Hyperbole, Embellishment, and Systems Administration Blog

Jan 22, 2012
blog

How do you secure BYO Device?

: @orinthomas There’s a joke I heard that went “making something more secure makes it more inconvenient, so the more inconvenient you make something, the more secure it gets.” The tension between IT departments and the Bring Your Own (BYO) Device crowd isn’t an issue of IT departments being drunk on their own power, forcing workers to use uncool computers that have all the style of purple shag pile carpet. It’s an issue of convenience versus security. BYO Device is a convenience issue.  And keeping a personally managed computer secure is inconvenient. That’s why, a year after Windows 7 was released, 25% of computers had out of date anti-malware protection. Source: http://blogs.msdn.com/b/b8/archive/2011/09/15/protecting-you-from-malware.aspx. The chance of a personally managed computer having out-of-date malware protection increases with the age of the computer. It’s hard to manage and monitor BYO Devices. A phone, tablet, laptop, or ultrabook could be working fine or completely infested with malware. Unless you have some sort of monitoring solution, it’s almost impossible to tell. An organization considering a BYO Device policy needs to take steps to ensure that security is maintained. That the devices connecting to your Exchange and SharePoint servers aren’t riddled with malware. In the long run, it might be simpler and cheaper to buy users flashy computers and manage them centrally rather than to hope that they’ll keep the security on their own devices up to snuff. -- My new book: Windows Server 2008 R2 Secrets. It is a book for experienced Windows administrators who are new to Windows Server 2008 R2 and don't need a lot of basic introductory level material:...More
Jan 20, 2012
blog

TOR Client Software Found on 13% of Enterprise Networks

: @orinthomas Security Vendor Palo Alto Networks monitored a week’s worth of traffic traversing the internet gateways of 1,636 businesses each of which had at least 2,500 users and published a report about it here: http://www.paloaltonetworks.com/researchcenter/2012/01/browser-based-filesharing-usage-work-or-entertainment/ Although a lot of the commentary on this report focused on the widespread utilization of the site Megaupload and BitTorrent on these large enterprise networks, the figure that surprised me was that TOR traffic was found on 13% of these networks. TOR (The Onion Router) is an application designed to allow anonymity online. It works by routing traffic through a network of servers spread across the world. This routing hides a user’s location from anyone interested in performing traffic analysis, functionally eliminating the likelihood of being able to track or block users accessing restricted sites. Given the BitTorrent traffic measurements and the usage of the site Megaupload, taken down in the last few days by governments with indictments related to copyright infringement (the report also details that the most commonly downloaded traffic from Megaupload on corporate networks were pirated applications including PhotoShop and popular games) it isn’t surprising that TOR utilization is present on corporate networks. But if your organization has a policy blocking access to certain sites (porn, social networking, warez, sports) as I imagine most of these enterprise networks do, you’d probably want to be pretty certain that people weren’t using something like TOR to bypass those policies. If an employee is downloading and watching porn on his computer at the office, it’s a sure bet he’ll be fired. But it is also a sure bet that you, as network administrator, are going to get some uncomfortable questions about how that access was possible when you’d been asked to ensure that it wasn’t. You can find out more about TOR at: http://en.wikipedia.org/wi...More
Jan 4, 2012
blog

It’s just a matter of when: Context aware twitter malware/spam 1

: @orinthomas Twitter malware and spam uses a pretty straightforward attack vector. You get a twitter message from an account (usually with an attractive female avatar) telling you that you’ll get something awesome if you click on the helpfully provided link. Most people don’t click, because they realize that if a hot chick sends you a link on twitter claiming you’ll win a free iPad, it’s probably not legit. If you do visit the site at best you’ve been spammed. At worst it hosts malware that tries to infect your computer. Today’s twitter spam is quite crude. With the sort of twitter analytics provided by sites like Klout, I imagine that it will become a lot more sophisticated. Klout (and sites like it) allow you to quickly determine what a person’s interest are based on their twitter output. If you were trying to get someone to click on a link to infect them with malware, you’re going to be far more successful if you are hitting a topic that they are clearly interested in than a random promise of a popular product like an iPad. Random people do legitimately send you links about stuff you are interested in on twitter. If someone tweeted me with a link to a topic I’d just tweeted about, I’d be a lot more likely to click on it than I would a random link sent without context. So a belated security prediction – twitter link spam will get a lot more context aware in 2012 and it’s going to be difficult to make an eyeball determination whether someone you don’t know has sent you a link because they follow you and they think you will be interested in a topic, or they are just trying to spam you, possibly to a link that contains a browser exploit. -- My new book: Windows Server 2008 R2 Secrets. It is a book for experienced Windows administrators who are new to Windows Server 2008 R2 and don't need a lot of basic introductory level material:...More
Jan 3, 2012
blog

Windows Defender, Windows 8, and Trial Anti-Malware applications.

: @orinthomas Windows 8 will include an improved version of the Windows Defender anti-malware software http://blogs.msdn.com/b/b8/archive/2011/09/15/protecting-you-from-malware.aspx This means that all computers running Windows 8 will, at least when they are first powered on and connect to the Internet, have up-to-date anti-malware protection. Microsoft has also indicated that if a third party anti-malware application is installed on a computer running Windows 8, Defender will essentially deprecate itself in favor of the alternative. As you can probably guess, When Windows 8 releases, OEMs will continue to provide trial subscriptions from anti-malware vendors with the machines that they ship. This happens because anti-malware vendors provide OEMs with compensation for including trial versions of their software with new machines. The study cited above found 12 months after Windows 7 was released, roughly 25% of computers running Windows 7 didn’t have up-to-date anti-malware software. This was down from almost 100% of computers having anti-malware software at RTM. The proposed hypothesis was that a year down the track, 25% of people had let their initial trial subscription expire and hadn’t got around to, didn’t realize that they needed to, or flat out didn’t intend to renew their subscription. The problem is that anti-malware software that doesn’t have up-to-date subscriptions is about as effective at protecting you from new strains of malware as gumboots are for protecting you from crocodiles. There is no real reason to believe that people running Windows 8 will be any more diligent about keeping their anti-malware subscription current than people running Windows 7. Which suggests that 12 months down the track, sometime in mid 2013, approximately 25% of computers running Windows 8 won’t have up-to-date anti-malware definitions. While Windows 8 will be able to detect when someone hasn’t updated their definitions for some time I suspec...More
Dec 31, 2011
blog

Why do people let their anti-malware subscriptions expire?

: @orinthomas It’s pretty difficult to get figures on is the number of computers out there that don’t have any form of anti-malware software deployed. For example, Microsoft’s data showed that approximately a year after Windows 7 was released, approximately 25% of computers running the operating system did not have current anti-malware protection. Getting data on computers running Windows XP (roughly 50% of all computers running Windows in the world) is difficult, but it is not unreasonable to suspect that the number that are not running up-to-date anti-malware protection is much higher than 25%. So even though Microsoft Security Essentials (MSE) and other free anti-malware solutions have been available for free for the entire period that Windows 7 has been available, 25% of people (as of October 2010, the numbers are likely much worse now source: http://blogs.msdn.com/b/b8/archive/2011/09/15/protecting-you-from-malware.aspx ) running Windows 7 either don’t have anti-malware software or don’t keep it up to date. MSE is pretty fire and forget – once it’s installed it pretty-much looks after itself. So why do at least a quarter of people running Windows 7 (and even more running previous versions of Windows) – either not install anti-malware software or let it get out of date? The reasons for this are complex. I updated my aunt’s Windows 7 computer at Christmas time and installed MSE because no anti-malware program was installed. It took her a while to understand that she didn’t have to pay Microsoft for the installation of MSE as in the past “she’d always had to pay for anti-virus software”.  Her computer was unprotected because she thought she had to pay for that protection and hadn’t got around to it. Most people are introduced to anti-malware software through the included subscription that comes with their computer from the OEM. They let that subscription expire because they aren’t aware of the alternatives. Enough people renew their subscriptions...More
Dec 30, 2011
blog

Why MS11-100 was Out Of Band

: @orinthomas According to the recent OOB Bulletin Q&A and Webcast, MS11-100 was pushed out because exploiting the vulnerability in a denial of service attack was relatively straightforward once details of the vulnerability were made public. MS11-100 does not address a vulnerability that could be used to directly trigger a remote code exploit. MS11-100 also fixes an elevation of privilege vulnerability and a spoofing vulnerability that were otherwise going to be address in January’s patch Tuesday. You can catch the entirety of the webcast with Pete Voss and Jonathan Ness here at: http://blogs.technet.com/b/msrc/archive/2011/12/30/december-2011-out-of-band-bulletin-release-q-amp-a-and-webcast.aspx...More
Dec 30, 2011
blog

Little Known Feature: IE9 Tracking Protection

: @orinthomas Internet Explorer 9 Tracking Protection is an updated form of InPrivate Filtering. InPrivate Filtering was a little known mode in IE 8 that allowed you to block third party websites once they had tracked you across a threshold number of sites during a browsing session. Tracking protection allows you to block third party analytic sites that track your browsing activity across multiple sites. You can handle tracking protection manually, or you can download an ad-on from a tracking list provider such as adblock plus. Using tracking lists isn’t something that will remove advertisements from Internet Explorer, but it will stop data being sent back to tracking providers about your browsing session. To enable Tracking Protection on IE9, open the Manage Add-Ons dialog box and select Tracking Protection. From here you can click on “Get A Tracking Protection List” online. You can have more than one Tracking Protection list enabled at any one time. By default you can’t block the display of all advertisements in Internet Explorer the way you can in FireFox through Add-Ons, but will never be able to do directly in Chrome because the creators of Chrome are of course in the business of selling Internet Advertising. Tracking Protection Lists are a neat way of blocking the most maliciously invasive sites on the web – they’re just something that most people never find out about because they don’t bother digging about in the Manage Add-Ons dialog box of IE -- My new book: Windows Server 2008 R2 Secrets. It is a book for experienced Windows administrators who are new to Windows Server 2008 R2 and don't need a lot of basic introductory level material:...More
Dec 29, 2011
blog

IT Security Predictions for 2012

: @orinthomas As Dilbert author Scott Adams once said, the great thing about predicting the future is that if you’re right you can point back to your initial prediction and proclaim your genius, if you’re wrong, most people wouldn’t remember your predictions in the first place. So with that caveat in mind, here are some of the things I expect to see in the IT security news in the coming 12 months: More compromised CAs. In 2011 we saw a compromised Malaysian government CA used in a scheme to sign code as though it was signed by Adobe. At least four other CAs trusted by most of the computers in the world reported some sort of compromise in 2011. CAs are a high-value target as malware authors that compromise a trusted CA are able to make their malware look like it was signed by a trusted company like Apple, Microsoft, Adobe, or Google No Code-Red or Nimda type event. The days of mass panic malware events are most likely behind us. Computers are more secure out of the box and both Code-Red and Nimda involves exploits that leveraged reluctance to change the default settings. Vendors like Microsoft continuing to take down Botnets through “litigation decapitation”. Decapitating botnet command and control nodes by throwing lawyers at the problem is a more practical strategy than hoping that people disinfect compromised systems. More reports of Android Malware. Android has an increasingly massive footprint and Google seems at the moment unwilling to take a role of checking Android apps for malware prior to publication, instead taking a post-hoc approach of removing apps that have been found by people in the community to contain malicious code. Google can mitigate this somewhat by being more pro-active in screening the code it publishes in the App store. This approach seems to be working for Apple. The vibrant Android Warez scene will remain a bastion of malicious code. More social network malware. Sometime in 2012 Facebook will reach the 1 billion user ma...More
Dec 28, 2011
blog

Picture Passwords: Alternative or Gimmick?

: @orinthomas If you’ve used a tablet running Windows for a while, you’ll know that logging on with a complex password involving 8 or more letters, numbers, and symbols gets tiresome. As a way of reducing this tedium, Microsoft has introduced “Picture Passwords”. They work by having you choose a picture and then performing three different types of touches on three different points of the picture. For example a swipe on one part of the picture, draw a circle on another part, and draw an X on a third part.  If your doodles on the picture match what’s stored in the computer, you’re logged on. If you forget where you swiped, circled, and drew and X, you can always log on using the traditional character based method. Since the feature was made available in the Dev-Preview of Windows 8, there has been a bit of discussion as to whether the smudges that inevitably end up on a touch screen may give away hints to the nature of the picture password.  A blog post on the Building Windows 8 blog indicates that they’ve put some thought into this, but that it would also be a good idea for people to clean their touchscreen from time to time. So while picture passwords may be convenient and a little fun, they may be a little less secure than traditional passwords. Picture passwords aren’t the only way of trying to deal with the annoyance that is complex alphanumeric/character based authentication. For a time it seemed that most laptop computers shipped with some sort of fingerprint reader. A few still do. In my own experience the reliability of the fingerprint reader was such that I simply ignored it after the first week and performed a traditional logon. I suspect that was the case generally. Some new Android phones are playing around with unlocking the screen using facial recognition. There are some reports that you can get around this by showing  the phone a photograph of the owner. Spoofing authentication using a recording is a problem that voic...More
Dec 28, 2011
blog

Patching without testing: Risky or Rational?

: @orinthomas Earlier this year I was teaching a Configuration Manager class and we were discussing software update testing before deployment. I asked members of the class how much time they spent testing software updates before deploying them given that the average time between the release of an update and a publicly available exploit was around 6 days. I got a variety of answers. Some of the organizations that students worked for had a lengthy update testing process which could mean it was several weeks between when an update was released and went into productions. Others had a more cursory testing scheme, deploying updates to a small number of production servers before redeploying the updates across their organization. The answer that interested me the most was a student who told me that they simply deployed updates without testing them. His reasoning was as follows: Testing rarely found updates that broke something to the point where the update would not be deployed. Thorough update testing each month took a substantial amount of time. Time equals money. On a yearly basis, the cost of testing updates rigorously each month exceeded the cost of rolling back the occasional update that broke things. He made sure that he took a full backup of each system prior to deploying an update so that he could perform a complete rollback if he couldn’t uninstall the update gracefully He deployed updates in a staggered manner, so that any immediate problems would become apparent before the update was rolled out to all production systems. This approach seems to be an attempt to balance the risk of an update ganking systems with the not insubstantial cost of thoroughly testing updates before deployment. It relies on software vendors being reasonably thorough about testing updates prior to deployment. If your organization is finding few actual problems when testing updates prior to deployment, perhaps you are allocating more resources than necessary to mitigate a...More
Dec 28, 2011
blog

Why A Mobile Device Operating System’s Security Model is important

: @orinthomas Mobile Phones are beginning to hold more of our life than Computers do. Mobile phone operating systems are also starting to get the sort of attention from hackers that computer operating systems do. With computer operating systems we have regular updates to deal with these vulnerabilities as they arise. This isn’t always the case with mobile phone operating systems where vendors have a more relaxed attitude towards software updates once someone has actually purchased the phone. It is reasonable to say that all operating systems and applications have vulnerabilities that hackers, given enough time and effort, are able to find and exploit. Operating systems that have wider market share are more likely to draw hacker attention than operating systems that have smaller market penetration. Just because an operating system isn’t widely exploited doesn’t mean that vulnerabilities don’t exist. If you read any near future science fiction, you know that most authors are predicting that more and more of our lives will be lived through our mobile phones. In the near future phones will become our digital wallets and the holders of our digital identity. In the near future, “pwning” the phone will reap greater rewards than it does today. In the near future, compromising someone’s phone will have much the same overall effect as taking their wallet. Identity theft becomes a lot easier when someone’s e-mail, social media, and financial information is all stored on the one device! In future, keeping your phone up to date with software updates will be as important as keeping your desktop and laptop computer up to date is today. Just as you’d be insane to perform online commerce today with a computer running Windows XP RTM without any anti-malware protection, you’ll be insane to perform online transactions in the near future with a phone that hasn’t been updated since you purchased it from the vendor. That’s where today’s mobile phone operating system update strategie...More
Nov 30, 2011
blog

Mobile device anti-malware 1

: @orinthomas Will your phone need an anti-malware app? Mobile device security has been in the news constantly of late. From some who claim that the Android platform is where the malware action is  to one of Google’s lead developers, Chris DiBona claiming that anyone trying to sell anti-malware protection for the Android operating system was a charlatan and a scammer. As Bruce Schneier points out, mobile devices will be the new juicy targets – simply because phones host data such as location, contacts and, as your phone becomes your digital wallet, your finances. Of course malware is going to target the phone in future just as it targets the phone today. It doesn’t matter what phone OS you are running – though from a “bang for your buck” perspective, malware authors are going to target the platforms with the greatest market share first – just as they always have. The question is - are you better off using some sort of anti-malware product that automatically updates itself with new definitions and heuristics, or will you be better off waiting for carriers to approve updates to mobile phone operating systems (something that can take months, if at all) that plug the most recently found security holes? My bet is that in the long run, anti-malware software on mobile phones and tablets will be as necessary as anti-malware software on desktops and laptops. These devices are targets. These devices do hold juicy information. Unless a vendor has another way of rolling out operating system updates to deal with zero day exploits, anti-malware software is likely to be your best bet.     Check out my new book that includes some of the things you might not know about Windows Server 2008 R2:...More
Nov 18, 2011
blog

IT revenge stories should scare you into updating your security procedures

: @orinthomas Cracked.com is a humor site, but it’s recent story Revenge of the IT Guy details five instances where someone who had been fired from the company was able to carry out a revenge plan that caused substantial organizational pain. In almost all these cases, good administrator account deprovisioning policies would have saved the organization. While some organizations were smart enough to change the fired IT guy’s password during the firing process, they didn’t go and force password changes on other members of the IT staff or go and look for backdoor administrator accounts that may have been created at some point in the past. Having good procedure isn’t just necessary if your organization is about to fire an admin – an administrator who leaves voluntarily for another job might actually have a substantial grudge and decide on a little post-employment payback. The other thing you’ll pick up when you read this story is that all of these guys got caught. I’m willing to bet that for every fired admin that goes on a rampage that gets caught, there are a bunch who get away with it because they are a lot better at covering their tracks! The other lesson to take away from this is that if you are going to take revenge on your organization – and you are smart enough to use a public Wi-fi point to carry out your attacks – ensure that you don’t go and pay for your food at the register using a method that is easily identifiable like a credit card five minutes before performing your intrusion!     Check out my new book that includes some of the things you might not know about Windows Server 2008 R2:...More
Nov 18, 2011
blog

New Microsoft Security Essentials Beta program open

twitter: @orinthomas If you are interested in the future of Microsoft’s end user consumer security product, which has become very popular because it is both (1) effective and (2) free, you can sign up to be a tester of the new version of Microsoft Security Essentials at the following connect site: https://connect.microsoft.com/site981/program7299   Check out my new book that includes some of the things you might not know about Windows Server 2008 R2:...More
Nov 14, 2011
blog

Digitally signed Malware: May we live in interesting times

-twitter: @orinthomas According to a recent post on the F-Secure blog – they’ve found malware that was signed using a code signing certificate from a CA owned by the Malaysian government. Malware signed by a trusted CA is especially pernicious as signed applications are less likely to throw warning errors at the user when downloaded from the Internet than applications that have no digital signature. In the case of the malware found by F-Secure, the malware is signed as though it was authored by Adobe Systems Incorporated. We’re so used to thinking about CAs being invulnerable that if if our computer tells us that an application appears to be digitally signed by a reputable software company, who are we to disagree with that assessment. As Malware production and distribution becomes more commonplace, expect increasing numbers of attacks on CAs to get signing certificates. As with most attacks, there will be successful attacks that we find out about (though the loss of faith in the CA after such an attack probably spells the end of the CA as a commercial entity) but there will also be successful attacks that we are unaware of. CAs that aren’t aware that their processes have been compromised and that malware authors are using their certs to sign malicious software. Professional malware operations can invest the time to compromise CAs as a further way of ensuring that their malware spreads. They don’t need to go for the secure CAs up at the top of the trust chain – they just have to hit the ones a bit further down the tree. The ones that don’t have great security, but are still able to issue certificates trusted by the majority of people’s computers. Phishing attacks will certainly be a lot harder to detect if the SSL certificate identifying the site as being associated with your bank has been generated by a compromised trusted CA....More
Nov 14, 2011
blog

Win 8 / Win 7 feature I’d like to see: Create startup repair USB

-twitter: @orinthomas The future of laptop computers is one which doesn’t involve optical drives. You already see that on netbooks and ultrabooks and it won’t be too long before you see DVD and Blu-Ray drives go the way of the floppy drive. With this in mind, I’ve been thinking about the startup repair options for computers running Windows 7, Windows Server 2008 (& R2), and Windows 8. Currently if your computer won’t start up, you need to either pull out the Windows installation media or use a startup repair disk. You can create a startup repair disk from the Backup and Restore control panel item. The real limiting factor about the startup repair disk is that it actually has to be an optical media disk. Unless you faff about (something that you generally don’t want to do in a situation where you are trying to repair a computer that won’t boot) – you can’t create a startup repair USB stick. I did a quick check in Windows 8 Dev Preview and the same CD/DVD requirement is there as well. No USB startup repair. The ability to create a startup repair USB stick seems obvious. Many computers these days don’t ship with optical media drives – and the types of tablets that Windows 8 will run on certainly won’t ship with those drives built in either. It would be great if this sort of thing could be included in a future Windows 7 / Windows Server 2008 R2 service back, but even if not then, perhaps it would be something that could be added to Windows 8 in the many months we have until the product’s release. Keeping the ability to create optical media repair disks without being able to create USB thumb drive media repair disks given that every computer available today can boot from USB seems like an anachronism....More
Nov 13, 2011
blog

Facebook & the new Word Macro Virus

Twitter: @orinthomas Back in the late 90’s when I transitioned from a help desk role to Systems Administration, the most common way that computers would become infected with viruses was the Word Macro virus. The anti-virus vendor’s definitions simply couldn’t keep up with the variety of these viruses ad I remember running scans against departmental file shares every week, finding new outbreaks of infection. Eventually things in macro virus world calmed down and malware authors moved onto newer and simpler to exploit targets. Today more and more today is that Facebook is increasingly becoming the attacker’s platform of choice. This makes sense – nearly 800 people log on every day and in a medium designed for sharing information, malware dressed up as a video of a dancing cat will spread more rapidly than an attachment of a dancing cat would have spread through e-mail a decade ago. It works on Facebook because the malware doesn’t appear to have originated from some random site, it instead seems to have been something posted by a friend. One of the main things that people do on Facebook is click on the interesting digital detritus their friends dig up from around the Internet. How are they able to tell the difference between a link to a cat playing an accordion that contains malware from a link to a cat playing the bongos that does not? At the moment Facebook borne exploits primarily target people accessing Facebook through their PC. Users who don’t keep their browser software up to date are more likely to be successfully exploited than users who ensure that their browser is updated on a timely basis. Increasingly though people are accessing Facebook through their mobile devices. Mobile devices are a lot more challenging to keep up-to-date than PCs and most of them aren’t designed to be secure from exploit code running on the sites they access. Don’t be surprised if in the next few months we start to see malware spreading on Facebook that attacks users accessing...More
Nov 9, 2011
blog

Professionalization of Malware

We know that humans aren’t that good at objectively evaluating threats and our myths can mislead us into underestimating or overestimating threats. As the IT profession starts to enter middle age, we’re starting to get our own myths – things that may once have been true, but are no longer so accurate. One pernicious myth is that virus writers are teenage hackers with substantial amounts of time on their hands. That’s certainly been true in the past. What we’re seeing now, with Stuxnet and Duqu is malware that shows a more disciplined approach to software engineering. Analysts have found that both Stuxnet and Duqu are highly sophisticated products, not the sort of thing banged out by some angsty teen only fuelled by Red-Bull and Cheetoes. While the majority of malware authoring is still performed by anti-social teen males, the more effective and pernicious malware is authored by disciplined teams of coders. Similarly, with vendors now integrating better security processes into their products, the search for vulnerabilities has turned from a hit and miss amateur affair into something that requires substantial time and effort. In the security arms race, just as it’s costing vendors more to strengthen the security of their product, it’s costing attackers more to develop effective exploits. In the long run it might not be that vendors release perfectly invulnerable products, but that instead the effort required to build effective exploits for vulnerabilities that do exist in products will be so substantial that few other than the most dedicated and motivated will attempt the task. There will still be the angsty teen-male hackers, but that they’ll move on to easier tasks should finding an exploit to a professionally engineered product prove too time consuming and without reward. Which is why the development of malware will become more professionalized. Of course the question then becomes how is the professional development of malware monetized, but that’s a completely...More
Oct 31, 2011
blog

Rogue mobile devices are common on internal networks 1

A recent survey of 1,200 professionals by Deloitte quoted by Tim Wilson of Dark Reading indicated that almost 30% of them believed that rogue mobile devices were present on internal networks and were being used to connect to messaging systems, file servers, and SharePoint sites. A substantial 87% of respondents believe that important internal infrastructure is at risk from these unauthorized mobile devices. This is a very reasonable belief to have. Mobile devices such as phones & tablets are increasingly used by employees to access critical organizational resources. However while use of these mobile devices grows, and soon exceeds, the use of personal computers to access the Internet – the security of these devices lags behind that of traditional platforms such as PCs. This is in part because most mobile device operating systems aren’t designed around the security of the user in a hostile environment, but instead prioritize performance and ease of use. Things certainly aren’t helped by Application Stores that do only cursory checks to see if the applications they publish are ridden with malware, or by users who side load pirated software on their devices. As some within the IT community push to embrace the “consumerization of IT” – questions about how these consumerized mobile devices can be secured from malware are often ignored. The charge seems to be to allow mobile devices, no matter how infected and compromised access to important infrastructure as some sort of user empowerment strategy. Pragmatically, with increasing attacks against mobile platforms, leaving the security of these devices to their owners is likely to result in increasing breaches against organizational infrastructure. The interesting question going forward is whether administrators continue to allow insecure and possibly malware ridden mobile devices to interact with critical organizational infrastructure by attempting to harden the infrastructure itself against inevitable attack, whethe...More
Oct 28, 2011
blog

Massive day for System Center ( #Sysctr ) Fans–2 Betas and 3 Release Candidates

Today is a massive day for fans of Microsoft’s System Center Suite of programs. Not only are there brand new betas of System Center App Controller and System Center Service Manager, we also see System Center Orchestrator, System Center Endpoint Protection, and System Center Configuration Manager go into release candidates. With all of the 2012 System Center products due by New Years Eve, now is the right time to jump in and get your hands on the software that will be managing and maintaining your organization in the very near future. For specific product, use the following links: System Center App Controller Beta http://www.microsoft.com/en-us/server-cloud/system-center/app-controller-2012.aspx System Center Service Manager Beta http://www.microsoft.com/en-us/server-cloud/system-center/service-manager-2012.aspx System Center Orchestrator RC http://www.microsoft.com/en-us/server-cloud/system-center/orchestrator.aspx System Center Configuration Manager RC http://www.microsoft.com/en-us/server-cloud/system-center/configuration-manager-2012.aspx System Center Endpoint Protection RC http://www.microsoft.com/en-us/server-cloud/system-center/endpoint-protection-2012.aspx Download them, throw them in a VM, and get to know them! Follow me on twitter: @orinthomas...More
What's Hyperbole, Embellishment, and Systems Administration Blog?

IT pro Orin Thomas provides true tales, snafus, news, and urban legends for Microsoft Windows system administrators.

Contributors

Orin Thomas

Orin Thomas is a contributing editor for Windows IT Pro and a Windows Security MVP. He has authored or coauthored more than thirty books for Microsoft Press, founded the Melbourne System Center,...
Blog Archive

Sponsored Introduction Continue on to (or wait seconds) ×