The Heartbleed vulnerability in OpenSSL has received a significant amount of attention, worry naught it won’t get you unless you have Apache on your Windows server. Microsoft services were not impacted by the OpenSSL vulnerability and the Windows implementation of SSL/TLS was also not impacted.
Rest assured that default configurations of Windows do not include OpenSSL, and are not impacted by this vulnerability. Windows comes with its own encryption component called Secure Channel (a.k.a. SChannel), which is not susceptible to the Heartbleed vulnerability.
People often get the terms “virtualization” and “cloud computing” confused, believing that they can be used interchangeably when, in fact, they are diametrically opposed.
Virtualization tricks your software into believing that it’s running on a real server, network or storage that is actually there, but it’s not: it’s virtualized. Essentially we are hiding the infrastructure from software, which allows software to believe that nothing is changing even if we move the ‘server’ to a new machine or new location. Portable and easy to get running on new hardware.
Cloud computing is the exact opposite. A real public or private cloud richly exposes the infrastructure to the application which is not only infrastructure-aware; it is dependent on its interactions with the infrastructure. This allows companies to turn off resources when they’re not using them and add additional resources when required, basically making a server more powerful when needed.
The PR teams will tell you Cloud Computing is the way to go, the destination and ultimate goal of business computing. Complete horse crap. It’s probably the next ‘leaky condo’ with more central points of failure than any system in existence (because you need to connect to it the entire path is vulnerable from failure).
Cloud computing and data storage bind client to the service providers like nothing else the monthly fees are reasonable on a per user basis but company wide they can become onerous without offering any local hardware maintenance (which is often the largest cost). One special consideration for Canadian customer is you are not allowed to have any government communication or documents leave the country, which mean even GMail violates government contracts let alone files on the cloud.
How DNS happens
DNS (Domain Name Service) has been around since the first time someone tried a name instead of an IP to get somewhere on the Internet. Which translates to only a few years younger than the first network. What happens when you type ‘google.ca’ isn’t stunningly complex, it’s really no more than your machine looking up the number of that domain and then sending you there. The really interesting part is how much we rely on it and how it’s embedded into nearly everything. In fact the Internet would grind to a halt in about 5 minutes without it and the fact it is made of millions of simple text files is a minor marvel.
So why the news on DNS? My home internet (to my server) went out a few days ago and it is one of a chain of DNS servers that maintain a few domains. It also exposed an vulnerability in my redundancy which I had thought covered, turns out some companies know less of DNS than I do and thier system weren’t capable of taking the added load. Thus the DNS entries began to expire and the scramble was on. Long story short, I managed to get a new DNS system up in a few hours and migrate things to a more stable platform. The whole system is better than ever and more fault tolerant. This meant some email outages for a time and though email can recover, the deliveries where later than expected.
What I learned yet another software system that doesn’t do what it claims and I didn’t even get an error the system wasn’t working as expected. No way to check and the only way to discover the flaw was to create the problem it was meant to protect against, seems a rather hard way to test a system. I’ll have to break down and learn to use Unix on the command line and stop relying on a GUI that tries to hide thier failures behind pretty icons.
I’ve never been a proponent of ‘hard testing’ where one creates the disaster to check the recovery system. My reasoning being if things are other than planned (see Murphy’s law) you’ll have created a problem you do not have the solution for (or your recovery plan would have worked).
So I’ve learned a few new tricks, found a useful service for DNS replication and for one day of annoyance managed to ‘hard test’ my failover system. Now I just have to get my own regular Internet connection back, thank the tech gods for cell phone tethering
On June 27th 2012 Microsoft accidentally put Skype into thier ‘Important’ updates for the WSUS. What happened was that millions of users got Skype installed on thier desktop without consent and let’s face.. not really needing it.
The update was ‘expired’ once the error was discovered but the fact it happened at all is rather disconcerting. Not only was the program installed without user approval (being it was misclassified) but it makes this vector of program installation much more suspect.
The long and short is; if you suddenly have Skype on your desktop you can uninstall it. It was a Microsoft error that put it there and with luck it will not happen again.
For a couple of months Apple has been aware of some malware called ‘Mac Flashback’ and a resounding failure to do anything about it has cause and estimated (so far) 600,000 viral infections on Mac. Thus the arguement finally ends, and rest assured this isn’t the first virus it’s just the first that cannot be swept under the rug.
So the time has come and you’ll need to check your computer for a bug, and unlike the well versed PC market it won’t be easy. Then you’ll have to get a some real protection because what comes with the computer isn’t sufficient (obviously). Steve Jobs is dead, Mac can get viruses and solution isn’t easy or pretty; welcome to the real world.
Read more: http://www.foxnews.com/scitech/2012/04/06/how-to-protect-your-mac-against-malware/#ixzz1rHktiW5X
Gizmodo (a tech savy company that offers layman explanations about the latest gizmos) while underwhelmed by the new iPad2 thought they have some fun with the non-tech. This fun was giving a regular iPad2 user a ‘new iPad’, which was actually an old iPad2 but they were TOLD it was the new version. The sad part is the apple consumer wanted the ‘new iPad’ because it was the new version, even though it was the same as the one they already owned.
Read the Gizmodo article here:
Upgrading a computer workstation (home or office) can be a real gamble. Not only is it a good deal of cash the time and energy to move all your data, programs and re-do all your settings is significant. Sadly, far too often, the performance increase isn’t worth the cost as a clean install will oftne do the same thing and save you nearly $1000.
This however (the machine below) will make a HUGE difference in your performance:
Intel Core i5 2500 Quad Core Processor LGA1155 3.3GHZ
ASUS P8H67-M PRO/CSM Motherboard
Mushkin 8GB 2X4GB DDR3-1333 Dual Channel Memory Kit
OCZ Vertex 3 120GB Solid State Disk Flash Drive
Samsung Black DVD Writer
Antec Three Hundred Case 300 ATX Front USB & Audio
Sparkle Power Supply W/ 120MM Fan
Samsung S23A300B 23IN Widescreen LCD Monitor
Logitech MK200 Media Keyboard and Mouse Combo USB
Microsoft Windows 7 Professional 64BIT DVD OEM
Microsoft Office 2010 Home and Business English
From NCIX this complete computer is less than $1400. Being one could skip a few pieces if you already have them (OS, screen, keyboard) the price can get down to about $600 for the basic computer. The SSD and the timed CPU/Memory/Motherboard are the key, it’s runs lightning fast and is rock solid reliable. The only upgrades needing consideration to this beasty.. add in a mechanical 1TB+ Western Digital Caviar Black for storage and an NVidia video card.
The web server (and backup mail) is moving from the old DDS (fractional dedicated server) to a newer ‘virutal’ server located in the ‘cloud’. The advantages are it’s a little more reliable but mostly it cleans up years of alterations and upgrades and it’s far more expandable.
Dec 14th – The old server dies tonight at 9pm, everything I could find to move I moved and it’s been off for a few days and no complaints, one can only hope it all migrated properly. The new server is faster and MUCH cleaner. If you have any issues or problem don’t hesitate to call.
You know that little HTTPS: we all love to trust when we do online transactions.. well the old versions (TLS v1.0 and earlier) have been compromised. This means a serious weakness in virtually all websites protected by the secure sockets layer protocol that allows attackers to silently decrypt data that’s passing between a web-server and an end-user browser.
Although versions 1.1 and 1.2 of TLS aren’t susceptible, they remain almost entirely unsupported in browsers and websites alike, making encrypted transactions on PayPal, GMail, and just about every other website vulnerable to eavesdropping by hackers who are able to control the connection between the end user and the destination website.
At this point the hack isn’t usable by the average weenie on some remote country, the processing power needed is extreme but as the code is improved it’ll become more important to rely on TLS v1.1+ to remain secure. The major browsers will likely soon release a patch to implement TLS v1.2 but it’s up to the website to deploy the other end to ensure secure communication.
Just thought you should know in case you didn’t feel vulnerable enough already.
In Canada we don’t get the FBI, NSA, CIA, Homeland Security, State Police, Local Cops or a myriad of odd agencies with dubious jurisdictions wanting to know much of anything regarding your computer server. In Canada you get one of two agencies 95% of the time, RCMP or CSIS, neither is good but both are better than the US alternatives that are often more interested in their goals than preserving your data.
What has been getting the attention lately has been around for over a year now and courtesy of the PRC (Peoples Republic of China). Few will come right out and say it but state based espionage is the bread and butter of China’s financial machine.. what you can’t develop, you steal.
The target of choice right now is Microsoft Small Business Server 2003. It’s a good OS and system but if compromised it can be difficult to detect, but here is something you can look for:
Examine the file with Notepad and at the very top do you see any ‘funny’ code? Something like this:
That code at the top.. that’s the signature that not all is right in your system. Who, what, how and all the rest I’m researching but your machine, though not compromised, is quite possibly working for the bad guys.
I’ll add a comment when I have a name and process for removing this beasty.