There is a java based app that a huge percentage of schools in Ohio uses. We conspired together to put pressure on the vendor. They heard us, and packaged it as a self contained jar. A simple install msi and we are done with it. Now are Java version proof. I am no programmer, let alone a java expert but I don't get why more of these apps don't go that way. It helps them tremendously also...they can update and change away and and use java version they want.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Rankin, James R Sent: Thursday, June 4, 2015 4:21 PM To: [email protected] Subject: Re: [NTSysADM] Cryptlocker Sounds like my assertion that half the world's sysadmins are crying out for a decent Java remediation solution is correct... ------- James Rankin | Director | TaloSys | 07809668579 Sent from my Blackberry -----Original Message----- From: "Maglinger, Paul" <[email protected]> Sender: <[email protected]> Date: Thu, 4 Jun 2015 19:54:57 To: '[email protected]'<[email protected]> Reply-To: <[email protected]> Subject: RE: [NTSysADM] Cryptlocker Updates would be fine... if they didn't break things. Reminds me of when we put in our latest Cisco IP Telephony solution. The phone system wanted me to upgrade my Java but then Cisco's web site wouldn't work with that version. *thunk* *thunk* *thunk* I LOATHE Java... -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Kurt Buff Sent: Thursday, June 04, 2015 2:34 PM To: ntsysadm Subject: Re: [NTSysADM] Cryptlocker Updates of Java? Hell no. Some of our users somehow get Java fubared, and when ADP can't find Java, they tell the user to install 6u29, so I've put in an exception in our AV to block the download, Kurt On Thu, Jun 4, 2015 at 10:30 AM, Kennedy, Jim <[email protected]> wrote: > Nope, if they did I would be pushing hard to replace it. Have they gotten > any better at keeping up with updates? > > > > From: [email protected] > [mailto:[email protected]] > On Behalf Of Kurt Buff > Sent: Thursday, June 4, 2015 1:28 PM > > > To: ntsysadm > Subject: Re: [NTSysADM] Cryptlocker > > > > Your users don't file their timecards with ADP, then... > > Kurt > > > > On Thu, Jun 4, 2015 at 9:52 AM, Kennedy, Jim > <[email protected]> > wrote: > > 2 depends on Oracle, Chrome has been begging them for it for some time. > From Chrome’s perspective 1 and 2 are the same. That said, I honestly > do not think Firefox has any plans to discontinue NPAPI support. Their > approach is disabled by default….user beware if you enable it. > > > > Anecdotal but I can say that most of my users use Chrome, and they > have not missed Java. > > > > From: [email protected] > [mailto:[email protected]] > On Behalf Of Damien Solodow > Sent: Thursday, June 4, 2015 12:49 PM > > > To: [email protected] > Subject: RE: [NTSysADM] Cryptlocker > > > > Doubtful; I see one of two things happening: > > 1) Oracle blinks and releases an updated JRE that doesn’t use NPAPI > > 2) Chrome includes its own JRE like they did with Flash > > > > DAMIEN SOLODOW > > Senior Systems Engineer > > 317.447.6033 (office) > > 317.447.6014 (fax) > > HARRISON COLLEGE > > > > From: [email protected] > [mailto:[email protected]] > On Behalf Of Melvin Backus > Sent: Thursday, June 4, 2015 12:44 PM > To: [email protected] > Subject: RE: [NTSysADM] Cryptlocker > > > > So if I’m reading this correctly that would seem to mean that all the > thousands (millions?) of pages with Java embedded are going to be > relegated to IE only? (And JAVA will finally DIE? Albeit a slow and > lingering death.) > > > > > > -- > There are 10 kinds of people in the world... > those who understand binary and those who don't. > > > > From: [email protected] > [mailto:[email protected]] > On Behalf Of Kurt Buff > Sent: Thursday, June 4, 2015 10:41 AM > To: ntsysadm > Subject: Re: [NTSysADM] Cryptlocker > > > > Not Java specifically - the NPAPI interface. > > So is Firefox, and so will Edge... > > Kurt > > > > On Thu, Jun 4, 2015 at 6:42 AM, Heaton, Joseph@Wildlife > <[email protected]> wrote: > > Interesting. I didn’t realize that Chrome was doing away with Java > functionality. Thanks for the update. > > > > From: [email protected] > [mailto:[email protected]] > On Behalf Of Kennedy, Jim > Sent: Thursday, June 04, 2015 5:12 AM > > > To: [email protected] > Subject: RE: [NTSysADM] Cryptlocker > > > > Demand for this in Chrome will dwindle to zero in September when there > isn’t any way to run Java in Chrome. It’s already dwindling….we did > not bypass the block in the last patch for Chrome that disabled it. > > > > From: [email protected] > [mailto:[email protected]] > On Behalf Of James Rankin > Sent: Thursday, June 4, 2015 7:08 AM > To: [email protected] > Subject: RE: [NTSysADM] Cryptlocker > > > > OK, FSLogix confirm that currently the Java remediation only works with IE. > You can restrict other browsers on a process basis only currently, so > you could force Chrome or Firefox to a specific Java version by > process, but not by URL. > > > > However, support for other browsers is on the roadmap. Any customer > demand (probably someone coming along with 5000 users and wanting it > to work in > Chrome) will “drive the roadmap forward”, i.e. they’ll do it ASAP if > there’s a big enough sale at the end of it J > > > > Hope this helps, > > > > > > > > JR > > > > From: [email protected] > [mailto:[email protected]] > On Behalf Of James Rankin > Sent: 03 June 2015 18:56 > To: [email protected] > Subject: RE: [NTSysADM] Cryptlocker > > > > OK, I tried to test with Chrome and found out that Chrome has disabled > just about all the plugins from the websites I was using for testing L > > > > Waiting for an answer from FSLogix support as I now have to put the > kids in the bath! > > > > > > From: [email protected] > [mailto:[email protected]] > On Behalf Of Jonathan Link > Sent: 03 June 2015 18:44 > To: [email protected] > Subject: Re: [NTSysADM] Cryptlocker > > > > Probably not pants. > > > > On Wed, Jun 3, 2015 at 12:26 PM, James Rankin > <[email protected]> > wrote: > > Let me get you an answer on that…maybe something I should have tested > > > > From: [email protected] > [mailto:[email protected]] > On Behalf Of Heaton, Joseph@Wildlife > Sent: 03 June 2015 17:22 > To: '[email protected]' > Subject: RE: [NTSysADM] Cryptlocker > > > > So, it looks like FSLogix only works with IE? Is that true? > > > > From: [email protected] > [mailto:[email protected]] > On Behalf Of James Rankin > Sent: Tuesday, June 02, 2015 11:16 AM > To: [email protected] > Subject: RE: [NTSysADM] Cryptlocker > > > > OK, quick and dirty run-down, but I’m sure you can all get the gist of > it > (hopefully!) > > > > http://appsensebigot.blogspot.co.uk/2015/06/fslogix-first-look-1-manag > ing-legacy-or.html > > > > > > From: [email protected] > [mailto:[email protected]] > On Behalf Of Kurt Buff > Sent: 02 June 2015 17:38 > To: ntsysadm > Subject: Re: [NTSysADM] Cryptlocker > > > > Yes, please put up the link here when done. > > Kurt > > > > On Tue, Jun 2, 2015 at 8:43 AM, James Rankin > <[email protected]> > wrote: > > I shall endeavour to finish this as soon as possible then! > > > > From: [email protected] > [mailto:[email protected]] > On Behalf Of Maglinger, Paul > Sent: 02 June 2015 16:12 > To: '[email protected]' > Subject: RE: [NTSysADM] Cryptlocker > > > > Me too! > > > > -Paul > > > > From: [email protected] > [mailto:[email protected]] > On Behalf Of Sean Martin > Sent: Tuesday, June 02, 2015 10:07 AM > > > To: [email protected] > Subject: Re: [NTSysADM] Cryptlocker > > > > Definitely interested. > > - Sean > > > On Jun 2, 2015, at 6:08 AM, James Rankin <[email protected]> wrote: > > What you need is FSLogix Java Rules Manager, only allow the vulnerable > Java version to be seen when a specific URL is visited, otherwise – > it’s invisible to the user and OS, and the latest version is used. > > > > I’m writing an article up on this today, if anyone’s interested in > Java version management (on a sysadmin list, who isn’t?) > > > > J > > > > > > From: [email protected] > [mailto:[email protected]] > On Behalf Of Heaton, Joseph@Wildlife > Sent: 02 June 2015 14:51 > To: '[email protected]' > Subject: RE: [NTSysADM] Cryptlocker > > > > Update Java? That’s just crazy talk. We’re still at 7u51, with no > roadmap in place to go any higher. Not my choice, btw, it is > development issues with Oracle. > > > > From: [email protected] > [mailto:[email protected]] > On Behalf Of Ed Ziots > Sent: Saturday, May 30, 2015 10:48 AM > To: [email protected] > Subject: RE: [NTSysADM] Cryptlocker > > > > Nice.strategy > > Ed > > On May 29, 2015 9:31 AM, "Robert Strong" <[email protected]> wrote: > > Ensure you have the latest patches installed for Java and Flash. > Exploit kits like Angler, Nuclear and Magnitude are starting to > distribute Ransomware more frequently via drive-by download attacks > and malicious advertisements on common websites. > > > > We’ve had several ransomware incidents in the last few months all due > to unpatched systems. Host based detection is limited at best, but one > thing I have noticed in all incidents seen is that the malware > typically uses hxxp://ipinfo.io/ip to determine its public facing IP address. > > > > We have created correlation rules that detect users going to this > domain via our McAfee ESM SIEM, we then have an alarm that fires when > that correlation rule is seen and we can automatically apply an ePO > tag to enforce a policy that severely ‘disables’ the system (no R/W to > network shares, restricted HTTP/HTTPS going out). Our alarm also > e-mails out some key characteristics about the infected machine for > easy identification by our IT Service Desk team. > > > > Ransomware isn’t going away and it’s going to get worse. We’ve been > able to detect these IoC’s and have the issue remediated in under 7 minutes. > > > > Cheers, > > > > Rob Strong > > Information Security Specialist > > Equitable Life of Canada > > > > > > > > From: [email protected] > [mailto:[email protected]] > On Behalf Of David McSpadden > Sent: Thursday, May 28, 2015 7:17 PM > To: <[email protected]> > Subject: Re: [NTSysADM] Cryptlocker > > > > That's mine today. > > What variant was yours > > Sent from my iPhone > > > On May 28, 2015, at 7:14 PM, Heaton, Joseph@Wildlife > <[email protected]> wrote: > > We had that the other day. The files are getting encrypted, but the > extensions are not getting changed. > > > > From: [email protected] > [mailto:[email protected]] > On Behalf Of Jonathan Link > Sent: Thursday, May 28, 2015 8:37 AM > To: [email protected] > Subject: Re: [NTSysADM] Cryptlocker > > > > The text files created should indicate the affected user with the > Owner attribute, no? > > > > > > On Thu, May 28, 2015 at 11:30 AM, David McSpadden <[email protected]> wrote: > > I am pretty sure I have pc with this on it in my network. > > I have ran scans on workstations. > > I still do not see it but I have the tell tale signs. > > The HELP_DECRYPT files in network folders. > > The word and excel files not being able to be opened etc. > > How do I remove something that Trend is not seeing? > > Nor Windows Endpoint protection? > > > > > > David McSpadden > > Systems Administrator > > Indiana Members Credit Union > > P: 317.554.8190 | F: 317.554.8106 > > <image002.jpg> > > > > <image003.jpg> > > <image004.png> > > > > This e-mail and any files transmitted with it are property of Indiana > Members Credit Union, are confidential, and are intended solely for > the use of the individual or entity to whom this e-mail is addressed. > If you are not one of the named recipient(s) or otherwise have reason > to believe that you have received this message in error, please notify > the sender and delete this message immediately from your computer. Any > other use, retention, dissemination, forwarding, printing, or copying > of this email is strictly prohibited. > > > > Please consider the environment before printing this email. > > > > IMPORTANT NOTICE: Without the use of secure encryption, the Internet > is not a secure medium and privacy cannot be ensured. Internet e-mail > is vulnerable to interception, misuse and forging. Equitable cannot > ensure the privacy and authenticity of any information sent by way of the > public Internet. > Equitable will not be responsible for any damages you may incur if you > communicate confidential and personal information to us over the > Internet or if we communicate such information to you at your request. > This e-mail and any attachments are confidential, may be covered by > legal professional privilege or exempt from disclosure under > applicable law, and are intended for the addressee only. If you are > not the intended recipient, you are not authorized to and must not > disclose, copy, distribute or retain any or part of this e-mail and > any attachments without written permission of The Equitable Life Insurance > Company of Canada. > > > > > > > >
