PRTG: Cloud Ping Sensor

The Cloud Ping sensor monitors the ping times to its parent device from different locations worldwide using the PRTG Cloud. These locations are distributed over five continents around the globe.

The sensor can show the response times of the target server pinged from the following locations:

• Asia Pacific: Singapore
• Asia Pacific: Sydney
• Asia Pacific: Tokyo
• EU Central: Frankfurt
• EU West: Ireland
• South America: Sao Paulo
• US East: Northern Virginia
• US West: Northern California
• US West: Oregon
• Global average response time

IT Technology: Dell DPACK 1.5.5 Dell DPACK Collector

Dell DPACK 1.5.5 Dell DPACK collector is a small executable file that runs for approximately 24 hours during which time it measures disk activity and memory/CPU utilization for each server. The output of the data collector is an iokit file that can be returned to the sales team via email. The data analyzer organizes the collected data into a detailed, customer-ready report that the sales team can use to recommend hardware modifications and/or investments to improve storage solution performance. The data collector can support multiple platforms such as Windows, VMware, Linux, Solaris and Unix.

IT Security: "Dyre Wolf" Attacks Target Enterprise Bank Accounts by IBM

A combination of new malware and old-fashioned social engineering has been used to rob companies of more than US$1 million, according to a new study from IBM.

The attacks, dubbed “Dyre Wolf” by IBM, suggests the work of experienced online criminals brazenly attempting to rip off large organizations.

“As we continue to see, cybercriminals grow in resourcefulness and productivity at alarming rates. They are sharing expertise on a global scale via the deep Web and launching carefully planned, long-term attacks to attain the highest return on investment,” wrote John Kuhn, IBM senior threat researcher, in a blog post co-authored with fellow IBM researcher Lance Mueller.

Dyre Wolf uses a variant of Dyre, which is malware written to target the websites of hundreds of banks..

“Since its start in 2014, Dyre has evolved to become simultaneously sophisticated and easy to use, enabling cybercriminals to go for the bigger payout,” Kuhn wrote. An organized but as-of-yet unidentified group of attackers also rely on talking to users by phone, in order to bypass the two-factor authentication most organizations have put in place to thwart online attacks

Since October, IBM has seen a spike in the infection rate of Dyre on corporate networks, spiking from 500 instances to nearly 3,500. It estimates that anywhere from $500,000 to $1.5 million has been lost through Dyre-based attacks

IBM posted a paper outlining in detail how the attack works.

A user is tricked into installing the Dyer software on the machine by the usual means, perhaps by clicking on a malicious email attachment.

The installed program remains silent until a user attempts to log onto a bank website recognized by Dyre. At that point, a Web page will pop up explaining the site is experiencing technical difficulties and that the user should call the help center to gain access.

The attackers are sophisticated enough to rig the software so that when the user calls, the attackers answer the phone posing as a representative from the bank. They then trick the user into giving up the password. By the time the phone call is finished, money is already transferred out of the enterprise’s account and is rapidly moving across different banks around the globe to evade detection.

IBM has estimated that 95 percent of all corporate attacks rely on some form of human error.

Most employees have already been trained not to click on unknown documents received by email, as well as to not give up passwords over the phone. A single inattentive user, however, could result in the loss of large sums of money.

To guard against Dyre Wolf, security professionals should reinforce company best practices that should already be in place. Employees should be reminded that banks never ask for passwords and that they should report any suspicious behavior. An organization may also wish to carry out mock-attacks to ensure that employees are fully trained on how to handle such incidents, Kuhn said.

IT Security: Personal Details of World Leaders Accidentally Revealed by G20 Organisers

The personal details of world leaders at the last G20 summit were accidentally disclosed by the Australian immigration department, which did not consider it necessary to inform those world leaders of the privacy breach.

The Guardian can reveal an employee of the agency inadvertently sent the passport numbers, visa details and other personal identifiers of all world leaders attending the summit to the organisers of the Asian Cup football tournament.

The United States president, Barack Obama, the Russian president, Vladimir Putin, the German chancellor, Angela Merkel, the Chinese president, Xi Jinping, the Indian prime minister, Narendra Modi, the Japanese prime minister, Shinzo Abe, the Indonesian president, Joko Widodo, and the British prime minister, David Cameron, were among those who attended the Brisbane summit in November and whose details were exposed.

The Australian privacy commissioner was contacted by the director of the visa services division of Australia’s Department of Immigration and Border Protection to inform them of the data breach on 7 November 2014 and seek urgent advice.

In an email sent to the commissioner’s office, obtained under Australia’s freedom of information laws, the breach is attributed to an employee who mistakenly emailed a member of the local organising committee of the Asian Cup – held in Australia in January – with the personal information.

“The personal information which has been breached is the name, date of birth, title, position nationality, passport number, visa grant number and visa subclass held relating to 31 international leaders (ie prime ministers, presidents and their equivalents) attending the G20 leaders summit,” the officer wrote.

“The cause of the breach was human error. [Redacted] failed to check that the autofill function in Microsoft Outlook had entered the correct person’s details into the email ‘To’ field. This led to the email being sent to the wrong person.

“The matter was brought to my attention directly by [redacted] immediately after receiving an email from [the recipient] informing them that they had sent the email to the wrong person.

“The risk remains only to the extent of human error, but there was nothing systemic or institutional about the breach.”

The officer wrote that it was “unlikely that the information is in the public domain”, and said the absence of other personal identifiers “limits significantly” the risk of the breach. The unauthorised recipient had deleted the email and “emptied their deleted items folder”.

“The Asian Cup local organising committee do not believe the email to be accessible, recoverable or stored anywhere else in their systems,” the letter said.

The immigration officer then recommended that the world leaders not be made aware of the breach of their personal information.

“Given that the risks of the breach are considered very low and the actions that have been taken to limit the further distribution of the email, I do not consider it necessary to notify the clients of the breach,” she wrote.

The recommendation not to disclose the breach to the world leaders may be at odds with privacy law in some of their countries.

Britain, Germany and France all have different forms of mandatory data breach notification laws that require individuals affected by data breaches to be informed.

It is not clear whether the immigration department subsequently notified the world leaders of the breach after the initial assessment.

The office of the Australian immigration minister, Peter Dutton, did not respond to questions.

Australia’s deputy opposition leader, Tanya Plibersek, called on Tony Abbott to explain why the world leaders were not notified of the breach.

“The prime minister and the immigration minister must explain this serious incident and the decision not to inform those affected,” she said.

Disclosure of the data breach is likely to embarrass the Australian government after controversial mandatory data retention laws were passed last week.

The passage of the laws – which require telecommunications companies to store certain types of phone and web data for two years – has been marked by concerns about the adequacy of privacy safeguards by companies and government agencies that will handle the data.

The Greens senator Sarah Hanson-Young said: “Only last week the government was calling on the Australian people to trust them with their online data, and now we find out they have disclosed the details of our world leaders.

“This is another serious gaffe by an incompetent government.”

Australia’s immigration department was also responsible for the country’s largest ever data breach by a government agency.

In February 2014 the Guardian revealed the agency had inadvertently disclosed the personal details of almost 10,000 people in detention – many of whom were asylum seekers – in a public file on its website.

Microsoft: Exchange Report based on Display Name, Account Status, Memberof and Hide from Exchange Address Lists

The following Powershell script allows you to generate an Exchange report based on the display name, account status, memberof and hide from Exchange address lists:

param(
[Parameter(ParameterSetName='file')] [string]$file,
[Parameter(ParameterSetName='server')] [string]$server,
[Parameter(ParameterSetName='mailbox')] [string]$mailbox,
[Parameter(ParameterSetName='all')] [switch]$all,
[string]$filename
)


$ErrorActionPreference = "SilentlyContinue"
$WarningPreference = "SilentlyContinue"
$report = @()


#Set recipient scope
$2007snapin = Get-PSSnapin -Name Microsoft.Exchange.Management.PowerShell.Admin
if ($2007snapin)
{
$AdminSessionADSettings.ViewEntireForest = 1
}
else
{
$2010snapin = Get-PSSnapin -Name Microsoft.Exchange.Management.PowerShell.E2010
if ($2010snapin)
{
Set-ADServerSettings -ViewEntireForest $true
}
}


#If no filename specified, generate report file name with random strings for uniqueness

if ($filename)
{
$reportfile = $filename
}
else
{
$timestamp = Get-Date -UFormat %Y%m%d-%H%M
$random = -join(48..57+65..90+97..122 | ForEach-Object {[char]$_} | Get-Random -Count 6)
$reportfile = "MailboxReport-$timestamp-$random.csv"
}


#Add dependencies
Import-Module ActiveDirectory

#Get the mailbox list

Write-Host -ForegroundColor White "Collecting mailbox list"

if($all) { $mailboxes = @(Get-Mailbox -resultsize unlimited -IgnoreDefaultScope) }

if($server) { $mailboxes = @(Get-Mailbox -server $server -resultsize unlimited -IgnoreDefaultScope) }

if($hidden){ $mailboxes = @(Get-Mailbox -hiddenfromaddresslistsenabled $hidden -resultsize unlimited -IgnoreDefaultScope) }

if($file) { $mailboxes = @(Get-Content $file | Get-Mailbox -resultsize unlimited) }

if($mailbox) { $mailboxes = @(Get-Mailbox $mailbox) }

#Get the report

Write-Host -ForegroundColor White "Collecting report data"

$mailboxcount = $mailboxes.count
$i = 0

#Loop through mailbox list and find the aged mailboxes
foreach ($mb in $mailboxes)
{
$i = $i + 1
$pct = $i/$mailboxcount * 100
Write-Progress -Activity "Collecting mailbox details" -Status "Processing mailbox $i of $mailboxcount - $mb" -PercentComplete $pct

$user = Get-User $mb
$aduser = Get-ADUser $mb.samaccountname -Properties Enabled,AccountExpirationDate
$aduserr = Get-ADUser $mb.samaccountname -Properties *
$member = ($aduserr.memberof | % { (Get-ADGroup $_).Name; }) -join ';'

#Create a custom PS object to aggregate the data we're interested in

$userObj = New-Object PSObject
$userObj | Add-Member NoteProperty -Name "DisplayName" -Value $mb.DisplayName
$userObj | Add-Member NoteProperty -Name "Enabled" -Value $aduser.Enabled
$userObj | Add-Member NoteProperty -Name "MemberOf" -Value $member
$userObj | Add-Member NoteProperty -Name "Hide from Exchange" -Value $mb.HiddenFromAddressListsEnabled


#Add the object to the report
$report = $report += $userObj
}

#Catch zero item results
$reportcount = $report.count

if ($reportcount -eq 0)
{
Write-Host -ForegroundColor Yellow "No mailboxes were found matching that criteria."
}
else
{
#Output single mailbox report to console, otherwise output to CSV file
if ($mailbox)
{
$report | Format-List
}
else
{
$report | Export-Csv -Path $reportfile -NoTypeInformation
Write-Host -ForegroundColor White "Report written to $reportfile in current path."
Get-Item $reportfile
}
}

Google: Google Spreadsheet Email Alert based on the Input Data

The Google script below allows you to automate the Google Spreadsheet to send an email alert based on the input data:

function checkReminder() {
  // get the spreadsheet object
  var spreadsheet = SpreadsheetApp.getActiveSpreadsheet();
  // set the first sheet as active
  SpreadsheetApp.setActiveSheet(spreadsheet.getSheets()[0]);
  // fetch this sheet
  var sheet = spreadsheet.getActiveSheet();
   
  // figure out what the last row is
  var lastRow = sheet.getLastRow();

  // start with row 10
  var startRow = 10;

  // grab column 3 (the 'days left' column)
  var range = sheet.getRange(10,3,lastRow-startRow+1,1 );
  var numRows = range.getNumRows();
  var days_left_values = range.getValues();
   
  // grab the description column
  range = sheet.getRange(10, 6, lastRow-startRow+1, 1);
  var reminder_info_values = range.getValues();
  
  // grab the vendor column
  range = sheet.getRange(10, 5, lastRow-startRow+1, 1);
  var reminder_vendor_values = range.getValues();
   
  var warning_count = 0;
  var msg = "";
   
  // Loop over the days left values
  for (var i = 0; i <= numRows - 1; i++) {
    var days_left = days_left_values[i][0];
    if(days_left == 90) {
      // if it's exactly 90, do something with the data.
      var vendor = reminder_vendor_values[i][0];
      var description = reminder_info_values[i][0];
       
      msg = msg + "Reminder: "+vendor+" "+description+" is due in "+days_left+" days.\n";
      warning_count++;
    }
  }
   
  if(warning_count) {
    MailApp.sendEmail("italert@marlboroughcollege.my",
        "Contract and Agreement Reminder", msg);
  } 
}

Google: Pac-Man in Google Maps

Ever imagine what it'd be like to play a monster game of Pac-Man through the streets of your hometown? Now you can, sort of, as Google has built a fully playable game of Pac-Man into Google Maps.

To play the game, simply go to Google Maps in a browser on your computer, or on the updated iOS and Android Google Maps apps, and find a location near you with a good amount of streets.

From there, click the Pac-Man button in the bottom left corner, and Google will transform those streets into a playable version of Pac-Man. The controls are pretty simple: just tap on the up, down, left and right arrows to move Pac-Man around while you collect dots and cherries, all while avoiding being killed by ghosts.

April Fools' is Wednesday, meaning you'll see some pretty bizarre things. If this is Google's idea of an April Fools' stunt, it's pretty amazing. If you, like me, were totally jealous of that guy who got to play Pac-Man for real in the Bud Light Super Bowl Ad, playing Pac-Man in your town of choice on Google Maps might just be the next best thing.