Disaster and Recovery Plan

Need some inspiration on your Disaster plan at work?

Well Dilbert surely has one for you 😉

Forefront Endpoint Protection – fustrations

2013-06-28_14h08_52I just updated our “Microsoft Forefront Endpoint Protection” client software, this in turn caused several of my scripts to stop working 🙁

Digging led to the discovery that the PATH has changed :-/ omg why change that…

Namely I ran two commands weekly on all our servers;

"C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe" -SignatureUpdate -MMPC"
"C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe" -scan -scantype 2"

The first foreces Forefront to update it’s definitions straight from the Internet repository, and the second forces a full scan.

but the “Antimalware” part of Forefront (or at least MpCmdRun.exe) seem to have moved from;

C:\Program Files\Microsoft Security Client\Antimalware” to “”C:\Program Files\Microsoft Security Client

But why 🙁  – anyhow, if you update your Forefront Endpoint Protection be sure to check any manual scripts you have running.

 

Downloading the updates manually;

You can still download the update file manually (80mb aprox), it’s the same file as for Endpoint Protection –  get them here;
http://www.microsoft.com/security/portal/definitions/howtomse.aspx
or try this undocumented one (direct download link); http://go.microsoft.com/fwlink/?LinkID=121721

 

 

WordPress Security -> Wordfence

WordFence

You are likely familiar with WordPress, if not well – interesting 😉  anyhow, you may also have heard about the recent attacks on wordpress blogs by a worm like virus/malware?  Attacks on WordPress installations is not something new, it has always been there as it’s such a popular platform however time has revealed some not so smart features with wordpress security, one thing is that you can try to log in as many times as you like without any action being taken – hence there is nothing to stop a brute force attack on your wordpress installation’s login!?

Well Wordfence to the rescue, a simple plugin you install on your wordpress installation that all of a sudden offers you a ton of cool security features, I will just mention a few here – for the complete listing visit their website..

Features;

  • Login limiter – limit how many incorrect passwords/usernames are accepted
  • Site and theme scanner – scan your wordpress blog for changes
  • Block unwanted IP’s from accessing your site
  • Manage crawlers (search engine index bots)
  • and many many many more cool features

You can define what the reaction to different attacks, eg. block IP/Lock account for xx min/throttle traffic.

Wordfence1

Now a thing like that must cost a fortune you say!?  well no, there is a TOTALLY FREE version with basic functionality (enough for most I would say) and the deluxe version which cost a bit.

Now after adding this you should also add Two Factor Authentication, eg using “WordPress Google Authenticator Plugin” – http://wordpress.org/extend/plugins/google-authenticator/screenshots/ Or one of the other TwoFactor authentication solutions out there.

So, what are you waiting for 🙂 protect your WordPress blog now 🙂

iPhone Configuration Utility – easy configuration of iPhones/iPads

You may be an IT administrator or just the person in charge of helping your users (or friends for that matter) configuring iPhones.  Now setting up an iPhone is not hard once you have tried it once or twice, but it is still time consuming and lets face it not very fun, well imagine that you had a piece of software in which you could prepare the configuration and then just sms the configuration to anyone?  Well it is almost as easy as that 🙂  and best of all, I will show you how 😀

What you need is the “iPhone configuration utility” from Apple, you will find it here;
http://www.apple.com/support/iphone/enterprise/

Now you install this and are set to go, with this software you can create configurations for the iPhone (or iPad) and by connecting the device to your machine you can transfer the settings directly, this is easy enough but as mentioned you can do even better – you can send the configuration over the internet – the latter however require a web-server and maybe a little more skill that the average home user.

Anyhow, if you are an IT administrator etc. and need to setup a log of iPhones, then this is interesting for you..  You create a configuration with “iPhone configuration utility” and upload this to a web-server, eg. as http://www.webserver.com/iphonesettings.mobileconfig and now you can just sms the link to this page/file to new employees or BOD “bring your own device” users.  Now one word of caution though, if you publish your config this way you MUST omit ANY sensitive information like email, domain name, username and passwords, this however is not a problem – any information not entered will just be prompted – so if you omit the username and password the user will just be prompted for this when installing the configuration (information like this is likely known by the user, or could be included in the sms).  That some outside user may be able to read what mailserver you use is not really a problem, this information is already public knowledge via eg. NSLOOKUP – so there is really no security issue with this unless you include passwords etc. which you should avoid as mentioned.

The settings set this way are entered into the phone as a “Profile”, you can configure that this “Profile” can be removed “Anytime”, “Via Password” or “Never” (never mean that you need to reset the device to remove), if you remove the “Profile” it will also remove all data related to the profile (eg. if email settings was part of a profile, it will also remove the emails as part of the removal – but if you setup additional email’s manually these will be left alone).

What can you configure;
Almost anything, just to mention a few things; Email, VPN, WiFi, Policies (you can enforce password etc. etc.).

See my walktrough here for more details etc;

 

Ps.
If you upload the configuration to a webserver, you may need to set the mime type and remember to NOT change the extention of the file (.mobileconfig).

Kristina Svechinskaya the worlds sexiest hacker

According to http://www.techpraveen.com Kristina Svechinskaya has been elected the sexiest computer hacker in the world.  Sadly not for some white hacker scheme but rather for being a mule related to Zeus Trojan attacks in the range of $12.5+ million.

And I must say, she does look cute..  sad she chose this kind of business 🙁

 
Read more here;
http://www.techpraveen.com/2011/12/kristina-svechinskaya-is-the-worlds-sexiest-computer-hacker.html

How to install Malwarebytes and remove malware/virus easy

Here is a short video guide to removing malware using Malwarebytes.org’s free scanner.

English language version;

Danish language version;

For more details on how to remove malware and viruses then look here;

http://www.kanmandet.dk/?page_id=1222

Ghostery – privacy help

Concerned about your privacy, who and what is tracking you during your internet browsing?

Take a look at Ghostery, it is a util that will show (and enable you to block) who is tracking you..
http://www.ghostery.com

Works on most popular browsers.

How to install guide (IE);

Clever password -> website -> password salting scheme

This is quite clever (as long as you are vigilante);

http://supergenpass.com/

You know the deal, you need to create a new account and have to supply username, email and password to do so.  You may have learned or heard that it is NOT a good idea to use the same password for different sites (if one gets compromized ALL your logins would thus be vaunerable), but also you really can’t remember 1031 different passwords…  well SuperGenPassword.com CAN help you with this!?

What is does is quite simple you enter sitename (the url/site you are creating the login for) and password (your generic/master password) into SuperGenPassword and viola it provides you with a “unique” password for the site – the clever part is that you wont have to remember this password!?  You simply remember the generic/master password, and next time you visit the site you use SuperGenPassword to generate the password you need for the site..  This is done simply by hashing (http://en.wikipedia.org/wiki/Hash_function) the site/url salted (http://en.wikipedia.org/wiki/Salt_(cryptography)) with your generic/master password.

Lets take an example;

Password on url test.dk become l5zuZo0qa2
Password on url test.com become eipalNBj0T
Secret on url test.dk become nY8BEihJsR
Secret on url test.com become dXt1E8tILH

As you can see the same password makes a different hash depending on the url.

Now SuperGenPassword even offers some clever scripting shortcut so you can generate these passwords automatically and insert them into the password field on web-sites, I would advice against this as the scripting they use has been proven to be vaunerable to interception by malicious sites/scripts which can thus obtain your generic/master password.  Instead use http://supergenpass.com/mobile/ their mobile solution and generate the password manually in a different tab and paste the password into the site you wish, a bit more work but a lot more security..  also a good trick is to pad the password with a “pin”, lets say the hash from the data you entered into http://supergenpass.com/mobile/ become dXt1E8tILH – then normally you would use this as the password – however if you add padding to the start eg. added TOAD to the beginning the “final” password would thus become  TOADdXt1E8tILH, thus even if someone found out you were using SuperGenPass and somehow got hold of your password then it would be useless for them as only you would know to add TOAD to the password generated by SuperGenPass.

Here is a YouTube video that explain a bit about SuperGenPass, note that he is USING the scripting which I advice you do NOT.. But you may get the idea a bit better though..

So DO NOT use the script, use http://supergenpass.com/mobile/ instead..

Bye bye privacy

Should you ever see a device like the one below then your mobile devices may be close to loosing their virginity 🙁

Police and Homeland Security in the USA have obtained devices like this that allow them to clone/extract ALL data from your cellphone/pda/ipod/ipad/iphone etc in minutes, it does not even matter that you erased data this device will get ANYTHING “sector by sector”….  some states even allow this device to be used during routine traffic stops..  My fear as an EU citizen is that if I at some time wish to travel to the USA, then I may be met by a Homeland Security officer at the border with a device like this in his hand..  Not that I have anything to hide, but the idea that someone else will have FULL access to my very private data is VERY disturbing to me..

Read more here;
http://redtape.msnbc.msn.com/_news/2011/04/20/6503253-gadget-gives-cops-quick-access-to-cell-phone-data

Dropbox – major security breach – what to do?

As you may have heard Dropbox suffered a major security breach this weekend, for almost 4 hours ALL dropbox accounts (including data) was accessible to ANYONE without password (or rather you were asked for a password, but it would accept anything)..

The major problem here is that ANYTHING in your Dropbox is unencrypted, and thus anyone that gets access to your Dropbox has access to your data…

This is, besides a major concern for Dropbox users, a wakeup call for users of cloud solutions – I totally have to agree with Steve Gibson (www.grc.com/securitynow) that we need PIE – Pre Internet Encryption, everything we store in the colud really NEED to be encrypted before it leave our servers/lan.

Obviously this Dropbox breach was not good 🙁  but never fear there is a solution, still in Beta but still very promising..  The solution is called SecureSync, it creates an encrypted folder in your dropbox and anything stored here is encrypted (you HAVE to access the folder via the “SecureSync” shortcut in MyDocuments though, if you look directly in the encrypted folder you will only get encrypted data – this however is quite clever as you can still syncronize with machines that do not have SecureSync installed, for Dropbox the encrypted data is merely data and is thus synchronized just as other data – however once you instal SecureSync on the target machine you can suddenly read the encrypted data via the “SecureSync Shortcut”.

SecureSync is free (at the moment at least) and still in Beta, but it seem to work fine although especially the install routine obviously will be improved.

Get it here;
http://getsecretsync.com/ss/getstarted/