Your users don't file their timecards with ADP, then... Kurt
On Thu, Jun 4, 2015 at 9:52 AM, Kennedy, Jim <[email protected]> wrote: > 2 depends on Oracle, Chrome has been begging them for it for some time. > From Chrome’s perspective 1 and 2 are the same. That said, I honestly do > not think Firefox has any plans to discontinue NPAPI support. Their > approach is disabled by default….user beware if you enable it. > > > > Anecdotal but I can say that most of my users use Chrome, and they have > not missed Java. > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Damien Solodow > *Sent:* Thursday, June 4, 2015 12:49 PM > > *To:* [email protected] > *Subject:* RE: [NTSysADM] Cryptlocker > > > > Doubtful; I see one of two things happening: > > 1) Oracle blinks and releases an updated JRE that doesn’t use NPAPI > > 2) Chrome includes its own JRE like they did with Flash > > > > DAMIEN SOLODOW > > Senior Systems Engineer > > 317.447.6033 (office) > > 317.447.6014 (fax) > > HARRISON COLLEGE > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Melvin Backus > *Sent:* Thursday, June 4, 2015 12:44 PM > *To:* [email protected] > *Subject:* RE: [NTSysADM] Cryptlocker > > > > So if I’m reading this correctly that would seem to mean that all the > thousands (millions?) of pages with Java embedded are going to be relegated > to IE only? (And JAVA will finally DIE? Albeit a slow and lingering death.) > > > > > > -- > There are 10 kinds of people in the world... > those who understand binary and those who don't. > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Kurt Buff > *Sent:* Thursday, June 4, 2015 10:41 AM > *To:* ntsysadm > *Subject:* Re: [NTSysADM] Cryptlocker > > > > Not Java specifically - the NPAPI interface. > > So is Firefox, and so will Edge... > > Kurt > > > > On Thu, Jun 4, 2015 at 6:42 AM, Heaton, Joseph@Wildlife < > [email protected]> wrote: > > Interesting. I didn’t realize that Chrome was doing away with Java > functionality. Thanks for the update. > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Kennedy, Jim > *Sent:* Thursday, June 04, 2015 5:12 AM > > > *To:* [email protected] > *Subject:* RE: [NTSysADM] Cryptlocker > > > > Demand for this in Chrome will dwindle to zero in September when there > isn’t any way to run Java in Chrome. It’s already dwindling….we did not > bypass the block in the last patch for Chrome that disabled it. > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *James Rankin > *Sent:* Thursday, June 4, 2015 7:08 AM > *To:* [email protected] > *Subject:* RE: [NTSysADM] Cryptlocker > > > > OK, FSLogix confirm that currently the Java remediation only works with > IE. You can restrict other browsers on a process basis only currently, so > you could force Chrome or Firefox to a specific Java version by process, > but not by URL. > > > > However, support for other browsers is on the roadmap. Any customer demand > (probably someone coming along with 5000 users and wanting it to work in > Chrome) will “drive the roadmap forward”, i.e. they’ll do it ASAP if > there’s a big enough sale at the end of it J > > > > Hope this helps, > > > > > > > > JR > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *James Rankin > *Sent:* 03 June 2015 18:56 > *To:* [email protected] > *Subject:* RE: [NTSysADM] Cryptlocker > > > > OK, I tried to test with Chrome and found out that Chrome has disabled > just about all the plugins from the websites I was using for testing L > > > > Waiting for an answer from FSLogix support as I now have to put the kids > in the bath! > > > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Jonathan Link > *Sent:* 03 June 2015 18:44 > *To:* [email protected] > *Subject:* Re: [NTSysADM] Cryptlocker > > > > Probably not pants. > > > > On Wed, Jun 3, 2015 at 12:26 PM, James Rankin <[email protected]> > wrote: > > Let me get you an answer on that…maybe something I should have tested > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Heaton, Joseph@Wildlife > *Sent:* 03 June 2015 17:22 > *To:* '[email protected]' > *Subject:* RE: [NTSysADM] Cryptlocker > > > > So, it looks like FSLogix only works with IE? Is that true? > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *James Rankin > *Sent:* Tuesday, June 02, 2015 11:16 AM > *To:* [email protected] > *Subject:* RE: [NTSysADM] Cryptlocker > > > > OK, quick and dirty run-down, but I’m sure you can all get the gist of it > (hopefully!) > > > > > http://appsensebigot.blogspot.co.uk/2015/06/fslogix-first-look-1-managing-legacy-or.html > > > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Kurt Buff > *Sent:* 02 June 2015 17:38 > *To:* ntsysadm > *Subject:* Re: [NTSysADM] Cryptlocker > > > > Yes, please put up the link here when done. > > Kurt > > > > On Tue, Jun 2, 2015 at 8:43 AM, James Rankin <[email protected]> > wrote: > > I shall endeavour to finish this as soon as possible then! > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Maglinger, Paul > *Sent:* 02 June 2015 16:12 > *To:* '[email protected]' > *Subject:* RE: [NTSysADM] Cryptlocker > > > > Me too! > > > > -Paul > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Sean Martin > *Sent:* Tuesday, June 02, 2015 10:07 AM > > > *To:* [email protected] > *Subject:* Re: [NTSysADM] Cryptlocker > > > > Definitely interested. > > - Sean > > > On Jun 2, 2015, at 6:08 AM, James Rankin <[email protected]> > wrote: > > What you need is FSLogix Java Rules Manager, only allow the vulnerable > Java version to be seen when a specific URL is visited, otherwise – it’s > invisible to the user and OS, and the latest version is used. > > > > I’m writing an article up on this today, if anyone’s interested in Java > version management (on a sysadmin list, who isn’t?) > > > > J > > > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Heaton, Joseph@Wildlife > *Sent:* 02 June 2015 14:51 > *To:* '[email protected]' > *Subject:* RE: [NTSysADM] Cryptlocker > > > > Update Java? That’s just crazy talk. We’re still at 7u51, with no > roadmap in place to go any higher. Not my choice, btw, it is development > issues with Oracle. > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Ed Ziots > *Sent:* Saturday, May 30, 2015 10:48 AM > *To:* [email protected] > *Subject:* RE: [NTSysADM] Cryptlocker > > > > Nice.strategy > > Ed > > On May 29, 2015 9:31 AM, "Robert Strong" <[email protected]> wrote: > > Ensure you have the latest patches installed for Java and Flash. Exploit > kits like Angler, Nuclear and Magnitude are starting to distribute > Ransomware more frequently via drive-by download attacks and malicious > advertisements on common websites. > > > > We’ve had several ransomware incidents in the last few months all due to > unpatched systems. Host based detection is limited at best, but one thing I > have noticed in all incidents seen is that the malware typically uses > hxxp://ipinfo.io/ip to determine its public facing IP address. > > > > We have created correlation rules that detect users going to this domain > via our McAfee ESM SIEM, we then have an alarm that fires when that > correlation rule is seen and we can automatically apply an ePO tag to > enforce a policy that severely ‘disables’ the system (no R/W to network > shares, restricted HTTP/HTTPS going out). Our alarm also e-mails out some > key characteristics about the infected machine for easy identification by > our IT Service Desk team. > > > > Ransomware isn’t going away and it’s going to get worse. We’ve been able > to detect these IoC’s and have the issue remediated in under 7 minutes. > > > > Cheers, > > > > *Rob Strong* > > *Information Security Specialist* > > Equitable Life of Canada > > > > > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *David McSpadden > *Sent:* Thursday, May 28, 2015 7:17 PM > *To:* <[email protected]> > *Subject:* Re: [NTSysADM] Cryptlocker > > > > That's mine today. > > What variant was yours > > Sent from my iPhone > > > On May 28, 2015, at 7:14 PM, Heaton, Joseph@Wildlife < > [email protected]> wrote: > > We had that the other day. The files are getting encrypted, but the > extensions are not getting changed. > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Jonathan Link > *Sent:* Thursday, May 28, 2015 8:37 AM > *To:* [email protected] > *Subject:* Re: [NTSysADM] Cryptlocker > > > > The text files created should indicate the affected user with the Owner > attribute, no? > > > > > > On Thu, May 28, 2015 at 11:30 AM, David McSpadden <[email protected]> wrote: > > I am pretty sure I have pc with this on it in my network. > > I have ran scans on workstations. > > I still do not see it but I have the tell tale signs. > > The HELP_DECRYPT files in network folders. > > The word and excel files not being able to be opened etc. > > How do I remove something that Trend is not seeing? > > Nor Windows Endpoint protection? > > > > > > *David McSpadden* > > Systems Administrator > > Indiana Members Credit Union > > P: 317.554.8190 | F: 317.554.8106 > > [image: Description: imcu email icon] <http://imcu.com/> <image002.jpg> > <https://www.facebook.com/IndianaMembersCU> [image: Description: twitter > email icon] <https://twitter.com/IndMembersCU> > > > > <image003.jpg> > > <image004.png> > > > > This e-mail and any files transmitted with it are property of Indiana > Members Credit Union, are confidential, and are intended solely for the use > of the individual or entity to whom this e-mail is addressed. If you are > not one of the named recipient(s) or otherwise have reason to believe that > you have received this message in error, please notify the sender and > delete this message immediately from your computer. Any other use, > retention, dissemination, forwarding, printing, or copying of this email is > strictly prohibited. > > > > Please consider the environment before printing this email. > > > > IMPORTANT NOTICE: Without the use of secure encryption, the Internet is > not a secure medium and privacy cannot be ensured. Internet e-mail is > vulnerable to interception, misuse and forging. Equitable cannot ensure the > privacy and authenticity of any information sent by way of the public > Internet. Equitable will not be responsible for any damages you may incur > if you communicate confidential and personal information to us over the > Internet or if we communicate such information to you at your request. This > e-mail and any attachments are confidential, may be covered by legal > professional privilege or exempt from disclosure under applicable law, and > are intended for the addressee only. If you are not the intended recipient, > you are not authorized to and must not disclose, copy, distribute or retain > any or part of this e-mail and any attachments without written permission > of The Equitable Life Insurance Company of Canada. > > > > > > >
