iOS4 + Exchange Issues


From MS Exchange Team Blog:

Recently Apple released iOS 4 (the new name for the operating system that runs on iPhones, iPod touches, and iPads). Since its release there have been numerous reports (link, link, link) of a number of issues with new iPhone 4s (and older iPhone models running the updated software version) when using Exchange ActiveSync (EAS). I wanted to put up a quick posting about what issues users may be seeing and what we’re doing about it.


ToolTip: Network Delay Simulator


ToolTip: Network Delay Simulator.

Great Tool pointed out by my colleague alex verboon.

GPO Search Tool


My colleague Alex Verboon posted up a link to a great tool the other day for GPO. Take a look:

Microsoft Online Services


One of my biggest worries about running my fathers business’s Sharepoint (WSS) and Exchange (Packaged with SBS 2003) is the element of Backing up and Expandability. I always fear the day that i would get the dreaded phonecall (you know the one that all Administrators dread) in which email is offline or the sharepoint is offline / missing files. I have been lucky to date in that ive only had one failure in which i was able to use a backup to restore everything.


How do i: Rejoin computer to the same account?


Pet hate of mine is creation of new computer accounts (ahhh) for machines that have been reimaged, rejoining the same account is actually really simple!

  1. Open up AD Users & Computers
  2. Find your computer account
  3. Right click an hit “Reset”
  4. Join the computer to the domain with the old account.

Bam, computers back on the domain with the same name and groups! Simple

Forgotten Tools: Altiris DS


As consultants we always have the challenge of migrating from one Desktop OS to a Newer Version and normally we stick to the same products: USMT, SCCM and Radia CAE; Its rare that we deviate from this because we know that USMT + SCCM or Radia is bullet proof, millions of desktops have been migrated this way with much success.


Windows + BootCamp (Mac)


Mitch Garvis has a great article on running Windows 7 with BootCamp on Intel Based Macs.

See here: Click Here

Things to look forward to in 2010


So here we are in 2010! 2009 was good, but if your a big geek like me well let me assure you 2010 will not disappoint you, 2010 has got something for everyone in store.


Hydraq IE 0 Day Exploit (Symantec)

What does Hydraq do?

Hydraq is a targeted attack that installs itself on a user’s computer or an organization’s server. It then can be used to search an organization for private information. Hydra can capture and forward all information from an infected computer, including a live feed of windows on a screen and all information typed on the keyboard. Hydra can also be remotely updated to perform additional tasks, including attempting to compromise other machines.

How does Hydraq infect a computer?

Typically an email is sent to an individual or small group of individuals, within an organization. All efforts are made to make the email look legitimate, that is, it will appear as though it was sent by somebody the recipient trusts . The subject matter will often be related to the recipient’s area of business. In order to install the malware, the user must be tricked into either clicking a malicious link or opening an attachment. Both methods then exploit a vulnerability to install the Trojan onto the machine.

What is the current state of Hydraq?

At this time, the command and control servers are no longer active so any of the Hydraq trojans still remaining in the field are effectively non-functional. Symantec has released definitions to detect and remove infections of the Hydraq trojan.

Customers are encouraged to follow best practices in general and specifically to update to the latest patches available for Adobe Acrobat, Adobe Reader, and Adobe Flash Player. See: Adobe APSB09-10. At this time a patch is not available for the Internet Explorer, but IPS signatures have been released by Symantec which block exploitation of both vulnerabilities.

Information on Hydraq
Symantec customers are protected

Our product and services teams discuss how Symantec customers are effectively protected from this threat.

Symantec Protection Suite

The Hydraq attacks were targeted at the core security infrastructure of organizations. Multiple layers of defense bolster an organization’s ability to defend against such attacks. Symantec Protection Suite users have a robust defense at the gateway with Brightmail Gateway for SMTP email security, along with Web Gateway for Web traffic and usage, ensuring that an organization is able to monitor all incoming and outgoing mail and Web traffic – constantly monitoring for and stopping threats. The Protection Suite ensures endpoints are clean with its market-leading Endpoint Security product. Finally, by having access to Symantec’s Backup Exec for desktops and laptops, in the event an endpoint is infected, doing a complete re-image is quick and easy, ensuring up-time and employee productivity. Symantec’s security products are backed by our Global Intelligence Network, ensuring customers are protected and up-to-date on rules and signatures.

Symantec Security Information Manager

A number of these attacks were achieved using a combination of attack vectors, resulting in back door Trojans being installed. Security Information Manager can effectively collect and prioritize these events as they occur across the layered security solutions that need to be deployed to protect against a broad variety of these attack vectors. Security Information Manager can further contribute global intelligence to the correlation process to include malicious IP, Worm IP and Botnet IP lists that can be manually updated to automatically conclude incidents around this particular attack. Early detection of single exploited attack vectors may provide preemptive visibility to attacks before they can fully execute.

DeepSight Early Warning Services

Symantec DeepSight Early Warning Services provides actionable intelligence covering the complete threat lifecycle, from initial vulnerability to active attack. On January 15 we published a journal about a new unpatched Microsoft Internet Explorer vulnerability, which is leveraged by malware identified by Symantec as Trojan.Hydraq. DeepSight Analysts continue to provide updates to this evolving threat as new information becomes available. DeepSight subscribers benefit from personalized notifications and expert analysis (including patches, countermeasures and workarounds) to better protect critical information assets against a potential attack.

Symantec Managed Security Services

Symantec Managed Security Services monitors over 800 customers (including 92 of the Fortune 500). In response to this threat, Symantec MSS updated our detection capabilities for both the targeted Trojan.Hydraq as well as exploits against the recent IE vulnerability. This monitoring includes customers’ firewalls, intrusion detection sensors (IDS), web proxies and system logs. As this threat is primarily client side, any clients with our Managed Endpoint Security service also received updates to protect their endpoints from this attack. Our SOC Analysts are available to work with customers to take proactive steps to mitigate the IE vulnerability within their enterprise as needed.

Symantec Critical Systems Protection

The focus of these attacks was to steal intellectual property. Symantec Critical Systems Protection plays a significant role in defending this data by placing constraints around which users and applications have access to sensitive data. Any unauthorized users or applications would have been denied access to the data and an alert would have been generated by making the attempt. Additionally, Symantec Critical Systems Protection provides out-of-the-box protection against both known and unknown remote code execution attempts.

Altiris Total Management Suite

With this attack, Total Management Suite customers benefit from the ability to gain complete visibility into their IT environment. Users run accurate asset inventory reports to react quickly to threats and vulnerabilities and take the necessary steps to remediate. Total Management Suite will have quickly found the necessary software updates and/or patches then run automatic processes for all assets – like upgrading to IE 8 in this case. Total Management Suite also generates reports to ensure successful updates or migrations, and update asset inventory reports to prepare for ongoing management.

Symantec Hosted Services

Trojan.Hydraq spans multiple communication protocols and can evade signature-based detection. Symantec Hosted Services help protect against converged threats that span email, Web, and instant messaging. Our proprietary heuristic technology for malware and spam filtering, captures and shares threat intelligence across these protocols and provides identification of previously unseen threats. All managed via a single, integrated security management console that simplifies administration while increasing visibility and control.

Smart Windows 7 Smartphones!

For more information about the Windows Springboard Series visit

In June of 2009 I wrote an article about a feature of Windows 7 that I loved… but couldn’t at the time confirm would actually make it into the final release of Windows 7.  In fact I was unable to find any documentation on it at all, which led me to believe, late one night, that I might have violated a non-disclosure agreement.  The article was called Smartphones and Windows 7 – VERY Smart!

Fortunately the feature made it through, and here is how I set it up and access it.

  1. Make sure your phone is properly paired to your computer.
  2. Double-click on the Bluetooth icon in the Windows Notification Area.
  3. Double-click on your Bluetooth Device (Alternately right-click on your device and click Control)
  4. The Bluetooth Phone Operations and Settings window for your device will appear. 
  5. Under Phone Operations click the Connect button next to the line ‘Use this computer as a headset or speakerphone for calls on your phone (Model Number).
  6. On the phone you will have to accept the connection attempt.


Once I did all of that my phone rang… complete coincidence of course, but the timing was great.  I put on my headset (Microsoft LifeChat LX-3000) and answered the phone… the call came through over the headset.

I know that on the previous post the screen shot showed that I could enter a phone number to dial, hang up, and so on.  I suspect this functionality will differ by phone model; I still have my old phone configured and the screen shot is slightly different; having said that the dial-from-computer functionality never worked on the old one – always said ‘not supported by this phone’. 

Give this a shot… it is much easier to make calls without having to hold the phone to your ear for hours!

For more information about the Windows Springboard Series visit

Posted via email from Michael’s Posterous

Go to Top