Archive for Security – Page 3

Be careful with KB2862330

Several new Windows updates were recently released. The word from a trusted security MVP is to be careful, especially with KB2862330 which has caused some BSOD’s on some systems (Read more on this issue).

Once again, I always encourage people to make sure that they create a system restore point before installing updates, or better yet, do regular full backups of your computer.

If you do encounter a BSOD with any Microsoft update, call Microsoft:

“We can offer anyone who has this issue and is willing to go through troubleshooting a free-of-charge support incident and Support will work with you 1-1 to get your computer(s) back into a working state. The teams who released this update do know that there may be a problem and are doing additional testing to identify the root cause of the issue that folks are experiencing,” (Ben Herila, Microsoft product manager).

Beware Cryptolocker Malware Madness

The past few weeks have been filled with reports of workstations and servers being hacked with the Cryptolocker / Ransomware malware. It is being called one of the worst malware attacks ever seen. And these attacks are occurring even when anti-virus and anti-spam filters are in place.

image

http://blog.emsisoft.com/2013/09/10/cryptolocker-a-new-ransomware-variant/

Please do not treat this lightly!

The result of this attack is that files on your computer will be encrypted with a high-level 128-bit encryption key. And it will quickly spread to any mapped drives or USB drives that are attached. And even worse — there is no known tool to unencrypt these files.

This malware often comes in through rogue emails that appear to be from FedEx, UPS, Amazon or other similar purchasing sites. It may be a link in the email, or an attachment. But clicking on the link or the attachment is all that it takes.

SHUTDOWN YOUR COMPUTER IMMEDIATELY

You will know if you have been infected with the Cryptolocker malware, because you will see a large message on your screen telling you to pay a ransom to get your data files back.

Do not attempt to run any anti-virus or anti-malware utilities. If you see the ransom message, turn off your computer immediately. Power it off and disconnect your network cable.

BACKUP – BACKUP – BACKUP!!!!

The best advice anyone will give you is to make sure you have up-to-date backup of your servers, workstations and your data. Because if you get caught by this malware, you will need to restore your data from backup. It primarily seeks out office files (Word, Excel, etc.), but will also look for database files (Access, FoxPro, etc.)

Cryptolocker can be removed using well know malware removal tools, such as MalwareBytes. But these tools CANNOT unencrypt your infected files.

DO NOT PAY THE RANSOM!

The Cryptolocker malware will display a large warning message that your computer has been compromised, and that you can recover your files if you pay the required ransom (anywhere from $100 to $300). But they say that you only have a limited amount of time to pay this ransom, generally 72 hours.

Even though there are some people who have reported paying the ransom and getting their files unencrypted, I cannot condone such actions. Not only is there is no assurance that the cleanup will take place if you pay the money, it still remains that your system has been compromised.

REFORMAT and RELOAD

I strongly advise to reformat infected systems and restore Windows, either from backup or as a clean install.

Ongoing WordPress Security Attacks

This is for anyone who creates or maintain WordPress sites. It comes from one of the WordPress 3rd party theme developers (iThemes) that I regularly use, and I thought I would share it. Original post dated April 15, 2013:

“Ongoing WordPress Security Attacks, The Details and Solutions:
There is a very real, very large ongoing attack against WordPress sites. It has been going on for a while now, but it severely escalated last week…”

http://ithemes.com/2013/04/15/ongoing-wordpress-attacks-details-and-solutions/

image

Setup Tracking Protection for Internet Explorer

Internet Explorer (IE) version 9/10 has a feature called Tracking Protection. Paul Thurrott covers the details of this feature in his blog post. By enabling Tracking Protection, chances are you will also see a performance boost when browsing the Internet.

So here are the quick steps for implementing Tracking Protection:

  1. Open up IE9/IE10 and click on Tools –> Safety –> Tracking Protection. This will open up the Tracking Protection section of Manage Add-ons.
    image   image

    Please note: whenever you change or add something to Tracking Protection, you may need to close and re-open the Tracking Protection in order to see your changes.

  2. Click “Your Personalized List” and click the Enable button. This will tell IE to automatically generate an internal tracking protection list based on your browsing habits.

    After enabling, click on “Settings for this list…” and it will display for you URL’s (based on your browsing history) that you may wish to block.
    image   image

  3. Close and then reopen Tracking Protection and you will now see a new option “Get a Tracking Protection online….”. Click on this link and from the new window that opens up, select one or more third party tracking protection lists. Then Click Add –> Add List, then close and reopen Tracking Protection.

    image   image   image

Now, go ahead and enjoy a safer and faster browsing experience!

Scorpion Software Webinar

Dana Epp, a fellow Microsoft MVP, has a webinar scheduled for Wednesday January 16th. His company, Scorpion Software, provides secure password management solutions.

Here is a personal (video) invitation from Dana:

Calyptix Mail Bagging

I recommend and install Calyptix’s Access Enforcer all-in-one network security appliance at many of my customer sites. Compared to my experience working with some other security appliances, I find the Access Enforcer very easy to install and maintain.

image

If you work with Calyptix, you may not be aware that they do “mail bagging” automatically if you enable SMTP filtering. “Mail bagging” simply means that if (for whatever reason) incoming mail cannot be delivered to your on-premise mail server, the Access Enforcer will hold (bag) it. Once your mail server is back online, it will release the emails.

The Calyptix KB article on mail bagging was updated today to address the proper requirements for using this feature.

GFI MAX Mail issues

Most of my customers are using GFI’s MaxMail solution to provide virus and spam filtering, as well as email continuity and archiving.

Today, a customer called to report issues with sending and receiving emails. I was able to successfully connect to the server remotely, but incoming and outgoing email seemed to be at a stand still, but with no warnings or errors. I rebooted Exchange on this SBS 2008 server, with no improvement.

I then used MXToolBox to check out the status of the domain and test SMTP delivery. Voila! It reported an error in connecting to GFI’s intermediate IP addresses!

image

I then called GFI Support, and the pre-recorded message informed me that I was not the only one with this issue. I also learned that GFI does have a specific URL for Blog status monitoring of GFI MAX: http://status.gfimax.com

image

And here is what they are reporting:

Our engineers have been systematically assessing all of the centralized components of our service in North America, including our configuration databases, the greylisting service, our various spam and virus filtering engines, network responsiveness between datacenters, and other elements that could be causing the very slow response times of our filters.

The likely culprit from our testing is the centralized asset storage servers, which are responding more slowly than usual by nearly an order of magnitude. The engineers are investigating this in detail to determine what is causing multiple asset stores in multiple datacenters to be so affected.

image

GoDaddy Services Down

Go Daddy

Earlier this afternoon (Monday Sept 10, 2012) GoDaddy acknowledged via their Godaddy Twitter site that they are experiencing a major outage. GoDaddy-registered web sites are offline.  At around 4pm (EST) they tweeted the following:

GoDaddy Update: Still working on it, but we’re making progress. Some service has already been restored. Stick with us.

As far as I can tell, this outage does not affect any sites that are just using GoDaddy’s SSL certificates.

Rekey GoDaddy SSL Cert

It normally takes very little effort to order and install a GoDaddy SSL certificate on an SBS 2008/2011 server, thanks in part to the Install Certificate wizard that comes with SBS.

I had a situation with an existing UCC SSL cert from GoDaddy that needed a “Subject Alternative Name” (SAN) added. I wasn’t sure how to do it, but GoDaddy’s support desk was quick and responsive. It turns out the solution was easy, if you do it in the right order!

1. Run the SBS wizard to generate a new CSR request. Leave this screen up.

2. Login to the GoDaddy site, and drill down to the SSL cert in question, and select Manage, and then enter the additional SAN names required (in my case, it was autodiscover.xxx.com).

3. Then select the Re-Key option from Godaddy, and once the cert has been re-keyed (a matter of seconds), you can download the Cert zip file – with no waiting for a confirmation email!

image

4. Copy and unzip the Cert file on the server, and then complete the SBS Wizard.

image

Windows Defender Offline Error 0x80508007

Microsoft’s Windows Defender Offline (WDO) product should be in the toolkit for every I.T. technician. If you are trying to run this on a very old Windows XP computer with less than 768KB of memory, WDO will display error 0x80508007 when starting up.

The error message displayed does not tell you what’s wrong, but the cause is not enough memory. WDO requires a minimum of 768KB of memory.

Microsoft’s article KB 2520970 includes a list of error codes you may encounter.