RACS

21/06/2019

Apple free battery replacement for certain MacBook Pro models due to overheating fault

See this article regarding a free battery replacement for certain faulty Apple laptop models.
Please share this to anyone you know that may be affected.

Angeles City, Philippines friends and colleagues:
The best repair in Angeles City is switch in Marquee mall - "Switch" have premium repair status in Apple USA support database.

https://www.apple.com/newsroom/2019/06/important-notice-for-batteries-in-certain-macbook-pro-units/

Cupertino, California — Apple today announced a voluntary recall of a limited number of older generation 15-inch MacBook Pro units which contain a battery that may overheat and pose a safety risk. The units were sold primarily between September 2015 and February 2017 and can be identified by their product serial number.

Apple today announced a voluntary recall of a limited number of older generation 15-inch MacBook Pro units which contain a battery that may overheat.

20/06/2019

Linux/FreeBSD admins - heads up and patch now - new Ping of Death

If you don't know the words Linux or FreeBSD, then you can delete now :)
A big thanks to Mike Sheen from Jiwa Accounting Software in Australia for this one.
It seems it has not hit any of my regular security notification lists as yet

I am still looking into whether Mikrotik routers are vulnerable or not

Kindly,

ROY ADAMS | P 07 3040 5010 | Web: http://www.racs.com.au/ | Wiki: https://ex.racs.com.au:444/ | eMail: mailto:[email protected]
Please never upgrade to the latest Windows 10 - You don’t need the hassle, and I don’t need the work.
More seriously, the 6 month older Windows 10 releases are typically FAR MORE stable - a simple RACS script can fix this - just ask :)
If you think it's expensive to hire a professional to do the job, wait until you hire an amateur - Red Adair.
Life is a journey through a series of adventures.. Live them, love them, hate them, but never give up on your dreams, desires, and goals.

From Mike:
I came across this today - nasty vuln in the Linux and FreeBSD kernels affecting distros from over 10 years old to present:

https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md

Basically by sending some carefully crafted packets you can initiate a kernel panic.

We have a few internet facing Linux boxes here which fortunately will be easy to patch.

I’m hoping our Mikrotik kernel isn’t vulnerable!

09/06/2019

Another somewhat negative Google/Android post :( - Hopefully for the safety of everyone for better awareness

Hi All, Happy Sunday.

Ultimately this is another of those "We really cannot trust Google Android devices" posts.
Just sharing with family and friends, as there has finally been a Google Security Blog post published 6 June 2019 that details the Triana Android trojan much better than previously known.
Maybe it's time to consider a refurbished, or new *older model* iPhone that won't break the bank.
Google finally enhanced their play store some time back with Google Play Protect that claims to remove Triada and other nasties.
The problem IMNSHO is that new malware, adware and trojans still keep finding their way into the Google Play Store on a fairly regular basis.
If you use banking or any apps that can affect you financially, I would strongly recommend not doing so on Android devices.
Keep in mind also, that even having contacts on your Android device allows malicious apps to farm these contacts, and upload them to servers for later malicious use.
Even better for the malicious apps (and worse for you and your contacts), should you also keep birth date and other confidential details about your contacts!
Expect these additional details to allow these unscrupulous people to attempt identity theft should you have information about your contacts that is not supposed to be publicly available.
^^Food for thought^^

Apple is by no means perfect, but they will keep you a lot safer than Google.
Microsoft are also gaining traction in some of the trusts stakes of recent.

Forbes Post:
https://www.forbes.com/sites/daveywinder/2019/06/08/google-confirms-android-smartphone-security-backdoor/

Google Security Blog Post:
https://security.googleblog.com/2019/06/pha-family-highlights-triada.html

Australian Apple Store - Refurbished/Certified Products:
https://www.apple.com/au/shop/refurbished

New Zealand Apple Store - Refurbished/Certified Products:
https://www.apple.com/nz/shop/refurbished

15/05/2019

Hi Admins, Time to Patch ASAP.

I can only hope that NONE of you have publicly exposed RDP servers that allow RDP access without a VPN.
If you do, PATCH NOW.

If you don't have publicly exposed RDP servers, STILL PATCH NOW.
A precaution in case a computer INSIDE YOUR LAN gets hit by malicious code that in turn can hit your servers internally.
Remember that something like this almost cost the huge container shipping company Maersk their business.
Many other businesses have also been hit over the years.

Just sharing and caring.
This is one of the most serious ones we have seen.
Microsoft have even created a Windows XP patch for this one.
This means sh*t is about to get VERY VERY real.

https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708



https://krebsonsecurity.com/2019/05/microsoft-patches-wormable-flaw-in-windows-xp-7-and-windows-2003/

Today Microsoft released fixes for a critical Remote Code Ex*****on vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-...

14/05/2019

This is to alert all users of WhatsApp to update your WhatsApp ASAP.
All computers and mobiles are affected.
The patch was only released on Friday.
I would recommend stopping anything you are doing and updating this if you have not updated WhatsApp since Friday

Note this caution about the vulnerability:
Targets need not have answered a call, and the calls often disappeared from logs, the publication said. The WhatsApp representative said the vulnerability was fixed in updates released on Friday

Attacks used messenger's call function. Targets didn't have to answer to be infected.

03/05/2019

Google just sc**wed Australian GSuite users - confirmed

It seems Google really has gone to town on us all with their April 2019 price rises - they are certainly WELL beyond the expected 20% that was outlined in January 12019.

https://www.crn.com.au/news/google-slugs-australia-with-extra-g-suite-price-rise-520242
This will certainly cost them some customers.
See picture attached below of the *real* price rise effect for Australian businesses.

Office 365 Essentials:
First point for existing Office 365 users - did you know the DEFAULT retention time for permanently deleted items (emptied from trash) is just 14 days?

I find this ludicrous - it came to light while researching the below.

If you have Office 365 (any level), I would recommend editing your default permanently deleted item retention times - especially financial organisations

If you can get by with web-based Mail, Excel, Word, and Power Point, moving to Office 365 Essentials will cost you just 6.90 AUD/month (paid yearly) or 8.20 AUD/month (paid monthly) - EX GST:

https://products.office.com/en-au/compare-all-microsoft-office-products?tab=2

Gotchas to consider before moving from GSuite for Business to Office 365 Essentials:

For GSuite Business 5+ user memberships, you will no longer have unlimited mail and drive storage - Office 365 has 50GB for mail, 50GB for archived mail, and 1TB for drive.

For GSuite Business 4 or less user memberships, you will no longer have 1TB mail and drive storage - Office 365 has 50GB for mail, 50GB for archived mail, and 1TB for drive.

For all GSuite for Business users, you will no longer have unlimited permanent deleted item retention for mail and drive - possible security hazard.

Full mailbox searches over the entire organisation (Vault for GSuite for Business) will be somewhat more cumbersome and slow using Office 365.

I am unsure if the Office 365 global mailbox search will search deleted items like Google Vault - feel free to hit me up if you know the answer to this?

Admins, for those of you considering moving, I have gathered some relevant technical information to consider regarding storage limits, deleted items, and permanently deleted item hold (litigation hold).

Permanent litigation hold could *possibly* allow up to 50GB more storage for permanently deleted mail items (i.e. emptied from trash) as I read it - I still need to confirm this.
The Reddit article is not *official*, but is the only thing I can find that basically says using the special litigation hold gives 50GB of permanently deleted item (emptied trash) storage

Online mailbox storage limits:
https://docs.microsoft.com/en-us/office365/servicedescriptions/exchange-online-service-description/exchange-online-limits

Gotchas for using litigation hold - mailbox stops functioning at 100GB:
https://www.reddit.com/r/msp/comments/6ny5wk/office_365_litigation_hold_legal_hold_limit/

Extending regular deleted items retention time:
https://www.microsoft.com/en-us/microsoft-365/blog/2015/02/20/extended-email-retention-deleted-items-office-365/

Place a mailbox on litigation hold to retain all deleted items - option also to be permanently:
https://docs.microsoft.com/en-us/exchange/policy-and-compliance/holds/litigation-holds?view=exchserver-2019

28/04/2019

What does Google know about you?

Happy Sunday everyone....

I have broached on this one previously, but the page below states it pretty comprehensively as to what Google are tracking about us.
Thanks Darren for the URL - makes for some light Sunday reading.
https://www.quora.com/What-does-Google-know-about-me/answer/Gabriel-Weinberg

If for some reason you do have a reason to do some near-anonymous research, I would recommend using an Apple iOS device (iPhone, iPad etc).
Use the Apple Safari browser app after enabling "Private" mode (enable private mode from the top menu)
When searching, DO NOT use the default search - which is Google Search - See further down this email as to why!!!
Instead use this search engine for a little more privacy/anonymity:
https://duckduckgo.com/
DuckDuckGo's take on privacy...
It is far more reassuring than Google's:
https://duckduckgo.com/privacy

The above will still not hide your presence from a man-in-the middle person or organisation watching your activities.
DNS cache tables on DNS servers give away every single URL you ever type into a browser
Careful when looking for a new job inside your workplace - chances are the IT team log all the site names you visit in their DNS logs - clearing your browser history won't fix this :)
Using DNS servers 1.1.1.1, 1.0.0.1, and 9.9.9.9 at least gives u a little privacy regarding sites you visit.
The unfortunate part of this however is that the DNS requests are NOT encrypted typically - so are viewable by a man in the middle.
Configuring encrypted DNS does exist, but not widely yet. We are all waiting for software and hardware vendors to adopt this standard.

Depending on how many firewalls/NAT levels you are behind, using mobile devices on Cellular Data can often make your Internet usage harder to track.
That said, this just means if authorities really wanted to know what you are doing, they need need to contact more providers to get logs of information about your activity to piece your tracks together

Don't believe for an instant that using Google Chrome incognito mode will keep you anonymous
I also would wager similar for the Microsoft and Firefox browsers.
For those unaware, Google basically funds Firefox development:
https://www.forbes.com/sites/timworstall/2013/01/22/so-why-is-google-funding-its-own-competition-in-the-firefox-os/

I would also note that Google pay Apple a LOT of money to ensure the Google Search Engine is the Apple default for all Apple devices and apps
http://fortune.com/2018/09/29/google-apple-safari-search-engine/

Android users basically cannot ultimately be anonymous - that's just how it is.
Apple users who do things smart at least have a chance
I still view Apple as the least evil of the big vendors we all rely on in our ever-increasing Internet lives.

Regarding VPN's - if you think they are keeping you safe:
All VPN providers keep connection logs...
Most say they don't log you, but it's in the fine print of ALL of them.
They must by law in all countries AFAIK log at a minimum:
Your VPN Username
The Public IP address your VPN connects from
Connection Start Date/Time
Connection End Date/Time
There is almost no winning..

As always, I welcome thoughts or updates on the above

We don't collect or share personal information. That's our privacy policy in a nutshell.

28/04/2019

Time to start thinking about upgrading Windows 7 and Windows 2008R2

I feel it is time to start reminding people of the imminent countdown to 14 January 2020 when Microsoft will no longer offer free monthly security updates for Windows 7, Windows 2008 Server, and Windows 2008R2 Server.
Those of you with Microsoft Volume License Agreements (Large Business and Enterprise Users) will have an option for paid ESU (Extended Security Updates) beyond 14 January 2020 - Windows 7 ESU pricing further down.
Home users with Windows 7, you have no option for extended support - it's time to upgrade to Windows 10 or risk nasty things from the internet potentially infecting your computer after January 14, 2020.

For Windows 2008 server and Windows 2008R2 server, business users will need to purchase Microsoft Software Assurance (MS SA), then in turn purchase ESU in addition to MS SA.
To date, I have been unable to find the pricing per server for ESU after you purchase Software Assurance.
If someone knows the pricing, can you please share?

While I am still researching the legitimacy of doing so, you can still (technically) upgrade for free to Windows 10 using an existing Windows 7, 8, or 8.1 license key.
This is despite the fact that the free upgrade offer expired 31 December 2017.
Given that Microsoft will know the date you upgrade to or install Windows 10 using an existing Windows 7, 8, or 8.1 license key, technically Microsoft could claim you now need to pay for it because you missed their free upgrade offer.
I have never yet heard of this occurring however.
My understanding from asking around that this also works for Windows 7 OEM license keys.
I have looked high and low into the legality of doing this, and am currently at my wits end trying to find something concrete about this scenario.
I'll update this again if/when I get advice confirming either way.
Worst case, if Microsoft eventually ask you to pay, then pay..... simple, stay secure and safe.
Windows 7 is now almost 10 years old (Release date was 22 July 2009).
Think of it as the cost of your 10 year internet drivers license renewal - the internet drives us all nuts :)
FWIW - Windows 10 is considerably faster than Windows 7, and contains built-in memory compression technology that allows it to run acceptably in as little as 1GB RAM if you are not a power-user

As always, I welcome any opinions on the above including any omissions, spelling, or grandma errors :P (let's see who reads this to the end lol)

27/01/2019

If you own a web site, the below information is for you, this notification is not aimed at end-users.

For those interested who do not understand DNS, feel free to wander over to RACS DNS training site that we published many years ago.
It was built to educate users, web designers, techs, and accounts payable staff (who always ask about the *different domain invoices* at various times during the same accounting year).
http://dnssecrets.com/
Nothing for sale, it is purely a community service site RACS built for education purposes.
The InfoGram further down the page gives a very clear picture of the basics of how DNS works.
Credit to Web Designer, Search Engine, and Online Presence Specialist Megan Bennett for a great site layout.
Megan's web site is below should anyone need assistance with Web Design, SEO, and Online Presence:
https://www.pixelportal.com.au/
Now, to the reason for today's Tech Tips email:
On February 1, 2019, larger DNS providers are going to make some major changes to aid more secure DNS on the internet - see the site below:
https://dnsflagday.net/
These is a test on this page to see if your domain is going to have issues.
Scroll down to the "Test your domain" section and type in your domain name WITHOUT www.
e.g for RACS, racs.com.au then press the Test! button.

Feel free to revert to myself should you need a hand understanding the result.
Some of my domains are affected to a point, and I have already logged a query with my DNS provider.

TL;DR (Too Long;Didn't Read) version:
The main change is that DNS servers hosted by the vendors named in the article will interpret timeouts as sign of a network or server problem.
Starting February 1st, 2019 there will be no attempt to disable EDNS in reaction to a DNS query timeout.

Simple version - This effectively means that all DNS servers which do not respond at all to EDNS queries are going to be treated as dead.

Technical version - Recursive DNS servers will no longer work around the following:
- Old Windows DNS servers as the don’t return FORMERR to *all* EDNS queries
- Firewalls that block EDNS or EDNS with a DNS COOKIE option queries

02/07/2016

Home and Business Users. Consider protecting yourselves, your family and your business by changing the DNS server IP's used by your internet router, DNS server or firewall. Using one of these *FREE* services adds an extra layer of protection that can help when your AntiVirus package or Proxy server doesn't know about a new virus, malware or phishing site etc.

These services are ESPECIALLY handy for protecting children from adult sites and sites containing questionable content. The best thing of all is that you don't have to install anything on your computer to take advantage of this.

The simple version of how this works?
The service providers in the article have DNS servers not unlike your ISP's DNS Servers. How these special DNS servers differ is they change the IP addresses of known suspect or bad sites and instead divert you to a safe warning page. This includes sites that you get directed to when clicking on a link in email.

DNS Server IP's are usually automatically assigned by your ISP but In most cases you can change these. The DNS servers for the 6 providers are all listed below. Note that not all are free for business use. Before just *changing* the DNS IP's in your router I would recommend first testing the reliability and ping time to each of the DNS servers. This free tool (WinMTR) is very safe, simple and easy to use for testing ping time and reliability - http://winmtr.net/download-winmtr/ . Nothing to install, just download and run it. The lower the "Avrg" value is on the last/bottom hop the better. You need to also take into account the "Loss %" which is best obviously at 0%.

Comodo Secure DNS - [https://www.comodo.com/secure-dns/]
Free for: Personal use only
DNS Addresses: 8.26.56.26 and 8.20.247.20

Dyn Internet Guide - [http://dyn.com/labs/dyn-internet-guide/]
Free for: Personal or business use
DNS Addresses: 216.146.35.35 and 216.146.36.36

FoolDNS - [http://www.fooldns.com/fooldns-community/english-version/]
Free for: Personal or business use
DNS Addresses: 87.118.111.215 and 213.187.11.62

GreenTeam Internet - [http://members.greentm.co.uk/]
Free for: Personal or commercial use
DNS Addresses: 81.218.119.11 and 209.88.198.133

Norton ConnectSafe - [https://dns.norton.com/]
Free for: Personal use
DNS Addresses: Vary based upon desired protection
Norton ConnectSafe provides three preconfigured DNS servers, free for personal use with no account needed:
Security: The most basic service that automatically blocks malware, phishing and scam sites, and uses the DNS addresses of 199.85.126.10 and 199.85.127.10
Security + Po*******hy: Adds blocking of sexually explicit material; uses the DNS addresses of 199.85.126.20 and 199.85.127.20
Security + Po*******hy + Other: Adds blocking of other mature content, like alcohol, crime, drugs and gambling; uses the DNS addresses of 199.85.126.30 and 199.85.127.30

OpenDNS - [https://use.opendns.com/]
Free for: Personal or business use for Enhanced DNS; personal use only for other home and family services
DNS addresses: 208.67.222.222 and 208.67.220.220 ("FamilyShield" DNS addresses: 208.67.222.123 and 208.67.220.123)

http://www.computerworld.com/article/2872700/6-dns-services-protect-against-malware-and-other-unwanted-content.html

A good DNS service can protect users from a variety of unwanted Web intruders, including phishing sites and botnets. We look at six of them.

26/06/2016

It is time for a good old reminder on passwords folks.

Where possible avoid online password services - Most have been compromised at some point over the years (even LastPass)

Always use Multi-Factor authentication for any service that offers this as a choice. Most of the bigger services have this now. This is known by a few terms. 2-Factor Auth, Multi-Factor Auth, 2-Step Auth and a few others.

Use an Open-Source package for storing passwords that has it's source code out there for the public to scrutinise. KeePass is perfect for this. Ensure you use a complex password (with a mix of upper case, lower case, special characters and numeric digits - e.g. an easy-to-remember complex password would be $%P4s5w0rd*@ ) to protect your KeePass database - minimum 10 characters. Also sync the database to DropBox or Google Drive - both have free and trusted storage. Install the KeePass and DropBox/GoogleDrive apps on your Smart Phone as a backup method to access your passwords. Ensure you configure the KeePass database on your mobile to *be available offline* ready for emergencies. Avoid *viewing* or *typing* passwords from your KeePass database. Leave them hidden and don't view them. Copy and Paste of username and password will often defeat key logger and remote screen watchers - if you are unaware your computer has been compromised with malicious software that logs your keys or watches your screen.

If you are forced to share passwords with others, KeePass is somewhat impractical for shared passwords. When needing shared passwords, use a site like https://www.passwordcard.org/en

I am open to any comments on the above.

A site which lets you print a credit-card sized card with random letters and numbers, letting you pick secure passwords and help you remember them safely.

25/05/2016

Another good old security reminder for those that don't know about this site. The LinkedIn breach is another example of why you should be registered with a site like this. Visit it and enter your email address to see if you have been affected by past breaches. My VEDA membership has breaches registered against my email address but no details. This site gives you the details... https://haveibeenpwned.com/

Have I been pwned? allows you to search across multiple data breaches to see if your email addresses has been compromised.