Cloud Security, Privacy and Reliability...

Webcast: Code Red to Zbot: 10 Years of Tech, Researchers and Threat Evolution

Bruce Cowper - Microsoft — Fri, 25 May 2012 18:03:00 GMT

For those of you that joined us at RSA this year in San Francisco, you may have taking in the session presented by Jeff Jones and Tim Rains on 10 Years of Tech, Researchers and Threat Evolution. Jeff and Tim followed up with a series of blog posts delving in to more detail:

I would also recommend reading the Behind the Charts – Scrubbing the Vulnerability Data post to understand more about the data sources and methodology Jeff used in his analysis.

The great news is that Tim and Jeff have delivered a webcast of the session, which you can find here. The deck from the webcast can also be found here.

Note that you can also download the full report: Microsoft Security Intelligence Report Special Edition: 10-Year Review.

Resources:

Microsoft Security Intelligence Report Special Edition: 10-Year Review

RSA Conference Webcast: Code Red to Zbot: 10 Years of Tech, Researchers and Threat Evolution

RSA Conference Webcast: Code Red to Zbot: 10 Years of Tech, Researchers and Threat Evolution presentation deck

The Road to CSUN

Bruce Cowper - Microsoft — Wed, 21 Mar 2012 21:36:00 GMT

Okay, I admit it… I had no real idea going in to a conversation today what the CSUN conference was. It turns out that I am referring to the Technology & Persons with Disabilities Conference. The road to it is another question…

The team (Trustworthy Computing) that I sit in includes a range of different areas, from Security, Privacy and Reliability, to Online Safety, Accessibility and more. Today I attended a session by the Accessibility team that opened my eyes…

Accessibility for me became an area of interest when a number of years ago my Grandfather’s eyesight started failing. At the time technology was limited and access to that technology even more so ( I am among other things Zimbabwean, need I say more). As an engineer, he had been heavily reliant on technology and his ability to use it and when he could no longer do simple things like send an email because he couldn’t see the letters on the keyboard, he became increasingly frustrated.

Fast forward to just over 18 months ago when my father was going through the same thing. The amazing thing was that technology had moved on so much and all I really had to do was install Windows 7 and the vast majority of what we needed was right there, built in to the operating system…

Some of the Accessibility features in Windows 7

Windows Speech Recognition
Magnifier
On-Screen Keyboard
Narrator and visual notifications

Click play below the video to watch (don’t forget full screen), or directly here.

Back to the Road to CSUN…

As it happens the Accessibility team recently went down to the CSUN conference in San Diego, California. They drove down from the Microsoft campus here in Redmond, Washington, making stops along the way. Their journey is both entertaining and informative. If you do nothing else today (or this week), I would encourage you to go to their blog and read about their journey. If you just want the quick fix, here are the link to their videos:

Enjoy!

Microsoft PhotoDNA Technology Helping Law Enforcement Fight Child Pornography

Bruce Cowper - Microsoft — Wed, 21 Mar 2012 16:56:18 GMT

Having worked with Law Enforcement around the world for many years, there is always a huge demand for tools and resources to help investigations. One such tool is PhotoDNA, which essentially creates something like a fingerprint of an image which can be compared with the signatures of other images to find copies. The National Center for Missing & Exploited Children (NCMEC) and online service providers such as Microsoft and Facebook currently use PhotoDNA to help find, report and eliminate some of the worst known images of child pornography online.

Recently the Microsoft Digital Crimes Unit announced that they are partnering with NetClean to make our Microsoft PhotoDNA image matching technology available to law enforcement at no cost to help enhance their child sex abuse investigations.

This means that PhotoDNA will be available to law enforcement at no charge via:

· NetClean Analyze. PhotoDNA is being made available through a new version of NetClean Analyze, a free technology already used by law enforcement in many countries worldwide. The new version will also include functionality to support connections between NetClean Analyze and the Child Exploitation Tracking System (CETS) where appropriate.

· The Child Exploitation Tracking System (CETS). PhotoDNA is being integrated into CETS, a collaborative global law enforcement program supported by Microsoft technology for child pornography investigations. CETS helps law enforcement agencies follow hundreds of suspects at a time and eliminate duplication, making it more efficient for the agencies to follow up on leads, collect evidence and build cases against suspected child pornographers. CETS is currently used by agencies in Australia, Brazil, Belgium, Canada, Italy, the United Kingdom and the United States.

Blog: Microsoft PhotoDNA Technology to Help Law Enforcement Fight Child Pornography

Video: Microsoft Makes PhotoDNA Available to Law Enforcement

Video: How PhotoDNA Enhances NetClean Analyze

Mouse Without Borders and Windows 8 Consumer Preview

Bruce Cowper - Microsoft — Wed, 07 Mar 2012 00:54:36 GMT

I have blogged about using Mouse Without Borders before, but today after installing the Windows 8 Consumer Preview on my system I wanted to see if I could get Magic Mouse running. While the computer I installed it on has a basic touch screen, I wanted to put a mouse and keyboard on the device, but not clutter up my desk even more than it is. So…

The first thing I discovered is that Mouse Without Borders requires the .Net Framework 2.0. For those who have not yet discovered it, the .Net framework 2.0 is not enabled by default in Windows 8 CP. There are a few solutions to resolve this..

1: Using an installer that tries to download the .NET framework will trigger Windows 8 CP to try to enable the component automatically. It will likely require a download from Windows Update. This did not work for me, despite being connected to a wired network, it came up with an error trying to download the necessary files.

2: If you go to Control Panel.. Programs.. Get Programs and select “Turn Windows Features on or off”, you will see the “.NET Framework 3.5 (include .NET 2.0 and 3.0)” listed, but disabled. Simply select the feature and Windows 8 will try to install the necessary components. This did not work for me, despite being connected to a wired network, it came up with an error trying to download the necessary files.

So, given the error message, I wondered if there was a way to download the files from the Internet, I pulled out my trusty install Flash Drive from my earlier post. That happens to have the necessary files on the drive.

3: To enable .NET Framework 3.5 using a Flash drive (or DVD):
Start a Command Prompt as an administrator (click the Start button and type CMD, right-click on cmd.exe and select “Run as administrator" and accept the UAC prompt, assuming you are using Windows Vista or Windows 7)
Run the following command in Bold followed by ENTER:

Dism.exe /online /enable-feature /featurename:NetFX3 /All /Source:e:\sources\sxs /LimitAccess (note: the e: drive is the letter associated with the install DVD or Flash drive that contains the installation files)

If you need to, you can copy the source files (e:\sources\sxs\*.*) to the local hard drive and alter the /Source: parameter as appropriate.

Mouse Without Borders installed and worked wonderfully after that. Just remember to use the same version of the Mouse Without Borders software on all machines…

Enjoy!

Creating a Windows 8 Bootable USB flash drive

Bruce Cowper - Microsoft — Tue, 06 Mar 2012 19:30:00 GMT

Now I am back from the RSA Conference, I have a few moments to put the Windows 8 Consumer Preview on my ASUS EEE Top machine. The fastest way for me to do this considering the machine does not have a DVD drive is to create a bootable USB flash drive with the Windows 8 installation files on. The process is pretty straight forward, but does require a little command line work.

a, First of all, you will need to download the ISO image of the Windows 8 Consumer Preview.

b, You will need to extract the files from the ISO image, so my preferred tool is SlySoft’s Virtual CloneDrive. This is free and easy to use. What it allows you to do is mount the ISO file as a drive. This will be needed later.

c, Now to format your USB flash drive. Keep in mind that this will erase all of the files on your USB flash drive, so you might want to double check it for important data before proceeding. Your flash drive should be at least 8Gb (especially if you are installing the 64bit version of Windows 8)

Plug in your USB Flash drive if you have not already done so.
Start a Command Prompt as an administrator (click the Start button and type CMD, right-click on cmd.exe and select “Run as administrator" and accept the UAC prompt, assuming you are using Windows Vista or Windows 7)

Type diskpart and then press ENTER
For each line, type the parts on BOLD and press ENTER after each entry, the notes are for reference only

DISKPART> list disk (note: this will list the disks on your system. Typically look for the one that matches the capacity of your USB flash drive)
DISKPART> select disk x (note: x is the number for your USB flash drive you obtained from the list command above)
DISKPART> clean (note: this will erase your USB flash drive)
DISKPART> create partition primary (note: this will create a new primary partition on the USB Flash drive)
DISKPART> select partition 1 (note: this will select the partition you just created)
DISKPART> active (note: this will set the new partition as active, which identifies it as a valid system partition)
DISKPART> format FS=NTFS QUICK (note: this will perform a quick format on the USB Flash drive)
DISKPART> assign (note: this will assign a drive letter to the partition)
DISKPART> exit

d, Now we need to put the boot files from the ISO image you downloaded earlier on to the USB Flash drive. You will need to mount the ISO image using SlySoft’s Virtual CloneDrive. To do this, right-click on the ISO image you downloaded (i.e. Windows8-ConsumerPreview-64bit-English.iso) and select “Mount”. If you do not see the “Mount” option, it may mean that the Virtual Clone Drive (or similar) tool is not installed. Once you have selcted “Mount”, a drive letter will be assigned to the ISO image. Make a note as to what drive letter has been assigned to the ISO, in my case drive “F:”.

Next, you will need to start a Command Prompt as an administrator (click the Start button and type CMD, right-click on cmd.exe and select “Run as administrator" and accept the UAC prompt, assuming you are using Windows Vista or Windows 7).

Navigate to your ISO drive, in my case “F:” and type the following:

cd \boot (thanks Ron T for pointing this out)

bootsect /nt60 y: (note: where y: is the drive letter assigned to your USB Flash drive – this will copy across the boot files)

e, Lastly we will need to copy the installation files across from the ISO image to the USB Flash drive. To do this, type the following:

XCOPY X:\*.* Y:\ /E /J /H (note: where x: is the drive letter assigned to your ISO image and y: is the drive letter assigned to your USB Flash Drive)

You should note have a Windows 8 Bootable USB flash drive.

Enjoy!

Trust in Computing Research

Bruce Cowper - Microsoft — Wed, 29 Feb 2012 20:55:00 GMT

Yesterday in Scott Charney’s RSA 2012 keynote, he made reference to a statistic stating that 92.5 percent of respondents believe cybercrime laws need updating. This was one of the many findings of the Trust in Computing research recently conducted by the Trustworthy Computing team.

The Microsoft “Trust in Computing” research was conducted in nine countries around the world; the United States, Canada, United Kingdom, Germany, Australia, Brazil, Russia, India and China. Questions were asked on the Internet, devices, security, privacy, reliability, Cybersecurity representing use, experiences and perceptions.

For more details, see the blog post and keep following as we release more data in the coming months.

As a small taster here are some interesting findings.

Security, Privacy and Reliability of online services?

86.6 percent of respondents were concerned about the Security of online services they use
86.7 percent of respondents were concerned about the Privacy of the online services they use
80.5 percent of respondents were concerned about the Availability of online services they use

Where your data is stored and who has access to it?

59.1 percent of respondents are very concerned with where their data is located in the world.
51.1 percent of respondents are concerned about their spouse or partner knowing their location information.
71.5 percent of respondents are concerned about their Government having access to their location information

There are more findings in the Trust in Computing Research here.

RSA Conference 2012

Bruce Cowper - Microsoft — Tue, 28 Feb 2012 23:31:00 GMT

Whether you here at the RSA Conference 2012 in San Francisco, CA or not, you might be interested to know that the keynote Scott Charney delivered this morning is now online.

Scott Charney’s RSA keynote this morning outlined evolved security, privacy and reliability strategies for cloud and big data. He encouraged industry and governments to adopt more holistic security strategies, create effective privacy principles and improve reliability of devices and services. Scott discussed the cloud and the concept of big data, the role of governments, and the reality of evolving cyber threats.

Scott also announced the new Trustworthy Computing Next white paper.

Scott Charney’s RSA conference 2012 Keynote

For further information on the Keynote and white paper, please visit Scott’s blog post.

You can also see the other RSA sessions, information and activities here.

Cloud Security Alliance Summit 2012

Bruce Cowper - Microsoft — Mon, 27 Feb 2012 22:35:00 GMT

For those of you who were unable to join in this morning at the Cloud Security Alliance Summit 2012, you missed an interesting event. The summit was a mixture of keynotes and panels from folks across the industry. Details can be found here: https://cloudsecurityalliance.org/events/csa-summit-rsa-2012/

"Protecting State Secrets in the Cloud"

Mike McConnell, Vice Chairman, Booz Allen Hamilton and former Director of National Intelligence & former Director, National Security Agency

This interesting presentation included a number of stories about the US Government and how they are investing in cybersecurity protection for their infrastructure. The key component of this was that they realize the economic impact on the country and world if private infrastructure is targeted by foreign interests. The one statement I did find interesting (and this is paraphrased) was a claim that the United States is the country most reliant on digital infrastructure… and has the most to lose if it is compromised. I wonder how the people in the room from around the world view this statement given the adoption of technology elsewhere if frequently faster than the US.

Panel: “National and International Security Standards - The Viability of Cross-Jurisdictional Solutions”

Moderator: Tim Mather, Advisory Director, KPMG
Speaking: Marc S. Crandall, JD, CIPP, Senior Manager of Global Compliance Enterprise, Google
Baber Amin – Senior Director of Product Management, CA Technologies
Chris Wysopal, CTO, Veracode
Ashvin Kamaraju, VP Product Development, Vormetric

I am a huge fan of panels in that we get an opportunity to interact, but keeping them on track is often a tough job. Tim did a great job of managing this panel session, making it in to an interesting discussion on cloud security standards and data exchange across borders and other jurisdictional boundaries. The conversation did go some way to outlining the work being done both in the CSA and elsewhere to do with standards frameworks in this space, but it seems that key point was that we have a long way to go with updating what we have today to meet the challenges of today, let alone those of tomorrow. Interestingly in a recent survey we did here in Trustworthy Computing, 92.5 percent of respondents believe cybercrime laws in their country need updating.

Keynote: “Solving Cloud Access Complexity Through a Broker Model”

Speakers: Girish Juneja, Director of Intel Application Security and Identity Products, Intel
Ron Huddleston Senior, Vice President, ISV Alliances, salesforce.com

This presentation was a product pitch for Intel and Salesforce.com.

Keynote: “Securing an OpenStack Cloud”

Speaker: Chris Kemp Founder and CEO, Nebula Inc., former CTO NASA

Thanks Chris for doing a slightly more technical presentation on an open source software project called OpenStack. This project aims to provide a flexible way to build a cloud fabric. This project has been written in Python and in essence uses the security models of the underlying technologies such as the hypervisors etc to secure the solution. I would encourage people to make up their own minds: http://openstack.org/, but I do understand they have a way to go on the project, especially in terms of security.

Panel: “Cloud Innovation - The Panel's View on the Next Generation of Cloud Security Devices and Services”

Moderator: Philippe Courtot, CEO, Qualys Inc.

Panelists:
Patrick Harding, CTO, Ping Identity
Don Godfrey, Security Consultant, Humana (Representing Zscaler)
David Lingenfelter, Information Security Officer, Fiberlink
Matt Johansen, Threat Research Center Manager, WhiteHat Security

The one message I took away from this session was that it is still very much undecided to owns and is ultimately responsible for security in the mobile world. Much of the discussion was taken up with the follow example.. If you download an application from the app store on a mobile device and it contains malware, who is responsible for helping you, the software vendor, the owner of the app store, the mobile OS vendor, the telecoms company you use, or indeed the phone manufacturer. No real answers here, but a realization that with the rise of smartphones, it is an increasingly big problem that has not easy solution.

"From Datacenter to Device: Security in the Enterprise 2012 and Beyond"

Presenting:Steve Herrod, CTO and SVP of R&D, VMware

I have to confess to not staying for this talk as lunch beckoned.

Overall, an interesting session and most importantly good to see how many people attended. Great that CSA is having such a big splash in the community. Now I await the rest of the conference!

A Truly Magic Mouse

Bruce Cowper - Microsoft — Mon, 30 Jan 2012 23:10:53 GMT

I have now been using the application for a little over a week and I can honestly say that it has changed my geekish life. What is it you ask? Well, quite simply put it is a mouse without borders…

Do you have multiple computers on your desk, or wish you could easily without having to clutter the place up with numerous keyboards and mice? The answer (for me anyway) came after I read a blog post on a Microsoft Garage project called ‘Mouse without Borders’. Now initially I filed the blog post under – ‘I will read that when I get time’ and really wish I had not.

I use a couple of computers on my desk, both at home and in the office. I wanted to be able to use a single mouse and keyboard to control the machines. I also wanted to be able to copy and paste files, data and URLs etc between them. Oh and most importantly for me, to also be able to lock or log on/off the machines off simply together. It seems that Truong Do (he works for the Microsoft Dynamics team) read my mind. He developed the application to do all of the above and more.

Here is the video about the project.

The tool allows you to link up to four computers together seamlessly. If you do nothing else today (and have multiple machines to play with), it to download Mouse Without Borders and start playing. It is really straightforward to install and configure.

Enjoy!

Bruce

Converting to WHS 2011 Part 4 – Add-ins

Bruce Cowper - Microsoft — Wed, 23 Nov 2011 04:43:09 GMT

As part of my journey to install Windows Home Server 2011 on my HP MediaSmart EX470 server, I have been looking for useful add-ins and customizations. Below is a list of the ones I have implemented and found useful, though keep in mind that not all are essential or free… oh, and none are written by me, so you use them at your own risk…

Configuration / monitoring

AWIECO DriveInfo

The AWIECO DriveInfo is a free add-in for Windows Home Server 2011 and Small Business Server 2011 Essentials. The add-in integrates itself into the "Server Folders and Hard Drives" area of your Dashboard. It shows a graphical overview of your hard disks and drives inside the Dashboard.

AWEICO RemoteLauncher

The AWIECO RemoteLauncher add-in for Small Business Server 2011 Essentials and Windows Home Server 2011 is a free add-in, which gives you more administrative possibilities to manage your SBS or WHS remotely. It pre-installs a number of pre-defined system tools which are useful for remote admin etc. If you really want, you can install applications on the server and run them remotely.

Orbital Backup Configuration Add-In

This add-in allows you to easily set up an Apple Mac computer's Time Machine to use a backup location on WHS 2011. This is something that was complicated to do before, but this takes away the guesswork.

InteliSAN LDisk

Windows Home Server Add-In adds iSCSI Target Storage capability to your Windows Home Server. Okay, not everyone has or needs an iSCSI SAN, but think about setting up a cluster on Hyper-V and using your WHS for storage?

ISO Mounter

ISO Mounter is a software add-in for Microsoft Home Server and Small Business Server that allows you to mount ISO files (DVD and CD images) stored on your server so they can be viewed directly through your servers folder share on all of your PC's and laptops. Note that this is not a free tool, but not expensive.

SpeedFan by Alfredo Milani Comparetti

SpeedFan is a program that monitors voltages, fan speeds and temperatures in computers with hardware monitor chips. SpeedFan can access S.M.A.R.T. info and show hard disk temperatures. On the HP MediaSmart Servers, it is a good way of monitoring CPU and drive temperatures and controlling the fan speeds to avoid over-heating.

Storage

Windows Live Mesh

Windows Live Mesh is a great free tool to sync data between machines and yes it does run on WHS 2011. There is a good blog post here on how to install Windows Live Mesh on WHS 2011.

DriveBender

Drive pooling technology for all versions of Microsoft Windows. This is a replacement for those wanting the equivalent of the WHS v1 Drive Extender technology. Note that in a previous post, I discussed not combining DriveBender with Live Mesh... you have been warned! (though others report that this works fin, but I suspect it is a function of resource availability on the lower powered HP MediaSmart EX 470/475 servers)

StableBit DrivePool

StableBit DrivePool is an add-in for Windows Home Server 2011, Windows Small Business Server 2011 Essentials and Windows Storage Server 2008 R2 Essentials. This is a replacement for those wanting the equivalent of the WHS v1 Drive Extender technology.

Snoop-de-dupe

Snoop-de-dupe will automatically scan your server storage and display duplicate files in an easy-to-view layout directly within the server’s user Console. Once snoop-de-dupe locates duplicate files then you can respond to them as you choose. You can delete the duplicate files, ignore/keep the duplicate files, or replace the duplicate files with a hard-link.

Video / Communications

MyMovies

My Movies for Windows Home Server is an add-on program for Windows Home Server, providing a set of features around movies and music, making it a great solution for adding, identifying and maintaining movie and music data on your Windows Home Server, serving it to different Media Center solutions or music playback devices. I have now used MyMovies for several years to help me archive and organize my videos.

TV4Home

TV4Home installs MediaPortal TV Server on your Windows Home Server. You can then record your favorite TV shows or stream Live-TV to network clients. It supports a wide range of tuners (see here).

There are many more add-ins and so I encourage you to try out sites like wegotserved.com and MSWHS.com and even the Microsoft site as there are lots of good lists of add-ins.

Enjoy!