Vol. 21, #36 - September 5, 2016 - Issue #1096

Security briefs

Image

Editor's Corner

Two weeks ago in Issue #1094 Good IT is anything that works, I asked this question: When is an IT solution "good enough" from a business perspective? In my editorial I argued that good IT is basically any IT that works and that does the job regardless of whether it's elegant or not. That precipitated some good feedback from our readers, so we're going to devote next week's newsletter to revisiting this topic and hear what some of our readers have to say about it. Meanwhile, if you'd like to weigh in with your own thoughts on this subject and whether you agree or disagree with my analysis, you can still join the babble by emailing us at [email protected].

Meanwhile it's time we revisited the ever-relevant topic of IT security, so that's what this week's issue of WServerNews is all about. Enjoy!

Of course sometimes instead of agreeing or disagreeing about something it's better just to agree to disagree. Wally makes this clear in the following Dilbert comic:

http://www.wservernews.com/go/7psm06l0/

Ask Our Readers: WServerNews has almost 100,000 subscribers worldwide. That's a lot of expertise to tap into. Do you need help with some issue or need advice on something IT-related? Got a question you'd like us to toss out to our readers to try and answer? Email us at [email protected]

Cybercrime tops other forms of crime

In case you haven't guessed it, cybercrime has become more popular than regular crime--at least in the UK according and according to Krebs On Security

http://www.wservernews.com/go/icagan04/

I guess this means we don't need to lock our front doors anymore...

Security breaches

Cloud storage provider Dropbox has informed a large segment of their customer base that they should immediately change their passwords as a result of a security breach that happened way back in 2012. BetaNews has the details here:

http://www.wservernews.com/go/ehy39iia/

While this kind of breach may inconvenience some and can negatively impact businesses, a much more serious breach is the malware incident that targeted three electric substations in the Ukraine that left half the homes in a region without electricity. Ars Technica has details:

http://www.wservernews.com/go/ri3vm1d1/

Then there's this article from Hot Hardware about hackers infiltrating 45 million passwords from over a thousand popular websites and online communities:

http://www.wservernews.com/go/7duh5g9t/

It sounds like the bad guys are winning... 

Phishing and tech support scams

BetaNews also has an important article concerning a phishing scam that's targeting users of GoDaddy, a popular web hosting service:

http://www.wservernews.com/go/3nbalg6v/

Phishing scams are getting clever, aren't they? Unfortunately the best approach to combating these still seems to be user education, which is difficult to achieve in a fast-pace world where the noise level is so high that it's hard to get your message heard.
Another scam that's already been happening for some time now has to do with scammers telephoning real Dell customers telling them they're Dell tech support and asking for system ID info that allows the scammers to take remote control of the customer's Dell systems. See this Dell community forum thread for more:

http://www.wservernews.com/go/kujrcjs6/

Ransomware and email extortion

The US Federal Bureau of Investigation (FBI) has issued a Public Service Announcement concerning ransomware attacks:

Extortion E-mail Schemes Tied to Recent High-Profile Data Breaches

http://www.wservernews.com/go/vxjz46wi/

The bulletin includes a list of tips on how businesses can protect themselves from such attacks. Ransomeware allows attackers to encrypt data stored on PCs that download and install it. IT World reports that security researchers are hard at work trying to come up with "antidotes" to some of
Ransomeware allows attackers to encrypt data stored on PCs that download and install it. IT World reports that security researchers are hard at work trying to come up with "antidotes" to some of the more popular flavors of ransomware:

http://www.wservernews.com/go/idb0l0ta/

There's more info about these developments on AVG's website here:

http://www.wservernews.com/go/is3fkig5/

Also see this folder on GitHub:

http://www.wservernews.com/go/ih383o6g/

Finally, being a Canadian I found this article on IT World Canada particularly interesting:

http://www.wservernews.com/go/osxf2967/

Are we Canadians really that gullible and compliant? Can I have my data back, eh?

Malware protection

The Canadian Broadcasting Corporation (CBC) has an interesting article where they suggest that antivirus software is "increasingly useless" and may make your computer less safe:

http://www.wservernews.com/go/o6mguj8j/
 
The article references some research done at Concordia University in Montreal, Canada, where an academic researcher says he doesn't see any advantage in running antivirus software on a computer and he doesn't use such software himself. The article also references a blog post by Stu Sjouwerman who started this newsletter 20 years ago. Stu is quoted as writing that "Antivirus is getting increasingly useless these days," but I feel the journalist who wrote this particular CBC article is misreading the context of Stu's blog post to justify the clickbait headline of this CBC article. I think Stu is not saying AV software is useless, he's just saying it's not a panacea we can install and go to sleep. 

How do our WServerNews subscribers feel about this subject? Is AV software still important to have on computers? Email us at [email protected]

Malware alerts

Symantec Security Response has an alert on their blog concerning some new Android banking malware blocks victims' outgoing calls to customer service:

http://www.wservernews.com/go/8yffygjm/

If readers know of any other malware alerts that they feel are particularly important to inform our WServerNews community about, please email us at [email protected]

Updated NIST guidelines on password policies

Updated NIST guidelines on password policies Businesses that have to endure regulatory scrutiny may want to check out the latest guidelines from the U.S. National Institute for Standards and Technology (NIST) which spell out their recommendations concerning things like password policies, password storage, two-factor authentication, and more. Sophos' NakedSecurity blog has details:

http://www.wservernews.com/go/zixgzx89/

One of the interesting tidbits from these recommendations is that they don't recommend configuring password hints. What do readers think about this and other NIST recommendations? Email us at [email protected]

Latest security articles on Techgenix.com

Our new Techgenix.com website has a number of recent articles on security and privacy that you may want to check out:

New banking trojan named Scylex could cause massive crisis

http://www.wservernews.com/go/fnqtomw0/

New Verify.ly service aims to give apps 'seal of approval'

http://www.wservernews.com/go/dgbvduew/

Most cyber-attacks come from the U.S.A., not red-flag countries

http://www.wservernews.com/go/jvvq3o1l/

HVAC industry in trouble: hackers attack WiFi thermostats

http://www.wservernews.com/go/8kv3isui/

Ransomware moves from small fry to big fish

http://www.wservernews.com/go/z0uxio98/

Our mistake

Last week in Issue #1095 Interviews from the trenches we included an article titled "Windows 10 Anniversary Update ALERT!!" where we said the following:

When you apply the Windows 10 Anniversary Update (v1607) to your Windows 10 (v1511) computer you may discover that System Restore has been enabled.

An alert reader named George quickly pointed out that we should have said "System Restore has been disabled."

Thanks for catching that. And yes, we have no bananas today (YouTube):

http://www.wservernews.com/go/vjzl4zng/

Send us your feedback

Got feedback about anything in this issue of WServerNews? Email us at [email protected]

Recommended for Learning

Implementing DirectAccess with Windows Server 2016

Richard Hicks who is editor of our WindowSecurity.com Monthly Newsletter has a new book coming out. The book explains how you can learn to design, plan, implement, and support a secure remote access solution using DirectAccess in Windows Server 2016. Remote Access has been included in the Windows operating system for many years. With each new operating system release, new features and capabilities have been included to allow network engineers and security administrators to provide remote access in a secure and cost-effective manner.

Richard's new book comes out in early October but you can pre-order it on Amazon here:

http://www.wservernews.com/go/ihtwltwx/

Microsoft Virtual Academy 

How Microsoft IT Uses System Center Configuration Manager 2012 for Client Patch Management

In this helpful course, Microsoft Service Manager Ashok Gopala Krishnan shows us how Microsoft IT uses Microsoft System Center Configuration Manager (SCCM) for patch management of PCs, including the patching process, the user experience, and best practices. This is the course for you if you’re looking for real-world application of SCCM in a global environment.

http://www.wservernews.com/go/zgwva54d/

 Quote of the Week

"A new scientific truth does not triumph by convincing its opponents and making them see the light, but rather because its opponents eventually die, and a new generation grows up that is familiar with it." --Max Planck (physicist)


Until next week,
Mitch Tulloch

Note to subscribers: If for some reason you don't receive your weekly issue of this newsletter, please notify us at [email protected] and we'll try to troubleshoot things from our end.

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

GOT ADMIN TOOLS or other software/hardware you'd like to recommend? Email us at [email protected]

New Veeam Availability Platform is the biggest product announcement in Veeam history! Explore this exciting new product line by watching multiple, on-demand sessions with demos from Veeam technical experts. 

http://www.wservernews.com/go/vpqz2v3w/

PRTG Network monitor enables you to use ONE solution to monitor your entire infrastructure including applications, software, hardware, cloud & virtual environments. Download the free trial Today

http://www.wservernews.com/go/g4dr511a/

SimpleWMIView is a simple tool for Windows that displays the result of WMI queries in a simple table, and allows you to easily export the data to text/csv/tab-delimited/html/xml file, or to copy the selected items to the clipboard and then paste them to Excel or other spreadsheet application:

http://www.wservernews.com/go/uot6fooa/

HVBackup is an open source tool to backup Hyper-V virtual machines, including support for Cluster Shared Storage (CSV):

http://www.wservernews.com/go/pxwu9pgc/

NeDi lets you discover your network and find every end-node connected to it:

http://www.wservernews.com/go/wqzwyjx8/

This Week's Tips

GOT TIPS you'd like to share with other readers? Email us at [email protected]

Windows - Preventing credential leak

BleepingComputer has an article titled "Understanding the Windows Credential Leak Flaw and How to Prevent It" concerning a flaw in Windows that was discovered almost 20 years ago:

http://www.wservernews.com/go/4rh9gwq2/

Well worth a read I think.

Windows - PC keeps waking up

If your Windows computer keeps waking up whenever you put it into sleep mode, your first line of investigation should be to run the following commands from the command line:

Powercfg -requests
Powercfg -lastwake

Make sure you run this with cmd.exe in admin mode.
If this doesn't help you identify why your machine keeps waking up, you might want to check whether you installed some program like the Chrome web browser. I've heard from one colleague that installing Chrome creates a scheduled task on your computer that checks once each hour for new updates to the browser. Apparently even if you uninstall Chrome on your machine, the scheduled task remains running, and the colleague found that when he disabled this task his machine finally stayed in sleep mode.

Office 365 - Migration distribution lists to groups

TechNet's Tip of the Day blog has a post about how you can use a script to migrate Office 365 distribution lists to Office 365 groups:

http://www.wservernews.com/go/fmk6edsi/

Events Calendar

North America

Microsoft Ignite Australia on February 14-17, 2017 at the Gold Coast Convention & Exhibition Centre, Broadbeach, QLD

http://www.wservernews.com/go/zzb8ckyb/

Microsoft Worldwide Partner Conference (WPC) on July 9-13. 2017 in Washington, D.C.

http://www.wservernews.com/go/8819wfmp/

Add Your Event

PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 100,000 subscribers about? Contact [email protected]

New on TechGenix.com

Top 10 Windows productivity features to improve your everydays

http://www.wservernews.com/go/g9x1dzx8/

Windows Networking Troubleshooting Tips

http://www.wservernews.com/go/w327p2wc/

Is Microsoft Exchange Server 2016 right for you?

http://www.wservernews.com/go/2id0dvhd/

Foolproof Windows Server 2008 Backup and Recovery Strategy

http://www.wservernews.com/go/myplkfdg/

Virtualization vs Cloud: Which is better for you?

http://www.wservernews.com/go/yv0uleu1/

 

Tech Briefing

AWS

Serverless Reference Architectures with AWS Lambda (All Things Distributed)

http://www.wservernews.com/go/hqu6igcr/

CloudWatch Custom Metrics for Windows Server (CloudThat)

http://www.wservernews.com/go/chy9ei2x/

Azure

How to add a domain name to Microsoft Azure Directory and add users (Robinhobo.com)

http://www.wservernews.com/go/owewgrbn/

Azure Security Infrastructure (WindowsSecurity.com)

http://www.wservernews.com/go/kyjgjjeq/

Enterprise IT

The Differences Between Data Center and Enterprise Networking (BizTech)

http://www.wservernews.com/go/c4gg4e28/

Docker and containers (Part 7) - Other Tools for Managing Windows Server Containers (VirtualizationAdmin.com)

http://www.wservernews.com/go/7ja48t28/

Exchange Server

Remote Domains in Exchange 2013 (Part 2) (MSExchange.org)

http://www.wservernews.com/go/mnb9iwy5/

Exchange Server 2016 and Microsoft Cloud (Part 9) (MSExchange.org)

http://www.wservernews.com/go/pqc0hbxz/

Windows Server

Fixing Windows cannot connect to printer with Error Error 0x0000007e when shared on Windows Server 2003 or 2008 32 bit (x86) and your client is 64 bit (A Windows System Admin's Blog)

http://www.wservernews.com/go/e0k4nzto/

Hyper-V Windows Failover Cluster and IsAlive Operation (Part 2) (WindowsNetworking.com)

http://www.wservernews.com/go/1sz56iex/


Other Articles of Interest

Weigh hyper-converged vs. converged infrastructure systems

The decision between hyper-converged vs. converged infrastructure depends on the company as both can help IT streamline performance and management of its VDI deployment. But despite similar names, CI and HCI use distinctly different architectures. Weigh the difference between the two in this complimentary tip from our editors.

http://www.wservernews.com/go/cr6zn226/

Software-defined data centers: The future of virtualization?

The hype surrounding software-defined data centers has reached a fever pitch, elevating businesses' expectations and raising new concerns. But the question remains: Are software-defined data centers the next frontier of virtualization?  Find out more in this tip from our editors

http://www.wservernews.com/go/h8s9geto/

Expanded Azure licensing options give users more choice

With expanded Azure licensing options from Microsoft, some enterprises moving workloads to the cloud won't have to repurchase software they already own. Find out more about the changes to Azure licensing in this complimentary tip from our editors.

http://www.wservernews.com/go/0jfi6hbk/

Real-world applications for a VMware NSX SDN platform

Can NSX SDN live up to the hype? So far the results seem promising as more and more organizations embrace VMware's software-defined networking offering. Find out more about NSX SDN in this complimentary tip from our editors.

http://www.wservernews.com/go/bdij52ss/

WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff

GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at [email protected]

Image

Magician Mac King's Amazing Rope Trick

Mac King performs his amazing rope trick - a trick that even fools other magicians:

http://www.wservernews.com/go/rwil3evn/

Amazon Parrot's Got Talent

Amazon Parrot and his owner, guitarist Neno Alfenas, perform a beautiful duet in Sertanópolis, Brazil:

http://www.wservernews.com/go/8o54uts0/

Tokyo 2020 Olympics Intro

Japan's intro at the Rio Olympics Closing Ceremony gets us 'Super' excited for the Tokyo 2020 Olympics:

http://www.wservernews.com/go/9b7xbwki/

Video not playing in your country? Try this link:

http://www.wservernews.com/go/hbabbuqx/

A Dog's Purpose  

What is the meaning of life?  Are we here for a reason?  Is there a point to any of this?  And why does food taste so much better in the trash?

http://www.wservernews.com/go/lquvb8z5/

 

WServerNews - Product of the Week

 

WServerNews - Editors

Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit and has been author or series editor for almost fifty books mostly published by Microsoft Press. Mitch is also a ten-time recipient of Microsoft's Most Valuable Professional (MVP) award for his  outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com.

Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also manages research and marketing for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.