WServerNews: Spotlight on security & privacy

In this week’s newsletter

More on impending NETLOGON changes and domain-joined Windows 7 PCs. Has any of your software reached EOL? Here fitty fitty! Cybercrime: real vs what’s cool. Always ask before opening this type of file and NEVER STOP ASKING. Potential vulnerability in Google Drive. Making stolen iPhones unrecoverable. Be careful plugging in that USB charger! Dig trumps Nslookup. What do BlackBerrys and zombies have in common?

Plus lots more — read it all, read it here on WServerNews!

Enjoy this week’s newsletter and feel free to send us feedback on any of the topics we’ve covered — we love hearing from our readers! And please tell others about WServerNews! It’s free and always will be free — and they can subscribe to it here. Thanks!!!

 

Got questions? Ask our readers!

WServerNews goes out each week to almost 200,000 IT pro subscribers worldwide! That’s a lot of expertise to tap into. Do you need help with some technical problem or are looking for expert advice on something IT-related? Ask Our Readers by emailing your problems and/or questions to us at [email protected]

 

Editor’s Corner

This week’s observations and ruminations from Mitch Tulloch our Senior Editor…

More on impending NETLOGON changes and domain-joined Windows 7 PCs

In our previous newsletter we talked about an impending change coming in Netlogon secure channel connections associated with CVE-2020-1472 and how this may affect any domain-joined Windows 7 computers that organizations still have around. My initial reading of Microsoft’s security advisory gave me the impression that after next February 9th PCs running Windows 7 would get kicked out of Active Directory. But further reading left me wondering whether this is correct.

Fortunately one of our readers named Rakesh Chanana used to me a Senior Premier Field Engineer (PFE) at Microsoft for many years and he was glad to weigh in on this matter with the following comments:

Hi Mitch, Thanks for covering the Netlogon changes in your article.

I wanted to clarify that the group policy applies to Windows 2008 R2 and not to Windows 7 because that group policy is for domain controllers and thus does not apply to client OS.

I can also tell you that Windows 7 supports secure RPC for netlogon communications so there should be no issues with Windows 7 domain logins after Feb 9, 2021. Why do I know this?

Well the same article you link in your article mentions system EventIDs 5827/5828 and the day after I installed those patches, I had a few older systems fail to login to domain after reboot with 5827 error. I searched through all DC event logs and found 5827 events from only Windows 2000 and prior OSes. The only other OS with that error: Windows Embedded v 6.1.7601.

After the group policy (to Allow vulnerable Netlogon secure channel connections) is enabled, those 5827 errors become 5830 warning events. Another event to watch out for is 5829 (warning) which I have seen for a lot of third-party devices – NAS devices, proxy servers and so on. Those systems will have issues on/after Feb 9, 2021 unless updated or connections are allowed by adding those machines to same group policy.

Our thanks again to Rakesh for providing some much-needed clarification on this issue as now I can sleep at night — we still have one Windows 7 PC in our domain which is needed for running some legacy software and hardware our business uses. Now about that Linux box running SAMBA though, hmm…

Now onto some other security-related matters and some stuff relating to data privacy…

Has any of your software reached EOL?

It’s a good idea to replace older software before it reaches end-of-life as once vendors no longer support their software they seldom release patches to deal with new vulnerabilities discovered in it. Fortunately the Multi-State Information Sharing and Analysis Center (MS-ISAC), a division of the Center for Internet Security (CIS), releases monthly summaries of EOL’d software in PDF format which you can download from here:

https://www.cisecurity.org/blog/end-of-support-software-report-list-2/

It would be even nicer if they released the list in Excel (XLS) format or even as a CSV text file as it would make it easier to diff with exported software inventory reports from systems management software. Maybe someone at CIS or MS-ISAC is listening?

Here fitty fitty!

There’s more than one way to fish — I mean phish. While email is the usual vector for phishing attcaks, the FBI and CISA have recently reported an increase in “vishing” (voice phishing) attacks as a result of more employees working from home due to the pandemic. For details see the following joint security advisory (PDF) from FBI and CISA as posted by Brian Krebs:

https://krebsonsecurity.com/wp-content/uploads/2020/08/fbi-cisa-vishing.pdf

Krebs discusses this further in an article on his website:

https://krebsonsecurity.com/2020/08/fbi-cisa-echo-warnings-on-vishing-threat/

Cybercrime: real vs what’s cool

A group of academic security researchers have published an article in the Journal of Information Technology & Politics which suggests that the media (including the tech media) focuses too much on “cool” cybersecurity threats/vulnerabilities in their news coverage and don’t pay sufficient attention to talking about the real down-to-earth forms of cybercrime that pose a genuine threat to individuals and civil society. You can read their full report here:

https://www.tandfonline.com/doi/full/10.1080/19331681.2020.1776658

There’s also a quick summary of their research on ZDNet:

https://www.zdnet.com/article/most-cyber-security-reports-only-focus-on-the-cool-threats/

Personally I completely agree with the assessment of these researchers. I’d much rather learn about the scope and dangers of things like ATM skimming and VISA fraud (at the individual level) and details of actual attacks on industry and financial infrastructure (at the civic end) than read articles about how hackers can guess users’ passwords by shining laser beams on the wings of butterflies outside office windows. What about you? Email me at [email protected]

Always ask before opening this type of file and NEVER STOP ASKING

Some users have reported that recent updates to Microsoft Outlook 2019 have made it impossible to deselect the “Always ask before opening this type of file” option even when running Outlook as administrator. For more information about this issue and a registry change you can use to resolve it, see this thread in the Outlook Forums of Slipstick Systems:

https://forums.slipstick.com/threads/97319-warning-when-opening-attachment/

Be sure also to check out some of the recent articles listed on the Slipstick home page:

https://www.slipstick.com/

Slipstick has been one of my top Exchange, Outlook and Office 365 news and support sites for years. Do our readers have any other favorite sites for keeping abreast of Exchange/Outlook/O365 issues and changes? Email me at [email protected]

Potential vulnerability in Google Drive

On the Google end of things, The Hacker News recently reported about a feature of Google Drive that could be exploited by attackers to replace legitimate files of a user with files of the attacker’s own choosing. A detailed explanation can be found here:

https://thehackernews.com/2020/08/google-drive-file-versions.html

I personally don’t use Google Drive so I don’t know what the severity of this issue may be. Any readers want to comment? Email me at [email protected]

Making stolen iPhones unrecoverable

Moving over to the Apple side of the world, John Gruber reports on Daring Fireball about how thieves stole someone’s iPhone, cracked their 6-digit iPhone passcode, and used this to obtain their iCloud password. Then by logging on to iCloud they disabled the Find My feature so the phone’s owner couldn’t track down the stolen phone:

https://daringfireball.net/linked/2020/08/24/can-thieves-crack-6-digit-iphone-passcodes

Gruber offers the advice of using an alphanumeric passphrase instead of a passcode to protect your iPhone.

Be careful plugging in that USB charger!

And finally comes this “Oh no! What should I do about this?” kind of cybersecurity article (the kind we don’t lose much sleep over) from Forbes:

Hackers Can Now Trick USB Chargers To Destroy Your Devices — This Is How It Works (Forbes)

https://www.forbes.com/sites/zakdoffman/2020/07/20/hackers-can-now-trick-usb-chargers-to-destroy-your-devicesthis-is-how-it-works/

As I said I’m not very worried about this “BadPower” attack as I’ve got more serious things to worry about, like how to may my mortgage, how to get rid of those ants in the back yard, and how to keep geese droppings off our front sidewalk. It’s all relative, I guess, when it comes to cybersecurity.

Got more thoughts about anything in this newsletter?

Email us at [email protected]!

Tell all your friends about WServerNews!

Please let all your friends and colleagues in the IT profession know about our newsletter. Tell them our latest issues can be found at wservernews.com while older issues dating back to 1997 can be found in our archive. And let them know also that they can receive WServerNews each week in their inbox by subscribing to it here. Thank you!

 

Tip of the Week

>> Got any IT pro tips you’d like to share with other readers of our newsletter? Email us at [email protected]

Dig trumps Nslookup

When I need to troubleshoot DNS issues with name servers, I prefer using Dig over using Nslookup, mostly because Dig has more options, is more flexible with arguments order, and its output is more consistent making it easier to parse automatically using other commands. Of course Dig is a Unix/Linux tool (it’s also included in Mac OS X) while Nslookup is included in Windows. But you can get Dig for Windows by downloading BIND from the ISC website and selecting the option “Tools only” when you install it on your PC. Or as a colleague suggested you can use one of the many online sites for running Dig like this one so you don’t have to install it locally.

 

Admin Toolbox

>> Got any admin tools or software you’d like to recommend to our readers? Email us at [email protected]

Still having issues with mailbox quotas? Help is on the way! Try out the email archiving solution MailStore Server and automatically delete archived emails from your email server:

https://www.mailstore.com/en/

Gargoyle is a free firmware upgrade for your wireless router that lets you monitor bandwidth, set quotas and throttles, block forbidden websites, and more:

https://www.gargoyle-router.com/

TestDisk can help you recover lost partitions and/or make non-booting disks bootable again:

http://www.cgsecurity.org/

SQL Recovery Software allows to repairing SQL Database in safe and non-destructive way:

https://gallery.technet.microsoft.com/SQLDatabaseRecoveryTool-e60e7a45

 

Factoid – What do BlackBerrys and zombies have in common?

Our previous factoid and question was this:

Fact: Boeing 747s receive critical software updates over 3.5″ floppy disks.

Question: When was the last time you used a floppy disk?

This one sparked a terrific story from reader Dennis DeMattia:

I am probably not alone in having a junk room where I put old equipment “for a few months until I decide what to do”. A month ago, I had need to (read: wife insisted I get rid of some of the junk) go through it, and I found a long forgotten W95 laptop, and a somewhat forgotten W98 desktop. I had to try to see if they would still boot up, and both did! There was not much in the laptop to see, except to observe how much the Windows UI has changed over the last 25 years. I had really forgotten how primitive W95 was by today’s standards, and how SLOW a 100MhZ computer was.

In looking through the W98 system, I found a file that I had presumed was long ago lost. So, the question of how to move the file came up. The W98 system did have an ethernet port (the W95 laptop did not). But I did not want to try to remember how networking worked that long ago. It had USB ports, but thumbdrives did not exist back then, and when I plugged one in, nothing happened. But, of course, it did have a floppy drive.

Sadly, my newer computers did not. But, I do own an external floppy drive with a USB connection (unused for probably 10 years). However, I could not find it. (Now that I don’t need it, I have since found it.)

I also had an XP system in the junk room, and it had a floppy drive, and it would work with a thumb drive (and it would boot up). So I sneakernetted the file to the floppy from the W98 system to the Xp system, and then copied the file to a flash drive and moved that over to my working system for some maybe future use.

Now let’s move on to this issue’s factoid:

Fact: The BlackBerry phone rises again from the dead.

Source: https://www.engadget.com/blackberry-onwardmobility-5g-smartphone-2021-133919589.html

Question: Or perhaps it never died. Or can’t die. Anyways, how many of our readers still miss their BlackBerry phones?

Email your answers to [email protected]

 

Subscribe to WServerNews!

Subscribe today to our WServerNews newsletter and join 200,000 other IT professionals around the world who receive our newsletter each week! Just go to this page and select WServerNews to receive our monthly newsletter in your inbox!

 

Conference Calendar

>> Got an IT conference or event happening that you’d like to promote in our newsletter? Email us at [email protected]

Microsoft Ignite – Sept 21-25 (Virtual)

https://www.microsoft.com/en-us/ignite

VMworld – Sept 28 (Virtual)

https://www.vmworld.com/en/us/index.html

Black Hat – Sept 29 – Oct 2 in Singapore

https://www.blackhat.com/asia-20/

Infosecurity Denmark – Sept 30 – Oct 1 in Copenhagen, Denmark

https://www.infosecurity.dk/

Midwest Management Summit – Oct 11-15 in San Diego, California

https://mmsmoa.com/registration/mms-2020-midway-edition.html

European Cloud Summit – Oct 20-22 in Frankfurt, Germany

https://www.cloudsummit.eu/en/

European Azure Conference – Oct 27-29 in Nice, France

https://www.europeanazureconference.com/

Infosecurity Netherlands – Oct 28-29 in Utrecht, Netherlands

https://www.infosecurity.nl/

European SharePoint, Office 365 & Azure Conference – Nov 9-12 in Amsterdam, Netherlands

https://www.sharepointeurope.com/

DevOpsCon – Nov 30 – Dec 3 in Munich, Germany

https://devopscon.io/munich/

 

Podcast Corner

Remote Support with Jessica Deen (RunAsRadio)

http://runasradio.com/

Ansible Vs. Terraform For Network Automation (Heavy Networking)

https://packetpushers.net/series/weekly-show/

802.11be — The Future of Wi-Fi (Clear To Send)

https://www.cleartosend.net/

Ransomware takes down state-owned bank (Risky Business)

https://risky.biz/netcasts/risky-business/

Listener Questions & the Latest Microsoft Azure News (Microsoft Cloud Show)

http://www.microsoftcloudshow.com/podcast

Redefining the Familiar (Windows Insider)

https://insider.windows.com/en-us/podcasts/

 

New on Techgenix.com

Spoofed login pages growing quickly to become major cyberthreat

Spoofed login pages is not a new kind of cyberattack, but 2020 has seen a serious evolution in this social engineering method.

https://techgenix.com/spoofed-login-pages/

Switching shells using command line in Cloud Shell

A feature of Cloud Shell is the choice of using PowerShell or Bash. This Azure Quick Tip shows you how to easily toggle between the two.

https://techgenix.com/switching-shells-cloud-shell/

Hot Kubernetes startups Rancher, Kubermatic, and Kublr bring the heat

As the cloud wars rage on, open source and multicloud are two defining battles that need to be won. These Kubernetes startups can be your allies.

https://techgenix.com/rancher-kubermatic-and-kublr-kubernetes-startups/

Using IIS as SMTP relay: Road map for running custom apps and devices with Exchange Online

Some companies migrating to Exchange Online have problems with custom apps sending email. Here’s how your existing software can still be used.

https://techgenix.com/using-iis-as-smtp-relay-with-exchange-online/

Gmail templates: How to set them up quickly and easily

Setting up Gmail templates is easy. In this tutorial, we walk through the process and show you how it will save you time and make you more productive.

https://techgenix.com/gmail-templates/

 

Fun videos from Flixxy

World’s Longest Rube Goldberg Trickshot

GoPro Awards recipient Cree Ossner spent two months building his 70 step chain reaction contraption through the entirety of his yard.

https://www.flixxy.com/worlds-longest-rube-goldberg-trickshot.htm

David Blaine Goes Up 25,000 Feet Hanging Onto Helium Balloons

Holding 52 helium balloons, magician David Blaine soars 25,000 feet into the sky over the Arizona desert.

https://www.flixxy.com/david-blaine-goes-up-25000-feet-hanging-onto-helium-balloons.htm

164-Way Vertical World Record at Skydive Chicago

164 skilled divers fly at speeds up to 175 mph to set a new world record at Skydive Chicago.

https://www.flixxy.com/164-way-vertical-world-record-at-skydive-chicago.htm

Parrots Incredibly Talk To Each Other Like Humans

Watch as these parrots engage in a detailed conversation with one another!

https://www.flixxy.com/parrots-incredibly-talk-to-each-other-like-humans.htm

 

More articles of interest

Tools and techniques to master API management in production

APIs are a cornerstone of modern application development. IT ops teams must monitor and manage APIs in production to resolve issues that hinder performance.

https://searchitoperations.techtarget.com/tip/Tools-and-techniques-to-master-API-management-in-production?Offer=Content_Partner_OTHR-_2020August14_TG_A1

Learn the Windows Virtual Desktop setup process

Organizations looking to set up Windows Virtual Desktop machines can do so with Azure Resource Manager, but admins must ensure their environment has the necessary prerequisites.

https://searchvirtualdesktop.techtarget.com/tip/Learn-the-Windows-Virtual-Desktop-setup-process?Offer=Content_Partner_OTHR-_2020August14_TG_A2

Implement simple server monitoring with PowerShell

Administrators who build a server monitoring framework with PowerShell can develop their own customized checks for deeper insights into their environment.

https://searchwindowsserver.techtarget.com/tutorial/Implement-simple-server-monitoring-with-PowerShell?Offer=Content_Partner_OTHR-_2020August14_TG_A3

How to prevent ransomware with smart IT operations

Whatever you do: Don’t pay the ransom. Learn how the right tools and procedures can enable IT ops admins to prevent, mitigate and recover from a ransomware attack.

https://searchitoperations.techtarget.com/tip/How-to-prevent-ransomware-with-smart-IT-operations?Offer=Content_Partner_OTHR-_2020August14_TG_A4

 

Send us your feedback!

Got feedback about anything in this issue of WServerNews? Email us at [email protected]

Scroll to Top