My information Resource (blog.mir.net)

This is a new campaign from Microsoft that i think we need to remind people to THINK FIRST before you CLICK

 

Think before you click.

Only download software from websites you trust. For more information, see How do I know if I can trust a website?

Turn on automatic updating so that you’re always using the latest, most secure versions of the software installed on your computer.

Make sure you’re using antivirus software and keeping it up to date.

Use newer software whenever possible.

You can prevent most computer issues if you THINK FIRST

 

Source Microsoft 

Turn your PowerPoint presentation into an interactive online lesson. We call this a mix. Everything you need to create and share your mix is included. Add audio and video of yourself giving your presentation, write on slides as you talk to them, insert quizzes, practice exercises, and more – all from within PowerPoint. It’s like a screen cast, but better. This is a new Customer Preview

for the Add in Called Office MIX

Bring your PowerPoint presentations to life by adding interactive quizzes, online videos, and even web pages.

Check it out at https://mix.office.com/

to learn more about Office Mix go here

 

 

This book is about writing Windows Store apps using HTML, CSS, and JavaScript. Our primary focus will be on applying these web technologies within the Windows platform, where there are unique considerations, and not on exploring the details of those web technologies themselves.

 

Creating a Password

bird

Sorry the password must be more that 8 characters

bird house

Sorry the password must contain 1 numerical space

1 bird house

Sorry the password cannot have blank spaces

1birdhouseisthisok

Sorry the password must contain at least one upper case character

1birdhouseisthisokNOW

Sorry the password can not use more that one upper case character consecutively

11birdhouseisthisokNowjerk

Sorry the password can not use more that 2 numbers consecutively

11birdhouseisthisokNowjerkfine!

Sorry the password cannot contain punctuation

1birdhouseisthisokNowjerkfineonow

Sorry the password can not use words in the Dictionary

P@ssw0rd

Sorry that  password is already in use and now you need to wait 24 hour to change your password

Officials are telling that the Healthcare.gov  website account holders to reset their passwords, following revelations of a bug that could allow hackers to steal data.

Officials earlier said the site HealthCare.gov, were safe from the risks surrounding Heartbleed — faulty code recently found in a widely-used encryption tool. 

But, this weekend, the homepage directs users to change their login information.  

“While there’s no indication that any personal information has ever been at risk, we have taken steps to address Heartbleed issues and reset consumers’ passwords out of an abundance of caution,” HealthCare.gov states. 

This is  what the Site says to do

Recently, you may have heard about a new internet security weakness, known as Heartbleed, which is impacting some websites. HealthCare.gov uses many layers of protections to secure your information. While there’s no indication that any personal information has ever been at risk, we have taken steps to address Heartbleed issues and reset consumers’ passwords out of an abundance of caution. This means the next time you visit the website, you’ll need to create a new password. We strongly recommend you create a unique password – not one that you’ve already used on other websites.

How to reset your password

1. Use the online Forgot Password feature
2. Enter your username and click “Send email”
3. Wait for the “Forgot Marketplace Password” email we’ll send you to create a new password for your account
4. Follow the link in the email and answer the 3 security questions you chose when you first created your account
5. Create and confirm your new password
6. Click “Reset Password”
7. Wait for the message that your password was successfully reset
8. Log in with your new password

If you get a message that we couldn’t process your password reset request, you’ll need to try again. Click on “Return to log in page” and select the “Forgot your password?” link to get a new email with a new link to try again. If this doesn’t work, call the Marketplace call center at 1-800-318-2596 for help.

Is my information at risk?

There’s no indication that Heartbleed has been used against HealthCare.gov or that any personal information has ever been at risk. However, we’re resetting current passwords out of an abundance of caution, to ensure the protection of your information.

Additional password tips and information about managing your HealthCare.gov account is located at https://www.healthcare.gov/help/i-am-having-trouble-logging-in-to-my-marketplace-account/.

 

Original release date: April 08, 2014

 

Systems Affected

• OpenSSL 1.0.1 through 1.0.1f
• OpenSSL 1.0.2-beta

Overview

A vulnerability in OpenSSL could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory handling in the TLS heartbeat extension.

Description

OpenSSL versions 1.0.1 through 1.0.1f contain a flaw in its implementation of the TLS/DTLS heartbeat functionality. This flaw allows an attacker to retrieve private memory of an application that uses the vulnerable OpenSSL library in chunks of 64k at a time. Note that an attacker can repeatedly leverage the vulnerability to retrieve as many 64k chunks of memory as are necessary to retrieve the intended secrets. The sensitive information that may be retrieved using this vulnerability include:

• Primary key material (secret keys)
• Secondary key material (user names and passwords used by vulnerable services)
• Protected content (sensitive data used by vulnerable services)
• Collateral (memory addresses and content that can be leveraged to bypass exploit mitigations)

Exploit code is publicly available for this vulnerability.  Additional details may be found in CERT/CC Vulnerability Note VU#720951.

Impact

This flaw allows a remote attacker to retrieve private memory of an application that uses the vulnerable OpenSSL library in chunks of 64k at a time.

Solution

OpenSSL 1.0.1g has been released to address this vulnerability.  Any keys generated with a vulnerable version of OpenSSL should be considered compromised and regenerated and deployed after the patch has been applied.

US-CERT recommends system administrators consider implementing Perfect Forward Secrecy to mitigate the damage that may be caused by future private key disclosures.

References

• OpenSSL Security Advisory
• The Heartbleed Bug
• CERT/CC Vulnerability Note VU#720951
• Perfect Forward Secrecy
• RFC2409 Section 8 Perfect Forward Secrecy

Revisions

• Initial Publication

This is copied from the DHS Site as a public service

Introducing Microsoft SQL Server 2014

In this book, the authors explain how SQL Server 2014 incorporates in-memory technology to boost performance in online transactional processing (OLTP) and data-warehouse solutions. They also describe how it eases the transition from on-premises solutions to the cloud with added support for hybrid environments.

 Download the PDF

Microsoft System Center: Network Virtualization and Cloud Computing

This brief book identifies some key usage and deployment scenarios for cloud computing to provide some deep technical background on the Microsoft SDN solution, enabling IT professionals to quickly learn the internals of HNV, how it works from end to end, and where and how it should be used.

 Download the PDF (4.52 MB)

 Download the EPUB file (4.2 MB)

 Download the Mobi for Kindle file (6.56 MB)

————————————————————————————————

Introducing Windows Server 2012 R2

Get a head start evaluating Windows Server 2012 R2—with technical insights from a Microsoft MVP and members of the Windows Server product team. Based on final Windows Server 2012 R2 release-to-manufacturing (RTM) software, this guide introduces new features and capabilities, with scenario-based advice on how the platform can meet the needs of your business. Get the high-level overview you need to begin preparing your deployment now.

 Download the PDF (8.0 MB)

 Download the EPUB file (22.5 MB)

 Download the Mobi for Kindle file (40.3 MB)

————————————————————————————————

Introducing Windows 8.1 for IT Professionals

Get a head start evaluating Windows 8.1—with early technical insights from award-winning journalist and Windows expert Ed Bott. This guide introduces new features and capabilities, providing a practical, high-level overview for IT professionals ready to begin deployment planning now.

 Download the PDF (8.0 MB)

 Download the EPUB file (22.5 MB)

 Download the Mobi for Kindle file (40.3 MB)

This is how Google handles cloud security !

1.2 From Customer to Google. By submitting, posting, generating, or displaying any Application and/or Customer Data on or through the Services, Customer gives Google a worldwide, non-sublicensable, non-transferable, non-exclusive, terminable, limited license to use any Application and/or Customer Data for the sole purpose of enabling Google to provide, maintain, protect, and improve the Services in accordance with the Agreement.

This is from Google Cloud Platform TOS: https://developers.google.com/cloud/terms/.

 

Who wants to host with GOOGLE now…

 

Do you have Linksys brand router E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000,E900 you may be at risk!

There is a there’s a worm out there exploiting an authentication bug in the Cisco firmware that, If you have enabled remote administration on port 8080 — even with a good password you could be at risk. The WORM rewrites the firmware to infect the router, and then -sets the router to scan zillions of other IP addresses looking for other systems to infect.

Patch you system with the latest Firmware, and disable remote management.

You can go here. on the SANS Site to learn more about this.