In our “N-1: Where IT Departments S….?” blog post we share our observations and describe some common issues that companies are having in their IT infrastructures. We also explain how to avoid these problems by taking proactive steps. Unfortunately, sometimes we see situations where… Hang on, let’s not describe those…
Month: January 2015
.NET 4.5.2 Update on Exchange Servers?
Microsoft Windows Update is now offering the .NET Framework 4.5.2 update as an “Important” update to Windows computers. Microsoft .NET Framework 4.5.2 for Windows 8.1 and Windows Server 2012 R2 for x64-based Systems (KB2934520) Microsoft .NET Framework 4.5.2 for Windows Server 2008 R2 for x64-based Systems (KB2901983) First of all,…
N-1: Where IT Departments S….?
Being named as one of the best IT experts in Canada, iRangers team is often involved in various assessments, discoveries and troubleshooting engagements. While analyzing these cases from several past years, we found some interesting commonalities. No matter which technology is being deployed, assessed or troubleshot, whether it is Microsoft,…
Single-Factor (password only) Authentication: It’s NOT Enough Nowadays!
Dell SecureWorks Counter Threat Unit(TM) (CTU) researchers discovered malware that bypasses authentication on Active Directory (AD) systems that implement single-factor (password only) authentication. Threat actors can use a password of their choosing to authenticate as any user. This malware was given the name “Skeleton Key.” CTU researchers discovered Skeleton Key…
No More SSL 3.0 at Azure Storage Starting Feb. 20, 2015
Microsoft plans to disable Secure Sockets Layer (SSL) 3.0 encryption support in its Azure Storage service next month. Azure Storage won’t support the SSL 3.0 security protocol starting on Feb. 20, 2015, the company announced this week. If organizations still have browsers using that that protocol after February 20, then…
Vulnerability in SSL 3.0 Could Allow Information Disclosure
In the end of 2014 it became known that the SSL protocol (specifically SSL v3) was broken and decryption of the encrypted data was possible. This is an industry-wide vulnerability affecting the SSL 3.0 protocol itself and is not specific to the Windows operating system. All supported versions of Microsoft…