My blog 2011 in review

Posted on January 1, 2012 by

Thank you all for visiting my blog! This year many more is coming! Also, if you have any topic suggestion/doubt shut out, the I will make sure to cover it! Once again, thank you!

The WordPress.com stats helper monkeys prepared a 2011 annual report for this blog.

Here’s an excerpt:

A New York City subway train holds 1,200 people. This blog was viewed about 7,600 times in 2011. If it were a NYC subway train, it would take about 6 trips to carry that many people.

Click here to see the complete report.

Regards,

Paulo Oliveira.

Posted in Uncategorized | Leave a comment

From End to Edge and Beyond – Episode 11

Posted on November 18, 2011 by

Hi there folks!

There is a new episode on security talk show From End to Edge and Beyond. It is great to talk about Forefront TMG 2010 and also great to hear about it!

This episode Yuri Diogenes and Tom Shinder interviewed Richard Hicks, a well-know MVP and much knowledge about Forefront TMG.

They discuss about the new features added to Forefront TMG 2010 when you install SP2, like Kerberos authentication for web proxy clients, when using the cluster VIP, new website-based reports, if TMG is a good solution for those who want to migrate to cloud and many more!

Despite it is a service pack, Richard cool the ones nervous about installing the latest TMG service pack and break the environment, since it is very stable.

Last but certainly not least, Yuri and Tom gave 3 books of Forefront collection signed by them, as promised in the previous episode. The lucky one which won them was a good friend of mine Uilson Souza. This guy is very lucky, at TechEd Brazil 2011 he also won a book that Yuri gave out on one of his sessions, the book is focused on Security+ certification (only in Portuguese)! Congrats Uilson! Winking smile

With all said don´t miss it: http://technet.microsoft.com/en-us/edge/from-end-to-edge-and-beyond-episode-11

Regards,

Paulo Oliveira.

Posted in Uncategorized | 1 Comment

Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 2 released!

Posted on October 10, 2011 by

Hi,

Microsoft has just released Service Pack 2 for Forefront Threat Management Gateway (TMG) 2010 as below.:

The service pack includes the following new functionality and feature improvements:

New Reports
• The new Site Activity report displays a report showing the data transfer between users and specific websites for any user.
Error Pages
• A new look and feel has been created for error pages.
• Error pages can be more easily customized and can include embedded objects.
Kerberos Authentication
• You can now use Kerberos authentication when you deploy an array using network load balancing (NLB).

In my opinion, the major feature is the possibility to use Kerberos Authentication when using Network Load Balancing (NLB). This for sure is one of the most requested features by TMG community. Now, Domain Controllers are going to get some rest. Smile

Go get yours now! Click here!

Regards,

Paulo Oliveira.

Posted in Information Technology, Rollup, Service Pack, TMG | Tagged , | Leave a comment

Heads up ISA 2006 admins! New ISA hotfix package!

Posted on October 8, 2011 by

Hi,

Microsoft has released a September hotfix package for ISA 2006 to fix some bugs found on the product. The list of fixes are below:

2618727 (http://support.microsoft.com/kb/2618727/ )
FIX: Users in remote forests cannot change their passwords through ISA Server 2006

2620088 (http://support.microsoft.com/kb/2620088/ )
FIX: Large files become corrupted during file transfer through the Socks V4 client

2620076 (http://support.microsoft.com/kb/2620076/ )
FIX: ISA 2006: Outlook Web App clients are not timed out after the ISA FBA idle time-out is reached

2620069 (http://support.microsoft.com/kb/2620069/ )
FIX: ISA 2006 may crash with the error “DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)”

2622172 (http://support.microsoft.com/kb/2622172/ )
FIX: ISA 2006 blocks published website requests for URLs that include carriage returns (CR) or linefeeds (LF)

For more information about each of these KBs, click on it!

Regards,

Paulo Oliveira.

Posted in ISA Server, Security | Tagged , , , | Leave a comment

TechEd Brazil 2011, how it was?

Posted on October 7, 2011 by

Foto0039                                   Foto0036

Figure 1 – TechEd Brazil                                   Figure 2 – Microsoft booth at TechEd Brazil

Well, in my last post I said that TechEd Brazil conference was my next stop. I can tell you guys it was a really great, well organized event. I had the opportunity to meat some friends face-to-face and make new ones!

As I wrote before, it was hard to choose between so many (interests) sessions. My focus was for virtualization, a trend on these last years, especially about the exciting new Hyper-V version that will come on Windows Server 8. The other sessions were about storage and, of course, security, more specifically a 400 session about Deep Dive TMG Troubleshooting and Cloud Security, in this one I could notice some points to think when planning a migration to the Cloud.

As I mentioned on the last post, Yuri Diogenes record an interview with a Microsoft PFE (Marcelo Tozin), Rodrigo Immaginario (Enterprise Security MVP) and myself Smile

You can watch the video with some great points about different subjects on security. I hope you all like it! Check it at From End to Edge and Beyond web site episode 9.

From End to Edge and Beyond Ep. 9

Figure 3 – Recording interview for From End to Edge and Beyond

Stay tuned for more, Yuri and Tom are promising good things on episode 10. Smile

Last, but not least, I had a really great time meeting new MVPs at MVP Open Day that happened a day before TechEd Brazil, September 28th. Also, had a great time with my folks from work that attended to TechEd Brazil.

MVPs no topo!                     MVPBR_TechEdBR

Figure 4 – MVPs on the Top!                              Figure 5 – MVPs at TechEd Brazil

 

Regards,

Paulo Oliveira.

Posted in Information Technology, Security, TechEd | Tagged , , , , | 1 Comment

TechEd Brazil, here I come!

Posted on September 22, 2011 by

Hi,

next week, more precisely September 29, I will be on the greatest Microsoft event of Latin America: TechEd Brazil. For those not aware what TechEd is I can tell that it is the one of the most important event for Microsoft professionals. This year specifically, 198 lectures and quick sessions will be delivered!

There are so many topics for so few days Sad smile You can imagine how hard is to select a lecture! The attendees can choose only up to 11 lectures.  In my case, the first selection that I made was for 24 lectures, however I was already filtering a lot!

I can say now, 8 days before the event, I haven´t closed my schedule yet!

I have received an invitation from the great Yuri Diogenes, I certainly sure most of you know him, he´s one of the master of ISA Server and Forefront TMG 2010. He is working now on Microsoft Security Team as Senior Technical Writer. The invitation is to participate on one episode from Security Talk show From End to Edge and Beyond, presented by Tom Shinder, I´m also pretty sure you know Tom, and Yuri Diogenes.

I am really honored and grateful to join them. Unfortunally, Tom Shinder won´t be on TechEd Brazil, so Yuri will record my interview at TechEd. Thanks guys for invitation!

Stay tuned on From End to Edge and Beyond and make sure to not miss an episode!

Oh! For those who wants to come to TechEd Brazil you still have time! Check out at the website (Portuguese and Spanish).

 

Regards,

Paulo Oliveira.

Posted in Uncategorized | 2 Comments

What to do when you think your computer is infected and your antivirus solution does not detect it?

Posted on August 31, 2011 by

The scenario

Hi fellows! It’s being a while since my last post. Let’s say I am having pretty busy weeks. A lot is going on at work, don’t take me wrong, to me that’s good! The sad part is that I have less time to spend with the community.

Anyway, last Friday a friend of mine came up on Skype asking me if I was aware of a malware that changes Internet Explorer’s proxy settings. I know that there’s a bunch of malwares which does it. However, the real question was: Why his machine antivirus did not detect it?

Moreover, Microsoft Security Essentials (MSE) was installed on the machine, one of the best antivirus/antispyware on the market today, and updated with the latest detection signatures.

I truly recommend MSE, since it’s free of charge (you have to have a genuine Windows copy, but who doesn’t? Smile), it uses the same engine as Forefront Endpoint Protection (Microsoft antivirus solution for corporate costumers), as I said before one of the best on the market, check AV-Comparatives web site.

Backing to the initial topic, after my friend told me that every time he rebooted his machine the malicious proxy configurations were set up again, my first though was to look for a suspicious running process.

In my humble opinion, there’s no better tool to unveil process information than Process Explorer, developed by Mark Russinovich. Next step, was download and run it on the affected computer.

At this moment I identified a suspicious .vbs file named amsfx.vbs. This Visual Basic script file was configured to change many registry key configurations, including the browser’s proxy settings, and also was calling an executable file named dwm.exe. I know what you’re might thinking, this executable is the Desktop Window Manager for Windows Vista and Windows 7 Operating Systems, although, the OS running on the machine is Windows XP.

That said, it is clearly this executable file was malicious. However, how to confirm this info if the MSE did not detect it?

The solution

I told him that I submitted the above files to Microsoft Malware Protection Center (MMPC) for their analysis and if confirmed as malware the MSE database signature will be updated with this new threat. Some of you might think: “Why not use another antivirus solution and remove the threat?” or “I don’t think MSE is good enough”.

The answer to this question is that only the following antivirus suspected (did not identified it) the .exe was malicious:

image

After I submitted the file, the time frame between malicious file submission and release of new detection signature was like below:

Submission status history:
Analysis Completed: Aug 29, 2011 01:46 PM UTC
Preliminary Result Available: Aug 29, 2011 09:07 AM UTC
Under Active Investigation: Aug 26, 2011 02:46 PM UTC
Received: Aug 26, 2011 12:49 PM UTC

That was fast, isn’t it? Considering it was sent on Friday and the new detection signature was available on Monday. I must say it is no surprise to me. All possible malicious file that I receive, I send to MMPC for analysis. The majority of the times the answer is like that, real fast.

I also send these samples to other antivirus providers, but the speed to respond and create a new signatures are not that fast. You must note that I don’t need a special contract or anything like it to send and get fast responses. Microsoft is really committed to provide us better security.

After that, I checked again on Virus Total web site and the only antivirus solution that really identified the malware was MSE.

At time of this writing a few more AV solutions now identifies this new malware. Check here.

If you would like to see the final report, check here.

Final message

The bottom line here is if you think your machine is infected and even if your AV solution does not detect any threats, you can search for the (possible) malicious file and send the sample to your antivirus provider to analyze and create a signature for the new threat helping every one out there!

If you are like my buddy and I, chose Microsoft Security Essentials, then you can access MMPC website or use this link to submit a suspicious file.

Regards,

Paulo Oliveira.

Posted in Antivirus, Security | Tagged , , , , , | 2 Comments