Re: [NTSysADM] CCleaner found to be backdoored for downloads between August 15 and September 12

[Andrew S. Baker]

Hehe...

The big question I have, is this:  *Did the Avast acquisition facilitate or
cause this problem? *

Regards,

 *ASB*
 *https://about.me/Andrew.S.Baker *

 *Providing CyberSecurity and IT Operations Consulting for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Mon, Sep 18, 2017 at 4:25 PM, James Rankin  wrote:

> Ironic that my predilection for the free version of this, which doesn’t
> auto-update, has prevented me from being a victim of this J
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Micheal Espinola Jr
> *Sent:* 18 September 2017 20:46
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* Re: [NTSysADM] CCleaner found to be backdoored for downloads
> between August 15 and September 12
>
>
>
> CORRECTION for Google search:
>
>
>
> https://www.google.com/search?q=ccleaner+infection
> 
>
>
> --
> Espi
>
>
>
>
>
> On Mon, Sep 18, 2017 at 12:35 PM, Micheal Espinola Jr <
> michealespin...@gmail.com> wrote:
>
> https://www.bleepingcomputer.com/how-to/security/ccleaner-
> malware-incident-what-you-need-to-know-and-how-to-remove/
>
>
>
> https://www.google.com/search?q=ccleanup+infection
>
>
> --
> Espi
>
>
>
>
>

RE: [NTSysADM] CCleaner found to be backdoored for downloads between August 15 and September 12

[James Rankin]

Ironic that my predilection for the free version of this, which doesn’t 
auto-update, has prevented me from being a victim of this ☺

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Micheal Espinola Jr
Sent: 18 September 2017 20:46
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] CCleaner found to be backdoored for downloads between 
August 15 and September 12

CORRECTION for Google search:

https://www.google.com/search?q=ccleaner+infection

--
Espi


On Mon, Sep 18, 2017 at 12:35 PM, Micheal Espinola Jr 
> wrote:
https://www.bleepingcomputer.com/how-to/security/ccleaner-malware-incident-what-you-need-to-know-and-how-to-remove/

https://www.google.com/search?q=ccleanup+infection

--
Espi

Re: [NTSysADM] CCleaner found to be backdoored for downloads between August 15 and September 12

[Micheal Espinola Jr]

CORRECTION for Google search:

https://www.google.com/search?q=ccleaner+infection


--
Espi


On Mon, Sep 18, 2017 at 12:35 PM, Micheal Espinola Jr <
michealespin...@gmail.com> wrote:

> https://www.bleepingcomputer.com/how-to/security/ccleaner-ma
> lware-incident-what-you-need-to-know-and-how-to-remove/
>
> https://www.google.com/search?q=ccleanup+infection
>
> --
> Espi
>
>

[NTSysADM] CCleaner found to be backdoored for downloads between August 15 and September 12

[Micheal Espinola Jr]

https://www.bleepingcomputer.com/how-to/security/ccleaner-malware-incident-what-you-need-to-know-and-how-to-remove/

https://www.google.com/search?q=ccleanup+infection

--
Espi

[NTSysADM] RE: iOS 11 is scheduled for release tomorrow...

[Senter, John]

Will this only affect mailboxes on Exch 2016 or will it also affect users that 
are on Exch 2010 with 2016 in front?  We are about to place 2016 in front of 
2010 to start the migration process and need to know if that is going to jack 
up the users still on Exch 2010.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: Monday, September 18, 2017 3:07 PM
Subject: [NTSysADM] RE: iOS 11 is scheduled for release tomorrow...

Further information on [1], as Microsoft and Apple release additional details.

[1] This only occurs when Exchange Server 2016 is installed on Windows Server 
2016. It actually will impact any web app on Windows Server 2016 to which an 
iOS 11 device attempts to connect. The issue occurs because iOS 11 improperly 
negotiates a HTTP/2 TLS connection, and HTTP/2 is the default on Windows Server 
2016 and iOS 11.

While this is not an Exchange issue per se, Exchange is the application most 
likely to be affected. Microsoft offers a workaround, described in this 
article, by disabling HTTP/2 thus forcing a fallback to HTTP/1.1:

https://support.microsoft.com/en-us/help/4032720/how-to-deploy-custom-cipher-suite-ordering-in-windows-server-2016

(If you find the article title to be irrelevant - well, so do I.)

And a new item:

[3] Yammer and Dynamics CRM apps have not yet been updated for iOS 11. There 
are a wide variety of Intune changes/impacts with iOS 11:

https://blogs.technet.microsoft.com/intunesupport/2017/09/12/support-tip-intune-support-for-ios-11/

Perhaps the two things most notable to your users: [3a] An updated Company 
Portal and Managed Browser are required for iOS 11, and [3b] Drag-and-drop (a 
new feature of iOS 11) is disabled when a device is enrolled with Intune.

From: Michael B. Smith
Sent: Monday, September 18, 2017 2:22 PM
Subject: iOS 11 is scheduled for release tomorrow...

And that may not be a good thing in all cases...

Known issues to be aware of:

[1] Exchange ActiveSync is broken under certain configurations. Apple is aware 
of the issue and pursuing a fix.

[2] The default picture format for iPhones 7/8/X is changing. As a Microsoft 
employee wrote earlier today:

The new photo and video formats result in files about 1/2 size of the old JPEG 
and video formats, while having better quality. The problem is that new files 
will likely not open properly outside of your phone until everything that you 
use to work with photos updates to work with new HEIF formats.

To check if your iOS 11 phone uses the new format, go to Settings > Camera > 
Formats. "High Efficiency" is new and "Most Compatible" is the old / current.

I do not suggest to just turn this off; hey - getting files half the size is 
super cool. Just realize that if you use the photos outside of your phone that 
there might be temporary issues with viewing.

Windows and OneDrive do not yet support the new formats.

h/t ninob

You may wish to suggest to your user communities that they delay upgrades 
because of the EAS issue.

Re: [NTSysADM] iOS 11 is scheduled for release tomorrow...

[Kurt Buff]

Oh.

My.

Thanks for the heads up.

Kurt

On Mon, Sep 18, 2017 at 11:22 AM, Michael B. Smith
 wrote:
> And that may not be a good thing in all cases…
>
>
>
> Known issues to be aware of:
>
>
>
> [1] Exchange ActiveSync is broken under certain configurations. Apple is
> aware of the issue and pursuing a fix.
>
>
>
> [2] The default picture format for iPhones 7/8/X is changing. As a Microsoft
> employee wrote earlier today:
>
>
>
> The new photo and video formats result in files about 1/2 size of the old
> JPEG and video formats, while having better quality. The problem is that new
> files will likely not open properly outside of your phone until everything
> that you use to work with photos updates to work with new HEIF formats.
>
>
>
> To check if your iOS 11 phone uses the new format, go to Settings > Camera >
> Formats. "High Efficiency" is new and "Most Compatible" is the old /
> current.
>
>
>
> I do not suggest to just turn this off; hey - getting files half the size is
> super cool. Just realize that if you use the photos outside of your phone
> that there might be temporary issues with viewing.
>
>
>
> Windows and OneDrive do not yet support the new formats.
>
>
>
> h/t ninob
>
>
>
> You may wish to suggest to your user communities that they delay upgrades
> because of the EAS issue.

[NTSysADM] RE: iOS 11 is scheduled for release tomorrow...

[Michael B. Smith]

Further information on [1], as Microsoft and Apple release additional details.

[1] This only occurs when Exchange Server 2016 is installed on Windows Server 
2016. It actually will impact any web app on Windows Server 2016 to which an 
iOS 11 device attempts to connect. The issue occurs because iOS 11 improperly 
negotiates a HTTP/2 TLS connection, and HTTP/2 is the default on Windows Server 
2016 and iOS 11.

While this is not an Exchange issue per se, Exchange is the application most 
likely to be affected. Microsoft offers a workaround, described in this 
article, by disabling HTTP/2 thus forcing a fallback to HTTP/1.1:

https://support.microsoft.com/en-us/help/4032720/how-to-deploy-custom-cipher-suite-ordering-in-windows-server-2016

(If you find the article title to be irrelevant - well, so do I.)

And a new item:

[3] Yammer and Dynamics CRM apps have not yet been updated for iOS 11. There 
are a wide variety of Intune changes/impacts with iOS 11:

https://blogs.technet.microsoft.com/intunesupport/2017/09/12/support-tip-intune-support-for-ios-11/

Perhaps the two things most notable to your users: [3a] An updated Company 
Portal and Managed Browser are required for iOS 11, and [3b] Drag-and-drop (a 
new feature of iOS 11) is disabled when a device is enrolled with Intune.

From: Michael B. Smith
Sent: Monday, September 18, 2017 2:22 PM
Subject: iOS 11 is scheduled for release tomorrow...

And that may not be a good thing in all cases...

Known issues to be aware of:

[1] Exchange ActiveSync is broken under certain configurations. Apple is aware 
of the issue and pursuing a fix.

[2] The default picture format for iPhones 7/8/X is changing. As a Microsoft 
employee wrote earlier today:

The new photo and video formats result in files about 1/2 size of the old JPEG 
and video formats, while having better quality. The problem is that new files 
will likely not open properly outside of your phone until everything that you 
use to work with photos updates to work with new HEIF formats.

To check if your iOS 11 phone uses the new format, go to Settings > Camera > 
Formats. "High Efficiency" is new and "Most Compatible" is the old / current.

I do not suggest to just turn this off; hey - getting files half the size is 
super cool. Just realize that if you use the photos outside of your phone that 
there might be temporary issues with viewing.

Windows and OneDrive do not yet support the new formats.

h/t ninob

You may wish to suggest to your user communities that they delay upgrades 
because of the EAS issue.

[NTSysADM] iOS 11 is scheduled for release tomorrow...

[Michael B. Smith]

And that may not be a good thing in all cases...

Known issues to be aware of:

[1] Exchange ActiveSync is broken under certain configurations. Apple is aware 
of the issue and pursuing a fix.

[2] The default picture format for iPhones 7/8/X is changing. As a Microsoft 
employee wrote earlier today:

The new photo and video formats result in files about 1/2 size of the old JPEG 
and video formats, while having better quality. The problem is that new files 
will likely not open properly outside of your phone until everything that you 
use to work with photos updates to work with new HEIF formats.

To check if your iOS 11 phone uses the new format, go to Settings > Camera > 
Formats. "High Efficiency" is new and "Most Compatible" is the old / current.

I do not suggest to just turn this off; hey - getting files half the size is 
super cool. Just realize that if you use the photos outside of your phone that 
there might be temporary issues with viewing.

Windows and OneDrive do not yet support the new formats.

h/t ninob

You may wish to suggest to your user communities that they delay upgrades 
because of the EAS issue.

RE: [NTSysADM] Scanning for web server vulnerabilities

[Kennedy, Jim]

Nessus, it's only a grand a year and you can scan everything.

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael Leone
Sent: Monday, September 18, 2017 9:48 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Scanning for web server vulnerabilities

We had a pen test done recently, and so I've been fixing some of our external 
web servers, per their recommendations (i.e., turning off this protocol, 
enabling that one, etc).

I'm curious what sites you might use to scan for vulnerabilities. I've been 
using:

https://www.htbridge.com/ssl/
https://www.ssllabs.com/ssltest/

And both the web servers I've been fixing now pass with A or A+ (yay!
for A - LOL).

Any other sites I should be trying? What do you use?

Thanks

RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

[Melvin Backus]

While I don’t know enough about Finland to argue the point, by this logic, 
Miami is close enough to Havana to say the entire US falls under the same 
classification.  As I said, not debate the state of the state, only the flaw in 
the logic.

--
There are 10 kinds of people in the world...
 those who understand binary and those who don't.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: Friday, September 15, 2017 11:10 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

Finland and Russia are side by side. Russia’s #2 city (Saint Petersburg) is 
only about 75 miles from the Finland border.  There are probably as many FSB 
(KGB) agents at F-Secure as there are at Kaspersky. ☺

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of geoff_taylor geoff_taylor
Sent: Friday, September 15, 2017 9:05 AM
To: ntsysadm
Subject: Re: [NTSysADM] Dropping Kaspersky Av, who to replace it with?


I like the offerings of F-Secure.  They are Finnish so somewhat removed from 
the Kremlin.  Full disclosure, in other lives I sold both McAfee and F-Secure 
products, and I have used a myriad of others, principally Symantec.

gt
-- Original Message --
From: Eric Wittersheim 
>
Date: September 15, 2017 at 8:02 AM
We went from ESET to Sophos. The product is good but their support is not. I 
have had a lot better luck with the Win clients than my Mac clients as well. If 
they could get support fully staffed and trained I would have no problems with 
them.

On Fri, Sep 15, 2017 at 6:47 AM, James M. Pulver < 
jmp...@cornell.edu> wrote:
I've always liked ESET, and when we dropped Symantec, ESET was quoted to be the 
least expensive of a bunch we looked at. The ERA appliance is great, but a self 
install on Linux was buggy as hell. Glad I moved to the Virtual Appliance. 
Their tech support is B+ in my opinion. Upgraded to an A- as they don't run 
screaming from Linux. Some of the best I've dealt with, the main failing is no 
real route back to devs if there's a bug, but in terms of using what's there 
and being aware of work-arounds - they're among the best I've ever interacted 
with.

They seem to be pretty effective, but then so was Symantec in our environment - 
we don't give out admin, and seem to have enough e-mail screening via Office 
365 and central IT to really limit ransomware, followed by decent user culture 
of asking before clicking so there's not a lot of chances for it to step in. It 
does kill a few "driveby" unwanted applications for us, but we haven't (knock 
on wood) seen much real malware anyway.

So if you have to tick the box for AV, like we do, ESET is a pretty good choice 
IMO. The other obvious "tick the box" one would be Windows Defender if you 
don't have to be cross platform. However, I think ESET is more effective - but 
as others said, that's not a high bar.

I should point out, even the "traditional AV" isn't traditional AV anymore - 
ESET isn't just scanning against signatures. They have HIPS as well as behavior 
analysis and the like.

James Pulver
CLASSE Computer Group
Cornell University

On 09/14/2017 12:31 PM, Michael Leone wrote:
We use Kaspersky for our AV needs, and to be honest, it's worked out
well for us. It's certainly caught things that McAfee, our previous AV
solution, didn't. However, they have this slight problem with being a
covert arm of the Russian government, apparently ..

So we need to drop them, as the federal agencies are doing.

There are lots of reviews, such as av-test.org, that we are 
looking
at. But tell me, who do you have? And - more importantly - if you had
your say in the matter, would you keep them?

We're an sort of enterprise level organization, maybe 1K users, bunch
of laptops issued to remote users. So far, all Win 7 for workstations,
but obviously that will change in the future. Servers are all Win
2008/2012 R2 (so far). So we need something with a centralized
console, to push out rules, updates, etc.

We use Proofpoint as an email gateway, so it does mail scanning. We
have Checkpoint firewalls for managing that sort of traffic.

Thoughts? I know I've heard good things about ESET and Sophos, among
others. Just soliciting some real world opinions, along with our own
research.