Barracuda does the same thing with their SSLVPN agent. On Thu, Jun 4, 2015 at 4:40 PM, Rankin, James R <[email protected]> wrote:
> Excellent result. Wish more vendors would respond in the same way to > community pressure. > > > ------- > > James Rankin | Director | TaloSys | 07809668579 > Sent from my Blackberry > > -----Original Message----- > From: "Kennedy, Jim" <[email protected]> > Sender: <[email protected]> > Date: Thu, 4 Jun 2015 20:26:47 > To: [email protected]<[email protected]> > Reply-To: <[email protected]> > Subject: RE: [NTSysADM] Cryptlocker > > There is a java based app that a huge percentage of schools in Ohio uses. > We conspired together to put pressure on the vendor. They heard us, and > packaged it as a self contained jar. A simple install msi and we are done > with it. Now are Java version proof. I am no programmer, let alone a java > expert but I don't get why more of these apps don't go that way. It helps > them tremendously also...they can update and change away and and use java > version they want. > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] On Behalf Of Rankin, James R > Sent: Thursday, June 4, 2015 4:21 PM > To: [email protected] > Subject: Re: [NTSysADM] Cryptlocker > > Sounds like my assertion that half the world's sysadmins are crying out > for a decent Java remediation solution is correct... > > > ------- > > James Rankin | Director | TaloSys | 07809668579 Sent from my Blackberry > > -----Original Message----- > From: "Maglinger, Paul" <[email protected]> > Sender: <[email protected]> > Date: Thu, 4 Jun 2015 19:54:57 > To: '[email protected]'<[email protected]> > Reply-To: <[email protected]> > Subject: RE: [NTSysADM] Cryptlocker > > Updates would be fine... if they didn't break things. > Reminds me of when we put in our latest Cisco IP Telephony solution. > The phone system wanted me to upgrade my Java but then Cisco's web site > wouldn't work with that version. > *thunk* *thunk* *thunk* > I LOATHE Java... > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] On Behalf Of Kurt Buff > Sent: Thursday, June 04, 2015 2:34 PM > To: ntsysadm > Subject: Re: [NTSysADM] Cryptlocker > > Updates of Java? Hell no. > > Some of our users somehow get Java fubared, and when ADP can't find Java, > they tell the user to install 6u29, so I've put in an exception in our AV > to block the download, > > Kurt > > On Thu, Jun 4, 2015 at 10:30 AM, Kennedy, Jim < > [email protected]> wrote: > > Nope, if they did I would be pushing hard to replace it. Have they > gotten > > any better at keeping up with updates? > > > > > > > > From: [email protected] > > [mailto:[email protected]] > > On Behalf Of Kurt Buff > > Sent: Thursday, June 4, 2015 1:28 PM > > > > > > To: ntsysadm > > Subject: Re: [NTSysADM] Cryptlocker > > > > > > > > Your users don't file their timecards with ADP, then... > > > > Kurt > > > > > > > > On Thu, Jun 4, 2015 at 9:52 AM, Kennedy, Jim > > <[email protected]> > > wrote: > > > > 2 depends on Oracle, Chrome has been begging them for it for some time. > > From Chrome’s perspective 1 and 2 are the same. That said, I honestly > > do not think Firefox has any plans to discontinue NPAPI support. Their > > approach is disabled by default….user beware if you enable it. > > > > > > > > Anecdotal but I can say that most of my users use Chrome, and they > > have not missed Java. > > > > > > > > From: [email protected] > > [mailto:[email protected]] > > On Behalf Of Damien Solodow > > Sent: Thursday, June 4, 2015 12:49 PM > > > > > > To: [email protected] > > Subject: RE: [NTSysADM] Cryptlocker > > > > > > > > Doubtful; I see one of two things happening: > > > > 1) Oracle blinks and releases an updated JRE that doesn’t use NPAPI > > > > 2) Chrome includes its own JRE like they did with Flash > > > > > > > > DAMIEN SOLODOW > > > > Senior Systems Engineer > > > > 317.447.6033 (office) > > > > 317.447.6014 (fax) > > > > HARRISON COLLEGE > > > > > > > > From: [email protected] > > [mailto:[email protected]] > > On Behalf Of Melvin Backus > > Sent: Thursday, June 4, 2015 12:44 PM > > To: [email protected] > > Subject: RE: [NTSysADM] Cryptlocker > > > > > > > > So if I’m reading this correctly that would seem to mean that all the > > thousands (millions?) of pages with Java embedded are going to be > > relegated to IE only? (And JAVA will finally DIE? Albeit a slow and > > lingering death.) > > > > > > > > > > > > -- > > There are 10 kinds of people in the world... > > those who understand binary and those who don't. > > > > > > > > From: [email protected] > > [mailto:[email protected]] > > On Behalf Of Kurt Buff > > Sent: Thursday, June 4, 2015 10:41 AM > > To: ntsysadm > > Subject: Re: [NTSysADM] Cryptlocker > > > > > > > > Not Java specifically - the NPAPI interface. > > > > So is Firefox, and so will Edge... > > > > Kurt > > > > > > > > On Thu, Jun 4, 2015 at 6:42 AM, Heaton, Joseph@Wildlife > > <[email protected]> wrote: > > > > Interesting. I didn’t realize that Chrome was doing away with Java > > functionality. Thanks for the update. > > > > > > > > From: [email protected] > > [mailto:[email protected]] > > On Behalf Of Kennedy, Jim > > Sent: Thursday, June 04, 2015 5:12 AM > > > > > > To: [email protected] > > Subject: RE: [NTSysADM] Cryptlocker > > > > > > > > Demand for this in Chrome will dwindle to zero in September when there > > isn’t any way to run Java in Chrome. It’s already dwindling….we did > > not bypass the block in the last patch for Chrome that disabled it. > > > > > > > > From: [email protected] > > [mailto:[email protected]] > > On Behalf Of James Rankin > > Sent: Thursday, June 4, 2015 7:08 AM > > To: [email protected] > > Subject: RE: [NTSysADM] Cryptlocker > > > > > > > > OK, FSLogix confirm that currently the Java remediation only works with > IE. > > You can restrict other browsers on a process basis only currently, so > > you could force Chrome or Firefox to a specific Java version by > > process, but not by URL. > > > > > > > > However, support for other browsers is on the roadmap. Any customer > > demand (probably someone coming along with 5000 users and wanting it > > to work in > > Chrome) will “drive the roadmap forward”, i.e. they’ll do it ASAP if > > there’s a big enough sale at the end of it J > > > > > > > > Hope this helps, > > > > > > > > > > > > > > > > JR > > > > > > > > From: [email protected] > > [mailto:[email protected]] > > On Behalf Of James Rankin > > Sent: 03 June 2015 18:56 > > To: [email protected] > > Subject: RE: [NTSysADM] Cryptlocker > > > > > > > > OK, I tried to test with Chrome and found out that Chrome has disabled > > just about all the plugins from the websites I was using for testing L > > > > > > > > Waiting for an answer from FSLogix support as I now have to put the > > kids in the bath! > > > > > > > > > > > > From: [email protected] > > [mailto:[email protected]] > > On Behalf Of Jonathan Link > > Sent: 03 June 2015 18:44 > > To: [email protected] > > Subject: Re: [NTSysADM] Cryptlocker > > > > > > > > Probably not pants. > > > > > > > > On Wed, Jun 3, 2015 at 12:26 PM, James Rankin > > <[email protected]> > > wrote: > > > > Let me get you an answer on that…maybe something I should have tested > > > > > > > > From: [email protected] > > [mailto:[email protected]] > > On Behalf Of Heaton, Joseph@Wildlife > > Sent: 03 June 2015 17:22 > > To: '[email protected]' > > Subject: RE: [NTSysADM] Cryptlocker > > > > > > > > So, it looks like FSLogix only works with IE? Is that true? > > > > > > > > From: [email protected] > > [mailto:[email protected]] > > On Behalf Of James Rankin > > Sent: Tuesday, June 02, 2015 11:16 AM > > To: [email protected] > > Subject: RE: [NTSysADM] Cryptlocker > > > > > > > > OK, quick and dirty run-down, but I’m sure you can all get the gist of > > it > > (hopefully!) > > > > > > > > http://appsensebigot.blogspot.co.uk/2015/06/fslogix-first-look-1-manag > > ing-legacy-or.html > > > > > > > > > > > > From: [email protected] > > [mailto:[email protected]] > > On Behalf Of Kurt Buff > > Sent: 02 June 2015 17:38 > > To: ntsysadm > > Subject: Re: [NTSysADM] Cryptlocker > > > > > > > > Yes, please put up the link here when done. > > > > Kurt > > > > > > > > On Tue, Jun 2, 2015 at 8:43 AM, James Rankin > > <[email protected]> > > wrote: > > > > I shall endeavour to finish this as soon as possible then! > > > > > > > > From: [email protected] > > [mailto:[email protected]] > > On Behalf Of Maglinger, Paul > > Sent: 02 June 2015 16:12 > > To: '[email protected]' > > Subject: RE: [NTSysADM] Cryptlocker > > > > > > > > Me too! > > > > > > > > -Paul > > > > > > > > From: [email protected] > > [mailto:[email protected]] > > On Behalf Of Sean Martin > > Sent: Tuesday, June 02, 2015 10:07 AM > > > > > > To: [email protected] > > Subject: Re: [NTSysADM] Cryptlocker > > > > > > > > Definitely interested. > > > > - Sean > > > > > > On Jun 2, 2015, at 6:08 AM, James Rankin <[email protected]> > wrote: > > > > What you need is FSLogix Java Rules Manager, only allow the vulnerable > > Java version to be seen when a specific URL is visited, otherwise – > > it’s invisible to the user and OS, and the latest version is used. > > > > > > > > I’m writing an article up on this today, if anyone’s interested in > > Java version management (on a sysadmin list, who isn’t?) > > > > > > > > J > > > > > > > > > > > > From: [email protected] > > [mailto:[email protected]] > > On Behalf Of Heaton, Joseph@Wildlife > > Sent: 02 June 2015 14:51 > > To: '[email protected]' > > Subject: RE: [NTSysADM] Cryptlocker > > > > > > > > Update Java? That’s just crazy talk. We’re still at 7u51, with no > > roadmap in place to go any higher. Not my choice, btw, it is > > development issues with Oracle. > > > > > > > > From: [email protected] > > [mailto:[email protected]] > > On Behalf Of Ed Ziots > > Sent: Saturday, May 30, 2015 10:48 AM > > To: [email protected] > > Subject: RE: [NTSysADM] Cryptlocker > > > > > > > > Nice.strategy > > > > Ed > > > > On May 29, 2015 9:31 AM, "Robert Strong" <[email protected]> wrote: > > > > Ensure you have the latest patches installed for Java and Flash. > > Exploit kits like Angler, Nuclear and Magnitude are starting to > > distribute Ransomware more frequently via drive-by download attacks > > and malicious advertisements on common websites. > > > > > > > > We’ve had several ransomware incidents in the last few months all due > > to unpatched systems. Host based detection is limited at best, but one > > thing I have noticed in all incidents seen is that the malware > > typically uses hxxp://ipinfo.io/ip to determine its public facing IP > address. > > > > > > > > We have created correlation rules that detect users going to this > > domain via our McAfee ESM SIEM, we then have an alarm that fires when > > that correlation rule is seen and we can automatically apply an ePO > > tag to enforce a policy that severely ‘disables’ the system (no R/W to > > network shares, restricted HTTP/HTTPS going out). Our alarm also > > e-mails out some key characteristics about the infected machine for > > easy identification by our IT Service Desk team. > > > > > > > > Ransomware isn’t going away and it’s going to get worse. We’ve been > > able to detect these IoC’s and have the issue remediated in under 7 > minutes. > > > > > > > > Cheers, > > > > > > > > Rob Strong > > > > Information Security Specialist > > > > Equitable Life of Canada > > > > > > > > > > > > > > > > From: [email protected] > > [mailto:[email protected]] > > On Behalf Of David McSpadden > > Sent: Thursday, May 28, 2015 7:17 PM > > To: <[email protected]> > > Subject: Re: [NTSysADM] Cryptlocker > > > > > > > > That's mine today. > > > > What variant was yours > > > > Sent from my iPhone > > > > > > On May 28, 2015, at 7:14 PM, Heaton, Joseph@Wildlife > > <[email protected]> wrote: > > > > We had that the other day. The files are getting encrypted, but the > > extensions are not getting changed. > > > > > > > > From: [email protected] > > [mailto:[email protected]] > > On Behalf Of Jonathan Link > > Sent: Thursday, May 28, 2015 8:37 AM > > To: [email protected] > > Subject: Re: [NTSysADM] Cryptlocker > > > > > > > > The text files created should indicate the affected user with the > > Owner attribute, no? > > > > > > > > > > > > On Thu, May 28, 2015 at 11:30 AM, David McSpadden <[email protected]> > wrote: > > > > I am pretty sure I have pc with this on it in my network. > > > > I have ran scans on workstations. > > > > I still do not see it but I have the tell tale signs. > > > > The HELP_DECRYPT files in network folders. > > > > The word and excel files not being able to be opened etc. > > > > How do I remove something that Trend is not seeing? > > > > Nor Windows Endpoint protection? > > > > > > > > > > > > David McSpadden > > > > Systems Administrator > > > > Indiana Members Credit Union > > > > P: 317.554.8190 | F: 317.554.8106 > > > > <image002.jpg> > > > > > > > > <image003.jpg> > > > > <image004.png> > > > > > > > > This e-mail and any files transmitted with it are property of Indiana > > Members Credit Union, are confidential, and are intended solely for > > the use of the individual or entity to whom this e-mail is addressed. > > If you are not one of the named recipient(s) or otherwise have reason > > to believe that you have received this message in error, please notify > > the sender and delete this message immediately from your computer. Any > > other use, retention, dissemination, forwarding, printing, or copying > > of this email is strictly prohibited. > > > > > > > > Please consider the environment before printing this email. > > > > > > > > IMPORTANT NOTICE: Without the use of secure encryption, the Internet > > is not a secure medium and privacy cannot be ensured. Internet e-mail > > is vulnerable to interception, misuse and forging. Equitable cannot > > ensure the privacy and authenticity of any information sent by way of > the public Internet. > > Equitable will not be responsible for any damages you may incur if you > > communicate confidential and personal information to us over the > > Internet or if we communicate such information to you at your request. > > This e-mail and any attachments are confidential, may be covered by > > legal professional privilege or exempt from disclosure under > > applicable law, and are intended for the addressee only. If you are > > not the intended recipient, you are not authorized to and must not > > disclose, copy, distribute or retain any or part of this e-mail and > > any attachments without written permission of The Equitable Life > Insurance Company of Canada. > > > > > > > > > > > > > > > > > > >
