Vision Las Vegas is just around the corner, April 15-18. This year the Information Availability, Intelligence and Data Protection track focuses on business continuity, storage and solid state drives, and meeting service level agreements.

SLAs must be met whether you’re keeping mission-critical data centers running or serving up frosty beverages. Disasters, configuration errors, poor performance, thirsty customers…it’s an ever-changing race to keep your operation available, fast, and resilient. We’re ready to show you how to meet the challenge of delivering on service level agreements. Check out these great Vision session and activities:

• Why Host-Based SSDs are Critical for SLA in Mission-Critical Data Centers
• A Tiered Approach to Business Continuity: Learn How Storage Foundation, Veritas Cluster Server, Applicaton HA and NetBackup Deliver SLA-based Business Continuity
• Becoming Proactive on High Availability and Disaster Recovery Readiness
• Take the SLA Tapper Challenge in the Internet Lounge

Stay tuned for more details as Vision approaches, and don’t forget to follow us @SymantecStorage. 

寄稿: Avdhoot Patil

フィッシングサイトの裏では、ユーザーを誘い込み、個人情報を渡すようにそそのかす手口が次々と生み出されています。そこでよく使われているのが、偽装したソーシャルネットワークアプリケーションです。

先月の統計では、フィッシング全体の 8.6 パーセントがソーシャルメディアサイトで行われたものでした。そのうち 0.8 パーセントを占めていたのが、無料携帯通話時間、アダルト動画、ビデオチャット、アダルトチャットなどを謳い文句にした偽装アプリケーションです。

2013 年 3 月、フィッシング詐欺師は、無料 Web ホスティングサイトにフィッシングサイトを置き、偽のアジア系チャットアプリケーションを立ち上げました。

図 1.ソーシャルネットワークサイトを偽装したフィッシングページ

このフィッシングサイトは有名なソーシャルネットワークサイトを偽装しており、タイトルには「Pakistani chat room - Pakistani girls & boys chatting room（パキスタン人チャットルーム - パキスタンの男女のためのチャットルーム）」とあります。ページの右側には、チャットルームへの参加方法が稚拙な英語で書かれています。それによれば、ログイン情報を入力すると、パキスタンやインドの女性と無料でチャットできるようになるそうです。また、国内や海外の友だちを探してチャットする機能もあると書かれています。実際には、次のページに進むと、パキスタン、インド、アラブを含むアジア系向けを装った偽のチャットページが現れます。

おなじみのアプリケーションを備えた偽装サイトにリダイレクトするという手法は、ユーザーを信じ込ませるためにフィッシングサイトではよく使われるものです。このサイトの場合、インドの映画女優の壁紙に混ざって、偽のチャットルームへのリンクが仕掛けられています。この撒き餌に食いつくと、ログイン情報がまんまと盗まれてしまうわけです。

図 2.偽装チャットサイト。個人情報を入力すると、ここにリダイレクトされる

フィッシング攻撃を防ぐためにできる限りの対策を講じることを推奨します。

• 電子メールメッセージの中の疑わしいリンクはクリックしない。
• 電子メールに返信するときに個人情報を記述しない。
• ポップアップページやポップアップ画面に個人情報を入力しない。
• 個人情報や口座情報を入力する際には、鍵マーク、「https」の文字、緑色のアドレスバーなどが使われていることを確かめ、その Web サイトが SSL で暗号化されていることを確認する。
• ノートンインターネットセキュリティなど、オンラインフィッシングを防止するセキュリティソフトウェアを頻繁に更新する。

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

Hi 

Always remember to DISABLE UAC (User Access Control) while installing Netbackup Server or Client on any Windows 2008 R2 Machine

As its mentioned in Netbackup Windows Admin Guide: 

                                                                     Note: To install NetBackup on Windows 2008/Vista and

Windows 2008 R2/Windows 7 UAC-enabled environments,

you must log on as the official administrator. Users that are

assigned to the Administrators Group and are not the official

administrator cannot install NetBackup in UAC-enabled

environments. To allow users in the Administrators Group

to install NetBackup, disable UAC.

How to disable UAC ?

Click 

1. Start

2.Control Panel

3.User Accounts

4.Change User Account Control Settings

5.Never Notify

We have one issue of restoring email, and we took support from Symantec Expert Engineer , He sort out and resolved the problem in great manner. So i want to share it with All Netbackup Users who are having problem in restoring the email from Exchange.

ISSUE:
GRT individual email recovery failed
ERROR CODE/MESSAGE:
Status code 2810

ENVIRONMENT/CONDITIONS:
Netbackup 7.1.0.4 Master Server on WIndows
Netbackup 7.1.0.4 Media Server whichis Exchnage 2010 Mail Server as well.
Netbackup 7.1.0.4 Mail server another
Netbackup 7.1.0.4 HUB CAS server

EVIDENCE:
2/14/2013 16:11:56 - Info bpbrm(pid=1448) (CAS SERVER Name) is the host to restore to
2/14/2013 16:11:56 - Info bpbrm(pid=1448) reading file list from client
2/14/2013 16:11:57 - connecting
2/14/2013 16:11:57 - Info bpbrm(pid=1448) start nbfsd on client
2/14/2013 16:11:58 - Info bpbrm(pid=1448) start nbgre on client
2/14/2013 16:12:00 - Info tar32(pid=0) Restore started
2/14/2013 16:12:00 - connected; connect time: 00:00:03
2/14/2013 16:12:09 - begin Restore
2/14/2013 16:12:12 - restoring image DAG1_1360667421
2/14/2013 16:14:06 - Info tar32(pid=0) done. status 13
2/14/2013 16:14:08 - Info tar32(pid=0) done. status: 13
2/14/2013 16:14:13 - Info tar32(pid=0) done. status: 13: file read failed
2/14/2013 16:14:13 - Error bpbrm(pid=1448) client restore EXIT STATUS 13: file read failed
2/14/2013 16:14:30 - restored image DAG1 1360667421 - (file read failed(13)); restore time 00:02:18
2/14/2013 16:14:34 - end Restore; elapsed time: 00:02:25
MS-Exchange-Server policy restore error(2810)

SOLUTION/WORKAROUND:
Collected the ncfgre and nbflbc and other logs and uplaoded to the evidence.

The servcie accountis configured properly
PORTMAP is runningon the Media server and the NFS is configured
Ports for NFS @ 111 are working from the Media and CAS servers.
HOST files are updated.
Few NBFSD mounts were stuck

Consulted below technical note.

How to manually test NetBackup Granular Restore Technology (GRT) NFS connections between media server and client

http://www.symantec.com/business/support/index?page=content&id=TECH124810

If   this situation comes again in future kindly reboot the media server in picture and that will kill any pending NBFSD mounts and restores will work.

Having troubles justifying your IT Security spending? Here is a short list of useful resources and ideas that will help you explaining why you are buying that new IT security toy or requesting more resources to implement a missing security process. 
And please, share what you use and let’s make this list grow.

How much should I spend?

The guys at the IT Policy Compliance Group spend their time going around globally and interviewing companies trying to understand, among many others, a couple of things relevant to us:

·      The Financial Benefits of Spend on Security

·      How High Performance Organizations Manage IT

I’m beginning with their work because I think they use a pretty unique approach: they start looking at the most efficient companies, the so called top-performers from several industries, and they correlate business results with IT spending, both in security and IT governance (we should already know at this point how much the two are interlocked). So, we could say they don’t look at the ROI of buying an endpoint protection suite or an anti-spam solution (good luck with that!), but they evaluate the IT Security spending as a competitive advantage to reach the established business results of a company. And they try to answer the question: “How much should we spend?” according to their motto “You either pay beforehand or you pay afterward, but you’re going to pay”. Showing that it’s less costly to pay beforehand.

Surprise surprise, top-performing companies, with best financial returns, are those that invest the most in IT security. But it’s not just about financial returns: the report shows a direct connection between companies spending more in IT security and those with more retained customers, lower rates of business disruption, and lower rates of from data loss and theft. That is, better results against the commonly considered top IT Risks.

Check out their work at: http://www.itpolicycompliance.com/

What happens when something goes wrong?

Ok I see, you are a down-to-earth guy and you need numbers and figures when something goes wrong. The Ponemon Institute has the kind of data you need. In their “Cost of Data Breach Study” they try to quantify, per geographical region and major countries, what is the real cost associated to a data breach.

The report divides the costs associated with a data breach to several factors:

·      Detection and escalation costs

·      Notification costs

·      Post data breach costs

·      Lost business costs

It’s interesting to notice how the different factors have a different weight according to the country where the data breach took place. That’s a useful hint to understand what are the most relevant cultural values, country per country, and adjust your processes to it. For example, European countries spend much more in detection and escalation compared to what they spend in notifications, whereas the opposite happens in the US where bigger attention is paid to customers and most of the States have data breach notification laws in place.

Clearly, the cost we should mostly fear is the one coming from lost business, which is higher where we face a more mature audience. If your customers are what determine the success of your company (and I challenge you to state otherwise), you should read in the report how companies around the world invest, after the breach, in preventive measures, and be a little more proactive than them (remember what we said above, before or later “you’re going to pay”).

Check out the latest Ponemon report.

What if I don’t do it?

Ok, I know, it may not as easy and ready to use as the ones above, but if you need to scare people inside your organization (or force them to listen to you), the good old regulatory requirements are always there to help you. You should be aware of all major regulations with some sort of IT requirements, and the implications of not being compliant.  
Looking forward, people in the EU should be the ones most concerned: the European Parliament is working on the next version of Data Protection regulation, that supposedly will bring back to Europe the leadership in protecting personal data. Concepts such as “Data Breach Notification”, “Accountability”, “Data portability” and the “Right to be forgotten”, will definitely require companies to approach Data Protection in a more cohesive way, implementing some sort of Compliance Program (something on the line of what we described here and here). If you add the fact that the fines for non-compliant organizations will be calculated in a percentage of the company’s total revenues, you see how this new regulation will have quite an impact.

On top of that, this new regulation is not afraid of digging into technology, introducing terms such as “Privacy Enhancing Technology”, “Privacy by Design” and “Privacy Seal”, to identify and mark those technologies and processes enabling Data Protection. There is still much work to do by the European Parliament in this direction, but be prepared to a groundbreaking piece of legislation. Here is the EU mini-site on the current proposal. 

What is best for me?

You have data and researches of all the sorts out there: you can prove the cost of a Data Breach or you can estimate what will happen if you are not compliant with a regulation, but can this really be applied to you?            
In the end, it’s all around the risk appetite of your organization. It’s a simple concept that belongs to the IT Risk Management literature: you face risks and each of these risks has its own likelihood to happen and a certain level of impact (possibly expressed in an economic measure). You will never be able to bring the risk down to zero, but what you can do is implementing a series of countermeasures (that is, spend on IT security) to bring it down to a level that you consider acceptable according to your risk appetite. The trade-off here is the cost of these countermeasures compared to their capability of reducing risk and it all goes down to a very simple equation: if the cost of a countermeasure is higher than its benefits in terms of risk reduction, then you are investing your money right. Otherwise, forget it.
Easy right? Not really…how do you identify a risk? How do you measure its likelihood and impact? How do you evaluate the risk reduction that a countermeasure delivers?

We will discuss about this (there are several methodologies out there). For the time being, just leverage the collection of resources provided above and their figures in the best possible way.

I see sessions popping up in conferences and articles lately prophesying the demise of DLP and that DLP has run its course and is something companies should avoid. I have to ask a simple question: Why is it when attackers get more creative and cunning that we start doubting our abilities to protect information, people and companies with the capabilities and solutions we already have heavily invested in?  
 
Sometimes I feel like these are security professionals that just like to see their names in lights to quench their egos. Are they serious?!?! It's frustrating to see and hear seasoned professionals making irresponsible remarks even if it's just a ploy to get folks to attend their sessions at conferences or read their silly articles. I know that getting back to basics and making sure you're establishing and implementing the very best controls framework that ensures you have accomplished even a defined level of maturity is not the sexiest or the most interesting, but IT IS NECESSARY!
 
Many companies have yet to even do the basics from patching, configuration, monitoring, correlation, analysis, IAM, etc. across all the different control objectives. We've been talking about that for years. We have today much of what we need to ensure an effective controls implementation, but many companies have yet to complete even this basic level. Show me a company that has achieved this and then still has problems with attackers or outbreaks or breaches and then maybe we can entertain a failure of this or that control. I would rather see these professionals advocate achievement of a solid a robust security controls program first than start deriding this or that technology.  
 
Important and necessary controls (in addition to effective policies, standards and processes) such as DLP have not even begun to run their course. This capability is just beginning to do a great job well beyond the discovery and protection of the basics such as PII, PCI, HIPAA, etc. It has entered a much needed space of discovery and protection if Intellectual Property, something that is in such demand since the spate of attacks on IP-rich corporations around the world. There needs to be a greater focus from corporations in this area like never before if we want to continue to maintain and expand our preeminence on the world stage. 
 
Before folks start prophesying the demise of this or that control they need to consider: have companies done the best with what they have? Yes or No? If it's No, then start having conference sessions and articles that espouse best practices, how to's, do's and don’ts that advise and educate. There are many security professionals out there that have an abundance of expertise and advise to offer those companies and security professionals that struggle with the basics.  
 
To you all out there, I say, be responsible and work to get everyone to a level of maturity that makes a difference before you start deriding or besmirching or claiming all out failure this or that control or solution!!!

Overview
In the past four years there have been several major cyber attacks against South Korea. We have identified a particular back door (Backdoor.Prioxer) that surfaced during the 2011 attacks. A modified version of this back door was also discovered during the 2013 attacks. The back door is based on publicly available code, but there are some indications that the same individuals are responsible for the 2011 and 2013 versions, pointing towards a possible connection between the two attacks.

Background
The first documented major attack was in July, 2009. The attacks began on July 4, Independence Day in the United States, and consisted of a distributed denial-of-service (DDoS) attack against various Korean and US government and financial websites. A second wave of attacks occurred on July 7 and a third wave on July 9. The malware used to launch the attacks was Trojan.Dozer, which was spread through e-mail. Trojan.Dozer contained a time bomb in its code, triggered on July 10. This time bomb would overwrite various types of files on the hard drive and then overwrite the first one megabyte of the hard drive, destroying the MBR and partition table. The hard drive was overwritten with the string, “Memory of the Independence Day.”

The second major attack occurred on the March 4, 2011. This attack was again a DDoS and again, against U.S. and South Korean government institutions. The malware used was Trojan.Koredos. This malware also overwrote a specified set of file types and destroyed the MBR.  During investigations into these attacks, a back door Trojan called Backdoor.Prioxer was discovered. The back door was quite sophisticated and infected files in a discreet manner.  You can see our previous blog, which describes this technique in detail.

The third attack occurred on March 20, 2013. This attack does appear to have used only hard drive overwrites, and no DDoS attacks. Trojan.Jokra overwrites the MBR and then the contents of the hard drive, independent of file format. It then looks for any mapped network drives and attempts to overwrite those as well. There appears to be multiple installation vectors, including e-mail and patch management. Patch management is an auto-update system that was compromised to deliver the malware.

Similar to the 2011 Trojan.Koredos investigation, we discovered a new version of Backdoor.Prioxer while examining files from computers compromised with Trojan.Jokra. When we investigated this file further, in an attempt to determine how it was installed onto victims’ computers, we established a link with Trojan.Jokra.

Making connections
The Trojan.Jokra samples are obfuscated by the Jokra packer. The Jokra packer was also used to obfuscate a downloader (encountered in August of 2012 with an MD5 of 50e03200c3a0becbf33b3788dac8cd46). This downloader was seen to download Backdoor.Prioxer from the following location:

http://www.skymom.co.kr/[REMOVED]/update_body.jpg

There is a second link between Trojan.Jokra and Backdoor.Prioxer based on the Jokra packer. An addtional malware sample detected as Trojan.Gen.2, located in the 2013 incident which is packed with the Jokra packer, contains a build path string. This string describes where the sample was compiled on disk. The path is:

 Z:\Work\Make Troy\3RAT Project\3RATClient_Load\Release\3RATClient_Load.pdb

Backdoor.Prioxer sample found in the same investigation also contains a build string:

 Z:\Work\Make Troy\Concealment Troy\Exe_Concealment_Troy(Winlogon_Shell)\Dll\Concealment_Troy(Dll)\Release\Concealment_Troy.pdb

Clearly, the two separate pieces of malware were compiled from the same build source directory, Z:\work\Make Troy.

Work or fun?
If the Jokra packer is limited to the one group, then the connections between Backdoor.Prioxer and Trojan.Jokra are reliable. We believe that this packer is not publicly distributed because the number of detections for it are very low, are limited to Korea, and so far have only covered Jokra, the downloader, and the back door Trojan containing the “Z:” build string. This low prevalence is an indication that the packer is in use by only one group.

The connection between Backdoor.Prioxer and the 2011 attacks is not as clear cut. It is certainly suspicious that versions of Backdoor.Prioxer have been present during both attacks, but it could be explained away as the Trojan merely being discovered during the course of an investigation and not actually being related to the attacks. However, we think it is likely however that the samples are related, given the Jokra connection.

Finally, the build path itself used in the Backdoor.Prioxer sample is informative. The path is “Z:\work”, and it seems unlikely that an independent hacktivist would use a folder labeled “work” to store their Trojan. For them, the development of a Trojan is not work, it is fun. The type of person who stores their code in a work folder is someone who is doing this professionally. The implication is that someone has been paid or ordered to perform these attacks, either as a contractor or as an employee.

PWGen is a password generator capable of creating large amounts of cryptographically-secure passwords or pass phrases consisting of words from a word list.  It uses a “random pool” technique to generate random data based on user inputs (keystrokes, mouse handling) and volatile system parameters. PWGen provides lots of options to customize passwords to the users’ various needs. Additionally, it offers strong text encryption and the creation of random data files (e.g., key files).

Features

• Free and open-source software
• Unobtrusive, fully portable, runs on all 32-bit and 64-bit Windows versions
• Uses up-to-date cryptography
• Numerous password options for various purposes
• Generation of large amounts of passwords at once
• Generation of pass phrases composed of words from word lists
• Pattern-based password generation
• Secure text encryption
• Multilingual support

Link : PWGen

Here is a nice infographic where is shown why passwords are not secure and the ways to protect them from theft.

If you are interested , read also the blog : How Secure is Your Password?

Credits : http://www.backgroundcheck.org/your-password-is-ob...

The latest release of Symantec Critical System Protection, 5.2.9 MP2, includes expanded platform support and ease-of-use enhancements to further simplify intrusion prevention. 

Expanded platform support: In 5.2.9 MP2, Symantec Critical System Protection extends support to Oracle Linux 5.8, 5.9 and 6.3 64 bit with Unbreakable Enterprise Kernel Release 2. This release also adds platform support for RedHat Enterprise Linux 6.4 64 bit. For more information on specific platforms, versions and the features they support, see Symantec Critical System Protection Platform and Feature Matrix.

Ease-of-use enhancements: The console has been updated to allow users to select multiple prevention custom policies and apply them to a group, further simplifying policy management and intrusion prevention.

For more information about Critical System Protection go to http://www.symantec.com/critical-system-protection. 

Thanks for reading!

Neelum 

This Sunday is World Backup Day. However every day should be a World Backup Day. Today’s businesses rely on their data to differentiate themselves from their competition and drive their success, from proprietary business plans to confidential customer data to classified employee information. Simply put, organizations of all sizes must protect their information from anything life might throw at them, including theft, Internet attacks, hard drive crashes, natural disasters, to even employees losing laptops – there are literally thousands of examples of potential information mishaps. And if you can’t replace the missing information, you put your business at risk, including the possibility of having to shutter your doors.

What to Look for in a Backup Solution

Backup can be simple, but to ensure it’s effective in today’s increasingly complex IT environment, businesses should consider the following:

• Take advantage of common software platforms to streamline processes. They allow you to manage backup functions through a centralized dashboard, unifying physical and virtual resources as you perform backup and recovery tasks
• Be sure to implement deduplication for all backup data to truly maximize storage savings. This should be done at all levels. And while you’re at it, look to pair your backup with archiving as well, which will help reduce costs and leave more frequently accessed files to be retained in your backup
• Control data growth. Backup is facilitated when there is less data to manage, and learning where your data resides and what it contains can lead to substantial time and cost savings. Further, creating policies around what information is most important and where it is stored helps make the backup process itself simpler, faster and less resource-intensive.
• When selecting a vendor to help with backup, look for one that keeps management simple by supporting both physical and virtual environments. Backup should be intuitive and easy to manage. Multiple solutions are less likely to be used to their full potential.
• And use it! The solution you deploy should be simple to install and use, but it’s also important to conduct regular tests in order to make sure recovery works. Regular testing can help you identify flaws in your policies and storage, allowing you to make corrections before a data loss incident occurs.

Don’t allow yourself to become a headline or a statistic. Take the proper steps now to protect your information by implementing backup technologies that will help ensure your operations keep running smoothly in the event of an unforeseen disaster. And make every day a World Backup Day. 

One-click fraud refers to a scam that attempts to lure users interested in adult-related video to a site that attempts to trick them into registering for a paid service. For many years, it has been common to see this type of fraud on computers. As smartphone usage has increased, so has the number of these types of scams on smartphone devices. People typically come across these scam sites by searching for things that they are interested in or by clicking on links contained in spam messages. We also witnessed the advent of one-click fraud Android apps just over a year ago and those apps can now be found on Google Play.

Figure 1. One of the developers hosting the apps

Figure 2. Two examples of one-click fraud apps

The apps can easily be found on Google Play through keyword searches in the same manner as an Internet search. For example, entering Japanese words related to pornographic video results in one of these apps being at the top of the search results at the time of writing. Typically, the apps only require the user to accept the “Network communication” permission, although some variants do not require the user to accept any permissions. This is because the app is simply used as a vehicle to lure users to the scam by opening fraudulent porn sites. The app itself has no other functionality. This may fool users into feeling safe about the app and catch them off guard when launching the app.

Figure 3. Typical permissions requested by the apps

The first variant of this type of app that we have seen appeared in late January, although it is possible that apps were released earlier than this. From then on, the apps were published by different developers each time and the number of apps steadily grew though many were removed from Google Play at one point for unconfirmed reasons. We are now seeing multiple developers fiercely publishing apps in bulk on a daily basis. We have so far confirmed over 200 of these fraudulent apps published by over 50 developers, although it is likely that more exist. These apps have been downloaded at least 5,000 times in the last two months. As far as victims go, we are not aware of how many of these users actually paid money to the scammers; the “service” costs about 99,000 yen (approximately US$1,000). It certainly must be worth the time and effort for the scammers as they have continued doing business for over two months.

Figure 4. Examples of sites that the apps open

Figure 5. Registration page that is displayed when attempting to view a video

Interestingly, it appears that the scammers are not only interested in one-click fraud. A couple of the developers we have come across also publish dating service apps. It is not surprising to see scammers involved with both one-click fraud apps and dating service apps because these types of dating services are typically considered dodgy in Japan.

Figure 6. Scammer publishing both a one-click fraud app (far right) and dating service apps

Symantec detects the apps discussed in this blog as Android.Oneclickfraud. When looking for apps, we recommend downloading them from trusted sources regardless of where the apps are hosted or found. Installing a security app, such as Norton Mobile Security or Symantec Mobile Security, on your device is a good idea to keep your device protected as well. For general safety tips for smartphones and tablets, please visit our Mobile Security website.

This was my second year at the RSA Conference. It was interesting to come back as a "veteran" to the largest security conference (24k attendees according to rumor). I consider myself a veteran since I didn't really see differences between last year and this year. Now since I was working my interactions were limited to the expo floor and sidebars. I didn't get into any talks or sessions, but the view from the outside was worthwhile if a little rote. The keynotes and expo floor focused on the same problems we had last year. Sure the scale may have changed and the awareness of threat actors has broadened but we're still fighting the same battles against a backdrop of consumerization, the cloud, and big data.

Now I understand 20 minutes in front of a passive audience or five minutes with a conference goes that wanders up to your kiosk is not the opportune time to solve the world's problems. At best you grab their attention (hopefully in a tasteful manner) and set up that follow-up to really talk about problems and solutions. And it was at this level whether at an offsite meeting room, over a meal, over drinks, or even in front of the booth is where I got my value out of RSAC.

It was great catching up with colleagues and co-workers. In one morning our team knocked down some big problems on how to scale our processes. I learned more about the direction of our company listening to leaders answering the hard questions from a knowledgeable CISO. I learned about new customer businesses over drinks and caught up with old customers passing through the halls.

There's a widsom in crowds and broadcasting your message still has a great role to play but the work gets done in the small groups, whether at a conference or a company rebuilding a security program. Bringing the right group of a few people together for a common purpose is most of the battle. That's where innovation and value are created. 

Some of the little utilities which come with Enterprise Vault are really quite powerful and useful. Take the EVSPShortcutManager utility, for example. This utility was introduced in Enterprise Vault 9.0.1 and runs on the SharePoint server, rather than the more normal location of the Enterprise Vault server. So what does it do? Read on for more details…

The utility allows you to do a number of important and interesting things with your SharePoint archived items. These are:

* Replace all HTML shortcuts with seamless shortcuts

This is important because prior to Enterprise Vault 8 SP 3 the SharePoint archiving component would archive items from within SharePoint and replace them with a HTML link. These weren't that great to be honest, and broke numerous things like workflows, and any existing links to the document on SharePoint. With the introduction of Enterprise Vault 8 SP 3 shortcuts now became 'seamless' shortcuts. This was great news and meant that workflows continued to work, original document icons were preserved, existing links to documents still worked, and items could be edited and saved back to SharePoint much more easily. The first purpose of this utility then is to convert the 'old style' HTML shortcuts to the new format.  If you've had SharePoint archiving for a considerable time and had items archived and replaced with HTML links then this utility is a must-have.

* Recall all archived items back to a SharePoint site, collection or library

The second purpose of the utility is to bulk-recall items back to SharePoint. This can be useful for the obvious things like backing-out archiving, if you decide you know long want to use Enterprise Vault to archive the SharePoint environment. It's also important if you have inadvertently applied the wrong policy to a particular site, collection or library.  You can push the data back to SharePoint, correct the policies, and then re-archive the items.

The tool has been well tested, but there on occasion a few hiccups, such as the document in the tech note relating to blank urls: http://www.symantec.com/docs/TECH202830

So, if you need to bulk recall items back to a document library or site, or have inherited an archived SharePoint server you should check out the EVSPShortcutManager utility.  The syntax for the tool can be found in the Utilities Guide which comes with the Enterprise Vault media. Have you ever used EVSPShortcutManager? Let me know in the comments. 

We are pleased to announce Managing Mobility– the new community of mobile technology experts. This community is designed to bring together people who share enthusiasm for all things related to mobility in particular to discuss best practices and to educate others about enterprise mobility and related topics.

At Symantec, we know organizations, from small local companies to large multi-national corporations, are confronted with the ever-present task of managing mobile technology in the workplace. The Managing Mobility community is our newest effort to enhance thought leadership in this area by fostering close cooperation between Symantec and enterprise and small business mobility leaders.

The goal of Managing Mobility is to bring like-minded brand advocates and influencers together to share their experiences and expertise with each other and across their social networks. Read real-life stories from customers and industry experts about how mobile technology is being implemented in their organizations and what they’re doing to protect sensitive and confidential materials stored on mobile devices.

Content within this community comes not just from Symantec, but also from the many community members – people just like you that are looking to share their expertise and experience in mobility. Within this community, you will find everything from educational material, links to software updates, product reviews on the latest and greatest Symantec offerings, exclusive industry insights, and much more.

If you’re ready to get involved, then it’s time to Visit, Share, Submit and Earn. Here’s what to do:

a)      VISIT managingmobility.symantec.com, sign up and connect all your social channels (i.e. Facebook, Twitter, blogs, etc.).

b)      SHARE the community’s URL and other amazing content across your social channels (Hint: Hit the “Spread the Word” button on the right of the page!)

c)       SUBMIT your own mobility-relevant content. Approved submissions will be published and increase your community rank.

d)      EARN points and rewards (more details on the points system coming soon).

We are excited to collaborate with you. Stay tuned for more and feel free to look around the site and contribute. Again, welcome to Managing Mobility!

Follow Symantec VIP on Twitter @SymantecVIP

The latest update to Symantec Validation and ID Protection Service is live.  Improved manageability and an even better administrator and user experience through numerous UI enhancements is again the theme of this release.  Much of the focus surrounds the user experience with Intelligent Authentication and Registered Computer; and the administration of Remembered Devices and out-of-band authentication.

Summary of New Features

• VIP Manager redesign continues – updated user emails
• Streamlined experience for users of VIP risk-based authentication (Intelligent Authentication) and Registered Computer
• Enhanced Remembered Device Management
• Enhanced account management for out-of-band authentication through user specified country codes
• Symantec VIP platform and OS requirements can be found on the VIP website under System Requirements

Features Highlights

• VIP Manager Redesign Continues -  A note on the login screen of the original VIP Manager has been added with the URL for the redesigned VIP Manager https://manager.vip.symantec.com.  The original VIP Manager will continue to be available to you until the end of May to continue the smooth transition.   Both VIP Manager interfaces use the same database backend allowing you to use them interchangeably if desired.

• Streamlined Experience for Users of Intelligent Authentication and Registered Computer - Although VIP risk-based authentication (Intelligent Authentication) has utilized Registered Computer for some time now, the process for registering your device upon login using Intelligent Authentication has been significantly streamlined.   With this release you no long are required to pre-register or leave the login screen to register your device – and a checkbox means the remembered device will be used in the future (no more typing in security codes).  VIP risk-based authentication uses several means to evaluate the riskiness of a login attempt: is it a known/trusted device, what of the device’s reputation, and is the user behavior unusual.   Registered computer is a key data point to determining the trustworthiness of a device; therefore improving the user experience when using it is a major enhancement.

• Enhanced Remembered Device Management - Managing token-less authentication and remembered devices just got easier.  This update of VIP breaks these credentials out of the Credential section to improve visibility and administration.  By drilling down into User Detail, administrators will continue to see the section labeled Credential, but if Intelligent Authentication (token-less risk-based authentication) or Registered Computer is being utilized you will also see a section labeled Remembered Device, with a type listed as Device Fingerprint or Registered Computer respectively.  In addition, you can now rename or remove remembered devices associated with a particular user.
  • Chrome browser support has been added for Registered Computer on Windows XP, 7, and Vista. 

• Improved Account Management for Out-of-band Authentication - When SMS or Voice Call has been enabled in the VIP Components tab (under Account/VIP Policy Configuration), you can select a default country code for your out-of-band (OOB) usage.  This eliminates the need to edit all phone numbers within your LDAP user store to add country codes. SMS and Voice OOB can be used for temporary security codes and by VIP risk-based authentication for an OOB challenge.  If VIP policy is set then the specified country code will be prefixed to any phone number entered in the self-service portal or pulled from your data store (if it does not already have a country code with a “+”).  If the country code is “None” then the phone numbers are not changed.  Only one country code can be specified per account.  More information can be found by selecting Help in VIP Manager.

Technical Support

We value your business and are committed to customer care.  Please contact us if we can assist or answer any questions. Symantec Support can be reached via email at: enterprise_vipsupport@symantec.com or by phone at +1-650-426-3535 or 1-800-579-2848. 

ワンクリック詐欺とは、アダルト動画に興味のあるユーザーを誘い込み、有料サービスに登録させようとする詐欺行為のことです。このタイプの詐欺は、PC の世界では、この何年もの間よく見られるものですが、スマートフォンが普及するにつれ、スマートフォンデバイスを狙ったワンクリック詐欺も増加しています。こうした詐欺サイトには、興味のある語句で検索したり、スパムメッセージに記載されているリンクをクリックしたりしてアクセスしてしまうことが多いものです。昨年、ワンクリック詐欺を働く Android アプリの存在を確認しましたが、現在は Google Play でもこうしたアプリが見つかっています。

図 1.詐欺アプリを提供している開発元の例

図 2.ワンクリック詐欺アプリの例

こういったアプリは、インターネット検索と同じように Google Play でキーワード検索を実行すると簡単に見つかります。たとえば、（このブログの執筆時点では）アダルト動画に関連する日本語の単語を入力すると、そうしたアプリの 1 つが検索結果の上位に表示されます。大抵の場合、アプリがユーザーに要求するのは、「ネットワーク通信」許可だけです。アプリによっては、何の許可も要求しないものもあります。これは、ユーザーに詐欺アダルトサイトを開かせるように誘い、詐欺に陥れるための道具としてしか、このアプリが使われていないためです。アプリには余計な機能が付いていないので、ユーザーはアプリが安全だと誤解して、無防備に起動してしまう可能性があります。

図 3.これらの詐欺アプリで通常要求される許可

このタイプのアプリを最初に確認したのは昨年の 1 月のことですが、それよりも前に公開されていた可能性もあります。以降、さまざまな開発元から何度もアプリが公開されています。一時、多くのアプリが理由は不明ながら Google Play から削除されたものの、その数は着実に増え続けています。現在では、複数の開発元がおびただしい数のアプリを毎日公開していることが確認されています。シマンテックで確認している限り、これまで 50 以上もの開発元によって、200 個以上の詐欺アプリが公開されていますが、実際には、おそらくそれ以上の数に上るでしょう。これらのアプリは、最近 2 か月で 5,000 回以上もダウンロードされています。この「サービス」には、99,000 円請求されますが、実際に詐欺グループにお金を払ってしまった被害者の数はわかっていません。2 か月以上もこの商売を続けていることを見ると、詐欺グループにとっては、時間と手間をかけるだけの価値があるのでしょう。

図 4.詐欺アプリが開くサイトの例

図 5.動画を見ようとすると表示される登録ページ

興味深いことに、詐欺グループが関心を持っているのは、ワンクリック詐欺だけではないようです。いくつかの開発元は、出会い系サービスアプリも公開していることが確認されています。出会い系サービスがいかがわしいものとされている日本では、詐欺グループがワンクリック詐欺アプリと出会い系サービスアプリの両方に手を染めていても、特に驚きはありません。

図 6.ワンクリック詐欺アプリ（右端）と出会い系サービスアプリの両方をリリースしている開発元

シマンテックは、このブログで説明しているアプリを Android.Oneclickfraudとして検出します。アプリを探すときには、アプリがホストされている場所や見つかった場所にかかわらず、信頼できるサイトからダウンロードするようにしてください。ノートン モバイルセキュリティや Symantec Mobile Securityなどのセキュリティアプリをダウンロードして、デバイスを保護することも有効です。スマートフォンとタブレットの安全性に関する一般的なヒントについては、モバイルセキュリティの Web サイト（英語）を参照してください。

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

The attached document shows few tricks which you can use in your daily use of DTrace tool to make things easier.

Are you interested in seeing first hand the new advancements around virtualization backup and recovery coming in NetBackup 7.6?  Well, we've decided to host a Google Hangout as a sneakpeak into the latest and greatest, and broadcast it live from Vision 2013 in Las Vegas on 4/17.  This Hangout is open to the public and we're encouraging everyone to come check it out!

We'll be showing you things like how to backup 300 VMs in 3 minutes, backing up 3TB of data in 15 minutes, and much more.

Broadcasting live from the Expo Hall floor of the MGM Grand on April 17th from 12:00pm to 1:15pm Pacific time.  

RSVP on our Google + page:Protecting 300 VMs in 3 min

We'll be taking questions from panel members as well as those submitted through Google + and Twitter.  So, add us to your G+ circles and follow us on Twitter to take part in the discussions.

'See' you there!

Disclaimer:

Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and are subject to change. Any future release of the product or planned modifications to product capability, functionality, or feature are subject to ongoing evaluation by Symantec, and may or may not be implemented and should not be considered firm commitments by Symantec and should not be relied upon in making purchasing decisions.