If you don't care for the details of this blog, there is a Summary at the bottom.

Recently I was called, at home, informing me that my computer was “downloading viruses”. This is the fourth time this has happened and so I decided to take notes, screenshots and follow through with what happens.

Just a quick note about my setup; I pretended that my machine was a Windows XP SP2 box, which is actually virtualised and has many snapshots already taken. This means, if required, I can give control to anyone online of this machine without worry. Consequently, whilst the caller was describing my problems, I had created a backdoor to this system that allowed me to control processes from another computer. This meant, if anything TOO bad was about to happen, I can cut them off. I also had to pretend that I knew next to nothing about my computer and that I just used it for web browsing and e-mail.

So, here’s what happened: I received a call at home from someone claiming to be from “Microsoft’s technical department”. They explained that they were a “Microsoft Supervisor” and that my machine had been seen downloading viruses. They then asked me to, if not already, turn on my computer and they would show me how this was possible. Once I had logged in they requested that I press the “Windows Key” plus “R” on my keyboard, displaying the “Run” command box. They asked that I type in “eventvwr” and press enter. This would display my event viewer. They asked me to click on the “Application” events on the left (after a few time wasting minutes of deliberating what an application was, I clicked on it). They asked me to scroll down the list and look for “Warnings” or “Errors”. They asked me to count how many I see and if it was more than about 5 or 7, I had a problem. They explained that the errors were created by downloading malicious files from the web and e-mail, but not to worry as it probably happened without my knowledge. They then explained that after time, the “Informational” events would turn to “Warnings” and “Warnings” would turn to “Errors”. Then, when everything was an “Error” the computer drive would crash. Yep, that’s right, the computer drive.

What happened next surprised me slightly. They asked that I hold whilst I am passed to a senior member within the department. Wow! They have a hierarchical structure in these scam places! The next person introduced themselves as “Peter Smith” (ha!) and said that they will continue the operation. They were going to connect me with “Microsoft Headquarters” because “…only Microsoft can fix these problem…”. They also explained that “this is a one-time check-up” and “…all Microsoft users are being called about these problem…”.

They next asked me to perform the same “Windows key plus ‘R’” and type in “www.ammyy.com” and press enter. This opened the relevant website and they asked me to download and install the remote control client on the site. As a point of clarity, this website is not malicious and there is nothing malicious about the operations carried out here, or the software offered. The crime was that they were done under false pretences.

So now they had control of my computer. They could control mouse, keyboard, could see my screen, could use my microphone and webcam and could transfer files in the background. They now said I was connected to a “Microsoft technical expert” in “Microsoft’s Headquarters”. Notepad popped up:

They asked me to type in my name and e-mail address to prove that I was who I said I was. I didn’t at any point say who I was, because they didn’t ask. I also made up a name and fake e-mail address for them to use. The person on the phone then stated “…everything you see now is from Microsoft Headquarters. I will wait until they confirm they have finished..”. I could hear the key strokes and mouse clicks in the background. It’s worth pointing out that, at most times during this call, I had to try hard not to laugh.

They showed me the same screen again (Windows Event Viewer) as before, but they created a filter that ONLY showed “Warnings” and “errors”:

Again, they explained that more than 5 to 7 errors were a result of this problem they were going to fix. What happened next was slightly alarming; They minimised all windows on the desktop and whilst they were frantically typing and clicking the mouse, kept repeating “..please let me know if you see ANYTHING appear on your screen..”. Once they has finished, they asked once again, to which I replied “no… nothing appeared”, they replied “Good, let us look at the events again…”. Now, something happened there, perhaps some file transfer in the background? Not too sure. I have a forensic copy of the hard-drive that I will examine later.

Next they opened another run command line and typed in “inf hacking files find”. Firstly, the “inf” part will open the “inf” folder under Windows’ system path. This is a legitimate folder and should not be tampered with. What follows the “inf” on the run command is irrelevant and ignored. So, the folder opened (with the pretence that they were looking for “hacking” files) and began to open random files that had no file association with them.

Not being able to open files that have no associated program with them is normal. However it was explained that these were hacking files and could not be opened. They explained that they were going to trace where the hacker was and find them:

The command they used allows a user to trace a path, via the network, to an IP address. He used the domain name “hack.info” which resolved to “176.74.176.178”. I cannot comment on the nature of this site or IP address or as to why they used it, probably for effect. They said that they have now found the hacker and that they could resolve my problem.

They opened my computer management console and proceeded to perform a search for “secure sockets layer” in the indexing query window. As a note, indexing allows quicker searches for text with objects within Windows. This query form is a way of testing to see if indexing is bringing back results. The “Indexing Service” is not running on this particular machine, so this query would return with the same result every time: “Service is not running”. However, they informed me that the “secure sockets layer” was not installed on this machine and that they would install it for me. They explained that this would protect the whole computer and any other computer in my house. They informed me that in order for them to install the “secure sockets layer”, I would need to pay a 1 time fee (I was wondering when they would get to the money part!). Now, for clarity (again) the “Secure Sockets Layer” or “SSL” is what allows us to communicate over the internet securely. It can be used and is available on almost ANY electronic device with a browser. This applies to Windows, Apple, Android, Linux, Unix, anything. It is what allows us to use “https://” rather than “http://”. There is no need to pay for it to be “installed”. They ran through the pricing options, which were:

• Enabled for 4 years: £149
• Enabled for 8 years: £349
• Live-time enablement: £500 

I chose to go for the 8 years. Didn’t want to get them overly excited at this point, as I was doing so well in fooling them. I queried about future machines that I would own. I was told “…don’t worry, this will install on any machine on your network…”.

I can only presume that because I had agreed to pay them money, they didn’t want to lose my connection. They then browsed to “www.teamviewer.com” which is a legitimate site to allow remote control to a system (much as is ammyy.com). They downloaded the client for me and connected to my machine again. So now they had 2 connections, both controlling my system. They then took me to the next website to pay the money before they could fix my problem:

Now, again, I do not know the legitimacy or whether this website is malicious or not, but it’s where they wanted me to pay money to. There was a “pay now” button at the bottom of the page that did not render correctly. This was probably because the browser I had installed was from the 1800’s (for anyone not technical, I don’t mean that literally, it was just several years old). They then went to another website to download Google Chrome:

More clarity, file hippo shares files and is a legitimate website. I cannot comment on the content of the downloads though. I do not even know if they were downloading a real version of Google Chrome?!

I was now at the end of my tether and they had wasted enough of my time. I started to shut down the internet browser windows via my “remote control” I had established before they took control. They were persistent in opening more browser windows and trying to re-download the file. It got a bit repetitive, so I shut off their remote access and hung up the phone. They promptly called back and apologies for the cut-off. I explained slowly that they should not call this number any more. They haven’t, yet..

Summary

If someone is calling to scam you they will generally try to:

• Convince you that your PC is not working as it should
• Offer a fix
• Make you pay for the fix

Here is my summary of what to remember:

If ANYONE calls you to tell you your computer needs something doing to it, or is displaying bad behaviour, YOU ARE BEING SCAMMED! Either hang-up, or ask for a number to call back and also a web address for their company. If you know someone who is technical, you could always ask them too.

I should probably mention that if you have paid for Symantec Managed Security Services to monitor or manage elements of your infrastructure and they call you, I don’t think you should hang-up.

“We can change the world and make it a better place. It is in your hands to make a difference.”

- Nelson Mandela

Can you spare 67 minutes of your time helping others?

That is the question posed by International Mandela Day, a day of celebration honoring the many ways Nelson Mandela gave back to his community and world. Created in 2009 and celebrated each year on July 18th, the former South African President’s birthday, the day asks that everyone give 67 minutes of their time in service to others, signifying the 67-plus years that the former South African President spent dedicated to promoting a culture of peace and freedom, and helping our world in so many ways.

Across Symantec, we are doing this every day thanks to thousands of active volunteers across our company and global operations. Last year alone Symantec employees across the globe collectively logged over 31,800 volunteer hours, a 23 percent increase over the previous year.

Today, in celebration of International Mandela Day, we bring to the blog an update on a few of our recent volunteer activities:

Volunteer of the Quarter – Ensuring Children in India Receive the School Supplies they Need

Each quarter, Symantec’s Volunteer of the Quarter initiative highlights and rewards those employees who dedicate their time and talents to those in need. This quarter we’ve chosen to recognize the entire India corporate responsibility (CR) team for their tremendous efforts, including an initiative with 160 employees to build 2,500 school kits for non-profit Sewa International!

Sewa International serves humanity in distress, aids local communities, and promotes volunteerism. Their vision is that we “live in a world of equality where everyone is happy, everyone enjoys good health, and everyone live in balance with nature.”

The India CR team has been engaged with Sewa International for nearly five years, and has supported the organization in an number of ways including assembly of school kits for children in need, fundraising efforts and conference support and coordination. For the most recent event, the group hosted the school kit drive at the Symantec office to help build school kits for the many children affected by Cyclone Phailan.  Through outreach efforts at the office, the group was able to organize over 160 employees who worked together to create 1,500 school kits in only three hours!

And it wasn’t an easy job. Everyone was assigned to a different stage of the process including quality checking, filling bags with stationary, ensuring bags were properly filled according to grade level, stacking bags and loading the bags into a truck for delivery.

All of the team emphasized that one of the most fulfilling aspects of volunteering with Sewa International is seeing the smile on the face of children when receiving their school kits, and knowing then that they are truly making a positive impact on society.

Inspiring and Recognizing Minnesota’s Next Generation of STEM Professionals

FIRST (For Inspiration and Recognition of Science & Technology), was founded in 1989 by American inventor Dean Kamen, an inventor, entrepreneur, and tireless advocate for science and technology. It has grown into a global grass-roots movement to change our culture into one that highly values achievements in science and technology. FIRST’s vehicle for this change is a global robotics competition – the FRC – where student teams are given six weeks to build a robot that is designed to complete given tasks. After those six weeks, teams compete at regionals in the hopes to compete at the World.  The program reaches approximately 68,000 students.

Here you can see President Obama’s video congratulating all taking part in FIRST’s 2014 competition.

Minnesota boasts the largest number of robotics teams per capita in the continental US. The Minnesota State High School League recognizes FIRST Robotics as a varsity activity, holds annual state tournaments and team members may earn varsity letters.

Employees from Symantec’s Roseville, Minnesota office have volunteered over 300 hours a year working with teams competing in the state and national FIRST robotics competitions. Volunteers help with a wide variety of tasks including coordinating transportation, providing programming support, hands on construction, community outreach, and are always present at events and demonstrations.  For the first year, the Symantec Roseville office has also provided a grant to two robotics teams from the local area.

Many colleges and universities, professional associations, and corporations offer college scholarships to high school students on FIRST teams. This is official recognition of the knowledge and technical and life skills these students have gained from participating in a FIRST program.  Last year one of the Roseville office’s interns was a FIRST alumnus from one of the Symantec sponsored teams. He has recently been hired into a full time position to work on the Roseville NetBackup CFT team.  

Preparing UK Schools with the Tools to Combat and Prevent Cyberbullying

Bullying is a major issue across the world, especially with regards to students with special needs. For example, Mencap found that nearly nine out of 10 people with a learning disability experience some form of bullying, with over two-thirds experiencing it on a regular basis.

In the United Kingdom, Symantec has partnered with Achievement for All 3As to help students and teachers in the Gloucester region develop the tools to minimize bullying, with a focus on cyberbullying and bullying of students with special needs. Through sponsorship and volunteer efforts, Symantec will support this program in two ways:

• Enabling all schools and academics in and around the district of Gloucester to receive a leading edge anti-bullying training and staff development package. The program, which is currently underway, is aimed at reducing the incidence and impact of bullying on vulnerable learners, with specific emphasis on cyber-bullying.
• Achievement for All 3As will train Symantec Gloucester employees to support local primary schools with on-line safety and cyber-bullying assemblies and presentations to children aged five to 11.

Two workshops have already been held and Symantec volunteers will help with a third due to take place at the end of September.

Through Symantec’s sponsorship and volunteer efforts, 100 primary and secondary schools in the area will be able to access the program, versus less than 30 previously. Between 6 and 12 primary schools will also be supported by Symantec volunteers.

Making Every Day Mandela Day

We wish everyone a Happy International Mandela Day and hope today we can all be inspired to think about how we can give at least 67 minutes of our time to help others. Be it volunteering at work, volunteering with friends, volunteering from the comfort of your home, or participating in an event that raises funds and awareness for a cause, there are numerous opportunities to make a direct impact on someone’s life.  

Symantec employees, if you are interested in learning more about opportunities at Symantec, please contact community_relations@symantec.com.

Ashley Savageau is Symantec's Community Relations Program Manager

Members of the Symantec eLibrary receive free access to hundreds of regularly updated on-demand web-based training modules covering the breadth and depth of Symantec's product portfolio. 15-75 minute module sessions cover "Install, Configure and Deploy,""Manage and Administer" and "Troubleshooting Techniques" in detail. The eLibrary is ideal for supplementing classroom training and/or providing training to employees who cannot travel or afford time away from the office.

En este post me gustaría reflexionar acerca de los riesgos ocultos en cierto tipo de decisiones y elecciones tecnológicas. Las tecnologías como tal no entrañan riesgos (cloud, replicación, snapshots, backup,...) sinó que ofrecen ciertas funcionalidades y a la vez cada una tiene sus limitaciones.

El riesgo suele venir cuando se escogen las tecnologías sin analizar las limitaciones y, más importante aún, sin entender que el responsable último y el mayor afectado si algo falla o se pierden datos es siempre la organización que adopta la tecnología. Por tanto, los responsables de conocer y mitigar el riesgo implícito en cada elección tecnológica es la propia organización y de nada sirven a veces los famosos SLAs de servicio o las posibles penalizaciones por incumplimiento.

A modo de ejemplo se podría analizar el caso de CODESPACES.

A finales del mes pasado (Junio 2014), la empresa CODESPACES.COM (http://www.codespaces.com/) que prestaba servicios cloud (hosting de código) a 3os ha tenido que CERRAR EL NEGOCIO debido a que:

1. Sufrieron un ciberataque para el que no estaban protegidos y no fueron capaces de detectar y frenar
2. No tenían un plan de contingencia con backups independientes de su entorno productivo

Como se puede leer en su web: "Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in a irreversible position both financially and in terms of on going credibility."

Entrando en detalles de lo sucedido, tal y como lo explica la propia compañía en su web:

• Tenían la producción en Amazon y como herramienta de backups y DRP utilizaban las propias herramientas de snapshots y backups de Amazon (en vez de disponer de un backup independiente de la producción)
• Sufrieron un ataque de denegación de servicio (DDoS) el 17 de junio, el hacker ganó acceso a la consola de administración y se dedicó a borrar los datos de producción así como todos los snapshots y backups.
• Cuando CODESPACES.COM recuperó el acceso a su entorno no le quedaban ni datos productivos ni backups ni snapshots de los que restaurar y por tanto la empresa no volverá a abrir la persiana.

Con la incorporación de nuevas tecnologías como el cloud, los snapshots,... algunos clientes adoptan estrategias arriesgadas como:

• Abandonar las herramientas tradicionales de backup porque consideran que las herramientas de snapshots son suficientes
• Prescinden de externalizar datos o tener Disaster Recovery de aquellos entornos que tienen en el el cloud
• …

Tomando como ejemplo este hecho, las compañías y organizaciones deben extraer las siguientes conclusiones:

1. Se debe estar preparado ante las nuevas amenazas en el mundo de los cyberataques
2. Enviar tus entornos productivos al cloud no significa que no debas protegerlos
3. Los snapshots son un muy buen complemento para los backups, pero NUNCA un substituto

Symantec, la compañía líder mundial en gestión, protección y securización de la información, dispone de diferentes soluciones para ayudar a que nuestros clientes dispongan de la mejor protección posible frente a situaciones similares:

• Ayudando a nuestros clientes a detectar y parar ciberataques sofisticados y/o dirigidos
• Ofreciendo herramientas de backup y disaster recovery externas e independientes 100% a los entornos productivos de forma que se pueda garantizar siempre la capacidad de restaurar datos y sistemas productivos aunque todo tu CPD (físico o cloud) haya desaparecido

Añado algunos links cuya lectura recomiendo con información adicional y debates interesantes al respecto :

• http://www.codespaces.com/
• http://www.backupcentral.com/mr-backup-blog-mainmenu-47/13-mr-backup-blo...
• http://www.itwriting.com/blog/8498-resilience-is-not-backup-how-codespac...

Saludos
Joan García Sánchez
Information Management SE
Symantec Corporation
www.symantec.com

Vision Channel Day, 8th July 2014 | Vision Symposium, 9th July 2014

In 2014, Symantec is creating a multi-day, flagship event, Vision Las Vegas, which will kick off a series of two-day events in cities throughout Europe, Asia, and South America.

Vision Symposium 2014 will feature deeper insights into Symantec´s strategy, more big announcements, and unprecedented exposure to upcoming Symantec solutions - all tailored for businesses and IT professionals at every level.

Please see below for highlights from the Symantec Vision Channel Day and Vision Symposium in Munich.

Keynote Part 1: Stefan Henke, Country Manager, Germany and Frank Thonüs, Regional Director, EMEA PACSS Region and others

Keynote Part 2: Learn about the Agile Data Center and much more

Please click on a keynote speaker below to download his presentation.

• Travis Grandpre
• Stefan Henke
• Piero Depaoli
• Ian Wood
• Tom Schroeder
• Stefan Sieber
• Michael Piontek
• Mark Nutt
• Chandra Rangan

Breakout Sessions

Channel Day Breakout Sessions

Video: Vision Munich 2014 Recap

Please feel free to contact the Analyst Relations team if you have any questions or would like to know more about this or upcoming Vision Events.

As underground hacking business booms, most of us have little to no visibility into what drives this "black" market in the cyber world. With this series, Symantec explores how this "underground economy" operates, and the implications on those who work to defend against it.

ITMS 7.5 SP1 HF1 is available through SIM. It has the fix for the following issue:

You can access the ITMS 7.5 SP1 HF1 release notes from the following location:

Symantec™ IT Management Suite 7.5 SP1 HF1 powered by Altiris™ technology Release Notes

There is a Microsoft .NET Framework class library called  FileSystemWatcher.

This class monitors file related events like Create, Rename, Delete and run any action that you specify.

Following example is FileSystemWatcher notifying when *.DV* files under the C:\EVStorage folder were created or deleted.

This is how to do it.

• Create a FileSystemWatcher object using New-Object.
• Set  $FileWatch.Path property to any folder that you want to monitor .
• Set $FileWatch.Filter property to *.DV*
• Set $FileWatch.IncludeSubdirectories and $FileWatch.EnableRaisingEvents to true
• Finally register as an event so that commands in the –Action part will be fired upon each events

$FileWatch = New-Object System.IO.FileSystemWatcher
$FileWatch.Path = "C:\EVStorage"
$FileWatch.Filter = "*.DV*"
$FileWatch.IncludeSubdirectories = $true
$FileWatch.EnableRaisingEvents = $true
Register-ObjectEvent $FileWatch "Created" -Action { Write-Host -ForegroundColor yellow (get-date -Format "yyyy/MM/dd HH:mm:ss") "[Created]  [$($eventArgs.Name)]"}
Register-ObjectEvent $FileWatch "Deleted" -Action { Write-Host -ForegroundColor red    (get-date -Format "yyyy/MM/dd HH:mm:ss") "[Deleted]  [$($eventArgs.Name)]"}
Register-ObjectEvent $FileWatch "Renamed" -Action { Write-Host -ForegroundColor white  (get-date -Format "yyyy/MM/dd HH:mm:ss") "[Renamed]  [$($eventArgs.Name)]"}

Unfortunately, each event does not contain process information so there is no way to tell which process created or deleted the files.

To understand which process accessed the files, Process Monitor is the tool to use.

FileSystemWatcher class can be used as a “light” real time monitoring tool to see if any archived files are created.

Use cases are..

• Understand archiving rate from the file creation time. Keep in mind that FilySystemWatcher has a InternalBufferSize of 4KB and if it overflows, it can loose track.
• If you are changing the configuration, FileSystemWatcher will be the first one to notice you that your configuration was valid and archive task actually archived something. 

Look! I have a lock, I see https://, I even see the Green Bar, I believe I have protected my server and the clients connecting to our services from attackers now. I can't start increasing security and block clients to my site by disabling SSLv3, MD5 or RC4. I'll be losing customers and profit! I can accept a weaker security as long as user traffic and profit are not affected.

Performance vs Security is a constant struggle between security experts and management. When it comes to SSL it is no different. Do we allow as many clients to access our site as possible, or to we block all the weak connectivities. There has been numerous studies on this, so I won't go into it here. As a SSL security expert, allow me to take sides this time. Allow me to provide some more gear for us to convince our management why SSL security is more important and how we can migitate the risks without affecting performance or traffic too much.

Last year September a comprehensive survey was done by iSECPartners,Inc on the various vulnerabilities with the SSL/TLS technology.

Have a look: Attack on SSL

As a Symantec alum who co-founded a startup, I’ve had the opportunity to gain a unique perspective on business by working both for a global industry leader, as well as and launching a new venture. I’m proud of the grounding Symantec provided for me as a new business leader – my Symantec experience provided a macro perspective that many startup leaders don’t have. One of the most valuable takeaways from my Symantec career is the positive, productive community I found there – a supportive network that rightly takes pride in working for the industry’s best company. But how do the two workplace experiences differ?

Working for a smaller company is a great education – an opportunity for a manager to wear many hats and gain experience with a variety of roles. But working for a large company is equally valuable: being part of a diverse, knowledgeable team is an education that is just as essential and also transferable to all business environments. At Symantec, I learned that it is important to know your role, and know it well, in order to benefit the larger team.

While smaller organizations are known for their ability to move quickly in response to changing business conditions, large, well-run companies like Symantec have an important advantage: established processes and systems. People who spend their entire careers in the startup world can miss out on this vital structural support, which ensures attention to detail and emphasizes the significance of quality.

Another skill people who succeed within larger enterprises develop is the ability to communicate across multiple disciplines and levels. In a small startup, communication is simple, speedy and direct within a fairly flat organizational chart. In a larger company, employees learn the chain of command, how to “manage up” and how to influence people they don’t directly manage to build consensus among employees at all levels, an invaluable skillset that is also applicable to smaller  businesses.

Not all large companies choose to invest heavily in developing their people, but working for a company like Symantec, which is committed to staff development, provides an incredible range of professional development opportunities. In addition to formal training classes, Symantec employees are also mentored by the top experts in specialized fields and learn to play a key role in the larger technology and InfoSec communities. This is a considerable asset for Symantec employees, positioning them for success in any business environment.

During a career that includes significant time at Symantec and a key role in launching a thriving startup, I’ve been fortunate to experience the advantages and growth opportunities in both work environments. I have an appreciation for both, and, with my colleagues at Conventus, strive to model the best of both business worlds. For all these reasons as well as the wonderful Symantec family (now partner ecosystem), commitment to success, dedication to top tier products, consulting and support...I still bleed yellow.

(Sarah Isaacs is Managing Partner of Conventus, a Symantec National Platinum Partner that specializes in endpoint and server security, compliance and data loss prevention. Sarah co-founded Conventus in 2006 after working as a Technical Manager for the central region at Symantec, where she consulted on the implementation of antivirus and client security technology products for numerous corporate and government enterprises.) 

Attackers have become more aggressive and are now using Facebook scams to lead to exploit kits so they can control a user’s system.

Google's lead engineer for Android security recently announced that the majority of Android users don't need to install mobile security or antivirus, but Symantec and other security organizations have reported that Android is far and away the leading mobile target for malware. Symantec takes a deeper look at Google's engineer's claims, and addresses them, one-by-one.

The recent visit of several industry analysts in the Green Park EBC created the perfect opportunity to provide insights into Symantec's Unified Information Management Strategy and the Information Fabric Platform that underpins this strategy.

Paul Dominjon, Symantec's Senior Product Marketing Manager, pointed out that customers are moving increasingly to a virtual environment, while many business-critical applications remain on physical servers. At the same time, our customers often have operations that have grown through mergers and acquisitions with up to two to three backup solutions in play and little or no integration. “The upshot of this is that customers are simply too busy to rationalize, consolidate and simplify their technology and licenses,” said Dominjon.

Whatever the customer infrastructure, Symantec's role is to support our customers and the wider business community through our redefined Unified Information Management Strategy, delivering a platform that integrates information management products such as NetBackup, Backup Exec, Enterprise Vault, eDiscovery and Storage Foundation. Meanwhile, customers using Symantec Data Loss Prevention and Data Insight can better manage unstructured data governance by combining data classification details with ownership, usage and access information. This will be the way forward for customers who need to accomplish more information management objectives with less complexity.

The analysts learned that with our Unified Information Management Strategy, Symantec will be positioned to deliver more benefits from a streamlined set of products that enable customers to make better decisions about their data. “Through the Information Fabric Platform, various information sources can be connected together to create a repository of metadata that enables Symantec to recommend to customers the solutions they need across the organization that will drive business agility and decision-making through its greater breadth and capability,” continued Dominjon.

A Symantec customer explained that designing, building and implementing solutions around storage for customers was all about standards and standardization, ultimately ensuring an efficient, quality service that is run by fewer people. Furthermore he talked about having full confidence in supporting customers through NetBackup, for example, leveraging the efficiencies it brings and driving in templated solutions.

In addition a Symantec partner said customers were putting much onus now on backup and recovery solutions and what they can deliver to the business. He argued that the backup solution is their insurance policy, if everything above it fails, and that Symantec backup represents best value to those customers.

Recent technology announcements were highlighted to the analysts with focus on new versions being customer satisfaction, delivering rock-solid technology, reducing administration cost, delivering broader platform support, while increasing performance and end user productivity.

• Disaster Recovery Orchestrator 6.1, leveraging Microsoft Azure Cloud capabilities to reduce cost of customers having a secondary disaster recovery facility
• Enterprise Vault 11, focused with support of more email platforms either on premise or in the Cloud
• Backup Exec 2014, with 100% performance improvement, latest OS and Hypervisor support, simplified licensing with Virtual or pay per TB flexibility

If you have any questions or would like to know more about Symantec’s Information Management strategy please contact me at Caroline_Dennington@symantec.com (Twitter: @CDennington).

A special request was made today: "How does SSL work? What is an SSL handshake?"

Here are some quick info.

SSL/TLS are protocols used for encrypting information between two points. It is usually betwen server and client, but there are times when server to server and client to client encryption are needed. For the purpose of this blog, I will focus only on the negotiation between server and client.

For SSL/TLS negotiation to take place, the system administrator must prepare the minimum of 2 files: Private Key and Certificate. When requesting from a Certificate Authority such as Symantec Trust Services, an additional file must be created. This file is called Certificate Signing Request, generated from the Private Key. The process for generating the files are dependent on the software that will be using the files for encryption.

For a list of the server softwares Symantec has, have a look at: Symantec CSR Generation

Note that although certifcates requested from Certificate Authorities such as Symantec are inherently trusted by most clients, additional certificates called Intermediate Certificate Authority Certificates and Certificate Authority Root Certificates may need to be installed on the server. This is again server software dependent. There is usually no need to install the Intermediate and Root CA files on the client applications or browsers.

Once the files are ready and correctly installed, just start the SSL/TLS negotiation by using the secured protocol.  On browser applications it is usually https://www.yourwebsite.com.

Remember to use your secured website address. Above is just a sample address.

That will start the SSL/TLS negotiation:

Keys and Secrets during RSA SSL negotiation

The following is a standard SSL handshake when RSA key exchange algorithm is used:

1. Client Hello
   - Information that the server needs to communicate with the client using SSL.
   - Including SSL version number, cipher settings, session-specific data.
    
2. Server Hello
   - Information that the server needs to communicate with the client using SSL.
   - Including SSL version number, cipher settings, session-specific data.
   - Including Server’s Certificate (Public Key)
    
3. Authentication and Pre-Master Secret
   - Client authenticates the server certificate. (e.g. Common Name / Date / Issuer)
   - Client (depending on the cipher) creates the pre-master secret for the session,
   - Encrypts with the server's public key and sends the encrypted pre-master secret to the server.
    
4. Decryption and Master Secret
   - Server uses its private key to decrypt the pre-master secret,
   - Both Server and Client perform steps to generate the master secret with the agreed cipher.
    
5. Generate Session Keys
   - Both the client and the server use the master secret to generate the session keys,  which are symmetric keys used to encrypt and decrypt information exchanged during the SSL session
    
6. Encryption with Session Key
   - Both client and server exchange messages to inform that future messages will be encrypted.

(Wikipedia: Transport Layer Security)

Tools such as OpenSSL can be used check the SSL/TLS negotiations:

OpenSSL s_client -connect www.symantec.com:443 -state -ssl3
Loading 'screen' into random state - done
CONNECTED(000001C0)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5

SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
---
Certificate chain
 0 s:/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/businessCategory=Private Organization/serialNumber=2158113/C=US/postalCode=94043/ST=California/L=Mountain View/street=350 Ellis Street/O=Symantec Corporation/OU=Corp Mktg & Comms - Online Exp/CN=www.symantec.com

There it is. SSL and SSL Negotiation summarized. Mission complete.

Now! Do Not Forget To Back Up Your Private Key and Certificate in a Secure place in case of system issues!

Enterprise Vault’s Exchange archiving agent uses the version of MAPI supplied with Outlook to communicate with Microsoft Exchange. Enterprise Vault currently supports Outlook 2007 only due to performance and reliability issues encountered with Outlook 2010. Since the introduction of Outlook 2013, Symantec and Microsoft have been working to certify a joint solution, but unfortunately issues were again uncovered. The good news is both companies understand the issues and are working on delivering a solution. The changes in Enterprise Vault to support Outlook 2013 are planned* to be delivered as part of Enterprise Vault 11.0.1 which is on schedule* to be available in CYQ4 2014. The changes are not planned to be made available with any previous version of Enterprise Vault so customers who need to replace Outlook 2007 on an Enterprise Vault server should prepare to upgrade to Enterprise Vault 11.0.1 to take advantage of the new capability.

Remember to check-out all the other great enhancements EV 11 provides on our dedicated “Why upgrade site” at go.symantec.com/upgrade-ev

For the latest compatibility information download the latest guide form here: http://www.symantec.com/docs/TECH38537

*Any information regarding pre-release Symantec offerings, future updates or other planned modifications is subject to ongoing evaluation by Symantec and therefore subject to change.

This month marks the launch of the new environmental lecture series at Symantec, Green Talks. These lectures will provide an opportunity for Symantec employees to learn about external environmental initiatives related to Symantec’s environmental strategy and how Symantec is working to support these initiatives within the company.

The Green Talks will take place quarterly, onsite at our headquarters in Mountain View, and will alternate topics within Symantec’s environmental strategy:

• Green IT
• Resource conservation
• Responsible Sourcing
• Travel and Events

Our inaugural Green Talk will take place next Thursday, July 31st featuring Fabien Cousteau, an oceanic explorer, conservationist, and leader of 

Mission 31. Fabien resurfaced earlier this month after living and working on the ocean floor for thirty-one days.

Fabien will present the human ocean connection and discuss what he learned and experienced during Mission 31, along with plans for the future. 

We look forward to bringing you a recap of this exciting kick off to our quarterly Green Talks in August, stay tuned!

Symantec Green Teams

Symantec Green Teams are a grass roots effort by the employees of Symantec to identify ways that Symantec can minimize its environmental footprint. In partnership with the Corporate Responsibility and Global Facilities Management teams, Green Teams are constantly helping Symantec reduce its environmental footprint through activities ranging from volunteering in local communities to spearheading campus-wide sustainability efforts.

Symantec Green Teams are locally directed and managed at 17 sites around the world working on sustainability efforts both inside and outside the company. Internal efforts, such as our One Mug, One Planet campaign, means that the Green Teams can educate their fellow employees, changing habits that will ultimately decrease our use of energy, water, and materials.

Read more about Symantec’s One Mug, One Planet campaign and the creation of four new Global Green Teams!

Symantec Employees

The event will take place on July 31, 2014 from 9:30 a.m.-10:30 a.m. PST in the Mountain View V-Cafe. This event will also be live-streamed and recorded. For information on the event, live streaming, and Symantec’s Green Teams please contact Environmental_Responsibility@Symantec.com.

Jaime Barclay is Symantec's Corporate Philanthropy Program Manager.

Check out Part 1 of Symantec's "Underground Economy" blog series.

Phishers posing as banks are redirecting victims to a fake website then requesting logon credentials in order to compromise bank accounts.