Security

Security Bulletin – Windows Help system Hack

Jul 2nd

As some of you may have read in the press (http://news.bbc.co.uk/1/hi/technology/10473495.stm) there is currently a major security vulnerability in the Windows Help system that is currently being exploited by hackers to take control of PCs worldwide. Once they have control obviously they use the PCs for all kinds of nastiness. This vulnerability exists whether or not you use any of the Microsoft help functions which use the HPC protocol.

Over the course of this week Krayatec have been deploying to all of our clients a fix for this issue via automatic log in scripts. This means that if you have restarted your computer every night and are on a managed domain you will already be protected. If you do not have domain control on your site, we will be calling you shortly to manually apply the fix.

I have written a custom automated script to do this which can be found here : http://www.kraya.co.uk/downloads/xpfix.zip Simply download, save and run the enclosed xpfix.bat file. It takes less than a second and once completed you see a black screen saying “Krayatec XP HCP Protocol fix applied”.

There is also a fully bloated Microsoft Windows XP MSI which can be downloaded from the Microsoft KB2219475 article page here http://support.microsoft.com/kb/2219475

We would recommend that all users also apply the “Microsoft Fix it update 50459”, either via the Microsoft site or our automated script to all Windows XP computers at home and work as soon as possible.

It should be noted that whilst Anti-virus and Ant-Spyware software may detect some of the “nasties” hackers might try to install on your computer, they will not prevent this problem. To do secure your computer and prevent this vulnerability being exploited, you must run the above script.

As always if you have any questions or concerns please do not hesitate to call.

More detailed Technical Info:

On the 10th of June 2010, Microsoft announced that it was investigating new public reports of a vulnerability in the Windows Help and Support Center function of Windows XP and Windows Server 2003. The vulnerability could allow a remote attacker to use the HCP protocol to remotely execute code on any Windows XP or Windows Server 2003 computer if a user views a specially crafted web page. At this time Microsoft stated that it was aware of a proof-of-concept exploit code and limited, targeted active attacks that use this exploit code.

Subsequently Microsoft and a number of security vendors have reported wide spread attacks in the wild using this exploit to deliver a number of different malicious payloads as reported on the BBC link above.

The custom script linked above closed this vulnerability be de-registering the HCP Protocol on the computer, hence a remote attacker is not able to use the Microsoft Windows Help and Support Center function to attack the computer. This is done by deleting the HKEY_CLASSES_ROOT\HCP registry key. The old registry key is backed up to HCP_Protocol_Backup.reg incase (of reasons unknown) you decide you want to re-enable this feature.

.bat, 2219475, 50459, Ant-Spyware, anti-virus, applied, article, automated, automated script, automatic, bloated, Computer, control, custom, deploying, detect, domain, download, exploit, exploited, file, fix, Fix it, hackers, help, help functions, HKEY_CLASSES_ROOT\HCP, home, HPC, HPC protocol, issue, KB2219475, key, KrayaTec, log in scripts, Major, Microsoft, Microsoft Fix it, Microsoft windows, MSI, PC, press, prevent, problem, protected, Registry, registry key, restarted, run, save, Script, Security, software, Stephen ramsay, system, update, Vulnerability, windows XP, work, XP, XP HPC Protocol

Service Alert – Volcanic Ash & Computers

Apr 16th

Posted by stephen in Kraya

3 comments

As I am sure everyone is aware volcanic ash from the volcano in Iceland is causing major air travel disruption at this time as volcanic ash and planes do not mix. Similarly, volcanic ash and computers do not mix. We are seeing fine particulates falling to ground level just now and these combined with the larger particles we expect to see in the near future will cause issues for computers, servers, other electronic equipment and their cooling systems.

The cooling fans in computers work very much like a vacuum and vacuum up dust and everything else in the air around them including the volcanic ash particles. Whilst it is not something to panic over, all computer users should think about takeing the following action particularly if it gets worse:

Please do what you can to keep rooms in which you are using computers as free from ash as you can.
Please do not leave the windows open as the room will just fill with these tiny particulates
Listen to the computers fans. If you notice a change in the tone or noise they make, please call us.
Look at the air intake grills on the back of the computer, if they begin to clog up, please call us.

If you have any questions please call us. If you what to check what level of ash is falling in your area, place a clean white piece of paper outside and leave it for a few hours, then have a look at what has accumulated on it. There will be some very very fine dust. I don’t know what will happen over the next few days but this may increase.

Please do not try and clean your computers yourself as you may just push the finer particulates deeper into the fan bearings. We have specialist equipment for this kind of job and if necessary can send someone to your office to clean the computers and servers.

accumulated, Air, around, Ash, bearings, cause, change, Cleaning, clog, closed, Computer, computers, cooling, Disruption, dust, electronic, equipment, falling, fan, Fans, fine, future, grills, ground level, hover, Iceland, intake, issues, larger, Major, Notice, open, outside, paper, particles, Particulates, Planes, rooms, seeing, Server, servers, service, specialist, systems, tiny, tone or noise, Travel, up, Volcanic, Volcanic ash, Volcanic ash Partials, volcano, Warning, Windows

How Do You Solve A Problem Like SPAM?

Mar 25th

Posted by stephen in Kraya

1 comment

Over the last few weeks we have been seeing increases in the amount of sophisticated SPAM received which is crafted to circumvent the spam filters. This is a never ending Cat and Mouse game and as always we keep our spam checking systems under constant review.

Over the last few days we have been making some tweaks to the SPAM filtering rules on all mail servers and hopefully this will help to control the problem until a new spamming technique is invented.

Just to put this into perspective kraya processed over 3/4 of a million emails in February of which 94% were rejected as spam.

However I would like to ask for your help with a few things that will help to improve the SPAM filters.

Firstly and most importantly never reply to SPAM.

Secondly if some spam does hit your inbox please please put it into the “Junk Email” folder (and not a Junk or spam folder) and THEN delete it. This helps the Spam filters learn from your actions. More instructions and guidance here: http://stephen.blog.kraya.co.uk/2010/03/25/moveing-mail-to-junk-email-with-kerio/

Thirdly if you have been moving mail to Junk email and then deleting it and you are still getting lots of the same type of spam please forward the whole message including the full headers to report@spam.kraya.co.uk if you’re not sure of how to find the full message headers please read this: http://stephen.blog.kraya.co.uk/2010/03/25/how-to-view-and-forward-your-full-email-message-headers/

We do not look at every single message sent to the report@spam.kraya.co.uk it is analysed once a fortnight to help us identify tweaks that can made to the filtering systems, therefore please do not send urgent messages to that address.

I am currently working on a blog post about entitled Why Spam, and would welcome any comments or feedback.

connect, email, filter, gmail, Google, google mail, guide, headers, how, how to, how to guide, IMAP, jun, junk, Junk E-mail Filter, junk mail, ker, Kerio, kerio connect, kerio off, Kerio Offline Outlook Connector, Kerio Outlook connector, kerio tool bar, kerio web, kerio webmail, Kraya, KrayaTec, linu, message, message headers, message source, Microsoft windows, outlo, Outlook, source, spam, Thunderbird, to, Ubuntu, view, view headers, view message source hotmail, webmail, win, window, Windows, yahoo, yahoo mail

Moving mail to Junk email with Kerio

Mar 25th

Posted by stephen in Kraya

1 comment

If some spam does hit your in box please please put it into the “Junk Email” folder (and not a Junk or spam folder) and THEN delete it. This helps the Spam filters learn from your actions. More instructions and guidance below:

Outlook and Webmail users please use the Kerio Outlook connector Tool bar:

Kerio outlook connector tool bar

Simply highlight the message and Click the ’spam’ button as shown above.

If a message has been delivered to your ‘Junk Email’ folder and it is not junk please hit the not spam button as shown below:

Kerio Outlook Connector Tool bar

Thunderbird and other mail applications:

Simply drag the message to the “Junk Email” folder. Be careful though Thunderbird often creates a “Junk” folder of its own and other applications use a spam folder but the only folder that helps to teach the filters is the “Junk Email folder”

Thunderbird:

Thunderbird two junk folders

You also need to be careful with the Thunderbird Junk Button: this will often move spam into the Junk and not the “Junk Email” folder, this can be changed in the junk settings tab of mail account properties window. Right click on the mail account name and select properties.

Please also remember to empty your “Junk Email” folder every now and again.

connect, email, filter, gmail, Google, google mail, guide, hotmail, how, how to, how to guide, IMAP, jun, junk, Junk E-mail Filter, junk mail, ker, Kerio, kerio connect, kerio off, Kerio Offline Outlook Connector, Kerio Outlook connector, kerio tool bar, kerio web, kerio webmail, Kraya, KrayaTec, Linux, Microsoft windows, outlo, Outlook, spam, Thunderbird, to, ubun, Ubuntu, webmail, win, window, Windows, yahoo, yahoo mail

Microsoft Internet Explorer Popularity vote

Mar 1st

Posted by stephen in Random Rambelings

No comments

Those of you who follow the news may be aware of minor but major changes to Microsoft Internet Explorer.

All Windows 7, Vista and XP users who currently use internet explorer will be offered a choice as part of the deal Microsoft reached with European Commission.

Microsoft IE sits awaiting the worlds judgment, like the American high school cheerleader who’s inexplicable popularity is for the first time being put to the test, as the not so popular kids elect a new leader.

A pop-up window will prompt people to choose and install one of 12 different browsers or let them stick with Microsoft’s Internet Explorer.

Kraya recommends users choose anything but Internet explorer. Users are able to select any browser of their own choosing however we would strongly recommend users pick from our top picks:

Mozilla Firefox http://www.mozilla.com/firefox/

Opera http://www.opera.com/

Google Chrome http://www.google.com/chrome

Apple Safari http://www.apple.com/safari/

The big question is will the Anti-trust agreement and the fines totaling 1.68bn euros ($2.44bn, £1.5bn) that have been imposed by the EU on Microsoft make any difference? Take a look at the BBC graphic below, IE has a massive dominance in the browser market in the main due to the sheer ambivalence and ignorance of its users, no one (or very few) choose to use IE it was the default, what they had to use and by the point they had learned that there might be a choose out there with had learned IE, so stuck with it not because it was superior but because its what they know.

Browser market share

Firefox has for some time been catching on IE but it still has a long way to go. Its progress has been at lest in part due to its superiority as a browser over IE. However recent updates have left Firefox slower and buggier than ever before. For a browser that has never been advertised in main stream media, unlike Google Chrome, its rise to control a quarter of the browser market has been purely viral.

Google on the other hand has in anticipation of today’s changes embarked on a massive advertising campaign to push Chrome and gain even more control over the Internet, only time will tell just how successful Google ad spending has made it. The question now is will it be money well spent, or will Google find itself the next target of the EU competition and anti-trust regulators?

Only time will tell as is the case of Microsoft, I for one will be eagerly waiting updated browser market share statistics, as I’m sure Mr Gates will be. However I cant help but feel that we have in no way seen the beginning of the end of IE, undoubtedly its share will slip, I just don’t think the EUs Settlement can break what are now years of ingrained habit and apathy.
Further information:

http://news.bbc.co.uk/1/hi/technology/8537763.stm

7, anti, Apple, browers, browser, choice, Chrome, competition, deal, different, dominance, E, EU, European Commission, fines, Firefox, Google, I, IE, install, Internet Explorer, Kraya, micro, Microsoft, Microsoft Internet Explorer, Mozilla, offered, Opera, pop-up, recommend, regulators, Safari, settlement, trust, update, Updates, Vista, window, Windows, XP

Adobe update – excessive traffic to ardownload.adobe.com

Dec 16th

Posted by stephen in Rants

No comments

Adobe has not been without its problems of late, and whilst there have been security issues that could have lead to losses, so far none of our clients have suffered financially from Adobe’s failings. Until now that is.

One of our Clients had their ADSL cut off this week as they had exceeded the usage policy. Why? Adobe Update Manager on one Windows XP PC had decided to download over 70GB of data over the course of a 7 day period. It would appear that it was getting itself in a loop and just kept trying to update continuously, 70GB worth of continuously.

The Adobe website serves the update MSI binary files as content type Text/Plain, the Adobe Update client has a very short timeout and immediately opens another connection to re-start the download. Hence if there is a slow connection or the caching server does not return the whole file in a timely manner the Adobe Update client enters the infinite loop of retries, causing the excessive bandwidth consumption witnessed here.

There are several forum threads including on Adobe’s own site http://forums.adobe.com/thread/392129 all linking this issue to a conflict between and old version of WebMarshall and Adobe updater; however our machines do not use WebMarshall and we do not have it installed anywhere on our networks.

We do however use Squid caching on our CentOS 5 servers. The server in this instance seems to be fulfilling the requests on each occasion in a timely manner – the issue is that each time Adobe updater passes a URL it is different in key areas, which Squid interprets as a separate request. This is not abnormal and we have seen this before when we have tried to configure squid to cache Windows updates. However rather than enter a loop of requests, Windows updates simply fail. Other automatic updaters work well with caching systems and indeed most ISPs are now implementing different forms of web caching on their own networks. Dose this mean the Adobe issue is affecting them in the same way?

The issue seems to only affect PCs (or at least we have seen no affected Mac users as yet), and it also seems to affect most Adobe products.

For now Adobe and the ISPs have remained quiet on the issue, however we have 3 other clients (and my own home ADSL ) who cannot update Adobe at all, access to ardownload.adobe.com appears to have been blocked by the ISP. Quite when the Adobe update issue will be resolved is unknown; however we have also taken the decision to block access to ardownload.adobe.com from all of our networks, for the moment.

Richard, one of our Systems Admin Team has published a more detailed account of the technicalities involved here: http://richard.blog.kraya.co.uk/2009/12/16/a-big-adobe-problem/

abnormal, Adobe, Adobe products, Adobe update, Adobe Update client, Adobe Update manager, adobe updater, Adobe website, Adobe’s, ADSL, Apple, ardownload.adobe.com, automatic, bandwidth, bandwidth consumption, block, blocked, cache, caching, caching system, CentOS, CentOS 5, CentOS 5 servers, Clients, Computer, configure squid, conflict, connection, continuously, Cut off, data, download, exceeded, excessive, excessive bandwidth consumption, fail, failings, financially, fix resolve, GB, immediately, infinite loop, ISP, IT, Kraya, KrayaTec, loop, loop of requests, Mac, MSI binary files, PC, problems, resolved, retries, security issues, Server, serves, slow, Squid, Squid caching, Stephen, Stephen ramsay, suffered, support, timeout, to ardownload.adobe.com, traffic, update, update Adobe, update continuously, update MSI binary files, updater, updaters, Updates, URL, usage, users, web caching, Web Marshall, WebMarshall, Windows, Windows updates, XP

Day Spa Photos and Video

Nov 5th

Posted by stephen in Kraya

1 comment

When I meet new and existing clients one thing that always gets a Laugh is the Krayatec Day Spa. Everyone not only finds the whole description rather amusing, they love the effects it has on their PC’s.

You can read more about it here http://stephen.blog.kraya.co.uk/2009/03/13/computer-day-spa/ but one thing everyone wants to know is how dirty as the inside of my computer and whats the worst that you have seen. So attached below are some photos and videos, not of the worst we have every seen but of a some examples of an old dirty PC.

You Shouldn’t look if your easily disgusted!

A PC Being cleaned as part of the Krayatec DaySpa http://stephen.blog.kraya.co.uk/2009/03/13/computer-day-spa/

Warning the Videos bellow are worse and sorry about the mobile phone quality

httpv://www.youtube.com/watch?v=HOnTvEltTV8

httpv://www.youtube.com/watch?v=S7o-sGcCdDQ

kraya krayatec dayspa computer cleaning clean dirty dust pc compressor air dirt stephen ramsay, photo, video

Security Alert – Re Fradulant Emails

Oct 20th

Posted by stephen in Kraya

1 comment

Further to a few enquires we have received today, you may have received an email similar to the one attached. Please note that it is what we call a phishing scam.

The email is a fraud and should be disregarded. It is an attempt to confuse you into visiting a fraudulent site and reveling your login details. We see these all the time, claiming to be from all kind of companies, with lots of different slants, but fundamentally they are just trying to get you to supply personal login information so that they may take over your accounts.

Please be very careful when you receive email like this! Do not click on any links unless you are certain it has come from a reputable source. The Antivirus and SPAM scanners we use are good but they can never be 100%. Rather than click on a link in an email open a web page and type in the address yourself just because it says Click here to visit Bank of Scotland Secure (www.bankofscotland.co.uk) doesn’t mean thats where the link sends you!

If you have any questions please just call us, or forward the email to us for an option.

Ps Any emails regarding changes to the email system would come from me personally.

____________________________________________________________________________________
FRAUDULENT EMAIL BELOW, Replace YOURDOMAIN.COM with your own Domain!
____________________________________________________________________________________

From: robot@YOURDOMAIN.COM [mailto:robot@YOURDOMAIN.COM]
Sent: Monday, October 19, 2009 11:42 PM
To: admin@YOURDOMAIN.COM
Subject: The settings for the admin@YOURDOMAIN.COM mailbox were changed

Dear user of the YOURDOMAIN.COM mailing service!

We are informing you that because of the security upgrade of the mailing service your mailbox (admin@YOURDOMAIN.COM ) settings were changed. In order to apply the new set of settings click on the following link:

MailScanner has detected a possible fraud attempt from ” YOURDOMAIN.COM ” claiming to be http:// YOURDOMAIN.COM /owa/service_directory/settings.php?email= admin@ YOURDOMAIN.COM &from= YOURDOMAIN.COM &fromname=admin

Best regards,

YOURDOMAIN.COM

Technical Support.

accounts, anti, Antivirus, attach, attachment, Bank of Scotland, change, changed, Click here, companies, details, domain, email, email system, fraud, fraudulent site, information, KrayaTec, login, mailbox, owa, personal, phishing, phishing scam, ramsay, scam, scanners, secure, setting, slants, source, spam, Stephen, virus, visit, visiting, website

Changing your password in Kerio Mailserver

Jun 16th

Posted by stephen in Security

No comments

Changing your passwords is very easy.

Under your Windows computer press Crtl + Alt + Del and select change password.

To Change your email password, simply log into your Web Mail (call us if you don’t know the address)

Then Select change password from the Settings drop down menu as below

settings menu in kerio webmail

And then enter your old and new passwords in the box below.

kerio password change dialog box

Remember to make it something secure that no one will guess, no kids, partners or team names and no dictionary words. Random Numbers and letters, remember capitals and lower case combinations are best, or try a sentence like “Why can 1 never remember 555″ you can use spaces. Remember the best passwords are not necessarily easy to remember but they can be if your clever about it. Hackers offten use a dictionary or password list attack to crack passwords, this is where a system tires every word in the dictionary or in a common password list, things like Rangers, Rang3rs or Celtic, C3lt1c will be near the top of that list.

+, +, Alt, attack, best, best passwords, broken, capitals, change password, Changing your passwords, combinations, common password list, Crtl, Del, dictionary, dictionary words, drop down, easy to remember, email password, guesed, Kerio, Kerio MailServer, kerio webmail, kids, Kraya, KrayaTec, letters, lower case, MailServer, Microsoft, Microsoft Widows, no one will guess, Numbers, partners, password list, ramsay, Random, Remember, secure, sentence, settings, spaces, Stephen, Stephen ramsay, system, team names, tires, try, Web Mail change password, webmail, Widows

Kerio Mailserver Upgrade from 6.6 to 6.7

May 18th

Posted by stephen in Linux

No comments

Over the next few weeks Kraya will be upgrading everyone who currently uses Kerio to the latest version of the mail server software. If you have been directed to this blog post, it is probably because your upgrade is happening soon. Please read below to understand how this might affect you.

The latest update to Kerio Mailserver fixes a number of bugs including slow response times when using Outlook and the issues with the Kerio Offline Outlook connector consuming large amounts of RAM. It also fixes an issue with Thunderbird incorrectly mapping default folders such as trash and junk.

More detailed information on all of the changes can be found in the release notes for Kerio Mail server 6.7.0 here. However you should note that this information is aimed at techies not users.

Information for each user base:

Thunderbird and other users using IMAP accounts

You should notice no changes to your email client. We will be looking at users accounts where duplicate folders have been highlighted to us over the next few weeks to ensure these are removed and mapped correctly.

Web Mail users

No action is needed, when you next log in you may notice a few minor adjustments to the operations in web mail.

Outlook Users

A new version of the Kerio Outlook Connector needs to be installed. When you open Outlook for the first time you will be greeted by a message asking you if you want you upgrade now, the answer is YES. The upgrade will take a few minutes and your Outlook will restart. Please take a look at the Screen shot links below for both Windows XP and Vista.

Windows XP Screenshots and Upgrade walk through
Windows VISTA Screenshots and Upgrade walk through

As always if you have any issues or questions please do not hesitate to get in touch.

6.6, 6.7, 6.7.0, bugs, changes, Connector, default, deleted, duplicate, duplicate folders, first time, fixes, folders, IMAP, improvements, incorrectly, installed, issues, junk, Kerio, Kerio Mail server 6.7.0, Kerio MailServer, Kerio Offline Outlook Connector, Kraya, Mail, Mail Server, MailServer, mapping, new version, Offline, Offline Outlook Connector, Outlook, Outlook connector, POP, POP3, problems, RAM, release notes, response, restart, Screen shots, Screenshots, Server, slow, spam, Thunderbird, times, Trash, Upgrade, upgrading, version, Vista, Web Mail, Windows, Windows vista, windows XP, XP

Technological Ramblings by Stephen

Stephen Ramsay is the Head of Krayatec Edinburgh’s leading Linux centric IT Support Company. We provide IT Support, telecoms and technology partnerships to businesses running Windows, Linux and Apple based systems. We also manage the complete and seamless integration of, all these operating systems into one coherent, network and technology strategy.
This blog is part work, part personal, so I hope you enjoy the mix and feel free to leave some comments, reply via Twitter, or drop me an Email for more information, on anything you read here, or to find out a bit more about what we do and how we do it.
Categories
- hardware
- how to
- Journeys
- Kraya
- Linux
- Privacy
- Random Rambelings
- Rants
- Security
  - Apple
  - Windows updates
- tweets
- Uncategorized
- Windows
Tag Cloud
anti-virus Apple Apple Mac Computer computers email IMAP issues junk Kerio Kerio MailServer Kerio Offline Outlook Connector Kraya KrayaTec Linux Mac Mail Server MailServer Microsoft Microsoft windows network office Outlook ramsay Random Security Server slow Social Networks software spam Stephen Stephen ramsay stepram Thunderbird tweets twitter Ubuntu update Vista Vulnerability webmail Windows windows XP XP
blogrol
Kraya
Open Source Software
Social Networks
usefull geekerie
- DNS / MX Propagation Checker
- Whats my dns
Calendar
September 2010

M T W T F S S

« Jul

1 2 3 4 5

6 7 8 9 10 11 12

13 14 15 16 17 18 19

20 21 22 23 24 25 26

27 28 29 30
Blog Archives

Security

Technological Ramblings by Stephen

Categories

Tag Cloud

blogrol

Kraya

Open Source Software

Social Networks

usefull geekerie

Calendar

Blog Archives