Si usted quiere evitar que el almacenamiento de disco de su servidor SQL de su implementación SharePoint no se llene totalmente y por lo tanto no le hablen durante vacaciones decembrinas, asegúrese de contar con un plan de capacidad que le permita asegurar que pase lo que pase, el crecimiento de las bases de datos de contenido no impactara o sobrepasara las capacidades de almacenamiento de su servidor.
Cuando diseñamos una implementación SharePoint es muy importante identificar el aproximado de almacenamiento en GB o TB que se va a requerir. La economía cambia y por lo tanto las empresas cambian constantemente por ende es obvio que es un poco complicado de estimar sin embargo usted puede definir límites de almacenamiento de sus bases de datos de contenido y con base en ello tener un mejor control sobre el crecimiento de las mismas y por ende controlar mejor la capacidad de almacenamiento disponibles.
Defina quotas de almacenamiento.
Una quota es un control de configuración que podemos establecer a nivel colección de sitios donde puede especificar el tamaño máximo de almacenamiento para una colección de sitios determinada. Especificando el tamaño máximo de almacenamiento y el número de colecciones de sitios que nuestras bases de datos de contenido pueden tener es que podemos asegurar que nuestro sistema no excederá los límites disponibles. Justamente por excederse es que se llenan los discos duros y de pronto el servicio en general se puede ver afectado al grado de que es inoperable o está fuera de línea.
En la herramienta central de administración usted encontrara dos opciones disponibles para configurar lo mencionado anteriormente:
Manage content databases
En esta opción usted puede crear nuevas bases de datos de contenido o editar las existentes para especificar el estado o controles de configuración útiles para monitoreo de los límites y la disponibilidad de su base de datos.
Note como tenemos el número actual de colecciones de sitio, el número máximo de colecciones de sitios que podemos almacenar y el número de nivel de advertencia con el cual como administradores de SharePoint y también los administradores de la colección de sitios podrán ser notificados cuando estamos llegando a los límites de almacenamiento y con base en ello tomar alguna acción.
Entonces si somos capacidad de definir quotas de almacenamiento y el máximo número de colecciones de sitio que podemos almacenar en una determinada base de datos de contenido podremos ser más proactivos respecto a cómo el sistema crece de forma orgánica y organizadamente.
Specify quota templates
Retomando lo mencionado anteriormente sobre las quotas veamos que en esta opción tenemos disponible un formulario para crear nuestras propias plantillas de quotas que posteriormente podrán ser asignadas a nuestras colecciones de sitios que a su vez existirán sobre nuestras bases de datos de contenido las cuales tienen un límite máximo.
- MySite: 100MB
- Free: <500 MB
- Small: 501 – 1,000MB
- Medium: 1,001 – 5,000MB
- Large: 5,001 – 25,000MB
- Isolated: 25,001 – 100,000MB
- Dedicated: >100,000 (multiple site collections or a single dedicated corporate service such as Enterprise Records Management)
entonces como registrar una nueva quota en SharePoint:
Defina cuantas bases de datos de contenido convienen tener en su granja SharePoint. Cada base de datos establezca un límite máximo de 200 GB a nivel SQL Server. A nivel SharePoint defina cuantas colecciones de sitios puede almacenar y muy importante el nivel de advertencia para que usted sepa reaccionar con anticipación cuando una base de datos de contenido se está quedando sin espacio. También defina quotas que le permitan contabilizar cuantas colecciones de sitio podría tener en una base de datos de contenido de acuerdo a su número máximo de almacenamiento de colecciones de sitio. Por ejemplo, si tengo una base de datos de contenido de 200 GB y tengo una quota “Large” de 25 GB, esto quiere decir que esa base de datos de contenido solo puede almacenar 8 colecciones de sitio basado en la quota antes mencionada, pero ¿si puede ver a lo que me refiero?
Con estos controles usted puede estar siempre al tanto de los límites y capacidades del servicio, tome el tiempo de hacer un plan de capacidad de su granja SharePoint y sobre todo evite las sorpresas que lo tengan que sacar de las reconfortantes vacaciones de diciembre.
Saludos y feliz año nuevo, le deseo todo el éxito del mundo en sus proyectos personales y profesionales.
I read today that the Windows 8.1 upgrade breaks Windows Fax and Scanâs ability to send a fax. I can confirm that it does indeed break Fax..
This is the problem.. FXST30.dll which is located in the Windows System32 folder
There is a fix.
- Download and save a new version of the file from here.. http://hevanet.com/hb/FXST30.dll
- You may have to TAKE OWNERSHIP to do so, as this is a system file.
- Find the original in the Windows System 32 folder
- Rename it FXST30.old
- Copy the new file into the System 32 folder
The fix is done, and you will now be able to send and receive faxes via your analogue modem. Oh, and by the way, the above was the easy part.
How many faxes do you send per year? One, two maybe?
You see, Windows Fax and Scan has no distinctive ring facility. It is, like all Windows utilities, very basic..Sending a fax is easy enough. Your modem works as a regular phone and sends out the fax handshake squeals and blips which is picked up generally by a dedicated fax machine at the other end.
The return fax also sends out handshake squeals and blips which is really unpleasant to a human ear and completely unintelligible too. Plus, you have the added annoyance of answering machines which also canât make head nor tail of the handshake. Your home phone system may have distinctive ring in the form of âvirtualâ phones, but Windows Fax and Scan wonât know that and will answer EVERY call, even if it is picked up first by a human.
The net result is that you are unlikely to receive the return fax UNLESS you use a Fax Switch, cost $$$, a dedicated line, cost $$$$$, or a fax application like Snappy Fax, cost $$. Question: Are a couple of faxes per annum worth it?
Fax may seem antiquated today, but there are people who feel happier with the security of sending squeals and blips down a telephone line as opposed to using a âfax to emailâ service across the Internet. For my part, I never have anything that important to send to anybody, either time or content wise, so I use land mail.
Re Multi Function Centres, I donât have one so canât comment on their abilities, but my guess is that an MFC is probably the best way to handle home fax.
On December 19th, Malcovery malware analysts found two spam campaigns that were actively distributing malware that lead to CryptoLocker. The first of these was the focus of that dayâs T3 report, on AT&T-themed spam. The AT&T spam and the Visa spam from that day both dropped a small âdownloaderâ piece of malware.
The AT&T email had an attached .zip file named VoiceMail.zip which was 8,810 bytes in size and had the MD5 be7d2f4179d6d57827a18a20996a5a42. When unpacked, the included .exe file, VoiceMail.exe, was 15,872 bytes in size and had the MD5 d1ca2dc1b6d1c8b32665fcfa36be810b. At the time of the report, the only VirusTotal detections for that piece of malware were 5 of 49, with most major AV companies failing to detect.
The downloaded Zeus sample, wav.exe had an MD5 of a4bdb44128ca8ee0159f1de3cf11bee0 and was also very poorly detected. The VirusTotal report at that time showed only 8 of 49 detections. Of the major US-based AV, McAfee and TrendMicro detected it, both confirming a Zeus variant.
Immediately after becoming infected with the GameOver version of Zeus, the machine downloaded cryptolocker malware from another site.
CryptoLockerThere are several interesting things we found as we examined this CryptoLocker sample. Perhaps the best way to explain them is to show some of these screenshots first.
#1. This was the first screen that we saw after infection, letting us know we needed to pay a $300 ransom if we anted to decrypt our files.
#2. Our Windows wallpaper was replaced with this image, so we couldn’t miss the fact that we were infected.
#3. There was a pull-down menu that gave us two choices of how we wanted to pay. The first choice was to pay 0.6 BitCoins.
#4. This is the BitCoin Account we were supposed to send our money to. We would appreciate anyone else who is infected sending out a tweet with the hashtag “#CryptoBitCoin” letting us know which BitCoin purse you were supposed to send payment to.
#5. Something we believe was new was that we were also given an option to pay with a GreenDot MoneyPak. Although we tried to make a payment this way, two valid MoneyPak’s that we tried to send were rejected.
CryptoLocker & IIDThe CryptoLocker malware has a Domain Generation Algorithm that causes it to generate as many as a thousand domain names based on the date of the infection. As we ran the malware on several different occasions, we realized that of the thousands of tested domains, the domains that resolved always resolved tended to resolve to the same IP address, 18.104.22.168.
Malcovery Security’s daily “Today’s Top Threat” reports share details about the top spam campaigns that are distributing malware. Recipients of the T3 reports would have been provided with all of the IP addresses, MD5s, and VirusTotal reports above as part of this report:
As happens in so many cases, the IP address warned about in this report provides lasting protection, as the same IP was used for CryptoLocker from that day forward. But were there other IP addresses involved as well?
Because Malcovery Security is a partner with Internet Identity, we ran the IP against their Passive DNS Database. IID’s President Rod Rasmussen and Threat Intelligence Manager Paul Ferguson gave us permission to share some of what we learned there.
CryptoLocker Domains found on 22.214.171.124
|Dec 13, 2013||mqagyenfbebsau.org|
|Dec 13, 2013||ahqnsclgckkpho.org|
|Dec 13, 2013||urkitujgkhsjl.org|
|Dec 14, 2013||kgvmmylyflrqml.org|
|Dec 16, 2013||shjeyrqelevega.org|
|Dec 16, 2013||ohmfbedvtftg.org|
|Dec 16, 2013||rldrrlcakwnumbe.org|
|Dec 16, 2013||hgfcqopaylrvyht.org|
|Dec 18, 2013||wxntojirxraawe.org|
|Dec 18, 2013||jlbrdhtbkmhkryk.org|
|Dec 18, 2013||rwmhbmtauqgyhcqhizinljirjr.org|
|Dec 18, 2013||pdfaayxydaqpyrouwrkydmneu.org|
|Dec 18, 2013||qplmkjrolbvc.org|
|Dec 18, 2013||mdaodtaifpkqkk.org|
|Dec 19, 2013||lnxbofsriihe.org|
|Dec 20, 2013||mpcljoupkkipyl.org|
|Dec 20, 2013||cuxsdtynsyml.org|
|Dec 20, 2013||oxgufearvtqkwh.org|
|Dec 20, 2013||jnptslhlsqise.org|
|Dec 23, 2013||pqulnjwedvbpm.org|
|Dec 23, 2013||vcbetblhrykeyxv.biz|
|Dec 24, 2013||huqenkdqtoatvnc.biz|
|Dec 24, 2013||omeidojwwtmalsy.biz|
|Dec 24, 2013||klufixwglgyb.biz|
|Dec 24, 2013||wwrahwrdcfhygp.org|
|Dec 24, 2013||wnjoalurtgqpd.biz|
|Dec 24, 2013||uwelewosqoirmt.org|
|Dec 26, 2013||yxmbwneyurhxfv.org|
|Dec 26, 2013||mgkppyunffvvd.org|
|Dec 27, 2013||teeusgcggvys.biz|
|Dec 27, 2013||ooqgdlwctrpt.org|
|Dec 27, 2013||www.eliferxmart.com|
|Dec 28, 2013||bsgxxguicafc.org|
|Dec 28, 2013||aemivjtujaddhab.org|
As we examine the NAMESERVER choices on the domains above, we can use the Passive DNS service to find other IP addresses that use some of the same Nameservers.
The fact that at various times this DNS server, known to be associated with CryptoLocker Domain Generation Algorithm-created Domain names, has been seen on these IP addresses makes these IP addresses of interest. But does it look like they are hosting CryptoLocker Domains as well as the DNS? We used the IID Passive DNS to find lists of domain names hosted on these various IP addresses, and then checked to see whether they were used for Technical Support *OR* for distribution of Binaries associated with the CryptoLocker malware. Let’s look at what we found!
Our original IP address, 126.96.36.199, was very frequently associated with spam domains related to “Ruby Casino” a criminally operated online gaming service. The IID Passive DNS service showed us dozens of “Ruby” related domains on many of these other domains as well. For each of the other IP addresses, we’ll ask
– was a CryptoLocker TechSupport website found on this IP?
– was evidence of CryptoLocker Malware found on this IP?
– was this IP used by Ruby Casino spam domains?
On 188.8.131.52 – aemivjtujaddhab.org – Positive for CryptoLocker TechSupport!
Confirmed (VT 40/48) CryptoLocker malware = mgkppyunffvvd.org file at /0388.exe!
Confirmed Ruby Casino domains!
On 184.108.40.206 – yxmbwneyurhxfv.org – Positive for CryptoLocker TechSupport!
Confirmed CryptoLocker malware = jingo-deny-hosting.com file at /0388.exe
Previously used for Fake AV – see 0x3a blog post on Fake AV
Many Ruby Casino domains, such as arubylifeclub.com, erubylifeclub.com, irubylifeclub.com.
On 220.127.116.11 – aemivjtujaddhab.org – Dec 28, 2013 – Positive for CryptoLocker!
Same binary (0388.exe) available here.
No Ruby Casino
On 18.104.22.168 – usyusdoctfpnee.org – most CryptoLocker prior to December 6th.
Hosted malware on “AdobeFlasherUp1.com” on October 31, 2013.
Many Ruby Casino domains, including zrubywinclub.com and orubywinclub.com.
On 22.214.171.124 (Ukraine) – wwfcogdgntlxw.biz – most CryptoLocker prior to December 3rd.
Confirmed to have hosted Cryptolocker binary on November 21, 2013.
Many Ruby Casino domains, including lrubystardream.com and orubywindream.com.
On 126.96.36.199 – teeusgcggvys.biz – confirmed CryptoLocker on December 29th.
0388.exe binary available at IP or domain level.
Many Ruby Casino domains, including yrubyeurodream.com and zrubyeurodream.com
(188.8.131.52), linked by IID Passive DNS based on common Ruby Casino domains on the previous IP address, was found to be actively hosting CryptoLocker Domains found here on October 30th confirmed to be CryptoLocker by our friends at Malware Must Die, including kwajtnjddqetolh.biz. The most recent Crypto look alike was from December 10th. ukyfkufdi7ytdfuit.ru.
184.108.40.206 – mdaodtaifpkqkk.org – confirmed CryptoLocker domain on December 27th
. This IP has not been seen prior to December 27th.
220.127.116.11 – not confirmed as CryptoLocker by passive DNS.
This IP *WAS* declared to be CryptoLocker in a new paper from Dell Secureworks’ Keith Jarvis, more below.
18.104.22.168 – mdaodtaifpkqkk.org – confirmed CryptoLocker domain on December 29th
. Also hosted the AdobeFlasherUp1.com domain mentioned above.
Hosted several Ruby Casino domains, including rubypowerland.com and krubywindream.com
22.214.171.124 – dozens of CryptoLocker domains – confirmed TechSupport domains live on December 29th
0388.exe binary available on live domains, including ooqgdlwctrpt.org
Hosted several Ruby Casino domains, including rubystarsland.com, krubymasterclub.com and others.
Just on these IPs in the month of December, we find the following CryptoLocker domains:
1 Dec lbmuvpwgcmquc.org
1 Dec jknuotworuebip.org
3 Dec usyusdoctfpnee.org
3 Dec msncwipuqpxxoqa.org
5 Dec yebdbfsomgdbqu.biz
5 Dec pkakvsexbmxpwxw.org
5 Dec dhjicdgfykqoq.org
5 Dec wjbodchhlgidofm.org
5 Dec ghvoersorwsrgef.org
5 Dec rttvxygkmwlqmq.net
5 Dec wwfcogdgntlxw.biz
6 Dec bsngfunwcpkjt.org
6 Dec tmphandchtcnffy.org
7 Dec qnsoiclrikwj.org
7 Dec nfnfskbniyajd.org
7 Dec swmbolrxyflhwm.biz
7 Dec agwwcjhinwyl.org
7 Dec osmhvqijsiedt.org
7 Dec cmidahhutlcx.org
7 Dec emttankkwhqsoe.org
9 Dec ormyfnlykajkdr.org
9 Dec ypxnqheckgjkbu.org
10 Dec vsjotulrsjhyf.org
10 Dec kmjqcsfxnyeuo.org
10 Dec cpapfioutwypmh.org
10 Dec xivexnrjahpfk.org
10 Dec ukyfkufdi7ytdfuit.ru
10 Dec www.qnsoiclrikwj.org
10 Dec www.jxjyndpaoofctm.com
11 Dec slbugcihgrgny.org
11 Dec ykmccdhpgavm.org
11 Dec wpowcdntgoye.org
11 Dec gavhopncgfmdq.org
12 Dec rkmmrxbpafgnplt.org
12 Dec fpvpnoqmgntmc.org
13 Dec mqagyenfbebsau.org
13 Dec ahqnsclgckkpho.org
13 Dec urkitujgkhsjl.org
14 Dec kgvmmylyflrqml.org
16 Dec shjeyrqelevega.org
16 Dec ohmfbedvtftg.org
16 Dec rldrrlcakwnumbe.org
16 Dec hgfcqopaylrvyht.org
18 Dec wxntojirxraawe.org
18 Dec jlbrdhtbkmhkryk.org
18 Dec rwmhbmtauqgyhcqhizinljirjr.org
18 Dec pdfaayxydaqpyrouwrkydmneu.org
18 Dec qplmkjrolbvc.org
18 Dec mdaodtaifpkqkk.org
19 Dec lnxbofsriihe.org
20 Dec mpcljoupkkipyl.org
20 Dec cuxsdtynsyml.org
20 Dec oxgufearvtqkwh.org
20 Dec jnptslhlsqise.org
23 Dec pqulnjwedvbpm.org
23 Dec vcbetblhrykeyxv.biz
24 Dec omeidojwwtmalsy.biz
24 Dec huqenkdqtoatvnc.biz
24 Dec klufixwglgyb.biz
24 Dec wwrahwrdcfhygp.org
24 Dec wnjoalurtgqpd.biz
24 Dec uwelewosqoirmt.org
26 Dec yxmbwneyurhxfv.org
26 Dec mgkppyunffvvd.org
27 Dec teeusgcggvys.biz
27 Dec ooqgdlwctrpt.org
28 Dec fsihpjionkbb.net
28 Dec bsgxxguicafc.org
28 Dec aemivjtujaddhab.org
28 Dec iwgymewvnfpyveg.org
28 Dec dryadsncyghpyx.org
We actually found THREE of the IP addresses that we found via Passive DNS analysis listed on a blog site in an article called CIS Cyber Alert Releases Recommendations to Combat Cryptlocker Malware by Thu Pham. That same article refers to a list of CryptoLocker C&C’s that CIS is recommending to block. I list those IP addresses here from their list found at: CIS CryptoLocker List. Only three of the IP addresses listed by CIS are on on our list of ten.
Keith Jarvis of Dell SecureWorks released an excellent paper on CryptoLocker Ransomware on December 18, 2013. I just found it tonight as I was Googling for additional evidence on some of the IP addresses above. I highly recommend this resource, available at Dell SecureWorks CryptoLocker Ransomware.
The same Dell Secureworks paper made me aware of the excellent thesis BitIodine: Extracting Intelligence from the Bitcoin Network by Michele Spagnuolo.
PowerPoint is sometimes used as a software to create image slideshow, where album consisting multiple images are displayed through the entire slideshow. With that, here are some interesting Multiplex animations that you can achieve by combining different animations, tweaking timings and images etc. 7 Multiplex animations are demonstrated. 1 – Cross Dissolve, which leverage on random bars. 2 – Diamond Strips, which made use of multiple Strips. 3 – Quartz, which made use of shape and wheel to achieve quartz effect. 4 – Multi-Checkered, which consists of dual checker board effects, 5 – Complex Blinds, which is an advance blind effect, making use of Split and Random bars effects. 6 – Clone Merge, which leverage on dual Float in effects. 7 – Matrix, which made use of multiple Expand effects as well as timing tweaking and image cropping.
Multiplex Animation – Download
Udacity and Cloudera recently partnered to create an online course titled âIntroduction to Hadoop and MapReduceâ.
I really like the course. Itâs short and to the point. I think itâs a very good introduction for people new to Hadoop and wanting to get a bit of hands on.
I created a short YouTube video that walks someone through the first question in the final section of the course. Itâs important to understand the concepts thought in the course, because they all need to be applied here.
I created a short YouTube video that walks a new user through the process of install VMware Player and then loading the Udacity/Cloudera pre-built VM.
This is very handy for people new to virtualization and wanting some help to walk through the process of getting the VM up and running.
Formatting in PowerPoint can become a hassle if you can’t find the feature you need. While Ribbon has improved the ease of use, there are still time where you will find yourself randomly scrolling through the tabs to get what you need. Fortunately, PowerPoint 2013 made it even easier for you to format your objects without the need to go through the ribbon. To do so, simply right click on the object you are editing. This will bring up a quick format toolbar which provides different format tools depending on what you are editing.
For instance, right clicking on
1) Shape or border of textbox – bring up a quick format toolbar that allows you to edit the Style, Fill and Outline.
2) Image – allows you to edit the Style and Crop the image.
3) Video – allows you to edit the Style, Trim and Start on click or automatically.
4) SmartArt – allows you to edit the Style, Color and Layout.
5) Chart – allows you to edit the Fill and Outline
Ribbon has been introduced since PowerPoint 2007 (also the rest of Office programs) and it has pretty much replaced the old styled toolbar in PowerPoint 2003 and earlier versions. With Ribbon, commands are now easier to look for if you are not familiar with PowerPoint. However, there are some who still preferred the old small icons in PowerPoint 2003 and earlier. To achieve this, one can make use of the Quick access toolbar. This toolbar is available by default at the top left hand corner of PowerPoint 2007 and above, with 4 default commands – Save, Undo, Redo, Start from Beginning.
You can also add more commands to the Quick Access Toolbar. There are a few ways to bring up the customization. In the order of ease: 1 – Right click on the toolbar | Select customize Quick Access Toolbar. 2 – Click on the dropdown beside the Quick Access Toolbar | Select More Commands. 3 – Click on File | Options | Quick Access Toolbar. On the customization screen, you will find two columns, the first being the list of available commands and the second being the commands you want to have on the QAT. On the first column, you can also see a drop down menu which allows you to choose from a range of commands within a list (e.g. Commands in the SmartArt Tools | Design Tab), thus allowing you to have easier accessibility to frequently used commands. Once you have selected a command of your preference, click Add which is located in the center of the customization screen.
A tip is to add some of the useful commands which are not found on the ribbon. For instance, Bring Forward and Send Backward, which allows you to reorder the stacking order of your objects more easily; Reuse Slides, which allows you to add slides from other PPT files; Snap to Grid, to toggle on and off based on your preference during editing. You can also add a Separator which should be on top of the list, which allows you to categorize your QAT. In addition, if you are working on a project presentation which require frequent usage of a certain feature, you can set the QAT to be available for this presentation only.
My HD6450 gets Windows 8 support proper which is good, but to do much more than basic stuff, it is a total waste of $$$.
NORADâs Santa tracker asked if I wanted to view Santaâs progress in 2D. I was aware when I bought it that it was no top performer, and only wanted it to get Windows 8 compatibility. Even so, the 6450 is a poor excuse for a video card.
I equate it with cheap forks (cutlery type) which bend if pushed through anything with a greater density than butter.
My old AMD 939 system running an nVidia 8500GT is a better gaming machine than this AMD 880G is.
I installed the WEI for Windows 8 and it showed 4.4. I have never liked the WEI thing and like it even less now.
I am upset.. LOL, truly upset that I was dumb enough NOT to look at reviews first.
It is the only time that I have bought a 3rd party video card where performance almost went BACKWARDS..
This piece is short and stilted because it suits the card and how I feel about it..
Donât buy an HD6450 if you want anything other than low grade mediocrity..
In December 2013, Microsoft released a new beta tool code-named âProject Siena.â Here is what Microsoft has to say about this tool.
âMicrosoft Project Siena (code name) is the beta release of a new technology for business experts, business analysts, consultants, and other app imagineers. Now, without any programming, you can create powerful apps for the device-first and cloud-connected world, with the potential to transform todayâs business processes.â
Data sources currently include:
- Azure Mobile Services
- REST services
- RSS Feeds
I suspect that this list will expand as the product evolves.
It is important to emphasize that Project Siena is currently in beta. Things will change as the product evolves and it is also possible that the product will never see a public final release.
In this tutorial we look at creating two applications. One uses the myVFBProf.com RSS feed to make a very rudimentary blog reader. The second creates an application that presents manufacturing instructions for the hypothetical AdventureWorks company. Data from an OData service is imported into Excel and then the Excel workbook is used as the data source for the application.
Court-related malware from ASProxThe same spamming botnet that is sending the Delivery spam that imitates Walmart, CostCo and BestBuy has also been busy sending out Court-related spam.
So far, there have been 9 different malware samples distributed by this campaign, which began on December 23rd at approximately 7:45 AM (US Central Time GMT -6)
Here are the relative distributions of each, where the first number is the number of spam samples collected in the Malcovery Security Spam Data Mine. The second column is the domain name used, the third is the MD5 of the .zip attachment, and lastly, in 15 minute increments, the first and last time period in which spam bearing this attachment was seen.
11633 | jonesday.com | 442e746ad1d185dd1683b1aa964f6e56 (2013-12-23 07:45 to 2013-12-23 21:00)
5979 | jonesday.com | 267d9f829ea2e3620ee62c52fcb4ebe9 (2013-12-23 16:30 to 2013-12-24 05:15)
Email subjects with counts for JonesDay were:
5050 of Subject: Urgent court notice NR#
4738 of Subject: Hearing of your case in Court NR#
4150 of Subject: Notice of appearance in court NR#
3640 of Subject: Notice to appear in court NR#
4365 | lw.com | b2f8e5d86d7c50b5017e88527d8ce334 (2013-12-24 07:45 to 2013-12-24 20:00)
142 | lw.com | 76cdb2bad9582d23c1f6f4d868218d6c (2013-12-24 08:00 to 2013-12-24 16:00)
651 | lw.com | 0f0bb7b4f67b3bd90e944fcf7473b9d8 (2013-12-24 14:15 to 2013-12-24 20:00)
Email subjects with counts for Latham Watkins were:
1477 of Subject: Urgent court notice No#
1319 of Subject: Hearing of your case in Court No#
1251 of Subject: Notice of appearance in court No#
1110 of Subject: Notice to appear in court No#
3054 | hoganlovells.com | 30336df44c6808175bf4a7c212d3e2f8 (2013-12-25 14:15 to 2013-12-26 03:00)
3236 | hoganlovells.com | f97795c2124f60596eb8faf18307ac35 (2013-12-25 05:15 to 2013-12-25 23:00)
Email subjects with counts for Hogan Lovells were:
1785 of Subject: Urgent court notice WA#
1615 of Subject: Hearing of your case in Court WA#
1547 of Subject: Notice of appearance in court WA#
1334 of Subject: Notice to appear in court WA#
3500 | mwe.com | d181af2b32830119c0538851a8b53af8 (2013-12-26 06:00 to 2013-12-26 16:30)
484 | mwe.com | 7c572385f09773237805a52e2fc106e9 (2013-12-26 12:00 to 2013-12-26 17:15)
Email subjects with counts for McDermett Will and Emery were:
1172 of Subject: Urgent court notice CH#
1009 of Subject: Hearing of your case in Court CH#
962 of Subject: Notice of appearance in court CH#
838 of Subject: Notice to appear in court CH#
I think this might make a good time to talk about malware detection rates. I’m going to do a “re-analyze” of each of these files on VirusTotal. Let’s start with the oldest one first.
My “442e7” jonesday sample is: Court_Notice_Jones_Day_Wa#3358.zip which contains the file “Court_Notice_Jones_Day_Washington.exe” with an internal timestamp of 12/23/2013 5:24 PM and a size of 121,344 bytes and an MD5 of 6933c76f0fbabae32d9ed9275aa60899.
My “267d9” jonesday sample is Court_Notice_Jones_Day_Wa#8877.zip which contains the file “Court_Notice_Jones_Day__Washington.exe” with an internal timestamp of 12/23/2013 8:40 PM and a size of 123,904 bytes and an MD5 of 84fae8803a2fcba2d5f868644cb55dd6.
VirusTotal says? 35 of 48. Please note that seven of the AV’s correctly identify this as Kuluoz while some call it DoFoil, and one of the majors calls it “FakeAVLock”. (This malware does NOT act like a Fake anti-virus, and does not lock your computer.
My “b2f8e5” Latham & Watkins sample is: Court_Notice_Latham_and_Watkins___NY88756.zip which contains the file “Court_Notice_Latham_and_Watkins__New_York.exe” with an internal timestamp of 12/24/2013 5:13PM 123,904 bytes in size and an MD5 of ac572ca741df1bbcc88183e27e7fce6c.
VirusTotal says? . Second LW
My “30336” Hogan & Lovells sample is: Court_Notice_Hogan_Lovells_WA29377.zip which contains the file “Court_Notice_Hogan_Lovells_WA_Washington.exe” with an internal timestamp of 12/25/2013 05:05 PM and 167,936 bytes in size and an MD5 of ebcb90d14904d596531fc8989c057f40.
VirusTotal says? 26 of 48 We still have one group calling it Zeus and one FakeAVLock. It’s been on VT for 1 day and 12 hours at this point.
My “f9779” H&L sample is: Court_Notice_Hogan_Lovells_WA34711.zip which contains the file “Court_Notice_Hogan_Lovells_WA_Washington.exe” with an internal timestamp of 12/25/2013 9:42 AM and 167,936 bytes in size and an MD5 of bd4255eacbf47649570c58061d81f018.
And now the ones from today. My “d181a” sample from MWE is Court_Notice_Chicago_CN83259.zip which contains the file “Court_Notice_Chicago_McDermott_Will_and_Emery.exe” with an internal timestamp of 12/26/2013 at 12:41 PM and a size of 163,328 bytes and an MD5 of 225b15d05fe6f5d24d23b426fcfd7a2d.
And the most recent sample from MWE, “7c572”, is Court_Notice_Chicago_CN56910.zip which contains the file Court_Notice_McDermott_Will_and_Emery.exe with a timestamp of 12/26/2013 at 7:33 PM and a size of 163,328 bytes and an MD5 of c77ca2486d1517b511973ad1c923bb7d.
As Christmas grew closer and people began to worry about whether their online purchases would reach their destinations in time to be placed beneath the Christmas Tree, online scammers decided to take advantage of this natural fear to install malware on the computers of unsuspecting nervous nellies. One television news program today interviewed a woman who had almost fallen for one of these scams in a story they called Costco Customers Targeted in Phishing Scam. In that story, the shopper, Marianne Bartley, said the email she had received told her a package had not been delivered and that she would receive a refund, but if she didn’t fill out an online form, she would be penalized 21% of the purchase price.
The local news station, KOLO 8, contacted CostCo by telephone and received this automated warning:
“If you received an email concerning a delivery failure or cancellation: immediately delete the e-mail and do not reply. This is a phishing scam and was not sent by Costco. Costco is not affiliated with the e-mail in any way.”
Here’s the email that Marianne and hundreds of thousands of American Christmas shoppers have been receiving since December 19th at approximately 10 AM. The non-stop bombardment of spam continued throughout the day today, December 26th, and will likely continue tomorrow as well:
But it wasn’t just CostCo. In fact, Walmart and BestBuy were also used in this spam campaign with emails that looked like these:
Each day the Malcovery Spam Data Mine processes more than a million spam email messages searching for dangerous threats like these and our analysts evaluate the threats and provide intelligence to customers to help them protect themselves. In this case, Malcovery has seen more than 3,000 copies of these “Delivery” emails, which come with one of several prominent Subject lines:
- Express Delivery Failure
- Standard Delivery Failure
- Scheduled Home Delivery Problem
- Delivery Canceling
- Special Order Delivery Problem
- Expedited Delivery Problem
- Expedited Delivery Problem
Although the emails can come from any username and any domain, the “Sender Name” (the human-friendly portion of the “From” address) has been consistent as one of these:
- Best Buy
- Best Buy Shipping Agent
- Costco Shipping Agent
- Costco Shipping Manager
- Walmart Delivery
- Walmart Delivery Agent
What would happen if someone clicked on one of these emails? The actual destination would depend on which date and which email type they clicked on, but we have collected a fairly extensive list of destination websites. A full list of the 636 compromised websites that we have seen so far in this campaign is listed at the very end of this article. Just in the past four hours we’ve seen spam samples that went to each of these websites:
kinderopvangnatuurlijk.nlEach of those websites has been broken into by a criminal’s hacking program which has created many subdirectories on the server, each starting with either “/media/” or “/messages/” followed by a long random-looking string, followed by a “Form Name”. Here a couple recent examples:
The “message” path (and the two BestBuy Forms) were more common earlier in the campaign. In fact, on the 19th, we ONLY saw BestBuy samples of the spam:
What happens first is that the website prompts the visitor to save or open the file “WalmartForm.zip” (or whichever form they have visited.)
If they choose “Open” it will show them that there is a form to be extracted within the .zip file.
If extracted or moved to the Desktop, the form will display a comforting Microsoft Word logo, despite the “.exe” extension
If the visitor tries to open the WalMartForm.exe program, they will get an error message, which is actually a file called WalmartForm.txt opening in Notepad:
If we check memory though, the program “WalMartForm.exe” has spawned an instance of “svchost.exe” which has some very interesting strings, including:
That IP is believed to be the Command & Control (C&C) server to which my infected computer instance is talking.
Other interesting strings include a “knock” tag:
The location of some additional malware dropped from the server:
(debug)5.1 x32 none none(/debug)(/knock)
C:Documents and SettingsOwnerLocal SettingsApplication Datakinwmeiq.exe
And a tag that SEEMS to show the username of the malware author, though I’ll not include that here . . .
Note that even though this malware distribution campaign has been running for at least seven days, many major anti-virus products are still unable to detect the malware as being malicious. A VirusTotal report showed that only 20 of 48 anti-virus products currently detect the malware that I received when visiting the most recent website seen in spam. Neither of the two locally installed AV products on my machine detect the malware, and the URL I attempted to visit was not marked as dangerous by any of the systems I have installed. VirusTotal Report here.
Hacked websites used to Deliver Delivery malware
PowerPoint offers various ways for you to format your objects. In this article, we will concentrate mainly on text. With text formatting, you get to several options such as Fills (Solid, gradient, picture or texture and pattern fill), outline, shadow, reflections, and the list goes on. If you choose not to meddle with these options, you can also leverage on WordArt which provides a list of pre-configured formatting for you to use. While formatting offers wide variety of features for you to play around with, there is still a limitation to it, which would be that you are only able to apply a form of fill, thus restricting complexity and give you the ‘this and nothing else’ option.
A solution to this is to make use of multiple layering technique, which is simple yet opening up more complexities and choices when making a text design of your preference. It also allows you to separate your formats to allow easier customizations. For instance, pattern fill provides multiple patterns from strikes to checker board. However, you will not be able to create gradient effects on the patterns. By overlaying a duplicated text with gradient fill, then set the transparency to your preference, you will then be able to achieve such effect. A sample text effect below demonstrates how multiple layered formatting can achieve effects that single layered formatting are not able to. Download the ppt file for more samples.
Quite often, developers or designers include a list of fonts within their CSS. As an example, one might define a CSS rule such as:
However, what some developers or designers may not realize is that the font, Tahoma, will never be reached. The reason for this is that Arial is much more prevalent than Tahoma. In fact, most Mac users would not see the site render using the Helvetica font as one may expect. This is because the Arial font has been included with Macs since OS X.
If your application targets the Windows platform primarily, you should be aware of when fonts have been introduced. For example, unless the client machine is Windows 8 or later, the âSegoe UIâ font will not be used. Rather, the âArialâ font in our case would be used. In addition, Apple has started to introduce and license the more common Windows fonts in their operating systems. As an example, since OS X 10.4, Verdana has been included on Macs. Itâs also included on iPads and in many Linux installations. Knowing this can help developers and designers include the right fonts for their situation.
Knowing this, we should probably define our rule, if this meets the styles we expect, such as:
In this case, the âSegoe UIâ font will be used on modern Windows machines, Helvetica will be used on any Macs, Tahoma will be used on most other machines, and Arial will fill in the gaps. The minute remainder of activity that doesnât have one of these fonts will default to that machineâs default system font. In most of those cases, you are most likely not targeting those users for browsing activity.
If youâd like to ensure that everyone is receiving the same typeface experience, you may also want to consider using Web Fonts. Web fonts allow font files to be hosted external from your site. There are many resources for web fonts available across the web. To use the @font-face rule, be sure that the browser you are targeting support it. Most modern browsers do support this rule.
.. to all who venture here throughout the year..
Merry Seasonâs Greetings
and here is the same greeting for those who are colour blind..
Merry Seasonâs Greetings
Donât you just detest all of this PC stuff, PC as in Political Correctness, not the venerable PC that we all love and sometimes donât..
If you receive a tablet as a present, regardless of installed OS, ignore the next part because you will be too busy getting mad with it..
.. And a happy new year..
Twas the night before Christmas andâŠ.
To cut a long story short the PC that runs my Window Media Center (MCE) got switched on and off at the wall twice whilst Christmas tree lights were being put up.
Now the PC is running WIndows 8.1 on modern hardware, so it should have been OK, and mostly was. However I found a problem that MCE was not showing any music, video or pictures in its libraries but the recorded TV library was fine. I suspected the issue was that my media is on an external USB3 RAID unit, so there was a chance that on one of the unintended reboots the drives had not spun up in time and MCE had âforgottenâ about the external drive.
So I tried to re-add the missing libraries via MCE > Tasks > Settings > Media Libraries. The wizard ran OK allowing me to select the folders on the external disk, but when I got to the end the final dialog closed virtually instantly. I would normally have expected it to count up all the media files as they were found. Also if I went back into the wizard I could not see the folder I had just added.
A bit of searching on the web told me that MCE shares its libraries with Windows Media Player, and there was a a good chance they were corrupted. In fact running the Windows Media Player trouble-shooter told me as as much. So I deleted the contents of %LOCALAPPDATA%MicrosoftMedia Player folder as suggested. It had no useful effect on the problem. The only change was the final dialog in the wizard did appear to count the media files it found now, taking a few minutes before it closed. But the results of the scan were not saved.
So I switched my focus to Media Player (WMP). I quickly saw this was showing the same problems. If I selected WMP > Organise > Manage libraries no dialog was shown for music, video or pictures. However the dialog did appear for Recorded TV which we know was working in MCE.
Also if I selected WMP > Organise > OptionsâŠ > Rip Music, there was no rip location set, and you could not set it if you pressed the Change button.
The web quickly showed me I was not alone in this problem, as shown in this post and others on the Microsoft forums. It is worth noting that this thread, and the others, do seem to focus on Windows 7 or Vista. Remember I was on a PC that was a new install of Windows 8 and in place upgraded to 8.1 via the Windows Store, but I donât think was the issue.
Anyway I tried everything I could find the posts
- Restarted services
- Deleted the WMP databases (again)
- Uninstalled and re-install WMP via the WIndows Control panel > Install Products > Windows feature
- Checked the permissions on folder containing the media
Everything seemed to point to a missing folder. The threads talked about WMP being set to use a Rip folder that it could not find. As my data was on an external RAID this seemed reasonable. However on checking [HKEY_CURRENT_USERSoftwareMicrosoftMediaPlayerPreferencesHMELastSharedFolders] there were no paths that could not be resolved.
So I decided to have a good look at what was going on under the covers with Sysinternals Procmon, but could see nothing obvious, no missing folders, not registry key calls missed.
In the end the pointer to the actual fix was on page 8 of the thread by Tim de Baets. Turns out the issue was with the media libraries in C:Users<your username>AppDataRoamingMicrosoftWindowsLibraries. If I tried to a open any of these in Windows Explorer I got an error dialog in the form ‘Music-library-ms’ is not longer working. So I deleted the Pictures, Music and Video library folders in C:Users<your username>AppDataRoamingMicrosoftWindowsLibraries, which was not a problem as they were all empty.
When I reloaded WMP I could now open the WMP > Organise > Manage libraries dialogs and re-add the folders on my RAID disk, also I could set the Rip folder.
As these settings were shared with MCE my problem was fixed, ready for a Christmas of recording TV, looking at family photos and playing music.
Whether it was the power outages that caused the problem, I have my doubts, as power cuts have not been an issue in the past. maybe it is some strange permission hangover from the upgrade from Windows 8 > 8.1 I doubt I will ever find out.