Monthly Archives: September 2011

Mozilla Firefox 7 now available

The Mozilla foundation has released the latest version of Firefox 

http://isc.sans.org/diary/Firefox+v+7+0+1+Is+Live/11698

http://www.mozilla.org/en-US/firefox/new/

Windows 8 Preview..

I lost it and it will not re-install. With the problems I had with VirtuaBox and now VMWare 8, I am tempted to give the preview a miss completely. or maybe set up a hard drive all of its own. Trouble is that I do not have a hard drive kicking around presently.

So for now, there will be nothing from me on aspects of Windows 8 Preview other than what I have written already. To be perfectly honest, I would rather wait for the beta which will be much nearer to the finished product than the preview anyway.

More Preview information here.. http://windows.microsoft.com/en-CA/windows-8/preview

There are many other sites and Youtube videos around too. The above is just the official Microsoft LZ.

See you in Vegas!



Jessica has let her hair down and she and the Gnome are ready to party … um I mean learn about SMB solutions at SMBnation.com

See you in Vegas!

New TLS/SSL Security Vulnerabilities – Best Practices for Protection

Trend Micro shares some excellent user safety tips and administrative design standards to help mitigate attacks.  One key practice is to close secure websites by logging out to keep sessions as short as possible.

BEAST and TLS/SSL Security: What It Means For Users and Web Admins http://blog.trendmicro.com/beast-and-tlsssl-security-what-it-means-for-users-and-web-admins/
What can users do?

• Keep time spent on sensitive SSL sessions as short as possible. The attacker needs time to decode the encrypted message. If the session cookie is invalid before the attacker has finished, this attack fails.

• When leaving an SSL protected site, be sure to actually log out, not just move to a new site. In many cases, actively logging out will invalidate any cookie/session data that the attacker may have successfully decoded.

• Standard security best practices still work. For this attack to be successful, the attacker must have access to either your network or your computer. At the very least, up-to-date security software will make life harder for an attacker.
What can website administrators do?

• Make sure your logout button performs the expected action. You are leaving users at risk if your site does not actually invalidate session cookies when they click “log out”.

• Ensure that session cookies are tied to an IP address where the session was established. If that IP address changes, consider validating that the source of the requests is still your user. This will not prevent this attack, but it will make it harder to exploit your users.

• Resist the temptation to change SSL ciphers without carefully considering the risks first. While it is true that RC4 is not subject to this attack, it presents more risk than AES. Also, it isn’t a bad idea to keep an eye on the IETF TLS working group.  New versions of the TLS standard exist that eliminate the weaknesses used in this attack. Unfortunately HTTP server and browser coverage of these new standards is spotty at the moment at the moment. So you have to carefully consider both your environment and your user base before such a change.

TLS (Transport Layer Security) Working Group http://datatracker.ietf.org/wg/tls/charter/

TLD4 Rootkit – New Variant of MBR version emerges

TLD4 is one of the most advanced Windows malware agents circulating.  It is highly stealth and hides in the master boot record of the Windows O/S.  Trend Micro shares developments related to a new version:

TDL4 Worm Component Employs Bitcoin Mining http://blog.trendmicro.com/the-worm-tdl4-and-botcoin-miners/

QUOTE: TDL4 is a well known variant of the TDSS malware family known for evading detection by antivirus products by infecting affected systems’ boot sector. We’ve been monitoring developments related to TDSS, and earlier this year we saw TDL4 exhibit propagation routines through a worm component that Trend Micro detects as WORM_OTORUN.ASH.

Amazon Kindle Fire – High Tech and Low Cost e-Book reader

This is an interesting development as a low-cost high technology tablet:

Amazon Unveils $199 Kindle Fire Tablet http://www.bloomberg.com/news/2011-09-28/amazon-unveils-199-kindle-fire-tablet.html

QUOTE: The Kindle Fire will have a 7-inch display and sell for $199, compared with $499 for Apple’s cheapest iPad, Amazon executives said in interviews with Bloomberg Businessweek. The device, a souped-up version of the Kindle electronic-book reader, will run on Google Inc.’s Android software, the Seattle-based company said. Amazon also introduced a touch-screen version of its e-reader, to be called Kindle Touch.

The perils of being a female geek

So I arrive at the Rio hotel and start to unpack … the technology.   The wireless router so that I can make the wired connection a wireless (and btw if you are on a certain floor near a certain room the open wireless with the SSID of “default” is my little travel dlink router), and then the ancient laptop that I’ve had forrreeeever (and I’ll probably install win8 on it just as a proof of concept one of these days), and then the newest geek gear, an android tablet with a mifi device.  And I go to check to see if the mifi is charged up and…. shoot I remember I left the charger in the wall at home.  No worries, I’ll just use the USB connection jack to charge it like I do with my iPhone.  I use a retractable iPhone cable on the road so I don’t have to pack one more cable and I leave it in my laptop bag.  So I go to get the mini usb cable for it… and of course I can find like THREE mini usb cables in all of my geek gear but not the RIGHT mini usb cable.  Shoot, says I.  Well I’ll just have to use the mifi lightly this weekend. 


So I start to unpack a bit more and get things like my toothbrush out of my makeup bag.  And out of my makeup bag falls the RIGHT mini usb cable for the Verizon mifi device.


Why the RIGHT cable ended up in my makeup bag, I have no clue.  I’m going to guess in the heat of packing during the last trip I stuffed in in there, needless to say I’m now back to being a happy female geek with all my cables and cords and stuff and makeup and curling iron, and hot chocolate (yes I travel with bags of Hot chocolate – and good thing too – the Rio makes you pay for the coffee).


Well enough blogging for the night. time to get ready for Harry Brelsford keynote bright and early tomorrow morning.

F-Secure ShareSafe Beta – Security Application for Facebook

F-Secure has developed a security product designed to integrate with Facebook and check for malicious links.

F-Secure ShareSafe Beta – Security Application for Facebook http://www.f-secure.com/weblog/archives/00002243.html

QUOTE: Security applications and Facebook tend to mix together like oil and water.  Therefore, when attempting to develop a security application for Facebook… it had better not be boring. And that brings us to our new beta: F-Secure ShareSafe. The development team behind ShareSafe aims to build an entertaining Facebook app, with security benefits tagging along for the ride.

SBS 2011 bpa updated!

http://support.microsoft.com/kb/2600333
http://blogs.technet.com/b/sbs/archive/2011/09/29/windows-server-solutions-bpa-updated-september-2011.aspx

Okay gang kick the tires, see if it now finds stuff.

New best practices

After you install this update, the Windows Server Solutions BPA performs the following checks:
  1. Checks whether the application pool for Remote Web Access uses the default account
  2. Checks whether the application pool for Remote Web Access uses the default version of the .NET Framework
  3. Checks whether the application pool for Remote Web Access uses the default Managed Pipeline Mode
  4. Checks whether the application pool for Remote Web Access uses the default bit version
  5. Checks whether the built-in Administrators group has the "Log on as a batch job" user right
  6. Checks whether the Windows Firewall is enabled
  7. Checks whether the DNS host (A) resource record points to the correct IP address
  8. Checks whether the internal network adapter is configured to register the IP address of the network adapter in DNS
  9. Checks whether the values of the DNS ForwardingTimeout registry key and the RecursionTimeout registry key are identical
  10. Checks whether the extension mechanisms for DNS (EDNS) is enabled
  11. Checks whether the forward DNS zone of your Active Directory domain allows for secure updates
  12. Checks whether the forward DNS zone allows for secure updates
  13. Checks whether Internet Explorer Enhanced Security Configuration is enabled for the Administrators group
  14. Checks whether Internet Explorer Enhanced Security Configuration is enabled for the Users group
  15. Checks whether the source server is in the Active Directory Sites and Services snap-in
  16. Checks whether the source server is in the SBSComputer organizational unit (OU)
  17. Checks whether the MaxCacheTTL DNS parameter is not set
  18. Checks whether a Windows Small Business Server (SBS) Group Policy is missing 
  19. Checks whether there are DNS name server resource records in the forward lookup zone
  20. Checks whether there are DNS name server records in the _msdcs zone
  21. Checks whether there are DNS name server records for the delegated _msdcs forward lookup zone.
  22. Checks whether Windows SBS is the Domain Naming Master (if Windows SBS is the Domain Naming Master, you will receive a confirmation message)
  23. Checks whether Windows SBS is the Infrastructure Master (if Windows SBS is the Infrastructure Master, you will receive a confirmation message)
  24. Checks whether Windows SBS is the Primary Domain Controller Master (if Windows SBS is the Primary Domain Controller Master, you will receive a confirmation message)
  25. Checks whether the Authenticated Users group is a member of the Pre-Windows 2000 Compatible Access group
  26. Checks whether Windows SBS is the Relative ID (RID) Master (if Windows SBS is the RID Master, you will receive a confirmation message)
  27. Checks whether the DNS client is configured correctly
  28. Checks whether Windows SBS is the Schema Master (if Windows SBS is the Schema Master, you will receive a confirmation message)
  29. Checks whether the value of the RootVeer registry entry for the .NET Framework is correct 
  30. Checks whether the server cannot ping
  31. Checks whether the value of the Remote Desktop Protocol (RDP) port is the default value
  32. Checks whether the value of the SysvolReady registry key is correct
  33. Checks whether the Sysvol folder is shared
  34. Checks whether the free disk space is very low
  35. Checks whether the value of the default Application Pool is changed
  36. Checks whether the Certification Authority name may cause errors
  37. Checks whether the value of the OriginalMachineName(90) registry key is correct
  38. Checks whether the value of the OriginalMachineName(100) registry key is correct
  39. Checks whether the version of Exchange Server 2010 is the release version
  40. Checks whether Windows SBS is in a journal wrap condition
  41. Checks whether the external remote procedure call (RPC) authentication is not set to the default method
  42. Checks whether the internal RPC authentication is not set to the default method
  43. Checks whether the version of Windows Server 2008 R2 is the release version
  44. Checks whether Simple Mail Transfer Protocol (SMTP) is installed
  45. Checks whether there are empty Servers containers
  46. Checks whether the accepted domain for Exchange is not the default domain
  47. Checks whether the application pool for SharePoint uses the default account
  48. Checks whether the application pool for SharePoint uses the default version of the .NET Framework
  49. Checks whether the application pool for SharePoint uses the default Managed Pipeline Mode
  50. Checks whether the application pool for SharePoint uses the default bit version
  51. Checks whether the application pool for PowerShell uses the default account
  52. Checks whether the application pool for PowerShell uses the default version of the .NET Framework
  53. Checks whether the application pool for PowerShell uses the default Managed Pipeline Mode
  54. Checks whether the application pool for PowerShell uses the default bit version

Patching related info from the Excel blog:

Patching related info from the Excel blog:


http://blogs.technet.com/b/the_microsoft_excel_support_team_blog/archive/2011/09/29/office-file-validation-causes-slow-opening-of-excel-files-from-network.aspx


http://blogs.technet.com/b/the_microsoft_excel_support_team_blog/archive/2011/09/28/links-in-excel-are-broken-after-applying-security-update-ms11-072.aspx


If you are seeing that second one, can you call into Microsoft?  They need repros in order to fix things and when they don’t have repros, they can’t fix.

Recent Comments

Archives