The DSO server was shutdown this morning at 08:31. The work shuold continue until approximately 7:00 p.m.
For those that are curious - prior to today, this server had been up continuously for 176 days, 13 hours and 24 minutes.
Saturday, January 23, 2010
Friday, January 22, 2010
Critical Internet Explorer security vulnerability patch
If you remember hearing about Google and other companies getting hacked by China, it was due to a security hole in Microsoft Internet Explorer. Microsoft is releasing an emergency security patch to solve this issue.
Please patch your home computers.
Please patch your home computers.
| What is the purpose of this alert? |
This alert is to provide you with an overview of the new security bulletin being released (out-of-band) on January 21, 2010.
New Security Bulletin
Microsoft is releasing one new security bulletin (out-of-band) for newly discovered vulnerabilities:
| Bulletin ID | Bulletin Title | Maximum Severity Rating | Vulnerability Impact | Restart Requirement | Affected Software |
| MS10-002 | Cumulative Security Update for Internet Explorer (978207) | Critical | Remote Code Execution | Requires a restart | All supported versions of Internet Explorer on Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008*, Windows 7, and Windows Server 2008 R2*. |
| * Where indicated in the Affected Software table on the bulletin Web page, the vulnerabilities addressed by this update do not affect supported editions of Windows Server 2008 or Windows Server 2008 R2, when installed using the Server Core installation option. Please see the bulletin Web page at the link in the left column for more details. |
Public Bulletin Webcast
Microsoft will host a webcast to address customer questions on this bulletin:
Title: Information About Microsoft's January 2010 Out-of-Band Security Bulletin Release
Date: Thursday, January 21, 2010, at 1:00 P.M. Pacific Time (U.S. & Canada).
Public Resources related to this alert
- Security Bulletin MS10-002 – Cumulative Security Update for Internet Explorer (978207):
http://www.microsoft.com/technet/security/bulletin/ MS10-002.mspx
- Microsoft Security Response Center (MSRC) Blog: http://blogs.technet.com/msrc/
- Microsoft Security Research & Defense (SRD) Blog: http://blogs.technet.com/srd/
- Microsoft Malware Protection Center (MMPC) Blog: http://blogs.technet.com/mmpc/
- Microsoft Security Development Lifecycle (SDL) Blog: http://blogs.msdn.com/sdl/
New Security Bulletin Technical Details
In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit the Microsoft Support Lifecycle Web site at http://support.microsoft.com/
| Bulletin Identifier | Microsoft Security Bulletin MS10-002 | |
| Bulletin Title | Cumulative Security Update for Internet Explorer (978207) | |
| Executive Summary | This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles objects in memory, validates input parameters, and filters HTML attributes. This security update also addresses the vulnerability first described in Microsoft Security Advisory 979352. | |
| Affected Software | All supported versions of Internet Explorer on Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008*, Windows 7, and Windows Server 2008 R2*. * Where indicated in the Affected Software table on the bulletin Web page, the vulnerabilities addressed by this update do not affect supported editions of Windows Server 2008 or Windows Server 2008 R2, when installed using the Server Core installation option. Please see the bulletin Web page at the link below for more details. | |
| CVE, Exploitability Index Rating |
Note: Please see the Exploitability Index table of the bulletin summary page for more details: http://www.microsoft.com/ | |
| Attack Vectors |
| |
| Mitigating Factors |
| |
| Restart Requirement | The update will require a restart. | |
| Bulletins Replaced by This Update | MS09-072 |
| Publicly Disclosed? Exploited? | CVE-2010-0249 has been publicly disclosed prior to release. CVE-2010-0249 has been exploited in the wild at release. |
| Full Details | http://www.microsoft.com/ |
Regarding Information Consistency
We strive to provide you with accurate information in static (this mail) and dynamic (Web-based) content. Microsoft’s security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s Web-based security content, the information in Microsoft’s Web-based security content is authoritative.
If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant.
Thank you,
Microsoft CSS Security Team
Heidi Felker
Education Account Manager - US Public Sector
Microsoft Corporation
One Microsoft Way
Redmond, Washington 98052
Toll Free (800) 426 - 9400 x 11310
Direct: (425) 704-6563
Email: heidife@microsoft.com
Security alert- new types of attacks
[This is from another university that granted permission to share as long as
I didn't say where it came from.]
Folks,
Over the past week or so, we've seen a marked increase in malicious
advertisements targeting (and exploiting) multiple vulnerabilities -
including ones in Java Runtime Environment (JRE) and Java Development
Kit (JDK) - to silently download and install malware. We have learned
of three "advertising agencies" that appear to be operated by the same
group, that are completely bogus, and they have gotten their ads
pushed out via the largest advertisers in the business. We've seen
popular local and world news sites, popular greeting card sites,
screen saver sites, and more "displaying" these ads. The number and
size of legitimate advertising agencies that wind up referring users
to these malicious advertisements basically means that every Web site
that outsources advertising should be considered a potential infection
vector.
While malicious ads targeting Adobe Flash Player and Adobe
Reader/Acrobat have been going on for well over a year, this is the
first time I can remember seeing numerous computers becoming infected
daily due to a JRE/JDK exploit.
I was able to successfully recreate an infection simply by visiting a
very popular (legitimate) greeting card site this morning. I did not
get redirected to any visible fake AV site, nor did I have to interact
with anything to become infected. There no visible symptoms of an
infection for several minutes, before the fake AV software finally
reared its ugly head. And it wasn't just a Web page that popped up -
it had been silently installed.
This particular variant prevented many Windows applications from
running, including (but not limited to) Paint, cmd.exe, Control Panel,
and more. This fake AV installs itself in a manner that allows
infection of limited user accounts - admin privileges are not needed.
And the kicker... the sample that I sent to virustotal.com was
detected by one out of 41 AV vendors (Symantec wasn't the one).
We have seen signs that not all hosts infected via these advertising
campaigns get the fake Antivirus software package - however, we are
not sure what is downloaded and installed on those hosts. Assuming it
is malware, it evades all of our existing detection methods.
We've seen Java versions 1.6.x up to 1.6.0_15 become compromised, as
well as several 1.5.x versions. We've seen a host running 1.6.0_17
that did not become compromised, leading us to believe that the most
recent Java security release (1.6.0_17) fixes the vulnerability that
this group is exploiting.
Note that a (presumably) different group of miscreants has been using
bogus advertisements that redirect the browser window to fake AV Web
sites. That site will then try (hard) to convince the user to download
and install their product. That activity is not typically indicative
of an infection - and is an entirely different user experience than
the one I mentioned above. And while we saw a rash of this a few weeks
ago, it seems that almost all of the fake AV we've seen over the past
week was installed silently via drive-by exploits.
I cannot stress enough the magnitude of this situation. The popularity
of the Web sites that we've seen host these "advertisements" is
incredibly high - several of them surely get several thousand hits a
day. Thankfully not everyone who goes to these sites gets the evil ads,
but it is a game of Russian roulette that simply isn't worth playing.
We will be tracking this group as best as we can, and taking
network-wide mitigation steps where appropriate (and possible). But
this group changes their M.O. frequently, and I feel they clearly have
gotten to the point where they aren't going away without handcuffs or
pointy lead.
On a similar note, over the course of the last year or so, several AV
vendors have noticed an uptick in malware that encrypts all of certain
types of data files on the computer, and demands a ransom for the
decryption key. Many folks (including myself) think that it is just a
matter of time before that becomes a much more common payload for
these large drive-by malicious advertising campaigns.
And finally, a personal plea. Please - if you or someone you know
comes across this... don't *ever* decide to purchase the fake AV -
even though it might seem to be the easiest way out. Not only is this
financing their operation, this is giving your credit card info to
some serious (and rather bold) criminals.
I didn't say where it came from.]
Folks,
Over the past week or so, we've seen a marked increase in malicious
advertisements targeting (and exploiting) multiple vulnerabilities -
including ones in Java Runtime Environment (JRE) and Java Development
Kit (JDK) - to silently download and install malware. We have learned
of three "advertising agencies" that appear to be operated by the same
group, that are completely bogus, and they have gotten their ads
pushed out via the largest advertisers in the business. We've seen
popular local and world news sites, popular greeting card sites,
screen saver sites, and more "displaying" these ads. The number and
size of legitimate advertising agencies that wind up referring users
to these malicious advertisements basically means that every Web site
that outsources advertising should be considered a potential infection
vector.
While malicious ads targeting Adobe Flash Player and Adobe
Reader/Acrobat have been going on for well over a year, this is the
first time I can remember seeing numerous computers becoming infected
daily due to a JRE/JDK exploit.
I was able to successfully recreate an infection simply by visiting a
very popular (legitimate) greeting card site this morning. I did not
get redirected to any visible fake AV site, nor did I have to interact
with anything to become infected. There no visible symptoms of an
infection for several minutes, before the fake AV software finally
reared its ugly head. And it wasn't just a Web page that popped up -
it had been silently installed.
This particular variant prevented many Windows applications from
running, including (but not limited to) Paint, cmd.exe, Control Panel,
and more. This fake AV installs itself in a manner that allows
infection of limited user accounts - admin privileges are not needed.
And the kicker... the sample that I sent to virustotal.com was
detected by one out of 41 AV vendors (Symantec wasn't the one).
We have seen signs that not all hosts infected via these advertising
campaigns get the fake Antivirus software package - however, we are
not sure what is downloaded and installed on those hosts. Assuming it
is malware, it evades all of our existing detection methods.
We've seen Java versions 1.6.x up to 1.6.0_15 become compromised, as
well as several 1.5.x versions. We've seen a host running 1.6.0_17
that did not become compromised, leading us to believe that the most
recent Java security release (1.6.0_17) fixes the vulnerability that
this group is exploiting.
Note that a (presumably) different group of miscreants has been using
bogus advertisements that redirect the browser window to fake AV Web
sites. That site will then try (hard) to convince the user to download
and install their product. That activity is not typically indicative
of an infection - and is an entirely different user experience than
the one I mentioned above. And while we saw a rash of this a few weeks
ago, it seems that almost all of the fake AV we've seen over the past
week was installed silently via drive-by exploits.
I cannot stress enough the magnitude of this situation. The popularity
of the Web sites that we've seen host these "advertisements" is
incredibly high - several of them surely get several thousand hits a
day. Thankfully not everyone who goes to these sites gets the evil ads,
but it is a game of Russian roulette that simply isn't worth playing.
We will be tracking this group as best as we can, and taking
network-wide mitigation steps where appropriate (and possible). But
this group changes their M.O. frequently, and I feel they clearly have
gotten to the point where they aren't going away without handcuffs or
pointy lead.
On a similar note, over the course of the last year or so, several AV
vendors have noticed an uptick in malware that encrypts all of certain
types of data files on the computer, and demands a ransom for the
decryption key. Many folks (including myself) think that it is just a
matter of time before that becomes a much more common payload for
these large drive-by malicious advertising campaigns.
And finally, a personal plea. Please - if you or someone you know
comes across this... don't *ever* decide to purchase the fake AV -
even though it might seem to be the easiest way out. Not only is this
financing their operation, this is giving your credit card info to
some serious (and rather bold) criminals.
Monday, January 18, 2010
wifi status update
You may have started to see some weird-looking electronic devices popping up on the ceilings your schools. No, you need not start wearing a tin-foil hat; we're not trying to read your thoughts. Each of these is a wireless access point (AP) that you can connect to with a laptop, iTouch, or your bathroom scale if you just happen to own one of these.
For the almost a year now we at the tech office have been planning, installing and testing the new wireless network at Oregon High School and Oregon Middle School. We are proud to say that we are now running at full speed in both locations.
What this means for you:
In your classroom at OMS or OHS you will now have network access for the many wireless devices that are either housed in your classroom, or that you may bring in from home. There are two wireless network names (SSID) being broadcast. The first one is called "osd" and the second is called "public". Any device that you bring from home may connect to "public" without even needing a password. All devices that are maintained by OSD, and have anti-virus software installed are set up to connect to "osd".
The difference between osd and public is simply this:
When you connect to "public" you will have the same access as if you were sitting at home(although filtered to meet CIPA compliance). You may connect to sites on the internet and any publicly accessible OSD sites (PowerTeacher, PowerSchool, Email, etc...). When connected to "osd" on a device owned by The District, you will have access to log into Novell and get to your files on the H, V, W,(...etc) drives.
eeePCs:
Most of these do not have antivirus software available, and are not regularly patched by OSD so the majority these will also connect to "public".
What about my building / classroom??
We have wireless coverage in all classrooms in OHS, OMS and RCI. So far we have limited coverage at the elementary buildings, but we're are working hard to get wireless where it's needed as soon as possible. If you're you're having trouble getting connected in your classroom at OHS, OMS or RCI please let us know and we'll get it figured out for you.
Thanks and enjoy your WPA2 AES encrypted IEEE802.11N-2009 2.4 / 5GHz connections!
Your friendly neighborhood IT department.
A final thought to leave you with:
“The wireless telegraph is not difficult to understand. The ordinary telegraph is like a very long cat. You pull the tail in New York, and it meows in Los Angeles. The wireless is the same, only without the cat.”
-Albert Einstein
For the almost a year now we at the tech office have been planning, installing and testing the new wireless network at Oregon High School and Oregon Middle School. We are proud to say that we are now running at full speed in both locations.
What this means for you:
In your classroom at OMS or OHS you will now have network access for the many wireless devices that are either housed in your classroom, or that you may bring in from home. There are two wireless network names (SSID) being broadcast. The first one is called "osd" and the second is called "public". Any device that you bring from home may connect to "public" without even needing a password. All devices that are maintained by OSD, and have anti-virus software installed are set up to connect to "osd".
The difference between osd and public is simply this:
When you connect to "public" you will have the same access as if you were sitting at home(although filtered to meet CIPA compliance). You may connect to sites on the internet and any publicly accessible OSD sites (PowerTeacher, PowerSchool, Email, etc...). When connected to "osd" on a device owned by The District, you will have access to log into Novell and get to your files on the H, V, W,(...etc) drives.
eeePCs:
Most of these do not have antivirus software available, and are not regularly patched by OSD so the majority these will also connect to "public".
What about my building / classroom??
We have wireless coverage in all classrooms in OHS, OMS and RCI. So far we have limited coverage at the elementary buildings, but we're are working hard to get wireless where it's needed as soon as possible. If you're you're having trouble getting connected in your classroom at OHS, OMS or RCI please let us know and we'll get it figured out for you.
Thanks and enjoy your WPA2 AES encrypted IEEE802.11N-2009 2.4 / 5GHz connections!
Your friendly neighborhood IT department.
A final thought to leave you with:
“The wireless telegraph is not difficult to understand. The ordinary telegraph is like a very long cat. You pull the tail in New York, and it meows in Los Angeles. The wireless is the same, only without the cat.”
-Albert Einstein
Sunday, January 17, 2010
Server Maintenance
PVE is returned to service at 8:35 a.m. Sunday
PANTHER will now be shutdown to move from temporary location to the SAN
PANTHER will now be shutdown to move from temporary location to the SAN
Tuesday, January 12, 2010
Slow logins at OHS- status, explanation
The helpdesk has fielded a number of complaints about slow logins from OHS. After researching the issue, our current theory is that the FreeNAS array currently holding the PANTHER server is slower than the regular SAN or drive arrays in the servers. PANTHER is being temporarily hosted on FreeNAS until it can be moved to the SAN. However, we can't fully migrate it until other arrays have been moved, which we were doing last weekend, but it took too long and had be be aborted.
In the meantime, the aborted PVE migration has been erased from the FreeNAS array, which increases the free drive space from 20 GB to about 300 GB. This should provide more headroom, which will hopefully result in a (nominal) improvement in login times. The only thing users can do is delete unnecessary files to make both individual profiles load more quickly, and reduce the overall disk load. This will also allow the migration to happen more quickly.
We understand this is frustrating, and we are working to correct the problem. It wasn't planned to be a long-term situation, and we're trying to progress to the final configuration (all volumes on the SAN) as quickly as possible.
In the meantime, the aborted PVE migration has been erased from the FreeNAS array, which increases the free drive space from 20 GB to about 300 GB. This should provide more headroom, which will hopefully result in a (nominal) improvement in login times. The only thing users can do is delete unnecessary files to make both individual profiles load more quickly, and reduce the overall disk load. This will also allow the migration to happen more quickly.
We understand this is frustrating, and we are working to correct the problem. It wasn't planned to be a long-term situation, and we're trying to progress to the final configuration (all volumes on the SAN) as quickly as possible.
Sunday, January 10, 2010
Update [Sun., 2010-01-10, 21:55] Internet connection issues resolved
As of 9:55 PM Sunday, the district's Internet connection problems of the weekend seem to be resolved. The bottleneck seems to have been in the network packetshaper/traffic manager. It's supposed to throttle some traffic, but not all of it. (Sheesh!)
Internet access speed appears to be back to normal instead of the horribly slow speeds of the weekend. How bad was it? About as bad as the Packers' first quarter offense. (Thank you, I'll be here all night. Wait- no I won't. I'm going home now.)
Internet access speed appears to be back to normal instead of the horribly slow speeds of the weekend. How bad was it? About as bad as the Packers' first quarter offense. (Thank you, I'll be here all night. Wait- no I won't. I'm going home now.)
Tuesday, January 5, 2010
Server Maintenance Schedule
Ongoing Server maintenance outages for Oregon SD:
Friday, January 15: PVE server migration beginning at 7:00 p.m.
UPDATE: PVE Server migration phase1 complete @ 9:30 a.m., Jan 16. Be advised that the server may be restarted at any time Saturday and will be shut down again Saturday afternoon for phase 2 moving of datastore.
Saturday and Sunday, January 16 - 17: Servers PVE and PANTHER will be shut down for indeterminate amount of time for move to faster (and permanent) disk storage.
UPDATE: PVE Server migration phase1 complete @ 9:30 a.m., Jan 16. Be advised that the server may be restarted at any time Saturday and will be shut down again Saturday afternoon for phase 2 moving of datastore.
Saturday and Sunday, January 16 - 17: Servers PVE and PANTHER will be shut down for indeterminate amount of time for move to faster (and permanent) disk storage.
Subscribe to:
Posts (Atom)