WServerNews: Upgrade or get hacked

In this issue:

Cisco could do better. This week in IT. Thank you CISA! Spotlight on Edge. Take the open source survey! Easier 27001 compliance. Tips on Windows, Azure, Microsoft 365. IT Bookshelf: Modern Management and Leadership. Pizza for androids. Chased by a drone. Why are male mice afraid of bananas? Plus lots more — read it all, read it here on WServerNews!

End-of-life shouldn’t always mean end of usefulness as far as software is concerned. At least that’s our opinion. Photo by Mark de Jong on Unsplash

Help spread the news!

Please tell all your colleagues and friends about WServerNews and let them know that they can subscribe to these and other TechGenix newsletters for free by going here. Thanks!!

Editor’s Corner

Recently a remote code vulnerability in the web-based management interface of several Cisco routers was identified and disclosed. The affected products belong to the Cisco Small Business router series and include models RV110W, RV130, RV130W, and RV215W. The vulnerability has been published in the Common Vulnerabilities and Exposures (CVE) system as CVE-2022-20825 and you can read the Cisco Security Advisory concerning it here. What caught my attention in the advisor was this statement:

“Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.”

So I thought OK, they’re probably still working on a patch or workaround for the problem. Then I came across the this article on Bleeping Computer where they state the following (the highlighting is mine):

“Cisco advises owners of end-of-life Small Business RV routers to upgrade to newer models after disclosing a remote code execution vulnerability that will not be patched… Cisco states that they will not be releasing a security update to address CVE-2022-20825 as the devices are no longer supported. Furthermore, there are no mitigations available other than to turn off remote management on the WAN interface, which should be done regardless for better overall security.”

And I thought, okaaaayyy this is not good. Small businesses are struggling right now with escalating inflation affecting the cost of inventory, supplies and energy costs. On top of that there are ongoing supply chain problems that not only impact the availability of products they need but also their cost. And instead of helping their customers by fixing a problem in routers that are still widely used, Cisco is telling them they should replace these end-of-life (EOL) routers with newer ones such as the RV132W or RV160 models. In other words Cisco is implying (in my opinion) that their customers need to immediately upgrade their routers if they don’t want to get hacked. Or alternatively they can disable the much-useful remote management capability for their routers, which in my opinion sucks as a workaround since so many businesses are still utilizing remote work given ongoing uncertainties regarding what will happen this winter with COVID-19.

So upgrading to newer routers seems to be the only logical answer, right? Well, it the newer routers are actually available. For example I just checked a number of Cisco Gold Partners in our area and none of them listed either of these models as being in stock, while several partners were still selling RV110W and RV130 even though they’re officially EOL.

Then there’s the ongoing chip crisis. IT hardware vendors have been selling some of their products recently at huge markups of 200, 300 or even 500% due of supply chain problems affecting their own manufacturing operations—because they can’t get enough chips to manufacture their products. So not only are smaller businesses being faced with long waits for the hardware they need to buy to upgrade their IT infrastructure to keep it secure, they’re also being squeezed really hard on the budget lines for these items.

It’s no wonder many smaller businesses fall back on that tried-and-true cybersecurity strategy when all else seems to fail: cross your fingers and hope nothing bad happens!!

In my opinion Cisco is failing their customers badly by their action (or lack of action) despite the many innovations the company touted at their recent Cisco Live event (eWeek). Microsoft ended support for Windows XP way back in 2014 yet for several years later they still released patches for their long-dead product whenever the cyber threat situation was serious enough to warrant doing so (Computerworld). Cisco can learn a lesson from Microsoft in this regard, especially given the current situation with the global supply chain and world economy. Customers should always come before profit, otherwise profits will dwindle as customer loyalty recedes.

We hope that you enjoy this week’s issue of WServerNews, feel free to email us your comments or questions about anything in this newsletter.

Got comments about anything in this issue?

Email us! We love hearing from our readers!

Got questions? Ask our readers!

WServerNews goes out each week to almost 200,000 IT pro subscribers worldwide! That’s a lot of expertise to tap into. Do you need help with some technical problem or are looking for expert advice on something IT-related? You can Ask Our Readers for help by emailing us your problem or question. Do it today!

Subscribe today to WServerNews!

Subscribe today and join almost 200,000 other IT professionals around the world who subscribe to our newsletter! Just go to this page and select WServerNews and you’ll receive it every Monday in your inbox.

This Week in IT

A compendium of recent IT industry news compiled by Your Editors. Feel free to email us if you find a news item you think our newsletter readers might be interested in.

With all that’s been happening in the world these last couple of years it probably comes as no surprise that many businesses are experiencing a shortage of qualified IT/dev talent. For example the UK site ITPro reports that skills shortages are expected to hit over 90% of Australian and New Zealand businesses. This may spell opportunity for tech workers willing to relocate Down Under, especially since tech companies in the US have been reducing their hirings recently due to slumping stock prices (TechGenix).

Skilled professionals especially in cybersecurity are definitely needed when you take a look at some of the breaches that have been happening. For example, Günter Born reports that German manufacturing giant Bizerba experienced a cyberattack that resulted in their entire worldwide IT system needing to be shut down. Part of the problem with these breaches might be poor prioritization on the part of the IT efforts at these companies, wasting too much time trying to deal with vulnerabilities labeled critical but whose exploits would be difficult to perform (BetaNews).

Unless you’ve been living under a rock you probably heard about Microsoft finally ending support for Internet Explorer just a few weeks ago (Windows Experience Blog). Unsurprisingly this has wreaked havoc in a few places including Japan (Nikkei Asia). Moving to Chrome is probably the logical answer—unless it worries you as was discovered recently that Chrome stores passwords and cookies in plaintext in the RAM used by its processes (Cyberark). Sometimes there’s no option but to choose the lesser of two evils (YouTube).

And finally some good news on the cybersecurity front. SC Media reports that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is going to take it’s time—24 months in fact—to develop detailed regulations on how breaches and cyberattacks should be reported to the federal government. In our opinion that’s a wise decision since regulations compiled in haste are usually incomplete and ineffective while adding significant compliance burdens to organizations. This doesn’t mean of course that organizations should lessen their efforts in strengthening their cybersecurity posture, but at least it gives them some breathing room to focus on the problem instead of wrestling with the authorities.

Windows news

So let’s all lift a glass and toast the first birthday of Windows 11. Has it been a success? Maybe to some degree—see this article on Born’s Tech and Windows World. What do you think of Windows 11? Let us know.

OnMSFT has a couple of news items concerning some features coming soon in Microsoft Edge:

And for readers using Microsoft 365 in their environment, Peter van der Woude has a helpful article about the new Software Updates page that’s currently in preview for the admin center. This new page should make it a lot easier for managing updates in your environment.

Windows Server news

BleepingComputer reports that Microsoft has confirmed that a patch they release resulted in connectivity issues with Windows servers running the Routing and Remote Access Service (RRAS). A fix should be arriving for this problem soon, more info on Born’s Tech and Windows World. They also report that Windows Subsystem for Linux (WSL 2) distros can now be added to fully-patched Windows Server 2022 systems.

Linux news

Do you use or plan on using open source products in your business or organization? The Linux Foundation together VMware and several other organizations has partnered with the TODO Group to create a survey that they want you to take to help set open source strategies and improve software development practices. The survey is intended to gather information about the perceived benefits and challenges of open source programs, the extent of adoption of open source programs and initiatives, and the concerns businesses and organizations have around hiring open source developers. If open source software interests you please take the 2022 OSPO Survey by clicking here.

Upcoming webcasts, events and conferences

Got an event, conference or webcast you want announced in our newsletter? Email us!

Live broadcast on July 19 – Threat Intel: A key to demystifying network security – Sponsored by SC Media

Also be sure to check out the following event listings:

Got comments about anything in this issue?

Email us! We love hearing from our readers!

Meet the Editors!

MITCH TULLOCH is Senior Editor of WServerNews and is a widely recognized expert on Windows Server and cloud technologies. He has written more than a thousand articles and has authored or been series editor for over 50 books for Microsoft Press and other publishers. Mitch has also been a twelve-time recipient of the Microsoft Most Valuable Professional (MVP) award in the technical category of Cloud and Datacenter Management. He currently runs an IT content development business in Winnipeg, Canada that produces books, ebooks, whitepapers, case studies, courseware, documentation, newsletters and articles for various companies.

INGRID TULLOCH is Associate Editor of WServerNews. She was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press and collaborated on developing university-level courses in Information Security Management for a Masters of Business Administration (MBA) program. Ingrid also manages Research and Development for the IT content development business she runs together with Mitch.

IT Workshop – tools, whitepapers and more

Got a product or solution or some other resource you’d like to tell our readers about? Email us!

Our TOOLS OF THE WEEK are KerioControl and LanGuard, two solutions from GFI Software that SMBs can use to ensure 27001 compliance. Watch this recording to learn how!

Tom’s Hardware reports that you can now sidestep the Microsoft Account requirement in Windows 11 deployment using the latest beta release of the popular open source tool Rufus.

Follow these five firewall best practices on TechGenix to get the most out of your investment!

Tips and Tutorials

Got tips or tutorials you’d like to recommend for our readers? Email us!

Windows:

Microsoft 365:

Microsoft Azure:

Freebies!!

Got a freebie you want to offer our readers? You can reach almost 200,000 IT pros worldwide with our newsletter—email us!

IT Bookshelf: Modern Management and Leadership

Modern Management and Leadership: Best Practice Essentials with CISO/CSO Applications (CRC Press, 2022) endeavors to apply lessons learned in management disciplines to the realm of the Chief Information Security Office (CISO) who has overall responsibility for safeguarding the information systems and sensitive data of a business or organization. The role of the CISO is unique in many regards; not only must they be technically knowledgeable in the diverse and rapidly evolving field of cybersecurity, but they must also be competent in the challenging practices of managing human beings who are far more complicated than technologies like computers and software.

The first portion of the book is devoted to an overview of modern management theories and practices. Individual chapters are devoted to various challenges managers face such as onboarding new employees, nurturing engagement to ensure employee retention, managing culture change, employing coaching techniques, and so on. Much of this content is applicable to any high- or mid-level manager, and it’s important that CISOs become familiar with and competent in the use of the various strategies and techniques described in these chapters.

The next part focuses on defining the role of leadership in an organization. Different models and approaches to leadership are described in detail here including servant leadership, crisis leadership, leaders who build followers and allies, leaders who champion diversity, leaders who work mostly through teams. The particular style and approach a CISO should follow will depend on several things: the culture of the organization where they work, the needs and challenges the company currently faces, and their own personal history and personality.

The final portion of the book presents a series of case studies illustrating how CISOs working at enterprises of various sizes in different sectors and cultures learned, developed and exercised their function as they moved forward in their career. These case studies were contributed by others and add flavor to the author’s own management theory/praxis. My only suggestion here is that these case studies would have provided more value if the author had analyzed them afterwards instead of simply presenting them as contributed.

If you work or plan to work in the management area of cybersecurity, or really in any IT management role, this book is worth having on your bookshelf. You can buy this book on Amazon.

Factoid: Pizza for androids

Our previous factoid was this:

Fact: NYC Hangs Up Its Last Pay Phone (Hackaday)

Source:https://hackaday.com/2022/05/26/nyc-hangs-up-its-last-pay-phone/

Question: When was the last time you used a pay phone? And when did you last *see* a pay phone?

Here’s a response we received from Dennis DeMattia in Spokane, Washington USA:

The last time I remember using a pay phone was 1994, in Heathrow airport, London. This was my first time being sent to the UK on business. I arrived after a 20 something hour trip from Washington state, and needed to contact the people I was going to meet after an in country plane connection. I noticed that the airport telephones allowed you to use credit cards, and since I did not have any British coins, I made my call to Manchester or someplace up North with my card.

When I got back home and got my credit card bill, it was for something like $20!! For a couple of minute call! That is when I learned that pound coins would work just fine on a British pay phone.

I recently did see a phone mini booth at a mall here in Spokane. But there were no phones in it. Just wires.

Payphones and Blockbuster video stores—two things I still kinda miss. Oh well…

Anyways, let’s move on to this week’s factoid:

Fact: Automated Pizza Oven Concept ‘PizzaForno’ Plans to Launch Thousands of Locations in North America (Retail Insider)

Source:https://retail-insider.com/retail-insider/2022/06/automated-pizza-oven-concept-pizzaforno-plans-to-launch-thousands-of-locations-in-north-america-interview/

Question: If I was an android (not the phone type) I might enjoy munching one of these with my titanium-steel teeth, even though it’s digestion wouldn’t be needed by my nuclear fusion-powered stomach. Good grief! Would any of our readers enjoy eating one of these these things? What’s the world of fast food coming to? Email us your thoughts about this and we’ll include them in our next issue!

Fun videos from Flixxy

Racing Drone Follows Urban Mountain Biker – Watch a racing drone follow Tomas Slavik at the Red Bull Valparaíso Cerro Abajo 2022 Urban Mountain Bike race.

https://www.flixxy.com/racing-drone-follows-urban-mountain-biker.htm

Drone Flight Through The Tesla Giga Factory In Berlin – No, this is not science fiction. Fly with a racing drone through the new Tesla Gigafactory in Berlin.

https://www.flixxy.com/drone-flight-through-the-tesla-giga-factory-in-berlin.htm

Can You Lift A 40-ton Truck With 2000 Drones? – Swedish truck manufacturer Scania: ‘We’ve all got big ideas about the future. Not all of them are going to fly.’

https://www.flixxy.com/can-you-lift-a-40-ton-truck-with-2000-drones.htm

Lexus Lane Valet – Have you ever been stuck behind someone driving slow in the fast lane? Lexus has solved this problem with their new ‘Lane Valet’ system.

https://www.flixxy.com/lexus-lane-valet.htm

And Finally

The odd, the stupid and the remarkable. Good for your mental health.

Why are male mice afraid of bananas? (Phys.org)

https://phys.org/news/2022-05-male-mice-bananas.html

[I’m afraid of pineapples myself, they’re prickley.]

Worth Reading: Automation Report From 1958 (ipSpace)

https://blog.ipspace.net/2022/05/worth-reading-automation-report-1958.html

[So when computers were first introduced people faced losing their jobs?]

The 512 Gigabyte Floppy Disk (Hackaday)

https://hackaday.com/2022/05/26/the-512-gigabyte-floppy-disk/

[I want one!]

And finally here’s a news item that was submitted to us by Andrew Wong from Toronto, Canada:

Alexa has a new voice — your dead relative’s (The Washington Post)

https://www.washingtonpost.com/nation/2022/06/23/alexa-amazon-voice-dead-people/

Andrew comments on this as follows:

You can call me conservative, but I find the idea creepy to the living and disrespectful to the dead. Is IT sinking to this level of lowness where an ‘innovation’ is attempted to wow the world at the expense of trampling humanity and human feelings? We always say ‘Rest in Pease’ to the deceased. They need the rest and deserve it. This is the minimum we can do to express a wish of peace to the deceased. So can Amazon let the deceased rest in peace? There are better ways to remember a departed loved me.

Agree, just another crazy case of tech run wild.

Hey, I oughtta register that domain: techrunwild.com (!)

Hey reader! Got an amazing or weird or funny link you’d like to suggest for this section of our newsletter? Email us! But please make sure that it’s G-rated as in “Gee whiz”, “Golly!”, “Good grief!”, “Gaaahh!!” and so on. Thanks!

Please tell others about WServerNews!

We hope you enjoyed this issue of WServerNews! Feel free to send us feedback on any of the topics we’ve covered—we love hearing from our readers! And please tell others about WServerNews! It’s free and always will be free—and they can subscribe to it here. Thanks!!!

Scroll to Top