Quantcast
Channel: Symantec Connect - ブログエントリ
Viewing all 5094 articles
Browse latest View live

Symantec Encryption: What's New?

0
0

In the past, it was fairly easy to keep corporate data protected by keeping it within an established perimeter—protected by established access controls and passwords.  That model has been blown apart as iPhone, iPad and other smartphones and tablets have taken over. Add to that the accessibility and usability of file sharing services like Dropbox and you can see why this transformation has information security managers concerned. These are not trends that organizations can deal with by saying “no.”  They urgently need solutions to help secure confidential data and limit access.

Today, we’re pleased to announce that Symantec’s new encryption solutions, powered by PGP Technology, are now shipping. With this Symantec Encryption release, Symantec leverages our encryption portfolio to ensure cloud data remains safe while keeping it accessible, and to protect confidential email for mobile.

Here’s a look at what’s new.

Symantec File Share Encryption and iOS Viewer
Symantec File Share Encryption gives organizations the ability to automatically encrypt all files that their users store on Dropbox. Files remain encrypted even in the cloud, cloud share administrators can’t access them and neither can bad guys should a breach occur; only authorized users have access to the sensitive information. With File Share Encryption for iOS, users can also securely view these encrypted files directly on their iPhone and iPad (the file viewer app is available for free downloads from the Apple App Store).

Administrators set encryption policy so content like documents, spreadsheets, presentations, video, and audio are automatically encrypted. Administrators set this policy on the same console they use to manage other Symantec Encryption products, Symantec Encryption Management Server.

Symantec Mobile Encryption for iOS
In this release, we’ve enabled iOS mobile device users to not only view encrypted email, but also to compose, reply, and forward encrypted email. To compose an encrypted message the users start the mobile email encryption app (downloadable from the Apple App Store), compose the email and press the “encrypt” button when done. The encrypted email is then sent by the native iOS mail client.

We’ve also added encrypted email viewing capability for Android devices. Policy can be set to allow users to read encrypted emails once they unlock their phones, or administrators can set an additional requirement to enter a passcode to read encrypted messages.

One Brand, One Path
In addition to new solutions and features powered by PGP Technology, Symantec has also renamed our encryption product line to decrease confusion among our customers. Our new product names reflect the breadth of Symantec encryption solutions while maintaining our PGP heritage – they’re the same great products our customers know and trust to protect their information.

For more details on Symantec Encryption solutions, visit: www.symantec.com/encryption.
 


Are You an Overconfident IT Manager?

0
0

Imagine you are newly married and you and your spouse are looking for new home to build and raise your family.  You spend time pouring over real estate books, websites, and talking with your friends.  After considerable time and research you settle into a cozy three bedroom home within 15 minutes of your office.  You begin to love your neighborhood but as you meet with your new neighbors you discover an alarming trend.  Within the past 6 months 13% of the homes in the neighborhood experienced a major safety or security issue such as a fire, break in, or someone redirected their mail to a foreign address.  You wonder if these people are unlucky or have you moved into a bad neighborhood.  When you share your findings with your spouse they respond with "I'm sure we're fine!  Let's, twice a year, make sure the doors are locked at night and take the fire extinguisher out of the closet."

You may find this illustration silly but it reflects how  IT managers respond to their web security. 

Recently IDG Connect, the world’s largest technology media company, produced a report on corporate web security and found some interesting findings.  The study revealed that IT managers often operate with a baseless sense of optimism within a landscape dotted with threats.  When asked about how they feel about their web security they said (0% not secure, 15% reasonably secure, 55% very secure, 19% totally secure, & 11% were not sure). 

When comparing large companies against their mid-sized counterparts the study found that they tested for vulnerabilities on a monthly basis 53% of the time vs. 13%.  Interestingly the study also found that rate of not testing at all was highly discouraging with the size of the business having little bearing on rate (Large 30% vs. Medium 34%).

Of the IT Managers interviewed 13% stated they experienced a breach within the last 6 months.  These threats include everything ranging from brute force attacks (59%) to content spoofing (18%).  Despite the optimism of the 89% that their websites were reasonably to totally secure these security issues persist.  Would they not try to better protect their home if 13% of the homes in their neighborhood had their door kicked in every 6 months?  Would they continue to eat at a local restaurant if 13% of the regular guests came down with food poisoning twice a year? 

Of the companies that experienced a breach there were four main ways they improved their security in order of frequency:

  1. Improved SSL protection
  2. Improved security software
  3. Improved firewall
  4. Outsourcing web hosting

If you want your confidence in your web security to be well founded then I recommend testing your website for vulnerabilities once a month at a minimum as well as ensure your security software is up to date and operates with minimal system interference. For more information I recommend downloading the report: https://forms.ws.symantec.com/cgi-bin/go.cgi?a=ILVE4-2175-01-26

Disaster Recovery Readiness: How prepared are you?

0
0

With natural disasters, such as Hurricane Sandy, many organizations are rethinking their disaster recovery readiness. To thwart impending disasters, Symantec and Intel jointly designed NetBackup Appliances to reduce the operational costs associated with protecting enterprise data. These all-in-one integrated backup appliances can protect both virtual and physical workloads while also leveraging snapshots and replication. NetBackup appliances also feature built-in Automatic Image Replication to bring down RTO. To learn how to be better prepared with backup and recovery, join our webcast on February 5th at 10 am PST. Register now and be prepared with Symantec!  

ランサムウェアの活動が活発化

0
0

昨年末近くに予測したとおり、今年に入ってランサムウェアの活動が活発化していることが確認されています。ランサムウェアによる恐喝詐欺は、初めて登場してから何年も経ちますが、ここ 2 年の間にサイバー犯罪者の間で流行するようになり、無差別に被害を受けるコンピュータユーザーの数は増加の一途をたどっています。シマンテックは、一連のブログホワイトペーパービデオなどを通じて、急増するこの脅威を追跡してきました。

先週には、ランサムウェア活動にまたしても世界規模の突出が見られました。全体的な急増の裏には何種類かのランサムウェアが関与していますが、主に確認されたのは、Trojan.Ransomlock.Yというランサムウェアです。この亜種はポルノサイトを通じて拡散され、そういったサイトは Impact 悪用ツールキットにリンクされています。シマンテックは Impact 悪用ツールキットに対して以下の侵入防止シグネチャ(IPS)を提供しており、遠隔測定ではこの悪用ツールキットの検出においても類似の急増が確認されています。

 

図 1. Trojan.Ransomlock.Y のスクリーンショット

 

万一、ランサムウェアによる恐喝詐欺の被害に遭った場合、犯罪者には身代金を払わないことが鉄則です。身代金を支払ったとしてもコンピュータのロックが解除される保証はなく、お金をどぶに捨てることにもなりかねません。支払った身代金は、さらなるサイバー犯罪を生む財源にもなります。シマンテックでは、ランサムウェアの駆除に有効な一連の手順を用意しています。

 

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

Quick query to list inherited right (undue) after SP2 upgrades

0
0

I attended an upgrade for a customer installing MP1.1 on 4 servers in hierarchy (1 parent, 3 children). We had some minor problems when we got started but nothing major:

  • 2 servers (including the parent) did not have the MP1.1 upgrade option because SMP 7.1 SP2 was not appearing as installed in SIM. We just ran the upgrade as a new installation.
  • The parent configuration went much to fast to be healthy. In effect it did not install ost of the products, so we ran the "aexconfig /configureall" manually and this fixed the environment
  • One role had been granted undesired rights (inherited from the hidden parent folder)  on main console locations: "Reports", "Console menu", "Settings" and "Resource".

To solve the latest issue we crafted a report based on the following diagram to list the items that roles had access to when they should not:

Fron this we crafted the following query:

/* Top folders guid list
     Resource     = 'fec994ae-1787-44c2-b5ec-e94d210838c9'
     Reports      = '4d4d03c6-cb51-4502-886f-13f756198b1b'
     Settings     = '5d9e00c1-146f-478b-a94d-ccbbe89e0347'
     Tasks        = '297171fd-395f-41d8-a482-ea4271bc9572'
     Console menu = 'a2145b77-3df4-4b99-b36d-817d82b920a2' */


select i.name as 'Security Role', i2.name as 'Object', stp.permissionguid
  from SecurityACEData ace
  join SecurityTrusteePermission stp
    on ace.TrusteePermissionId = stp.id
  join SecurityTrustee t
    on stp.trusteeguid = t.guid
  join Item i
    on t.Guid = i.Guid
  join Item i2
    on ace.entityguid = i2.guid
 where Inherited = 1
   and EntityGuid in (
		'fec994ae-1787-44c2-b5ec-e94d210838c9',
		'4d4d03c6-cb51-4502-886f-13f756198b1b',
		'5d9e00c1-146f-478b-a94d-ccbbe89e0347',
		'297171fd-395f-41d8-a482-ea4271bc9572',
		'a2145b77-3df4-4b99-b36d-817d82b920a2'
		)
/* -- OPTIONAL FILTER
   and i.name not in (
		'Symantec Level 1 Workers',
		'Symantec Level 2 Workers',
		'Symantec Administrators',
		'Symantec Supervisors',
		'Symantec Guests',
		'Patch Management Administrators',
		'Patch Management Rollout'
		)*/
 order by i.name

Interestingly enough beware of the result as the effective permissions for specific group can be inherited from other groups as we have role hierarchy that can be implemented (inheriting from the other roles a role is in).

Malicious Spam Emails Target Nightclub Disaster in Santa Maria

0
0

Symantec Security Response has observed that spammers are distributing malicious emails that attempt to lure users into viewing a video of the incident that killed 233 people recently in a horrific tragedy at a popular nightclub in Santa Maria, Brazil. The malicious email is in Portuguese and invites unsuspecting users to click on a link to watch a video of the tragedy. The link provided in the email downloads a zip file containing a malicious control panel file as well an executable file. Symantec detects this threat as Trojan Horse.

Further analysis of the malicious file shows that the threat creates the following file:

%SystemDrive%\ProgramData\ift.txt

It also alters the registry entries for Internet Explorer.

The threat then downloads an IE configuration file from a recently registered domain. Trojan Horse is usually a backdoor Trojan, downloader, or an infostealer.

Samples of the spam emails are shown below (Figures 1 and 2). The email has the following characteristics:

Subject: Video mostra momento exato da tragedia em Santa Maria no Rio Grande Do Sul segunda-feira, 28 de janeiro de 2013

Subject: VIDEO DO ACIDENTE DA BOATE DE SANTA MARIA RS.

Translation: Video shows the beginning of the tragedy in Santa Maria, Rio Grande Do Sul Monday, January 28, 2013

Translation: Video of the Nightclub accident in Santa Maria RS

Figure 1. Spam email example one

Figure 2. Spam email example two

Users are advised to exercise caution when looking for videos, images, and news of recent popular events. Do not click on suspicious links or open attachments received in unsolicited emails. Keep your security software up-to-date in order to protect your information from online viruses and scams.

WHERE BIG DATA AND SECURITY ALIGN

0
0

There has been a data explosion within security teams, as organisations everywhere seek to increase their effectiveness in preventing breaches of defences through improved correlation and data sharing. You have probably seen this happening within your own working environment, too.

In the quest to achieve this sought-after level of ‘good enough’ security, the findings of new research from the Enterprise Strategy Group, ‘Big Data Intersection with Security Analytics’, partially sponsored by Symantec, are encouraging.

You won’t be too surprised to hear that, in our ‘Big Data’ world, we are collecting a lot more data than we used to two years ago. There is only one direction in which that arrow is going to be pointing from now on. What is interesting here, though, is that lots of people are vested in this information to do their job – and that is likely to envelop even more people, across a wide range of roles over the next couple of years.

Why exactly are we collecting this data? Primarily, judging by the responses to the survey, to detect advanced threats and for security incident analysis, as well as to make sure audits and compliance targets are met. But we can’t do it all on our own: third party services greatly enhance our capabilities, especially when seeking to proactively identifying potential future threats to critical systems. One popular third party service is threat intelligence; with 65% of respondents reporting use of some form of external threat intelligence today.

The value of that data is clear, with 78% saying the intelligence enhances visibility into threats and security incidents, with 95% confirming that commercial threat intelligence is effectively addressing risk.

But what forms of intelligence are in greatest demand? Vulnerability and malware intelligence top the interest list, with the most popular intelligence use cases being the proactive identification of potential threats to critical systems and the adjustment of defensive tools to address emerging threats.

You may ask, “In whose hands does that intelligence lie”? Some 92% of those surveyed say that more than five individuals have access to security intelligence on a regular basis, with security analysts, IT auditors and SOC staff being the top three roles identified. Interestingly, the CIO comes in fourth, demonstrating how much more ‘hands on’ they are now in understanding just how well informed and protected their businesses are from attacks.

As you might expect, there are also downsides to the expanding use of data in security analytics, with the main issue highlighted being a lack of adequate internal security skills.

All in all, the findings are quite encouraging, with the move toward big data security and the use of external threat intelligence well underway. Of course organisations with more mature processes will see the greatest return from these investments, … but even the longest journey begins with the first step. 

For more information, you can download a copy of ‘Security Intelligence: A Key Component of Big Data Security Analytics’ here.

BE usability session-participants wanted!

0
0

Hello Symantec customers. I am a usability engineer working in Backup Exec. I have new design concepts for a possible future release of BE that I would like your feedback on. In order to make products that better fit  your needs, we need your input.

This study is a 1.5 hour study that you can participate from the comfort of your home or office. All you need is Internet access and a phone to dial into the toll-free number to participate.

If you would like to participate (and I hope you do), please go here to sign up for a session:  https://www.timetrade.com/book/MJB9L

Once the appointment is scheduled I’ll send you a meeting request with the con call info and WebEx link.

Thank you for your participation and I look forward to hearing your feedback.

Jessica Rich


Customer Success Story: Fujian Mobile Reduces Storage, Increases Processing with Symantec

0
0

 

As Fujian Mobile in China rapidly grew from 2 million customers in 2003 to nearly 30 million today, the need for a secure, highly available, and efficient billing system became ever more important. Previous solutions suffered, becoming increasingly slow. It was simply unacceptable. After evaluating its options, Fujian selected Veritas Storage Foundation High Availability for Windows from Symantec. Consequently, Fujian witnessed unprecedented success with the new solution. Results include up to eightfold faster processing, the ability to re-assign 15 IT staff to more valuable tasks, a 50 percent reduction in storage needed for billing and reclaiming more than 10 terabytes. To learn more about how Symantec’s cluster file storage system drastically improved Fujian Mobile’s billing system, follow this link http://bit.ly/V29aY8   

Gift of Trojan.Smoaler Delivered Through Fake FedEx Emails

0
0

Symantec Security Response is aware that fake FedEx emails have been circulating recently. The emails claim the user must print out a receipt by clicking on a link and then physically go to the nearest FedEx office to receive their parcel. Obviously the parcel does not exist and those who click on the link will be greeted by a PostalReceipt.zip file containing malicious PostalReceipt.exe executable file. Instead of receiving a parcel, which the user did not order in the first place, Trojan.Smoaler is delivered to the computer.

All the fake FedEx emails delivering this malware are almost identical except for the order numbers and the website the zip file is hosted on. One sign of laziness, or perhaps an oversight on the part of the malware author, is an consistent order date. The author does change the domain where Trojan.Smoaler is hosted daily. The following emails were spammed out in 2013 on January 21, 25, and 26.
 

Figure. Fake FedEx emails spotted in 2013 on January 21, 25, 26
 

Symantec detection Trojan.Smoaler!gen4 protects customers from this threat.

We should all know by now that the only unordered parcels we ever receive are gifts from Santa Claus. Even though Santa and his reindeer may be struggling to keep up with the ever increasing amount of gifts that need to be delivered on Christmas night each year, we are sure he would not send them through a courier delivery service!

FedEx has posted a warning on its website along with further information about online security. As always, we recommend users to keep their antivirus up to date and avoid clicking on links in emails received from unknown senders. If a suspicious email originates from an organization that you do not have any personal business dealings with, it should be assumed that these emails are potentially malicious and should not be opened.

サンタマリアのナイトクラブ火災を利用した悪質なスパムメール

0
0

シマンテックセキュリティレスポンスは、先日ブラジル南部サンタマリアにある有名なナイトクラブで 233 人が犠牲になった惨劇をさっそく利用し、そのビデオを視聴できると称してユーザーを騙そうとする悪質なスパムメールが拡散していることを確認しました。このスパムメールはポルトガル語で書かれており、無防備なユーザーを誘導して、この大惨事のビデオを視聴するためのリンクをクリックさせようとします。スパムメールに掲載されているリンクをクリックすると、悪質なコントロールパネルファイルと実行可能ファイルが含まれている ZIP ファイルがダウンロードされます。シマンテックは、この脅威を Trojan Horseとして検出します。

悪質なファイルをさらに解析した結果、この脅威は次のファイルを作成することが判明しました。

%SystemDrive%\ProgramData\ift.txt

また、Internet Explorer のレジストリエントリも改ざんします。

次に、最近登録されたばかりのドメインから、IE の設定ファイルをダウンロードします。Trojan Horse は通常、バックドア機能を持つトロイの木馬か、ダウンローダ、または Infostealer です。

スパムメールのサンプルを以下に示します(図 1、図 2)。メールには、次のような特徴があります。

件名: Video mostra momento exato da tragedia em Santa Maria no Rio Grande Do Sul segunda-feira, 28 de janeiro de 2013

件名: VIDEO DO ACIDENTE DA BOATE DE SANTA MARIA RS.

翻訳: 2013 年 1 月 28 日にブラジル南部リオグランデドスル州サンタマリアのナイトクラブで起きた惨劇の始まりを撮影したビデオ

翻訳: リオグランデドスル州サンタマリアで起きたナイトクラブ火災のビデオ

図 1. スパムメールの例 1

図 2. スパムメールの例 2

気になる最近の事件についてビデオや画像、ニュースなどを探すときには、万全の注意が必要です。迷惑メールを受信しても、疑わしいリンクはクリックせず、添付ファイルも開かないようにしてください。また、ウイルスやオンライン詐欺から個人情報を保護するために、セキュリティソフトウェアを最新の状態に保つようにしてください。

 

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

FedEx 社を騙る電子メールを通じて届く Trojan.Smoaler のプレゼント

0
0

シマンテックセキュリティレスポンスは、最近 FedEx 社を騙る偽の電子メールが出回っていることを確認しました。この電子メールには、リンクをクリックして受領書を印刷し、それを最寄りの FedEx 社の事業所に持参して小包を受け取るようにという指示が書かれています。そんな小包はもちろん存在せず、リンクをクリックしても待っているのは PostalReceipt.zip というファイルだけです。その中に PostalReceipt.exe という実行可能ファイルが含まれています。そもそも注文していない小包が届くはずもなく、代わりにコンピュータに配達されるのは Trojan.Smoalerです。

このマルウェアを配信する偽の FedEx メールはどれもほぼ同じ内容で、異なるのは注文番号と、ZIP ファイルがホストされている Web サイトだけです。マルウェア作成者の手抜きなのか、あるいは単に見落としなのか、注文日は変わりません。Trojan.Smoaler がホストされているドメインは、作成者によって毎日変更されています。以下に示すスパムメールは、2013 年の 1 月 21、25、26 日に送信されたものです。
 

図. 2013 年 1 月 21、25、26 日に発見された偽の FedEx メール
 

シマンテック製品をお使いのお客様は、検出定義 Trojan.Smoaler!gen4でこの脅威から保護されています。

皆さんもよくご存じのように、注文しなくても届く荷物があるとすれば、それはサンタクロースからのプレゼントくらいです。サンタとトナカイが毎年クリスマスの夜に届けなければならないプレゼントの数は増える一方で、それをさばくのに大わらわかもしれませんが、だからといってサンタが小包郵便を利用するとは考えられません。

FedEx 社は自社の Web サイトに警告や、オンラインセキュリティ(英語)に関する詳しい情報を掲載しています。いつものように、ウイルス対策ソフトウェアを最新の状態に保ち、不明な送信者からの電子メールに記載されたリンクはクリックしないようにしてください。まったく心当たりも関係もない組織から怪しい電子メールが届いた場合、それは悪質なものと考えてまず間違いありませんので、けっして開封しないようにしてください。

 

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

Symantec Partner Technical Academy for VAD-led Partners - Reading(UK), 25th January 2013

0
0

Thank you very much to all VAD-led Partners that attended the Symantec Partner Technical Academy on Friday the 25th of January.

 

We received a lot of positive and constructive feedback from all of you, everyone agrees that they would like to see another Partner Technical Academy running in the coming months therefore we are working on organising another one.

 

The presentations from the event are available below.

 

Stay tuned as you will hear from us very soon.

 

Thanks,

UK & Ireland SymantecTeam

 

Altiris 7.1 migration, Imaging and Software

0
0

This week, diving deeper in to the functional side of DS with some Windows 7 testing along with software deploying.

So we all know the new DS is different, but I never knew it was going to be this different. And Different is not good at all from an DS Administrator's perspective. So here is a low down.

 

  • Software manager is a mess. Maybe from an accountant's side this may be decent, but for an admin, it bestows more work, more clutter, and a interface that serves hardly any benefits. Bottom line, Too many steps to create a job, and not any benefits over the existing platform.

 

  • New PXE has some issues. The SBS corrupts at times causing machines to give the Device is Not Capable errors. Again, another solution to a problem that didnt exist in DS 6.x or any of the competitor's products. 

 

  • Software delivery is badly executed as well. There are Tasks and Jobs. While a Job can contain multiple Tasks, it cannot encapsulate a multi lined Job. It will create the Tasks that you add in to it as separate entities. Which adds clutter to the console(Attached picture red lines), and makes as much sense as Keith Richards.

 

Some of the console areas are so bad you cant even expand the left pane without frustration(Attached picture blue Arrows). The DS product design is terrible and made worse by a terrible console. Bottom line, Stay on DS 6.x unless you need Win7 and 8 Migration.

The Patch(Software update Solution) seems solid, and PCAnywhere works as promised. The out of the box Inventory works exceptionally well, to have full inventory data on client first check in is a bonus.

Upgrading to Enterprise Vault 10.0.3?

0
0

 

In order to see if an issue I currently have is still present with Enterprise Vault 10.0.3 I decided to take the plunge and upgrade a copy of one of my virtual environments to Enterprise Vault 10.0.3.  This is what happend:

First of all I got a nice new pop-up after running the setup program to update my server:

 

I think that's quite a handy reminder for people doing this on a production environment.

The next thing was a little bit unexpected..  in the 'mini deployment scanner' run I saw a warning against my version of Outlook.

 

I had a quick review of the Compatibility Charts as it recommended, and the issue is around Outlook 2007 SP 3 and Exchange 2013.  If you plan to target an Exchange 2013 server then you need a Microsoft hotfix:

Outlook 2007 Update, July 10, 2012

http://support.microsoft.com/?id=2596598

That weighs in at just under 80 Mb, and as I'm not targeting Exchange 2013 I have opted to leave well alone for the time being.

At the end of the quick upgrade I was prompted to restart my machine - which was a little odd seeing as I had definitely stopped all services prior to starting the upgrade.  But this is only a lab, so it's okay for me to just go ahead and restart the machine whenever I like.

 

Following the upgrade when I started the Admin and Directory services there were .SQL scripts to run through.. so the startup took a little longer than normal.  Same when the storage service started for the first time.

After that.. All seems good so far.


Could a Circular Economy Change the World?

0
0

This year, I made it my New Year's resolution to adopt social media and all that it is.

Time is, of course, always the enemy. This endeavor has taken some discipline, but it’s also given me clarity of purpose and reminded me of my passion for learning.

So, there’s no turning back now; I am officially into the deep end of the pool.

And with that in mind, I’d like to promote two articles I read this weekend, one from @SteveCase about the “sharing economy," and the other from Symantec’s new CIO @stephengillett about the “circular economy”.

As I read these two (distinct) pieces, it occurred to me that they might represent a rather elegant evolution.

The “sharing economy” – which emphasizes sharing of assets over outright ownership of assets in order to reduce waste – is certainly nothing too foreign. In fact, it’s a concept we see in practice every day via companies like Case’s ZipCar.

The “circular economy” concept, however, seems to raise the stakes a bit further. In this model, re-manufacturing would eliminate the need for some waste altogether. In other words, we would be cyclically re-purchasing the same (re-manufactured) products, again and again.

That sounds great in theory, but will people really accept a shiny, new “used” product? No matter. I’m spreading the word anyway, because (as a Washingtonian) I’ve witnessed how nothing seems to change until popular sentiment (and then reactionary lawmakers) force the changes.

It reminds me of seatbelts (an overused but useful analogy). Seatbelt legislation, which remains enforced by the state, was introduced in the early 1960's, but it wasn't truly adopted until the 1970's when statistics showed how many lives were being saved, and car manufacturers were finally pressured to comply.

The point is, we all need to do our part to educate, promote, and share ideas that can positively impact the future. And this “circular economy” concept might truly be one of them.

 

Task runs on client but NS displays ‘Failed’ status after a few hours

0
0

I had an issue where I would run a Task like 'Update Client Configuration', but the NS would show a ‘Failed’ status after a few hours.  On the client, it would show 'Success - return code 0'.  The reason it failed was because the 'Altiris Client Task Data Loader' service was not running.  I tried starting the service, but got a ‘Error 1053: The service did not respond to the start or control request in a timely fashion’. 

The solution for me was to follow the instructions provided by K. Kennedy at https://www-secure.symantec.com/connect/forums/altiris-client-task-data-loader-service-wont-start.

What do you want to do on social? Setting objectives for your social efforts

0
0

We all know that if you go shopping without a list—whether to Home Depot or the grocery store—you may come home with more than you planned on or worse, without something you needed. What’s more, your trip may take longer than you intended. We also know than when we go shopping with a specific goal or goals in mind, we’re in faster and much more likely to come home with what we needed.

Managing social media for your company isn’t that different. You need a plan going in, so you know what you’re hoping to come away with.  In marketing, we like to call that having objectives.

So what are your objectives for taking your company into the social arena? What do you want to come away with? Spending just a little time trying to determine this, can help you refine what you do on your social channels and come away with what you planned on coming away with.

 

Good Objectives

Determining your objectives doesn’t have to be hard. Just brainstorm what you want to accomplish. If your company already has some goals for the year, consider simply expanding those goals to your social efforts.  Maybe your call center is overwhelmed. A good goal might be to address frequently-asked questions on your social channels, allowing customers to self-serve, but also giving your call center a place to send customers. Measuring the impact of your efforts on call center volume, would be easy to track and quantifiable.

Maybe you want to easily and inexpensively do a contest or a promotion to drive people to your store or website or even a survey. Social media can make that fairly easy—once you have some followers/fans.

Other objectives can include:

  • Raising brand awareness
  • Increasing communication with your customers
  • Creating soft sales leads (conversion of download, clicks)
  • Driving conversions to other media channels (websites, microsites)
  • Crisis communications
  • Customer support triage
  • Reputation management

 

Not-So-Good Objectives

One thing to avoid is the “everyone is in social media, so we need to be there too.” While it can be important to have a social media presence, don’t rush in because you think you have to. Decide first what you want social media to do for your company and its sales and/or marketing efforts. This way, you’ll have something to measure your efforts against.

Also avoid trying to tackle too many objectives at once. Pick one or two and start there. Once you feel you’ve succeeded with those objectives, you can expand or modify.

Whatever you do, don’t assume having a Facebook or Twitter account for your company is going to drive a lot of sales. It might, if you’re lucky, but chances all, it will simply be one step in the sales cycle for your company—one more about awareness and credibility than sales you can credit solely to a social media account.

One of our key objectives here at Symantec is to engage with our partners and keep them informed. I’d love to hear how you think we’re doing and what you’d like to hear more of on the Symantec partner social channels.

Backdoor.Barkiofork Targets Aerospace and Defense Industry

0
0

Contributor: Joseph Bingham

A few weeks ago, we observed a spear phishing campaign targeting groups in the aerospace and defense industry. We identified at least 12 different organizations targeted in this attack. These organizations include aviation, air traffic control, and government and defense contractors.
 

Figure 1. Spear phishing email targeting aerospace and defense industry
 

In choosing their targets, the attackers identified individuals in important roles, including directors and vice presidents. The content of all the emails were identical. The attackers used a report published in 2012 regarding the outlook of the aerospace and defense industries as the lure. The intention of the attackers was to make it seem as though this email originally came from the company that authored the report. The emails were also crafted to look as though they were being forwarded by internal employees or by individuals from within the industries identified.

When the malicious PDF attached to the email is opened, it attempts to exploit the Adobe Flash Player CVE-2011-0611 'SWF' File Remote Memory Corruption Vulnerability (CVE-2011-0611). If successful, it drops malicious files as well as a clean PDF file to keep the ruse going.
 

Figure 2. Clean PDF file displayed to the user
 

The clean PDF file that is dropped is the industry report identified as the lure, however, it curiously has been modified by the attackers to remove some branding elements.

In addition to the clean PDF file, the threat drops a malicious version of the svchost.exe file. This file then drops a malicious version of ntshrui.dll into the Windows directory. The threat leverages a technique known as DLL search order hijacking (the ntshrui.dll file is not protected by KnownDLLs). When the svchost.exe file calls the explorer.exe file, it will load the malicious ntshrui.dll file in the Windows folder instead of the legitimate ntshrui.dll file in the Windows system directory. Symantec detects both the svchost.exe and ntshrui.dll files as Backdoor.Barkiofork.

This version of Backdoor.Barikiofork has the following capabilities:

  • Enumerates disk drives
  • Contacts the command-and-control (C&C) server at osamu.update.ikwb.com
  • Steals system information
  • Downloads and executes further updates

This spear phishing campaign continues to show the sophistication and preparation of attackers, especially gathering intelligence on what social engineering will best entice targets.

Organizations should ensure proper email security is in place and also make patch management a priority, as the vulnerability exploited here was patched in 2011.

Symantec Statement Regarding New York Times Cyber Attack

0
0

 

As a follow-up to a story run by the New York Times on Wednesday, Jan. 30, 2013 announcing they had been the target of a cyber attack, Symantec (NASDAQ: SYMC) developed the following statement:
 
"Advanced attacks like the ones the New York Times described in the following article, (http://nyti.ms/TZtr5z), underscore how important it is for companies, countries and consumers to make sure they are using the full capability of security solutions. The advanced capabilities in our endpoint offerings, including our unique reputation-based technology and behavior-based blocking, specifically target sophisticated attacks. Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats. We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security. Anti-virus software alone is not enough."
Viewing all 5094 articles
Browse latest View live




Latest Images