Archive for Security
Even when it’s not a phishing site they might be phishing
Posted by: | CommentsLast week I was busy making plans for my trip to Washington DC and Microsoft’s Worldwide Partner Conference, where I’m scheduled to pick up the Small Business Specialist of the Year award. (still happily amazed) Since the hotels in Washington DC are so very expensive I decided to give Priceline.com a try. 50% off a 4 star hotel was sounding pretty good.
Priceline works like most travel websites except that you name a price that you are willing to pay, the neighborhood you want to be in, the rating of the hotel and then you let Priceline select the hotel for you. It is a way for hotels to fill rooms, even if it’s at a discounted rate.
Naturally the website wants me to create an account and they also want me to select a secret question to which only I will know the answer. Here’s the first question in the list:
I simply laughed. Here is a legitimate website phishing. Were anyone to give them this information then it is very likely that who ever has access to it could log in all over the web as them. Raise of hands…how many of you use the same password on multiple websites? That’s right, almost everyone.
I sent it my findings to a couple of people. Steve Riley (Microsoft speaker, author, noted security guru and now Amazon Web Services employee) picked up the story for his blog. Gotta love the title.
http://stvrly.wordpress.com/2010/06/30/a-rant-in-which-i-heap-scorn-upon-priceline/
Be careful out there.
—
So who wrote this blog and what do they do for a living anyway?
We’re Third Tier. We provide advanced Third Tier support for IT Professionals. 
Get Support 
Blog 
Twitter 
Facebook 
LinkedIN
Webinar: Team Bradley is in the house! Thursday
Posted by: | Comments
Third Tier welcomes Team Bradley to our webinar series. Back in the day, smaller businesses were exempt from most regulation, but not in the new era of information security. Are you making the right recommendations to your clients? Do you need to get up to speed on the new regulations and laws that effect nearly every business? This webinar is for all of us that need to educate our clients on security and information privacy.
Join Team Bradley – Susan Bradley and Bradley Dinerman – from the hotbed states of California and Massachusetts, as they discuss the impact to small firms of recent privacy, security and disclosure legislation. From PCI data security standards (DSS) to the Massachusetts data security law to the upcoming FCC "red flag" rules, they will discuss and answer your questions regarding security and compliance issues. Come listen to what you need to do to be compliant, including taking steps such as the development of a written information security policy (WISP), implementation of encryption systems, firewalls, antimalware, employee training and much more. We will even touch on the security of social networking sites and how they can affect your organization, for better or for worse.
Brad Dinerman is the founder and president of the National Information Security Group (NAISG, www.naisg.org) and the president of Fieldbrook Solutions LLC (www.fieldbrook.net), an IT, MIS and security consulting firm based in Ashland, MA. He is a Certified Information Systems Security Professional (CISSP), a Microsoft MVP in Enterprise Security as well as a Microsoft Certified Systems Engineer (MCSE) and a Certified SonicWall Security Administrator. He also earned a Ph.D. in physics from Boston College to help him calculate how long it would take to launch his frozen computer across the local highway. Brad is a frequent contributor to various online TechTips sites and gives user group/conference presentations on topics ranging from spam and security solutions to Internet development techniques. He also published numerous articles in international physics journals in his earlier, scientific career.
Susan Bradley is frequent speaker at SMB conferences, most recently SMBnation East. She writes the Patch Watch column for Brian Livingston’s Windows Secrets, and was one of the authors of Windows Server 2008 Security Resource kit, and Small Business Server 2008 Unleashed. In real life she’s the IT wrangler at her firm, Tamiyasu, Smith, Horn and Braun, where she manages a fleet of Windows Servers, an Exchange Server, desktops, a few Macs, several Windows mobile and iPhones and tries to keep patches up to date on all of them. In addition, she provides forensic computer investigations for the litigation consulting arm of the firm. She blogs at www.sbsdiva.com on the topics of small business server, tech topics and whatever she stumbled over that day.
Third Tier has invited you to attend an online meeting using
Microsoft Office Live Meeting.
https://www.livemeeting.com/cc/harborcomputerservices/join?id=968BJF&role=attend&pw=N%60%2Fm%3E_z6K
Meeting time: May 13, 2010 12:00 PM (EDT)
Add to my Outlook Calendar:
https://www.livemeeting.com/cc/harborcomputerservices/meetingICS?id=968BJF&role=attend&pw=N%60%2Fm%3E_z6K&i=i.ics
Apple Releases Mac OS 10.6.3, Update Addresses Record Number of Fixes/Improvements
Posted by: | CommentsOn Monday, March 29, Apple released a major update to its Snow Leopard operating system, making the incremental update of 10.6.3 available for download and installation. According to ComputerWorld ( http://www.computerworld.com/s/article/9174337/Apple_delivers_record_monster_security_update) and other sources, the 92 updates and fixes included in the release is a record number of issues addressed in a single update.
The default Software Update settings in Snow Leopard will check in with the Apple update servers on a weekly basis, so within the next 5-7 days any Mac running Snow Leopard should notify its operator that new updates are available for download and installation. Users can check for this and other updates manually by selecting Software Updates from the Apple Menu on any Mac running OS 10.x.
A security update for Mac OS 10.5 was also released on Monday, and while it is not as large of an update as 10.6.3, it still addresses several significant security issues and should be installed on any 10.5 Macintosh as soon as possible.
Q&A from the WSUS Webinar
Posted by: | CommentsHere is the Q&A panel from the September 17, 2009, WSUS webinar from Susan Bradley.
Question: Disclaimer: When running image based backup solution and/or utilizing online backup services, be sure to either create a seperate volumn for WSUS content or exclude it from off-site backup if possible. 
Answer: Excellent recommendation. Thanks!
Question: Are there any problems with XP SP3? Thanks.
Answer: Globally, I”m not aware of any. Have almost all of our customers up on XP SP3. There may be individual application issues, but not that I”m aware of.
Question: XP SP3 causes problems by switching off the TS ActiveX used for RWW but that has been blogged to death!
Answer: Correct, I don”t consciously think about that because it’’s just automatic to fix. Thanks for the reminder. 
Question: What is the best way to “Disable” WSUS?
Answer: Services – disable the WSUS service
Question: Is the specific service just the “Windows Update” service on the server? Are there any other ones?
Answer: That’’s the one.
Question: Is the method used to relocate WSUS content on sbs 08 the same as prior versions?
Answer: No, There is a wizard in the SBS 2008 Console to move the WSUS data to different partitions.
Question: I called some of my LOB vendors and found out that one of them does not support downloading their program’’s updates through IE8 yet. I”ve gotten into the habit of calling my main vendors or checking their FAQ before I roll anything out.
Answer: That’’s an excellent suggestion. Thanks for sharing.
Question: WSUS 3.0 SP2 needs the new reportviewer. but… the viewer needs .net 3.5. How ugly is the .net install?
Answer: Test it first, but I haven”t had too many problems when doing the 3.5 install for my sites.
Question: Do you recommend partitioning SBS08.
Answer: yes minimum 2
Question: Is there going to be a WSUS 4.0 someday?
Answer: Someday, we don”t know when
Question: Because I have installed WSUS manually I have the Not Available in the Updates. I can go to the WSUS server via 8530 and I can go to the updates page but it does not show any updates. I do have all the products checked in the list and I am not downloading drivers but I still have problems not getting the green check mark. Good point about not unistalling. I did that and it messed it up a lot
Answer: susan provided a list of items that you need to include and point to the green check/blue check SBS blog post for the answer
Question: Can you speak to the relative importance of patching Microsoft products vs. third party products like Java, Adobe, Firefox, QuickTime, etc.? The focus seems always to be on Microsoft products, but many of the threats are coming from third-party products as well. How do you handle those?
Answer: VERY important to patch the 3rd party stuff. The bad guys are choosing to come in via 3rd party becasue MS is generally updated these days.
Question: Not a question, but a praise, I highly recommend SBS08 Unleashed; and I just posted a review on Amazon.
Answer: Thanks!
Question: is there a way we can submit our WSUS policy/procedures for a slap on the back or a slap on the head?Kevin royalty warned me about the 2×4.
Answer: you can contact Susan via her blog, or submit a ticket a Third Tier
Question: Is there a place that a new MSP can go to see historically what patches have caused problems? We are developing our patch management policy and have basically an enormous amount of patches to approve or deny to “catch up”. It would be great to have a publish list of patches that a low or high risk. Any resource available that you know of to help us out?
Answer: www.patchmanagement.org, but nobody keeps a “master database” of this information
So who wrote this blog and what do they do for a living anyway?
We’re Third Tier. We provide advanced Third Tier support for IT Professionals.
Get Support 
Blog 
Twitter 
Facebook 
LinkedINThird Thursday with special guest Susan Bradley
Posted by: | CommentsHope that you all had a wonderful summer! It’s September and as promised Third Tier is back to launch a new season of our Third Thursday webinar series. To kick off the new season we have Susan Bradley, SBS MVP of lore to present, in her words, WSUS and All The Gory Details.
Susan is world renown for her mastery of patching and the issues that occur. You won’t want to miss this session on how to manage WSUS and All The Gory Details.
So click the link below to block off next Thursday September 17th (Noon eastern) and we’ll see you then.
When: Thursday, Sep 17, 2009 12:00 PM (EDT)
Duration: 1:30 (presentation 1 hour, then Q&A)
Third Tier has invited you to attend an online meeting using
Microsoft Office Live Meeting.
https://www.livemeeting.com/cc/mvp/join?id=7R5BRQ&role=attend&pw=M%289zFMf48
Meeting time: Sep 17, 2009 12:00 PM (EDT)
Add to my Outlook Calendar:
https://www.livemeeting.com/cc/mvp/meetingICS?id=7R5BRQ&role=attend&pw=M%289zFMf48&i=i.ics
So who wrote this blog and what do they do for a living anyway?
We’re Third Tier. We provide advanced Third Tier support for IT Professionals.
Get Support Blog Twitter Facebook LinkedINBackup on shared folders running on a local system account?
Posted by: | CommentsWhile I do not advocate such workarounds as it opens up additional security loopholes, it still is a workaround. And as I usuallly say, WARNING: This is not a recommended approach. Use at your own risk
Microsoft has a documented procedure to enable null sessions shares and while the KB article mentions Windows 2000, it does work for Windows Server 2003. This should be done on the Windows machine that hosts the shared folder. A word of caution if you intend to use this approach - document every step that you do and make sure you rollback any changes made after generating your database backup. Tasks like enabling the Guest user account (this is disabled by default), modifying the registry, etc. should be rolled back as soon as you're done, otherwise, you're opening up security vulnerabilities across your network.
5 Reasons Why SMB’s Shouldn’t Ignore Security
Posted by: | CommentsI wrote a very short 5 reasons why your clients shouldn’t ignore security. It really only takes 1 reason to make it all worth while.
5 Reasons to not Ignore Security
—
So who wrote this blog and what do they do for a living anyway?
We’re Third Tier. We provide advanced Third Tier support for IT Professionals.
Get Support Blog Twitter Facebook LinkedIN
Excel Security Update Applies to Mac Office, Too
Posted by: | CommentsMicrosoft released a couple of updates for their Excel spreadsheet product in the slate of monthly updates for April 2009. The security issues addressed in the update also apply to the Mac version of Excel as well. As such, Microsoft has released updates for both Office 2004 and Office 2008 for the Mac. The files can be downloaded from http://www.microsoft.com/mac/downloads.mspx. Because of the nature of the update, all Mac Office users are encouraged to install this update as soon as possible.
