mikedavis

Meltdown and Spectre

Meltdown and Spectre

 

In 2017 computer researchers found a hardware design flaw in the processor inside most of our computers and servers.  They made their findings public in January of 2018.  The flaw has been there for years.

This hardware bug allows malicious programs to steal data that is being processed in your computer memory. Normally, applications are not able to do that because they are isolated from each other and the operating system. This hardware bug breaks that isolation.

So, if the bad guys are able to get malicious software running on your computer, they can get access to your passwords stored in a password manager or browser, your emails, instant messages and even business-critical documents. There are also some papers that suggest that this exploit can run in a browser such as Internet Explorer or Chrome. Not good.

So what’s the solution?

All computers need to be updated and patched. Microsoft expects to release a patch on January 9th.   Google has announced that it expects to have a patch ready for Chrome January 23rd.

The important thing for you to know is that this isn’t an issue on your computer unless malicious software gets installed.  You need to be on the watch for emails and websites that try to trick you in to installing malicious programs.

If you would like some security awareness training where you learn how to spot their tricks, please contact Extra Mile Technology Services.

Copy Paste Ninja

Have you ever stood behind someone that moved text around the screen like some kind of keyboard ninja?  They were probably using keyboard short cuts.  With a few basic keyboard short cuts you can move text around faster than your mouse wielding coworkers.  Here are the basics you must now:

Shortcut

ctrl c

ctrl x 

ctrl v

alt tab 

what it does

copy

cut

paste

switches between windows

 For example, to copy some text from a word document and paste it to an email, you would select the text with your mouse, and then hold down the “ctrl” key and press the “c” key.  Then flip to the email and hold down “ctrl” and press “v”. To really impress your coworkers, you can flip between the windows by holding down the “alt” key and pressing “tab”.

The Meaningful Subject Line

In 2016 the average person received 88 emails per day and sent 34.  If we only spend one minute per email that’s still a huge chunk of our work day.  How many times do you stop what you’re doing to read an email to find out it wasn’t urgent, important, or even relevant to you?  

There are a few things we can do to help each other spend less time on the handling email and more time on our jobs.  Perhaps the biggest thing we can do is use a meaningful subject in every email we send.  

Have you ever got an email with a subject of “help”?  Our natural response is to stop what we’re doing and read the email.  The body of the email could be “I have a client that I need help with right now.” Or “Thanks for your help the other day.”  Either way if you’re searching for the email later, it will be hard to find.  Also, if you’re on the one sending the email, using a meaningful subject helps you organize the responses.  Remember, if it’s worth sending, it’s worth a meaningful subject.

OpenVPN set up on Windows 7

If you’re using an Ubiquiti EdgeRouter, you may want to configure a VPN connection if you have a Windows client that you want to be able to connect to the corporate network.  Setting it up on Windows 7 is not as straight forward as it could be.

To get started, right click on your network adapter on your task bar and select “Open Network and Sharing Center.”

Then click “Set up a new connection or network.”

 

Connect to a workplace

 

Use my Internet connection

 

The Internet Address is going to be the public internet address of your Ubiquiti EdgeRouter.  The address in the example below is an internet address.  Don’t let this confuse you.  You can name the destination whatever you want.

 

The username will be the username and password that you configured on the line in your ER that says:

set vpn l2tp remote-access authentication local-users username user1 password <password>

 

It gives you no choice to click Connect, so click it, but then click Skip.  It’s not going to work if you’re using a preshared key.  This would be the case if you have the following lines:

set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret <secret>

 

Click Close.

 

Click Change adapter settings.

 

Right click and select Properties of your new VPN adapter.

 

Click the Security Tab and then Advanced settings.

 

Click the radio button for “Use preshared key for authentication” and paste in the key from the line:
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret <secret>

Click OK, and then you can connect.

How To Find A Good Account Representative

If you’re in IT then probably buy lots of gear.  Some IT shops do things on a project basis and some do continuous upgrades.  Either way between budgets and project approvals, you have to buy stuff.  Having a good account rep can make your job easier and makes you more productive.  They can also save you money, which is often the first thing that people think about when they think about buying stuff.

Save you time:

  • You can call them and tell them what you’re looking for and they can chase down the part numbers or pull in the right people and come up with a solution. This isn’t a big deal if you’re ordering some mouse pads, but if you’re ordering a server and a wall mount rack and you want to make sure it will fit, it can save you a bunch of time, and if it doesn’t fit, it’s on them to resolve it.
  • When it comes time to put together your yearly budget or get some pricing for a project, they can do the leg work to put all the pieces together and give you some numbers that will make you look good.
  • If you have an issue with an order, instead of going through the normal channels of support, you can reach out to them for an advanced replacement or exchange. These kinds of things aren’t advertised on websites, but if you have a good relationship with your rep, they can make things happen.
  • A good rep can also arrange to have demo items sent to you so you can get your hands on something you’ve only seen pictures of.
  • They also share information that you can’t get through normal channels. For instance they may call and say, I know you’ve been ordering a lot of this model of workstation and that model is reaching end of production.  Did you want to order a few more before they’re gone, or can I send you some demos of the model that is replacing it so you can select your next model?

So now that you know what they can do for you, how to find one?  The first piece of advice is that to have a good account rep, you need to be a good customer.  If you’re a bad customer, no matter who you go to, you will probably have a bad account rep.  Even if a friend recommends a rep that they say is very good, if you’re a bad customer, they will probably not be a good rep for you.  How can that be?

Account reps are like everyone else.  They only have so many hours in their day.  When requests come in from multiple clients at once, who do you think gets priority?  If their nickname for you is “Low Bid Bob” are they going to work on your stuff when they have more profitable customers waiting?  If you only buy 1/3 of the things you have them quote, are they going to put much time in to researching a solution for you?

A good customer figures out as best as they can what they need and explains it to their rep so they don’t have to come back multiple times for questions.  If it’s an email, it’s written so that it can be forwarded on to the different manufacture reps and they can come up with a solution.  If a good customer has all the part numbers of exactly what they want, they just go to the website, plug in the numbers and order right from there.  A good rep will provide you with a portal that will automatically give you discounts, so there’s no need to bother a human with a request like that.

Even if you’re a good customer, that doesn’t automatically make your rep a good rep.  If you’re an IT Manager for any length of time and don’t screen your calls, you will probably get calls daily from resellers that guarantee you the lowest price and tell you they have the line card with the most vendors on it.  That doesn’t really differentiate them though.  When I used to buy a lot from Dell I had my share of good reps and bad reps.  The bad reps had a voicemail that played that said for the best service to send them an email.  They also never used their out of office reply and I never knew when I was going to hear back from them.  This was frustrating if I needed a quick price on something.

The other type a bad account rep is what I call the “part number monkey.”  This rep was absolutely useless unless you had the part number of what you were looking for.  Worse than not understanding what you were looking for, they typically didn’t understand English well enough to pass your request around to their team to find the right solution.  If you already have a part number, a website will do what you need.

So let’s say that you moved in to a new role and now all the sudden, you need to find a good rep.  Where do you start?  I would first reach out to colleges at other companies and see if they can recommend someone.  Sometimes reps are territorial and or only work with certain client types, so you can’t use them.  In that case I would call some of the big vendors (CDW, Insight, Zones, PC Connection, etc) and give them a sample project to work on.  Ask them about their background and how long they have been with the company.  Then see how they process goes.  Did they take days to get back to you only to ask more questions about your request?  Were they easy to get a hold of if they called/emailed while you were out?

With some luck you’ll find one that seems to work pretty well with you and from then on you can just send everything to them first.  If they’re working good for you, there is no need to send everything out to 3 vendors to quote it, unless you are required to.  That just leads to more phone calls/emails that suck up more of your time and doesn’t really save you much money.  If you really want to spot check prices, websites can do that, and you can use your back up rep for that every so often.

Backup rep?  In my experience, it’s a good idea to have a backup rep that you purchase from every so often.  The reason for this is that if you only have one rep that you run everything through, and they leave the company, get promoted to another division, etc and you have to find a new rep at a different company, it can take a while to find one, and even if you, it can take time to set up things like net 30 terms that allow you to purchase large amounts of stuff without all kinds of paperwork.

So there you have it, finding a good rep and being a good customer will build a relationship that will help you get the most out of your working hours.

mailbox clean up

How to clean up your inbox

 

There are a few reasons that people decide that they need to clean up their inbox.  At the top of the list is the administrator that blocks people from being able to send email when their inbox reaches a certain size.  Other times it’s a friendly email from your administrator asking you to thin it down some.  Sometimes Outlook becomes slow and you realize that you have over 10,000 items in your inbox.  Whatever your motivation you have a few different ways to solve your problem.

Email bankruptcy

The first method is what I call email bankruptcy.  This is where you go in your inbox highlight everything and press delete.  A slightly less destructive method is to create an archive file (also called a .pst file) and move all your email off the exchange server and in to that file.  The advantage of this method is it takes very little time and is very effective at getting the size of your inbox down.  Another variation of this is to generate an archive file for each year and put all the email for that year in that file.  The downside of this approach is that depending on where the .pst file is stored, it may not be backed up.  Also you can’t search the contents using Outlook web access.

Outlook 2007 will help you archive anything older than 6 months in two steps.  Do this by going to your main Outlook window and:

Click Tools -> Mailbox Cleanup…

Click the “AutoArchive” button.

Outlook will follow the rules under Tools -> Options -> Other Tab -> AutoArchive button.  By default it will create a folder in your Outlook called AutoArchive and move everything older than 6 months in to it.

Deleting the heavy hitters

This is a quick way to find the emails with large attachments so you can delete them or move them somewhere else.  The reason this is so effective is that a single email with photos attached can take up the same space as 2000 emails without attachments.  So by deleting that one email, you have gained the same amount of space back as if you deleted 2000 emails without attachments.

Outlook 2007 will help you do this by going to your main Outlook window and:

Click Tools -> Mailbox Cleanup…

Leave it selected on “Find items larger than 250 kilobytes” and click “Find…”

cleanup01-larger-than

From there you will get the results displayed in a window.  Take a look down the list and if you don’t need those emails anymore, delete them.

cleanup02-larger-than

Sort by sender

We all sign up for different lists that can send out a tremendous amount of email.  Many of them are time sensitive, so after a week or so, they are irrelevant.  Sort your inbox by sender and select the group and delete.

 

Where my name is not in the to or cc box

This could also be called the “getting rid of cake in the break room” emails.  Add the to field to your view and sort by that.  At the top you’ll see the emails where someone left the to box blank and then just blind carbon copied you on an email.  Most of these broadcast type emails can be deleted.  Then scroll until you get to the everyone group used in your organization.  A quick scan will probably reveal that most of these emails are not something you need to save.

 

In Outlook 2007, the steps are:

  1. In the main Outlook Window, click View -> Current View -> Customize Current View
  2. Click the Fields button
  3. Scroll down to “To” highlight it and click the “Add->” button
  4. Click OK until all the dialog boxes are closed
  5. Back in your outlook window, you will now have the To field all the way over to the left
  6. Click on “To” at the top to sort that Column
  7. Scan through the emails and delete at will

cleanup03-To

 Sort by subject

This typically isn’t as effective as other sorts, but is still better than deleting individual emails.  Just sort by subject and look for groups of emails (threads) that you don’t need any more.

 

Trick or Treat – how criminals infect your computer

Often when I hear someone telling someone else about how their computer got infected with malware, someone will chime in with “you’ve gotta be careful.”  In order to “be careful” you have to know what the dangers are and the tricks criminals will use to infect your computer.

Before we get in to that, many people are probably wondering why they want to infect your computer.  The answer is pretty simple, money.  In November 2013 we saw the first cases of a new category of malware called Ransomware.  The Trojan horse is called Cryptolocker.  If your computer gets infected with this malware, it will encrypt your files and then force you to pay a ransom if you want them back.  Another reason they might want to infect your computer is to use your computer to attack other computers or send spam.  That way your computer will get blocked from the internet and not theirs.

The Search Poison

So how do they infect your computer?  One way is to trick you in to installing their malware.  Google now lets companies bid on key words.  Malware purveyors have used this to their advantage by bidding on keywords for commonly downloaded applications and tricking you in to installing their infected application.  You might not even notice when they are done since they will also install the application you were looking for as well.  Even Google has fallen victim to this attack.  If they can’t protect themselves, other companies don’t stand a chance.   Take a look at the example below:

chrome-malware

 

Notice how the second link takes you to www.gchrome-app.com/GoogleChrome  instead of www.google.com/chrome, which is the real site.  Protect yourself by looking at the address and see if it matches the company that produced the application.

 

Another way they trick you is to create a pop up on another site that says you need to download something.  If a pop up comes up that says you need to download something, close it and go to the site by typing the address in the address bar.  For example to get Adobe Flash player you would go to: www.adobe.com/flash

flash-player

In the example below they trick you in to going to their site and putting in your username and password.  What they then do, is take control of your email and then go to sites like Amazon and PayPal and try to empty your accounts.  Even if you have different passwords to those sites, they’ll just use the password reset links to reset your passwords on those sites.

OutlookWebAccessScam

walmart-order

In this one they create an email about a phony order and make it seem like you’re going to lose money.  If you go to the site, they will ask for your credit card number “to credit your account” but once they have it, they will use it to buy some stuff of their own – usually months later because they know that for that month you will be checking your statement for the phony Walmart charge.  Here again, if you hover over the link, you will see that it doesn’t take you to Walmart.com where you would expect it to go if it was legitimate.

your-password-is-incorrect

This one takes advantage of people using the same password for every site.  The site will say something “the first 200 people to register will win an iPad” or something like that.  You register by putting in your email address and creating a password.  They then try your email address and password on other sites to see if you used the same one.

 

Migrating to new server drive

In this post I’ll show how to add space to a RAID array and migrate data to an iSCSI volume so that the RAID array can be deleted and created.  On a really small scale you could just ad an external hard drive as the swing space, but in my case I didn’t have an external drive that large.

Here are the basic steps:

  1. Create an iSCSI volume on a SAN
  2. configure an iSCSI initiator on the server to connect to the SAN
  3. add the volume as a disk on the server
  4. copy all the data to the SAN
  5. share the iSCSI volume to the users
  6. physically add another hard drive
  7. reconfigure the RAID array
  8. copy the data back to the local drives
  9. share the local volume to the users

If you were doing this with an external hard drive, you would just skip the iSCSI and SAN items.

Here is a look at the drive configuration in side the HP Proliant DL120 G6.  The built in controller only supports 2 logical drives and to expand a RAID 0 array, you have to delete the logical drive and create a new one.  I’m starting with a single 2TB drive and want to add a second 2TB drive in a RAID 0 configuration so that I’ll have a new 4TB volume.

array-before-adding-drive

First you need to create a volume on the SAN.  I’m using a Dell Equallogic SAN.  Simply create the volume as big as you need.

SAN-volume

 

After that it’s important to set access to the volume so that your iSCSI initiator can get to it and nothing else.  I’m using the IP address for simplicity sake.  If this were going to be for something more long term, I would use CHAP.

SAN-access-control

 

With the volume on the SAN created, it’s time to connect to it from the server.  Launch the iSCSI initiator.  The tabs are note really set up in the order that you use them.  First go to the discovery tab and add the IP address of the SAN.

iscsi-discovery

 

Then go to the target tab, highlight the connection and click the connect button.

iscsi-connect

 

Then you can go over to the Volumes and Devices Tab and add it as a drive.

iscsi-add-drive

You can close the iSCSI initiator and open up Computer Management and go to Disk Management under Storage.  You’ll see the drive, but it will be offline.  Just right click it to bring it online.  From there, initialize it, and format it.

set-drive-online

With the drive formatted, it’s ready for data to be copied.  I used a robocopy command for this.
echo Copying projects from drive to drive
rem /E for copying sub directories, even empty ones
rem /COPY:DATSOU (copyflags : D=Data, A=Attributes, T=Timestamps (S=Security=NTFS ACLs, O=Owner info, U=aUditing info).
rem /R:1 retry once
rem /W:30 wait 30 seconds between retries
rem /NP don't display percentage copied

robocopy b:\vol2 d:\vol2 /E /COPY:DATSOU /R:1 /W:30 /NP C:\temp\robocopy-b2d.log

The advantage of using robocopy like this is that it will copy the files with permissions from one volume to the next. If the file is already there, it won’t copy it again. This doesn’t matter the first time it’s run, but you can make a second pass that will check all the files and only copy the ones it missed or new files. On the 2TB volume I was working on, it took 12 hours for the first copy. It only took 30 minutes for the second pass to run and verify everything.

After a second pass of the batch file to make sure all the files were copied (check the log file to do this) the next step was to stop sharing the original volume, and share the new one.   Check the permissions on the share and make sure the users mapped drives aren’t having any problems connecting.  Once you have double and triple checked that, it’s time to delete the logical drive from the server’s controller.  In the HP Array Manager, find the logical drive and click delete.

delete-logical-drive

 

Next you can power down the server and physically add the new drive.  You could actually do this step first if you started out onside and were going to do the rest remotely.  When the server boots back up, go in to the array manager and you’ll see your new drive as unassigned.

create-array

 

 

 

create-array-select-drives

 

HP does this backwards from how the typical Dell controllers do things.  First you create the array as above, and then you create the logical drives.

create-array4

 

AFTER you create the logical drives, you set the RAID level.   On most other controllers, you select the RAID level you would like and it makes you pick the drives you want to add to the array and disables the RAID levels that are not possible with the drives you have.  On this controller, your only options are RAID 0 and RAID 1.  This particular server is an archive server with data that doesn’t change much and is backed up regularly, but cheap storage space is needed, so RAID 0  is what I’m selecting.  Please note, if this were a server that need a recovery time objective of less than 24 hours, RAID 0 would be a very bad idea.

create-array3

 

 

With the logical drive created, I can now see my drive in the HP Array manager.

create-array4

The same way we brought the iSCSI drive online, initialized, and formatted above, we do that for the new logical drive.

initialize-disk

 

 

Since this drive is now over 2TB, the GPT partition style has to be selected.

initialize-disk2

 

Assign it a drive letter to finish that step.

new-drive-created

At this point you can use the robocopy batch file with the drive letters reversed to copy your data back.  Once that is done, you’ll have to stop sharing the iSCSI volume and share the logical volume as above.  When that process is complete, the only thing left is to remove the iSCSI disk and initiator settings.

delete-iscsi

 

Next, set it offline.

delete-iscsi2

 

Then go over to the iSCSI initiator, and disconnect from the SAN.

delete-iscsi3

 

Then remove the target.

delete-iscsi4

 

Once that is done you can go over to your SAN and delete the volume there and you’re done.

2013 Big Events in IT

It’s that time of year when everyone takes a look back at the last year and starts thinking about the next year.  Here’s a look at what I think the top three IT events were for small businesses.

1. The Cryptolocker virus

2. Microsoft announced Windows XP support will end April 2014

3. The Target credit card breach

What made these big events of 2013?

The Cryptolocker virus was a game changer because for the first time we saw a virus that holds your files ransom. (more details: http://extramile-tech.com/warning-cryptolocker-virus-make-sure-you-have-good-backups/) In addition to encrypting files on your local computer, it will also search out external hard drives and network drives.  For this reason alone, businesses should consider an alternate media for backup such as tape or online backup.

Originally Microsoft was supposed to end support for Windows XP April 14th of 2009, but push back from businesses forced Microsoft to extend support for years.  This year Microsoft said the end of support date of April 8th, 2014 will not be extended.  Early in 2013 more than half of businesses still had Windows XP deployed, so it was a big year for migrations.

The Target credit card breach made headlines due to the number of people involved.  What most people don’t realize is that restaurants are the number one choice for criminals to steal credit card numbers.  The surprising thing is that it’s not the sketchy looking waiter that is the criminal.  Hackers focus on restaurants because they are easy targets.  They have lots of credit transactions and typically have weak security surrounding their computer system. Small businesses are the number two choice for hackers.

If you want to discuss the health of your network and your 2014 plans, please give me a call.

WARNING – cryptolocker virus – make sure you have good backups

There have been lots of false computer virus warnings (hoaxes) through the years, so whenever a friend forwards you a warning it’s a good idea to check it out.  snopes.com does a great job of this. In this case the virus warning is real and you can verify that here:

http://www.snopes.com/computer/virus/cryptolocker.asp

 

In this case, the virus is real and is bad enough that I’m warning everyone so you can try to be more careful on your home computers.  If you have a business, you should also make sure your backup system is working, but there are other things we can do to protect your network.  For more information, please contact me.

 

What the cryptolocker virus does is encrypts all your files. (photos, documents, etc.) Then it asks you to pay about $300 for the password to decrypt them.  You have 36 hours to do it or they walk away.  What makes this virus different than other viruses, is even professionals can’t get the files back without cleaning up after the virus and then restoring your files from backup.

cryptolocker

With that said, I strongly recommend an online backup for home users.   One is: http://www.carbonite.com/online-backup   If you are backing up to a USB hard drive, this virus searches for drives and even network drives and encrypts those files as well.

 

This virus infects computers by tricking users to open an attachment to an email.  They trick you by sending you an email that says something like there was a suspicious charge made to your credit card and if you would like to dispute the charge, you should open the attachment.  Don’t open attachments in emails that you weren’t expecting.  If you have any doubts, please don’t open it.

 

The second way this virus has been infecting computers is through what’s called a “drive by download.”  Basically the virus writers will buy ad space on legitimate websites (Syracuse.com had this problem some years ago) and when your computer goes there it will search for an old version of java.  So even if you have the latest version of java installed, if you left an old version behind, it will look for the old one with the vulnerability and try to infect your machine.  I would recommend going to control panel -> programs and features look for java and uninstall any version older than Version 7 update 45. (as of 10/24/2013 this is the current version.)  If you’re unsure just uninstall all versions of java.

Edit: You can now go to java.com and check to see if you have java installed AND check for old versions.  Just go to:

http://java.com/en/download/installed.jsp

When that page loads, click on the button that says “Verify Java version”

doIhaveJava

You may be prompted with a confirmation to run Java.  This is expected, so click “Run.”

runapp

If you have the current version, you will get a message like the one below.  Don’t stop there.  Click the link that says “checking for old versions of Java and removing them using the Java uninstall tool.”

check-old-versions

Hopefully you’ll get a message like the one below saying that everything is current.  If there are old versions, follow the instructions on removing them.

no-old-versions

Between keeping your system up to date, and making sure you have a good backup of your system, you should have a reasonable amount of protection and safety from losing your important files to this virus.

 

head-shoulders-extramile
Mike Davis
mdd-headshot