Yesterday we were confronted with the first instance of a customer infected with a particularly nasty bit of malware that locks up all data on an infected server/PC, then demands a "ransom" payment of $500 to $1000 to unlock the data.  This infection first appeared a few weeks ago around the Internet.  Several variants of this malware/ransomware have been detected at this point.

How It Works

• Attackers identify a PC as vulnerable via the remote desktop (terminal services) service
• Attackers brute force themselves into gaining remote control of said PC
• Once in control, the attackers install the malware in question
• The malware will lock you out of your PC, and will render all data on said PC inaccessible
• The malware will put up a splash screen that demands payment (a ransom) to "unlock" your server and your data.  This splash screen will also state that the "Anti Cyber Crime Department of Federal Internet Security Agency" (there is no such agency) is responsible for locking your PC because it is being used to spread child pornography.  It will threaten to notify the FBI if you do not make the aforementioned payment.

Once infected, there is no way known at the moment to regain access to your data.  While the malware itself can be removed, once it has encrypted your files, there is no way to crack that encryption.  Your data is effectively lost.  We are unable to confirm if making the demanded payment will unlock your data or not.

Who Is Vulnerable

It would appear that any Windows PC or server with the remote desktop service exposed on the Internet are potentially vulnerable, especially those using weak passwords on typical accounts like "administrator", "owner" or "support" accounts.  Since PCs are infected via actual remote control, typical security software (i.e. anti-virus and anti-malware) is not effective in preventing this attack as the attackers simply disable it before installing the malicious software on your PC. Macs and Linux/BSD hosts are not vulnerable to this threat.

What Steps Should You Take

We STRONGLY suggest that you give your IT assets the once over to evaluate your level of vulnerability to this threat.  The best prevention is to not expose your remote desktop servers/PC to the Internet without employing firewall/VPN protection.  Take steps to ensure that you're enforcing strong password policies on your PCs and servers, and consider changing the remote desktop port on your PCs and servers or eliminating remote desktop altogether in favor of other remote control methods (i.e. Log Me In).  Of course, maintaining a current backup of your important data is strongly suggested at all times as well.

We Can Help

If you are unsure about if you are vulnerable to this threat, or would like help with implementing best practice security, management and backup policies, please ask.  We understand that your IT assets are important to your business, and we'll be happy to take a few minutes to assess your situation with you.  If need be, we are available on a consulting basis to help.

-------

Founded in November 2000, Gotham Bus provides technology consulting and  high reliability, high value server co-location, dedicated servers and web/email hosting in our Long Island, NY datacenter.  Visit us at http://www.gothambus.com

Here's what yesterday looked like at Gotham Bus.  Just another day in the life ...

-------

Founded in November 2000, Gotham Bus provides technology consulting and  high reliability, high value server co-location, dedicated servers and web/email hosting in our Long Island, NY datacenter.  Visit us at http://www.gothambus.com

<End spammer bait>

(A bit of housekeeping for the folks at Technorati - GY66EN4GEP27)

We all play different roles at different moments in our lives, and those roles often involve interacting with completely different groups of people.  For this reason, I don't connect with business associates and customers on Facebook. If you fall into that category, don't take it personally.  You just don't need to see pictures of my dog or my kids, or hear about how frustrated I am with the New York Giants.  Conversely, I tend not to post many technical/industry/business items on Facebook, leaving that stuff instead to Twitter and our business-related Facebook pages.  

If you've been poking around Google Plus at all, you've seen the concept of "Circles".  Circles are a vast improvement over Facebook sharing in that circles give you greater control over what you share - and with whom -  at any given time.  With Google Plus, I can connect with everyone, but this time I have a way to keep my different roles neatly segregated.  Kid pictures get seen only by family and friends.  Information about firewalls and Apache configuration goes only to other techies.  Information useful to customers goes only to customers.  Finally, we have social sharing designed for multiple personalities, and that ain't a bad thing.

I do think Google is missing the boat to a certain extent though.  Right now Google Plus circles are very Twitter-esque in that you can broadcast to all members of a circle, but replies are seen only by you and those people that choose to actively seek out your "stream".  In this model, one-to-many immediately becomes (for the most part) one-to-one.  Sometimes you want that, but other times you want one-to-many to becomine a many-to-many exchange.  Google would do well to add the ability to turn a circle into more of an open discussion group if desired.  Sharing in the group would still remain limited to members of that circle, but allowing other members to invite thier friends into the circle, and making the discussion readily availble for all members to see would be nice when appropriate. If they really want to get crazy, why not allow me to attach my "sparks" (information feeds covering topics of interest to me) to my circles?  Let me feed headlines from my hockey sparks into my circle of hockey friends and then let us discuss what we see.  Allow me control over who can join and who can invite others, maybe provide an RSS feed of the circle stream that people can subscribe to, and then we're cooking over high heat!

Of course, this is coming from a guy that's written a grand total of maybe 1000 respectable lines of code in 15 years, but that's not really my job.  Besides, Google appears to pride itself on having smart people that come up with good stuff, so I see no reason why they can't have this cooked and ready to serve by noon, or maybe by 3PM if Google likes to sleep late.  I'm willing to be patient.

-------

Founded in November 2000, Gotham Bus provides technology consulting and  high reliability, high value server co-location, dedicated servers and web/email hosting in our Long Island, NY datacenter.  Visit us at http://www.gothambus.com

Networks and servers need to be monitored. When things break, they need to be fixed, so keeping a watchful eye on all network elements at all times is critical. There's a hidden issue in network monitoring that often gets missed, especially by the less experienced. Monitoring a complex network can generate large amounts of information in a short amount of time. How will you distribute that information, and how will you manage how your employees and vendors are engaged?

• Which network events need to be reviewed and which can simply be archived for future reference if needed? 
• Which network events can be emailed for review when convenient? Which demand 24x7 SMS/text message alerts and immediate action by live humans? 
• Are you a 24x7 operation with zero tolerance for downtime? Can a dead web server on Sunday evening be handled on Monday morning? 

Consider that human beings are really good at adapting. Consider also that we're creatures of habit and routine. The point is that even the most dedicated employees can easily fall into habits that could result in ignoring critical network alerts if the process isn't managed properly. To avoid this, you'll want to address two issues - false alarms and alarm overload. False alarms can happen now and then, but if you're issuing alerts on a regular basis that can simply be ignored, you're conditioning your team to ignore alerts. Obviously not a good thing. If you find a device or a link that continually triggers false alarms, do what you must to either fix it, or adapt the way you monitor that element to avoid this whenever possible. Alarm overload is very common, especially among IT managers that have just discovered that they can micro-monitor every last nano-event on the network. Cool, but just because you can doesn't always mean you should (which applies to many things in life). Filling mailboxes or blowing up mobile phones with network notifications means you're burying the really important things under mountains of the mundane. Again, you're conditioning your people to ignore alerts and at some point this will bite you in an uncomfortable place.

We have direct experience on one network where the monitoring system watches every single element at all times. Servers and Internet links (important), but also workstations, laptops, and even printers and scanner/fax devices (arguably less critical). Let us know if Jenny's workstation is about to run out of free disk space. Don't tell us that she shut down and went home for the evening (unless you're paying us to chain Jenny to her desk for the weekend). Log that info if you feel you must, but sending email and/or SMS alerts on that event is just a bad idea because it slowly erodes the importance of every alert you send.

Network monitoring and associated alerts are a good example of when more isn't necessarily better. By all means, gather as much information as you want to, but pay close attention to how you distribute that information. Don't lead your team into the information overload quicksand where they can slowly sink into unintended complacency. Most network engineers will tell you, "If you want me to act on messages sent to my phone at 3 AM, make sure that only truly important messages go there."

-------

Founded in November 2000, Gotham Bus provides technology consulting and  high reliability, high value server co-location, dedicated servers and web/email hosting in our Long Island, NY datacenter.  Visit us at http://www.gothambus.com

Sometimes you just have to brag a bit, or at least share some good news.

We're proud to announce that we've been chosen as technology support consultant by Sherwood Lumber based in Islandia, New York. Gotham will provide general IT and technology support and consulting to the Sherwood team. This includes network availability and performance monitoring, general network configuration and security consulting, server and application support, end-user support and coordination of Sherwood's hardware and telecom service vendors. Gotham will be supporting the entire Sherwood enterprise network in all locations across the US.

The services we'll be providing for Sherwood are a natural extension of what we already do on a daily basis so this builds perfectly upon our core competencies. We're a good fit for Sherwood based on our experience, our particular focus, and the fact that we're close to them geographically, so the whole arrangement just makes good business sense for both parties. Sherwood Lumber is a strong, well run organization that cares about smart use of technology to support its operations. This makes them the idea client for just about anyone, so we're particularly thrilled that they chose us. As an added bonus, working with Sherwood means working with some of our neighbors on Long Island. We spend much of our time working with customers from coast to coast and overseas, so the opportunity to work face-to-face with good local people is always welcomed.

With headquarters on Long Island, New York, Sherwood Lumber (http://www.sherwoodlumber.com) employs 70 associates in 15 locations across the US. Sherwood supplies more than 1800 lumber yards and manufacturers with building materials from environmentally managed producers in North America, Europe and Asia. Sherwood's team of 42 sales associates boasts more than 1000 years of combined industry experience, providing customers with unique insights helpful in managing purchasing decisions. Sherwood Lumber has been in business for over 50 years since its inception in 1958.

-------

Founded in November 2000, Gotham Bus provides technology consulting and  high reliability, high value server co-location, dedicated servers and web/email hosting in our Long Island, NY datacenter.  Visit us at http://www.gothambus.com

If you're over 35 or so, odds are you've wondered from time to time if you really should be using tools like Facebook and Foursquare. Often your concern will be based in some way on privacy and security issues. Sometimes, things like telling the world where you are (checking in) and who you're with (tagging) just seem at a gut level like bad ideas.

Well as they say, it sucks to get old. It turns out that our privacy and personal security concerns pretty much make us the grumpy old guy yelling at those darn kids to turn down the music and get off the lawn. We kick and scream and complain about how things are changing for the worse, but in the end it doesn't matter. Skirts continued to get shorter, bands continued to get more outrageous, and social media will continue to play a larger role in society. Get used to it.

Spend any time in a club with people much younger than you and you'll soon see that checking in, tagging and bumping - to name a few - are as commonplace as ordering a beer. They're just part of the fabric now. It's not news. Everyone is doing it.

Are they aware of the privacy issues? Do they understand that living life on the social grid simply perpetuates and reinforces your primary function - to follow quietly along and consume? Are they in tune with the fact that broadcasting your location at all times presents all kinds of personal security risks? Either the younger generation is stupid to an epic degree, or they just feel that the rewards of life on the social grid outweigh the risks. I'm guessing it's more the latter, but don't underestimate the power of stupidity as many an empire has been built on it.

From to time we'll continue to hear about privacy and security problems. We'll even hear some horrific stories based on cyber-stalking and that sort of ugliness. In the end however, the wagon train will continue to roll west and 15 years from now a world without tagging and check-ins will seem inconceivable. At that point the people yelling loudest about social media's dark side will be checking in at assisted living communities and in the Depends aisle at the supermarket, so my advice is to buy and hold. Companies like Foursquare and Facebook will be as well entrenched as GE and Proctor & Gamble. Those pesky kids won't have it any other way.

-------

Founded in November 2000, Gotham Bus provides technology consulting and  high reliability, high value server co-location, dedicated servers and web/email hosting in our Long Island, NY datacenter.  Visit us at http://www.gothambus.com

If you're a cloud computing proponent your end game is likely a world of cheap thin access client devices that do not rely  on local storage or even local computing power to get the job done.  Connect me to the cloud, let the cloud handle all storage and computing tasks, and let my device just be a display and control portal. 

There's an old saying ...

"Fast, good or cheap.  Pick any two."

This applies to most anything, but it often rings true in the web hosting game.  Some recent banter in the hosting and SEO universe brings this point to light.  It appears that Google is reserving the right to ban entire servers if those servers are hosting "spammy" sites.  That means that if Google decides that server X is hosting spam sites, no sites hosted on server X will be ranked.  Google will not only punish the offending site(s), but its neighbors as well.  From a search perspective, this is basically a death penalty for any given server.  In theory, there's nothing to stop Google from expanding this policy to include multiple servers within a given IP subnet or AS number.  There's no evidence at this point that they will or do, but it would be trivial to do so from an operational standpoint.

What does this have to do with choosing between good and cheap when it comes to hosting?   Simple.  As volume on a given network rises, it becomes more difficult for that network operator to monitor and control what's going on.  If you're in the business of providing free hosting (there are free hosting companies out there), odds are you're going to attract spammers and you'll have lots of sites to deal with.  If you're in the business of providing REALLY cheap hosting to hundreds of thousands of sites, you're going to be in a similar boat.  This is not to say that you should spend $50/month to host your little web site, but if you're choosing a host based purely on low price, that strategy can come back to bite you when your site disappears from Google because your $4.95 host is harboring spammers and other miscreants and can't deal with the problem because they're overwhelmed.

When choosing a host, you'll want to consider (among other things), the general reputation of that host's network.  Are they known for hosting spam sites?  How aggressive are they in enforcing an anti-spam policy?  Do they actually have a staffed abuse desk, or do abuse reports just go into auto-reply trouble ticket land where no human will ever see them until after the next Presidential election?   Obviously the larger the host, the harder it is for them to actually read and respond to every abuse report, but that can't be your problem.  Volume driven by low price is not an excuse, nor a defense against what Google is trying to do here.

This kind of action is nothing new in the anti-spam war.  Email blocklists designed to stop the flow of email spam have relied on "collateral damage" for years.  The theory is that if a network operator won't take action, punishing its innocent customers should rattle enough cages to overcome that inertia.  Sometimes it works.  Sometimes it doesn't.  One thing that is certain is that the collateral damange strategy is here to stay.  Don't bother crying "foul".  Nobody is listening.  If you're caught in the crossfire, change providers.  If enough people change, the offending provider should be compelled to act.  That's how it works, at least in theory.

We're curious to see exactly what criteria Google will be using to judge a host as "spammy".  Are they talking about email spam?  Are they talking about hosting "spamvertised" sites?  Is hosting malware and/or phishing sites grounds for execution?  Those all seem reasonable, but will Google take the next step and punish hosts for harboring webmasters that Google thinks are trying to "game" its system.  We've already seen Google lay the smackdown on content and link farms over the last few months.  Will hosting purely pay-per-click sites get a host banned?  We'll keep an eye on how this starts to play out.

--------

Founded in November 2000, Gotham Bus provide high reliability, high value server co-location, dedicated servers and web/email hosting in our Long Island, NY datacenter.  Visit us at http://www.gothambus.com

One of the newer entries in the social media circus is something called Bump. Go to bump.com, attach your car license plate number to your social media identity, then use the service to communicate with other people you've never met by using their license plate numbers. It might be a good idea or a bad idea. Wealth may be created at Bump, or money will vaporize. Whatever. The thing that really jumps out at us about Bump is the identity protection issues it raises. What's to stop me from using my neighbor's license plate number and posing as him? Evidently, nothing at all. Bump does not verify plate ownership in any way shape or form. It only requires that you "certify" that you are the owner of your plate number when you create a Bump account. Does that sound like a problem? Fear not. The Bump people have addressed the issue in question 6 of the bump.com FAQ:

"Q. How do you keep people from creating fake profiles or from using my plate number?

A. Sign up for BUMP! ... the best way to prevent this is to claim your plate."

Got it. Join or die. Resistance is futile.

There's a risk/reward proposition to consider when it comes to any product or service. That's part of how we determine what to buy and use, and therefore part of the complex equation that ends with either success or failure for a given product or service. I can decide not to buy Lemon Pledge if I don't like that it might discolor my coffee table or make me sneeze. That's my choice - an individual choice that has no influence on your choice when it comes to Lemon Pledge. You can choose to bathe in the stuff if you want to. It has no bearing whatsoever on my life. Bump - and other social media and online services - are different. If I choose not to use Bump because I see no value, I have to consider that someone else may decide to use Bump on my behalf with potentially negative outcomes for me. My choice is to either join the herd, which I do not want to do, or to leave myself open to some level of identity theft. Bump is effectively telling me that they really can't help me unless I help them monetize my life in some way, however small.

This is not unique to Bump, by the way. Anyone can be you on Facebook or Twitter if they want to be. I can create a Foursquare account as you and check-in at a series of strip joints and crack houses. Explain that to your wife and kids.

If Bump and its social media brethren were preventing child abuse, curing diseases, or contributing to the aggregate of human knowledge that propels us forward as a species, we might be inclined to accept its inherent risks, but they're just not. You might love social media, but its not saving the world or revolutionizing anything but the way we turn human beings into cash machines. We're introducing privacy and identity theft risks at every turn, with very little real reward (except for those creating the risks), and our only protection is to go along with it and hope to somehow control the flow of our information. There's quickly becoming no way to opt-out.

So what's the answer? It would appear that we need to re-examine our collective ethical and moral compass as it relates to commerce, but admittedly the odds of that really happening are pretty slim. Plan B would be a log cabin on the side of a mountain somewhere completely off the grid.

--------

Founded in November 2000, Gotham Bus provide high reliability, high value server co-location, dedicated servers and web/email hosting in our Long Island, NY datacenter.  Visit us at http://www.gothambus.com