Monthly Archives: June 2014

You are browsing the site archives by month.

#IwantmySecurityemail

#IwantmySecurityemail


I’m starting a social campaign.  I don’t live in Canada.  I live in the USA.  I gave Microsoft permission to email me.  I don’t buy this bit that it’s due to an Canadian spam email law.

What I sent to Microsoft:

Many years ago there was a security researcher who said the following: 

“Don’t lose sight of security. Security is a state of being,
 not a state of budget. He with the most firewalls still does
 not win. Put down that honeypot and keep up to date on
 your patches. Demand better security from vendors and
 hold them responsible. Use what you have, and make
 sure you know how to use it properly and effectively.

 And above all else, don’t abuse or take for granted sources of help and
 information.  Without them, you might find yourself lost or
 inconvenienced.”
 ~Rain Forest Puppy


While he has gone on to other things, that last part has always stuck with me.  Don’t take for granted sources of help and information.  Without them, us, the good guys, will be lost.

Getting rid of the email notifications of security information is impacting me, one of the good guys.  It’s how I communicate to over 5,000 IT administrators on a patchmanagement listserve that it’s time to send out updates.  It’s how I get alerted to when there are security advisories.  And any other changed to bulletins.  It makes me go look and understand what my risks are.  Taking this away and attempting to replace it with RSS feeds means you just damaged not only me, but countless number of Enterprises the world over that also rely on this mechanism to be alerted to changes in the security ecosystem.

While I do use RSS feeds, there is nothing that quite takes the place of an email.

So may I ask on behalf of the community of the good guys that you reconsider this decision of yours to suspend the use of email notifications of

* Security bulletin advance notifications
* Security bulletin summaries
* New security advisories and bulletins
* Major and minor revisions to security advisories and bulletins

And give us, the good guys, the ability to opt into such communication and waive any and all governmental policies you think are impacted by this communication.

Susan Bradley


 


********************************************************************
Title: Microsoft Security Notifications
Issued: June 27, 2014
********************************************************************

Notice to IT professionals:

As of July 1, 2014, due to changing governmental policies concerning
the issuance of automated electronic messaging, Microsoft is
suspending the use of email notifications that announce the
following:

* Security bulletin advance notifications
* Security bulletin summaries
* New security advisories and bulletins
* Major and minor revisions to security advisories and bulletins

In lieu of email notifications, you can subscribe to one or more of
the RSS feeds described on the Security TechCenter website.

For more information, or to sign up for an RSS feed, visit the
Microsoft Technical Security Notifications webpage at
http://technet.microsoft.com/security/dd252948 .

Other Information
=================

Follow us on Twitter for the latest information and updates:
http://twitter.com/msftsecresponse

Recognize and avoid fraudulent email to Microsoft customers:
=============================================================
If you receive an email message that claims to be distributing
a Microsoft security update, it is a hoax that may contain
malware or pointers to malicious websites. Microsoft does
not distribute security updates via email.

The Microsoft Security Response Center (MSRC) uses PGP to digitally
sign all security notifications. However, it is not required to read
security notifications, security bulletins, security advisories, or
install security updates. You can obtain the MSRC public PGP key at
https://technet.microsoft.com/security/bulletin/pgp.

To receive automatic notifications whenever Microsoft Security
Bulletins and Microsoft Security Advisories are issued or revised,
subscribe to Microsoft Technical Security Notifications on
http://technet.microsoft.com/security/dd252948.

When you don’t have a TPM chip

Built a computer for Dad that is a small ATX form factor.  Found out the motherboard didn’t support a TPM chip.  Rats.


So right now testing out Symantec full drive encryption (no true crypt here).  Sophos firm encryption is a consideration for someone wanted to roll out cross platform encryption.


I personally have not found encryption to nail the CPU or show any impact on the machine.  Granted it does just a little bit during the initial encryption, but after that I’m not seeing a hit.

Amy announced today….

Third Tier Brain Explosion registration is open! Sept 7-8

You can sign up now at http://conferences.gfimax.com/2014/us/  We’re offering it as an official pre-day event at the GFI Max conference. GFI has been very supportive and is handling the registration for us. You’ll go through their conference registration system and choose the Third Tier event. It’s $99 for a full 8 hours of content presented by Jeremy Anderson, Phil Elder, Susan Bradley and Amy Babinchak. The Brain Explosion happens at 1-5pm on Sunday and 8am-12pm on Monday. Since we’ll all be there on Sunday night we will also be announcing a pub meetup for the attendees on Sunday night. This will give you an excellent opportunity to get to know the speakers and your fellow attendees. Attendance is capped and our previous 3 Brain Explosions all sold out so please make your reservation early. It’s going to be great!


I’ll be talking about protecting your ‘exhaust ports’ better known as your weak links!

Office 2013 June 2014 update -affecting Click-to-Run users

Office 2013 June 2014 update -affecting Click-to-Run users, cannot – Microsoft Community:
http://answers.microsoft.com/en-us/office/forum/office_2013_release-office_install/office-2013-june-2014-update-affecting-click-to/16366a79-f64d-4ea7-b02d-2683365a7530


What a lovely mess.  If you have click2run folks, you may want to reach out to them (if they haven’t contacted you already) to see if they are having issues.

Office 365 Billing FAQ for Partners

http://partnersupport.microsoft.com/en-us/mpnpartnermem/forum/mpnpartpq-mpnpmaction/office-365-billing-faq-for-partners/6945b43b-b223-4ca2-8f7f-bea24f6f313f


Q: How does my customer update their credit card information?


 


A:  


1. Login to Office 365 Admin Center .
2. Go to the subscription page.
    -For Small Business plan users: Click Manage and purchase subscriptions under licenses.
    -For Midsize or Enterprise plan users: Click licensing in the left navigation.
3. Click the subscription name.
4. On the Subscription details page, under Payment details, click Edit.
5. On the Change payment details Page, follow the instructions to update the credit card and click Place order at last.


 


Note: If a subscription was purchased by another admin at your organization, you will not be able to update the credit card information for the subscription. If that credit card is about to expire and the other administrator is not able to update the information, you can prevent service interruption by adding a different credit card for the subscription.


 


If you cannot update the credit card information by the steps above, please contact your Regional Service Center to help you on the issue. **Please see note at the end of this post for steps on how to contact your Regional Service Center.


 


For more information go here.




 


Q: Can I pay on behalf of my customers?


 


A: Paying on behalf of clients is strictly in breach of the Microsoft Online Services Partner Agreement (MOSPA). Unfortunately, paying on behalf of customer would be out of compliance.


 


For more information go here and log in with the Microsoft Account associated to your Partner Account.


 


 


 


Q: Where does my customer find invoices/bills in the Microsoft Online Portal?


 


A: You can view your billing statement or invoice for information about your Office 365 subscription charges. Your bill will appear in one of two ways. Please refer to the steps that match your experience in the Office 365 portal by clicking here.


 


 


 


Q: How does my customer switch from invoicing to credit card or vice versa?


 


A: To change the Office 365 Payment Method, please contact your Regional Service Center.


**Please see note at the end of this post for steps on how to contact your Regional Service Center.


 


For more information go here.


 


 


 


Q: How does my customer switch from annual billing to monthly billing or vice versa?


 


A: To switch a subscription from monthly paid to annual paid, please follow the steps below:
1. Contact your
Regional Service Center to change the current subscription to a disabled state.
2. Purchase the annual paid subscription in Office 365 admin center.
    Go to Office 365 admin center -> click Manage and purchase licenses under licenses ->purchase services -> Add to buy the annual paid subscription.
3. After the new subscription shows up in the portal, the Representative will cancel the monthly paid one.


**Please see note at the end of this post for steps on how to contact your Regional Service Center.


 


For more information go here.


 


 


 


Q: When does my customer receive an invoice and when do they need to pay it?


 


A: Your customer will receive the invoice the day after the initial purchase. On that mark, the invoice will be generated each 30 days. Once the invoice is generated, it is required to make the payment 10 days after receiving the invoice. Payment terms are net due in 30 days. Your invoice will include details about your options for making a payment.


 


If the Payment Method is Credit Card, the charge will occur automatically.


 


For more information go here.


 


 


 


Q: If my customer’s subscription is disabled due to late payment on an invoice, can they pay the bill with a credit card?


 


A: Unfortunately no. Once a Payment Method is selected, all past dues will need to be paid with the selected payment method. If you’d like to change the payment method for subscriptions from invoice to credit card, please contact your Regional Service Center to help you. When this is done, the future bill can be paid via a credit card while the previous bill still needs to be paid via invoice.


**Please see note at the end of this post for steps on how to contact your Regional Service Center.


 


For more information go here.


 


 


 


Q: Can my customer get a refund for their subscription?


 


A: Please contact your Regional Service Center to request a refund and provide the cancelation reason. Unfortunately, within the first 30 days refunds do not apply. Please be aware that your Regional Service Center will submit the request for your refund but it cannot be guaranteed.


**Please see note at the end of this post for steps on how to contact your Regional Service Center.


 


 


 


Q: Can I purchase a subscription on my customers account through Delegated Administrative Privileges?


 


A: No. Delegated Admin Rights are utilized to manage the Office 365 subscriptions, users and existing licensing. DAP does not have the right to modify billing or license counts.


 


For information on what can you do with Delegated Administrative Privileges, please go here.


 


 


 


Q: How does tax exemption work?


 


A: Each customer’s State Sales Tax Exemption has legal guidelines that are specific to that State Department of Tax Revenue (or similar department) and has to be managed accordingly. This means that while most states have blanket certificates which are renewed annually, there are states that may renew at two or more years. The customer can verify this information by either checking their Certificate or by checking with their State for the appropriate renewal dates.


 


Please contact your Regional Service Center to submit the Tax Exemption Certificate.


**Please see note at the end of this post for steps on how to contact your Regional Service Center.


 


 


 


Q: Why is my customer being charged tax after increasing or decreasing their licenses when they are tax exempt?


 


A: When Tax Exemption is submitted, it is applied to the current license count and subscription the customer has. If any changes are made to that subscription, tax will be charged. To correct this, please contact your Regional Service Center.


**Please see note at the end of this post for steps on how to contact your Regional Service Center.


 


 


 


Q Why was my customer’s subscription canceled?


 


A: There could be different reasons why this can happen: Auto renew option disabled, Non Payment, Fraud, User Request


Auto renew option disabled: When a subscription comes to the end date, it comes with an option to auto renew. This option can be disabled. If it is, the subscription will automatically be disabled.


Non Payment: When the client does not pay for the subscription, the subscription will go to a disabled state.


Fraud: There are certain scenarios where concern of fraudulent activity may cause a subscription to be disabled in order to protect your account security. Such as, when there are two accounts with the same address or if there are multiple accounts using the same credit card. As soon as these scenarios are identified, the subscription will go to a disabled stated.


User Request: This happens when the Partner of Record or Customer contacts the Regional Service Center and requests a service downgrade.


 


Please feel free to contact your Regional Service Center for additional questions.


**Please see note at the end of this post for steps on how to contact your Regional Service Center.


 


 


 


Q: My customer can’t understand their invoice as it’s difficult to read. How can we understand the bill?


 


A: Please refer to the following article where you will find details on how to read your bill. If you have any


further questions, please contact you Regional Service Center for support.


**Please see note at the end of this post for steps on how to contact your Regional Service Center.


 


For more information go here.


 


 


 


**Note: To contact your RSC, you may follow the steps below:


  1. Sign in to the Partner Portal with the Microsoft Account (formerly known as Windows Live ID) you use to access the Partner Membership Center.
  2. Select from the options in the dropdown menus with the category that best suits your inquiry.
  3. You will receive a list of resources to address your concern, please select the “Call An Agent” option at the bottom of the page and you will be provided with the contact information.

So is Windows 8.1 a good consumer platform?

I just had to do a refresh of my Dell 8.1 XPS 10 and it rolled back to pre KB2919355 and I had to reinstall that update again.


RT will take the refresh of the machine back to the base of 8.1 after the store update.


8 Pro’s refresh takes it back to how the machine was shipped.  If your OEM shipped that machine with Windows 8, after refreshing it, you’ll roll all the way back to Windows 8 and you’ll have to go through the store process and then 2919355 again.


Windows 8.1 may be a free update, but it may come at a high price of not having good recovery media.


This makes it not so great for folks trying to support this platform for consumers.

Cryptolocker on Android

Lovely.


http://arstechnica.com/security/2014/06/warning-your-phone-is-locked-crypto-ransomware-makes-its-debut-on-android/


Cryptolocker is now showing up on phones.  


The best patching tool is still the human brain.  Did you expect that email?  Is it wise to open that attachment?


The bad guys know we have a hard time patching the human.

Manage mobile devices from the cloud

Cisco Meraki – Cloud Managed Networks that Simply Work:
https://meraki.cisco.com/products/systems-manager


Interesting cloud management product that you probably should check out.


It manages iphones as well as Android phones.