Monday, 30 November 2015

Microsoft acknowledges bug led to Windows 10 November upgrade stoppage

Restores 1511 to download site, restarts Windows Update push

Microsoft has restored access to Windows 10's November upgrade from its download center, saying that it pulled the upgrade because of a bug.

"Recently we learned of an issue that could have impacted an extremely small number of people who had already installed Windows 10 and applied the November update," a Microsoft spokesman said in a Tuesday statement. "It will not impact future installs of the November update, which is available today."

Microsoft yanked the upgrade from the download website -- and stopped serving it to Windows 10 users via Windows Update -- last week. According to the company, the upgrade had reverted four preferences within the operating system to the original "on" default settings.

"We will restore their settings over the coming days and we apologize for the inconvenience," the spokesman added.

The settings that were changed included two in Windows 10's privacy section -- one that lets the user's advertiser ID to be tracked across multiple apps, another that enables an anti-phishing filter for apps that display Web content -- and a second pair that synchronized devices and allowed various first-party apps to run in the background to, for instance, provide notifications.

Microsoft provided some information on the settings bug in a support document, and also rolled out a new cumulative update, the only kind for Windows 10.

While the bug may seem minor -- especially in the context of the roll call of louder complaints about the November upgrade on Microsoft's own support forums -- the company may have been ultra-sensitive to the privacy settings snafu, considering that the firm has been manhandled by critics over what they saw as a significant uptick in intrusiveness. Those who had turned off the advertiser ID tracking, for example, would certainly have been upset to discover that it had been switched back on after the upgrade.

After fixing the problem, Microsoft restored the upgrade to the download center, where current Windows 10 users can generate installation media -- usually a USB thumb drive, but alternately a DVD -- with the Media Creation Tool (MCT). Many have been using the MCT to cut the line for the upgrade, normally served through the Windows Update service, and skip the wait as Microsoft slowly rolls it out in its now-familiar staggered fashion.

Computerworld confirmed that the MCT now downloads the November upgrade, which Microsoft identifies as both 1511 -- a nod to the November 2015 release date -- and build 10586, rather than the original July 29 code that it had reverted to last week.

The gaffe with the November upgrade could be seen as a setback for Microsoft's strategy to convince customers that it can provide regular upgrades to Windows 10 two or three times a year, and more importantly, prove that it can do so with high-quality code that requires less testing than prior editions.

After the upgrade's Nov. 12 release, but before it was pulled from distribution, Gartner analyst Steve Kleynhans had called 1511 a milestone in Microsoft's scheme. "This is a proof case for the ongoing update process," Kleynhans said in a Nov. 13 interview. "It's only the first data point, of course, but having delivered it, more or less on time, is a pretty good sign."

Now? Maybe not so much.
Posted by at No comments:
Labels:

Tuesday, 24 November 2015

74-678 Designing and Providing Microsoft Volume Licensing Solutions to Large Organisations

QUESTION 1
A Datum wants to extend its on-premises server farm by deploying SQL Server to virtual machines in Microsoft Azure for a short-term development project.
How should you recommend that Contoso license the deployment?

A. Purchase virtual machines that run Windows Server through Azure and assign existing SQL Server licenses by using License Mobility within Server Farms.
B. Purchase virtual machines that run SQL Server through Azure.
C. Purchase virtual machines that run Windows Server through Azure and assign existing SQL Server licenses by using License Mobility through Software Assurance (SA).
D. Use MSDN licenses for Windows Server virtual machines and for SQL Server.

Answer: C

Explanation: * With License Mobility through Software Assurance, you can deploy certain server application licenses purchased under your Volume Licensing agreement in an
Authorized Mobility Partner’s datacenter. * Use License Mobility to:
Extend the value of your server application license by deploying them on-premises or in the cloud.
Take advantage of the lowest cost computing infrastructure for changing business priorities.

QUESTION 2
A Datum plans to implement the VDI.
You need to recommend a solution to ensure that the sales office users can access their corporate desktop from a company-owned iPad. The solution must be the most cost-effective solution today and must ensure that the company meets the licensing requirements of the planned IT strategy.
Which two licenses should you include in the recommendation? Each correct answer presents part of the solution.

A. A Windows Virtual Desktop Access (VDA) license for each tablet
B. A Windows Companion Subscription (CSL) license for each primary device
C. A Windows 8.1 Enterprise Upgrade license for each tablet
D. An RDS User CAL for each sales office user

Answer: A,D

Explanation: A: VDA licensing is the recommended license for VDI access devices that do not
qualify for SA. VDA provides organizations with the ability to license Windows for use via devices that do not traditionally come with a Windows license, such as thin clients, smartphones, and tablet devices. Organizations can also use VDA to license devices that the organization does not own, such as employees’ home PCs and contractor devices.
D: The RDS CAL is the primary license for Microsoft VDI. It offers the flexibility to deploy both VDI and RDS Session Virtualization so that you can provide access to full desktop and shared desktop experiences. You must purchase one RDS CAL for each device or user that accesses VDI. A
* Scenario: A Datum plans to implement a Virtual Desktop Infrastructure (VDI) by using Remote Desktop Services (RDS) on Windows Server 2012 R2.
In line with the VDI implementation, all of the sales office users will be issued a tablet. A Datum wants to enable the users to work from their home computer as well, as the need arises. In addition, the company plans to enable a Bring Your Own Device (BYOD) strategy.

QUESTION 3
Which two goals are met by the company's current licensing solution given the planned changes? Each correct answer presents part of the solution.

A. A Datum must run the most up-to-date versions of the desktop platform products to access the custom application.
B. A Datum wants the users to be able to access their corporate desktop from their home computer.
C. A Datum wants to deliver Windows and Office in a virtual desktop to the users.
D. A Datum wants to be able to install multiple virtual desktops on the device of each user.
E. A Datum wants the flexibility to deploy virtual desktops to the cloud.

Answer: B,C

Explanation: Not A: The latest versions can not be used. Not D, not E: No current cloud licensing exists.
* Scenario:
/ Current Licensing Solution
A Datum recently signed an Enterprise Agreement that includes Office Professional Plus, Windows Enterprise Upgrade, and Microsoft Core CAL Suite licensed per user.
Currently, all of the licenses for SQL Server are assigned to long-term workloads.
/ A Datum uses Microsoft Lync Server 2010, Microsoft SharePoint Server 2010, and Microsoft Exchange Server 2010. Various versions of Microsoft SQL Server are used heavily across the server farm both as an infrastructure product and as a data warehouse tool.
/ Business Goals
A Datum spent a significant amount of time developing a custom application that will be used by hundreds of the company's partners and suppliers. The application will always run on the latest version of SQL Server and SharePoint Server. A Datum wants the application
to be available to the users immediately.

QUESTION 4
A Datum purchases Windows 8.1 Enterprise Upgrade licenses through their current agreement.
What are three benefits of these licenses compared to the Original Equipment Manufacturer (OEM) licenses? Each correct answer presents a complete solution.

A. License Mobility rights
B. Rights to reassign licenses
C. Re-imaging rights
D. Perpetual usage rights
E. Windows Virtual Desktop Access (VDA) rights

Answer: B,D,E

Explanation: B: Windows Enterprise use rights are bound to the existing PC if SA is allowed to expire. And as before, Windows Enterprise edition upgrade licenses can be reassigned to a replacement device while SA is active, as long as the replacement device has a "qualifying OS."

QUESTION 5
A Datum is evaluating moving the licensing of its desktop platform products to Office 365.
Which three licenses will make up its desktop platform? Each correct answer presents part of the solution.

A. Office 365 ProPlus
B. Windows Intune
C. Windows 8.1 Enterprise
D. Microsoft Core CAL Suite Bridge for Office 365
E. Office 365 Enterprise E3

Answer: A,D,E

Explanation: A: When you deploy Office 365 ProPlus, it's installed on the user's local computer. Office 365 ProPlus is offered as a monthly subscription.
D: Microsoft Client Access License (CAL) Suite Bridges are used when you are transitioning from a CAL Suite (on premises) to a comparable Product and Online Service combination.
* Scenario:
A Datum wants to improve the manageability and control of the users' desktops. In the short term, the company will deploy Windows 8.1 Enterprise and Office Professional Plus 2013 internally. During the next six months, A Datum plans to implement a Virtual Desktop Infrastructure (VDI) by using Remote Desktop Services (RDS) on Windows Server 2012 R2.

Posted by at No comments:
Labels: , , , , , , , ,

Wednesday, 11 November 2015

Former Marine fights to connect veterans with IT jobs

One consulting firm's hiring program aims to place U.S. military veterans in IT engagements.
The transition to corporate life can be challenging for military veterans. Companies aren't used to hiring veterans, whose resumes are unlikely to make it past their keyword-filtering software. Veterans aren't used to articulating their military experience in business terms, nor are they accustomed to typical workplace culture and communication. Far too often, uniquely skilled veterans returning from Iraq and Afghanistan hear the same disheartening message -- that they’d make great security guards.

Nick Swaggert, a former infantry officer with the U.S. Marine Corps, sees untapped talent in these returning soldiers, and he’s committed to helping them find career opportunities in the tech world. Swaggert is Veterans Program Director at Genesis10, an outsourcing firm that provides IT consulting and talent management services. His job is to recruit veterans, help them translate their military experience to relevant corporate experience, and find a place for veterans to work at Genesis10's clients.

Swaggert knows firsthand what it’s like to see a military career reduced to the output of a military skills translator (software that’s designed to match military skills, experience and training to civilian career opportunities).

“I was in the Marine Corps infantry. Backpack and guns type of thing. So what does it say for me? I can be a security guard,” Swaggert says of the typical automated skills translator. “Someone in the infantry probably pulled a trigger less than 0.1% of the time. They probably spent a lot of their time in logistics, leadership, setting up communications assets, organizing supply chains. These are all things we did, but my job says I pulled a trigger.”

In reality, the infantry experience varies widely for today’s service men and women – including Swaggert, who was sent to the Syrian border, 300 miles from the nearest base. “I needed to make sure that the supply chain -- helicopters were flying us supplies -- was optimized. When you live in a space the size of a conference room table, or you're on a vehicle, there's not a lot of room for error in terms of too much or too little supplies,” he recalls. “I needed to learn how to set up a satellite radio, to send digital pictures of smugglers we were catching back to the base. Using a very high-tech radio and a rugged laptop in a sandstorm, I learned to problem-solve communications assets. That doesn't come across in a translator."

When Swaggert left the Marine Corps, he found a new mission: helping veterans find civilian jobs that make use of their myriad talents.

"I got out in 2010. I was told time and time again, 'Nick, you seem like a really great

guy, but you just don't have the experience that we're looking for.' That's what led me to go and get my master's degree and become passionate about it. This is a huge opportunity. There's a huge miss here in communication. Someone needs to be out there, proselytizing."
computerworld salary survey carousel hiring
Network jobs are hot; salaries expected to rise in 2016

Wireless network engineers, network admins, and network security pros can expect above-average pay

Why and how you should secure digital documents

The days when IT could autocratically dictate how employees access stored data and network traffic...
Genesis of an idea

Swaggert also understands what it’s like to be an enlisted person and an officer -- a rare perspective for veterans of the typically stratified U.S. military. He enlisted in the Marines right out of high school. He was later selected for an officer training program, which allowed him to get a college degree while in the Marines.

After getting his degree, Swaggert was commissioned as an officer in 2005. He wanted to be an infantry officer, even though a friend advised him to pursue a more hirable assignment in communications or logistics. “I said ‘no way, that's not going to happen. I'm going to go serve my country on the front lines.’ Then I came home, and like many other people, saw that doesn't help me.”

Even with a college degree, his path to a corporate career wasn't always smooth.
Swaggert applied and was rejected for a corporate program that’s designed to train and certify military veterans in computer networking. "My ASVAB -- Armed Services Vocational Aptitude Battery -- it's like the military SAT. It shows how well you can learn new jobs. I scored in the 96th percentile of all service members. They don't look at that, though. They just say, 'well, he was in the infantry, he can shoot guns. There's no way he could possibly learn network stuff.' This is exactly why people can't get jobs."

When young, college-educated officers leave the military, they’re often recruited through junior military officer (JMO) training programs at companies such as Deloitte, PwC, General Electric and PepsiCo. Companies compete to hire these service members, many of whom got their college degrees, served four years in the military, and are set to enter the business world at a young age having amassed significant leadership experience. “They have their degrees, the path is laid out for them, and they’re heavily recruited,” Swaggert says.

It’s a different world for enlisted men and women, most of whom leave the military without a college degree. Even if they get their degrees after serving in the military, it can be hard to find work. “An officer goes to college for four years, then serves for four years. An enlisted guy serves four years, then goes to college for four years. After eight years they're fairly equivalent, but one group is highly employed and the other group is heavily underemployed,” Swaggert says.

Nationwide, the unemployment rate for military veterans who served after 9/11 was 9% in 2013, according to data from the U.S. Bureau of Labor Statistics. That's down from 9.9% the year before, but well above the overall unemployment rate for civilians, which was 7.2% during the same period. The numbers are particularly bleak for the youngest veterans, aged 18-24, who posted a jobless rate of 21.4%.
c2 crew b

Nick Swaggert (center), pictured with the crew of his command and control vehicle during a break while patrolling the Syrian/Iraqi border.

“Being an officer, you gain a tremendous amount of experience and have tremendous leadership opportunities. The other group has been given similar, but not as extensive, experience. That's where we think there's a business opportunity,” Swaggert says.

At Genesis10, employees see the value of U.S. military experience in the corporate world. It’s a view that comes from the top. Harley Lippman is the CEO and owner of the $185 million privately-held firm, which is based in New York. Lippman participated in a program that brings groups of U.S. service-disabled veterans to Israel, and when he saw how well Israel treats its veterans – with comprehensive health services and job assistance, for example -- Lippman was inspired to launch his company’s program on Veterans Day in 2011. Swaggert joined the effort in mid-2013. “Harley is a visionary, and he saw that there's a huge opportunity to tap into this untapped talent vein,” Swaggert says.

The firm is realistic about placing former soldiers. Some of the roles Genesis10 envisions U.S. military veterans helping fill include project manager, business analyst, testing analyst, storage administrators, database administrators, network engineers, midrange server specialists, and problem and incident management positions.

“We have clients who need Java developers with 10 years of experience. I'm not pretending Joe Smith off the street is going to do that,” Swaggert says. “But there are needs such as entry-level data entry, business analyst, quality assurance -- stuff veterans will do really well, very process-oriented roles. Veterans are very detail-oriented. We have checklists for everything we do. If you don't dot an 'i' or cross a 't' an artillery round lands on your location.”

Part of Genesis10’s strategy is to connect veterans with companies that want to hire returning soldiers but are unsure how to go about it.

One hurdle is that many companies don’t know how to find veterans. It’s not enough to post typical job descriptions on veteran-focused job boards or at military recruiting fairs. "That doesn't mean anything to a veteran. You're not recruiting by job code -- everyone in the military has a job code. You're not recruiting by rank -- rank equals experience," Swaggert says. “You have to tailor that.”

He’s understanding of the conundrum for hiring managers. "On the company side, I don't blame them,” Swaggert says. “Hiring managers don't have experience hiring veterans. We are such a small fraction of the population. You can't expect them to know and understand.”

Another part of Genesis10’s strategy is to prepare veterans for workplace culture, not only by tweaking resumes but also through interview coaching and soft-skills development. Communication is a key element.

"Veterans have different communications styles. In the military, we call it BLUF -- it's an acronym that stands for 'bottom line up front.' You state the bottom line. In the military, you walk up to someone at their desk, or wherever, and you just tell them what you want,” Swaggert says. Civilians communicate differently, and veterans need to learn to deal with the differences.

Veterans also need to learn how to interview. In the military, higher-ups look at soldiers’ service records to determine who moves up the ranks. “That interviewing skill just completely atrophies -- if it was ever there in the first place and most likely it wasn't,” Swaggert says.

For companies that are open to hiring veterans, Genesis10 can smooth the process. The company understands that there’s risk associated with trying new hiring approaches. "We've built a program to try to mitigate that risk,” Swaggert says. "We flat out say in our presentation, 'we are here to mitigate the risk of hiring a veteran.'"

Still, it’s not always an easy sell. "There's a reason why veterans don't get hired. If it were easy it would already have been done. You have to invest time and effort. I wish I could say it's just rewriting a resume. But it's not.”

The most challenging part of Swaggert’s job is trying to find companies that are willing to hire veterans.

“My number one job is not to find veterans. I could stroll down to the nearest base, or post a job online looking for U.S. Military veterans. The hard part is walking into the companies. I've talked to a lot of CIOs, a lot of VPs, saying, 'do you guys want to hire veterans?' They all say yes, and they say, ‘well how do we do it?’ We talk about selection, training, mentoring, and onboarding and getting them to commit to that kind of investment.”

Success is hearing “’yes, I'm going to force my people to hire someone who's a little bit different.’”

Swaggert joined the Reserves to stay connected to the military, and as a commanding officer in the Reserves, he flies monthly to Ohio. “The Marine Corps is very important to me. It will always be very important to me,” Swaggert says. “I'm not wearing a uniform every day, but I’m definitely doing military-related things daily.”

“There are plenty of people like me, who joined the military during a time of war, who are really smart people who said, 'I want to serve on the front lines, because that's what this country needs.'"

Now that they’re home, he wants to help them find work.



Posted by at No comments:
Labels: , , , ,

Sunday, 1 November 2015

Sony BMG Rootkit Scandal: 10 Years Later

Object lessons from infamous 2005 Sony BMG rootkit security/privacy incident are many -- and Sony's still paying a price for its ham-handed DRM overreach today.

Hackers really have had their way with Sony over the past year, taking down its Playstation Network last Christmas Day and creating an international incident by exposing confidential data from Sony Pictures Entertainment in response to The Interview comedy about a planned assassination on North Korea’s leader. Some say all this is karmic payback for what’s become known as a seminal moment in malware history: Sony BMG sneaking rootkits into music CDs 10 years ago in the name of digital rights management.

“In a sense, it was the first thing Sony did that made hackers love to hate them,” says Bruce Schneier, CTO for incident response platform provider Resilient Systems in Cambridge, Mass.
LogRhythm CEO hobbies

Mikko Hypponen, chief research officer at F-Secure, the Helsinki-based security company that was an early critic of Sony’s actions, adds:

“Because of stunts like the music rootkit and suing Playstation jailbreakers and emulator makers, Sony is an easy company to hate for many. I guess one lesson here is that you really don't want to make yourself a target.

“When protecting its own data, copyrights, money, margins and power, Sony does a great job. Customer data? Not so great,” says Hypponen, whose company tried to get Sony BMG to address the rootkit problem before word of the invasive software went public. “So, better safe than Sony.”

The Sony BMG scandal unfolded in late 2005 after the company (now Sony Music Entertainment) secretly installed Extended Copy Protection (XCP) and MediaMax CD-3 software on millions of music discs to keep buyers from burning copies of the CDs via their computers and to inform Sony BMG about what these customers were up to. The software, which proved undetectable by anti-virus and anti-spyware programs, opened the door for other malware to infiltrate Windows PCs unseen as well. (As if the buyers of CDs featuring music from the likes of Celine Dion and Ricky Martin weren’t already being punished enough.)

The Sony rootkit became something of a cultural phenomenon. It wound up as a punch line in comic strips like Fox Trot, it became a custom T-shirt logo and even was the subject of class skits shared on YouTube. Mac fanboys and fangirls smirked on the sidelines.

“In a sense, [the rootkit] was the first thing Sony did that made hackers love to hate them,” says Bruce Schneier, Resilient Systems CTO.

Security researcher Dan Kaminsky estimated that the Sony rootkit made its mark on hundreds of thousands of networks in dozens of countries – so this wasn’t just a consumer issue, but an enterprise network one as well.

Once Winternals security researcher Mark Russinovich -- who has risen to CTO for Microsoft Azure after Microsoft snapped up Winternals in 2006 -- exposed the rootkit on Halloween of 2005, all hell broke loose.

Sony BMG botched its initial response: "Most people don't even know what a rootkit

is, so why should they care about it?" went the infamous quote from Thomas Hesse, then president of Sony BMG's Global Digital Business. The company recalled products, issued and re-issued rootkit removal tools, and settled lawsuits with a number of states, the Federal Trade Commission and the Electronic Frontier Foundation.

Microsoft and security vendors were also chastised for their relative silence and slow response regarding the rootkit and malware threat. In later years, debate emerged over how the term “rootkit” should be defined, and whether intent to maliciously seize control of a user’s system should be at the heart of it.

In looking back at the incident now, the question arises about how such a privacy and security affront would be handled these days by everyone from the government to customers to vendors.

“In theory, the Federal Trade Commission would have more authority to go after [Sony BMG] since the FTC’s use of its section 5 power has been upheld by the courts,” says Scott Bradner, University Technology Security Officer at Harvard. “The FTC could easily see the installation of an undisclosed rootlet as fitting its definition of unfair competitive practices.”

Bill Bonney, principal consulting analyst with new research and consulting firm TechVision Research, says he can’t speak to how the law might protect consumers from a modern day Sony BMG rootkit, but “with the backlash we have seen for all types of non-transparent ways (spying, exploiting, etc.) companies are dealing with their customers, I think in the court of public opinion the response could be pretty substantial and, as happened recently with the EU acting (theoretically) because of [the NSA’s PRISM program], if the issue is egregious enough there could be legal or regulatory consequences. “

As for how customers might react today, we’ve all seen how quickly people turn to social media to take companies to task for any product or service shortcoming or any business shenanigans. Look no further than Lenovo, which earlier this year got a strong dose of negative customer reaction when it admittedly screwed up by pre-loading Superfish crapware onto laptops. That software injected product recommendations into search results and opened a serious security hole by interfering with SSL-encrypted Web traffic.

In terms of how security vendors now fare at spotting malware or other unsavory software, Schneier says “There’s always been that tension, even now with stuff the NSA and FBI does, about how this stuff is classified. I think [the vendors] are getting better, but they’re still not perfect… It’s hard to know what they still let by.”

Noted tech activist Cory Doctorow, writing for Boing Boing earlier this month, explains that some vendors had their reasons for not exposing the Sony rootkit right away. “Russinovich was not the first researcher to discover the Sony Rootkit, just the first researcher to blow the whistle on it. The other researchers were advised by their lawyers that any report on the rootkit would violate section 1201 of the DMCA, a 1998 law that prohibits removing ‘copyright protection’ software. The gap between discovery and reporting gave the infection a long time to spread.”

Reasons for hope though include recent revelations by the likes of Malwarebytes, which warned users that a malicious variety of adware dubbed eFast was hijacking the Chrome browser and replacing it, by becoming the default browser associated with common file types like jpeg and html.

Schneier says it’s important that some of the more prominent security and anti-virus companies -- from Kaspersky in Russia to F-Secure in Finland to Symantec in the United States to Panda Security in Spain -- are spread across the globe given that shady software practices such as the spread of rootkits are now often the work of governments.

“You have enough government diversity that if you have one company deliberately not finding something, then others will,” says Schneier, who wrote eloquently about the Sony BMG affair for Wired.com back in 2005.

The non-profit Free Software Foundation Europe (FSFE) has been calling attention to the Sony BMG rootkit’s 10th anniversary, urging the masses to “Make some noise and write about this fiasco” involving DRM. The FSFE, seeing DRM as an anti-competitive practice, refers to the words behind the acronym as digital restriction management rather than the more common digital rights management.

F-Secure Chief Research Officer Mikko Hypponen: "I guess one lesson here is that you really don't want to make yourself a target."

Even worse, as the recent scandal involving VW’s emissions test circumvention software shows, is that businesses are still using secret software to their advantage without necessarily caring about the broader implications.

The object lessons from the Sony BMG scandal are many, and might be of interest to those arguing to build encryption backdoors into products for legitimate purposes but that might be turned into exploitable vulnerabilities.

One basic lesson is that you shouldn’t mimic the bad behavior that you’re ostensibly standing against, as Sony BMG did “in at least appearing to violate the licensing terms of the PC manufacturers” TechVision’s Bonney says.

And yes, there is a warning from the Sony BMG episode “not to weaponize your own products. You are inviting a response,” he says.



Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)