Blogs

Heartbleed vulnerability with ExpertAssist remote management client for Desktop Authority 9.1 and Remote Support Center 2.6

Expert Assist Remote Management client in Desktop Authority 9.1 and Remote Support Center 2.6 are vulnerable to the “Heartbleed” OpenSSL vulnerability

Researchers have found a critical defect in versions 1.0.1 and 1.0.2-beta of OpenSSL, the cryptographic software library. For information on the vulnerability known as the "Heartbleed bug," see CVE-2014-0160 on the NIST website and heartbleed.com. An affected version, OpenSSL 1.0.1c is used in the ExpertAssist remote management client.

How does this affect Desktop Authority and Remote Support Center?

The ExpertAssist remote management client uses a vulnerable version of OpenSSL when receiving inbound remote management connections. The Desktop Authority and Remote Support Center management consoles are not affected. The Remote Support Center LAN and Internet Gateways are also not affected.

Workaround

ExpertAssist operates almost exclusively in LAN environments and is usually not Internet facing. The exact vulnerability is determined by your environment. Concerned customers should uninstall the ExpertAssist client via the Desktop Authority and Remote Support Center management consoles. Patches for both will be available shortly.

Status

An ExpertAssist patch for Desktop Authority 9.1 should be available after Monday, April 21 from the support page at: https://support.software.dell.com/desktop-authority/download-new-releases An ExpertAssist patch for Remote Support Center 2.6 should be available after Wednesday, April 23 from the support page at: https://support.software.dell.com/remote-support-center/download-new-releases

Be the first to comment

ITMS OnlineScanner Driver 3.3.1

Description:

WDREG utility provides dynamically loading and unloading the WDM (Windows Driver Model) drivers using INF file.

Driver Installation:

Wdreg -inf<Path Of inf file> -silent -log<logfile> install

Used in Application:

"C:\Program Files (x86)\Panini\Panini 3.3.1 Universal Installer\USB Driver 64bit\Wdreg.exe" -inf "C:\Program Files (x86)\Panini\Panini 3.3.1 Universal Installer\USB Driver 64bit\Panini.inf" -log “C:\WINDOWS\wdreg.log install”

Driver Uninstallation

Wdreg -inf<Path Of inf file> -silent -log<logfile> uninstall

Used in Application:

"C:\Program Files (x86)\Panini\Panini 3.3.1 Universal Installer\USB Driver 64bit\Wdreg.exe" -inf "C:\Program Files (x86)\Panini\Panini 3.3.1 Universal Installer\USB Driver 64bit\Panini.inf" -log C:\WINDOWS\wdreg.log uninstall

 

  • More Insights on WDREG utility:

The wdreg utility can be used in two ways as demonstrated below:

  1. wdreg -inf <filename> [-silent] [-log <logfile>]

[install | uninstall | enable | disable]

  1. wdreg -rescan <enumerator> [-silent] [-log <logfile>]

 

OPTIONS

wdreg supports several basic OPTIONS from which you can choose one, some, or none:

-inf – The path of the INF file to be dynamically installed.

-rescan <enumerator> – Rescan enumerator (ROOT, ACPI, PCI, etc.) for hardware changes. Only one enumerator can be specified.

-silent – Suppress display of all messages (optional).

-log <logfile> – Log all messages to the specified file (optional).

-compat – Use the traditional SetupDi API instead of the newer Driver Install Frameworks API (DIFxAPI).

Be the first to comment

India & China: Software Game Changers?

A recent Gartner report has revealed that India, a country which has never paid high prices for software, might be changing their tune. The country’s software economy hit a growth spurt recently and is forging ahead at a 10 percent increased pace, which may be a signal that India is outgrowing the piracy that has ruled for so many years. Is this good news for vendors who have high hopes to cash in on such a tech savvy country? If so, does that mean that China might also be on the way?

Software companies have long seen India as a tough sell, with the Asia-Pacific (APAC) market only bringing in 20 percent of total revenues for most companies (at the most). Even the biggies like IBM and Adobe can sometimes only scrape up 10 percent of total revenue from India. These slim pickings often come from a few major companies, says the VP of Product Management and Business Development at SAT. One of the biggest issues is piracy, but that might be changing.

An emerging market

In the US and other western countries, piracy rates are about 25 percent and there’s a long legal history regarding intellectual property. However, in APAC areas like India, that’s not the case. Luckily, recent tensions over issues like patent battles have cooled and India has enjoyed a steady piracy decline since 2005. Nine years ago, 74 percent of all software in India was pirated, but it went down to 69 percent in 2008 and then 63 percent in 2011. It’s a slow bug steady drop, and a sign that India is more willing than ever to pay for software.

A 63 percent piracy rate might sound like a lot, but in reality the country spends a lot of money on software ($4.7 billion in 2013 alone, which is up 10 percent from 2012). That 10 percent growth rate outpaces Brazil’s 7.8 percent, China’s seven percent and South Africa’s 6.3 percent. However, that revenue isn’t evenly distributed and unsurprisingly the most in-demand software is that which is challenging to replicate.

Where India spends on software

According to Gartner, the best selling software in India is from Microsoft with Oracle in second place. Bhavish Sood, the Gartner research director, says, “Recent advances in IT communications infrastructure in the country has opened up new avenues for local consumption of IT software and associated services.” This is great news for software as a service (SaaS) companies who are looking to cash in on this trend. However, experts have also started tracking China as the natural successor to India’s embracement of paying for software.

In China, the piracy rate has been in decline for years but it plateaued in 2010; today’s piracy rates in China are similar to India’s from 2004. However, the countries have several similarities, including many skilled engineers and a dependence on open-source software. Few Chinese pay for support subscriptions, and enterprises are more likely to pay for complex software that’s advanced. It seems like China will pay in order to get the support they want, but not necessarily for the good karma of paying for software alone.


Be the first to comment

K2000 3.6 Mac Imaging With RSA's - NetBoot with Multiple Subnets

Writing this blog half as a procedural reminder for myself, and half as a PSA to those who are wanting to take advantage of their K2000 to image Macs, and are dealing with a network topology of more than one subnet and/or office location they wish to image at.

I had tons of headaches trying to figure out how to utilize the K2000 in a way efficient enough to justify switching off of Deploy Studio for deployment, which has historically been an amazing (and free) product for us. The main hurdles in my environment are the lack of support for netbooting across subnets, not being able to capture images from RSA's, and difficulties creating netboot images. From what I understand, these pain points may find some relief in version 4 of the K2 - until then, this is how I am solving our problem.

1. Netbooting across subnets: 

  • Network staff set up IP helper addresses on all switches, hubs, and routers at the HQ location where our K2 resides. Still not able to netboot. The K2 shows up in the Startup Disks menu, but you cannot boot a machine into the KBE. It also does not show up when you Option+Boot. K2 logs show TFTP requests are received, and logs indicate the client is not accepting options. I know this to not be a client-side issue, though, because I do not have these issues with deploystudio, or if the machine is on the same subnet as the K2. Basically, we are not solving this problem. Networking staff set up a dedicated port in my work area on the same subnet as our K2000. I taped a cable and use that whenever I need to create a new netboot image, or upload an image to the K2000. I then set up an RSA extender on the subnet on the production area where IT does all the Mac imaging and maintenance. This appliance handles our local deployments. 

2. Not able to capture images from RSA's

  • This is a documented limitation of the Kace appliances (and a non-sensical one in my opinion). There is a user voice request for this to be changed, which has been responded to by Kace staff indicating there are changes to this in the upcoming v4 release. Got my fingers crossed here. In the mean time, I use the dedicated port mentioned in item 1 to capture images to my K2. Since I cannot capture to the RSA here, I use my dedicated port on the K2's vlan to do all capturing, and then force a sync from the kbox.

3. Creating a netboot image

  • KACE's official documentation on Mac deployments is laughably scant, considering how Mac numbers in the enterprise are growing, with no signs of stopping. In fact, KACE as a whole seem to be behind in terms of supporting Macs in the enterprise (hello, profile management?), but this is a separate discussion entirely. I've followed every article and PDF KACE has ever released on how to create a netboot image, but nothing works like it should. I found out that in order to create a netboot set with OS X 10.9 Mavericks, you have to do the following:
  1. Download OS X Mavericks from the Apple App Store
  2. Navigate to Library > Applications
  3. CTRL+Click on "Install OS X Mavericks" and select "Show Package Contents"
  4. Navigate to Contents > Shared Support, and double click "InstallESD.dmg". This will mount the OS X installer
  5. Open the K2000 Media Manager, and browse to the mounted .dmg as your source media. Enter the rest of the information appropriately, and create

If you don't do it like this, you will get errors from the media manager about how there is no software to install, or the path to the OSInstall.pkg could not be found, etc etc. Don't bother using DiskMaker or any of the other recommended suggestions around the web. They just add a layer of confusion.

 

Hopefully KACE can come up with some better designs for these solutions going forward, because it's honestly easier to set up DeployStudio with masters and replicas. At least they get nightly build updates.

View comments (1)

Using Office 365 as an email Smart Host

Just thought I would post on how to use Office 365 for all those pesky printers/scanners/network equipment/server that need to send email but do not like using authentication for some reason with Office 365 or if you simply do not want to pay for a mailbox that this equipment uses.

All this info can be found here: http://technet.microsoft.com/en-us/library/dn554323%28v=exchg.150%29.aspx

But to sum it up:

  1. Login to the Exchange Management Center
  2. Go to mail flow --> connectors
  3. Add a new inbound connector
  4. Name: Outbound Relay
  5. Select “enable inbound connector”
  6. Select “on-premises” for the connector type
  7. Select “Opportunistic TLS”
  8. Select “restrict domains by IP address”
  9. Add a "*" for sender domains
  10. Add the Internet IP for all the systems for the “Sender IP address”
  11. Nothing in the associated accepted domains.

After the connector is setup you need to find the MX record that Office 365 recommends.  This can be found in the Office 365 admin center under domains by clicking on view DNS settings.

This will be the SMTP server you want to use for all your systems.

One thing to note is that you will need to have static IPs for this to work.  This setup will bypass all authentication needed by Office 365 to send message as it locks it down by IP.

For the sites of mine that do not have static IPs for the internet I setup a windows SMTP server that then relays off to Office 365.

Guide: http://technet.microsoft.com/en-us/library/dn592151%28v=exchg.150%29.aspx

This works like a charm.  This way all email is handled by Office 365 and there will be no delays as some ISP SMTP servers tend to have.

Hope this helps someone.

Be the first to comment
Showing 1 - 5 of 2516 results