My Thoughts On IT…

Brian Lewis's Thoughts on all things Information Technology related

imageI flew to Atlanta today for Tech-Ed North America. Tech Ed is a Microsoft public event that provides the most comprehensive technical education across Microsoft’s current and soon-to-release suite of products, solutions, and services. www.msteched.com.

While taking a taxi to my hotel I noticed that the interstate on the other side of the barrier was shutdown with a huge presence of police. I asked the taxi cab driver what was going on. He stated he didn’t know but it has been shutdown for 3 hours and that on the radio they didn’t know why. I took that as a challenge to find out why. So I search the internet using Bing. I couldn’t find anything. No, Google didn’t find anything either – nice try. I refused to fail. Then I checked on Twitter. On twitter I found that First Lady Michelle Obama was giving a commencement speech at Spelman College here in Atlanta. I then triumphantly gave the cab driver the information.

This incident helped me realize that Twitter is an amazing tool that really has changed the world. I have several examples of why I see this tool as having such a huge impact on our world. It was only about a year ago that I thought Twitter was a big lame waste of time. I thought it was just a bunch of people telling you what they had for lunch or that they were sitting in boring line… lame, lame lame. But then came the Chicago earthquake on February 10th 2010. A coworker knew the details within minutes of the quake due to twitter. Wow! Where else online could you find that out that fast? This was the start of my enlightenment about the power of twitter.  Just think about the huge impact Twitter has had on the world in the past 6 months. It played a huge part in the unrest around the world. It continues to help us know what is happening in the Middle East. It is a true intelligence tool. It doesn’t leave the reporting of news to the traditional reporters. News passes around the world in seconds as it happens through they eyes of everyday people. Another example of this is the guy who was tweeting about the US Navy Seals helicopters as they swooped in to nab Osama Bin Laden. Yes, Twitter is really a very powerful tool.

imageI flew to Atlanta today for Tech-Ed North America. Tech Ed is a Microsoft public event that provides the most comprehensive technical education across Microsoft’s current and soon-to-release suite of products, solutions, and services. www.msteched.com.

While taking a taxi to my hotel I noticed that the interstate on the other side of the barrier was shutdown with a huge presence of police. I asked the taxi cab driver what was going on. He stated he didn’t know but it has been shutdown for 3 hours and that on the radio they didn’t know why. I took that as a challenge to find out why. So I search the internet using Bing. I couldn’t find anything. No, Google didn’t find anything either – nice try. I refused to fail. Then I checked on Twitter. On twitter I found that First Lady Michelle Obama was giving a commencement speech at Spelman College here in Atlanta. I then triumphantly gave the cab driver the information.

This incident helped me realize that Twitter is an amazing tool that really has changed the world. I have several examples of why I see this tool as having such a huge impact on our world. It was only about a year ago that I thought Twitter was a big lame waste of time. I thought it was just a bunch of people telling you what they had for lunch or that they were sitting in boring line… lame, lame lame. But then came the Chicago earthquake on February 10th 2010. A coworker knew the details within minutes of the quake due to twitter. Wow! Where else online could you find that out that fast? This was the start of my enlightenment about the power of twitter.  Just think about the huge impact Twitter has had on the world in the past 6 months. It played a huge part in the unrest around the world. It continues to help us know what is happening in the Middle East. It is a true intelligence tool. It doesn’t leave the reporting of news to the traditional reporters. News passes around the world in seconds as it happens through they eyes of everyday people. Another example of this is the guy who was tweeting about the US Navy Seals helicopters as they swooped in to nab Osama Bin Laden. Yes, Twitter is really a very powerful tool.

thumbnailCAOBRS1OI attended the AITP Region 5 Conference yesterday and had the pleasure of listening to Stephanie Wright from the FBI present on Cyber Security. She talked briefly about “Spear Phishing” and it shocked me at how vulnerable I have been to this type of attack. Most of us know what Phishing is. Phishing is an attempt to acquire sensitive information such as usernames, passwords, bank account numbers,  or credit card details by sending fraudulent and misleading emails. For details on how to recognize Phishing emails see the link below.

How to recognize phishing email messages or links:
http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx

I already know not to click on the average type of Phishing emails that we all receive but what about an email that you receive from a coworker or a conference you just attended? Would you open a PDF attachment from them when it is sent to just you? Let’s define Spear Phishing.

Spear Phishing is a targeted phishing attack. It is done by sending you an email and spoofing the email address so it appears to come from someone you know. The attacker gets this information from your Facebook account, company website, or other public source. The attacker picks a coworker or family member and sends you an email that appears to come from this person you know. This email has an attachment such as a PDF or Word document. When you open the attachment it attempts to infect your machine with a key-logger class tool designed to steal your financial information and eventually your money.

Another variant of this is to send you an email from a conference you just attended and let you know that the presentation from the conference is attached or better yet that the attachment is your unpaid bill. Who wouldn’t open that? This is a hard one to defend against.

How do you protect yourself from a targeted phishing attack? There is no silver bullet for this. I do have a few thoughts that will reduce your risk.

  • Keep your systems patched – this will limit the vulnerabilities
  • Use antivirus – Microsoft has a great free version – there is no excuse for not using antivirus
  • Don’t open email attachments – hunh? I can’t do that either
  • Use a dedicated machine for your online bill pay and don’t do email or surfing from that machine
  • Hope & Pray Winking smile

If you have other ideas that can reduce the risk from Spear Phishing please share them with me. (No, not in an email attachment. lol)

thumbnailCAOBRS1OI attended the AITP Region 5 Conference yesterday and had the pleasure of listening to Stephanie Wright from the FBI present on Cyber Security. She talked briefly about “Spear Phishing” and it shocked me at how vulnerable I have been to this type of attack. Most of us know what Phishing is. Phishing is an attempt to acquire sensitive information such as usernames, passwords, bank account numbers,  or credit card details by sending fraudulent and misleading emails. For details on how to recognize Phishing emails see the link below.

How to recognize phishing email messages or links:
http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx

I already know not to click on the average type of Phishing emails that we all receive but what about an email that you receive from a coworker or a conference you just attended? Would you open a PDF attachment from them when it is sent to just you? Let’s define Spear Phishing.

Spear Phishing is a targeted phishing attack. It is done by sending you an email and spoofing the email address so it appears to come from someone you know. The attacker gets this information from your Facebook account, company website, or other public source. The attacker picks a coworker or family member and sends you an email that appears to come from this person you know. This email has an attachment such as a PDF or Word document. When you open the attachment it attempts to infect your machine with a key-logger class tool designed to steal your financial information and eventually your money.

Another variant of this is to send you an email from a conference you just attended and let you know that the presentation from the conference is attached or better yet that the attachment is your unpaid bill. Who wouldn’t open that? This is a hard one to defend against.

How do you protect yourself from a targeted phishing attack? There is no silver bullet for this. I do have a few thoughts that will reduce your risk.

  • Keep your systems patched – this will limit the vulnerabilities
  • Use antivirus – Microsoft has a great free version – there is no excuse for not using antivirus
  • Don’t open email attachments – hunh? I can’t do that either
  • Use a dedicated machine for your online bill pay and don’t do email or surfing from that machine
  • Hope & Pray Winking smile

If you have other ideas that can reduce the risk from Spear Phishing please share them with me. (No, not in an email attachment. lol)

image

Here is my latest article for the TechNet flash newsletter.
If you are interested in the Microsoft TechNet flash newsletter you can sign up here:
http://technet.microsoft.com/en-ca/newsletter/default.aspx 

Central Region IT Pro Extras from Microsoft IT Pro Evangelist Brian Lewis

As an IT Pro Evangelist for Microsoft I come across cool technical items all the time and I share many of them on my blog (mythoughtsonit.com). Today I came across a FREE tool called the “Attack Surface Analyzer” on the Microsoft Website.

This tool takes snapshots of your system state and compares them. You take one snapshot before you install software called the “Baseline Scan”. Then you take a snapshot after you install your program called the “Product Scan”. Then you have the tool generate a report from these two scans which it compares to see what has changed on the system. Using knowledge of what would make Windows less secure the report lists any issues it sees with the changes.

You can use this tool to check an application install to see if there are insecure configuration changes that it makes to your system. At last a tool that lets us monitor what an install does to your machine! Sweet. You can also use the Analyzer to see if an uninstall of an application really does remove it or if it leaves junk behind.

Give this tool a try and I think you will agree it is a great tool for developers and IT Pros alike. You can get it here: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e068c224-9d6d-4bf4-aab8-f7352a5e7d45&displaylang=en

Thanks!

Brian Lewis
IT Pro Evangelist – Microsoft Corporation

computer_iconSony’s PlayStation was hacked on April 17 2011 and Sony had to shutdown their services on April 20th. As of May 9th they still have not resumed services. That is a huge outage. In addition to having a service outage the hackers obtained customer personal information including credit card numbers for over 100 million people. Sony estimates this will cost them about 1.2 billion us dollars. Ouch.

Sony  isn’t commenting on what went wrong but a congressional subcommittee did a hearing into the matter and Dr. Gene Spafford, a computer science professor at Purdue University, testified that Sony didn’t patch their software. Well – HELLO! What do you think is going to happen if you don’t patch your software?

It is a standard process for an evil hacker to find the version of software they are targeting and then look for the know flaws in that code. They often start with the unapplied patches because that is the low hanging fruit. Others have already done the hard work of finding the hole and producing an exploit. So the moral of the story is patch, patch, patch!

I have seen many futuristic videos depicting what the future may look like from an end user display perspective. Here is one of those videos from Microsoft. We produce them to help people internally and externally imagine what can be done as we move forward and create new things.
http://www.microsoft.com/showcase/en/us/details/e7728af1-3fe4-4e25-a907-3dbf689fe11a

Well here is a prototype of an actual working flexible display with e-ink. This prototype was created by Arizona State University’s Flexible Display Center, Queen’s University’s Human Media Lab and the E Ink Corporation. One really cool thing about e-ink is the very low power consumption that it uses. For example my 3rd generation kindle only needs to be charged once a month! So a flexible low power display may be perfect for a news paper or a wearable device. For more information on this device see the article below:
http://www.zdnet.com/blog/gadgetreviews/could-this-paperphone-be-the-future/24367?alertspromo=&tag=nl.rSINGLE

I have seen many futuristic videos depicting what the future may look like from an end user display perspective. Here is one of those videos from Microsoft. We produce them to help people internally and externally imagine what can be done as we move forward and create new things.
http://www.microsoft.com/showcase/en/us/details/e7728af1-3fe4-4e25-a907-3dbf689fe11a

Well here is a prototype of an actual working flexible display with e-ink. This prototype was created by Arizona State University’s Flexible Display Center, Queen’s University’s Human Media Lab and the E Ink Corporation. One really cool thing about e-ink is the very low power consumption that it uses. For example my 3rd generation kindle only needs to be charged once a month! So a flexible low power display may be perfect for a news paper or a wearable device. For more information on this device see the article below:
http://www.zdnet.com/blog/gadgetreviews/could-this-paperphone-be-the-future/24367?alertspromo=&tag=nl.rSINGLE

TNsubPro_300X250_TN3MNA12TechNet is an awesome subscription which gives you access to over 70 Microsoft products to evaluate and learn at your own pace. These are full products that continue to function even if you don’t renew your subscription.

If you don’t like evaluation software and want to use full  product for your evaluations and testing then TechNet is for you! TechNet Subscriptions was designed by IT Pros especially for IT Pros. It is a subscription similar to the developers MSDN program but without the Developer tools and at a much lower price. Learn more about the subscription benefits here.

As an IT Evangelist, I’m able to provide a 15% discount on a TechNet Subscription Professional edition with this promo code TN3MNA12! This drops the price from $349 to $296. This offer is available only on new orders of TechNet Subscription Professional only in the U.S. between May 1 and June 30, 2011.

So go get your TechNet Subscription today, and remember use the promotion code: TN3MNA12 to save 15%!

http://technet.microsoft.com/en-us/subscriptions/bb892754.aspx

Ever wonder what happened to the security guides from Microsoft Solution Accelerators? Your go-to security guidance from Solution Accelerators hasn’t disappeared, it’s just been repackaged. The previously stand-alone Microsoft product-specific security guides are now included within the Microsoft Security Compliance Manager (SCM) tool.

To simplify: Stand-alone security guides à Security Compliance Management Toolkit à Security Compliance Manager tool

Got it?

So, how do you get your hands on trusted guidance for Windows client and server operating systems and Microsoft applications from the Microsoft security experts? First download and install the SCM tool. Next, import your product baselines of choice (options include Windows 7, Windows Server 2008 R2, Internet Explorer 8, and more). Finally, select the Documents tab within a baseline to access the security guide for that Microsoft product. Simple, right?

Next steps:

· Download and install the Security Compliance Manager tool.

· Check out the SCM TechNet Wiki for more details on how to get up and running with the tool.

· Learn more about the Security Compliance Manager.

· Questions? Comments? Tell it to the development team: secwish@microsoft.com.

· Looking for a specific security baseline? Browse away!

o Windows Server 2008 R2 Security Baseline

o Windows Server 2008 Security Baseline

o Windows Server 2003 Security Baseline

o Windows 7 Security Baseline

o Windows Vista Security Baseline

o Windows XP Security Baseline

o Internet Explorer 8 Security Baseline

o Microsoft Office 2010 Security Baseline

o Microsoft Office 2007 SP2 Security Baseline

Microsoft Solution Accelerators

SCM is just one of the tools provided by the Microsoft Solution Accelerators team. The Microsoft Assessment and Planning Toolkit, Microsoft Deployment Toolkit, and Security Compliance Manager provide tested guidance and automated tools to help you plan, securely deploy, and manage new Microsoft technologies—easier, faster, and at less cost. All are freely available, and fully-supported by Microsoft. Learn more.

Screenshot

image