Tag Archive for MSFT

| August 28, 2014
Comments Off on Millions of PC’s Still Have Stuxnet Bug

Millions of PC’s Still Have Stuxnet Bug

Millions of PC's Still Have Stuxnet BugLately, I have covered a few pieces of old IT business here, here, and here. And here is another piece of old business from Infosecurity Magazine. Tara Seals at Infosecurity Magazine recently pointed out new research from Kaspersky. They are reporting that there are 10’s of millions of systems that are still vulnerable to the most infamous malware families that enabled Stuxnet.

Patched in late 2010

RadarResearch by Kaspersky has found the vulnerability that allowed Stuxnet, Flame, and Gauss malware campaigns (CVE-2010-2568) is still being exploited. They are still being exploited despite the flaw having been patched in late 2010 by Microsoft. Kaspersky Lab reported more than 50 million detections on more than 19 million computers worldwide in the past eight months.

The lack of patching by IT administrators is surprising given that the vulnerability has an infamous history. The author explains that the vulnerability is an error in processing tags in Microsoft (MSFT) Windows OS. The flaw enabled the download of the random dynamic library without the user’s awareness. The vulnerability affects Windows XP, Vista, and Windows 7, as well as Windows Server 2003 and 2008.

Sality worm

MalwareThe first malware exploiting this vulnerability appeared in July 2010: the worm Sality. Sality generated vulnerable tags and distributed them through the LAN. Ms. Seals writes that if a user opens a folder containing one of these vulnerable tags, a malicious program immediately begins to launch. The summer of 2010 then saw the appearance of Stuxnet. Stuxnet is a computer worm that was specifically designed (likely by the US and Israel) to sabotage the uranium enrichment process at several factories in Iran. Subsequently, the state-sponsored Flame and Gauss spyware made use of the security hole.

Windows XP vulnerable to Stuxnet

Infosecurity Magazine dug into the statistics and found that most of the unpatched systems were running Microsoft’s outdated Windows XP. Kaspersky said the report.

Knife in the toasterThe lion’s share of detection’s (64.19%) registered .. involved XP and only 27.99% were on Windows 7 … Kaspersky Lab products protecting Windows Server 2003 and 2008 also regularly report detection of these exploits (3.99% and 1.58% detection’s respectively)

Kaspersky data suggests that the problem is self-inflicted.

The large number of detection’s coming from XP users suggests that most of these computers either don’t have an installed security solution or use a vulnerable version of Windows – or both.

Kaspersky also analyzed the geographical distribution of CVE-2010-2568 detections. According to Infosecurity, the top nations with the vulnerability were:

  1. Vietnam (42.45%)
  2. India (11.7%) and
  3. Algeria (5.52%)

Kaspersky researchers told the author, “So many users of outdated versions of Windows mean these exploits are effective even though almost four years have passed since the disclosure and patching of the vulnerability.”

rb-

C’mon, if you are going to use an orphaned operating system, update it as far as you can and get off it as fast as possible.

As Kaspersky pointed out, using an outdated version of an operating system is fraught with the risk of cyber-attacks involving exploits, special programs that target vulnerabilities in legitimate software to infect a computer with other dangerous malware.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , ,
| August 21, 2014
Comments Off on MSFT Closing More Windows Support

MSFT Closing More Windows Support

MSFT Closing More Windows SupportIT departments organizations are busy keeping up with XP replacements, Cloud migrations, BYOD implementations and now Microsoft has reminded everybody that there are other fires burning on the horizon. Microsoft (MSFT) is warning that they are ending mainstream support for more popular Windows products. Some of the key products ending mainstream support include; Windows 7, Window Server 2008, Exchange 2010, and SharePoint 2010.

So what does Redmond mean when it ends “Mainstream Support”?

  • Microsoft supportMainstream support is the typically five-year period when Microsoft provides free patches and fixes, including but not limited to security updates, for its products.
  • When a product exits the mainstream support phase, Microsoft continues to provide a period (also often five years) of extended support, which means users get free security fixes but other types of updates are paid and require specific licensing deals.
  • “End of support” means there will be no more fixes or patches — paid or free, security or non-security — coming for specific products. CNET says there are some temporary workarounds, as Windows XP users have discovered, but as a general rule, end of support means, for most intents and purposes, the end.

start planning nowHere are some critical (or not so critical) dates. You may want to circle in red on your calendar and start planning now. Do you have funds in your 2020 capital budget for new hardware? Will cloudifying these be the answer? Are you up to speed on Azure? Are your apps up to speed on Azure?

September 14, 2014 mainstream support ends Windows Phone 7.8.

October 14, 2014, is a critical date, support ends for

  • Office 2010 (Including Viso and Project) with Service Pack 1 mainstream support ends.
  • SharePoint Server 2010 Service Pack 1 mainstream support ends

ending mainstream support for more popular Windows productsJanuary 13, 2015, is a big day for Microsoft support

  • Windows 7, Mainstream, free support ends on for all versions of  Windows 7 (Enterprise, Home Basic, Home Premium, Ultimate, and Starter) as well as Windows 7 SP1.
  • Extended support for Windows 7 lasts until January 14, 2020, so users can expect to continue to receive free security updates, but not feature updates, for Windows 7 until that point.
  • Some industry watchers have speculated that Microsoft will end up pushing out Windows 7’s support dates the way the company did for XP, given Windows 7’s popularity and pervasiveness, but so far, CNET says there is no evidence of it happening.
  • Windows Server 2008 – Mainstream support also ends on all versions of Windows Server 2008 and 2008 R2. Extended support remains in place until 2020.
  • Exchange 2010 – Mainstream support will also end on all versions of Exchange 2010. Extended support remains in place until 2020.
  • Other Microsoft products whose mainstream support ends on January 13, 2015 include :
    • All editions of Windows Storage Server 2008,
    • Dynamics C5 2010,
    • NAV 2009 and NAV 2009 R2
    • Forefront Unified Access Gateway 2010 with SP3
    • Visual Studio 2012
  • Microsoft recommends its customers to get updated, “Customers should migrate to the next available Service Pack to continue to receive security updates and be eligible for other support options.”

extended support cuts offJuly 14, 2015, Microsoft’s extended support period for Server 2003 cuts off (I covered the end of 2003 here). MSFT won’t be issuing patches, updates, or fixes of any kind for that operating system (unless users have pricey Custom Support Agreements in place). Redmond is hoping to move 2003 hold-outs to Windows Server 2012 R2 and/or Azure.

October 13, 2015, is another big deal day

  • Office 2010, Visio 2010, Project 2010 — Mainstream Support ends. Extended support should run into 2020.
  • SharePoint Server 2010 — Mainstream support ends. Extended support should run into 2020.

April 11, 2017 – Extended Support ends for Windows Vista ends. No more updates. Time to upgrade (rb- if you haven’t already moved on).

August 11, 2017 – Extended Support ends for Exchange Server 2007. No more updates. Time to upgrade.

January 10, 2018, Mainstream support for Windows 8.1 ends for all versions of Windows 8. Customers still running Windows 8 have until January 12, 2016, to update to Windows 8.1 in order to stay supported.

rb-

Remember this – running out-of-date software which no longer receives security updates is playing into the hands of online criminals and hackers.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , ,
| August 12, 2014
Comments Off on Who Needs Two-Factor Authentication

Who Needs Two-Factor Authentication

Who Needs Two-Factor AuthenticationThe recent epidemic of online security breaches has shown the folly of passwords as the sole protector of your online data. As I have covered several times, most users depend on the same passwords. So what are we to do? One solution is Two-Factor Authentication.

John Shier at SophosNaked Security blog provided a primer on multi-factor authentication. Two-Factor Authentication is a subset of Multi-factor authentication (MFA).  MFA is an authentication process where two of three recognized factors are used to identify a user:

  • Sommulti-factor authenticationething you know – usually a password, passphrase, or PIN.
  • Something you have – a cryptographic smartcard or token, a chip-enabled bank card, or an RSA SecurID-style token with rotating digits
  • Something you are – fingerprints, iris patterns, voiceprints, or similar

How two-factor authentication works

Two-factor authentication works by demanding that two of these three factors be correctly entered before granting access to a system or website. So if someone manages to get hold of your password (something you know), the article says they still will not be able to get access to your account unless they can provide one of the other two factors (something you have or something you are).

Data breachThe author explains that secure tokens with rotating six-digit codes can be used to remotely access internal systems via a VPN session. Users need to give a username, a password, and the six-digit code from the secure token appended to a PIN. Home users can use a sort of two-factor authentication using SMS code verification. This is where, in addition to correctly entering your password (something you know), you must also correctly enter a numeric passcode sent to your mobile phone via SMS (something you have).

The availability of mobile network service and the unreliable nature of SMS can make SMS 2FA difficult. However, some services allow you to use an authenticator app in addition to your password which presents you with a different numeric one-time password (OTP) for each service that you register with the app. Both Google and Windows make these apps freely available in their respective stores.

Authenticator apps can be great for signing into sites like Google, Facebook, and Twitter even when your phone does not have service (mobile or otherwise).

Two-factor authentication makes it harder

SPAM emailParker Higgins at the EFF, says normal password logins, which use single-factor authentication, just check whether you know a password. This means anybody who learns your password can log in and impersonate you. Adding a second factor, like a PIN, something you know, with your ATM card, something you have, makes it harder to impersonate you. You need to both have a card and know its PIN to make a withdrawal.

Online two-factor authentication brings the same concept to your services and devices by using your phone—which means that even if your password is compromised by a keylogger in an Internet café, or through a company’s security breach, your account is safer according to the EFF.

That’s important because phishing, which is one of the most common ways in which accounts are compromised, only gets information about passwords. By adding a different factor, phishing attacks become much more complicated and much less effective according to Mr. Higgins.

APhishings two-factor authentication systems become more popular, they have gotten increasingly user-friendly; the EFF believes it doesn’t have to be a difficult trade-off of convenience for security. Major services like Twitter, Google (GOOG), LinkedIn (LNKD), Facebook (FB), Dropbox, Apple (AAPL), Microsoft (MSFT). GitHub, Evernote, WordPressYahoo (YHOO) Mail and Amazon (AMZN) Web Services have enabled two-factor authentication.

rb-

Users should get used to two-factor authentication. 2FA is not available everywhere but many of the most popular sites and services on the internet use the technology.  Hopefully, this will compel the rest to follow suit. There is Android malware in the wild that is specifically designed to steal SMS verification codes trying to thwart 2FA so you still need anti-malware on your mobile devices.

In the wake of recent POS attacks (which I covered here), DHS has recommended 2FA for POS systems. While it is not bulletproof, it does increase your security by making it harder for your accounts to be compromised. All users will need Two-Factor-Authentication Authentication.

Related articles
  • Fending off automated attacks with two-factor authentication (cloudentr.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , ,
| August 5, 2014
Comments Off on Remote Desktop Opens Door to POS Malware

Remote Desktop Opens Door to POS Malware

Remote Desktop Opens Door to POS MalwareThe U.S. Department of Homeland Security (DHS) has issued a warning to retailers. DHS reports that cybercriminals are using remote desktop software to open up retailers’ networks to point-of-sale malware attacks. Point of Sale (POS) systems have been at the heart of many of the recent data breaches. Retailers impacted include Target, Jimmy John’sP.F. Chang’s, Neiman Marcus, Michaels, Sally Beauty Supply, and Goodwill Industries International the New York Times reported.

Research conducted by the DHS, the Secret Service, the National Cybersecurity and Communications Integration Center, and security firm Trustwave SpiderLab. have following the attacks. During the attacks, Cybercriminals are scanning corporate systems for remote desktop software. The attackers are looking for Microsoft (MSFT) Remote DesktopApple (AAPL) Remote Desktop, Google (GOOG) Chrome Remote Desktop, Splashtop, Pulseway, and LogMeIn’s join.me.

Install malware

After finding an exposed system, attackers launch brute force attacks on the login feature. FireceIT Security reports that once the attackers gain network access, they deploy Backoff POS malware.  steal customer payment data and hide the theft using encryption.  An alert was issued by US-CERT on 07-31-2014 that explained how the malware gets installed.

At the time of discovery and analysis, the [Backoff] malware variants had low to zero percent anti-virus detection rates, which means that fully updated anti-virus engines on fully patched computers could not identify the malware as malicious

malwareUS-CERT has informed anti-virus vendors of the threat from Backoff malware and they will be updating their software to detect and block the malware. The malware can scrape memory for track data, log keystrokes, engage in command and control communication, and inject a malicious stub into explorer.exe that ensures “persistence in the event the malicious executable crashes or is forcefully stopped.”

The article concludes, “The impact of a compromised POS system can affect both the businesses and consumer by exposing customer data such as names, mailing addresses, credit/debit card numbers, phone numbers, and e-mail addresses to criminal elements. These breaches can impact a business’ brand and reputation, while consumers’ information can be used to make fraudulent purchases or risk compromise of bank accounts.

rb-

Lesson learned?If mega-firms like Target can be breached, what chance do small mom-and-pop POS firms in schools, food trucks, kiosks at the airport stand? I say not much. I have worked with several POS vendors and it seems they barely understand their own product, let alone SSL certs, VPNs.

Here are some tips from Verizon’s 2012 research into security breaches affecting companies that use POS systems to process customer payments. Make sure your POS vendor does the following:

1.  Change administrative passwords on all POS systems. (Hackers are scanning the Internet for easily guessable passwords).

2.  Implement a firewall or access control list on remote access /administration services. (If hackers can’t reach your systems, they can’t easily steal from it).

3.  Avoid using POS systems to browse the web (or anything else on the Internet).

4.  Make sure your POS is a PCI DSS compliant application (ask your vendor)

5.  Use password management software like LastPass to generate secure passwords. (LastPass allows you to avoid storing passwords in your browsers and can generate ready-to-use secure passwords for you).

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| July 29, 2014
Comments Off on Clock Ticking on Windows Server 2003 Deployments

Clock Ticking on Windows Server 2003 Deployments

Clock Ticking on Server 2003 DeploymentsNow that everybody has worked Windows XP out of the PC fleet (LOL), another Redmond deadline looms. Microsoft (MSFT) will be ending all support on the venerable workhorse of many organizations, Windows Server 2003. Windows Server 2003 (and R2) will cease to be supported by Microsoft on July 14, 2015. Yeap that is less than one year.

Windows Server 2003 logoPaul Mah at FierceCIO explains that Windows Server 2003 will be end-of-support phase on July 14, 2015, and will no longer be updated with security patches and bug fixes. He points out that companies that continue to run Windows Server 2003 July 14, 2015, will start to fail standard compliance audits. Regulations such as HIPAA, PCI, and SOX require regulated industries to run on supported platforms. Michael Cobb at SearchSecurity reminds us that most compliance and regulatory standards consider running end-of-life software as a control failure.

FierceCIO estimates that custom support agreements for Windows Server 2003 will have a hefty price tag of $200,000 per year. The article quotes Brad Anderson, Microsoft corporate vice president of Windows Server and System Center, “If new issues do happen to be found, the only way to receive additional updates will be through a custom support agreement.”

End of LifeCompliance considerations aside Windows Server 2003 would have been in operation for 12 years at that point. The article says companies that continue to use an unsupported platform could find support for some server applications suspended–including all Microsoft applications.

Microsoft is expecting a large number of existing deployments to be migrated to its latest Windows Server 2012 platform. This mandatory migration could help MSFT with its market share against is virtual nemesis VMware (VMW). Mr. Anderson says a lot of Server 2003 machines need to be upgraded.

The fact of the matter is that there is a significant amount of Windows Server 2003 to upgrade around the world. We estimate that there are more than 15 million physical servers that are likely to be upgraded over the next 12 months.

Windows HyperVMigrating millions of servers to Windows Server 2012 gives Microsoft’s virtualization technology, Hyper-V, a big boost, noted eWeek. This is because Windows Server 2003 doesn’t have any virtualization technology baked in, unlike Server 2012 which comes with Hyper-V for support for up to 1,024 active virtual machines (VM) and up to 1TB of memory per VM.

The clock is ticking though for companies looking to make the switch. The FierceCIO article reports the average Windows Server migration takes 200 days. This means that organizations looking to get started very soon, or risk running out of time.

Over at SearchSecurity, Michael Cobb, CISSP, offers a starting point for migrating from Windows Server 2003.

Upgrade nowStart now – Mr. Cobb warms that phasing out Windows Server 2003 will be a complicated process there are choices that must be made that will affect infrastructure strategies for the foreseeable future.

Hosted Services – Organizations using hosted services will have no choice but to update their legacy software. Mr. Cobb says providers will ultimately force customers to upgrade from Windows Server 2003 so that they can continue to provide the support and security promised in their service-level agreements.

Enterprises have a couple of upgrade options when it comes to retiring Windows Server 2003 according to Mr. Cobb.

  • Changing from Windows to a Unix-based OS won’t really be an option for many enterprises, as their key applications will only run on a Windows machine. Because application compatibility and a lack of in-house skills are likely the overriding issues, Unix is not an option for most companies.

application compatibility and a lack of in-house skills

  • Going to Windows Server 2012 – While it is the latest Microsoft server OS, it can’t run 16-bit Windows-based applications, and 32-bit applications must be run in an emulator, making this option also unattractive because of compatibility issues according to the author of www.hairyitdog.com.
  • Windows Server 2003 x64 Edition – Enterprises already running 64-bit applications should consider upgrading their hardware and moving straight to Windows Server 2012.
  • Windows Server 2008 – Since Windows Server 2003 servers are likely to be running on old hardware, this upgrade route — while cheaper short-term — will probably just delay legacy hardware and software issues to a later date as both will need replacing prior to 2020 when Windows Server 2008 reaches the end of its extended support period.

SearchSecurity offers these starting points:

  • Start rewriting old applications now so the inevitable problems and errors can be sorted out. It is also a great opportunity to not only improve security and stability but also add much-needed new features to enterprise systems.
  • Legacy software is always an attractive target for hackers,Contact vendors now about 64-bit versions of key application software. If vendors have no plans to offer application upgrades, it’s time to start searching for replacements. Legacy software is always an attractive target for hackers, particularly if it is no longer supported by the original vendor.

Rewriting applications and upgrading licenses and hardware is complex, time-consuming, and costly, but vulnerable systems and data could ultimately be even more expensive. CISSP Cobb warns that doing nothing is not an option. Enterprises must start planning their migration strategies now to avoid making hasty decisions once the reality of unsupported software has already disrupted operations.

rb-

Will the last-minute scramble to migrate from the Windows XP repeat itself all over again? To quote the immortal Yogi Berra, will it be déjà vu all over again.

déjà vu all over againThe rule of thumb for successful migrations is to plan ahead, be thorough, and don’t wait until the last minute if it can be avoided.  Despite this fact, a survey by AppZero found that:

  • 57% of Microsoft customers are still running WS 2003
  • 94% of those running WS 2003 intend to migrate, but only 24% are ready to do so
  • 40% not sure of upgrade path
Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
« Older Entries   Recent Entries »