Silicon Shecky

Infosec Practitioner

Connect

A new way to fight Malware, Sort Of

By Leave a Comment

We all know Social Engineering is the most commonly used way to spread malware. There seems to be a device that can help with that, as far as e-mails go. Its not a cheap form of protection though.

We all know that Social Engineering is the easiest way to spread malware. As P.T. Barnum said, “There’s a sucker born every minute,” and in the age of the Internet, it is even easier to get to those suckers. Pyramid Schemes, Malware, Phishing Attacks, all heavily rely on the mark being trusting. Anti-Malware, Firewalls, and security devices have always had a problem with this angle of attack.

Now a company called Cyveillance is touting a new appliance to help mitigate the Social Engineering front. Two problems though. First, like all first generation, innovative ideas, the cost is more than most people make in a year. Over $100,000 for the device alone, not including all the scan types, and extra protection licenses added on.

Second, it only scans e-mail. This is nice for those instances where it is e-mail that has a bad link, but a lot of the malware is coming through hijacked ads on websites. This device doesn’t take any of that into account.

More information is available here and here. Overall the idea of a device like this, or algorithms and heuristics that can defend on this front, and be reliable, is where we need to focus our defenses on. Hopefully, someone can go the next step on this. After all, we are only as secure as the weakest link in the chain.

Exchange, how you make me *HEADDESK*

By Leave a Comment

Exchange doesn’t like drive error, or bad blocks. Never has, never will, and while there are things that can temporarily correct the problem, new hardware is the ultimate solution.

I’ve been slowly prepping to do a migration from Exchange 2007 to Exchange 2010 at the company I work for. I’ve done my reading, come up with all sorts of bad scenarios, and basically anything else I could think of to prepare for it. Mind you, I’m not the only high end internal IT guy (Engineer, support, sales, etc…), but I’m also the only outbound tech. I had things planned out to finish the actual prep the day before a long weekend a few weeks ago, just in case I ran into any problems.

Smart thing I did that, because I ran into a major problem. I had to go to a client site, due to a printer issues. the client is a major one for the company and the directive came at 10pm in the evening from by boss to be out there the next day. This of course caused me to cancel the planned migration.

The day of the cancellation was going to be installing Exchange 2010 on the newly purchased server, and installing the latest version of Blackberry Enterprise server so that we could keep using our Blackberries. Needless to say, a few days after the cancelled migration date, our current Exchange 2007 server starts running really slow. Disk errors, bad blocks, a chkdsk cleared the errors, and I was put on the hot seat.

I explained why the migration had not happened, how I was ordered to be down at a client for a printer problem. How the amount of e-mail data will take 2-3 days to migrate, and that I wanted to do it over a long weekend. I was asked for a hard date for the migration, something soon, since slow or non-working e-mail near the end of the month was not acceptable. So I gave a date of this upcoming weekend, and went to work on getting the domain all prepped.

So here I am trying to run the Schema and AD prep on a domain where the Exchange server is in a separate site (Not domain, just physical site) from the Schema Master. Not only that but the Schema Master is a 2003 server. Yes, following Microsoft’s information of just running the Schema Prep through a 2008 server that is in the site where the schema master is located, has not worked so far.

I know I’ll get it, I dealt with this went tossing SP2 on the Exchange 2007 server, I’m just frustrated that Microsoft doesn’t even know how its own stuff works.

And now for something completely different

By Leave a Comment

Technology is a wonderful thing. We have computers, laptops, servers, the Internet, e-mail, and of course mobile technologies. We use and abuse them all without even a second thought. Then something breaks and we are lost.

It is amazing how much technology controls our lives. It is supposed to be a tool to make our lives easier, but we depend on it so heavily, it controls us. I’m as guilty as anyone in this respect. Today RIMs Blackberry Internet Service went boom again. North America and South America both wound up affected, and yet there was not a lot of talk about it. No CNN headlines, no nothing. It only affected e-mail and if you worked for a company that had a BES server you weren’t affected. Nope just people like me who use the BIS part were.

It drove me crazy. I thought maybe I left Outlook open at home. A visit to my webmail site showed that e-mail was not going to my PC at home, as all of it was still on the main server. A quick google search found a couple of articles about it finally.

Outages happen in the IT world. We all know that. What this instance shows us again is that relying on cloud services is an iffy thing. Its all still a beta product, all of it. The Internet, e-mail, mobile devices, all of it beta products. Don’t be controlled by it, for it is just a tool.