Blog

By Eduardo Blanco, CISSP, Posted in Security

A critical weakness has been discovered in WPA2, the ubiquitous protocol that secures Wi-Fi networks worldwide. The attack known as “KRACKS” which is short for Key Reinstallation Attacks, enables attackers within range of the target Wi-Fi network to see data that is presumed to be safely encrypted. This effectively renders organizations that leverage WPA2 vulnerable to theft of critical data such as credit card numbers, passwords, emails, photos, etc. It also makes it possible for a man-in-the-m... read more.

  • October 17, 2017

By Ken Phelan, Posted in Infrastructure, Virtualization

Commercial software developers work hard to create a product that offers significant value to their customers. They know that the value they deliver in terms of hard savings, increased efficiencies, or lower risk will ultimately drive the price of their software. Optimally, a licensing scheme should effectively capture some portion of the customer value as an equitable payment for that value delivered. I think that is only fair. If we follow this to its natural conclusion, we might conclude that the best l... read more.

  • September 15, 2017

By Kaysel Adrover, Posted in Support

Troubleshooting Issue AppDNA 7.13 When attempting to execute a Direct Import of an MST file, the following error messages occurs. After selecting Continue, it will return to the AppDNA console but the import will not proceed.     Solution Changed the path of the Log File location within the AppDNA settings by selecting Configuration > Files. I changed the Log File Location from %CommonAppData%\AppDNA\appTitude\Logs to C:\Temp. This resolved the issue and I was able to import MST... read more.

  • April 18, 2017

By Kaysel Adrover, Posted in Support

While finishing the installation of the XenDesktop controller while building a XenDesktop 7.12 environment, I ran into the message “This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.” From there, I could not continue the installation. Researching this issue, I came across a Citrix article applicable to Provisioning Services, CTX1388823 - Provisioning Services Database Unable to Configure, with the same error message. The article refers to Provisioni... read more.

  • April 13, 2017

By Kaysel Adrover, Posted in Support

As part of a high availability implementation for a customer project, I needed to duplicate vDisks from one datacenter to another. This customer had vSphere configured where a cluster represented a datacenter. For testing purposes, I first copied a vDisk and the virtual machine template to the second datacenter. After configuring PVS with the new vDisk, in the new cluster, I launched the PVS wizard to create a new virtual machine using the copied template. However, on boot up, the servers blue screened with... read more.

  • April 13, 2017

By Kaysel Adrover, Posted in Support

During a project building a XenDesktop 7.x environment, the customer requested that I use SQL replication between three servers instead of the SQL Always On feature for high availability. For this particular project, the Citrix environment was not a critical component of the business and the customer only had SQL 2016 Standard licenses. In order to use the database of one of the replicated servers during a failure of the main server, a DNS name would be used when creating the Citrix databases. During this... read more.

  • April 13, 2017

By Nancy Rand, Posted in Security

February 23, Techcrunch.com - Major Cloudflare bug leaked sensitive data from customers’ websites. Cloudflare revealed a serious bug in its software today that caused sensitive data like passwords, cookies, authentication tokens to spill in plaintext from its customers’ websites. The announcement is a major blow for the content delivery network, which offers enhanced security and performance for more than 5 million websites. This could have allowed anyone who noticed the error to collect a... read more.

  • February 27, 2017

By Nancy Rand, Posted in Security

January 16, SecurityWeek – (International) Flaws found in Carlo Gavazzi energy monitoring products. Carlo Gavazzi released firmware updates after a security researcher found that the company’s VMU-C product was plagued with a flaw that grants a malicious actor access to most of the application’s functions without authentication, as well as a cross-site request forgery (CSRF) issue that can be exploited to change configuration parameters. The researcher also found the product stores some se... read more.

  • January 18, 2017

By Nancy Rand, Posted in Security

January 12, SecurityWeek – (International) GoDaddy revokes nearly 9,000 SSL certificates. GoDaddy revoked nearly 9,000 Secure Sockets Layer (SSL) certificates after discovering that a software bug, which was introduced in July 2016 as part of a routine code change intended to improve the certificate issuance process, can cause the domain validation process to be unreliable. GoDaddy provides the customer a random code and directs the customer to place it in a specific location on their Website in order... read more.

  • January 17, 2017

By Nancy Rand, Posted in Security

January 12, SecurityWeek – (International) Eight vulnerabilities patched in WordPress. WordPress version 4.7.1 was released, resolving a total of 8 security flaws and 62 bugs including 2 cross-site request forgery (CSRF) flaws, several cross-site scripting (XSS) vulnerabilities, and a weak crypto issue related to multisite activation keys. Source January 12, SecurityWeek – (International) Four high severity DoS flaws patched in BIND. The Internet Systems Consortium (ICS) released BIND versions... read more.

  • January 13, 2017