in

myITforum.com

jayferron

  • The Microsoft Ignite Session Catalog

    Hundreds of newly released sessions to spark your Ignite planning

    The Microsoft Ignite Session Catalog is here! Be sure to take a look at the hundreds of sessions covering cloud infrastructure and management, big data and analytics, productivity, unified communications, operating systems, and mobile devices at the biggest enterprise technology event of the year! You'll find sessions that provide deep technical detail on specific products, as well sessions that provide strategy, guidance and best practices on security and topics including deployment, operations and usage. We will be adding more sessions and labs in the coming weeks, so please check back often for updates.

    Get more out of Ignite with a Pre-Day Session

    For an additional investment of $500, Pre-Day Sessions on Sunday, May 3, 9:00 am – 5:00 pm. offer a unique opportunity to extend your learning experience with a full day of focused training the day before the conference opens. These sessions are designed to provide you with a deep knowledge base and skills that you can apply as soon as you're back in the office. You'll be able to tap into the knowledge and insights of the people who, in many cases, literally wrote the book on their subject.

    Network and network, then network some more

    There is something special about the connections you make at events. That's why we're making it easy for you to find and connect with others interested in similar topics. There will be meet ups in lounges; fire-starter and birds-of-a-feather community-led sessions in theaters; regional, industry and technology-focused meal-time mashups; and after hour networking events with Microsoft tech and business leaders to add to your agenda to unwind, kick back, and truly enjoy the scene. You can talk tech all day and night.

    Mark your calendars for #IgniteJam on Twitter

    On February 3rd at 9:00 am PT, we'll have the whole event team and lots of speakers ready to chat with you on Twitter. We'll be ready to answer your questions about the event and hear what you're excited about in terms of community experiences and things to do in Chicago. Add the event to your calendar with this link.

    To participate in this #IgniteJam

    1. Log in to Twitter at 9:00 AM PT on February 3rd. For easier real-time participation, use Twubs and join us at:  http://twubs.com/ignitejam.
    2. Introduce yourself and include the hashtag #ignitejam and tag us at @MS_Ignite.
    3. Watch for questions coming from @MS_Ignite and chime in with your answers and commentary, using the hashtag #ignitejam.

    Feeling fired up? See where technology is headed and meet who's fueling it—at Ignite. Register today, and add a Pre-Day Session to your Ignite agenda.

     

    I be at Ignite Session will you..

     

  • Azure IaaS for IT Pros Event Recordings: Free on Microsoft Virtual Academy

    Did you miss the Azure IaaS for IT Pros Online Event or do you want to watch specific sessions for a second time to deep dive with Azure experts into topics like Core IaaS, Cloud Infrastructure Fabric, or Open Source Software on Azure? All of the technical sessions from the event are now available as on-demand courses at Microsoft Virtual Academy (MVA).

    Watch the Azure IaaS for IT Pros courses and earn MVA points!

    Become an IaaS go-to guru

    Mark Russinovich, Microsoft Azure Chief Technology Officer, kicks off the courses with his keynote on Core IaaS Infrastructure Technical Fundamentals, followed by deep technical training in the technologies critical for IT Pro Implementers, like you. Experts share their technical insights on topics including Core IaaS, Cloud Infrastructure Fabric, Open Source Software on Azure, and Workloads on Azure IaaS.

    Be recognized for your skills

    Test your knowledge and earn MVA points when you complete the courses. You’ll gain the technical insights you need to prepare for Exam 70-533: Implementing Microsoft Azure Infrastructure Solutions on your way toward Microsoft Azure Specialist Certification.

    Azure IaaS for IT Pros on-demand course topics:

    • Course 1: Establish the Foundation: Core IaaS Infrastructure Technical Fundamentals
    • Course 2: Dive Deep into Networking, Storage, and Disaster Recovery Scenarios
    • Course 3: Embrace Open Source Technologies (Chef and Puppet Configurations, Containerization with Docker and Linux) to Accelerate and Scale Solutions
    • Course 4: Optimize Windows Workload Architecture and Administration Capabilities Within Azure
  • Microsoft Second Shot Exams are Back

     

    Between January 5 and May 31, 2015, take any Microsoft Certified Professional (MCP) or Microsoft Dynamics exam, and get a free Second Shot if you fail the first take.

    With our full transition to Pearson VUE as our sole exam delivery provider this year, there's a slight difference in the Second Shot process. Please note:

    • You must complete a Microsoft certification exam between January 5, 2015 and May 31, 2015. Simply go to https://www.microsoft.com/learning, log in, and schedule your exam.
    • After your exam, log in to check your personal dashboard at https://www.microsoft.com/learning to verify testing results. Please allow up to 24 hours for results to show up on the dashboard.
    • If you need a Second Shot, select “retake” for your exam within 30 days from your first take.
    • Please review the Pearson VUE testing center availability for your specifc exam and then schedule your retake. 
    • For complete terms and conditions of this offer, visit the Second Shot page on our website.

    Good luck on your road to a new Microsoft certification title.

     

  • Enterprise Mode and use a site list

    Tool for  create and manage the Enterprise Mode site list for Enterprise Mode IE.This tool lets IT Professionals create and update the Enterprise Mode site list for their company, without directly editing the XML. The Enterprise Mode site list only works with Enterprise Mode IE.

    Click Here for Download

     

  • Update 1 for HPC Pack 2012 R2 is available

    The installation package for HPC Pack 2012 R2 Update 1 is available for download here. The HPC Pack Image in the Azure Gallery, for both Azure Global and Azure China, is also now generally available. Together with this image, an official PowerShell script tool to deploy an HPC Pack cluster in infrastructure as a service (IaaS) VMs is now downloadable from here.

    About two months ago, we announced the release of the Preview version of the Update 1 for HPC Pack 2012 R2, We want to thank everyone who helped us tested the early releases and sent us feedback. We made some important and necessary changes to our official release as a result.

    The following are the significant new features in HPC Pack 2012 R2 Update 1:

    • A major focus in Update 1 has been to quickly and robustly create a Windows HPC cluster using Azure virtual machines (IaaS). In order to achieve this goal, we released an HPC Pack image in the Azure Virtual Machine Gallery. All customers with an Azure subscription can use The HPC Pack IaaS deployment script tools to quickly deploy an HPC cluster with just a few steps. For details about how to use these tools, you can refer to the help document here.
    • After a new cluster in Azure has been set up, you can use new tools to manage your HPC cluster in Azure. You can easily create, start, stop, or delete compute nodes as virtual machines on your cluster.Custom compute node images are supported. You can leverage this customization to make your whole deployment process much faster when installing applications and other dependencies. For more details, please see the online help document here.
    • We also continued the investment around our existing scenario for “bursting” to Azure with Platform as a Service (PaaS) compute instances. To further enhance this scenario, we added grow/shrink capabilities to the HPC Pack scheduler. Now you can configure your HPC cluster to automatically adjust the number of active VMs in Azure, whether using virtual machine compute nodes or PaaS compute nodes. For more details, see the help document here.
    • There are also several important new support and bug fixes added for HPC Pack, such as support of SQL Server 2014 and moving nodes to a different cluster. For more details, you can refer to the What's New and Release Notes documents.

    This post came from Microsoft

     

  • Azure IaaS for IT Pros Online Event (Dec 1-4)

    image

    Is it time to level up your skills using Infrastructure as a Service?  Want to learn from the best technical engineers and noted technology leaders around? 

    Join Mark Russinovich, Corey Sanders, and members of the Azure Engineering team for a live event delivered online over four days.  Join for one session, join for them all. You'll dive deep into technical scenarios, ask questions of the experts, and level up your own skills. 

    Azure IaaS for IT Pros Online Event, December 1-4

    Become an IaaS go-to guru

    Mark Russinovich, Microsoft Chief Technology Officer, Azure, will kick off the event, followed by deep technical training in the technologies critical for IT Pro Implementers, like you, to deepen your foundational cloud skills.  Following the keynote, experts will share their technical insights on topics including Core IaaS, Cloud Infrastructure Fabric, Open Source Software on Azure, and Workloads on Azure IaaS.

    Be recognized for your skills

    Get certified for your skills! Register for the event to receive reminder emails and obtain details for receiving a 50% off exam voucher you can use towards Exam 70-533: Implementing Microsoft Azure Infrastructure Solutions for Microsoft Azure Specialist Certification.

    Join the live event from 9am to 1pm PST

    December 1

    Establish the Foundation: Core IaaS Infrastructure Technical Fundamentals

    December 2

    Dive Deep into Networking, Storage,
    and Disaster Recovery Scenarios

    December 3

    Embrace Open Source Technologies
    (Chef and Puppet Configurations, Containerization with Docker and
    Linux) to Accelerate and Scale Solutions

    December 4

    Optimize Windows Workload Architecture
    and Administration Capabilities Within Azure

     

    Register Here

  • KMS Client Setup Keys

    Computers that are running volume licensing editions of Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Server 2008 R2, Windows Vista, and Windows Server 2008 are, by default, KMS clients with no additional configuration needed.

    To use the keys listed here (which are GVLKs), you must first have a KMS host running in your deployment. If you haven’t already configured a KMS host, see Deploy KMS Activation for steps to set one up.

    If you are converting a computer from a KMS host, MAK, or retail edition of Windows to a KMS client, install the applicable setup key (GVLK) from the following tables. To install a client setup key, open an administrative command prompt on the client, type slmgr /ipk <setup key> and then press Enter.

    if you are looking for KMS Client Setup Key 

    Go  Here

  • Lost you DVD for Windows 8 or 81.

    If you bought Windows 8.1 or Windows 8, you can download and install Windows from this page using just your product key

    Have your product key handy. You can find it in your online order information, in the confirmation email for your purchase or on the DVD packaging. The product key is a 25-character code that looks something like this:
    XXXXX- XXXXX- XXXXX- XXXXX- XXXXX.

    Go Here

     

  • Linksys Wi-Fi Home Router security Issues

    Linksys EA Router have a security issue, if have  EA series routers running the Linksys SMART WiFi firmware it contain multiple vulnerabilities,

    CWE-320: Key Management Errors - CVE-2014-8243

    An remote, unauthenticated attacker can read the router's .htpassword file by requesting http(s)://<router_ip>/.htpasswd. The .htpasswd file contains the MD5 hash of the administrator password.


    CWE-200: Information Exposure - CVE-2014-8244
    A remote, unauthenticated attacker can issue various JNAP calls by sending specially-crafted HTTP POST requests to http(s)://<router_ip>/JNAP/. Depending on the JNAP action that is called, the attacker may be able to read or modify sensitive information on the router.
    It should also be noted that the router exposes multiple ports to the WAN by default. Port 10080 and 52000 both expose the administrative web interface to WAN users. Depending on the model, additional ports may be exposed by default as well.

    Impact

    A remote, unauthenticated attacker may be able to read or modify sensitive information on the router

    FIX go to the Linksys site and download updated firmware files

    Reposted form the US-CERT Site

     

  • Apple iOS devices risk by malicious third-party apps

    US-CERT warned that:

    This attack works by luring users to install an app from a source other than the iOS App Store or their organizations’ provisioning system. In order for the attack to succeed, a user must install an untrusted app, such as one delivered through a phishing link. 

    This technique takes advantage of a security weakness that allows an untrusted app—with the same “bundle identifier” as that of a legitimate app—to replace the legitimate app on an affected device, while keeping all of the user’s data. This vulnerability exists because iOS does not enforce matching certificates for apps with the same bundle identifier. Apple’s own iOS platform apps, such as Mobile Safari, are not vulnerable.

    The  OFFICAL CERT article follows…---

    ______________________________

    Systems Affected

    iOS devices running iOS 7.1.1, 7.1.2, 8.0, 8.1, and 8.1.1 beta.

    Overview

    A technique labeled “Masque Attack” allows an attacker to substitute malware for a legitimate iOS app under a limited set of circumstances.

    Description

    Masque Attack was discovered and described by FireEye mobile security researchers.[1] (link is external) This attack works by luring users to install an app from a source other than the iOS App Store or their organizations’ provisioning system. In order for the attack to succeed, a user must install an untrusted app, such as one delivered through a phishing link.  

    This technique takes advantage of a security weakness that allows an untrusted app—with the same “bundle identifier” as that of a legitimate app—to replace the legitimate app on an affected device, while keeping all of the user’s data. This vulnerability exists because iOS does not enforce matching certificates for apps with the same bundle identifier. Apple’s own iOS platform apps, such as Mobile Safari, are not vulnerable.

    Impact

    An app installed on an iOS device using this technique may:

    • Mimic the original app’s login interface to steal the victim’s login credentials.
    • Access sensitive data from local data caches.
    • Perform background monitoring of the user’s device.
    • Gain root privileges to the iOS device.
    • Be indistinguishable from a genuine app.

    Solution

    iOS users can protect themselves from Masque Attacks by following three steps:

    1. Don’t install apps from sources other than Apple’s official App Store or your own organization.
    2. Don’t click “Install” from a third-party pop-up when viewing a web page.
    3. When opening an app, if iOS shows an “Untrusted App Developer” alert, click on “Don’t Trust” and uninstall the app immediately.

    Further details on Masque Attack and mitigation guidance can be found on FireEye’s blog [1] (link is external). US-CERT does not endorse or support any particular product or vendor.

     

  • Microsoft Security Intelligence Report

    The Microsoft Security Intelligence Report is the most comprehensive threat intelligence report in the industry. It provides data and insights on malware, exploits and vulnerabilities based on data from more than a billion systems worldwide and some of the busiest online services. It also includes actionable guidance to help IT Professionals manage risk. The latest report, Volume 17, focuses on the first half of 2014, with trend data for the last several quarters.

    Where you are a PC user or not the insight here are great to read about

    You can download the report HERE

     

  • Bug allowing execution of malicious code resides in TLS stack

    This affects not just Windows but other operating systems Tuesday's disclosure means that every major TLS stack—including Apple SecureTransport, GNUTLS, OpenSSL, NSS, and now Microsoft SChannel—has had a severe vulnerability this year. In some cases, the flaws merely allowed attackers to bypass encryption protections, while others—most notably the Heartbleed bug in OpenSSL and the one patched Tuesday in Windows, allowed adversaries to steal highly sensitive data and execute malicious code on vulnerable systems respectively.

    Here is the Microsoft update

    Published: November 11, 2014

    Version: 1.0

    On this page

    Executive Summary


    This security update resolves a privately reported vulnerability in the Microsoft Secure Channel (Schannel) security package in Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted packets to a Windows server.

    This security update is rated Critical for all supported releases of Microsoft Windows. For more information, see the Affected Software section.

    The security update addresses the vulnerability by correcting how Schannel sanitizes specially crafted packets. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability.

     

  • Mac OSX and IOS MALWARE

    WireLurker: A New Era in OS X and iOS Malware

    posted by: Claud Xiao on November 5, 2014 2:30 PM

    filed in: Malware, Mobility, Reports, Threat Prevention, Unit 42
    tagged: Apple, globalprotect, iOS, Mac OS X, Maiyadi App Store, WireLurker

    Today we published a new research paper on WireLurker, a family of malware targeting both Mac OS and iOS systems for the past six months. We believe that this malware family heralds a new era in malware attacking Apple’s desktop and mobile platforms based on the following characteristics:

    • Of known malware families distributed through trojanized / repackaged OS X applications, it is the biggest in scale we have ever seen
    • It is only the second known malware family that attacks iOS devices through OS X via USB
    • It is the first malware to automate generation of malicious iOS applications, through binary file replacement
    • It is the first known malware that can infect installed iOS applications similar to a traditional virus
    • It is the first in-the-wild malware to install third-party applications on non-jailbroken iOS devices through enterprise provisioning

    WireLurker was used to trojanize 467 OS X applications on the Maiyadi App Store, a third-party Mac application store in China. In the past six months, these 467 infected applications were downloaded over 356,104 times and may have impacted hundreds of thousands of users.

    How It Works

    WireLurker monitors any iOS device connected via USB with an infected OS X computer and installs downloaded third-party applications or automatically generated malicious applications onto the device, regardless of whether it is jailbroken. This is the reason we call it “wire lurker”. Researchers have demonstrated similar methods to attack non-jailbroken devices before; however, this malware combines a number of techniques to successfully realize a new brand of threat to all iOS devices.

    WireLurker exhibits complex code structure, multiple component versions, file hiding, code obfuscation and customized encryption to thwart anti-reversing. In this whitepaper, we explain how WireLurker is delivered, the details of its malware progression, and specifics on its operation.

    We further describe WireLurker’s potential impact, as well as methods to prevent, detect, contain and remediate the threat. We also detail Palo Alto Networks Enterprise Security Platform protections in place to counter associated risk.

    WireLurker is capable of stealing a variety of information from the mobile devices it infects and regularly requests updates from the attackers command and control server. This malware is under active development and its creator’s ultimate goal is not yet clear.

    We recommend users take the following actions to mitigate the threat from WireLurker and similar threats:

    • Enterprises should assure their mobile device traffic is routed through a threat prevention system using a mobile security application like GlobalProtect
    • Employ an antivirus or security protection product for the Mac OS X system and keep its signatures up-to-date
    • In the OS X System Preferences panel under “Security & Privacy,” ensure “Allow apps downloaded from Mac App Store (or Mac App Store and identified developers)” is set
    • Do not download and run Mac applications or games from any third-party app store, download site or other untrusted source
    • Keep the iOS version on your device up-to-date
    • Do not accept any unknown enterprise provisioning profile unless an authorized, trusted party (e.g. your IT corporate help desk) explicitly instructs you to do so
    • Do not pair your iOS device with untrusted or unknown computers or devices
    • Avoid powering your iOS device through chargers from untrusted or unknown sources
    • Similarly, avoid connecting iOS devices with untrusted or unknown accessories or computers (Mac or PC)
    • Do not jailbreak your iOS device; If you do jailbreak it, only use credible Cydia community sources and avoid the use or storage of sensitive personal information on that device

    Download “WireLurker: A New Era in OS X and iOS Malware” here.

    This Article  was copied  from the Nice folks at PALOATO NETWORKS

     

  • PowerShell for Security Professionals

  • PowerShell Scripts for Admins and Auditors

    Here a a few PowerShell script that I use to look al logs and user accounts.

     

    To finding the latest logon time

    •Get-QADComputer -ComputerRole DomainController | foreach { (Get-QADUser -Service $_.Name -SamAccountName username).LastLogon } | Measure-Latest

    The following example demonstrates how to find inactive user accounts:

    •Search-ADAccount -AccountInactive | where {$_.ObjectClass -eq 'user'} | FT Name,ObjectClass –A

    •The following example demonstrates how to find user accounts that have been inactive for 90 days:

    •Search-ADAccount -AccountInactive -TimeSpan 90.00:00:00 | where {$_.ObjectClass -eq 'user'} | FT Name,ObjectClass –A

    Retrieving Local Security Log Information

    On a local computer, the PowerShell Get-EventLog cmdlet

    •get-eventlog-list

    •get-eventlog -list |<br>where \{$_.logdisplayname -eq `<br>"security"\}

    Find all users who have “Password Never Expires

    Search-ADAccount -PasswordNeverExpires | FT Name,ObjectClass –A

    To Determine Who Has Never Logged On

    get-aduser -f {-not ( lastlogontimestamp -like "*") -and (enabled -eq $true)}

    Find the Location of a Locked-Out User (jferron)

     

    $DomainControllers = Get-ADDomainController -Filter *

    Foreach($DC in $DomainControllers)

    {

    Get-ADUser -Identity jferron -Server $DC.Hostname `

    -Properties AccountLockoutTime,LastBadPasswordAttempt,BadPwdCount,LockedOut

    }

More Posts Next page »
Copyright - www.myITforum.com, Inc. - 2010 All Rights reserved.
Powered by Community Server (Commercial Edition), by Telligent Systems