Monday 27 October 2014

Apple: Eject a Stuck CD/DVD from a MacBook


Here are a few methods that you may try to eject the CD/DVD:
1. Launch the Terminal and type the following at the command line:
drutil eject

2. Reboot the MacBook and hold down the mouse/trackpad button as the Mac boots.

3. Turn the MacBook on its side, CD/DVD drive pointing down, and shake, the CD should pop out.

4. If a DVD is completely stuck in the MacBook drive and it’s still spinning, you can also try this trick: get a small piece of thin cardboard (business card or a credit card works fine too) and insert it above the stuck DVD and press down slightly to stop the disk from spinning, now reboot the MacBook while holding down the trackpad button and you should hear the familiar eject sound, then disk should come right out. Be careful not to damage the disk or your drive though!


Reference:
Eject a stuck CD/DVD from your MacBook Pro
http://osxdaily.com/2010/04/08/eject-a-stuck-dvd-from-your-macbook/

Thursday 23 October 2014

Microsoft: System Center Configuration Manager ( SCCM ) Logs

The client logs are located in the %WINDIR%\System32\CCM\Logs folder or %WINDIR%\SysWOW64\CCM\Logs (for x64 OS).

The SCCM server log files are located in the <INSTALL_PATH>\Logs or SMS_CCM\Logs folder.

IIS logs can be found in %WINDIR%\System32\logfiles\W3SVC1 folder.

You can use Trace32.exe found in the Sccm2007 Toolkit, to interpret the logs easily (errors in Red, warnings in Yellow).

<< Client Log Files >>
* CAS - Content Access Service. Maintains the local package cache.
* Ccmexec.log - Records activities of the client and the SMS Agent Host service.
* CertificateMaintenance.log - Maintains certificates for Active Directory directory service and management points.
* ClientIDManagerStartup.log - Creates and maintains the client GUID.
* ClientLocation.log - Site assignment tasks.
* ContentTransferManager.log - Schedules the Background Intelligent Transfer Service (BITS) or the Server Message Block (SMB) to download or to access SMS packages.
* DataTransferService.log - Records all BITS communication for policy or package access.
* Execmgr.log - Records advertisements that run.
* FileBITS.log - Records all SMB package access tasks.
* Fsinvprovider.log (renamed to FileSystemFile.log in all SMS 2003 Service Packs) - Windows Management Instrumentation (WMI) provider for software inventory and file collection.
* InventoryAgent.log - Creates discovery data records (DDRs) and hardware and software inventory records.
* LocationServices.log - Finds management points and distribution points.
* Mifprovider.log - The WMI provider for .MIF files.
* Mtrmgr.log - Monitors all software metering processes.
* PolicyAgent.log - Requests policies by using the Data Transfer service.
* PolicyAgentProvider.log - Records policy changes.
* PolicyEvaluator.log - Records new policy settings.
* Remctrl.log - Logs when the remote control component (WUSER32) starts.
* Scheduler.log - Records schedule tasks for all client operations.
* Smscliui.log - Records usage of the Systems Management tool in Control Panel.
* StatusAgent.log - Logs status messages that are created by the client components.
* SWMTRReportGen.log - Generates a usage data report that is collected by the metering agent. (This data is logged in Mtrmgr.log.)


<< Server Log Files >>
* Ccm.log - Client Configuration Manager tasks.
* Cidm.log - Records changes to the client settings by the Client Install Data Manager (CIDM).
* Colleval.log - Logs when collections are created, changed, and deleted by the Collection Evaluator.
* Compsumm.log - Records Component Status Summarizer tasks.
* Cscnfsvc.log - Records Courier Sender confirmation service tasks.
* Dataldr.log - Processes Management Information Format (MIF) files and hardware inventory in the Configuration Manager 2007 database.
* Ddm.log - Saves DDR information to the Configuration Manager 2007 database by the Discovery Data Manager.
* Despool.log - Records incoming site-to-site communication transfers.
* Distmgr.log - Records package creation, compression, delta replication, and information updates.
* Hman.log - Records site configuration changes, and publishes site information in Active Directory Domain Services.
* Inboxast.log - Records files that are moved from the management point to the corresponding SMS\INBOXES folder.
* Inboxmgr.log - Records file maintenance.
* Invproc.log - Records the processing of delta MIF files for the Dataloader component from client inventory files.
* Mpcontrol.log - Records the registration of the management point with WINS. Records the availability of the management point every 10 minutes.
* Mpfdm.log - Management point component that moves client files to the corresponding SMS\INBOXES folder.
* MPMSI.log - Management point .msi installation log.
* MPSetup.log - Records the management point installation wrapper process.
* Ntsvrdis.log - Configuration Manager 2007 server discovery.
* Offermgr.log - Records advertisement updates.
* Offersum.log - Records summarization of advertisement status messages.
* Policypv.log - Records updates to the client policies to reflect changes to client settings or advertisements.
* Replmgr.log - Records the replication of files between the site server components and the Scheduler component.
* Rsetup.log - Reporting point setup log.
* Sched.log - Records site-to-site job and package replication.
* Sender.log - Records files that are sent to other child and parent sites.
* Sinvproc.log - Records client software inventory data processing to the site database in Microsoft SQL Server.
* Sitecomp.log - Records maintenance of the installed site components.
* Sitectrl.log - Records site setting changes to the Sitectrl.ct0 file.
* Sitestat.log - Records the monitoring process of all site systems.
* Smsdbmon.log - Records database changes.
* Smsexec.log - Records processing of all site server component threads.
* Smsprov.log - Records WMI provider access to the site database.
* SMSReportingInstall.log - Records the Reporting Point installation. This component starts the installation tasks and processes configuration changes.
* SMSSHVSetup.log - Records the success or failure (with failure reason) of installing the System Health Validator point.
* Srvacct.log - Records the maintenance of accounts when the site uses standard security.
* Statmgr.log - Writes all status messages to the database.
* Swmproc.log - Processes metering files and maintains settings.


<< Admin Console Log Files >>
* RepairWizard.log - Records errors, warnings, and information about the process of running the Repair Wizard.
* ResourceExplorer.log - Records errors, warnings, and information about running the Resource Explorer.
* SMSAdminUI.log - Records the local Configuration Manager 2007 console tasks when you connect to Configuration Manager 2007 sites.


<< Management Point Log Files >>
* MP_Ddr.log - Records the conversion of XML.ddr records from clients, and copies them to the site server.
* MP_GetAuth.log - Records the status of the site management points.
* MP_GetPolicy.log - Records policy information.
* MP_Hinv.log - Converts XML hardware inventory records from clients and copies the files to the site server.
* MP_Location.log - Records location manager tasks.
* MP_Policy.log - Records policy communication.
* MP_Relay.log - Copies files that are collected from the client.
* MP_Retry.log - Records the hardware inventory retry processes.
* MP_Sinv.log - Converts XML hardware inventory records from clients and copies them to the site server.
* MP_Status.log - Converts XML.svf status message files from clients and copies them to the site server.


<< Mobile Device Management Log Files >>
* DmClientHealth.log - Records the GUIDs of all the mobile device clients that are communicating with the Device Management Point.
* DmClientRegistration.log - Records registration requests from and responses to the mobile device client in Native mode.
* DmpDatastore.log - Records all the site database connections and queries made by the Device Management Point.
* DmpDiscovery.log - Records all the discovery data from the mobile device clients on the Device Management Point.
* DmpFileCollection.log - Records mobile device file collection data from mobile device clients on the Device Management Point.
* DmpHardware.log - Records hardware inventory data from mobile device clients on the Device Management Point.
* DmpIsapi.log - Records mobile device communication data from device clients on the Device Management Point.
* dmpMSI.log - Records the MSI data for Device Management Point setup.
* DMPSetup.log - Records the mobile device management setup process.
* DmpSoftware.log - Records mobile device software distribution data from mobile device clients on the Device Management Point.
* DmpStatus.log - Records mobile device status messages data from mobile device clients on the Device Management Point.
* FspIsapi.log - Records Fallback Status Point communication data from mobile device clients and client computers on the Fallback Status Point.


<< Mobile Device Client Log Files >>
* DmCertEnroll.log - Records certificate enrollment data on mobile device clients.
* DMCertResp.htm (in \temp) - Records HTML response from the certificate server when the mobile device Enroller program requests a client authentication certificate on mobile device clients.
* DmClientSetup.log - Records client setup data on mobile device clients.
* DmClientXfer.log - Records client transfer data for Windows Mobile Device Center and ActiveSync deployments.
* DmCommonInstaller.log - Records client transfer file installation for setting up mobile device client transfer files on client computers.
* DmInstaller.log - Records whether DMInstaller correctly calls DmClientSetup and whether DmClientSetup exits with success or failure on mobile device clients.
* DmInvExtension.log - Records Inventory Extension file installation for setting up Inventory Extension files on client computers.
* DmSvc.log - Records mobile device management service data on mobile device clients.


<< Operating System Deployment Log Files >>
* CCMSetup.log - Provides information about client-based operating system actions.
* CreateTSMedia.log - Provides information about task sequence media when it is created. This log is generated on the computer running the Configuration Manager 2007 administrator console.
* DriverCatalog.log - Provides information about device drivers that have been imported into the driver catalog.
* MP_ClientIDManager.log - Provides information about the Configuration Manager 2007 management point when it responds to Configuration Manager 2007 client ID requests from boot media or PXE. This log is generated on the Configuration Manager 2007 management point.
* MP_DriverManager.log - Provides information about the Configuration Manager 2007 management point when it responds to a request from the Auto Apply Driver task sequence action. This log is generated on the Configuration Manager 2007 management point.
* MP_Location.log - Provides information about the Configuration Manager 2007 management point when it responds to request state store or release state store requests from the state migration point. This log is generated on the Configuration Manager 2007 management point.
* Pxecontrol.log - Provides information about the PXE Control Manager.
* PXEMsi.log - Provides information about the PXE service point and is generated when the PXE service point site server has been created.
* PXESetup.log - Provides information about the PXE service point and is generated when the PXE service point site server has been created.
* Setupact.log Setupapi.log Setuperr.log Provide information about Windows Sysprep and setup logs.
* SmpIsapi.log - Provides information about the state migration point Configuration Manager 2007 client request responses.
* Smpmgr.log - Provides information about the results of state migration point health checks and configuration changes.
* SmpMSI.log - Provides information about the state migration point and is generated when the state migration point site server has been created.
* Smsprov.log - Provides information about the SMS provider.
* Smspxe.log - Provides information about the Configuration Manager 2007 PXE service point.
* SMSSMPSetup.log - Provides information about the state migration point and is generated when the state migration point site server has been created.
* Smsts.log - General location for all operating system deployment and task sequence log events.
* TaskSequenceProvider.log - Provides information about task sequences when they are imported, exported, or edited.
* USMT Log loadstate.log - Provides information about the User State Migration Tool (USMT) regarding the restore of user state data.
* USMT Log scanstate.log - Provides information about the USMT regarding the capture of user state data.


<< Network Access Protection Log Files >>
* Ccmcca.log - Logs the processing of compliance evaluation based on Configuration Manager NAP policy processing and contains the processing of remediation for each software update required for compliance.
* CIAgent.log - Tracks the process of remediation and compliance. However, the software updates log file, *Updateshandler.log - provides more informative details on installing the software updates required for compliance.
* locationservices.log - Used by other Configuration Manager features (for example, information about the client’s assigned site) but also contains information specific to Network Access Protection when the client is in remediation. It records the names of the required remediation servers (management point, software update point, and distribution points that host content required for compliance), which are also sent in the client statement of health.
* SDMAgent.log - Shared with the Configuration Manager feature desired configuration management and contains the tracking process of remediation and compliance. However, the software updates log file, Updateshandler.log, provides more informative details about installing the software updates required for compliance.
* SMSSha.log - The main log file for the Configuration Manager Network Access Protection client and contains a merged statement of health information from the two Configuration Manager components: location services (LS) and the configuration compliance agent (CCA). This log file also contains information about the interactions between the Configuration Manager System Health Agent and the operating system NAP agent, and also between the Configuration Manager System Health Agent and both the configuration compliance agent and the location services. It provides information about whether the NAP agent successfully initialized, the statement of health data, and the statement of health response.


<< System Health Validator Point Log Files >>
* Ccmperf.log -Contains information about the initialization of the System Health Validator point performance counters.
* SmsSHV.log - The main log file for the System Health Validator point; logs the basic operations of the System Health Validator service, such as the initialization progress.
* SmsSHVADCacheClient.log - Contains information about retrieving Configuration Manager health state references from Active Directory Domain Services.
* SmsSHVCacheStore.log - Contains information about the cache store used to hold the Configuration Manager NAP health state references retrieved from Active Directory Domain Services, such as reading from the store and purging entries from the local cache store file. The cache store is not configurable.
* SmsSHVRegistrySettings.log - Records any dynamic changes to the System Health Validator component configuration while the service is running.
* SmsSHVQuarValidator.log - Records client statement of health information and processing operations. To obtain full information, change the registry key LogLevel from 1 to 0 in the following location:HKLM\SOFTWARE\Microsoft\SMSSHV\Logging\@GLOBAL


<< Desired Configuration Management Log Files >>
* ciagent.log - Provides information about downloading, storing, and accessing assigned configuration baselines.
* dcmagent.log - Provides high-level information about the evaluation of assigned configuration baselines and desired configuration management processes.
* discovery.log - Provides detailed information about the Service Modeling Language (SML) processes.
* sdmagent.log - Provides information about downloading, storing, and accessing configuration item content.
* sdmdiscagent.log - Provides high-level information about the evaluation process for the objects and settings configured in the referenced configuration items.


<< Wake On LAN Log Files >>
* Wolmgr.log - Contains information about wake-up procedures such as when to wake up advertisements or deployments that are configured for Wake On LAN.
* WolCmgr.log - Contains information about which clients need to be sent wake-up packets, the number of wake-up packets sent, and the number of wake-up packets retried.


<< Software Updates Site Server Log Files >>
* ciamgr.log - Provides information about the addition, deletion, and modification of software update configuration items.
* distmgr.log - Provides information about the replication of software update deployment packages.
* objreplmgr.log - Provides information about the replication of software updates notification files from a parent to child sites.
* PatchDownloader.log - Provides information about the process for downloading software updates from the update source specified in the software updates metadata to the download destination on the site server.
* replmgr.log - Provides information about the process for replicating files between sites.
* smsdbmon.log - Provides information about when software update configuration items are inserted, updated, or deleted from the site server database and creates notification files for software updates components.
* SUPSetup - Provides information about the software update point installation. When the software update point installation completes, Installation was successful is written to this log file.
* WCM.log - Provides information about the software update point configuration and connecting to the Windows Server Update Services (WSUS) server for subscribed update categories, classifications, and languages.
* WSUSCtrl.log - Provides information about the configuration, database connectivity, and health of the WSUS server for the site.
* wsyncmgr.log -Provides information about the software updates synchronization process.


<< WSUS Server Log Files >>
* Change.log - Provides information about the WSUS server database information that has changed.
* SoftwareDistribution.log - Provides information about the software updates that are synchronized from the configured update source to the WSUS server database.


<< Software Updates Client Computer Log Files >>
* CAS.log - Provides information about the process of downloading software updates to the local cache and cache management.
* CIAgent.log - Provides information about processing configuration items, including software updates.
* LocationServices.log - Provides information about the location of the WSUS server when a scan is initiated on the client.
* PatchDownloader.log - Provides information about the process for downloading software updates from the update source to the download destination on the site server. This log is only on the client computer configured as the synchronization host for the Inventory Tool for Microsoft Updates.
* PolicyAgent.log - Provides information about the process for downloading, compiling, and deleting policies on client computers.
* PolicyEvaluator - Provides information about the process for evaluating policies on client computers, including policies from software updates.
* RebootCoordinator.log - Provides information about the process for coordinating system restarts on client computers after software update installations.
* ScanAgent.log - Provides information about the scan requests for software updates, what tool is requested for the scan, the WSUS location, and so on.
* ScanWrapper - Provides information about the prerequisite checks and the scan process initialization for the Inventory Tool for Microsoft Updates on Systems Management Server (SMS) 2003 clients.
* SdmAgent.log - Provides information about the process for verifying and decompressing packages that contain configuration item information for software updates.
* ServiceWindowManager.log - Provides information about the process for evaluating configured maintenance windows.
* smscliUI.log - Provides information about the Configuration Manager Control Panel user interactions, such as initiating a Software Updates Scan Cycle from the Configuration Manager Properties dialog box, opening the Program Download Monitor, and so on.
* SmsWusHandler - Provides information about the scan process for the Inventory Tool for Microsoft Updates on SMS 2003 client computers.
* StateMessage.log - Provides information about when software updates state messages are created and sent to the management point.
* UpdatesDeployment.log - Provides information about the deployment on the client, including software update activation, evaluation, and enforcement. Verbose logging shows additional information about the interaction with the client user interface.
* UpdatesHandler.log - Provides information about software update compliance scanning and about the download and installation of software updates on the client.
* UpdatesStore.log - Provides information about the compliance status for the software updates that were assessed during the compliance scan cycle.
* WUAHandler.log - Provides information about when the Windows Update Agent on the client searches for software updates.
* WUSSyncXML.log - Provides information about the Inventory Tool for the Microsoft Updates synchronization process. This log is only on the client computer configured as the synchronization host for the Inventory Tool for Microsoft Updates.


<< Windows Update Agent Log File >>
* WindowsUpdate.log - Provides information about when the Windows Update Agent connects to the WSUS server and retrieves the software updates for compliance assessment and whether there are updates to the agent components.


Reference:
SCCM Logs
http://www.windows-noob.com/forums/index.php?/topic/1105-sccm-logs/

Wednesday 22 October 2014

IT Technology: Kroll Ontrack

Kroll Ontrack provides technology-driven services and software to help legal, corporate and government entities as well as consumers manage, recover, search, analyze, and produce data efficiently and cost-effectively. In addition to its award-winning suite of software, Kroll Ontrack provides data recovery, data destruction, electronic discovery and document review.

With cleanroom facilities worldwide, engineering expertise in every major global region and 25 years of experience under our belt, you can count on Kroll Ontrack for all your data recovery, restoration and destruction needs.
** Data Recovery Services and Software: Recover data located on tapes, hard drives, mobile devices, virtual environments, operating systems or myriad other storage devices through in-lab, remote and do-it-yourself capabilities
** Data Eraser Services and Software: Permanently erase all traces of information from media and protect sensitive information before disposal with do-it-yourself eraser software and data destruction services
** Ontrack® PowerControls Software: Search, collect, recover, restore and manage data efficiently in either Microsoft® Exchange Server or Microsoft® Office SharePoint® Server environments


Reference:
Overview
http://www.krollontrack.com/company/overview/

Microsoft: Disable New Mail Desktop Alert for A Specific Account

There is not a direct setting for this in Outlook, but you can achieve this by disabling the generic option to display the New Mail Desktop Alert and then create a rule to display it again when mail arrives via your specified account(s).

<< Disabling New Mail Desktop Alert >>
As said, the first step of the process is to disable the generic option to always display the New Mail Desktop Alert.

** Outlook 2003 and Outlook 2007 **
Tools-> Options…-> button: E-mail Options…-> button: Advanced E-mail Options…-> option: Display a New Mail Desktop Alert

** Outlook 2010 and Outlook 2013 **
File-> Options-> Mail-> section: Message arrival-> option: Display a Desktop Alert

<< Creating a New Mail Desktop Alert rule for specific accounts >>
The next step is to create a rule to display the New Mail Desktop Alert again but only for the accounts that you select.
1.  Open the Rules and Alerts dialog;
** Outlook 2003 and Outlook 2007 **
Tools-> Rules and Alerts… (press OK if you get an HTTP warning)
** Outlook 2010 and Outlook 2013 **
File->  button: Manage Rules & Alerts
2.  When you see the “Apply changes to this folder” drop down list at the top, make sure that the account which you want to exclude is selected here.
3.  Button New Rule…
4.  Select “Start from a blank rule” and verify that “Check messages when they arrive” or “Apply rule on message I receive” is selected.
5.  Press Next to go to the Conditions screen.
6.  Verify that no condition is selected and press Next.
7.  A warning will pop-up stating that this rule will apply to all messages. Press “Yes” to indicate that that is correct.
8.  Select the action “display a Desktop Alert”.
9.  Press Next.
10. Press Finish to complete the rule.


Reference:
Disable New Mail Desktop Alert for specific accounts
http://www.msoutlook.info/question/798

Friday 17 October 2014

Microsoft: Reset TCP/IP on Windows

The steps below allow you to reset the TCP/IP on Windows:
1.  To open a command prompt, click Start and then type cmd in the Search programs and files box.
2.  Under Programs, right-click the CMD.exe icon, and then click Run as administrator.
3.  When the User Account Control box appears, click Yes.
4.  At the command prompt, enter the following command, and then press Enter:
     netsh int ip reset c:\resetlog.txt
     Note If you don't want to specify a directory path for the log file, run the following command           instead:
     netsh int ip reset resetlog.txt
5.  Restart the computer.


Reference:
How to reset TCP/IP by using the NetShell utility
http://support.microsoft.com/kb/299357

IT Technology: POODLE Security Vulnerability Breaks SSLv3 Secure Browsing

<< Overview >>
When you access high profile sites and services such as your bank, Twitter or Google you typically access sites using https:// or a feature called SSL (secure sockets layer) but a new security defect could break that open. SSL or TLS (Transport Layer Security) provides encryption to protect your information from being intercepted, spied upon or modified by attackers in between you and the service provider. This widely used technology is what prevents someone sat next you in Starbucks from watching your transactions as you access your Internet banking and is also frequently used when accessing your e-mail account to stop your username and password disappearing in to the hands of cyber criminals. Simply put SSL is a core component of security, privacy and trust on the Internet. Great though all that sounds unfortunately many sites still fail to adhere to best practice and many don’t implement these security features at all leaving information open to interception. Even those which do try to do the right thing can have significant setbacks due to implementation failures or security vulnerabilities. That is precisely what has happened with the new, cutely named, but very nasty POODLE vulnerability.

SSL has a number of different versions and which you support is important from a security standpoint. Backwards compatibility with older versions can get you in real trouble and you can see a wonderfully detailed breakout of the features of each version and timelines here. The POODLE vulnerability impacts SSL version 3 and under the right conditions would allow an attacker to gain access to information that would let them take over your account. For example, the flaw may enable an attacker to gain access to session tokens or credentials so they can hijack the identify of another user. The vulnerability, discovered by Google security researchers Thai Duong, Bodo Moller and Krzysztof Kotowiczis is fully outlined in this paper and makes interesting reading. Geeky bit: the attack is essentially an oracle padding attack in CBC (cipher block chaining which uses output of previous blocks as input to the next block processing to prevent duplicate blocks of data producing identical cipher text blocks) mode ciphers in SSLv3.

For the attack to work the attacker must be on the same wireless network (or in the path of your communications) and your client must be running Javascript (such as in a web browser) which makes the attack less all out serious than vulnerabilities like Heartbleed. This attack is effective against clients (as opposed to servers like with Heartbleed or Shellshocked) and so is of the greatest concern to users browsing on wireless hotspots where others may be listening but is sufficiently serious that Twitter has announced they have entirely disabled SSLv3.

<< What you should do >>
You may be able to force your browser to disable SSL version 3. The methods vary, but for example in Firefox you can type the special URL about:config and change the setting security.tls.version.min to 1:

Some browsers allow you to do this where others like Safari can pose quite a challenge. A more complete fix is on the way (for those that want to read more check out  TLS_FALLBACK_SCSV) but for the moment disabling it is a good move. If you want to check if your browser is vulnerable you can try https://www.poodletest.com which shows you a trendy looking poodle if you are open to the attack. Using a VPN client to protect all your network traffic on open networks will also prevent attackers launching the attack (as long as it is not an SSL VPN that uses SSLv3).

If you are a business and host services there are steps you can take to prevent your users being attacked too. Users accessing your services from open wireless networks are the most at risk. To mitigate this risk you can simply disable SSLv3 in favour of more recent standards such as TLS1, 1.1 or 1.2. Unfortunately some platforms and operating systems do not support the more recent standards. Older versions of Internet Explorer (such as the one in the older, no longer supported but still regrettably widely used Windows XP) only support SSLv3 as is the case for numerous other apps and pieces of software. If you are in the position of using software that only supports these standards you should undoubtedly look at upgrading, not just because of this vulnerability but because that software most likely has other serious defects too. If you run a web server and want to make sure you have your transport security ducks in a row you can check out this guide or you can check how your site scores using this neat tool.

This defect certainly is not another Heartbleed (as undoubtedly it will shortly be dubbed) but it is a failure in widely used technology that is a key component of your security.


Reference:
POODLE Security Vulnerability Breaks SSLv3 Secure Browsing
http://www.forbes.com/sites/jameslyne/2014/10/15/poodle-security-vulnerability-breaks-sslv3-secure-browsing/

Apple: OS X Yosemite Review

Macs and iPhones finally speak the same language.

I can begin replying to an email on my phone, then walk over to my laptop and finish it off there. While my phone charges on my nightstand, I can pick up calls from my mom with a mouse click at my desk. And when someone texts me a photo, it’s already on my laptop, where I can quickly jazz it up in Photoshop then tweet it.

With the Thursday release of the Mac’s free OS X Yosemite update, Apple is finally getting its devices to behave like a real, happy family—a family that not only talks to each other but even looks very much alike. The Mac operating system has acquired apps and features from iOS—and vice versa—over the past few years, but this is the biggest leap toward each other yet.

The advantage is so big that if you are an iPhone or iPad owner but don’t have a Mac, Yosemite might get you to consider buying one. It makes living in Apple’s ecosystem harder to resist. But before you fall into the Apple trap, keep in mind that there are still plenty of reasons to play with Google (and even Microsoft ) on a Mac or iPhone.


<< An iOS-Inspired Face-Lift >>
Late one night, Jony Ive, Apple’s design chief, threw on the “White Album,” took out a bucket of translucent primer, mixed it together with some of his rainbow-colored iOS paint and tossed it at the computer screen. At least, that’s how I imagine the Mac operating system got its new look.

There are traces of iPhone and iPad design everywhere you look. Icons have been revamped to look flatter and more modern. The edges of windows are translucent so you can see what’s behind them. The red, yellow and green window-position buttons look like a futuristic traffic light. Even the notification pane now has a “Today” view that is identical to the iPhone’s.

If you’ve not used Macs but are accustomed to iOS, you’ll face a learning curve but should feel pretty comfortable. Unlike Microsoft, Apple continues to focus on an interface that is optimized for navigating with a mouse and keyboard.

If you already are a Mac user, you’ll enjoy the fresh look while still finding everything in the right spot. Yosemite has gotten me to take more advantage of certain OS X tools, starting with Spotlight. Apple’s systemwide search tool now opens in the center of the screen, and its results contain file previews, suggested websites and Apple maps.


<< Apps in Sync >>
Yosemite also has forced me to rethink where I spend my days.

I used to steer away from using Apple’s native apps—Maps, Safari, Mail—preferring Google’s Web apps instead. But because Apple’s apps now sync across devices, I have switched to using Apple’s Mail to manage my Gmail account. Being able to pick up my iPhone’s unfinished emails instantly on my laptop is beyond convenient.

And there’s a new feature that allows you to open a document right in Mail, without switching to another application, sign your name or make some edits and send it right back. I just wish Mail had a better way to filter nonessential messages and clear out my inbox using trackpad swipes.

I’m not as game to shift to the Safari browser from Chrome, however. Yosemite gave Safari slimmer tool bars, a better tab view and an improved search bar that gives you a sneak peek of Wikipedia and map results. But I still find Google’s browser to be faster, and it’s still fairly easy to sync across devices.

The same goes for iCloud Drive. While you can now drag any file to your Drive on a Mac and see those files at iCloud.com, there’s no iPhone or iPad app that shows you all your stuff. You can only access the Drive through apps that recognize it, like Apple’s Pages word-processing app. For now, I’m still more apt to use Google Drive or Microsoft’s OneDrive, which work across iOS and Mac, plus Windows, Android and the Web.


<< Keeping in Touch >>
I am, however, all in on Apple’s iMessage. In Yosemite, the texting app syncs with my iPhone and allows me to sign in to my Google chat. With an iPhone running iOS 8.1, I was even able to receive and send standard-carrier text messages from my computer, and access all the photos my phone has sent or received.

Apple takes this concept of continuous communication even further with phone calls. When my Mac and iPhone are on the same Wi-Fi network and both logged in to my iCloud account, my laptop starts ringing and I can accept or reject the call with just a click. I can also initiate calls. Unfortunately, all of your logged-in devices will ring in unison, not just the one you happen to be with. And you can’t hand off a call from phone to laptop, or vice versa.

Many of Apple’s apps—Safari, Contacts, Calendar, Maps and, of course, Mail—support that close-proximity handoff feature, however, using a combination of Wi-Fi, Bluetooth and iCloud account authentication. I’m able to begin reading an article in Safari on my iPad, for instance, and then pick it right up on my Mac.

And don’t worry that you’ll suddenly get incessant notifications popping up on your computer whenever you start something on your iPhone or iPad. Instead, an icon appears in the dock indicating that you can pick up an activity.

It’s well thought out and simple. I had no problems getting handoffs to work on my office network and a colleague’s home network, but I had mixed results in my home.

Fortunately, all of Yosemite’s extra services don’t cause a drag on the system resources. In my tests on a new MacBook Pro with Retina display and a 2013 MacBook Air, I found battery life and overall performance remained the same with the new OS.

All three computer giants—Apple, Microsoft and Google—are trying to figure out how to create the computing platform of the future by tying together our devices. But unlike the competition, the iPhone, iPad and the Mac are playing to their form factors without requiring compromise, while adopting visual continuity and strong communication they never had before.

The Yosemite and iOS pairing feels like the glue that the others just don’t have right now.


Reference:
OS X Yosemite Review: The Mac Cozies Up to the iPhone
http://online.wsj.com/articles/os-x-yosemite-review-the-mac-cozies-up-to-the-iphone-1413486002

Apple: Apple Unveils New iPads, Macs, Announces Apple Pay Launch Date


Apple on Thursday unveiled the new iPad Mini 3 and iPad Air 2, touting the latter as the "world's thinnest tablet" as the company tries to reverse lackluster demand for tablet computers.

At the event in Cupertino, California, the company also introduced updated operating software and announced that its new mobile payments system, Apple Pay, will launch on Monday.

Phil Schiller, Apple's senior VP of worldwide marketing, said the 6.1-millimeter thick iPad Air 2 features a new anti-reflective coating - a first for a tablet. The iPad Air 2 also features a better camera and faster processor, featuring a new-generation A8X chip.

Schiller said that for the first time on an iPad, you can take time lapse and slo-motion video.

Apple also unveiled a slightly updated iPad Mini 3, which comes in silver, space gray and gold.

The new Mini features a fourth-generation Intel Core processor as well as upgraded Wi-Fi and graphic abilities.

"The Mac Mini hadn't been refreshed for two years," said CNET.com senior writer Shara Tibken. "The device is Apple's most affordable computer, and it has a cult following."

Both the Mini and Air incorporate a Touch ID fingerprint sensor for security, a feature that's been available on iPhones since last year.

Apple said the new iPad Air 2 will sell for $499 and up, and the smaller iPad Mini 3 will start at $399. Pre-orders begin on Friday.

Meanwhile, CEO Tim Cook said 500 banks and many of the largest retailers in the world have agreed to support the Apple Pay digital payment system, which is also available on the new iPhone 6 and 6 Plus. Apple Pay was first announced at the iPhone 6 launch event Sept. 9.

Cook said the new iPhones, which hit the market Sept. 19, were the fastest-selling in Apple's history.

"It's been an incredible year and tremendously busy already," he said. "This is the strongest lineup of products Apple has ever had."

The event featured a speaker-phone cameo by comedian Stephen Colbert, touting Apple's security features.

Craig Federighi, senior VP of Mac Software Engineering, also showed off the new features of iOS 8 and the updated Mac operating system, Yosemite, calling them the "most advanced operating system on the planet."

"What really sets iOS apart is the incredible technologies it puts in the hands of our developers," Federighi said.

Federighi also touted "Continuity" features, which allow users to "start on one device and pick up on another." He illustrated the point by showing the photos he favorited on his iPhone and having them show up automatically on his iPad.

Updates to the Mac computer line were unveiled as well. Schiller announced that the high-resolution Retina 5K display is coming to the iMac, saying Apple has built an "iMac with the most incredible display we've ever made."

Although Apple is normally intensely secretive about its new products -- even imposing a $50 million penalty on vendors who leak information -- a number of details about the new iPads had been widely reported. On Wednesday, Apple prematurely posted photos of the iPad Air 2 and iPad Mini 3 on the iTunes website, then quickly took them down.

Thursday's presentation came a little over a month after Apple introduced its new, larger, thinner iPhone 6 and big-screen iPhone 6 Plus, along with its first wearable, the Apple Watch, at a high-profile media event. The new iPhones quickly set a sales record with more than 10 million units snapped up over the first weekend. The Apple Watch won't be available till early next year.

The technology giant had a lot riding on sales of the new iPhones, which drive most of the company's profits and account for more than half of its revenue. By contrast, sales of iPads have not been as strong. Apple said it sold 13.3 million iPads last quarter, down from the previous year and below Wall Street estimates.

Sales through the first half of the year reflected a 13 percent drop from the same period last year.

Since the iPad's release in 2010, more than 225 million have been sold. But unlike mobile phones, which millions of people rush to upgrade every two years, iPads have not changed as significantly and many owners seem content to stick with the models they already have.

"The industry kind of set its expectations wrong about iPads," Gartner analyst Van Baker told CNET. "Everyone assumed the tablet was kind of like the phone, so the upgrade cycle would be like the phone. That's not true."

Furthermore, increased competition from the Samsung Galaxy Tab, Microsoft Surface, Google Nexus and other tablets has bitten into Apple's market share. While the iPad remains number one, it's seen its dominance slip from 68 percent of the tablet market at beginning of 2012, to about 27 percent last quarter, according to industry analytics firm IDC.

However, Apple's Cook said in July that he remains "bullish" about the future of the iPad, CNET reported. "We still feel the category as a whole is in its early days, and there's still significant innovation that can be brought to the iPad, and we can do that," he said.

Apple may be seeking to broaden the iPad's functionality by incorporating Apple Pay technology which will allow users to make purchases from their device more seamlessly through apps for online shopping.

In the iPhones, the system uses short-distance wireless technology called NFC, or near-field communication, to transmit secure payments to participating retailers. Apple has teamed with financial industry heavyweights including American Express ( AXP), Mastercard (MA) and Visa (V) and says Apple Pay will work at more than 220,000 retailers nationwide, including Walgreens, McDonald's, Disney, Target, Subway, Whole Foods and other major chains.


Reference:
Apple unveils new iPads, Macs, announces Apple Pay launch date
http://www.cbsnews.com/news/ipad-air-ipad-mini-mac-unveiled-at-apple-2014-event/

Thursday 16 October 2014

Microsoft: Microsoft Office for Mac 2011 Patch with Critical Bug Fixes and Security Updates

Microsoft has released Office for Mac 2011 version 14.4.5, which includes critical bug fixes and security improvements. The change notes from Microsoft are below:
"This update fixes critical issues and also helps to improve security. It includes fixes for vulnerabilities that an attacker can use to overwrite the contents of your computer’s memory with malicious code."

The update is recomended for all users of Office 2011, which is the most recently version of the productivity suite for OS X systems.


Reference:
Microsoft releases Office for Mac 2011 patch with critical bug fixes and security updates
http://9to5mac.com/2014/10/14/microsoft-releases-office-for-mac-2011-patch-with-critical-bug-fixes-and-security-updates/

Microsoft: Microsoft's Patch Tuesday Fixes Trio of 'Zero-Day' Flaws


Microsoft issued eight security bulletins on Tuesday that address two dozen vulnerabilities, including a bug reportedly being exploited by Russian hackers to target NATO computers.

Issued as part of its October edition of Patch Tuesday, the updates address vulnerabilities found in all currently supported versions of Windows, Internet Explorer, Office and the .Net framework. Three of the bulletins are rated critical, meaning Microsoft recommends systems administrators apply the patches immediately.

Security researcher FireEye said it identified two of three so-called zero-day bugs -- flaws that are being actively exploited in the wild by hackers -- being used as "part of limited, targeted attacks against some major corporations."

One of the patches addresses a remote code execution flaw in all supported versions of Microsoft Windows and Windows Server 2008 and 2012 that is being exploited in the "Sandworm" cyberattack. The exploit has been used as part of a five-year cyberespionage campaign, according to security iSight, but it is unknown what kind of data has been lifted throughout the Sandworm campaign.

iSight said that a team of hackers previously launched campaigns targeting the US and EU intelligence communities, military establishments, news organizations and defense contractors -- as well as jihadists and rebels in Chechnya. However, focus has turned toward the Ukrainian conflict with Russia, energy industries and political issues concerning Russia based on evidence gleaned from phishing emails.

Microsoft rated the flaw as important rather than critical because it requires a user to open a Microsoft Office file to initiate the code execution.

"A vulnerability exists in Windows OLE that could allow remote code execution if a user opens a file that contains a specially crafted OLE object," Microsoft warned in its bulletin. "An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user." (OLE is Microsoft technology for creating complex documents that contain a combination of text, sound, video and other elements.)

Another zero-day flaw addressed by the update is a privilege escalation vulnerability that "could lead to full access to the affected system," Microsoft said in its bulletin.

A third zero-day bug in Windows rated as critical and patched Tuesday could allow remote code execution when a victim visits opens a document or visits a malicious website that contains embedded TrueType fonts.


Reference:
Microsoft's Patch Tuesday fixes trio of 'zero-day' flaws
http://www.cnet.com/news/microsofts-patch-tuesday-fixes-trio-of-zero-day-flaws/#ftag=CADf328eec

Google: Force SafeSeaerch

SafeSearch Virtual IP address (VIP) will force all users on your network to use SafeSearch on Google Search while still allowing a secure connection via HTTPS. The VIP in SafeSearch VIP refers to a Virtual IP which is an IP address that can be routed internally to multiple Google servers.

When SafeSearch VIP is turned on, teachers and students at your school will see a notification the first time they go to Google; this will let them know that SafeSearch is on.

SafeSearch VIP can be used as part of a comprehensive internet safety policy by schools; this is part of keeping students secure while limiting their access to adult content at school.

Using SafeSearch VIP will not affect other Google services outside of Google Search.

To force SafeSearch for your network, you’ll need to update your DNS configuration. Set the DNS entry for www.google.com to be a CNAME for forcesafesearch.google.com.

Google will serve SafeSearch Search and Image Search results for requests that we receive on this VIP.


Reference:
Block adult content at your school
https://support.google.com/websearch/answer/186669?hl=en

Wednesday 15 October 2014

VMware: Horizon FLEX

VMware Horizon FLEX provides the flexibility IT needs to serve BYO users, Mac users, contractors and road warriors – while ensuring security, control and compliance of the corporate desktop.

<< Features >>
Embrace BYO and Macs
Easily deliver local virtual desktops to Mac and PC users with incredible flexibility.

Simplify desktop management with desktop containers
Entitle, control and secure Windows virtual desktops for your Mac users, contractors and road-warriors.

Work from anywhere, even when disconnected
Get access to a rich desktop experience through our industry leading clients, ensuring productivity even when on the road or disconnected from the network.

Easily manage, backup or patch virtual desktops
Manage, backup or patch Windows virtual desktops using the Mirage for Horizon FLEX layering technology or continue to use your own Windows image management tools.

Reduce costs
Minimize the training needs of your workforce with our streamlined user-experience. Deploying virtual desktops is significantly less expensive than shipping laptops to onboard your new employees or contractors.


Reference:
Horizon FLEX
http://www.vmware.com/products/horizon-flex/

Microsoft: Chrome 37 Update Breaks Exchange Webmail


Chrome 37 no longer supports showModalDialog as of version 37 and I’m hearing reports of odd webmail issues (I manage an Exchange server for my company).

I just verified this on Exchange 2010’s OWA with all the latest patches. Chrome 37’s lack of showModalDialog support means the pop-ups that OWA uses no longer work.  The address book and insert-attachment pop-ups are completely broken this morning for Chrome users. This is easy to recreate. Create a new email and then click on To, CC, or the attachment icon.  Nothing happens.  Google has a statement here about how only .006% of the web uses showModalDialog and why they’re pulling it. What they don’t realize is that its used by an important .006% (a lot of Microsoft products).  Suddenly breaking every implementation of every Microsoft Exchange webmail instance is fairly ridiculous, especially since this wasn’t publicized in a large way, nor did Google work with MS to make sure MS already had patches out to support this change.  Meanwhile, both Firefox and IE work just fine.

Google claims this feature, which stems from the MS dominated IE4 days, was “never formalized” and a “security risk” so they just removed it. While I agree that MS was fast and loose about pushing defacto web standards, I simply can’t agree about being fast and loose about pulling them either.  The comments on that page also claim Dynamics CRM and other products are affected.  I think the age of Chrome as this lightweight friendly browser are over.  Every month seems to bring in another questionable management decision.  I think its time to re-visit Firefox as the “just works” browser and leave the Chrome experiment for a while, especially for business use.  I’m certainly not against change and progressing to only formalized standards. I just think Chrome’s changes can just be managed better and with more notice. Swamping the helpdesk and frustrating end-users shouldn’t be how this stuff is done correctly.


Reference:
Chrome 37 update breaks Exchange webmail.
http://nothingjustworks.com/chrome-37-update-breaks-exchange-webmail/

Apple: AutoCAD for Mac Versions 2014 and Earlier Not Compatible with Mac OSX Yosemite (10.10)


AutoCAD for Mac versions 2014 and earlier are currently not compatible with Mac OSX Yosemite (10.10). Autodesk plans to release service packs for AutoCAD for Mac 2013 and AutoCAD for Mac 2014 that will allow those versions to run on OSX 10.10 (Yosemite).

When the service packs are released (within several weeks after the new OS release) you'll receive notice in the Mac OS Notification Center. Download links and compatibility information are available on the following pages:
•    Operating system compatibility for AutoCAD for Mac
•    Operating system compatibility for AutoCAD LT for Mac
•    Mac OSX 10.10 (Yosemite) compatibility with AutoCAD (LT)

Microsoft: OneDrive Free Upgrade from 3GB to 15GB


Microsoft raises its OneDrive camera roll bonus from 3GB to 15GB for iOS 8 users, providing you enable photo or video backup to OneDrive from the iOS app.

If you’re not an iPhone or iPad user then Microsoft is still upgrading your OneDrive space. Android and Windows Phone users that have already enabled the camera roll backup functionality will be automatically upgraded to 15GB of OneDrive space. If you haven’t enabled the camera backup then you should switch it on quickly to receive 15GB of free OneDrive storage on iOS, Windows Phone and Android.


Reference:
Microsoft plays on iOS 8 issues by doubling free OneDrive space to 30GB
http://www.theverge.com/2014/9/20/6619717/microsoft-free-onedrive-space-30gb

Friday 10 October 2014

Google: Nearly Half of All Android Devices are Vulnerable to Two Serious Browser Exploits


Around 45 percent of Android devices have a browser that is vulnerable to two serious security issues, but some countries have a considerably larger percentage of affected users than others, according to data from mobile security firm Lookout.

The two security issues were discovered over the past month by a security researcher named Rafay Baloch and were described as a privacy disaster by other researchers. They allow an attacker to bypass a core security boundary, called the same-origin policy (SOP), that exists in all browsers.

The SOP prevents scripts from one domain from interacting with data from a different domain. For example, scripts running on a page hosted on domain A should not be able to interact with content loaded on the same page from domain B.

Without that restriction, attackers could create pages that load Facebook, Gmail or some other sensitive sites in an invisible iframe and then trick users into visiting those pages in order to hijack their sessions and read their emails or send Facebook messages, for example.

The SOP bypass vulnerabilities found by Baloch affect Android versions older than 4.4, which according to data from Google are installed on 75 percent of all Android devices that actively visit the Google Play Store. Android 4.4 is not vulnerable because it uses Google Chrome as the default browser instead of the older Android Open Source Project (AOSP) browser.

Google has released patches for the two vulnerabilities through AOSP, which serves as the base for the customized Android firmware installed on devices by manufacturers. The task now falls on device vendors to import those patches and release firmware updates to end users.

However, history has shown that the availability of Android firmware updates varies greatly among manufacturers, different devices from the same manufacturer and even among countries, as local carriers also play a role in the distribution of over-the-air updates.

This is reflected in data about these two vulnerabilities that was collected by Lookout from users of its mobile security products. Overall, “around 45% of Lookout users have a vulnerable version of the AOSP browser installed,” Lookout employees Jeremy Linden and Meghan Kelly said in a blog post. “We believe our userbase offers a good look at how Android users overall are being affected by vulnerabilities such as this one.”

However, a further breakdown of vulnerable device statistics per country paint a different picture. Eighty-one percent of Lookout users in Japan have a vulnerable version of the AOSP browser installed, compared to only 34 percent of users in the U.S. In Spain 73 percent of users are potentially affected, while in the U.K. it’s 51 percent.

These significant differences are probably due to the lower average age of phones in the U.S. and a lower frequency for updates in some countries, Linden and Kelly said.

While Lookout’s data reflects how fragmented the Android ecosystem is, especially when it comes to security patches, it’s worth noting that in this case simply having a vulnerable version of the AOSP browser installed doesn’t implicitly mean that a phone user is at risk. Android users can install and use Chrome, Firefox or some other non-vulnerable browsers instead of the pre-installed AOSP browser.


Reference:
Nearly half of all Android devices are still vulnerable to two serious browser exploits
http://www.pcworld.com/article/2823012/almost-half-of-android-devices-still-have-a-vulnerable-browser-installed.html

Thursday 9 October 2014

IT Technology: Tsunami SYN Flood Attack

<< Overview >>
Radware’s Emergency Response Team (ERT) has detected a brand new technical attack technique that has the potential to challenge a vast majority of current security solutions. Of note, this new type of


<< SYN flood attack >>
• Has been witnessed numerous times in the wild and has been successfully stopped leveraging non-traditional protection mechanisms.

• Has been designed to quickly overwhelm BOTH defenses and systems within seconds.

• Differs from classic SYN flood attacks in three fundamental ways: data is contained within each packet; the length of each packet and thus overall attack size; and the network range involved.


<< Classic SYN Flood Attack >>
The SYN flood is one of the oldest attacks in the textbook yet still a common and dangerous attack even today. The idea behind the attack is that SYN packets – which are easy to generate – consume resources from TCP stacks and stateful devices. Those resources can be consumed quickly and then cause a denial-of-service (DoS). With a SYN flood each packet tries to disguise itself as a legitimate SYN packet and is therefore very small and doesn’t contain data.

Today, mature technologies exist to fight SYN floods. These include 'SYN cookies' which won’t allow SYN requests to consume resources before the handshake is fully made and the client also sends back the third and last 'ACK' packet. Since SYN flood packets are small they commonly cause a DoS to servers and stateful devices even before they reach a high bandwidth and saturate the internet pipe.


<< Tsunami SYN Flood Attack >>
Recently the ERT detected a new type of SYN flood. This exotic attack was seen within a 48-hour period, in two different targets located on other side of the globe. The common characteristic amongst both attacks is that the SYN packets weren’t empty. The SYN packets contained data – about 1000 bytes each per packet, and therefore the bandwidth footprint of these attacks was enormous. In both cases an entire network range was hit with the size of the attack reaching 4-5Gbps. Thus, this new type of SYN flood attack was now more likely to saturate the internet pipe of the victim.

As mentioned, common SYN packets don’t contain data. Actually the RFC doesn’t object to such packets and some applications may even use them but it is very rare. It seems that the intention of the attack here was to find a new method to carry a "tsunami-like", volumetric attack over the TCP protocol.

Nowadays we are mostly accustomed to UDP-based volumetric attacks: DNS, NTP and CHARGEN reflected floods are at the top of the list. However, attackers are always looking for new vectors and delivering a tsunami-like attack over TCP can present a new danger. When you have an NTP UDP flood on your site, sometimes it is enough to just block this traffic at the router’s ACL level. With a TCP volumetric flood on the web server organizations simply won’t close that port.

Unlike classic SYN floods the Tsunami SYN Flood Attack is more likely to impact the internet pipe before it impacts other stateful devices (such as firewalls) and servers. Therefore, to mitigate it you will need to have cloud protection located before the organizational internet pipe.

The ERT further observed that some attacks weren’t designated against a specific asset and port bu were hitting an entire network range. This additional variant is probably added to make the attack evenharder to identify and mitigate.


<< Industry Recommendation >>
The ERT recommends that organizations verify that their mitigation solution can block the Tsunami SYN Flood Attack. Since the attack is volumetric the mitigation point must also be in the cloud to prevent internet pipe saturation.


<< Radware Customer Recommendation >>
Radware customers using the DefensePro product are protected against the Tsunami SYN Flood Attack. For full protection please make sure the following mechanisms are enabled.

• SYN Protection

• BDOS – SYN Flood Protection

In addition to automatic mitigation technologies, a new signature dedicated to this kind of attack (DOSS-tcp-syn-withpayload) will be published after testing and validation. The signature will provide an additional layer of defense and will accurately detect the attack.
Customers that are using Radware's DefensePipe cloud service are also fully protected against internet pipe saturation. Customers using alternative solutions are encouraged to validate that the alternative solution will be able to mitigate the Tsunami SYN Flood Attack. Customers without cloud protection are encouraged to consider this as an option for protection against this attack vector as well as other volumetric attack vectors that threaten the internet pipe.


Reference:
ERT THREAT ALERT - Tsunami SYN Flood Attack
https://kb.radware.com/questions/3596/ERT+THREAT+ALERT+-+Tsunami+SYN+Flood+Attack

Apple: Reset User Password in Mac OS X

There are two ways to reset the user password in Mac OS X:

<< On Mac OS X >>
If you boot in your system, you can change the password. It's used to change it if you didn't forget it.

Boot your Mac and open System Preferences > Users and Groups.
You can see the users. Press the user what you want to change the password and select Change Password. You will be asked for your password.


<< On Recovery >>
When you forgot the password and you can't use OS X, you have to use the new Recovery.

To boot in Recovery system, press Command and R keys in boot and hold the keys until you see the Apple icon. If you have a Mac with Internet Recovery, read > http://support.apple.com/kb/HT4718. If your Mac has got a wireless keyboard, hold them when you hear the startup sound
When it starts, select Utilities > Terminal, and type:
resetpassword

Press your user and type your password. Finally, reboot.

This doesn't work for FileVault.


Reference:
Reset the user password in OS X Lion, Mountain Lion and Mavericks
https://discussions.apple.com/docs/DOC-4101

Apple: Hide/unhide Account in Mac OS X

<< Hide users >>
sudo defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array-add <account name>

<< Unhide users >>
sudo defaults delete /Library/Preferences/com.apple.loginwindow HiddenUsersList


Reference:
Hide/unhide accounts in Mac OS X's login window
http://geektogeek.blogspot.com/2006/12/hideunhide-accounts-in-mac-os-xs-login.html

Wednesday 8 October 2014

Microsoft: Increase the Size of a Database

You can increase the size of a database in SQL Server 2014 by using SQL Server Management Studio or Transact-SQL. The database is expanded by either increasing the size of an existing data or log file or by adding a new file to the database.

<< Using SQL Server Management Studio >>
To increase the size of a database:
  1. In Object Explorer, connect to an instance of the SQL Server Database Engine, and then expand that instance.
  2. Expand Databases, right-click the database to increase, and then click Properties.
  3. In Database Properties, select the Files page.
  4. To increase the size of an existing file, increase the value in the Initial Size (MB) column for the file. You must increase the size of the database by at least 1 megabyte.
  5. To increase the size of the database by adding a new file, click Add and then enter the values for the new file. 
  6. Click OK.

<< Using Transact-SQL >>
To increase the size of a database:
  1. Connect to the Database Engine.
  2. From the Standard bar, click New Query.
  3. Copy and paste the following example into the query window and click Execute. This example increases the size of the file test1dat3.
Transact-SQL
USE master;
GO
ALTER DATABASE AdventureWorks2012
MODIFY FILE
    (NAME = test1dat3,
    SIZE = 20MB);
GO

Reference:
Increase the Size of a Database
http://msdn.microsoft.com/en-us/library/ms175890.aspx

Microsoft: SCSM 2012 Data Warehouse Jobs Keep Failing

I often run into the same problem with the SCSM 2012 Data Warehouse, that the cubes jobs all fail. When resuming one of the jobs the following errors appear in the log:

Message : An Exception was encountered while trying during cube processing.  Message=  Processing warning encountered - Location: , Source: Microsoft SQL Server 2008 R2 Analysis Services Code: 1092550657, Description: Errors in the OLAP storage engine: The attribute key cannot be found when processing: Table: 'ConfigItemDim', Column: 'ConfigItemDimKey', Value: '13760'. The attribute is 'ConfigItemDimKey'.. 

And / Or

Message : An Exception was encountered while trying during cube processing.  Message=  Processing warning encountered - Location: , Source: Microsoft SQL Server 2008 R2 Analysis Services Code: 1092550657, Description: Errors in the OLAP storage engine: The attribute key cannot be found when processing: Table: 'ProcessorDim', Column: 'ProcessorDimKey', Value: '156'. The attribute is 'ProcessorDimKey'..     

And / Or

Message : An Exception was encountered while trying during cube processing.  Message=  Processing error encountered - Location: , Source: Microsoft SQL Server 2008 R2 Analysis Services Code: -1055129595, Description: Server: The operation has been cancelled due to memory pressure..       Processing error encountered - Location: , Source: Microsoft SQL Server 2008 R2 Analysis Services Code: -1055129598, Description: Server: The operation has been cancelled.. 

When the cube processing is started, the Analysis service slowly consumes all available memory and does not stop until it cancels the process due to memory pressure.

Connecting to the server hosting the analysis service and looking at the properties of the cubes, shows that the cubes haven’t been processed and looking in SCSM all the jobs are set to failed:

Looking at the errors that are logged, they often relate to errors in the dimensions and their attributes. Reading the SCSM 2012 Administration guide, there is a script that processes all the dimensions in one step.

The script is not entirely correct, so I've changed it to:

 [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.AnalysisServices")

$Server = New-Object Microsoft.AnalysisServices.Server
$Server.Connect("serverdw.blog.com")
$Databases = $Server.Databases
$DWASDB = $Databases["DWASDataBase"]
$Dimensions = New-Object Microsoft.AnalysisServices.Dimension
$Dimensions = $DWASDB.Dimensions

foreach ($Dimension in $Dimensions){
    Write-host "Processing: " $Dimension
    $Dimension.Process("ProcessFull")
    }

Login to the server hosting the Analysis service and run the powershell script, just remember to change the "serverdw.blog.com". It usually runs for 5-15 minutes.

After all the dimensions have been processed, you can start the cube processing from the SCSM console and they should all complete with success. Note that the jobs will change from Failed to Running to Not Started.

Instead look at the Cubes tab in the Data Warehouse wunderbar to see the status

But remember, this will just get the cubes processed once which is because it gets your cubes up to the latest set of data, but if the cube processing jobs starts failing again right away, it could because it is doing a full processing job instead of a less resource demanding job like incremental.

The only way to fix this is to:

1. Have a look at the HW and see if you could relocate DB-files, log files, temp etc. on more spindles / more VHD-files, add more processors or even RAM to help the SSAS with completing.

And/Or

2. Upgrade to SQL Enterprise (Enterprise has the feature that allows for incremental processing instead of a full)


Reference:
SCSM 2012 Data Warehouse jobs keep failing
http://blogs.technet.com/b/thomase/archive/2012/08/27/data-warehouse-jobs-keep-failing.aspx

Tuesday 7 October 2014

Apple: What’s New in Accessibility in iOS 8

Here are the new features in Accessibility in iOS 8:
1. Alex. Apple is bringing Alex, its natural-sounding voice on the Mac, to iOS. Alex will work with all of iOS’s spoken audio technologies (Siri excepted), including VoiceOver, Speak Selection, and another new Accessibility feature to iOS 8, Speak Screen (see below). In essence, Alex is a replacement for the robotic-sounding voice that controls VoiceOver, et al, in iOS today.

2. Speak Screen. With Speak Screen, a simple gesture will prompt the aforementioned Alex to read anything on screen, including queries asked of Siri. This feature will be a godsend to visually impaired users who may have issues reading what is on their iPhone and/or iPad. It should be noted that Speak Screen is fundamentally different from Speak Selection, which only reads aloud selected text. By contrast, Speak Screen will read aloud everything on the screen — text, button labels, etc.

3. Zoom. Apple has made some welcome tweaks to its Zoom functionality in iOS 8. The hallmark feature is users now have the ability to specify which part of the screen is zoomed in, as well as adjust the level of the zoom. In particular, it’s now possible to have the virtual keyboard on screen at normal size underneath a zoomed-in window. What this does is makes it easy to both type and see what you’re typing without having to battle the entirety of the user interface being zoomed in.

4. Grayscale. iOS in and of itself doesn’t have “themes” like so many third-party apps support — and even like OS X Yosemite’s new “dark mode”. iOS does, however, support a pseudo-theme by way of Invert Colors (white-on-black). In iOS 8, Apple is adding a second pseudo-theme to the system with Grayscale. With this option turned on, the entirety of iOS’s UI is turned, as the name would imply, gray. The addition of a Grayscale is notable because it gives those users who have issues with colorized display — or who simply view darker displays better — another way to alter the contrast of their device(s).

5. Guided Access. The big addition to Guided Access is that Apple is leveraging its own new-to-iOS-8 Touch ID developer API to enable users to be able to exit Guided Access using their scanned fingerprint. This is a noteworthy feature because it effectively guarantees that students (or test-takers or museum visitors) can’t leave Guided Access to access the Home screen or other parts of iOS.

As well, Apple has added a time limit feature to Guided Access, thereby allowing teachers, parents, and the like to specify the length of time Guided Access is to be used. Especially in special education classrooms, features such as Touch ID to exit and the timer can be extremely powerful in ensuring an uninterrupted learning experience, keeping students on task yet still set the expectation that a transition (i.e., “You can play games now”, for instance) will take place in X minutes. In terms of behavior modification, Guided Access’s new features are potentially game-changing, indispensable tools for educators.

6. Enhanced Braille Keyboard. iOS 8 adds support for 6-dot Braille input system-wide. This feature involves a dedicated Braille keyboard that will translate 6-dot chords into text.

7. “Made for iPhone” Hearing Aids. Apple in iOS 8 has improved its Made for iPhone Hearing Aids software so that now users who use hearing aids and have multiple devices now can easily switch between them. Moreover, if a hearing aid is paired with more than one device, users will now be able to pick which device they’d like to use.

8. Third Party Keyboard API. This topic (as well as QuickType) is worthy of its own standalone article, but the accessibility ramifications of iOS 8’s third party keyboard API are potentially huge for those with special needs.


Reference:
An Overview of iOS 8′s New Accessibility Features
http://www.macstories.net/stories/an-overview-of-ios-8s-new-accessibility-features/

Apple: Reddit-powered Botnet Infected Thousands of Macs Worldwide

The Russian antivirus vendor Dr. Web has reported the spread of a new botnet that exclusively targets Apple computers running Mac OS X. According to a survey of traffic conducted by researchers at Dr. Web, over 17,000 Macs worldwide are part of the Mac.BackDoor.iWorm botnet—and almost a quarter of them are in the US. One of the most curious aspects of the botnet is that it uses a search of Reddit posts to a Minecraft server list subreddit to retrieve IP addresses for its command and control (CnC) network. That subreddit now appears to have been expunged of CnC data, and the account that posted the data appears to be shut down.

The Dr. Web report doesn’t say how Mac.BackDoor.iWorm is being distributed to victims of the malware. But its “dropper” program installs the malware into the Library directory within the affected user’s account home folder, disguised as an Application Support directory for “JavaW." The dropper then generates an OS X .plist file to automatically launch the bot whenever the system is started.

The bot malware itself looks for somewhere in the user’s Library folder to store a configuration file, then connects to Reddit’s search page. It uses an MD5 hash algorithm to encode the current date, and uses the first 8 bytes of that value to search Reddit’s “minecraftserverlist” subreddit’—where most of the legitimate posts are over a year old.

The CnC posts appear to now have been expunged from Reddit, and a survey of the most recent servers identified in the subreddit by Ars found that most of their IP addresses, scattered around the world on systems that were apparently compromised—including computers in Slovakia and at Marist College in Poughkeepsie, New York—are now unreachable. The Marist College node, based on its IP address, was a virtual machine running in the college’s private cloud.

However, it’s unlikely that the botnet has been completely shut down. The malware has the capability of downloading additional files and executing commands on the infected systems, so a new version of the botnet may have already been distributed—along with other malware spread through it.

Security journalist Graham Cluley reports that Dr. Web and Bitdefender both detect variants of the botnet, (which Bitdefender refers to as Mac.OSX.iWorm). There are also ways for Mac owners to defend themselves against the malware. Developer Jacob Salmela has posted instructions on how to create a set of OS X folder actions that will alert a user if their system becomes infected:
http://jacobsalmela.com/roll-defense-mac-backdoor-iworm/

Besides, Apple has updated OS X's built-in XProtect malware definitions list to include the Mac.BackDoor.iWorm malware. The iWorm malware allegedly managed to infect more than 17,000 Macs worldwide, and it was apparently using a (now closed) Minecraftserverlists board on reddit to distribute the IP addresses of control servers to infected Macs.
XProtect was first introduced to OS X in Snow Leopard in response to the MacDefender malware that managed to infect some OS X systems back in 2011. While the complete list is only 40 items long as of this writing, OS X silently checks for XProtect updates daily, and Apple also uses the list to mandate the usage of up-to-date versions of Java and Flash. While XProtect doesn't do anything to clean existing infections, it can prevent new ones by telling users explicitly that they're attempting to install known malware.


Reference:
1. Reddit-powered botnet infected thousands of Macs worldwide
http://arstechnica.com/security/2014/10/reddit-powered-botnet-infected-thousands-of-macs-worldwide/

2. Apple updates definitions to prevent “iWorm” botnet malware on Macs
http://arstechnica.com/apple/2014/10/apple-updates-definitions-to-prevent-iworm-botnet-malware-on-macs/

Monday 6 October 2014

IT Management: Zero-based Budgeting ( ZBB )

Zero-based budgeting ( ZBB ) is an approach to planning and decision-making that reverses the working process of traditional budgeting. In traditional incremental budgeting (Historic Budgeting), departmental managers justify only variances versus past years, based on the assumption that the "baseline" is automatically approved. By contrast, in zero-based budgeting, every line item of the budget must be approved, rather than only changes. Zero-based budgeting requires the budget request be re-evaluated thoroughly, starting from the zero-base. This process is independent of whether the total budget or specific line items are increasing or decreasing.

The term is sometimes used in personal finance to describe "zero-sum budgeting", the practice of budgeting every unit of income received, and then adjusting some part of the budget downward for every other part that needs to be adjusted upward.

Zero based budgeting also refers to the identification of a task or tasks and then funding resources to complete the task independent of current resourcing.


<< Advantages >>
  1. Efficient allocation of resources, as it is based on needs and benefits rather than history.
  2. Drives managers to find cost effective ways to improve operations.
  3. Detects inflated budgets.
  4. Increases staff motivation by providing greater initiative and responsibility in decision-making.
  5. Increases communication and coordination within the organization.
  6. Identifies and eliminates wasteful and obsolete operations.
  7. Identifies opportunities for outsourcing.
  8. Forces cost centers to identify their mission and their relationship to overall goals.
Zero based Helps in identifying areas of wasteful expenditure, and if desired, can also be used for suggesting alternative courses of action.


<< Disadvantages >>
  1. More time-consuming than incremental budgeting.
  2. Justifying every line item can be problematic for departments with intangible outputs.
  3. Requires specific training, due to increased complexity vs. incremental budgeting.
  4. In a large organization, the amount of information backing up the budgeting process may be overwhelming.


Reference:
Zero-based budgeting
http://en.wikipedia.org/wiki/Zero-based_budgeting

Thursday 2 October 2014

Google: I am on Google Maps!!!

What a coincidence!!! I am on Google Maps!!!

Coordinate: 1.465028,103.7602348

Wednesday 1 October 2014

Microsoft: Microsoft Windows 10 Codenamed Windows Threshold


Microsoft just said no to 9. The follow-on to the current Windows 8 operating system will be known as Windows 10.

Originally codenamed Windows Threshold, the new operating system essentially does away with the dependency on the tiled "Metro" user interface that Microsoft had attempted to implement across its entire device line, from desktop PCs to Surface tablets and Widows Phone devices. In its place is a combination of the so-called live tiles, present in areas like the new Start Menu, and a more classic Windows experience that aims to please both touch and keyboard-and-mouse users.

Windows 10 is such a substantial leap, according to Microsoft's executive VP of operating systems, Terry Myerson, that the company decided it would be best to skip over Windows 9, the widely expected name for the next version.

"Windows 10 will run on the broadest amount of devices. A tailored experience for each device," Myerson said at a press event here Tuesday. "There will be one way to write a universal application, one store, one way for apps to be discovered purchased and updated across all of these devices."

Microsoft has spent the better part of two years, since Windows 8's debut in October 2012, responding to criticism over the direction in which it took the operating system that has long dominated traditional PCs. Windows 8 introduced the touch-prioritized Metro design with live tiles and removed key elements of Windows 7, disrupting the familiar look and feel for long-time Windows users. The changes were representative of an overall acceleration of Microsoft's unification of its touch-enabled mobile devices with its desktop and laptop software.

Those changes found many critics and detractors.

Windows 8.1, released last year, attempted to address those complaints with the revival of core Windows design and usage properties, such as the Start button. Now, with Windows 10, Microsoft is not quite hitting the reset button on touch, but wants to make sure it does not repeat history in its attempt to take Windows forward.

"We believe that, together with the feedback you provide us, we can build a product that all of our customers will love," Myerson said. "It will be our most open collaborative OS projects ever."

Taking the stage after Myerson's introduction was Microsoft's Joe Belfiore, corporate vice president of operating systems and the current public face of Windows and Windows Phone design and development. He gave attendees a live demo of an early build of Windows 10. Belfiore, too, put the emphasis on a great leap forward.

"We want all these Windows 7 users to have the sentiment that yesterday they were driving a first-generation Prius," he said, "and now with Windows 10 it's like we got them a Tesla."

Windows 10 combines elements of Windows 8's forward-thinking design and the familiarity and functionality of Windows 7, still the most popular Microsoft OS. According to Web traffic-tracking firm Net Applications, Windows 7 could be found on 51 percent of desktop PCs in August, compared with just over 13 percent for versions 8 and 8.1 combined.

"It's easy to say, 'Oh it's Microsoft giving up on touch,'" Belfiore said, pointing out the most obvious criticism of the scaled-back Metro interface. "We're absolutely not giving up on touch. We have a massive number of users who know Windows 7 well and a massive, but smaller, number of people who know Windows 8 well."

The goal with Windows 10, Belfiore stressed, is to "find UI approaches that use the same mouse and keyboard experience evolving from Windows 7 so the touch users get something natural."

Belfiore, during his demo, offered insight into what went wrong with Windows 8. The goal of that OS was based on "the effect that two-in-one's can have for the productivity of Windows to help people get things done," Belfiore said. Two-in-one devices can shape-shift from laptop to tablet, and Microsoft has hoped that Windows can dominate that dual form factor in a way that competitor Apple cannot, with its separate iPad and laptop lines.

"Windows 8's focus on touch, the large start screen, the notion of apps running full-screen as they do on tablet devices...that was to salute the idea that this would be more productivity," Belfiore added. "But we didn't get it right.With Windows 10, we think we got it right."

The key, Microsoft says, is the idea that Windows 10 can identity the device and change its interface mode. That means your software will know when you're using the OneDrive cloud service or Microsoft Word on a Surface device or a Lenovo laptop and adjust accordingly in a way that will unlock that productivity that Microsoft feels has been eluding its family of devices with Windows 8.

As for Windows Phone, it will follow in the steps of Windows 10, including its naming scheme, but not borrow the same back-to-basics design philosophy. "It will not have a desktop," Belfiore said, but did not elaborate on what the next version Microsoft's mobile OS may look like.

Windows 10 is expected to release in fall 2015. Starting tomorrow, Microsoft will open up the OS to dedicated beta testers under its Windows 10 "Insider Program."

Myerson refused to talk about the Windows business model following reports earlier this week that Microsoft may make Windows upgrades free, as Apple does with its OS X upgrades. Both executives are also confident that the jump from Windows 8 to Windows 10 will not cause confusion, and that customers will respect its symbolic value.

"It's a name that resonated best with what we'll deliver," Myerson said.


Reference:
Surprise! Microsoft jumps to Windows 10
http://www.cnet.com/news/microsoft-jumps-to-windows-10/