Shavlik’s 12 Beers of Christmas 2015 Edition

12-Beers-of-Xmas

Happy holiday’s everyone! Last year, we did our first 12 Beers of Christmas blog post where the team gave some recommendations of their favorite beers. This is a tradition that actually started from an eight-year practice of doing a beer exchange in our office instead of cookies or Secret Santa. So for all you beer fans out there, here is the 2015 edition of the Shavlik 12 Beers of Christmas. Enjoy!

Randy, Manager, Software Engineering
Mark, Software Engineer
Beer recommendation: Surly Todd – The Axe Man
Style: IPA
ABV: 7.2%
IBU: 100
Description: Todd – The Axe Man is a recipe created by Amager Bryghus in Denmark. The recipe was created for Todd Haug of Surly Brewing. A potent IPA loaded with fresh American aroma hops on a base of rich Golden Promise malt, Surly’s signature malt. Randy says that if you like IPAs, this one is a no brainer. Mark finds it a perfect substitute for Pliny the Elder, which is hard to come by in Minnesota.

So Todd – The Axe Man quickly became an office wide favorite, but since this is supposed to be the “12 beers of Christmas” and not the “1 beer that 12 people liked this Christmas”, I have asked the rest of the team to go down to their next picks.

Matt, Software Engineer
Beer recommendation: Toppling Goliath Pseudo Sue
Style: American Pale Ale
ABV: 7%
IBU: 50
Description: Due to the lack of availability of Pliny, and the rise in popularity of Todd – The Axe Man and by such its growing lack of availability, Matt finds Pseudo Sue the next best thing. This single hop ale showcases the Citra hop. Named for the largest T-rex fossil ever discovered, she roars with ferocious aromas of grapefruit, citrus, mango and evergreen. Delicate in body with a mild bite in the finish.

Brent, Software Engineer
Beer recommendation: Greenbush Unicorn Killer (He would have picked Todd, but Randy and Mark had already beat him to it.)
Style: Spice Beer\Pumpkin Ale
ABV: 7.4%
Description: While Brent is not normally a fan of spice beer, hey says this one is perfectly balanced. Notes of caramel, bread, cinnamon, and clove make this heavier version of the seasonal pumpkin ale a good one.

Travis, Product Support Engineer
Beer recommendation: McMenamins Hammerhead Ale
Style: American Pale Ale
ABV: 6%
Description: Travis is part of our support org out of Salt Lake City. This rich chestnut colored gem is a model of harmony between hops and malted barley. Hammerhead’s signature Cascade hop nose and intense hopped flavor blend nicely with the caramel tones from the crystal malt.

Geoffrey, Technical Support Engineer
Beer recommendation: Wasatch Brewing Ghostrider
Style: White IPA
ABV: 6%
Description: Also with our Salt Lake City team, Geoffrey recommends this as a “gateway” to the wide world of IPAs.  It is smooth and flavorful and light and perfect for any meal pairing. Plus, it goes to show that Utahn’s can make good beer. In the three years I have been with LANDESK, I have seen quite a change in SLC. The beer scene has improved greatly and Wasatch is one of the big contributors to that improvement.

Brian, QA Engineer
Beer recommendation: Dogfish Head 120 Minute IPA (not to be confused with 120 Minute Pineapple)
Style: Imperial IPA
ABV: 18%
IBU: 120 (That is a ton of hops)
Description: Now Brian is in QA, so that should be noted here. Quality Assurance is approving this beer. He says “it’s like getting voluntarily smacked in the face with a bag of hops.” Too extreme to be called beer? Brewed to a colossal 45°P, boiled for a full two hours while being continually hopped with high alpha American hops, dry-hopped every day in the fermenter for a month, and aged for a month on whole leaf hops, 120 Minute IPA is by far the strongest IPA ever brewed. And at 21% ABV and 120 IBU’s, you can see why we are calling this the Holy Grail for Hopheads.

Nick, Software Engineer
Beer recommendation: Hacker-Pschorr Oktoberfest Märzen
Style: Oktoberfest/ Märzen
ABV: 5.8%
Description: This is a decedent of the original Märzen style beer. Bavarian barley slow roasted, caramelized to a rich, red amber color combined with the purest spring waters from the Alps, exclusive yeast and the finest Hallertau hops.

Neil, Territory Sales Manager
Beer recommendation: Andechser Bergbock Hell
Style: Heller Bock
ABV: 7%
Description: From one of our Sales reps across the pond.  He says this was a staple when he lived in Germany.  He also recommends the Dunkel from Andechser.  Aromatic and mild.

Tyler, Software Engineer
Beer recommendation: New Glarus Scream
Style: Imperial IPA
ABV: 9%
IBU: 85
Description: Scream boasts an inspired 85 IBUs that reverberate cleanly though this IIPA. New Glarus Brewery grown estate hops join other Wisconsin grown hops to dominate this brew from Kettle Boil to Dry Hopping. You hold a deceptively seductive Original Gravity of 20.9 degrees Plato following the always 100% naturally bottle conditioned fermentation. Luscious Wisconsin grown and malted barley along with English Maris Otter malt is the bold heart of this lustful sensory enchantment. Surrender is inevitable so enjoy today.

Ben, Territory Sales Representative
Beer recommendation: Heritage American Expedition
Style: Wheat Ale
ABV: 4.5%
IBU: 10
Description: a light bodied American wheat ale. Bathed in farmers honey and spiced with ginger, it will give any traveler the fortitude and perseverance to carry on.

Bob, Channel Account Manager
Beer recommendation: Southern Tier 2xStout
Style: Sweet Stout
ABV: 7.5%
Description: Double Milk Stout
“2 varieties of hops & 3 types of malts”
Milk stout, also called ‘cream’ or ‘sweet’ stout, is a stout containing lactose, a sugar derived from milk. Because lactose is unfermentable by beer yeast, it adds sweetness and body to the finished beer. Milk stouts have been claimed to be nutritious, and were marketed as such in the early 1900s with claims that would make the FDA wince. One ad read, “Ideal for nursing mothers, for the healthy, for the invalid, and for the worker.” Surely! Of course, we couldn’t stop at a traditional milk stout. Ours is a double, an addition to our 2X line, and at 7.5% abv is every bit as delicious as it sounds. To your health!

Byron, Systems Administrator
Beer recommendation: Left Hand Milk Stout Nitro
Style: Sweet Stout
ABV: 6%
Description: This English style of beer, also known as Sweet Stout or Cream Stout, first appeared in London in the late 1800’s. The early brewers touted the health benefits of the milk sugar in this beer which today relates mainly to the increased amount of calories (no real health benefits…sorry). The milk sugar adds a well-rounded sweetness to this dark beer and makes it an outstanding, year ‘round stout.

And because I don’t want to be left out you get a bonus 13th Beer of Christmas!

Chris, Product Manager
Beer recommendation: Samuel Smiths Yorkshire Stingo
Style: English Strong Ale
ABV: 8%
Description: I found this in London at a pub called the Chandos.  Since then I found this is distributed in the US which is AWESOME! Bottle conditioned only. Some of the oak casks at Samuel Smith’s date back more than a century with the individual oak staves being replaced by the Old Brewery coopers over the years. Gradually the casks soak in more & more of the character of the ale fermented in stone Yorkshire squares. Yorkshire Stingo is aged for at least a year, matured in these well-used oak casks in the brewery’s underground cellars deriving fruit, raisin, treacle toffee, Christmas pudding and slight oaky flavors, before being further naturally conditioned in bottle.

Whatever holiday you may be celebrating, may it be filled with joy, family, great food, and great beer.

From all of us at Shavlik, have a happy holiday season!

A look at the top 5 most vulnerable vendors from 2015

I have read a number of speculative articles recently, discussing the number of bulletins and vulnerabilities released\resolved by Microsoft. Was it due to the introduction of Windows 10, Edge and several other product releases this year? I am going to say no. Let’s expand out past looking at just Microsoft and I think you will agree as well.

Taking a look from a vendor perspective, Microsoft finished 2015 with 135 security bulletins released with a total of 571 vulnerabilities resolved. This is the highest bulletin count over the previous shared 2010/2013 high of 106 bulletins. This also tops last year’s all-time vulnerability high of 376 vulnerabilities resolved across 85 bulletins and is more than double the vulnerabilities resolved than 13 of the last 15 years.

Even with 571 vulnerabilities resolved, Microsoft took the No. 2 spot on the Top 50 vendor list on CVE-Details. No. 1 goes to Apple, who finished 2015 with 654 vulnerabilities. Mac OS X contributed 384 of those vulnerabilities, which is more than three times the 2014 count of 130 vulnerabilities resolved. This jumped them from No. 5 in 2014 to No. 1 this year.

Cisco came in third this year with a new all-time high of 480 vulnerabilities resolved. This only tops its previous 2013 high by around 50 vulnerabilities.

Oracle is in the No. 4 spot this year and is the only vendor in the top five that finished the year without topping its vulnerability high. They resolved 479, which is down from their 2013 record of 496 vulnerabilities.

Adobe finished the year in fifth place (up from No. 8) with 440 vulnerabilities resolved. This is a new all-time high and also more than double the previous 2010 record of 207 vulnerabilities. This jump comes from the staggering 295 vulnerabilities resolved in Adobe Flash Player in 2015.

Here is a visual recap of the Top 5:

SummaryTop5VulnVendors

As you can see there is a trend here and there are many contributing factors. Exploits and breaches are on the rise. One of my favorite visual examples of this trend is the POS Breaches Timeline from OpenDNS Security Labs. It starts back in 2002 with a six-year gap until the next major event. As you go forward there is an explosion in 2012 and it keeps increasing rapidly. This timeline focuses just on Point of Sale (POS) breaches, but the visual is on a similar trajectory to the broader security industry trend. Threat actors are better organized, better funded and there are more tools available to them than ever before. Off-the-shelf exploit kits are a competitive product market in today’s dark web hacking services markets and the number of products and increase in features they provide coincide with the drastic increase in breaches we have seen since 2012.

The exploit gap is also shrinking. From the time an update is released to when a vulnerability is resolved, baring a Zero Day, you have about two weeks before the exploits start to hit. According to the Verizon 2015 Breach Report, 50 percent of vulnerabilities that will be exploited are exploited in two–four weeks of release of an update from the vendor. One of the contributors to the Verizon Breach Report, Kenna Security, released an additional report that goes further out and shows that 90 percent of vulnerabilities that will be exploited are exploited within 40–60 days of an update being made available from the vendor. They go on to discuss that many enterprises struggle to release updates within 120 days. In fact, 99.9 percent of vulnerabilities exploited in 2014 were exploited more than a year after an update was made available to resolve the vulnerability. In the case of web exploits that time falls to less than 24 hours for major vulnerabilities.

We have a general upward trend of exploits and a shrinking window between updates from a vendor and exploit code being made available to take advantage of the resolved CVEs. Events of the three previous years set the stage for vendors in 2015. Let’s take a look at our top 5 vendors and talk a about how this trend may have affected each.

Apple has a combination of OS, Browser, and Media player products all of which are prime targets for attackers. Mac OS X is gaining in popularity, but so is OS X related malware. “There’s been an unprecedented rise in Mac OS X malware this year, according to security researchers at Bit9 + Carbon Black, with the number of samples found in 2015 being five times that seen in the previous five years combined.” With such a prolific increase in negative attention, Apple has had to step up its game on resolving vulnerabilities. The company is digging into and resolving vulnerabilities in components that likely did not receive the same level of attention in years past.

Microsoft has long held the OS market and it has built out browsers, media players and the Office suite of products. Microsoft has been a big target for a long time and there is no question that the trends we are seeing would have directly affected them. The thing I will add here is Windows 10 and Edge were likely much less significant in their contributions. OS bulletins released since Windows 10 have affected earlier versions of the Windows OS similarly and the same vulnerabilities were being addressed across different versions, so there were few net new vulnerabilities introduced by Windows 10. If you look at a filtered view of CVE’s affecting Windows 10 you will see in the description a list of many of the currently supported OS versions also affected. Edge did contribute additional security bulletins that would not have been in the mix otherwise, but most of the CVEs affected other components of the OS and IE browser as well. Similar to Apple, the increase of CVEs is in part due to the fact that they are focused on hardening shared components and products that previously were not being targeted.

Cisco did have an influx of CVEs resolved this year and a new all-time high, but the increase was not nearly as large as Apple, Microsoft or Adobe. Cisco does have its proprietary OS for its devices and it has a count on par with many of the individual Windows OS and Linux distributions, as far as CVE counts. It has other products, such as Cisco Anyconnect VPN, that could be an ideal target for attackers, but it does not have a browser or wildly popular media player products (as we will talk about with our No. 4 and No. 5 vendors). With Cisco, the huge list of products is the other significant contributing factor with over a thousand products with small contributions to get them into the No. 3 spot.

Oracle is down from its record 496 CVEs in 2013. It was the only vendor of the top five that didn’t set new CVE records this year. Probably the most high-profile product with security issues in the Oracle portfolio is Java. Java has been a high-profile target due to its popularity and availability worldwide. More importantly, Java is one of those products that gets neglected too often. Older applications built to run on Java often required a specific version of Java. If you updated Java, you broke the application. This resulted in an easily exploitable scenario that treat actors have taken advantage of for years and still do. It was so easily exploitable that a site was created to track how many days since the last Java Zero Day. Oracle went through some changes in the past few years and its security practice seems to be paying off. It reached 723 days without a Zero Day until CVE-2015-2590 hit earlier this year. It is back up over 150 days since the last Zero Day and its total CVE count (80) is trending down from the 2013 peak of 180 CVEs resolved.

Adobe charged into the top five this year with the most significant increase over the previous year. With over three times the increase in CVEs resolved, Adobe had a busy year and much of the attention was on Adobe Flash Player. Adobe Flash Player has gained the same broad use and popularity that caused Java to become a target. It has, quite possibly, topped Java for its notoriety as a vulnerable product. This year Adobe faced a staggering eight Zero-Day streak. Early in the year three Zero-Days were reported in a two-week span. The Hacking Team breach uncovered a few more mid year and it did not stop there. Security experts have called for the death of Flash Player from Brian Krebs’ life without Flash Player series to tech giant Google killing Flash in its browser. Flash Player contributed 295 of the 440 total Adobe CVE count for 2015, which more than doubled the 2014 count of 138 on its own. Adobe is trying to move away from Flash and in January 2016 it will restrict distribution of Flash Player by removing it from its public download pages and restricting access to companies with Adobe Enterprise Agreements in place.

So from the pattern we are seeing, OS and commonly used media products are a significant contributor to counts for our top 5 vendors. Browser is another significant contributor. Apple Safari and Microsoft Internet Explorer and Edge contributed 135 and 231 CVEs respectively to their vendor’s total counts this year. Two vendors worth noting that did not quite make the top five are Google and Mozilla. Google Chrome contributed 185 out of Google’s total 321, putting them in the No. 6 spot for vulnerabilities by vendor. Mozilla Firefox contributed 177 out of 187 total placing them at No. 8 for vendors in 2015. So in the great browser faceoff, you have the following:

  • Microsoft Internet Explorer with 231 CVEs falls in at No. 4 for vulnerable products and No. 1 for browsers.
  • Google Chrome with 185 CVEs falls in at No. 8 for products and No. 2 for browsers.
  • Mozilla Firefox with 177 CVEs falls in at No. 9 for products and No. 3 for browsers.
  • Apple Safari with 135 CVEs falls in at No. 19 for products and No. 4 for browsers.
  • Microsoft Edge with 27 CVEs makes the list, but I would not place them this year as they were a late year entry into the race. We will see where they fall next year.

Overall you can rest assured that if you are running a computer with an operating system, a variety of media player products and a browser, you are as vulnerable as you can possibly be. The window between product release and exposure has shrunk considerably, so you need to be proactive and effective in deciding what you will deploy and how frequently. So what to do? You need to bring your processes and tools up to a new level to deal with these threats.

Challenges:

  • Updates can break critical systems. Yes, but with proper prioritization you can reduce this risk by making sure to deliver updates for the most likely to be exploited vulnerabilities. There are threat indicators out there that will tell you much of what you need to know. You can join our Shavlik Patch Tuesday webinarseries where we discuss updates that occur on the infamous Patch Tuesday, as well as other releases and indicators that will help you here. We will be posting 2016 versions of that series shortly and you can catch a playback of the December webinar there as well.
  • I run maintenance once a month and users complain about that event. You want me to update more frequently? Yes, we are absolutely saying any system with an end user must be updated more than once a month if you are going to weather this storm. Features of our Shavlik Protect + Empower products are specifically designed to ensure you can reach users wherever they go and also work around their needs to reboot and finalize installs of updates effectively. The ProtectCloud enabled agents allow you to push policy updates to systems that reside off network without opening security risks to your network or the end user system. We host this service for you and provide it as part of the base feature set of our product so you can reach those systems and ensure you can report on them no matter how long they stay off network. With our SafeReboot technology you can provide the user a variety of reboot options from deferring reboot for up to seven days, reboot at logoff or at next occurrence of a specified time.
  • I am on SCCM and cannot switch to another solution, so how do I cover the frequency of product updates and the number of products that are on my network? We have a plug-in for Microsoft System Center Configuration Manager. It is called Shavlik Patchand provides our catalog of third-party updates, including those we spoke about above, so you can quickly publish those updates in SCCM and not change your infrastructure or processes you have in place.

The Communicator’s Corner: Patching 101

PatchWithoutBorderIn this article, I’d like to get back to the basics and describe the best process for performing your patch management tasks. If you follow the steps provided here, you will reduce the number of deployments to your machines and make your workflow more effective.

Start with the Big Stuff: Apply all Service Packs

The best approach to maintaining patch levels on a machine is to start with service packs. Service packs are very involved. Vendors typically recommend installing service packs one at a time. Shavlik Protect enforces this recommendation programmatically by not allowing more than one service pack in a deployment. You will almost always want to perform a reboot before applying additional service packs or patches.

Detailed Course of Action

Here is your best course of action when applying service packs and patches.

  1. Start with any operating system service packs.

Be sure to adequately test the service pack before deploying it to your entire organization. After deploying the service pack you should reboot the target machines and then perform a fresh scan. Rescanning will give you the new state of the machine so you can continue applying service packs.

  1. Apply major product service packs such as Office, Visio, and SQL.

Order does not matter here, but we do recommend rebooting in-between each of these major service packs. Though not as common, these product service packs can also change the state of a machine considerably.

  1. Deploy any remaining service packs and then rescan the target machines.

The remaining service must be pushed in separate deployments but you can perform the deployments with no reboot. Provide an adequate delay between each deployment. When the last service pack is applied, reboot and rescan the target machines.

  1. Deploy any missing patches and perform a reboot.

This will include patches for:

  • Microsoft operating systems
  • Microsoft product such as Office, Internet Explorer, etc.
  • Third-party patches

You may need one or more additional reboots here, depending on the state of the machine.

  1. Rescan and confirm that everything has been applied.

Notes and Tips

The steps described above may span several maintenance windows. In the case that you cannot perform all of the above in a single maintenance window, each step should be followed by a patch deployment to ensure you are not open to security vulnerabilities between maintenance windows.

Ideally, the steps above should be built into your machine build policy. This will ensure that your machines go into the field in the best shape possible. It is much easier to simply maintain your machines than it is to be in catchup mode and constantly be late applying many months’ worth of service packs and patches.

If you have more tips for patching, leave them in the comments below.

December Patch Tuesday 2015

DecemberPatchTuesday2015Summary

December Patch Tuesday is upon us. Let’s see if we have presents under the tree or coal in our stockings…

Microsoft has released 12 bulletins, eight of which are Critical, resolving a total of 71 vulnerabilities. Adobe released a whopper of a Flash update resolving 78 vulnerabilities. Google Chrome is dropping today as well. Aside from an update for the Flash Player plug-in and its 78 security fixes, there are reportedly security fixes coming for the browser as well.

While Microsoft has quite the lineup this month, it didn’t quite catch Adobe’s 78 vulnerabilities resolved for the month. They did, however, have one public disclosure (CVE-2015-6175), and two vulnerabilities exploited in the wild (CVE-2015-6175, CVE-2015-6124). Here are the highlights for Microsoft:

MS15-0124 is a critical update for Internet Explorer with 30 vulnerabilities resolved in total. Also of note, Internet Explorer supported versions will be changing quite a bit in January. After January 12, 2016, only the latest IE version available on each operating system will be supported. This means if you are not running the latest version of IE available for the version of Windows you are on, you will no longer be getting security updates. Time to check your browser versions across the enterprise and compare to the versions listed in this blog post:

https://blogs.msdn.microsoft.com/ie/2014/08/07/stay-up-to-date-with-internet-explorer/

MS15-125 is a critical update for Edge with 15 vulnerabilities resolved. This update will be included with six others in the December Windows 10 Cumulative Security Update.

MS15-128 is a critical update for Windows, .Net Framework, Office, Skype, Lync and Silverlight, resolving three vulnerabilities. This is a Microsoft Graphics Component update, which is a shared library that affects many applications. Expect many variations of this update to affect the same system for each product you have installed that is affected.

MS15-131 is a critical update for Microsoft Office, resolving six vulnerabilities. This bulletin includes a fix for CVE-2015-6124, which has been detected in exploits in the wild. The vulnerability takes advantage of a failure to properly handle objects in memory. If exploited, the attacker could run arbitrary code in the context of the user. Least privilege policies would help mitigate the impact if exploited by limiting what the attacker could do. This vulnerability can be exploited in web-based attacks using specially crafted content designed to exploit the vulnerability.

MS15-135 is an important update for Microsoft Windows, which resolves four vulnerabilities. This bulletin includes a fix for CVE-2015-6175, which has been publicly disclosed and also has been detected in exploits in the wild. While this is only rated as important, we recommend treating this as a high priority. This update resolves Kernel memory handling. An attacker who successfully exploits this vulnerability could run arbitrary code in kernel mode. At that point they could install programs, view, change or delete data or create new accounts with full user rights. This is a Kernel update, so thorough testing is highly recommended.

Windows also released its Windows 10 December Cumulative Update (3116869). This update includes seven bulletins: MS15-124, MS15-125, MS15-126, MS15-128, MS15-132, MS15-133 and MS15-135. This update includes five critical bulletins and MS15-135, which includes CVE-2015-6175. This vulnerability has been publicly disclosed and detected in exploits in the wild.

APSB15-32 is a Priority 1 update for Adobe Flash Player, resolving 78 vulnerabilities. This bulletin includes a large number of code execution vulnerabilities and a few security feature bypass vulnerabilities. To fully resolve these vulnerabilities you need to ensure you update Flash Player on the OS, as well as the plug-in in your browsers. You will need to update IE, Chrome and Firefox plug-ins to fully ensure these vulnerabilities are resolved.

Google has also released an update to Chrome resolving at least 7 vulnerabilities by initial reports from Google. It will also include support for the Flash Player plug-in and the 78 vulnerabilities resolved there. This is recommended to be a high-priority update this month.

Join us tomorrow for the December Patch Tuesday webinar where we will discuss the bulletins in more detail.