Vol. 16, #49 - December 12, 2011 - Issue #858

More About CIQ

  1. Editor's Corner    
    • December 26 Will Be My Last Issue
    • More About CIQ
    • Phishing By Snail Mail
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. Webinars & Seminars
    • VIPRE Antivirus Business Product Demonstration 12/13
  4. Tech Briefing
    • The Windows IQ test. Take it... Ouch!
    • Microsoft Slates Windows 8 Beta For Late February 2012
    • Hackers Exploit Adobe Reader Zero-Day
    • New Open Source Technology Locks Down User's DNS Connection
    • Shocker: 8 Out of 10 Software Apps Fail Security Test
  5. Windows Server News
    • What's New In Exchange 2010 SP2
    • Microsoft Tests Social Analytics Experimental Cloud
    • Debunking Virtualization And ROI Calculation Myths
    • Performance Monitoring Vs. User Experience Monitoring
    • How System Center 2012 Enables Hyper-V Private Clouds
  6. Third Party News
    • GFI VIPRE Antivirus Business 5.0 ? Service Release 1 Available
  7. WServerNews FAVE Links
    • This Week's Links We Like. Tips, Hints And Fun Stuff.
  8. WServerNews - Product of the Week
    • Which Active Directory Tools Are On Your Wish List?

 

Which Active Directory Tools Are On Your Wish List?

Chances are you?ve got more than one Active Directory challenge on your plate. Namescape provides an integrated approach to identity, password and Active Directory management. Our IdM solution, rDirectory, has four editions that allow you to select the functionality you need. myPassword offers an affordable, top-tier self-service password reset solution with new reports. joBot notifies administrators on changes to user account, password and group memberships. And, mPowerTools is simply the must-have IT Admin tool for handling everyday AD maintenance. 

Our year-end incentives can help you start 2012 with the AD tools you need!

 

Editor's Corner

December 26 Will Be My Last Issue

All, after 15 years of writing WServerNews, it's time to play a new game. My last issue will be Dec 26, 2011! It's been a fantastic ride, all of you have been great readers and I always got terrific feedback, thank you so much. From January 2012, WSN will be written by Mitch Tulloch, a very qualified Editor, and WSN stays in the same format. This notification will be placed in the last three newsletters, so that everyone has a heads-up well in time!

I will keep you in the loop about secure computing from the admin's perspective though! I will be the new Editor-in-Chief of WindowSecurity News, which comes out monthly, also created by TechGenix, the same publisher as WServerNews. We will send you a sample version of WindowSecurity News at the end of January 2012. You can subscribe here:
http://www.wservernews.com/go/1323513057609

(If you can't do without your weekly fix of faves, quotes and my observations about cybercrime, subscribe to CyberheistNews, which I write weekly and gets sent every Tuesday):
http://www.wservernews.com/go/1323513071937

More About CIQ

More information is available after the storm of indignation that engulfed CIQ last week. They categorically denied that the stuff they track actually gets sent, and have hired an independent party to prove that it isn't so. They also apologized for handling the issue not very smart the first time around, threatening legal action. So, there has been a bit of a rush to judgment and I will keep everyone in the loop during December. Here is the report from security researcher Dan Rosenberg:
http://www.wservernews.com/go/1323513142781

And here is more up-to-date detail reported by NetworkWorld:
http://www.wservernews.com/go/1323513155296

Phishing By Snail Mail

Yup, I received one of these myself last week, in my real-life mailbox. Our VP of Sales in KnowBe4 got one too, both of them mailed out of Phoenix, AZ. This is expensive to do, so it must succeed in tricking people to actually call the number they provide in the letter. I gave the number a call, just to see what would happen, and a real-life woman with an American accent answered. Amazing how they can get away with scams like this. Here is the actual letter we received. I do not recommend calling that number!:
http://www.wservernews.com/go/1323513224031

Warm regards,
Stu Sjouwerman

Quotes of the Week

"There are some things you learn best in calm, and some in storm." -- Willa Sibert Cather

"I just had my vision checked. My hindsight was 20/20. My foresight is legally blind." -- Anonymous

Warm regards, and thank you for being a WServerNews subscriber. No trees were killed in the sending of this message, but a large number of electrons were terribly inconvenienced. Please tell your friends about us. They can subscribe here:
http://www.wservernews.com/go/1307096257843

Stu Sjouwerman
email me: [email protected]

 

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

mPowerTools - an AD admin essential!  200+ reports, bulk import/export, scheduling, GPO/File Share Reports. Eliminate scripting! ONLY $1,499! 
http://www.wservernews.com/go/1323691011367

Identify which users, applications, and protocols are consuming the most network bandwidth with Orion NetFlow Traffic Analyzer. 
http://www.wservernews.com/go/1323691105340

Using Microsoft Hyper-V? Altaro Hyper-V Backup is an easy to use Hyper-V aware backup solution. Freeware Edition also available.  
http://www.wservernews.com/go/1323691221414

Top 10 free tools for IT PROs. Audit changes in Active Directory, file servers, VMware; manage passwords; track inactive user accounts; monitor disc space usage; etc. 
http://www.wservernews.com/go/1323691383162 

Avoid Email Downtime - Mailscape combines all the key elements for Exchange reporting and monitoring in a single solution. 
http://www.wservernews.com/go/1323691487710

Free Service: Email Exposure Check. Find out which addresses of your organization are exposed on the Internet and are a phish-attack target:
http://www.wservernews.com/go/1323513346453 

10 must-have tools for cloud power users. There is some really good stuff in there. Ever heard of Google Chrome Remote Desktop? Check it out:
http://www.wservernews.com/go/1323513321921

 

Webinars & Seminars

VIPRE Antivirus Business Product Demonstration 12/13

Looking for a security solution that doesn?t slow you down? VIPRE Antivirus Business combines antivirus and anti-spyware technologies into one powerful security solution for total protection with low resource usage. New VIPRE features include scalable multisite tiering and role-based access control. Join us as we demonstrate the many features of VIPRE Antivirus Business.

Register today!

Dec 13 at 11am ET
http://www.wservernews.com/go/1323513412671

 

Tech Briefing

The Windows IQ test. Take it... Ouch!

With a new version of Windows just around the corner, it's time to dust off those gray cells and see how much you really know about the inner workings of the current versions of everyone's favorite whipping post. Try these 20 questions on for size. This is harder than you think, getting between 5 and 10 out of 20 is about average...
http://www.wservernews.com/go/1323513564718

Microsoft Slates Windows 8 Beta For Late February 2012

Microsoft has confirmed that it will release a public beta of Windows 8 in late February, 2012. The company broke the news at a San Francisco developers event Tuesday, where Antoine Leblond, vice president of Windows Web services, touted Windows Store, the app market that will be the sole distribution channel for applications designed to run in Windows 8's new "Metro" interface.

Read More:
http://www.wservernews.com/go/1323513614343

Hackers Exploit Adobe Reader Zero-Day

Computerworld reported first that Adobe confirmed that an unpatched, or zero-day, vulnerability in Adobe Reader is being exploited by criminals. Those attacks may have been aimed at defense contractors. Adobe promised to patch the bug in the Windows edition of Reader and Acrobat 9 no later than the end of next week. Tuesday, Dec. 12 is also Microsoft's regularly scheduled Patch Tuesday for the month. The upcoming patch will be Adobe's sixth for Reader and Acrobat this year.

Read More:
http://www.wservernews.com/go/1323513724375

New Open Source Technology Locks Down User's DNS Connection

The connection between a user and his or her DNS service can now be locked down with an encrypted session to prevent man-in-the-middle attacks, spoofing, or sniffing: OpenDNS has written an open-source tool to secure that traditionally exposed link. They offered a first release of their new DNSCrypt tool, which was built for OpenDNS's own DNS service and is also available in the public domain. David Ulevitch, founder and CEO of OpenDNS, hopes the technology will catch on to secure what he calls the "last mile" in DNS communications. It's basically akin to an SSL connection, but for DNS, he says. It uses elliptical curve cryptography to encrypt the traffic between the user and DNS.

More at Dark Reading:
http://www.wservernews.com/go/1323513788875

Shocker: 8 Out of 10 Software Apps Fail Security Test

Desktop and web applications remain a wasteland of bugs and holes that only a hacker could love, according to a report released Wednesday by a company that conducts independent security audits of code. In fact, eight out of 10 software applications fail to meet a security assessment, according to a State of Software Security report by Veracode. That?s based on an automated analysis of 9,910 applications submitted to Veracode?s online security testing platform in the last 18 months. The applications are submitted by both developers ? in the government and commercial sectors ? as well as companies and government agencies wanting an assessment of software they plan to purchase.

More at WIRED:
http://www.wservernews.com/go/1323513883343

 

Windows Server News

What's New In Exchange 2010 SP2

Four big features and lots of little ones will make Exchange admins feel like they just got their bonus. Peter Bruzzese at InfoWorld lists the four main ones and then there is a host of other, smaller announcements, but here are the highlights:

  1. Hybrid Configuration Wizard: Some organizations need both on-premise and the cloud-based mailboxes, but until now there was no smooth way to do that. Exchange SP2's hybrid configuration wizard provides that seamless integration.
  2. Address book policies: You can now create address book policies to assign to users to specify which Global Address List (GAL), offline address book, room list, and address lists are visible to them.
  3. Outlook Web App Mini: This lightweight browser-based client is similar to the Outlook Mobile Access client from Exchange 2003.
  4. Cross-site silent redirection: This behind-the-scenes features allows a Client Access Server to redirect to another CAS server -- even one in another Active Directory site -- if the client request is better served by that other CAS server. Exchange 2010 SP2 also has a host of smaller enhancements.

Read More:
http://www.wservernews.com/go/1323514036828

Microsoft Tests Social Analytics Experimental Cloud

Microsoft is testing its Social Analytics experimental cloud to mine social media activity. Think big data meets business intelligence in the cloud. Learn more by checking out this featured article today: (RR)
http://www.wservernews.com/go/1323514088484

Debunking Virtualization And ROI Calculation Myths

When calculating virtualization ROI, organizations must separate fact from fiction. Some common virtualization misconceptions stem from vendors and others are often opinions restated as facts. Gain insight into five common myths to be aware of in this expert tip: (RR)
http://www.wservernews.com/go/1323514125734

Performance Monitoring Vs. User Experience Monitoring

There's no shortage of monitoring solutions in the desktop virtualization space with dozens of vendors offering products that provide a wide range of capabilities. The problem is that there is often a disconnect between the abstract performance metrics and the actual end user experience. Discover a better way to monitor the user experience in this popular piece
of content:
http://www.wservernews.com/go/1323514172578

How System Center 2012 Enables Hyper-V Private Clouds

Every hypervisor provider is talking private cloud and Microsoft is no different. With System Center 2012, the company's latest line of systems management software, shops now have the ability to virtualize and centralize internal resources using Hyper-V. Learn about the components that make this possible in this expert tip: (RR)
http://www.wservernews.com/go/1323514240640

 

Third Party News

GFI VIPRE Antivirus Business 5.0 ? Service Release 1 Available

GFI Software is very pleased to announce the availability of VIPRE Business and VIPRE Business Premium 5.0 - Service Release 1 (version 5.0.4943).

This release applies exclusively to the management console, and is a free upgrade to all customers under a current maintenance agreement.

We have included several bug fixes and improvements that are designed to improve the overall function, performance and usability of the management console.

Improvements

Bug Fixes

Download Information

This version can be obtained via either of the following methods:

 

WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff

 

WServerNews - Product of the Week

Which Active Directory Tools Are On Your Wish List?

Chances are you?ve got more than one Active Directory challenge on your plate. Namescape provides an integrated approach to identity, password and Active Directory management. Our IdM solution, rDirectory, has four editions that allow you to select the functionality you need. myPassword offers an affordable, top-tier self-service password reset solution with new reports. joBot notifies administrators on changes to user account, password and group memberships. And, mPowerTools is simply the must-have IT Admin tool for handling everyday AD maintenance. 

Our year-end incentives can help you start 2012 with the AD tools you need!