The number of incidents I am seeing of people being infected with the Cryptolocker continues to escalate. Now before I launch into this rant here is information about the nasty:
http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/
so you have been warned.
But how the hell can this be happening? How the hell can these sorts of things still get through and cause mayhem and destruction? Having lived through Nimda, Code Red, Melissa, Conficker and more, why is this all happening over and over again? Simple, technology is making it easier for the bad guys not harder. Am I the only one who acknowledges this fact?
I have written many, many times about how vulnerable society has become by creating such a dependence on technology. For example:
here – https://blog.ciaops.com/2013/03/a-gift-for-hackers.html
here – https://blog.ciaops.com/2008/07/why-bad-guys-will-always-win.html
here – https://blog.ciaops.com/2008/08/the-bad-guys-win-again.html
and here – https://blog.ciaops.com/2009/08/bad-guys-win-again-part-iv.html
but to name just a few.
And yet, the world seems to be again brought to its knees by a clever piece of code that is able to slip past all the ‘so-called’ filters, scanners, protection mechanisms and what not that are supposedly put in place. How is that? How can people still be clicking links and attachments they know nothing about? And why is everyone paying so much for what seems like so little protection? Is all this supposed ‘security’ actually making things worse by providing people with a false sense of security?
Simple, the weakest link is the wet-ware behind the keyboard (i.e the human being). People simple don’t have any concept of the security risk they face on ANY device that is connected to the Internet or that receives email. And you know what? That is just about every single technology device we have today. EVERY SINGLE ONE. What is being to educate people about IT security. Not much from what I can see. That is the REAL problem here.
The modern world continues to place its unmitigated faith in the march of technology, obvious to the underlying risks and fragility it is creating. It also lives with this naive assumption that whatever is done on the Internet is also anonymous. They likewise jump up and down when they find out that the NSA is monitoring email traffic. Like DUH, emails have ALWAYS been sent in the clear so ANYONE could read them, DUH. It demonstrates how removed from technology the average person is. They happily use technology but have no IDEA how it works. That is always a dangerous recipe.
It makes NO difference where your information is. In your Office or in the cloud, if you are connected to the Internet you are vulnerable, full stop. The problem is others are also on the Internet so if you get infected then there’s a chance you’ll infect them. We are now more than ever all connected together and what happens in one place can have a huge impact thousands of miles away INSTANTANEOULSY.
To me most of this anti virus software and filtering is a complete and utter waste of time. Don’t get me wrong, I have a certain set of tools and programs I use but my main weapon to remain secure is to concentrate on scaring the crap out of everyone I know (especially my family), constantly reinforcing what maladies will befall them if they click on something they shouldn’t. Does that make them paranoid? You bet it does, but you know what? I am pretty sure none of them are going to get infected with this latest virus because they are more scared of me than this virus. Sometimes that’s what you gotta do keep people secure.
So what’s the point of this post? Firstly, it is to express my utter disbelieve in the existing security ‘industry’ that charges users billions of dollars every year and yet somehow fails to protect them. Is the problem the software or those charged with maintaining them? Hmmm… I could go on but secondly, it is to say that these problems are only going to continue because we are not dealing with the root cause – the idiots who click on unknown attachments and files sent to them. Here’s my golden IT security rules for idiots that MUST be followed under pain of death:
1. Backup, backup, backup. That’s not being repetitive it means back your stuff up at least 3 times.
2. If it seems too good to be true then it is. That means, that if there is any doubt then there should be no doubt.
3. If you don’t know, then ask.
I long for the day when society takes IT security seriously and develops solutions to EDUCATE people on how they vulnerable they really are every time they access the Internet. Am I being paranoid, I sure am, because you know why? Only the paranoid survive when it comes to security. I’m paranoid and I’m proud of it. That is why the machines I look after don’t get infected. Sure, there is never 100% surety when it comes to dealing with human beings but you know what? Paranoia goes a lot further in my books than most of this other ‘so called’ protection I see out there today.
Category: Uncategorized
Why You Should Move from Dropbox to SkyDrive Pro
I have just done an article for the Box Free IT site on why SkyDrive Pro is much better option than file sharing services like Dropbox. You’ll find the full article at:
http://boxfreeit.com.au/2013/10/15/why-you-should-move-from-dropbox-to-skydrive-pro/
Let me know what you think!
Review–Targus rotating case for iPad
Full disclosure – the review unit was supplied by Mobilezap. You can find this device and others at the Mobilezap category page at:
http://www.mobilezap.com.au/34783-targus-rotating-leather-style-case-for-ipad-4-3—black.htm
You snap your iPad easily into the plastic holder inside the case and then you can use it on the go or at your desktop, all with this case.
What I really like about this case is the fact you can easily rotate the iPad and use it as a stand both in landscape and in portrait. It is quiet sturdy so it makes an excellent addition to any desktop environment. You can then swivel it around and use the case like a normal folio when you are on the road.
I also like the quality of the case, which is typical of Targus products. It has a nice leather feel to it on the outside and the inside is felt lined. The case has a number of ridges into which you can prop the device when you want to use it on your desktop to get just the right viewing angle along with an elastic strap to prevent the case swinging open when you are travelling.
It would have been nice if the case was a little thinner and perhaps had a locking mechanism to prevent the iPad from swivelling unexpectedly. As a business user I’d also like to see more storage locations in these types of cases. Somewhere for business cards and notepaper would be great, although this unit does a pen holder which is handy.
Overall a great unit for your iPad, high quality and suitable for the desk or out on the road.
Sharing of infected files
In my last post I noted how Office 365 prevents you from uploading infected files. I got to wondering what happens when the other file sharing services try and share an infected file.
If I try and attach an infected file directly from my local machine to an email in Google Apps it is detected as shown above, which is good, and prevents that file being attached.
But since I can also attach from Google Drive as well, I can attach the infected file (since I can upload into Google Drive as my last post highlighted). This is not good.
Now you’ll see that with Google Apps the attachment is really shared via a link rather than attaching the actual file from what I see. Any email system worth its salt will detect and quarantine an attachment that contains a virus, so let’s just eliminate from our considerations. But, if instead I send a link to an infected document what happens? I know the email will reach the users (because it isn’t infected).
So here’s what the user sees. If I click the link to the file I see:
Now if I try and download I get:
That’s good, but remember here I am dealing with a .com file that includes a virus.
So let’s assume I am a little more cunning in my attempts to infect a user I place the infected file inside a ZIP archive. What happens?
As you see, Dropbox allows me to send a public link to the encrypted file where anyone can download it. This means that your only defence typically here is now the local anti virus software which we know all users always keep up to date right? (if you believe that then you live in world of unicorns, leprechauns and perpetual rainbows). Not good!
Now if I share the same ZIP file using Google Drive and attempt to download it from the File menu.
It is blocked like before which is good, BUT look at this:
If I download it from the drop down option at the end of the file
It downloads! Not good, especially give this the default that users see when they view the link provided. I also find it strange that one way you get one result (i.e. blocked file) while the other way you don’t. Strange.
So what’s the moral here? Best bet is don’t let the file get up to file sharing platform in first place, which is why I reckon Office 365 is a much better bet when you start digging into what can happen as I have done briefly here.
All file sharing systems are not created equal.
SkyDrive Pro includes anti virus protection
I’m seeing a lot of people out there getting hit with all sorts of viruses coming through file sharing programs because you know what? They simply don’t provide any protection but they are really easy to use.
For example when I upload the eicar antivirus test file to Dropbox look what happens:
Dropbox allows the file to be uploaded and stored. Now, if a user opens this file they run the risk of being infected.
So what happens if you attempt the same thing with Google Apps? Guess what? It also let’s the virus be uploaded and stored.
This highlights how great most file sharing applications are a virus delivery mechanisms now doesn’t it?
However, when we come to Office 365 SkyDrive Pro and SharePoint we receive the above notification telling us that our file is infected and won’t be uploaded! Now that’s protection.
Viruses and malware are so much a part of todays landscape, problem is, so are easy file sharing utilities. Most of these file sharing utilities don’t even do the most basic security checks to ensure the files uploaded are clean. Office 365 is different. It is is protected by Forefront Protection for email, SharePoint and SkyDrive Pro. To my mind that makes it some much better than the alternatives, because it automatically protects users.
If you want to understand the difference between file sharing options and Office 365 then look no further than inbuilt virus and malware protection. When I pay for a file sharing and collaboration solution I want the one with built in security. That is Office 365 and SkyDrive Pro.
Great video of Microsoft mobile platform options
Here’s a good video that demonstrates the capabilities of Microsoft software such as Office, Lync, Yammer, etc across a number of different platforms including Windows, iOS and Android.
It is interesting to see how you can share information from the cloud using Office 365 as the glue to bind all these applications and users together.
Aston Martin uses Office 365
Here’s another nice promo video talking about the benefits Aston Martin has received since going Office 365.
Windows Azure Active Directory Sync tool (DIRSYNC) – the basics
I thought that I’d do some posts on DIRSYNC and how it works with Office 365 as there seems to be plenty of confusion out there about it. DIRSYNC is pretty simple in reality so let’s kick things off with the basics of installing DIRSYNC, we’ll get into the more advanced stuff later.
Windows Azure Active Directory Sync tool (DIRSYNC) is an application that provides one way synchronization from a company’s on premise Active Directory (AD) to Windows Azure Active Directory. This tool allows a limited set of user objects (including logins and passwords) to be copied to Office 365 so that the information in Office 365 is identical to that in the on premise AD.
Activating the Directory Synchronization (DIRSYNC) tool should be considered a long term commitment to co-existence. Once you have activated Directory Synchronization, you can only edit synchronized objects using the on-premise management tools.
A local network administrator needs to install the DIRSYNC tool on only one member server computer in an organization’s on premise network. To complete this process they will also need to have global administrative rights on the Office 365 tenant they are seeking to synchronize to.
The computer used for Directory Synchronization must meet the following requirements:
– It must be joined to the on premise Active Directory. It must be able to connect to all of the other Domain Controllers (DCs) for all of the forest.
– It cannot be a domain controller (thus can’t be run on SBS).
– It must run on a supported 64 bit Windows Server system which is:
o 64 bit version of Windows Server 2008 R2 SP1 Standard, Enterprise or Datacenter
o 64 bit version of Windows Server 2012 Standard or Datacenter
– It must run Microsoft .NET Framework version 3.5 SP1 and .NET Framework version 4.0
– It must run Windows PowerShell.
– It must be located in an access controlled environment.
When you install the Directory Sync tool, the configuration wizard will create a service account called MSOL_AD_SYNC in the standard Users organizational unit (OU) that will be used to read from the on premise AD and write to Windows Azure AD. The MSOL_AD_SYNC is given the following permissions:
– Replicate directory Changes
– Replicate Synchronization
– Replicating Directory Changes All
Enabling Directory Synchronization
The first step in the process to configure Directory Synchronization between an on premise AD and an Office 365 tenant is to login to the Office 365 tenant as a global administrator and then select users and groups from the menu on the left hand side.
This should display a list active users, however above this you will find the option Active Directory ® synchronization. Select the Set up link to commence the configuration process.
You will then be taken to the above list of steps as shown above.
After reading the documentation concerning synchronization using the link Learn how to prepare for directory synchronization you need to ensure that you have any custom domains already configured and verified.
The next step in the process is to select the Activate button for option 3 Activate Active Directory synchronization.
You will then be prompted to confirm the activation of AD Synchronization by pressing the Activate button.
When you are returned to the list of steps you will note that option 3 now indicates that Active Directory synchronization is activated as shown above.
You may see the above message that Active Directory synchronization if being activated. This process may take up to 24 hours to complete.
Installing DIRSYNC
You will then need to download and install the AD Synchronization software (DIRSYNC). Once downloaded, you launch the application to commence the installation process.
If the machine on which you attempt to install DIRSYNC is not joined to an AD domain you will receive the above error and be unable to proceed further.
Click the Next button to commence the installation process.
Select I accept radio button and then press the Next button to continue.
Here you alter the default installation directory if desired. It is recommended that you leave it with its default setting and press the Next button to continue.
You should now see the components being installed. This may take a few minutes to complete.
When complete, you will receive a message like that displayed above to indicate the process is now complete.
Press the Next button to continue.
You can elect whether to commence the DIRSYNC configuration process, which is selected by default.
When you have made your choice press the Finish button to complete the DIRSYNC installation.
Press the Next button to commence the configuration wizard.
Enter the details for your Office 365 tenant global administrator and press Next to continue. Office 365 needs to be accessible during this process.
If you have only just activated Directory Synchronization in the Office 365 portal, as previously noted, you may have to wait up to 24 hours for the activation to complete. If you don’t you will receive an error like that shown above and will have no option but to wait for the activation to complete.
You now need to enter the details of an enterprise administrator for your local Active Directory and press the Next button to proceed.
You now receive the option to enable Hybrid Deployment. In most cases you want to leave this option unchecked and press the Next button to proceed.
Next, you can elect whether you want the passwords from your local Active Directory accounts synchronized with accounts in Office 365. Normally you would check this option and press the Next button to proceed.
You will now see DIRSYNC being configured. This may take a few minutes and you need to wait until this process is complete.
When the configuration is complete, press the Next button to continue.
You will now be given the opportunity to synchronize the local AD user properties to your Office 365 tenant. In most cases you will leave this option checked and select the Finish button to complete the DIRSYNC configuration.
You’ll now see a dialog providing you information about how to verify that everything is synchronizing as expected. This will be covered next so press the OK button to close the dialog.
If you now login to your Office 365 tenant as an administrator and then select users and groups from the menu on the left hand side you should see a list of all your users.
If you look closely at the status of most users you will find that it says Synced with Active Directory. Select any of these users to view their properties.
You should find that users synchronized from your local Active Directory are not automatically assigned a license. You need to do this manually via the console or via PowerShell. Don’t forget that you can have multiple licenses in Office 365 tenants and DIRSYNC has no way of knowing what license you want to assign to what user.
Verify DIRSYNC
To verify that synchronization is taking place correctly at any stage, navigate to the on the member server you installed DIRSYNC:
C:\Program Files\Windows Azure Active Directory Sync\SYNCBUS\Synchronization Service\UIShell
Then double-click miisclient program.
You should see the Synchronization Service Manager appear as shown above. You will also probably notice some initial synchronization activity in the top window.
To check that information is being correct copied to Office 365 edit a user properties in your local Active Directory that you know is synchronized to Office 365. In this case the Job Title field has been updated to the string Marketing Manager for the user Lewis Collins.
Save these changes.
The next step is to force an immediate synchronization. To do this navigate to:
C:\Program Files\Windows Azure Active Directory Sync
And run dirsyncconfigshell.psc1
In the PowerShell window that appears type:
Start-onlinecoexistencesync
And press the Enter key to execute the command.
If you now return to the Synchronization Service Manager you should see additional synchronization activities are displayed.
If you select one of these items you will notice a list of statistics down in the lower left hand window. On the Updates line there is a hyperlink, select this to view more details.
In this case we see that the update refers to the user that was modified in the local Active Directory.
You can select this line and then select the Properties button in the bottom left for further information.
In the Connector Space Object Properties window you should details about the user, including the field that was updated in Active Directory.
This confirms that DIRSYSNC has processed the changed and sent it successfully to Office 365.
If you now login to Office 365 as an administrator and navigate to the list of active users again and then select the modified users (here Lewis Collins).
To verify the change in this case, select the details tab on the left menu under the user name and you should see the information shown above.
Under additional details you will find that the Job Title field in Office 365 is now the same as that in the local Active Directory, therefore verifying that DIRSYNC has worked successfully.
CIAOPS 