My Thoughts On IT…

Brian Lewis's Thoughts on all things Information Technology related

Linux-penguin-huge-704931Microsoft now supports 3 versions of Linux running on our Hyper-v virtual server environment. The three supported flavors are Red Hat Enterprise Linux, Suse Linux Enterprise Server, and CentOS. CentOS Linux was added because it’s a popular distribution for hosting providers and Microsoft wants to make it very appealing for hosting providers to use our product. Red Hat and Suse are very popular in enterprise customer datacenters and they have been supported in Hyper-v for a while.

Hyper-V is able to run other versions of Linux but it does not fully support other version. The best way to run Linux on Hyper-v is to use the paravirtualization drivers or “enlightenments”. If the linux distro runs on Xen well it should run well on Hyper-v. You can get the paravirtualization drivers by installing the Linux Integration Components or the Satori InputVSC drivers.

For more info on the announcement see Sandy Gupta’s blog post:
http://blogs.technet.com/b/openness/archive/2011/05/15/expanding-interoperability-to-community-linux.aspx

computer_iconI had a customer who was looking for guidance on how to harden the IP stack of Server 2008 R2 similar to the guide on how to harden server 2003.

How to harden the TCP/IP stack against denial of service attacks in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;EN-US;324270

It turns out there is no paper on how to do this for Server 2008 because it is built into the new IP stack. It has been there since the new IP stack in Vista and Server 2008.  This feature is even better in two ways. The first is it is self tuning. The second is that you can’t turn it off. You can read more about it here:
http://blogs.technet.com/b/nettracer/archive/2010/06/01/syn-attack-protection-on-windows-vista-windows-2008-windows-7-and-windows-2008-r2.aspx

Microsoft Office Web Apps will officially support Google’s Chrome browser with Office 2010 Service Pack 1 for Office and SharePoint. This service pack is expected to ship the end of June 2011.

The Office Web Apps (Word, Excel, PowerPoint, OneNote) are currently supported on IE, Firefox, and Safari. Chrome works just fine but is not officially supported today. What does that mean? Supported at Microsoft means they have done regression testing to make sure it works. Further if there is an issue it will be fixed. If it is unsupported our support group will still take you call and try and help with your configuration issues but there are limits to the steps we will take to get it working. 

For more information about Office 2010 Service Pack 1 – check out this blog entry:
http://blogs.technet.com/b/office_sustained_engineering/archive/2011/05/16/announcing-service-pack-1-for-office-2010-and-sharepoint-2010.aspx

I am an IT Pro at heart but this is a very cool offer for those of you who do development and I had to pass this one along. Also I have written some Windows Phone 7 apps – it is really pretty easy. If I can do it so can you! Why not dust off your programming skills give it a shot?

Here is the offer:

A new Developer offer to drive new WP7 app development was announced yesterday, (5/16/2011) at TechEd and through Community channels. 

clip_image002Developers submitting 5 new Windows Phone 7 apps will get Free advertising promotion for 1 of their 5 apps.   Their choice app will get 25,000 impressions of WP7 mobile advertising across MSN, Windows Live and Fox Sports Mobile networks, approx. 60 days. This offer will end 6/30 and is limited to 4 per developer and a total of 200 offers.    
Check out the full offer details at this page:  http://bit.ly/WP7DevOffer

clip_image004Here’s the deal:

  • Any developer that publishes 5 new apps between April 1 and June 30, 2011 gets FREE advertising for 1 of the 5 apps.
  • There is a limit of up to 4 offers per developer  (no gaming with multiple emails, multiple mailing addresses or variations of name)
  • There is a limit of 200 offers in total
  • This is open to all US based developers (that meet the legalese: 18+ years old,…); contest rules are on the site
  • Each developer that has at least one new app published and submitted will get a status email weekly so they know how they are doing.
  • After 6/30, when the offer closes, those developers that qualified will get their promo codes and instructions on how to redeem the offer.

imageI flew to Atlanta today for Tech-Ed North America. Tech Ed is a Microsoft public event that provides the most comprehensive technical education across Microsoft’s current and soon-to-release suite of products, solutions, and services. www.msteched.com.

While taking a taxi to my hotel I noticed that the interstate on the other side of the barrier was shutdown with a huge presence of police. I asked the taxi cab driver what was going on. He stated he didn’t know but it has been shutdown for 3 hours and that on the radio they didn’t know why. I took that as a challenge to find out why. So I search the internet using Bing. I couldn’t find anything. No, Google didn’t find anything either – nice try. I refused to fail. Then I checked on Twitter. On twitter I found that First Lady Michelle Obama was giving a commencement speech at Spelman College here in Atlanta. I then triumphantly gave the cab driver the information.

This incident helped me realize that Twitter is an amazing tool that really has changed the world. I have several examples of why I see this tool as having such a huge impact on our world. It was only about a year ago that I thought Twitter was a big lame waste of time. I thought it was just a bunch of people telling you what they had for lunch or that they were sitting in boring line… lame, lame lame. But then came the Chicago earthquake on February 10th 2010. A coworker knew the details within minutes of the quake due to twitter. Wow! Where else online could you find that out that fast? This was the start of my enlightenment about the power of twitter.  Just think about the huge impact Twitter has had on the world in the past 6 months. It played a huge part in the unrest around the world. It continues to help us know what is happening in the Middle East. It is a true intelligence tool. It doesn’t leave the reporting of news to the traditional reporters. News passes around the world in seconds as it happens through they eyes of everyday people. Another example of this is the guy who was tweeting about the US Navy Seals helicopters as they swooped in to nab Osama Bin Laden. Yes, Twitter is really a very powerful tool.

imageI flew to Atlanta today for Tech-Ed North America. Tech Ed is a Microsoft public event that provides the most comprehensive technical education across Microsoft’s current and soon-to-release suite of products, solutions, and services. www.msteched.com.

While taking a taxi to my hotel I noticed that the interstate on the other side of the barrier was shutdown with a huge presence of police. I asked the taxi cab driver what was going on. He stated he didn’t know but it has been shutdown for 3 hours and that on the radio they didn’t know why. I took that as a challenge to find out why. So I search the internet using Bing. I couldn’t find anything. No, Google didn’t find anything either – nice try. I refused to fail. Then I checked on Twitter. On twitter I found that First Lady Michelle Obama was giving a commencement speech at Spelman College here in Atlanta. I then triumphantly gave the cab driver the information.

This incident helped me realize that Twitter is an amazing tool that really has changed the world. I have several examples of why I see this tool as having such a huge impact on our world. It was only about a year ago that I thought Twitter was a big lame waste of time. I thought it was just a bunch of people telling you what they had for lunch or that they were sitting in boring line… lame, lame lame. But then came the Chicago earthquake on February 10th 2010. A coworker knew the details within minutes of the quake due to twitter. Wow! Where else online could you find that out that fast? This was the start of my enlightenment about the power of twitter.  Just think about the huge impact Twitter has had on the world in the past 6 months. It played a huge part in the unrest around the world. It continues to help us know what is happening in the Middle East. It is a true intelligence tool. It doesn’t leave the reporting of news to the traditional reporters. News passes around the world in seconds as it happens through they eyes of everyday people. Another example of this is the guy who was tweeting about the US Navy Seals helicopters as they swooped in to nab Osama Bin Laden. Yes, Twitter is really a very powerful tool.

thumbnailCAOBRS1OI attended the AITP Region 5 Conference yesterday and had the pleasure of listening to Stephanie Wright from the FBI present on Cyber Security. She talked briefly about “Spear Phishing” and it shocked me at how vulnerable I have been to this type of attack. Most of us know what Phishing is. Phishing is an attempt to acquire sensitive information such as usernames, passwords, bank account numbers,  or credit card details by sending fraudulent and misleading emails. For details on how to recognize Phishing emails see the link below.

How to recognize phishing email messages or links:
http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx

I already know not to click on the average type of Phishing emails that we all receive but what about an email that you receive from a coworker or a conference you just attended? Would you open a PDF attachment from them when it is sent to just you? Let’s define Spear Phishing.

Spear Phishing is a targeted phishing attack. It is done by sending you an email and spoofing the email address so it appears to come from someone you know. The attacker gets this information from your Facebook account, company website, or other public source. The attacker picks a coworker or family member and sends you an email that appears to come from this person you know. This email has an attachment such as a PDF or Word document. When you open the attachment it attempts to infect your machine with a key-logger class tool designed to steal your financial information and eventually your money.

Another variant of this is to send you an email from a conference you just attended and let you know that the presentation from the conference is attached or better yet that the attachment is your unpaid bill. Who wouldn’t open that? This is a hard one to defend against.

How do you protect yourself from a targeted phishing attack? There is no silver bullet for this. I do have a few thoughts that will reduce your risk.

  • Keep your systems patched – this will limit the vulnerabilities
  • Use antivirus – Microsoft has a great free version – there is no excuse for not using antivirus
  • Don’t open email attachments – hunh? I can’t do that either
  • Use a dedicated machine for your online bill pay and don’t do email or surfing from that machine
  • Hope & Pray Winking smile

If you have other ideas that can reduce the risk from Spear Phishing please share them with me. (No, not in an email attachment. lol)

thumbnailCAOBRS1OI attended the AITP Region 5 Conference yesterday and had the pleasure of listening to Stephanie Wright from the FBI present on Cyber Security. She talked briefly about “Spear Phishing” and it shocked me at how vulnerable I have been to this type of attack. Most of us know what Phishing is. Phishing is an attempt to acquire sensitive information such as usernames, passwords, bank account numbers,  or credit card details by sending fraudulent and misleading emails. For details on how to recognize Phishing emails see the link below.

How to recognize phishing email messages or links:
http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx

I already know not to click on the average type of Phishing emails that we all receive but what about an email that you receive from a coworker or a conference you just attended? Would you open a PDF attachment from them when it is sent to just you? Let’s define Spear Phishing.

Spear Phishing is a targeted phishing attack. It is done by sending you an email and spoofing the email address so it appears to come from someone you know. The attacker gets this information from your Facebook account, company website, or other public source. The attacker picks a coworker or family member and sends you an email that appears to come from this person you know. This email has an attachment such as a PDF or Word document. When you open the attachment it attempts to infect your machine with a key-logger class tool designed to steal your financial information and eventually your money.

Another variant of this is to send you an email from a conference you just attended and let you know that the presentation from the conference is attached or better yet that the attachment is your unpaid bill. Who wouldn’t open that? This is a hard one to defend against.

How do you protect yourself from a targeted phishing attack? There is no silver bullet for this. I do have a few thoughts that will reduce your risk.

  • Keep your systems patched – this will limit the vulnerabilities
  • Use antivirus – Microsoft has a great free version – there is no excuse for not using antivirus
  • Don’t open email attachments – hunh? I can’t do that either
  • Use a dedicated machine for your online bill pay and don’t do email or surfing from that machine
  • Hope & Pray Winking smile

If you have other ideas that can reduce the risk from Spear Phishing please share them with me. (No, not in an email attachment. lol)

image

Here is my latest article for the TechNet flash newsletter.
If you are interested in the Microsoft TechNet flash newsletter you can sign up here:
http://technet.microsoft.com/en-ca/newsletter/default.aspx 

Central Region IT Pro Extras from Microsoft IT Pro Evangelist Brian Lewis

As an IT Pro Evangelist for Microsoft I come across cool technical items all the time and I share many of them on my blog (mythoughtsonit.com). Today I came across a FREE tool called the “Attack Surface Analyzer” on the Microsoft Website.

This tool takes snapshots of your system state and compares them. You take one snapshot before you install software called the “Baseline Scan”. Then you take a snapshot after you install your program called the “Product Scan”. Then you have the tool generate a report from these two scans which it compares to see what has changed on the system. Using knowledge of what would make Windows less secure the report lists any issues it sees with the changes.

You can use this tool to check an application install to see if there are insecure configuration changes that it makes to your system. At last a tool that lets us monitor what an install does to your machine! Sweet. You can also use the Analyzer to see if an uninstall of an application really does remove it or if it leaves junk behind.

Give this tool a try and I think you will agree it is a great tool for developers and IT Pros alike. You can get it here: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e068c224-9d6d-4bf4-aab8-f7352a5e7d45&displaylang=en

Thanks!

Brian Lewis
IT Pro Evangelist – Microsoft Corporation

computer_iconSony’s PlayStation was hacked on April 17 2011 and Sony had to shutdown their services on April 20th. As of May 9th they still have not resumed services. That is a huge outage. In addition to having a service outage the hackers obtained customer personal information including credit card numbers for over 100 million people. Sony estimates this will cost them about 1.2 billion us dollars. Ouch.

Sony  isn’t commenting on what went wrong but a congressional subcommittee did a hearing into the matter and Dr. Gene Spafford, a computer science professor at Purdue University, testified that Sony didn’t patch their software. Well – HELLO! What do you think is going to happen if you don’t patch your software?

It is a standard process for an evil hacker to find the version of software they are targeting and then look for the know flaws in that code. They often start with the unapplied patches because that is the low hanging fruit. Others have already done the hard work of finding the hole and producing an exploit. So the moral of the story is patch, patch, patch!