• July 25, 2012

    New Truck Antenna

  • July 25, 2012

    Facebook Children Charity Scam

    Cybercriminals have developed a custom piece of malware that injects itself into your Facebook session and prompts you to donate to a charity for sick children. The scammers’ goal is to make off with your personal data, especially your credit card number.  Security researchers have discovered a new variant of the Citadel malware that injects itself into your Facebook webpages and demands that you make a donation to a fake charity for sick children. Please be warned: there are no children charities that will ask you for a donation via Facebook. There are, however, individuals very interested in stealing your credit card number and other personal information (note: this is not the first time Facebook users are specifically being targeted, and it certainly won’t be the last), ZDnet reported. Once your computer is infected with the malware, it quickly adds itself into your Facebook session.  After you log into your Facebook account, the Citadel injection mechanism displays a pop up that encourages you to donate $1 to children who “desperately” need humanitarian aid. Next, it asks you for your name, credit card number, expiration date, CVV, and security password. DO NOT BE FOOLED BY THIS SCAM!  
  • Microsoft released a forth quarter security report stating that the worm Conficker is still infecting 1.7 million computers and work stations.   This news comes more than three years after the worm was first detected.  The rate of infection has increased despite widespread availability of tools to fight it. Conficker has many different versions which make it hard to fight on large scale networks.  Although Microsoft had patches out way before a lot of companies were not patched.  Conficker can also turn off Automatic updates and BITS (Background Intelligent Transfer Service).  Despite Microsoft’s security patches and updates for Windows XP and Vista companies and end-users are still vulnerable due to Conficker’s ability to self-update by automatically connecting to hundreds of attacker-controlled domains. Microsoft recommends two things 1. Adopting Better AV (Anti-Virus Solutions) and Malware Protection 2. Strong and Better passwords
  • Oracle Zero Day Vulnerability Still Not Patched after April’s patch release with had 88 patches.  The vulnerability allows an attacker to perform a man in the middle attack and capture information exchanged between clients and databases.  The vulnerability was reported in 2008 and has believed to been around since 1999 when the TNS Listener feature was added to Oracles product line.  Oracle has workarounds for the zero-day flaw which was found in there database server products.  Oracle has gone as far to release a security alert: Oracle Security Alert for CVE-2012-1675 The vulnerability is in the TNS listener which has been recently disclosed as “TNS Listener Poison Attack” affecting the Oracle Database Server.  The products affected are Oracle Database 11g Release 2, versions,, Oracle Database 11g Release 1, version, Oracle Database 10g Release 2, versions,,, Fusion Middleware, Enterprise Manager and E-Business Suite.  Oracle has released work arounds which can be found at My Oracle Support Note 1340831.1 and My Oracle Support Note 1453883.1.
  • July 19, 2012

    Podcast Episode 4

    Password Hashing Google Keynote Jellybean, Tablet, Google TV, Cloud Drive, Offline Google Docs Microsoft Patch Tuesday 3 Critical vulnerabilities Patched Microsoft Windows 8 Release date October 26, 2012 Microsoft Tablet Features Microsoft Office 2012 Release iOS 6 Beta Jail Broken Dell Offering Ubuntu Laptops Again DropBox and UPS Spam Scams Skype Patches a Security Bug that allows third party messaging Nvidia Developer Forums Hacked 400,000 Hashed Passwords Compromised Yahoo Voice Hacked 400,000 Clear Text Passwords Stolen 28 million Formspring Passwords Leaked WikiLeaks excepts donations again Internet Dooms Day Yahoo appoints new CEO Marissa Ann Mayer Marissa Ann Mayer Tweets her Pregnancy and gets nasty feedback Cisco Hit With Backlash Over Home Router Cloud Service on models EA4500 and the EA2700 Podcast 4 Recorded July 7, 2012 (show originally aired on our old lipanitech site)
  • I was having and issue with a windows server print drivers and print processes at a client and this information and article helped me out tremendoulsy. There are three basic modes of isolation that can be configured for individual print drivers: None – in this mode, print driver components are loaded into the spooler process. This is essentially the model found in previous versions of Windows Shared – multiple drivers that are set for isolation are loaded into a single shared process space that is separate from the spooler process. Although this protects the spooler process, the drivers that are in shared mode can affect one another Isolated – each driver is loaded into its own process space. This protects the spooler from individual driver failures, and also protects drivers from each other Remember that the modes are configured on a per-driver and not a per-system basis. One other point to keep in mind – not all drivers will run in shared or isolated mode. Drivers that call spooler functions or a printer’s configuration module directly will need to run in “none” mode. The driver developer can advertise whether or not their driver supports isolation mode. Now lets take a look at how the new model works. Anytime shared or isolated mode is used for a print driver, a new process – PrintIsolationHost.exe – is launched by the DCOM Server Process Launcher for each “print sandbox”. The print processor, the rendering module, the configuration module and the miscellaneous driver files are loaded into the address space for the new process, instead of the spooler’s process. The spooler essentially proxies calls for the print processor and other driver components in the PrintIsolationHost.exe process and DCOM is used for inter-process communications. Something to note here – if you examine the spooler closely you’ll find that...
  • July 17, 2012

    Cloud Based E-mail Hosting Concerns

    A recent report by Gartner listed The Cloud saying you cant trust the cloud providers to protect your data. Those that know me are aware that I don’t trust cloud providers with all my data. I have expressed questions such as; What happens when the company goes under like megaupload? What happens when you dump the cloud provider? Do they erase your stored data or does it still exist some place? The part that keeps me up at night is who has access tot he data center? Who has root access to the servers where my data is stored? Can they be trusted? What kind of background checks are done on there employees? Security remains a top concern for companies looking to deploy a cloud strategy.  There is an interesting word cloud strategy well as most of you know companies like Microsoft and HP want to get away from internal storage. Companies like HP are pushing for cloud bases systems management to allow ease of out of band management. Microsoft wants to stop housing e-mail servers internally and allow Microsoft to host your e-mail at a discount rate.  This is a great way for Microsoft to cut there support cost and for you to save licensing.  Now most people look at 2 thinks money and down time.  What if we loose our network connection well we can risk it because of the money we are saving on not having an e-mail server.  But they never factor in the risk factor of someone reading there e-mail. What if someone should read your e-mail to the patine office? What if they read your trade secrete e-mails? Remember if your e-mail is hosted outside your company even internal e-mails can be read by the root password owner or the administrator. What about security breaches how...
  • July 13, 2012

    Missed In SEO Audits

    Search Engine Optimization (SEO) involves modifying a website to be “search engine friendly” so it will rank higher in the search engines. Your company’s presence on search engines like Google, Yahoo, MSN/Bing are important in gaining an online presence and online business. We all know that when consumers look for a product or service, they turn to search engines for answers. In fact, hundreds of millions of search queries are run on search engines every day. More now then ever businesses are relying on the Internet to get business and are having SEO audits done of there web sites.  But Search Engine Optimization is more then just web site setup and structure.  There are a lot of other variables that search engines take into consideration.  These things get over looked in Search Engine Optimization audits.  Let’s take a look at what they are 1. Google & Bing Webmasters Account Setup This is so important for testing the way the major search engines are crawling your site.  This is a HUGE piece when understanding why robots.txt is acting the way it is and why your site map is not showing the correct amount of pages. You can specify and add pages that are not being indexed by the crawlers and you can link this account with Google Analytics to see what queries and keywords are ranking the best and where you can improve. 2. Website Analytics This information is SO important for more reasons then I can list.  But the basic reason is one linking this information with Webmaster tools is valuable and SEO effective.  Analytics in it self holds a lot of search engine weight and has been proven then sites with Google Analytics account rank higher then others. 3. Back Linking Back Links, Back Links and more Back Links.  Search Engine crawlers love back links.  Back Links tell the search engines two thinks...
  • July 1, 2012

    Office 2010 KMS Activation Issue

    Went to stand up Office 2010 KMS server on an existing 2008 server.  I went to install Office 2010 key management host and I get “Unsupported Operating System”.  So I decided to install on 2003 license server again already existing and I get the same error.  I run the key management host on my windows 7 computer thinking maybe I received a bad download runs with no issues.  So after some digging threw office 2010 beta and official release documentation and a few Google searches I found out some very interesting information.  Office 2010 KMS only runs on Windows 2003, Windows 2008 R2 and Windows 7 all other operating systems are not supported.  Microsoft has released a patch to help those still running 2003 KMS server.  But so far no patch for the 2008 server the only fix I have found for that is to upgrade to R2.
  • June 19, 2012

    Podcast Episode 3

    Apples World Wide Developers Conference WWDC System Center Configuration Manager 2012 Forefront Endpoint Protection MySQL Patch CVE-2012-2122 Hack Red Hat Patch For AMD Podcast 3 Recorded June 6, 2012