Tuesday, December 14, 2010

Web talks that I am doing

As an IT professional, you deal with securing operating systems, patching software, and installing and configuring firewall and routers on a daily basis," said Ferron. "But what about the physical infrastructure? Do you understand how simple techniques can allow theft of your company resources? In this webinar, we will discuss one of the most important yet least-considered areas of security by IT professionals."

Webinar: Understanding Cyber Security Physical Security

Live Presentation: Wednesday, December 1, 2010, 12:00-1:00 pm EST

Ferron will also host "Understanding Cyber Security Patch Management" at 12 pm EST Wednesday, December 15. In this hour-long webinar, attendees will examine the area of systems management that involves acquiring, testing, and installing appropriate patches to administered systems.

"In this session, we will develop an actual process to secure hardware and software systems using a fictional company," said Ferron. "We will discuss automated systems versus manual systems, as well as incorporating virtualization and an audit process for patch management."

Webinar: Understanding Cyber Security Patch Management

Live Presentation: Wednesday, December 15, 2010, 12:00-1:00 pm EST

Register for Understanding Cyber Security Physical Security and Understanding Cyber Security Patch Management on the Global Knowledge web site. Recorded versions will also be available.

Friday, October 15, 2010

Browser Has Been Hijacked ?

  • Home page or other settings change on your computer. Links are added that point to websites that you'd usually avoid.
  • You can't navigate to certain web pages, such as antispyware and other security software sites.
  • A seemingly endless barrage of ads pops up on your screen.
  • New toolbars or Favorites are installed that give you icons and links to web pages that you don't want.
  • Your computer runs sluggishly. Malicious software can slow down your computer.

The following six tips can help restore your browser's settings:

  1. Stop cascading pop-up windows. If endless pop-up windows appear on your screen, you'll probably want to stop them first. To do this in Microsoft Windows 7, Windows Vista, Windows XP, or Windows 2000 while using Internet Explorer:
    • Press CTRL+ALT+DEL, click Task Manager, and then click the Processes tab.
    • Click IEXPLORE.EXE, and then click the End Process button.
    This closes all instances of Internet Explorer. Then you can re-open the program to continue browsing as usual. To help prevent future attacks, you should also have a pop-up blocker turned on.
    To turn on the pop-up blocker in Internet Explorer 8 click the Tools button (the gear icon), point to Pop-up Blocker, and then click Turn On Pop-Up Blocker.
    To turn on the pop-up blocker in Internet Explorer 7:
    • Click Tools menu, click Internet Options, and then click the Privacy tab.
    • In the Pop-up Blocker box, select the Block pop-ups check box. Click OK.
    If you still experience the other effects of a hijacked web browser, try the following:
  2. Install Microsoft Security Essentials or another antivirus and antispyware program. Microsoft Security Essentials is free software that will help protect your computer from malicious software such as viruses or spyware. Many browser hijacking programs can be identified and removed by downloading, installing, and running Microsoft Security Essentials or a similar tool.
  3. Run the Malicious Software Removal Tool . This can catch some, but not all, kinds of hijacking software.
  4. Reset Internet Explorer settings. If you're using Internet Explorer and your home page has been changed, you can often reset it yourself.
    Note If you use Microsoft Security Essentials, Forefront Client Security, Windows Defender, or the Windows Malicious Software Removal Tool and these tools have detected and removed hijacking software from your computer, these tools might change your home page and your search page to help protect against the malicious software.
    For more information and step-by-step instructions, see How to restore your Internet Explorer home page and search page preferences.
  5. Disable add-ons. Many browser hijackings come from add-ons, also known as ActiveX controls, browser extensions, browser helper objects, or toolbars. These items can improve your experience on a website by providing multimedia or interactive content, such as animations. However, some add-ons can cause your computer to stop responding or display content that you don't want, such as pop-up ads.
    To learn how to disable add-ons in Windows Vista or Windows XP Service Pack 2 (SP2), read How do browser add-ons affect my computer?
  6. Get more help.  call 1-866- PC safety
  7. go online to  Here let system try and fix these issues for you.

This is a combo of article posted on the Microsoft site.

Monday, October 11, 2010

Windows 7 in a Nutshell – User talk

I will be presenting in Florida a talk on Windows 7  At BARC

The BARC Meeting starts at 7:30 PM, Program is Windows 7 in a Nutshell Tuesday, October 12, 2010, 7:30 p.m., at the Davie Police Department

Davie Police Department
1230 South Nob Hill Road in Davie Florida.


This will be located on the S.E. corner of State Road 84 and South Nob Hill Road.  The Entrance to the building is located on the East side of the building.

Tuesday, October 12, 2010, 7:30 p.m., at the Davie Police Department

Jay Ferron, N4GAA  will be presenting Windows 7 in a Nutshell for end users, please come and enjoy. Come learn about Microsoft Windows 7, the newest desktop operating system. Get an understanding of what is new, what improvements are in Windows 7, what hardware requirements you will need to run this OS. See the new user interface, security features, and much more.

Windows 7 introduces a breakthrough user experience and is designed to help you feel confident in your ability to view, find, and organize information, and to control your computing experience.

When you start using Windows 7, you will recognize familiar elements such as the Start menu, which is now faster, more streamlined, and more helpful than in previous versions of Windows. The Start menu features an integrated desktop search

through a new feature called Quick Search, which can help you find and launch almost anything on your PC. Just type in a word, a name, or a phrase, and Quick Search can find the right file for you. But more than that, the new Start menu makes clip_image002it very easy for you to navigate across all of the installed applications on your PC. Learn the new desktop tricks that make it easier to work with multiple documents.

Jay Ferron bio  is currently president of the Association of Personal Computer User Groups (APCUG), a global board director of GITCA, and board member of the Information Systems Audit and Control Association-CT. He is also a self proclaimed geek who has authored; Architecting Microsoft Server Virtualization Solutions with Hyper-V™ and System Center Virtual Machine Manager; Smart Computing Magazine (assorted articles on Microsoft Technologies) • Subject Matter Expert for Microsoft System Center Mobile Device Manager Course MOC Course 6064a.  His interest include that he is involved with the American Red Cross National Headquarters Emergency    response team dealing with computing and communications in a disasters. I have hobbies of RC Helicopters and Magic. Jay also holds an Extra Class Amateur license.

NOTE:  Jay will be raffling off two (2) Window 7 Ultimate operating systems. So, please plan on attending this meeting.

Tuesday, October 5, 2010

Windows 7 in a Nutshell – User talk

Thursday, October 7, 2010, 7:00 p.m., White Plains Middle School, Room 261, White Plains, NY

I will be presenting Windows 7 in a Nutshell for end users, please come and enjoy. Come learn about Microsoft Windows 7, the newest desktop operating system. Get an understanding of what is new, what improvements are in Windows 7, what hardware requirements you will need to run this OS. See the new user interface, security features, and much more.

Windows 7 introduces a breakthrough user experience and is designed to help you feel confident in your ability to view, find, and organize information, and to control your computing experience.

When you start using Windows 7, you will recognize familiar elements such as the Start menu, which is now faster, more streamlined, and more helpful than in previous versions of Windows. The Start menu features an integrated desktop search through a new feature called Quick Search, which can help you find and launch almost anything on your PC. Just type in a word, a name, or a phrase, and Quick Search can find the right file for you. But more than that, the new Start menu makes it very easy for you to navigate across all of the installed applications on your PC. Learn the new desktop tricks that make it easier to work with multiple documents.

Jay Ferron, our presenter, is currently president of the Association of Personal Computer User Groups (APCUG), a global board director of GITCA, and board member of the Information Systems Audit and Control Association-CT.

The talk is being done for,http://www.wpcug.org/ .

WPCUG is a nonprofit group located in Westchester County New York. WPCUG’s goal is to increase the computer knowledge of our 300 members. The Main Meetings are held once a month. They have over 20 Workshops that meet on a regular basis and discuss everything from beginner topics to the latest in programming languages. Please join them!

CompTIA Breakaway 2010 session on Security Practices radio show

Here is a link to a radio show that I did at CompTIA Breakaway event. I had a interview with Sharon Fry the co-host of Computer Outlook. This is a radio show that is broadcast on radio, streamed on the internet. The Show cover lot of technology trend… Their web site is http://www.computeroutlook.com. to listen to the interview click here and look for;

CompTIA Breakaway 2010
Sharon Fry - Show Co-Host
Jay Ferron - Security Practices - Global Knowledge Training Centers and President - APCUG


Tuesday, September 28, 2010

LinkedIn Phishing Security ISSUE

Warning there is a new problem with  some LinkedIn e-mails they could be a  phishing attack, here an example.




Look like you get a message form LinkedIn, but really is a hidden link to a site that will try and install malware.

To check message right click on link and see where url links to.



Technorati Tags: ,

Wednesday, September 22, 2010

Microsoft Security Essentials for Small Business for Free


Information taken From the Microsoft site

Beginning in October, owners of small businesses like the bike shop above can download and use Microsoft’s award-winning antimalware service Microsoft Security Essentials for free.

“Small-business owners just want to concentrate on running the business, without worrying about PCs going down,” says Jeff Smith, director of Marketing for Microsoft Security Essentials. “We talk to lots of small-business customers every day, and we understand that security is a top priority.”

The problem is, most security products for the business world were designed with larger companies in mind. From a small company’s perspective, high-end security suites are an unwieldy technology to manage — complicated, expensive and time-intensive.

“For small-business owners, just getting the business up and running is a full-time job,” Smith says.

For this reason, Microsoft is announcing that beginning in early October, Microsoft Security Essentials will become free to use for organizations with up to 10 PCs.

Originally released last year for single-PC use at home, Microsoft Security Essentials was designed as a comprehensive security solution in a lightweight package. Smith says a growing chorus of requests prompted Microsoft to extend the service to small businesses.

“When we launched Microsoft Security Essentials last year, small businesses kept telling us that it was exactly the type of thing they need at work too,” says Smith. “What they really wanted from their antivirus software — inexpensive, quiet protection from a provider they can trust — were all things Microsoft Security Essentials could clearly Smith says Microsoft Security Essentials can be downloaded, installed and put to work with just a few clicks. Upon installation, it scans the PC to make sure it’s clean from the start. Once Microsoft Security Essentials is working, it downloads updates and schedules scans on its own.

Over the past year, the product has won awards and certifications from a number of independent agencies, such as ICSA Labs, West Coast Labs and PC Advisor, and last January, PC Advisor named Microsoft Security Essentials to its list of the “Best Free Software.”

Says Smith: “This is a full-featured, top-tier security solution that we’re offering to small businesses for free. You don’t need a credit card. It requires no registration, no trials, no renewals. It doesn’t collect any information. It runs well on older hardware. It’s easy to use, easy to get, and it’s from a trusted source. Basically, Microsoft Security Essentials just works.”

But if the product is so successful, why offer it for free? According to Microsoft’s internal research, although 80 percent of PC owners in the U.S. say they have the most up-to-date antivirus protection, in reality only half that many actually do. Often they have signed up for free trials or subscription-based services that have lapsed. Others are just using outdated versions of security software on older hardware.

Smith says these issues become more dramatic in developing economies, where not everyone has a credit card or broadband network access to download large files.

“We want the entire Windows ecosystem to be secure,” says Smith. “By making Microsoft Security Essentials so broadly available, everyone wins. And we think small-business owners are going to be really happy with what they get. This is just what the market needed.”

Microsoft Security Essentials is now available in 74 markets worldwide and 25 languages. To learn more about Microsoft Security Essentials and download the product for free, visit http://www.microsoft.com/security_essentials/.


Monday, September 20, 2010

Webinar Title – "Understanding Cyber Security Risk Management

Date – September 22, 2010 - Time - Noon - 1 PM ET this is a 1 hour session.

I will be presenting a webinar on risk management.

Cyber Security Risk Management is concerned with the process of managing or reducing potentially harmful uncertain events due to the lack of effective cyber security.

Global Knowledge introduced an exclusive four-part Webinar series devoted to the subject of Cyber Security, based on our recently announced hands-on cyber security course entitled Cyber Security Foundations.

In Part Two of this Webinar series, we will examine "Understanding Cyber Security Risk Management."  As a Security professional you need to understand the risks that affect your company.  This session will help you:

1.       Save company data

2.       Save the company reputation

3.       Save your job


In this session we will cover the basic steps of:

How do you Identify business risks

How do you Identify business assets

· Risk Management

· Risk Management Process

· Threat Determination

· Risk Assessment

· Risk Management Lifecycle

To register for this Webinar, go to:  https://gkevents.webex.com/gkevents/onstage/g.php?t=a&d=667243492


Thursday, September 16, 2010

Internet Explorer 9 Beta released

A IE 9 has a new new interface increases your viewing area, and enhanced integration with the Windows 7 operating system means you can pin websites and applications directly to the taskbar and create customized Jump Lists that put the tasks you use most often just one click away. And a robust set of built-in security, privacy, and reliability technologies makes browsing safer than ever.

Explore a more beautiful web.


Check out the hardware acceleration increase browsing speed,  check out web sites using HTML5 and advancements security in Internet Explorer 9. by trying the Beta.


Monday, September 13, 2010

Free E-book: Microsoft SQL Server 2008 R2

For a limited time, you can download the 10-chapter e-book Introducing Microsoft SQL Server 2008 R2, by Ross Mistry and Stacia Misner. Learn all about the powerful new database administration and business intelligence development enhancements available with this new edition of SQL Server 2008--sign up to download this free e-book offer.


Tuesday, September 7, 2010

Windows 7 Talk for end users

This Thursday night  I will be at the;

NYACC (New York Amateur Computer Club Inc) General Meeting Thursday   September 9, 2010  at  7PM
NYU Silver Building   See front desk for room number
32 Waverly Place (just east of Washington Square Park)

Windows 7
Presented by Jayson Ferron
President Association of PC User Groups
Get an understanding of what's new, what improvements are in the OS and its hardware requirements. See the new User interface, Security features, and much more.

The Start menu features integrated desktop search which can help you find and launch almost anything on your PC. Just type in a word, a name, or a phrase, and Quick Search can find the right file for you. But more than that, the new start menu makes it very easy for you to navigate across all of the installed applications on your PC.

Learn new desktop tricks that make it easier to work with multiple documents.


The New York Amateur Computer Club was established in March 1975 with the mission to further education in diverse areas of personal computing. The presentations at monthly meetings cover various platform computing systems and range from in-depth technical subjects to general overviews with broad appeal.

General meetings are always held on the second Thursday of each month and start promptly at 7 PM with announcements followed by a period of Questions and Answers called Random Access in which members and visitors are encouraged to ask technical questions or ask for advice on purchasing or using software, hardware, and related issues. There is a short break before the main presentation to enable attendees to meet and greet each other and to buttonhole people to get more detailed answers to specific questions. As an alternate to the main meeting, if a few people are interested, a new- or prospective-user group meeting is held to assist beginners.

The general meetings are open without charge to the public.

We meet at New York University (NYU) in the Silver Building (the main administration building) each second Thursday of the month. The website of the club, www.nyacc.org has the latest information regarding meeting location and subject of the main presentation. Room location is always available at the main floor security desk of the building. NYU requires some form of photo ID (driver’s license, school ID, Corporate card, etc) to enter the building.


Thursday, September 2, 2010

I will be speaking at 2011 Cyber Crime


On the following topics

  • Securing the Weakest Link
  • Security for the Network Administrator
  • Understand the Security Concerns Associated with Virtualization

Stay Tune for more information as the event draws closer.

Information on the conference is here at http://www.dodcybercrime.com/


This conference focuses on all aspects of computer crime and incident response including intrusion investigations, cyber crime law, digital forensics, information assurance, as well as the research, development, testing, and evaluation of digital forensic tools.

The goal is to prepare attendees for the new crimes of today and the near future. Speakers will discuss new approaches and new perspectives with the current movers and shakers in cyber crime.

Monday, August 30, 2010

Location of Identity Theft Talk

I did a webcast on Identity Theft last week, and people have asked can I view it again. The Webinar was recorded and is available for playback by clicking here.

“Arming Your Company (and yourself) Against Identity Theft” was the first in a four-part Webinar series introduced by Global Knowledge.

Be sure to watch for the remaining three parts of this Webinar Series devoted to the subject of Cyber Security:

Part Two: Cyber Security - Risk Management 9/22 - To register for this Webinar, go here.

Part Three: Cyber Security - Physical Security 10/27

Part Four: Cyber Security - Patch Management 11/17

Thursday, August 19, 2010

Free e-book: Introducing Windows Server 2008 R2

Learn about the features of Windows Server 2008 R2 in the areas of virtualization, management, the web application platform, scalability and reliability, and interoperability with Windows 7. Sign in to download Introducing Windows Server 2008 R2, written by industry experts Charlie Russel and Craig Zacker along with the Windows Server team at Microsoft.

To download the book click here.


Online talk on Identity Theft

I will be presenting a talk on Identity Theft on 8/25/2010 at 12:00 PM ET.

You can  attend this free webinar by going here

Hardly a day goes by without hearing about someone becoming a victim of identity theft or learning about another corporate data breach. Corporations and individuals are constantly under attack by cyber criminals. Since 2005 more than 300 million records containing sensitive information have been involved in security breaches in the US alone!

Global Knowledge is introducing an exclusive four part Webinar series devoted to the subject of Cyber Security, based on our recently announced hands-on cyber security course entitled Cyber Security Foundations.

In Part One, "Arming Your Company (and yourself) Against Identity Theft" we will examine the following topics:

  • Understanding what information cyber criminals are after
  • How they obtain this information
  • How to protect your company and yourself from being victim
  • How to recognize if information has been stolen

Be sure to watch for the remaining three parts of this Webinar Series:

  • Part Two: Cyber Security - Risk Management
  • Part Three: Cyber Security - Physical Security
  • Part Four: Cyber Security - Patch Management

You can  attend this free webinar by going here

The presenter is  Jayson Ferron, CEHI, CISM, CISSP, CWSP, MCITP, MCSE, MCT, MVP NSA-IAM,

Jay Ferron brings more than 20 years of experience in security, networking, virtualization, and high performance computing. A multi-faceted author, trainer, speaker, and designer, Jay has led the development of Windows and UNIX security designs, network infrastructures, enterprise designs and installations for numerous Fortune 500 companies as well as government and health agencies.

Jay is the author of more than 15 courseware books and papers for Microsoft and other vendors on security, networking, and virtualization technologies. In his current work at Global Knowledge, he is building a unique cyber security program that provides a global perspective of the challenges of designing a secure system.


Saturday, August 14, 2010

Microsoft Security Intelligence Report Volume 8

Microsoft post a report on the state of security that is very telling on the state of security and trends affecting users.

The Microsoft Security Intelligence Report (SIR) is a comprehensive and wide-ranging study of the evolving threat landscape, and addresses such topics as software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. An example to the kind of date has been taken from the latest report, shows trends in malware.


Volume 8 of the Microsoft® Security Intelligence Report provides in-depth perspectives on malicious and potentially unwanted software, software exploits, security breaches, and software vulnerabilities in both Microsoft and third party software. Microsoft developed these perspectives based on detailed analysis over the past several years, with a focus on the second half of 2009 (2H09)1.
This document summarizes the key findings of the report. The full Security Intelligence Report also includes deep analysis of trends found in more than 26 countries/regions around the world and offers strategies, mitigations, and countermeasures that can be used to manage the threats that are documented in the report.
The full Security Intelligence Report, as well as previous volumes of the report and related videos, can be downloaded from www.microsoft.com/sir.

For any security profession this is a great resource.

Get the full report here.


Monday, August 9, 2010

Improving Your Image – repost from Springboard Site.

This is a repost of an article that I think people need to follow. I am ask a lot of times what the best way to image a computer. I have share the stage with Jeremy Chapman at Tech•Ed taking about this and referenced this content before, so now i adding it to my blog.

I have learned much of what I know but talking with the folks at Microsoft when it come to Imaging  using the free tools an now Jeremy (the product manager) has started a group of articles to help other understand the process.

Jeremy Chapman

Improving Your Image: Sector-Based, File-Based, and Simper - What Makes the Most Sense?
By Jeremy Chapman, Senior Product Manager, Microsoft Corporate
After spending a few weeks on the road speaking at Tech•Ed and other events, I was struck by the fact that many IT pros haven't used any of the Microsoft tools for imaging and deployment. All in all, it seemed as though half of the room at my sessions had never seen or heard everything about file-based imaging and tools like ImageX and the Microsoft Deployment Toolkit or System Center Configuration Manager. The other half may have heard about the tools, but had never used them.

I get a lot of feedback from people that we are "selling" the Microsoft tools for imaging when we should be talking about the sector-based ones that people are using for Windows XP now. This is interesting feedback because the tools we are talking about-the Windows Automated Installation Kit, the Microsoft Deployment Toolkit, etc.-are free to download and use. In any regard, I have spent a lot of time with people who are using heavily-scripted solutions and thick sector-based images for their Windows XP environments. Some organizations even get down to one or two Windows XP managed images by customizing Hardware Abstraction Layer (HAL)-swapping with sysprep.inf-a practice that Microsoft hasn't supported, but one that is well known in the deployment community.
So what is the right way to do this? What are the pros and cans of each scenario? What is it that makes the sector-based solutions so attractive? These questions boil down to a couple of factors:

1. Image size - network bandwidth consumed + multicast support

2. Hardware coverage

3. Speed to lay down the image

4. Ease of use and familiarity - especially if you have to have a UI

5. Ease of creation - automating daily/weekly/monthly builds

6. Post-creation image management

All of these factors (and others) contribute to the decision about which tool(s) to use for imaging and deployment.
Then there is the question about when to use the System Preparation (Sysprep) Tool. In November, Mark Russinovich discussed in his blog the use of sysprep.inf or sysprep.exe. While his blog post referenced the fact that duplicate SIDs do not cause the issues they were once thought to cause, this made many question the use of the Sysprep tool overall. For those who hadn't been using Sysprep, their decision appeared to be validated. This sparked a lively philosophical debate among extremely knowledgeable individuals in our internal and MVP deployment communities that was very fun to watch and participate in. The fact is, however, that Sysprep is a necessary tool for imaging and deploying Windows client operating systems. Mark even clarified this in the April 29th Springboard Series Virtual Roundtable on Windows 7 Deployment and noted this in his blog:
"Note that Sysprep resets other machine-specific state that, if duplicated, can cause problems for certain applications like Windows Server Update Services (WSUS), so Microsoft's support policy will still require cloned systems to be made unique with Sysprep."
Based on these recent events, and a general desire in the IT pro community to know the pros and cons of file-based and sector-based imaging, I am going to help the Springboard Series with a series of blog posts on the topic of sector-based imaging versus file-based imaging. I hope to answer the question I pose in the title "Sector-Based, File-Based, and Sysprep. What Makes the Most Sense?" No combination is perfect or applies to all scenarios, but if you've had questions about which you should be using, keep checking the Springboard Series blog or sign up for automatic updates on new blog posts via RSS.


Microsoft out-of-band security update to .LNK Issue

Microsoft is releasing an out-of-band security update to address the .LNK vulnerability described in Microsoft Security Advisory 2286198. MS10-046 addresses one vulnerability in Windows, which has a maximum severity rating of Critical and an Exploitability Index rating of 1. The security vulnerability affects all supported editions of Windows, including Windows XP, Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2.

It is recommended that customers deploy the update as soon as possible to help protect their computers from criminal attacks. The security update protects against attempts to exploit the vulnerability by several malware families

This alert is to provide you with an overview of the new security bulletin released (out-of-band) on August 2, 2010.


Microsoft is releasing one new security bulletin (out-of-band) for newly discovered vulnerabilities:

Bulletin Identifier

Microsoft Security Bulletin MS10-046

Bulletin Title

Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)

Executive Summary

This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. The security update addresses the vulnerability by correcting validation of shortcut icon references. This security update also addresses the vulnerability first described in Microsoft Security Advisory 2286198.

Affected Software

This security update is rated Critical for all supported editions of Windows.

CVE, Exploitability Index Rating

CVE-2010-2568: Shortcut Icon Loading Vulnerability (EI = 1)

Attack Vectors

  • A maliciously crafted shortcut file.
  • Common delivery mechanisms: a maliciously crafted Web page, an e-mail attachment, an instant message, a peer-to-peer file share, a network share, or a USB thumb drive.

Mitigating Factors

  • Users would have to be persuaded to visit a malicious Web site.
  • Exploitation only gains the same user rights as the logged-on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • Blocking outbound SMB connections on the perimeter firewall reduces the risk of remote exploitation using file shares.

Restart Requirement

The update will require a restart.

Bulletins Replaced by This Update


Publicly Disclosed?

Yes—this vulnerability was publicly disclosed prior to release. More information is contained in Microsoft Security Advisory 2286198.
Yes—this vulnerability has been exploited in the wild at release.

Full Details



EasyBCD a tool for managing you bootloader

EasyBCD extends and revamps the Windows Vista/Windows 7 BCD bootloader, and with EasyBCD, almost anything is possible.

Setting up and configuring a dual-boot between Windows 7, Windows Vista, older versions of Windows such as XP & 2003, Linux, Ubuntu, BSD, and Mac OS X is a breeze. You just point & click and EasyBCD does the rest.


EasyBCD is geared for users of all kinds. Whether you just want to add an entry to your old XP partition or want to create a duplicate for testing purposes;Boot into XP/Vista/7/Ubuntu/OS X and more!

  • Boot from USB, Network, ISO images, Virtual Hard disks (VHD), WinPE, and more!
  • Repair the Windows bootloader, change your boot drive, create a bootable USB, and more!
  • Rename entries, set default boot target, change BCD timeout, hide the boot menu, and more!
  • Create your own custom boot sequence, hide drives on boot, backup and restore configurations, and more!

This is much easer to work with then using the command line tools built-in to windows.

Download EasyBCD here


Technorati Tags: ,

Microsoft Baseline Security Analyzer 2.2

To easily assess the security state of Windows machines, Microsoft offers the free Microsoft Baseline Security Analyzer (MBSA) scan tool. MBSA includes a graphical and command line interface that can perform local or remote scans of Microsoft Windows systems.
MBSA 2.2 builds on the previous MBSA 2.1.1 version that a supports Windows 7 and Windows Server 2008 R2 and corrects minor issues reported by customers. As with the previous MBSA versions, MBSA 2.2 includes 64-bit installation, security update and vulnerability assessment (VA) checks and support for the latest Windows Update Agent (WUA) and Microsoft Update technologies. More information on the capabilities of MBSA is available on the MBSA Web site.
MBSA 2.2 runs on Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003, Windows XP and Windows 2000 systems and will scan for missing security updates, rollups and service packs using Microsoft Update technologies. MBSA will also scan for common security misconfigurations (also called Vulnerability Assessment checks) using a known list of less secure settings and configurations for all versions of Windows, Internet Information Server (IIS) 5.0, 6.0 and 6.1, SQL Server 2000 and 2005, Internet Explorer (IE) 5.01 and later, and Office 2000, 2002 and 2003 only.
To assess missing security updates, MBSA will only scan for missing security updates, update rollups and service packs available from Microsoft Update. MBSA will not scan or report missing non-security updates, tools or drivers.

Get MBSA 2.2 here.


Wednesday, August 4, 2010

Presentation at DACS meeting on Office 2010


Microsoft’s Office Suite is one of the industry’s longest lasting “killer app”. Even with competition from OpenOffice.org and Google Docs, it proves to be like a fine wine, improving with age. Microsoft is taking notice of what their competitors are offering and addresses them with new features and enhancements to the applications you’ve come to know so well.

Lucky for us, Jay Ferron will be returning to the Danbury Computer Society (DACS) stage August 3rd to show us all of Microsoft Office’s newest features and enhancements for 2010. You may remember Jay from a previous presentation he gave us on the then-new Microsoft Vista and Office 2007.

Jay is a self-proclaimed geek who has authored; Architecting Microsoft Server Virtualization Solutions with Hyper-V™, System Center Virtual Machine Manager, and assorted articles on Microsoft Technologies published in Smart Computing Magazine.

He is also involved with the American Red Cross National Headquarters Emergency response team dealing with computing and communications in a disaster.

Microsoft Office 2010 has improved the capabilities for the user to not only include graphics and video into files, but to edit them as well! While this may not be as powerful as a stand-alone professional editor, it also doesn’t require purchasing an expensive suite to do most of the changes people do make and it is easier to use.

Office 2010 is also Microsoft’s latest foray into integrating with Cloud computing! Office combines the power of the desktop applications with the accessibility of an online storage site and availability to open these same files with their online office cloud applications! This means you never have to be far away from your documents, nor are your collaborators even if they do not have Office 2010 installed on their systems.

Even the ribbon interface introduced with Office 2007 has seen some improvement. The layout and controls are better laid out and, even better, are customizable!

So, if you’ve held off on upgrading your Office, now may be the time to jump. With numerous improvements from interfaces to integration and collaboration to graphics you’ll be pressed not to find a new feature you like!

Danbury Area Computer Society (DACS) is a registered nonprofit and has been serving the region since 1990. Members receive an award-winning newsletter, members-only workshops and events, and access to volunteer phone support.

As a reminder, our General Meetings are free and open to the public so invite anyone you know who would be interested in this topic.

DACS meetings are held at the Danbury Hospital auditorium. (Click here for directions.) Activities begin at 6:30 p.m. with registration and casual networking. The meeting starts at 7:00 p.m. with a question and answer period (Ask DACS), followed by announcements and a short break. The featured evening presentation begins at 8:00.

Cross post off WWW.DACS.ORG


Technorati Tags: ,,

Tuesday, August 3, 2010

Microsoft Security Compliance Manager

Download Microsoft Security Compliance Manager


About This Solution Accelerator

The Microsoft Security Compliance Manager provides centralized security baseline management features, a baseline portfolio, customization capabilities, and security baseline export flexibility to accelerate your organization’s ability to efficiently manage the security and compliance process for the most widely used Microsoft technologies.

Take advantage of the experience of Microsoft security professionals, and reduce the time and money required to harden your environment. This end-to-end Solution Accelerator will help you plan, deploy, operate, and manage your security baselines for Windows® client and server operating systems, and Microsoft applications. Access the complete database of Microsoft recommended security settings, customize your baselines, and then choose from multiple formats—including XLS, Group Policy objects (GPOs), Desired Configuration Management (DCM) packs, or Security Content Automation Protocol (SCAP)—to export the baselines to your environment to automate the security baseline deployment and compliance verification process. Use the Microsoft Security Compliance Manager to achieve a secure, reliable, and centralized IT environment that will help you better balance your organization’s needs for security and functionality.

Description: MSCM graphic_top.png

Key Features & Benefits

  • Centralized Management and Baseline Portfolio: The centralized management console of the Microsoft Security Compliance Manager provides you with a unified, end-to-end user experience to plan, customize, and export security baselines. The tool gives you full access to a complete portfolio of recommended baselines for Windows® client and server operating systems, and Microsoft applications. Additionally, the Microsoft Security Compliance Manager enables you to quickly update the latest Microsoft baseline releases and take advantage of baseline version control.
  • Security Baseline Customization: Customizing, comparing, merging, and reviewing your baselines just got easier. Now you can use the new customization capabilities of the Microsoft Security Compliance Manager to duplicate any of the recommended baselines from Microsoft—for Windows client and server operating systems, and Microsoft applications—and quickly modify security settings to meet the standards of your organization’s environment.
  • Multiple Export Capabilities: Export baselines in formats like XLS, Group Policy objects (GPOs), Desired Configuration Management (DCM) packs, or Security Content Automation Protocol (SCAP) to enable automation of deployment and monitoring baseline compliance.

Included in the Download

The Microsoft Security Compliance Manager download includes the following components:

  • Microsoft_Security_Compliance_Manager_Setup.exe – The Microsoft Security Compliance Manager allows you to view, update, and export security baselines.
  • LocalGPO.msi – This tool is designed to manage local group policies of a computer such as applying a security baseline and exporting the local Group Policy.

Launch the download of the Microsoft Security Compliance Manager.

This is a cross post of a Microsoft article that I feel is important to share.

Windows® Server 2008 R2 Security Baseline beta

For any security professional one of the the key tenets is base lining you system. Microsoft has made this easer with a new set of tools.  The beta 2 version of the Windows® Server 2008 R2 Security Baseline is now available for you to download... and it now includes a setting pack!

What is a setting pack?
Since the release of the Security Compliance Manager (SCM) tool, one of the most frequent requests has been to add all of the available Group Policy settings to the Microsoft security baselines so that you can access them in the SCM tool. While our baselines include hundreds of settings, there are hundreds of additional settings available in Group Policy. In response to this request, the team created setting packs. The setting packs include the basic information required by the SCM tool to define custom baselines that you can use to create GPO backups, DCM configuration packs, and SCAP content. You can learn more about setting packs on the program description page. Use the links provided in this message to join the program or go directly to the program description page.
Meet your business-critical needs and elevate the security of Windows Server 2008 R2 with this updated beta 2 security baseline and the new setting pack. It combines best-practice guidance with the Security Compliance Manager (SCM) tool to help you plan, deploy, and monitor the security of your Windows Server 2008 R2 servers.

Preview this new security baseline, and get the knowledge to effectively deploy and monitor your security baseline for Windows Server 2008 R2 faster and easier.

This beta 2 security baseline for Windows Server 2008 R2 is formatted for easy import using SCM. You must first join the program

and then use the Download link found in the upper left hand corner of the Connect page. You will find detailed instructions about how to import the download file into SCM on the here

Friday, July 30, 2010

Windows 7/Windows Server 2008 R2 SP 1 Beta Note and Download

Have you downloaded the Windows 7 and Windows Server 2008 R2 SP Beta yet?

Changes specific to Windows Server 2008 R2

Dynamic Memory

Dynamic Memory allows for memory on a host machine to be pooled and dynamically distributed to virtual machines as necessary. Memory is dynamically added or removed based on current workloads, and is done so without service interruption.

Virtual machines running a wide variety of operating systems can use Dynamic Memory; for a complete list, see the “Dynamic Memory Evaluation Guide” at http://go.microsoft.com/fwlink/?LinkId=192444. The guide also discusses Dynamic Memory settings and usage in detail.

Microsoft RemoteFX

Businesses are increasingly looking to leverage the efficiency and cost savings that can come from a virtualized desktop infrastructure. With the addition of Microsoft RemoteFX in Windows Server 2008 R2 SP1, a new set of remote user experience capabilities that enable a media-rich user environment for virtual desktops, session-based desktops and remote applications is introduced. Harnessing the power of virtualized graphics resources, RemoteFX can be deployed to a range of thick and thin client devices, enabling cost-effective, local-like access to graphics-intensive applications and a broad array of end user peripherals, improving productivity of remote users.

RemoteFX can function independently from specific graphics stacks and supports any screen content, including today’s most advanced applications and rich content (including Silverlight and Adobe Flash), ensuring that end users maintain a rich, local-like desktop experience even in a virtualized thin-client environment.

RemoteFX also adds mainstream USB device support to virtual desktop computing, including support for USB drives, cameras and PDAs connected to the client device. RemoteFX also provides a platform for hardware and software partners to enhance RemoteFX capabilities in a variety of possible host, client and network configurations.

Enhancements to scalability and high availability when using DirectAccess

DirectAccess is a new feature in the Windows 7 and Windows Server 2008 R2 operating systems that gives users the experience of being seamlessly connected to their corporate network any time they have Internet access. In Windows Server 2008 R2 SP1, improvements have been made to enhance scalability and high availability when using DirectAccess, through the addition of support for 6to4 and ISATAP addresses when using DirectAccess in conjunction with Network Load Balancing (NLB).

Support for Managed Service Accounts (MSAs) in secure branch office scenarios

SP1 enables enhanced support for managed service accounts (MSAs) to be used on domain-member services located in perimeter networks (also known as DMZs or extranets).

Support for increased volume of authentication traffic on domain controllers connected to high-latency networks

As a greater volume of IT infrastructure migrates to cloud-based services, there is a need for higher thresholds of authentication traffic to domain controllers located on high-latency networks (such as the public Internet). SP1 allows for more granular control of the maximum number of possible concurrent connections to a domain controller, enabling a greater degree of performance tuning for service providers.

Enhancements to Failover Clustering with Storage

SP1 enables enhanced support for how Failover Clustering works with storage that is not visible for all cluster nodes. In SP1, improvements have been made to the Cluster Validation and multiple Failover Cluster Manager wizards to allow workloads to use disks that are shared between a subset of cluster nodes.

Changes specific to Windows 7

Additional support for communication with third-party federation services

Additional support has been added to allow Windows 7 clients to effectively communicate with third-party identity federation services (those supporting the WS-Federation passive profile protocol). This change enhances platform interoperability, and improves the ability to communicate identity and authentication information between organizations.

Improved HDMI audio device performance

A small percentage of users have reported issues in which the connection between computers running Windows 7 and HDMI audio devices can be lost after system reboots. Updates have been incorporated into SP1 to ensure that connections between Windows 7 computers and HDMI audio devices are consistently maintained.

Corrected behavior when printing mixed-orientation XPS documents

Prior to the release of SP1, some customers have reported difficulty when printing mixed-orientation XPS documents (documents containing pages in both portrait and landscape orientation) using the XPS Viewer, resulting in all pages being printed entirely in either portrait or landscape mode. This issue has been addressed in SP1, allowing users to correctly print mixed-orientation documents using the XPS Viewer.

Changes common to both client and server platforms

Change to behavior of “Restore previous folders at logon” functionality

SP1 changes the behavior of the “Restore previous folders at logon” function available in the Folder Options Explorer dialog. Prior to SP1, previous folders would be restored in a cascaded position based on the location of the most recently active folder. That behavior changes in SP1 so that all folders are restored to their previous positions.

Enhanced support for additional identities in RRAS and IPsec

Support for additional identification types has been added to the Identification field in the IKEv2 authentication protocol. This allows for a variety of additional forms of identification (such as E-mail ID or Certificate Subject) to be used when performing authentication using the IKEv2 protocol.

Support for Advanced Vector Extensions (AVX)

There has always been a growing need for ever more computing power and as usage models change, processors instruction set architectures evolve to support these growing demands. Advanced Vector Extensions (AVX) is a 256 bit instruction set extension for processors. AVX is designed to allow for improved performance for applications that are floating point intensive. Support for AVX is a part of SP1 to allow applications to fully utilize the new instruction set and register extensions.

The Windows 7 and Windows Server 2008 R2 SP1 Beta helps keep your PCs and servers on the latest support level, provides ongoing improvements to the Windows Operating System (OS), by including previous updates delivered over Windows Update as well as continuing incremental updates to the Windows 7 and Windows Server 2008 R2 platforms based on customer feedback, and is easy for organizations to deploy a single set of updates.

The public beta is best suited for IT pros, tech enthusiasts and developers who need to test the service pack in their organization or with the software they are developing.

In order to download and install the Windows 7 and Windows Server 2008 R2 SP1 Beta you must currently have a Release to Manufacturing (RTM) version of Windows 7 and Windows Server 2008 R2 already installed. The Beta is available in English, French, German, Japanese and Spanish.

To learn more about piloting, deploying and managing Windows 7, visit the Springboard Series on TechNet.


This is a Post made up of information from the Microsoft Site and Notes about SP1.

Tuesday, July 20, 2010

New Beta of Microsoft Security Essentials

Announced today was  Microsoft Security Essentials Beta a no-cost light weight anti-malware service. It’s designed to keep computers e protected from viruses, spyware, and other malicious software.


New features in the beta of Microsoft Security Essentials include:

Windows Firewall integration – Manage firewall setting in during setup of Microsoft Security Essentials

Integrated with Internet Explorer to provide Enhanced protection for web-based threats –

The beta includes a updated anti-malware engine offers enhanced detection and cleanup capabilities.

Network inspection system Protection against network-based exploits is now built in to Microsoft Security Essentials.

To get on the beta, click


Monday, July 19, 2010

Arming Yourself Against Identity Theft

I wrote an article for Global Knowledge about fast growing issue of  Identity theft.

In the article I gave 15 Simple steps to prevent becoming a victim, here they are:

  1. Think security. If you are not sure about something, do not open or install it.
  2. If asked to download a file, and you are not sure what it does, do not download it.
  3. Get an anti-spyware program, keep it updated, and use it.
  4. Do not open e-mails from people you do not know.
  5. Do not open attachments if you are not positive you know what they are.
  6. If an e-mail offers something too good to be true, it probably is a scam.
  7. Use anti-virus software; update it at least once a day or more.
  8. Patch your computer's operating system (all vendors have updates).
  9. Patch you applications (word, games, mail programs, etc.).
  10. Be smart; know what services run on your computer, and what ports are open.
  11. Stay away from peer-to-peer sharing software programs.
  12. Think! Computer Security is about what you do as well as what you don't do.
  13. If your computer has a Trojan or worm, you can try to fix it BUT it probably has more than one Trojan or worm. It's better to rebuild if you want to be truly secure.
  14. Wipe out the hard drive when disposing of computers with utilities such as Active KillDisk (Free) WipeDisk, or BCwipe.
  15. Think before you click.

To read the full acticle go here


Thursday, July 8, 2010

Test Drive Windows 7, Take a Survey and Enter to Win a Toshiba Notebook

Visit the Windows 7 Test Drive site, check out our new content on IE8, MDOP and virtualization, try out the online resources, and then tell us about your experience in a short 2-minute survey to enter the prize drawing. Winners will be drawn from the completed survey entries once a week for seven weeks. Come back once a week through August 15 to enter and increase your chances to win.

Enter here

You can also download a free e-book on Deploying Windows® 7 Essential Guidance from the Windows 7 Resource Kit and Microsoft® TechNet Magazine


Get  the free E-book here

Useful Hacker Tips for IT Administration

This was posted about a session a friend did at TechEd and I thought I would share it here

Paula Januszkiewicz  talked with David Tesar about how hacking can help in efficient IT administration and then we also got into topics such as a world without passwords and web security.

Watch her session at TechEd

Open Betas for IPD Guides—Now Available for Download

As a Security pro this is great news, these docs can help you secure your Microsoft infrastructure

The Infrastructure Planning and Design team is working on two new guides and would like your feedback: Microsoft Forefront™ Identity Manager (FIM) 2010 and Active Directory® Certificate Services (AD CS). Get the betas by visiting the Connect Web site at http://go.microsoft.com/fwlink/?LinkId=186024.

The Infrastructure Planning and Design guide for Microsoft Forefront Identity Manager (FIM) 2010 provides actionable guidance for designing a FIM 2010 infrastructure. Follow this guide’s step-by-step process to determine the FIM components necessary for fulfilling your organization’s identity-management needs, and design an infrastructure with the right deployment topology for meeting your performance and availability requirements.

The Infrastructure Planning and Design guide for Active Directory Certificate Services (AD CS) outlines the critical infrastructure design elements that are key to a successful implementation of Active Directory Certificate Services. Using this guide will result in a certificate services design that is optimized to meet the needs of your organization at the lowest cost.

The two guides can be used together to design a FIM certificate-brokering service that is integrated with AD CS to deliver identity-managed certificate services.

The Microsoft Operations Framework (MOF) team is working on related guidance: the MOF Reliability Workbook for Active Directory Certificate Services. It provides knowledge, specific tasks, and schedules needed to keep Active Directory Certificate Services running smoothly.

Reduce time and planning costs by following the processes in these IPD guides to design a successful deployment of FIM and AD CS, and use the MOF Reliability Workbook to optimize monitoring and maintenance activities.

This is a repost of a Microsoft announcement

Microsoft® Deployment Toolkit (MDT) 2010 Update

Deploy Windows 7 and Office 2010 quickly and reliably—while boosting user satisfaction

Microsoft® Deployment Toolkit (MDT) 2010 Update 1 is now available! Download MDT 2010 Update 1 at: http://go.microsoft.com/fwlink/?LinkId=159061

As you prepare to deploy Windows® 7, Office 2010, and Windows Server® 2008 R2, get a jump start with MDT 2010 Update 1. Use this Solution Accelerator to achieve efficient, cost-effective deployment of Windows 7, Office 2010, and Windows Server 2008 R2.

This latest release offers something for everyone. Benefits include:

For System Center Configuration Manager 2007 customers:

New “User Driven Installation” deployment method. An easy-to-use UDI Wizard allows users to initiate and customize operating system and application deployments to their PCs that are tailored to their individual needs.

Support for Configuration Manager R3 “Prestaged Media.” For those deploying Windows 7 and Office 2010 along with new PCs, a custom operating system image can easily be preloaded and then customized once deployed.

For Lite Touch Installation:

Support for Office 2010. Easily configure Office 2010 installation and deployment settings through the Deployment Workbench and integration with the Office Customization Tool.

Improved driver import process. All drivers are inspected during the import process to accurately determine what platforms they really support, avoiding common inaccuracies that can cause deployment issues.

For all existing customers:

A smooth and simple upgrade process. Installing MDT 2010 Update 1 will preserve your existing MDT configuration, with simple wizards to upgrade existing deployment shares and Configuration Manager installations.

Many small enhancements and bug fixes. Made in direct response to feedback received from customers and partners all around the world, MDT 2010 Update 1 is an indispensible upgrade for those currently using MDT (as well as a great starting point for those just starting).

Continued support for older products. MDT 2010 Update 1 still supports deployment of Windows XP, Windows Server 2003, Windows Vista®, Windows Server 2008, and Office 2007, for those customers who need to be able to support these products during the deployment of Windows 7 and Office 2010.

Next steps:

Download Microsoft Deployment Toolkit 2010: http://go.microsoft.com/fwlink/?LinkId=159061.

Learn more by visiting the MDT site on Microsoft TechNet: www.microsoft.com/mdt.

This is a repost of a Microsoft announcement


Wednesday, July 7, 2010

Microsoft Technology Associate (MTA)

Until now, there haven’t been enough certification programs that focus on fundamental IT and development skills.  Microsoft hope is  that the new (MTA) will fill this void.

Launched today, the MTA will offer students a certification in the fundamentals of IT and development. Unlike more advanced Microsoft certifications, the MTA targets students with no prior IT or development experience or employment. It is available exclusively in educational settings and is designed to easily integrate into the curricula of existing computer classes.

The MTA offers three IT certifications, three development certifications and one database certification. The IT section includes tests in Networking Fundamentals, Security Fundamentals and Windows Server Administration Fundamentals. The development certification offers tests in Software Development Fundamentals, Windows Development Fundamentals and Web Development Fundamentals. The database certification covers Database Administration Fundamentals. Students can pursue as many or as few certifications as they choose.

Participating teachers can continue to use their favorite courseware to teach fundamental technology concepts, and also use the included MTA Certification Exam Review Kits (ERKs) to complement existing textbooks. For each exam, 20 hours of instructional material is available. The MTA will eventually be available in thousands of high schools, vocational programs and colleges in the U.S. and other countries. Some colleges are considering making the MTA a mandatory part of their freshman curricula in IT and development. Testing will be conducted by Certiport, a commercial testing service, at participating schools.


Tuesday, June 29, 2010

Microsoft Deployment Toolkit (MDT) 2010 Update

As a security person I hear what the best build way to build computers system that I can baseline them . I use tools like MDT 2010.

The Microsoft Deployment Toolkit (MDT) 2010  is a FREE tool that will allow you to create images for operating systems. This tool will script the building of operating systems XP service pack 3, Vista, Windows 7, Server 2003, Server 2008, Server 2008r2. You can also add applications,  and configurations.

If you have SCCM or use WDS you can take the results created by this tool.  It also has method for upgrading XP to Windows 7 while leaving user data on the system. There is a tool called USMT (User state migration toolkit) using you can specify what data you like to keep on the computer or move to a share during a upgrade.

You can download the beta 1 at https://connect.microsoft.com/site14/Downloads/DownloadDetails.aspx?DownloadID=8689

Technorati Tags: ,

Infrastructure Planning and Design Guides—Microsoft SQL Server 2008 and SQL Server 2008 R2 Released

AS a network administrator you may need guidance to plan and design  and implementation your SQL infrastructure. Using guide like this will also give you best practices to reduce security issues.

The Infrastructure Planning and Design (IPD) guide for Microsoft SQL Server 2008 and SQL Server 2008 R2 helps organizations address key design decisions and confidently plan the efficient implementation of a SQL Server infrastructure. The tasks addressed in this guide help technical decision makers identify the appropriate SQL Server roles needed as well as determine the infrastructure components, server placement, and fault-tolerance configuration necessary to meet planning requirements. By using this guidance, organizations can make efficient planning and optimal design decisions for their SQL Server infrastructures.

Download the IPD Guide for Microsoft SQL Server 2008 and SQL Server 2008 R2 at http://go.microsoft.com/fwlink/?LinkId=160982


Microsoft Network Monitor 3.4 released

This is another tool that a security or network administrator needs. This is a Windows based Sniffer with the following benefits

A new high performance capturing feature allows you to capture on faster networks without dropping frames. Parser profiles provide a simple way to increase filtering/parsing speed and allow you to switch quickly between various parser sets. And UI updates like Color Rules, Windows Layouts and Column Management give you flexibility to do cool customizations to help you work the way you want..

To download the latest version, please visit our Microsoft Download Center page. For more information see the release blog which has the official announcement.


WhatsUp Gold Engineer's Toolkit

AS a security profession i am always on the look for tools that we help me do easer. Ipswich has just offered a free tool that should be in any Windows administrator took kit.

The Engineer's Toolkit has a single login and credentials library, features robust functionality, and is designed to simplify common network engineering tasks. The Engineer's Toolkit can help you with:

* Network design and planning

* DNS verification

* Network diagnostics

* Remote access to devices and servers

* Network discovery

* Configuration and credential management

Your role as a network engineer is not an easy one. Routine tasks often take more time than planned and troubleshooting issues can lead to long days, not to mention a few headaches.

Take advantage of our limited time offer -Get the WhatsUp Gold Engineer's Toolkit today for free! Get ready to simplify network engineering.

Download your WhatsUp Gold Engineer's Toolkit(http://www.whatsupgold.com/2/engineerstoolkit) today and gain access to the most robust and usable toolkit available featuring one application, one interface, and one easy way to monitor, diagnose and troubleshoot network issues!


Sunday, June 6, 2010

Critical Security Advisory for Flash Player, Adobe Reader and Acrobat


This is a very big issues for most users, Adobe announced that on Windows, Macintosh, Linux and Solaris operating a  critical vulnerability exists  in ALL versions of Flash player version and earlier versions .

They also announced that  a component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems 

These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat.

At this time there in NOT a FIX. Adobe will update their site once a schedule has been determined for releasing a fix.