Sometimes it pays to stop and think for a moment

So I was trying out some software that I’d heard about that would protect your PC from browser based attacks. I installed and rebooted and guess what? Blue Screen of Death. Damm. Now it wasn’t the end of the world but it was still a pain since I stupidly hadn’t attempted to install the software on a Virtual PC first.

So without thinking too much I booted into safe mode and attempted to uninstall the software using Add/Remove programs. No good, needs Windows installer which doesn’t run in safe mode. Next option, hack the registry and remove all references to the product I just installed. Reboot, still Blue Screen of Death. Damm. Next, take out my image recovery CD and boot to it planning to restore my boot drive from an image I made yesterday. Boot to CD, start restore program, just about to press the Start button, when my logic finally catches up with my brain.

Wouldn’t the simplest way be to boot into Safe Mode and do a System Restore? Yes, ladies and gentlemen it was and it fixed the issue but it does illustrate a point. In the world of IT we are faced with “disasters” everyday but we probably don’t have a method of effectively dealing with them. I suggest that maybe the best idea is simply to take stock of the situation and then DO NOTHING. Well, not quite nothing. I’d suggest a deep breath and some time thinking about the problem and possible solutions. It is better to survey the land than charge into a battle with the wrong plan. Patience, grasshopper, patience.

It is too easy for even an experienced hand like myself to rush into the fray “knowing” the solution. In some cases it may even make it worse. A little time to think about the issues, even write down some solutions and then develop a strategy can make all the difference. Now I generally try to implement this strategy but as I found out here, it is so easy to slip back into the “full-steam” ahead mode. Human instinct after all I suppose.

Such a situation reminds me of a good book I recently read called Deep Survival: Who lives, Who dies and Why by Laurence Gonzales. It delves extensively into what makes some people survive while others perish. The psychology behind the findings are truly amazing and I would still recommend you read it just for the incredible stories of human survival. For a complete review hop on over to Goodreads and and link to my profile (director@ciaops.com) where you’ll find my list of readings as well as reviews of the material. If you like reading, the Goodreads is a great site.

So in this world of rush, rush, rush more time actually thinking about a problem before acting can actually be a good thing and will more than likely save you time in the long run. Patience is a virtue that I need to constantly work at.

Threats from "new" devices

I’ve now seen a few stories about new IT devices containing viruses and malware. Here’s an article from the LA Times that gives bit more details about how much more wide spread it is becoming. You would think that buying something as simple a new digital picture frame wouldn’t mean you’d have to scan it for suspect software, but you do. Seems like the best idea with all these things is simply to reformat them and reload before you use them. What a pain!

Better hope you don’t get this one

Here’s an interesting blog post about the latest in Trojan technology that is specifically targeting internet banking. You’ll find the post here :

http://www.symantec.com/enterprise/security_response/weblog/2008/01/banking_in_silence.html

If you take the time to read it you’ll shudder at the sophistication of the thing. It can manipulate DNS entries, HTML code, track cookies and more. Nasty, nasty to say the least.

It shows how much effort the bad guys are investing to getting your banking details. Why? Simple, that’s where the cash is – they are a business after all.

Wireless insecurity

I was recently visiting some friends and needed to check my emails. Sure, I know they have a broadband hooked up to a PC in their den but I’m enjoying being outside so let’s just fire up my Windows Mobile Device and see what’s around.

Sure enough when I enabled the Wifi connector on my little Windows Mobile device I find a wireless network and guess what? It is unsecured! What does that mean? For starters, free access to the Internet. Even worse they had named their access point after themselves ( ie Susan’s wireless). So I asked my friends if they knew any Susan in the street. Sure enough she lived two doors up. So now I know a few things, One – which house has a wireless LAN running, Two – that house is providing FREE internet access to anyone in range and Three – chances are there is a PC also in the house (since something has to be connected to the Wireless/Router to be used with the Internet connection).

If you are providing free Internet access to the world chances are that you haven’t secured your router or your PC. So I do a quick check and find that I can browse to the routers configuration page. It is brand I know and guess what? It is still using the default password. So, not only have you allowed someone to access your internet for free, you’ve also given them access to your wireless router. They can change it’s password, change its IP address, do all sorts of wonderful things because you haven’t changed the password. You haven’t even been bothered to implement basic security.

Next, I have a poke around a bit more and find a PC connected to the router and find that it isn’t secured as well. Oh man, given enough time anyone could not only copy all the data from the PC but also view all its keystrokes. Understand what that means? FULL CONTROL! Every email, web site, every keystroke you type could be captured. Think the bank is going to give your money back if funds are withdrawn with the CORRECT password even though you say it wasn’t you? I doubt it!

All it takes is one simple mistake like not securing your wireless with WPA and you have potentially let anyone in range into your system and depending on what else you have been too lazy to do, have potentially given them access to everything that happens on that PC.

I see it everywhere I go. Wireless is great as long as it is SECURED. Out of the box it isn’t!

Ever heard of Flash cookies?

Have you ever gone to the trouble of deleting all your Internet temporary files, cookies, browsing history and so on, then rebooting only to find that a web site still knows who you are? For a long time it really puzzled me how this particular web site still knew who I was after killing what I thought was every piece of identifying material on my PC.
Turns out that Adobe Flash can also be used to store cookies, unsurprisingly these are known as ‘Flash Cookies’. As you can see from the image below this is how the sites were still able to track me.

When I looked through the list of sites that had stored Flash Cookies on my system I found quite a variety including those typically from people like Doubleclick whose ‘third party cookies’ allow your browsing machine (and people who use it) to be tracked across different web sites. So, it is possible that if you go two different web sites with ‘third party cookies’, people like Doubleclick know where you’ve been and can thus start to profile you. The more you browse the more ‘third party cookies’ you get and the better the profile that is constructed about you. This profile allows advertisers to direct certain banners at you (ah ha you say, so that is why the ad seem to ‘know’ me) as well as sell your browsing habits to marketing companies. That is why many normal ‘third party cookies’ are considered spyware, because they track your activity WITHOUT your consent!
So even if your turn off or reject normal cookies these Flash cookies can still be recorded on your system allowing you to be profiled. Now, that you know about flash cookies you may well ask where on my PC can I go to turn them off? Ah ha, another gotcha – there is no setting on your PC (that I found anyway). You have to go to a page on the Adobe web site (Abode are the owners of Flash), which will query the settings on your system and allow you to make machines and present you with the control panel you see in the above picture.
As with normal cookies, disabling or deleting Flash cookies may prevent some sites from working correctly so beware. However, now that you at least know how to change the settings you can always return and adjust your settings to allow only what you deem necessary. So all you need now is the Adobe web site where you make these changes and here it is :
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html
Clearly many sites are using whatever means they can to record information about you so they can profile you. To me, if they didn’t ask, that is an invasion of my privacy. I am only happy for the SITES I WANT to profile me but NO OTHERS. Heaven knows how many other avenues are out there that companies are using to track web surfers but at least now you know how to control this one.
PS I’d also make sure your select the option to TURN OFF unrestricted access to your microphone and camera. Why the hell this should ever be on by default beats the hell out of me.

High CPU usage on the Trend security server

Having issues with high processor utilization or :

•It takes a long time to open applications

•High network bandwidth usage occurs

•Programs like Microsoft Word, Excel, and Outlook slow down

Then the following article from Trend may help

http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034528&id=EN-1034528

It involves the installation of a hot fix.

Restoring with Shadowprotect video now available

We’ve added a new video that details the basics of restoring information using Shadowprotect on Small Business Server. You can view the video directly on YouTube by clicking here.

The video will cover the basics of restoring a single file using the Windows interface or restoring a whole volume by booting into the Shadowprotect environment directly from their bootable CD.

Look out for additional videos on Shadowprotect coming soon that will cver topics such as: complete server recovery, Exchange recovery, etc. As always, we appreciate any comments or feedback on what we have created.