Security Protection – Harry Waldron MVP Rotating Header Image

Malware – W2KM_DLOADR.OTO Microsoft BITS used to download payloads

The Internet Storm Center (SANS) reports a new malicious macro-based Word document targeting users in Turkey.  Instead of using the Office based XMLHTTP process, the Microsoft BITS ADMIN command-line facility is utilized to download malicious agents onto the infected PC:

A few day ago, I found an interesting malicious Word document. First of all, the file has a very low score on VT: 2/56 (analysis is available here). The document is a classic one: Once opened, it asks the victim to enable macro execution if not yet enabled. The document targets Turkish people.  This is the interesting part. Instead of using a classic Microsoft XMLHTTP object, the macro download the payload via the tool Bitsadmin. Bitsadmin is a command line tool used to create download or upload jobs and monitor their progress. It is available by default since Windows 7 or Windows Server 2008 R2. “BITS” stands for “Background Intelligent Transfer Service”.

Cloud Computing – PC Magazine defines this technology

This PC Magazine article defines Cloud Computing and cites several examples:,2817,2372163,00.asp

What is the cloud? Where is the cloud? Are we in the cloud now? These are all questions you’ve probably heard or even asked yourself. The term “cloud computing” is everywhere. In the simplest terms, cloud computing means storing and accessing data and programs over the Internet instead of your computer’s hard drive. The cloud is just a metaphor for the Internet. It goes back to the days of flowcharts and presentations that would represent the gigantic server-farm infrastructure of the Internet as nothing but a puffy, white cumulus cloud, accepting connections and doling out information as it floats

What cloud computing is not about is your hard drive. When you store data on or run programs from the hard drive, that’s called local storage and computing. Everything you need is physically close to you, which means accessing your data is fast and easy, for that one computer, or others on the local network. Working off your hard drive is how the computer industry functioned for decades; some would argue it’s still superior to cloud computing.

For it to be considered “cloud computing,” you need to access your data or your programs over the Internet, or at the very least, have that data synced with other information over the Web. In a big business, you may know all there is to know about what’s on the other side of the connection; as an individual user, you may never have any idea what kind of massive data processing is happening on the other end. The end result is the same: with an online connection, cloud computing can be done anywhere, anytime.

There is an entirely different “cloud” when it comes to business. Some businesses choose to implement Software-as-a-Service (SaaS), where the business subscribes to an application it accesses over the Internet. (Think There’s also Platform-as-a-Service (PaaS), where a business can create its own custom applications for use by all in the company. And don’t forget the mighty Infrastructure-as-a-Service (IaaS), where players like Amazon, Microsoft, Google, and Rackspace provide a backbone that can be “rented out” by other companies. (For example, Netflix provides services to you because it’s a customer of the cloud services at Amazon.)

SQL Server 2016 – June 2016 release planned

Microsoft has announced availability of SQL Server 2016 is currently set for June 1, 2016 as documented below:

SQL Server 2016 is the foundation of Microsoft’s data strategy, encompassing innovations that transform data into intelligent action. With this new release, Microsoft is delivering an end-to-end data management and business analytics solution with mission critical intelligence for your most demanding applications as well as insights on your data on any device. Recently, we had the opportunity to showcase the exciting capabilities and what customers are doing with SQL Server 2016 at our Data Driven event. Building on this momentum, today we are excited to announce the following:

* SQL Server 2016 will be generally available on June 1, 2016. This will allow you to build mission-critical, and business critical intelligent applications with the most secure database1, the highest performance data warehouse2, end-to-end mobile BI on any device, in-database advanced analytics, in-memory capabilities optimized for all workloads, and a consistent experience from on-premises to cloud. These capabilities are built-in to SQL Server for industry-leading low cost of ownership.

* New SQL Server 2016 performance benchmarks. Today, Lenovo published a new #1 TPC-H 30 TB world record3 using SQL Server 2016 and Windows Server 2016 on Lenovo System x2950 X6. This result, in addition to recent benchmarks by software and hardware partners, as well as key applications across variety of workloads, proves that SQL Server 2016 is the fastest in-memory database on the planet for your applications.

* The SQL Server 2016 editions include Enterprise, Standard, Express, and Developer. In March, we announced that the SQL Server 2016 Developer edition will be a free download to enable broad access to and development on the full capabilities of the latest SQL Server release.

Developer edition provides access to the full capabilities of SQL Server to build and test new mission critical, intelligent applications. In March, we announced that the SQL Server 2016 Developer edition will also be available as a free download. With Express and Developer edition, we want to make the capabilities of SQL Server 2016 broadly available to developers.

Leadership – Advice and Ten Great Quotes for Entrepreneurs

John Maxwell’s leadership blog shares some excellent motivational quotes and tips for entrepreneurs

It still blows my mind how powerfully other people’s words can improve my understanding of certain ideas. Lately I’ve been thinking about ways to help entrepreneurs with their businesses, and from my files I’ve pulled out some quotes that I think are extremely helpful for anyone who owns—or dreams of owning—their own business.

Being an entrepreneur is hard. There are challenges in so many areas: time, resources, commitments, character. Fear can be an ever-present enemy. But along with the challenges, the rewards are abundant as well: opportunity, independence, freedom, flexibility, and so many more.  In fact, the entrepreneur embraces what Peter Drucker once said: “The entrepreneur always searches for change, responds to it, and exploits it as an opportunity.”  But Peter isn’t the only one with wise words for entrepreneurs.

In fact, here are some other great quotes that I believe entrepreneurs of all stripes will find helpful …

Facebook – Warning to avoid impersonation attacks

 This USA Today article shares dangers of impersonation attacks actively circulating:

Last week a hairstylist in Los Angeles, took a break and (of course) checked his phone. He discovered a flood of messages, all from alarmed friends telling him the same thing: “You need to report this man in Greece. He’s pretending to be you.”

Roman quickly found the link on Facebook to report the impostor, and set the wheels in motion to shut down the fake account. He also asked his friends to follow the same steps, which many did. But Roman awoke to a surprise the next morning: the impostor had reported him as the fake, and the real Roman had been locked out of his own page.

Here’s how the message from Facebook began:“Your account has been disabled for pretending to be someone else, which goes against the Facebook Community Standards.” Roman had no access to his account for several days, telling me he couldn’t exchange messages with his 70-year-old mother in New Jersey and his “friends from all around the world, my whole family, my godson in Cuba, my goddaughter.”

Android – Top recommended Microsoft applications April 2016

Several office products have been implemented as noted in attached post

One of the most prolific developers of business-focused apps in the Google Play Store for Android is, surprise, Microsoft. In the past year, Redmond has shipped new apps for the entire Office suite, OneDrive, Microsoft Intune, and Dynamics CRM. Not to mention a smattering of interesting utilities designed to make the Android experience better. Here are 10 of my favorites …

Apple Watch – User experiences during first year

An interesting detailed documentation of user experiences during 1st year of this innovative device:

This week was the official one-year anniversary of the Apple Watch. I’ve owned one for almost all of that time, and — like many tech journalists and gadget commentators — I believe it’s worth reflecting on what the Apple Watch has meant to the tech world, the wearables category, and Apple.  I didn’t actually get my Apple Watch until May 5. The reasons for that 11-day delay have to do with poor band choices and a a big chunk of FOMO, but 51 weeks is still enough time to write a reflective analysis.

EMAIL – Congress working on 2016 email privacy bill

As shared below further improvements for email privacy appear to be forthcoming in future:

We’re one step closer to email being treated as private communication, a distinction that would require government entities acquire a search warrant to read emails — even those older than 180 days.  The 180 day mark is currently the point where the federal government insists that email is “abandoned” on servers and, more or less, the digital equivalent of grabbing something out of a public garbage can. Of course, the rest of us live with the knowledge that archived email is no more abandoned than images you might store on a hard drive, or in the cloud.

With yesterday’s approval, the SCA’s predecessor — the Email Privacy Act (EPA) — is a step closer to becoming reality. Prior to yesterday, I had some concerns. Now, with a unanimous 419-0 vote in the House — the very place the bill typically died —  I feel relatively confident that the bill has legs.

Windows 10 – Anniversary update preview evaluated by ComputerWorld

Around July 2016, Windows 10 is slated for another major build and evaluation of preview version is shared below:

The first big update to Windows 10 will come this summer, a year after the operating system’s initial launch, with the release of what Microsoft is calling the Windows 10 Anniversary Update. The update’s exact release date hasn’t been set yet. Windows 10 was officially released on July 29, 2015 — but that doesn’t mean that the Anniversary Update will hit on the exact date.

When it is ready, the update will be delivered — as usual — via Windows Update. That means you won’t have to do anything manually — it will install automatically on its own. But you don’t have to wait until the official release date to install and use the update. Microsoft is releasing preview builds well before then — including one that you can install today.

As of this writing, the latest update is Windows 10 Insider Preview Build 14328. What follows includes information about features that Microsoft has announced will be in the final as well as features that are implemented in some way in the most recent build. Although the update is being called the Windows Anniversary Update, don’t expect many big presents. While there are some very solid and useful additions, this isn’t a big-bang change to the operating system.

Facebook – Government Data Requests on rise in 2016

As shared in article below requests from Government entities have increased during past year:

More than half of the requests for data that Facebook received from US law enforcement agencies in the second half of 2015 contained a non-disclosure order that prohibited the company from notifying the user whose data was requested, according to a report released today.  Facebook’s bi-annual report on global government data requests indicated that there were 19,235 requests in the US during from July to December 2015, up from 17,500 in the first half of the year. The company handed over data in 81 percent of cases.

Worldwide, government requests for account data increased by 13 percent, from 41,214 requests to 46,763. The number of items on the social network restricted for violating local law saw an even more dramatic jump, to 55,827 items, up from 20,568.  There were also up to 499 secret requests made for data under the Foreign Intelligence Surveillance Act (FISA).

In a blog post, Facebook’s Deputy General Counsel Chris Sonderby wrote that it does not provide any law enforcement agency access to data unless it determines the request to be legitimate.  “We scrutinize each request for user data we receive for legal sufficiency, no matter which country is making the request,” Sonderby wrote. “If a request appears to be deficient or overly broad, we push back hard and will fight in court, if necessary.”

Featuring WPMU Bloglist Widget by YD WordPress Developer