We have 5000+ users going through Google's Postini service, and up until about 6 months ago spam levels were within normal tolerances. Over the past 6 weeks we are getting CRUSHED with phishing attempts that make it through their filters. The quality of the phishing emails is excellent (they're basically just re-using an actual email from Verizon Wireless, American Express, etc, and substituting their malicious links.) Google shows absolutely no interest or concern - it seems they're looking at this as a commodity service, and trying to get everyone to move over to fully-hosted email in the cloud. Well, that's not us. We're looking at alternatives, including Cisco IronPort and Proof Point. Anyone care to weigh in on pros + cons, and also on cloud vs on premises?
Agreed - but one minor clarification: Hollywood negotiates with the theaters for profits percentages for new releases. Opening weekend, Hollywood takes 100% of ticket sales, and the theaters ONLY make money on the crap food they sell you. Several days/weeks later (depending on the release), the theater now starts getting incrementally more percentage. So they have to charge $5 for a box of popcorn to make any money.
Yes, pun intended, but seriously: many dispensaries are still getting raided by the feds, who take their computers and customer lists. Maybe a cloud-based ERP solution would be a good way to get around this, assuming you could crypto the fuck out of it. Just figure out how to remember the password before you toke up, and don't write the password down on rolling papers.
I'm sorry, I know this is/., but did you not RTFA?
I completely understand the concept of facilitating employee communications - we have a solution for that - secure file transfer (SFT), which we implemented after our FTP server was hacked and sensitive files went god-knows-where. SFT is quantifiable, controlled, and far more secure than something like dropbox, especially when you consider the issues described in TFA.
And I disagree with the anon poster below who compares this to flash drives or CD's. Again, anybody, anywhere, can access dropbox files once you get the.db file. At least with removable media you still need physical access.
And I did look at a few user's systems - large MP3 collections and yes, sensitive business documents.
I am trying to PROTECT the profitability of my company.
I was shocked how many users have this installed and running on their systems. Now I just need to convince management why I should change this rule to BLOCK. TFA and the/. comments will sure come in handy.
Kudos to the folks at ET and the community that writes these sigs. Simply amazing.
Perhaps a better learning experience would be to connect the lab (or a handful of the students own computers) to the Internet, and stick a box running Snort (www.snort.org) with Emerging Threats (www.emergingthreats.net) signatures in between. If, by some miracle (or the fact that they're all Mac's) you don't have any immediate indicators of infection, then head on over to teh Googles and search for 'smiley tool bar' or 'free porn' with the I'm-Feeling-Lucky button. That ought to do the trick.
Get a full packet capture of the session so you can dissect how the virus was able to get on the machine, where it left hooks, how its similar and different to other types of malware, etc.
I agree that a review of a simple virus is a worthwhile endeavor, but perhaps that's best learned via a good book or whitepapers on the Internet. Save the demo for something that's relevant and 'live'.
And on second thought, maybe its best if you set up a demo machine to be infected. That way you can nuke it from space afterwards, just to be sure.
Many years ago I worked at a Boston-based mutual fund company. We not only had pre-meeting meetings (where the people on your "side" would all agree on what they'd say/agree to in the actual meeting), but then we started have pre-pre-meeting meetings - where a smaller subset of the people on your side would agree on what they'd say/agree to in the pre-meeting meeting, and then what they'd actually say in the actual meeting. (!!!)
Confused? You betcha. Backstabbing was considered an acceptable way to get your job done, especially if it had ANYTHING to do with the Marketing department.
Mod parent up. The other reason, still on the SLA track, is guaranteed Quality of Service. We were an early adopter for VoIP across our 100+ MPLS sites (mostly T1s or NxT1's). No way we're running enterprise voice (and now video) over "teh Internets".
They have competition, but not enough so in the enterprise market. Every year when it comes time to renew our support/licensing agreements, there is NO negotiation. They basically say "this year its $X." That's it, end of story. Pay up or else. They might as well be sticking a gun in our back. REAL competition might not get us to switch away from Microsoft, but it will at least bring them back to the table for actual discussions on price.
The other posters are correct. You only say "DAHS" if you're from Boston, as in: "Oh My Gawhd, some retahd on slashdaht is still writing DAHS bahtch files. Why don't we just fihre up Windows fah Workgroups while we're aht it."
Seriously though - I think nmap can send PCL commands via the nmap scripting engine, which is written in LUA. How about wrapping that with what some of the other posters are suggesting?
1) people who are addicted to Facebook, and feel the need to post every single one of their inane thoughts on FB 2) how those inane thoughts have any marketing value and/or how it affects the users "privacy".
I understand the PII (Personally Indentifying Information) issues like birthday, hometown, etc, but does ANYONE really care that one of my friends from High School (whom I haven't spoken to in over 18 years but 'friended via FB) is proud that his daughter scored her first goal in soccer today?? (True story, btw.)
Is someone actually mining that random piece of trivia into an actionable data point that can then be used to generate revenue? I guess what I'm saying is that I'm not sure what all the fuss is about.
Racktables.org is a very good, Free / Open Source solution to your problem. From the SourceForge description:
Racktables is a nifty and robust solution for datacenter and server room asset management. It helps document hardware assets, network addresses, space in racks, networks configuration and much, much more!
Last code update was 2010-02-17, and the guy seems to be good about maintaining it and adding new features. Its not "sexy" in the sense that your not looking at actual Visio diagrams of the gear in the racks. If you really need that, then I would suggest the RackWise solution (http://www.rackwise.com/), which has two offerings: 1) SaaS, where you pay by rack, at roughly $300 per rack. Its a plug-in to Visio, and your rack models are stored up in the cloud., 2) onsite appliance, where you pay through the nose (!!) but get the added benefit of integrating power management functionality into the solution.. i.e. how much power is this rack drawing, what PDU's is it attached to, etc. Option #2 is for large-ish (100+ rack) datacenters, IIRC.
I can't believe no-one has mentioned this yet. Oracle's Exadata2 solution uses Sun x4175 and x4275 servers, and runs on NO, not Solaris, but Oracle Enterprise Linux. (Which I believe is just a RedHat variant.)
Its my impression that Oracle bought Sun for the hardware, in order to deliver a one-stop-shop solution for Oracle clusters. The one-throat-to-choke model, if you will.
Had this happen to me a few months ago while doing a migration in the Middle East. The site had been running without a firewall for long enough to get p0wned, and was being used as an open proxy, was on multiple blacklists, etc. I didn't know this until Day 3, though, after Windows Update kept bombing on all of the machines. I built a site-to-site IPSec tunnel back to HQ in the USA, and had the systems go out our domestic corporate proxy servers. Updates worked like a charm.
So indeed MS does blacklist by IP for Windows Update.
I just came back from a trip to Dubai. Here's the order of screening that I went through:
Arrived at airport: All bags scanned just to get into ticketing area. Pre-ticketing: a guy asked me the usual questions like "did I pack my own bags", and "did anyone ask you to bring anything with you" but also "did you have any electronic items repaired here during your stay", and others that I had never been asked anywhere before. I found them to be good questions with a proper security focus.
Got tickets, checked one bag and had a carry-on (backpack) with me. 1st / general screening: they checked ticket, passport, and carry-on was run through one scanner. Shoes went through too. Gate screening: same set of questions, passport double-checked, and then belt off, shoes off, everything through scanner. Then I got a FULL (i.e. 'turn your head and cough') pat-down. Then they hand-checked everything in my backpack, flex-tested my shoes, threw out my bottle of (post-1st-screening-purchased) water, etc. More questions that I will not post here, but about the same as the 1st screening.
So, to answer your question, even if you board somewhere else, before you get on a US-bound plane you can expect another more intrusive screening.
Afterwards on the plane I had a discussion with, literally, the 'little old lady from Topeka' who said "I know they're trying to catch terrorists, but how am I a risk when I can barely catch my breath!"
I would much rather see them implement behavior, history, and/or risk-based screening than the "one-screen-fits-all" approach they use now.
There was a great line in the TV show 'Chuck', in "Chuck vs. Tom Sawyer", where he -really- needed to hear a Rush song right away. He asks his co-worker "Hey, do we have any Rush in the store?" and the other guy says "No need, man, I got it right here on my Zune.." Chuck replies, shocked, "Dude?! You've got a ZUNE!!?". The other guy replies "hahaha no man, but its right here on my iPod."
Although DirectAccess has several advantages over VPNs, there are several scenarios where a VPN is still a preferred solution. Some of these include:
Networks that block IPv6 and IPv6 transition technology protocols. DirectAccess uses IPv6. Although IPv6 transition technologies enable DirectAccess to work on existing IPv4 networks (IPv6 needs to be enabled on the client and server computers), several IPv6-related protocols must be allowed to pass through your outward facing firewalls. If firewall rules block these protocols and they cannot be changed, the organization must use a VPN instead of DirectAccess.
Slashdot Mirror
We have 5000+ users going through Google's Postini service, and up until about 6 months ago spam levels were within normal tolerances. Over the past 6 weeks we are getting CRUSHED with phishing attempts that make it through their filters. The quality of the phishing emails is excellent (they're basically just re-using an actual email from Verizon Wireless, American Express, etc, and substituting their malicious links.) Google shows absolutely no interest or concern - it seems they're looking at this as a commodity service, and trying to get everyone to move over to fully-hosted email in the cloud. Well, that's not us. We're looking at alternatives, including Cisco IronPort and Proof Point. Anyone care to weigh in on pros + cons, and also on cloud vs on premises?
Agreed - but one minor clarification: Hollywood negotiates with the theaters for profits percentages for new releases. Opening weekend, Hollywood takes 100% of ticket sales, and the theaters ONLY make money on the crap food they sell you. Several days/weeks later (depending on the release), the theater now starts getting incrementally more percentage. So they have to charge $5 for a box of popcorn to make any money.
Yes, pun intended, but seriously: many dispensaries are still getting raided by the feds, who take their computers and customer lists. Maybe a cloud-based ERP solution would be a good way to get around this, assuming you could crypto the fuck out of it. Just figure out how to remember the password before you toke up, and don't write the password down on rolling papers.
I'm sorry, I know this is /., but did you not RTFA?
I completely understand the concept of facilitating employee communications - we have a solution for that - secure file transfer (SFT), which we implemented after our FTP server was hacked and sensitive files went god-knows-where. SFT is quantifiable, controlled, and far more secure than something like dropbox, especially when you consider the issues described in TFA.
And I disagree with the anon poster below who compares this to flash drives or CD's. Again, anybody, anywhere, can access dropbox files once you get the .db file. At least with removable media you still need physical access.
And I did look at a few user's systems - large MP3 collections and yes, sensitive business documents.
I am trying to PROTECT the profitability of my company.
My IPS sensors went berzerk today after I updated my sigs from Emergingthreats.net:
emerging-all.rules:alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Dropbox.com Offsite File Backup in Use"; flow:established,to_server; uricontent:"/subscribe?host_int="; uricontent:"&ns_map="; uricontent:"&ts="; content:".dropbox.com|0d 0a|"; classtype:policy-violation; sid:2012647; rev:2;)
I was shocked how many users have this installed and running on their systems. Now I just need to convince management why I should change this rule to BLOCK. TFA and the /. comments will sure come in handy.
Kudos to the folks at ET and the community that writes these sigs. Simply amazing.
My favorite: "What is your favorite color?" Answer: "Red, no blue!" (booooinnng! omitted)
Many
Very
Educated
wo(M)en
Just
Saved
Unfortunate
Ninth
Planet
Perhaps a better learning experience would be to connect the lab (or a handful of the students own computers) to the Internet, and stick a box running Snort (www.snort.org) with Emerging Threats (www.emergingthreats.net) signatures in between. If, by some miracle (or the fact that they're all Mac's) you don't have any immediate indicators of infection, then head on over to teh Googles and search for 'smiley tool bar' or 'free porn' with the I'm-Feeling-Lucky button. That ought to do the trick.
Get a full packet capture of the session so you can dissect how the virus was able to get on the machine, where it left hooks, how its similar and different to other types of malware, etc.
I agree that a review of a simple virus is a worthwhile endeavor, but perhaps that's best learned via a good book or whitepapers on the Internet. Save the demo for something that's relevant and 'live'.
And on second thought, maybe its best if you set up a demo machine to be infected. That way you can nuke it from space afterwards, just to be sure.
Many years ago I worked at a Boston-based mutual fund company. We not only had pre-meeting meetings (where the people on your "side" would all agree on what they'd say/agree to in the actual meeting), but then we started have pre-pre-meeting meetings - where a smaller subset of the people on your side would agree on what they'd say/agree to in the pre-meeting meeting, and then what they'd actually say in the actual meeting. (!!!)
Confused? You betcha. Backstabbing was considered an acceptable way to get your job done, especially if it had ANYTHING to do with the Marketing department.
Mod parent up. The other reason, still on the SLA track, is guaranteed Quality of Service. We were an early adopter for VoIP across our 100+ MPLS sites (mostly T1s or NxT1's). No way we're running enterprise voice (and now video) over "teh Internets".
They have competition, but not enough so in the enterprise market. Every year when it comes time to renew our support/licensing agreements, there is NO negotiation. They basically say "this year its $X." That's it, end of story. Pay up or else. They might as well be sticking a gun in our back. REAL competition might not get us to switch away from Microsoft, but it will at least bring them back to the table for actual discussions on price.
The other posters are correct. You only say "DAHS" if you're from Boston, as in: "Oh My Gawhd, some retahd on slashdaht is still writing DAHS bahtch files. Why don't we just fihre up Windows fah Workgroups while we're aht it."
Seriously though - I think nmap can send PCL commands via the nmap scripting engine, which is written in LUA. How about wrapping that with what some of the other posters are suggesting?
There are two things I don't understand:
1) people who are addicted to Facebook, and feel the need to post every single one of their inane thoughts on FB
2) how those inane thoughts have any marketing value and/or how it affects the users "privacy".
I understand the PII (Personally Indentifying Information) issues like birthday, hometown, etc, but does ANYONE really care that one of my friends from High School (whom I haven't spoken to in over 18 years but 'friended via FB) is proud that his daughter scored her first goal in soccer today?? (True story, btw.)
Is someone actually mining that random piece of trivia into an actionable data point that can then be used to generate revenue? I guess what I'm saying is that I'm not sure what all the fuss is about.
Racktables.org is a very good, Free / Open Source solution to your problem. From the SourceForge description:
Racktables is a nifty and robust solution for datacenter and server room asset management. It helps document hardware assets, network addresses, space in racks, networks configuration and much, much more!
It lets you lay out racks, assign IP Address to assets, yadda yadda. Live Demo here:
http://racktables.org/demo.php
Last code update was 2010-02-17, and the guy seems to be good about maintaining it and adding new features. Its not "sexy" in the sense that your not looking at actual Visio diagrams of the gear in the racks. If you really need that, then I would suggest the RackWise solution (http://www.rackwise.com/), which has two offerings: 1) SaaS, where you pay by rack, at roughly $300 per rack. Its a plug-in to Visio, and your rack models are stored up in the cloud., 2) onsite appliance, where you pay through the nose (!!) but get the added benefit of integrating power management functionality into the solution.. i.e. how much power is this rack drawing, what PDU's is it attached to, etc. Option #2 is for large-ish (100+ rack) datacenters, IIRC.
There's an script in nmap that does this quite easily:
nmap --script=pjl-ready-message.nse --script-args='pjl_ready_message="your message here"'
Reference:
http://nmap.org/nsedoc/scripts/pjl-ready-message.html
My favorite message to use is "INSERT COIN"
I can't believe no-one has mentioned this yet. Oracle's Exadata2 solution uses Sun x4175 and x4275 servers, and runs on NO, not Solaris, but Oracle Enterprise Linux. (Which I believe is just a RedHat variant.)
Its my impression that Oracle bought Sun for the hardware, in order to deliver a one-stop-shop solution for Oracle clusters. The one-throat-to-choke model, if you will.
http://www.oracle.com/technology/products/bi/db/exadata/pdf/exadata-storage-technical-overview.pdf
slides 16, 17, 22, and 57. And that helpful link was provided by Scott Davenport's Sun blog at:
http://blogs.sun.com/sdaven/entry/oracle_exadata_2
My god - think of the power of a 0ms quantum slashdotting.
http://excloseup.ytmnd.com/
Had this happen to me a few months ago while doing a migration in the Middle East. The site had been running without a firewall for long enough to get p0wned, and was being used as an open proxy, was on multiple blacklists, etc. I didn't know this until Day 3, though, after Windows Update kept bombing on all of the machines. I built a site-to-site IPSec tunnel back to HQ in the USA, and had the systems go out our domestic corporate proxy servers. Updates worked like a charm.
So indeed MS does blacklist by IP for Windows Update.
I just came back from a trip to Dubai. Here's the order of screening that I went through:
Arrived at airport: All bags scanned just to get into ticketing area.
Pre-ticketing: a guy asked me the usual questions like "did I pack my own bags", and "did anyone ask you to bring anything with you" but also "did you have any electronic items repaired here during your stay", and others that I had never been asked anywhere before. I found them to be good questions with a proper security focus.
Got tickets, checked one bag and had a carry-on (backpack) with me.
1st / general screening: they checked ticket, passport, and carry-on was run through one scanner. Shoes went through too.
Gate screening: same set of questions, passport double-checked, and then belt off, shoes off, everything through scanner. Then I got a FULL (i.e. 'turn your head and cough') pat-down. Then they hand-checked everything in my backpack, flex-tested my shoes, threw out my bottle of (post-1st-screening-purchased) water, etc. More questions that I will not post here, but about the same as the 1st screening.
So, to answer your question, even if you board somewhere else, before you get on a US-bound plane you can expect another more intrusive screening.
Afterwards on the plane I had a discussion with, literally, the 'little old lady from Topeka' who said "I know they're trying to catch terrorists, but how am I a risk when I can barely catch my breath!"
I would much rather see them implement behavior, history, and/or risk-based screening than the "one-screen-fits-all" approach they use now.
Fraiser (to Niles): "Remember Niles, that which doesn't kill you only makes you stronger."
Nile: "Yes, but what about the people that don't make it into that second group?"
Right but VSE doesn't support developing Windows Mobile 6.0 apps. You need the professional platform. (And also a head exam.)
There was a great line in the TV show 'Chuck', in "Chuck vs. Tom Sawyer", where he -really- needed to hear a Rush song right away. He asks his co-worker "Hey, do we have any Rush in the store?" and the other guy says "No need, man, I got it right here on my Zune.." Chuck replies, shocked, "Dude?! You've got a ZUNE!!?". The other guy replies "hahaha no man, but its right here on my iPod."
CLASSIC line that only a geek can appreciate.
From one of MS's whitepapers:
Contributing to the delinquency of deliquents since 1997.