More About CIQ
- Editor's Corner
December 26 Will Be My Last Issue
More About CIQ
Phishing By Snail Mail
- Admin Toolbox
- Admin Tools We Think You Shouldn't Be Without
- Webinars & Seminars
- VIPRE Antivirus Business Product Demonstration 12/13
- Tech Briefing
- The Windows IQ test. Take it... Ouch!
- Microsoft Slates Windows 8 Beta For Late February 2012
- Hackers Exploit Adobe Reader Zero-Day
- New Open Source Technology Locks Down User's DNS Connection
- Shocker: 8 Out of 10 Software Apps Fail Security Test
- Windows Server News
- What's New In Exchange 2010 SP2
- Microsoft Tests Social Analytics Experimental Cloud
- Debunking Virtualization And ROI Calculation Myths
- Performance Monitoring Vs. User Experience Monitoring
- How System Center 2012 Enables Hyper-V Private Clouds
- Third Party News
- GFI VIPRE Antivirus Business 5.0 ? Service Release 1 Available
- WServerNews FAVE Links
- This Week's Links We Like. Tips, Hints And Fun Stuff.
- WServerNews - Product of the Week
- Which Active Directory Tools Are On Your Wish List?
- Which Active Directory Tools Are On Your Wish List?
December 26 Will Be My Last Issue
All, after 15 years of writing WServerNews, it's time to play a new game. My last issue will be Dec 26, 2011! It's been a fantastic ride, all of you have been great readers and I always got terrific feedback, thank you so much. From January 2012, WSN will be written by Mitch Tulloch, a very qualified Editor, and WSN stays in the same format. This notification will be placed in the last three newsletters, so that everyone has a heads-up well in time!
I will keep you in the loop about secure computing from the admin's perspective though! I will be the new Editor-in-Chief of WindowSecurity News, which comes out monthly, also created by TechGenix, the same publisher as WServerNews. We will send you a sample version of WindowSecurity News at the end of January 2012. You can subscribe here:
(If you can't do without your weekly fix of faves, quotes and my observations about cybercrime, subscribe to CyberheistNews, which I write weekly and gets sent every Tuesday):
More About CIQ
More information is available after the storm of indignation that engulfed CIQ last week. They categorically denied that the stuff they track actually gets sent, and have hired an independent party to prove that it isn't so. They also apologized for handling the issue not very smart the first time around, threatening legal action. So, there has been a bit of a rush to judgment and I will keep everyone in the loop during December. Here is the report from security researcher Dan Rosenberg:
And here is more up-to-date detail reported by NetworkWorld:
Phishing By Snail Mail
Yup, I received one of these myself last week, in my real-life mailbox. Our VP of Sales in KnowBe4 got one too, both of them mailed out of Phoenix, AZ. This is expensive to do, so it must succeed in tricking people to actually call the number they provide in the letter. I gave the number a call, just to see what would happen, and a real-life woman with an American accent answered. Amazing how they can get away with scams like this. Here is the actual letter we received. I do not recommend calling that number!:
Quotes of the Week
"There are some things you learn best in calm, and some in storm." -- Willa Sibert Cather
"I just had my vision checked. My hindsight was 20/20. My foresight is legally blind." -- Anonymous
Warm regards, and thank you for being a WServerNews subscriber. No trees were killed in the sending of this message, but a large number of electrons were terribly inconvenienced. Please tell your friends about us. They can subscribe here:
email me: [email protected]
Admin Tools We Think You Shouldn't Be Without
mPowerTools - an AD admin essential! 200+ reports, bulk import/export, scheduling, GPO/File Share Reports. Eliminate scripting! ONLY $1,499!
Identify which users, applications, and protocols are consuming the most network bandwidth with Orion NetFlow Traffic Analyzer.
Using Microsoft Hyper-V? Altaro Hyper-V Backup is an easy to use Hyper-V aware backup solution. Freeware Edition also available.
Top 10 free tools for IT PROs. Audit changes in Active Directory, file servers, VMware; manage passwords; track inactive user accounts; monitor disc space usage; etc.
Avoid Email Downtime - Mailscape combines all the key elements for Exchange reporting and monitoring in a single solution.
Free Service: Email Exposure Check. Find out which addresses of your organization are exposed on the Internet and are a phish-attack target:
10 must-have tools for cloud power users. There is some really good stuff in there. Ever heard of Google Chrome Remote Desktop? Check it out:
Webinars & Seminars
VIPRE Antivirus Business Product Demonstration 12/13
Looking for a security solution that doesn?t slow you down? VIPRE Antivirus Business combines antivirus and anti-spyware technologies into one powerful security solution for total protection with low resource usage. New VIPRE features include scalable multisite tiering and role-based access control. Join us as we demonstrate the many features of VIPRE Antivirus Business.
Dec 13 at 11am ET
The Windows IQ test. Take it... Ouch!
With a new version of Windows just around the corner, it's time to dust off those gray cells and see how much you really know about the inner workings of the current versions of everyone's favorite whipping post. Try these 20 questions on for size. This is harder than you think, getting between 5 and 10 out of 20 is about average...
Microsoft Slates Windows 8 Beta For Late February 2012
Microsoft has confirmed that it will release a public beta of Windows 8 in late February, 2012. The company broke the news at a San Francisco developers event Tuesday, where Antoine Leblond, vice president of Windows Web services, touted Windows Store, the app market that will be the sole distribution channel for applications designed to run in Windows 8's new "Metro" interface.
Hackers Exploit Adobe Reader Zero-Day
Computerworld reported first that Adobe confirmed that an unpatched, or zero-day, vulnerability in Adobe Reader is being exploited by criminals. Those attacks may have been aimed at defense contractors. Adobe promised to patch the bug in the Windows edition of Reader and Acrobat 9 no later than the end of next week. Tuesday, Dec. 12 is also Microsoft's regularly scheduled Patch Tuesday for the month. The upcoming patch will be Adobe's sixth for Reader and Acrobat this year.
New Open Source Technology Locks Down User's DNS Connection
The connection between a user and his or her DNS service can now be locked down with an encrypted session to prevent man-in-the-middle attacks, spoofing, or sniffing: OpenDNS has written an open-source tool to secure that traditionally exposed link. They offered a first release of their new DNSCrypt tool, which was built for OpenDNS's own DNS service and is also available in the public domain. David Ulevitch, founder and CEO of OpenDNS, hopes the technology will catch on to secure what he calls the "last mile" in DNS communications. It's basically akin to an SSL connection, but for DNS, he says. It uses elliptical curve cryptography to encrypt the traffic between the user and DNS.
More at Dark Reading:
Shocker: 8 Out of 10 Software Apps Fail Security Test
Desktop and web applications remain a wasteland of bugs and holes that only a hacker could love, according to a report released Wednesday by a company that conducts independent security audits of code. In fact, eight out of 10 software applications fail to meet a security assessment, according to a State of Software Security report by Veracode. That?s based on an automated analysis of 9,910 applications submitted to Veracode?s online security testing platform in the last 18 months. The applications are submitted by both developers ? in the government and commercial sectors ? as well as companies and government agencies wanting an assessment of software they plan to purchase.
More at WIRED:
Windows Server News
What's New In Exchange 2010 SP2
Four big features and lots of little ones will make Exchange admins feel like they just got their bonus. Peter Bruzzese at InfoWorld lists the four main ones and then there is a host of other, smaller announcements, but here are the highlights:
- Hybrid Configuration Wizard: Some organizations need both on-premise and the cloud-based mailboxes, but until now there was no smooth way to do that. Exchange SP2's hybrid configuration wizard provides that seamless integration.
- Address book policies: You can now create address book policies to assign to users to specify which Global Address List (GAL), offline address book, room list, and address lists are visible to them.
- Outlook Web App Mini: This lightweight browser-based client is similar to the Outlook Mobile Access client from Exchange 2003.
- Cross-site silent redirection: This behind-the-scenes features allows a Client Access Server to redirect to another CAS server -- even one in another Active Directory site -- if the client request is better served by that other CAS server. Exchange 2010 SP2 also has a host of smaller enhancements.
Microsoft Tests Social Analytics Experimental Cloud
Microsoft is testing its Social Analytics experimental cloud to mine social media activity. Think big data meets business intelligence in the cloud. Learn more by checking out this featured article today: (RR)
Debunking Virtualization And ROI Calculation Myths
When calculating virtualization ROI, organizations must separate fact from fiction. Some common virtualization misconceptions stem from vendors and others are often opinions restated as facts. Gain insight into five common myths to be aware of in this expert tip: (RR)
Performance Monitoring Vs. User Experience Monitoring
There's no shortage of monitoring solutions in the desktop virtualization space with dozens of vendors offering products that provide a wide range of capabilities. The problem is that there is often a disconnect between the abstract performance metrics and the actual end user experience. Discover a better way to monitor the user experience in this popular piece
How System Center 2012 Enables Hyper-V Private Clouds
Every hypervisor provider is talking private cloud and Microsoft is no different. With System Center 2012, the company's latest line of systems management software, shops now have the ability to virtualize and centralize internal resources using Hyper-V. Learn about the components that make this possible in this expert tip: (RR)
Third Party News
GFI VIPRE Antivirus Business 5.0 ? Service Release 1 Available
GFI Software is very pleased to announce the availability of VIPRE Business and VIPRE Business Premium 5.0 - Service Release 1 (version 5.0.4943).
This release applies exclusively to the management console, and is a free upgrade to all customers under a current maintenance agreement.
We have included several bug fixes and improvements that are designed to improve the overall function, performance and usability of the management console.
- Introduced the ability to migrate between a Microsoft SQL database and the native database in version 5.0 (and vice-versa), including the ability to transfer all data.
- Improved the agent installation process to allow deployment on endpoints that already have a VIPRE consumer (home) product installed, without requiring the consumer product to be manually uninstalled first.
- Restored ability for customers using multiple databases on version 4.0 to retain this functionality upon upgrading to version 5.0.
- Improved email notifications and quarantine data for anti-phishing alerts to now include the blocked URL (VIPRE Business Premium only.)
- Corrected a bug that could cause a non-default Data Repository path to not be retained during upgrade.
- Corrected a bug that caused scheduled reports to not be emailed if using a MS SQL database.
- Corrected a bug that could prevent registration keys from being accepted on non-English Windows language locales.
- Corrected a bug that caused the Agent Installation Port setting to revert to port 80 upon upgrade if the default value was previously modified.
- Corrected a bug that could cause an unhandled exception error when creating scheduled reports.
- Corrected a minor bug that could cause an unhandled exception while viewing multiple sites.
- Corrected a bug that resulted in the policy GUID to be displayed instead of the policy name under certain grouping conditions.
- Corrected a bug where the bypass registration key status (closed networks only) may not be retained during upgrades.
This version can be obtained via either of the following methods:
- Via the message-of-the-day widget in the management console dashboard by selecting the download link for the latest version.
- Via http://www.wservernews.com/go/1323514393843 and validating your registration key.
WServerNews FAVE Links
This Week's Links We Like. Tips, Hints And Fun Stuff
What is it like flying down a mountain at 155 mph (250 km/h)? Espen Fadnes, the 'World's Fastest Flying Human Being 2010' shares with us the 'experience of flying'. Wow.
Flyboard, a new water-powered flying surfboard built by French water sports fan Franky Zapata lets you surf 30ft above the water. This is going viral:
The largest model railway in the World and one of the most successful tourist attractions in Hamburg, Germany:
Now this is a great idea: Easily convert any dual standard outlet into two USB charging outlets and single standard outlet. Just 20 bucks:
Asus Eee Pad Transformer Prime: The Rolls-Royce of Android tablets. Once they upgrade Android to the Ice Cream Sandwich version it will be hard to beat:
A mountain biker races an Olympic snowboarder down the Austrian Alps:
It's hard to quit smoking. Even for cats!: