on this subject in Issue #1122 Reader feedback: Mac vs PC TCO and he wanted us to ask our readers whether they had any additional wisdom or insights they could share regarding automating the management of Apple Mac computers in the enterprise:
I would like to find out how other companies manage Macs on a corporate network with lots of VLANs and lots of identical printers. I'd also like to find out how Apple manages Macs and sharing of files & printers, as I don't see them having Windows servers, and there are probably no PC's outside QA testing.
Mark who works in IT at a university in the USA responded to Kevin's inquiry as follows:
The short answer to Kevin's question is to use JAMF, formerly Casper, to manage Macs:
The slightly longer answer, is to use CIFS file shares for sharing and JAMF should be able to manage the printers as well. We must have over 100 VLANS on campus and use JAMF for nearly all management of over 1,000 Macs. Apple's Deploy Studio is still utilized to lay down the initial image. Finally, we use a Linux tool that works under BSD to join our Macs to the Active Directory to allow the Macs to use the common Activate Directory for Kerberos authentication. The Active Directory authentication also helps with having common tokens for connecting to files shares on either SANs, Windows file servers, or Linux file servers. Universities tend to be seriously heterogeneous environments.
We currently use Absolute DDS (ex-Computrace) on our MacBooks and Tablets:
Ask Our Readers - Windows Server Essentials in the cloud? (new question)Bob, the Directory for Information Services of a company in Colorado, USA sent us the following:
I am frustrated that I cannot find anywhere a "How To" on adding a Windows Server 2016 Essentials Server to either AWS or Azure, with precise details:
- Static IP
- Backup and Recovery
Can any readers out there help Bob with this? Or maybe someone who works at Microsoft Azure or Amazon AWS and is reading this? Email us at [email protected]
Ask Our Readers: WServerNews has almost 100,000 subscribers worldwide. That's a lot of expertise to tap into. Do you need help with some issue or need advice on something IT-related? Got a question you'd like us to toss out to our readers to try and answer? Email us at [email protected]
Reconsidering biometric security
My wife and I recently enjoyed watching a six episode mini-series called The Night Manager which stars Hugh Laurie and Tom Hiddleston and is based on a book by John Le Carre:
In one episode Tom Hiddleston's character uses his cellphone to perform biometric authentication (iris scanning) for transferring $300,000,000 to a bank in Luxembourg. This got me thinking. Would I trust an iris scan alone for authenticating the transfer an amount anywhere near that large from my own bank account? How secure is iris scan authentication, really?
Are iris scanners secure?
As this article from The Hacker News a couple of years ago demonstrates, iris scanners certainly can be fooled if you have a suitable photo showing the person's eyes:
Then I remembered another movie (maybe by Tom Cruise?) where the character used a device that displayed a collection of different iris patterns in rapid succession to defeat an iris scanner. The character simply held the device up against the scanner and turned in on, and in about 10 seconds the scanner responded with positive authentication and let the character into the secure facility to do whatever he was planning to do--steal something, I imagine. I wondered, could this actually work? Could one create a catalog or database of "base iris patterns" that would have a high probability of fooling an iris scanner in a reasonable amount of time?
Are fingerprint scanners secure?
The above article is paywalled but there's a good summary of it here on the MSU Today website of Michigan State University:
The interesting part is this:
With MasterPrints derived from real human fingerprints, the team reported successfully matching between 26 and 65 percent of users, depending on how many partial fingerprint impressions were stored for each user and assuming a maximum number of five attempts per authentication.
In other words, by creating a database of base partial fingerprint patterns, the researchers were able to fool cellphone fingerprint readers a good chunk of the time. So if it can be done with fingerprints, it can probably be done with iris scanners too.
Are voiceprint authenticators secure?
Now let's bring it home. Rod Trent's site myITforum recently informed us that "One of the promised updates to Cortana in Windows 10 Creators Update is the ability to manage the shutdown, restart and locking of your device."
Okay, now let's pretend I'm Tom Cruise or whoever and I'm faced with the impossible mission of trying to unlock a Windows 10 computer so I can abort the launch of a missile that is likely to start World War Three. Leaning over the screen I shout, "Hey, Cortana, unlock my computer!" Nothing happens. "Cortana! Please unlock my computer! Unlock my computer now!!" No response, the clock is ticking. Then Ving Rhames sidles over and says, "Here, let me try." He then presses a button on his cellphone and from phone's tiny speaker comes a rapid-fire stream of "base voiceprint patterns" repeating the words "Hey Cortana unlock my computer" in rapid succession, each voice sounding different from the rest in terms of gender, age, ethnicity, etc. Tom stares on anxiously while Ving seems almost relaxed. Then just before the missile launch sequence activates, the Windows 10 computer responds with "Unlocking your computer" and once again Tom (or actually Ving) saves the world.
Could it be possible to hack a voiceprint authentication system like this? Could it be possible to collect or generate a set of "base voiceprint patterns" such that one of them would have a good chance of defeating a voiceprint authentication system that has been "trained" to identify a certain individual? I think, why not? After all, there must be a lot of variables and assumptions that go into how a real-world voice authenticator works since people don't always speak a phrase with the same clarity or tonality or speed etc. I haven't studied the actual mechanics of how voice authentication systems work but I imagine they work with some set of partial identifiers like how sibilant consonants are articulated or the tonal range and length of certain vowel sounds, so compiling a catalog of all possible permutations of a subset of such partial identifiers could have a good probability of fooling how voice authentication systems work, especially ones implemented in personal computing devices that have relatively limited processing capabilities.
My point in all this is simply this: Does your organization or business currently use any biometric systems for authentication purposes? How much do trust them? What safeguards do you have in place for using them? Are they used in conjunction with passwords or smartcards for multi-factor authentication? And would you ever consider using biometric authentication alone without a second factor being involved? Why or why not? We'd be interested in hearing our readers' thoughts and experiences on this subject--email us at [email protected]
Send us your feedback
Got feedback about anything in this issue of WServerNews? Email us at [email protected]
Recommended for Learning
Hybrid and Networking Cloud Architecture posters updated for the SharePoint Server 2016 in Azure scenario
With the recent publication of the SharePoint Server 2016 in Microsoft Azure content set, we have updated two posters in the Microsoft Cloud for Enterprise Architects Series. Microsoft Cloud Networking for Enterprise Architects: Includes a new section at the end of the Designing networking for Azure IaaS topic that describes the 9-server high availability SharePoint Server 2016 farm as an example IT workload running in Azure IaaS. You can download the posters in PDF and Visio form from this post on the Cloud Adoption Advisory Board blog:
Microsoft Virtual Academy
Microsoft Azure for IT Pros Content Series: Web & Mobile Apps
Need help with managing, monitoring and maintaining web and mobile apps in Microsoft Azure? Watch this course to learn the basics of Azure websites and mobile services, and how to manage them using the UI, PowerShell and external tools. With our expert instructor, Corey Hynes, you'll compare and contrast infrastructure as a service (IaaS) and platform as a service (PaaS), explore app deployment options with Azure App Service, and get an overview of Azure mobile apps in Azure.
Factoid of the Week
Last week's factoid and question was this:
Peter Ackerman wrote a children's book in 2010 called "The Lonely Phonebooth" about one of only four remaining outdoor phone booths in all of Manhattan. When was the last time you saw a phonebooth? And when was the last time you *used* a phonebooth?
Best answer we received was this one from Don Hill:
The one in Kelly Iowa. I was there couple of years ago. I used it just to take pictures.
Now let's move on to this week's factoid:
Fact: The appropriate response to 'How are you?' in Luxembourgish is 'Tip-Top'.
Question: How do *you* usually respond when someone asks "How are you"? Why do you respond that way? Hint: I usually feel uncomfortable when someone asks me how I am as it throws me into a moral dilemma i.e. should I answer honestly or just return a meaningless pleasantry?
Email your answer to us at: [email protected]
Until next week,
GOT ADMIN TOOLS or other software/hardware you'd like to recommend? Email us at [email protected]
The Expert Guide to VMware Disaster Recovery and Data Protection by Mike Preston. Enable always-on operations shifting from backup and recovery to Availability.
Dashlane helps you never forget another password:
NirSoft Wireless Network Watcher is a small utility that scans your wireless network and displays the list of all computers and devices that are currently connected to your network:
Netwrix Change Notifier for Group Policy tracks every change made to your group policy objects (GPOs), including GPO links, audit policy, password policy, and software deployment changes, and fills major gaps found in native auditing tools:
GOT TIPS you'd like to share with other readers? Email us at [email protected]
Azure - Azure Automation DSC
Anthony Watherston has a great how-to tutorial showing how create a compiled DSC configuration in Azure Automation DSC released via Visual Studio Team Services:
Internet Explorer - Launch IE in Private Mode with PowerShell
The OneScript Team Blog has a link to a script you can download from the TechNet Script Gallery that shows how you can create a shortcut to start IE in private mode by PowerShell:
Windows - Remove all network computers
The OneScript Team Blog has created some sample VBScript code you can use to remove all network printers on a computer:
Microsoft Build in May 10-12, 2017 in Seattle, Washington.
Microsoft Worldwide Partner Conference (WPC) on July 9-13, 2017 in Washington, D.C.
Microsoft Ignite on September 25-29, 2017 in Orlando, Florida
Add Your Event
PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 100,000 subscribers about? Contact [email protected]
Parallels RAS: A solution for all your application-virtualization needs
IT managers looking for an all-purpose solution to implement application virtualization would be wise to check out the offering from Parallels:
Microsoft: How to monitor the use of cloud applications without violating user privacy
Cloud App Security by Microsoft gives IT administrators a secure way to see what cloud apps are being used while anonymizing the data:
Despite problems, is Microsoft retiring its EMET security tool too soon?
According to WikiLeaks, the CIA and others can bypass Microsoft's soon-to-be-retired EMET security tool. Does this leave you vulnerable to attackers?
Start to finish guide: Migrating from VMware to Hyper-V
Migrating from VMware to Hyper-V is becoming common. But common doesn't mean easy. Follow this guide and you can accomplish the task without too much pain.
Revisiting Server Manager
With some help from a Senior Premiere Field Engineer (PFE) at Microsoft we re-examine Server Manager in this article and learn why sysadmins may want to give this tool another look.
4 ways of adding your application to Azure Active Directory (Azure Development Community)
How to Secure an ARM-based Windows Virtual Machine RDP access in Azure (Ask PFE Platforms)
The five most common mistakes approaching DevOps (TechNet UK Blog)
Book Excerpt: Introducing DevOps chapter from DevOps with Windows Server 2016 book (All Things Geeky)
EMAT 3.0 is here (EMAT 3.0)
New Test Lab Guide shows the integration of Dynamics 365 within an Exchange Online mailbox (Cloud Adoption Advisory Board)
GDPR: Data Protection Impact Assessment (WindowsSecurity.com)
Windows 10 & HIPAA Compliance (Chris Jones)
This Week's Links We Like. Tips, Hints And Fun Stuff
GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at [email protected]
Would You Qualify To Drive The President's Limo? This Driver Certainly Would!
Do you think you are a good driver? Check out this guy doing a backward drift with a presidential limo:
The Futuristic Flyboard Air
is now the main sponsor of the amazing flying machine that hat allows a man in an upright position to whizz through the air powered by jet engines:
Gravity Illusions On The Streets Of San Francisco
San Francisco's steep hills inspired a gravity-bending dance tribute to the music: 'I Don't Feel Like Dancing' by the Scissor Sisters:
Second Oldest Trick in Sleight of Hand
Magician and comedian Chris Hannibal is proud to perform the second oldest trick in sleight of hand:
WServerNews - Editors
Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7www.mtit.com.Resource Kit and has been author or series editor for almost fifty books mostly published by Microsoft Press. Mitch is also a ten-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see
Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also manages research and marketing for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.