You’re Terminated

Get to da choppa! One of the not-so-fun jobs as an IT Pro is handling the issue of employee turnover at client sites. It’s one of those facts of life. Whether the employee exit is friendly and planned or angst-ridden and a bombshell, there are a lot of things that have to be done. And, as with most things in life, having a checklist helps make sure nothing is missed.

As an outsourced IT provider you should have a standard operating procedure to help your client get through this process as quickly and easily as possible. Below is a sample “Employee Termination Checklist” you can use. The top half contains things the company personnel need to handle, and the bottom half are responsibilities that fall under the IT Department (probably you).

Click link below to download the Employee Termination Checklist

File name: Employee_Termination_Checklist.doc (28 KB)

Depending on the size of the client, there are things you may need to add or remove, but this document should be a good starting point. If there’s something that you feel is blatantly missing, please feel free to add it to the comments below.

VN:F [1.9.20_1166]
Rating: 10.0/10 (2 votes cast)

KYSBSUG Meeting #71 – Passwords

Invitation – January 2010 KYSBSUG Meeting #71
Meeting Date: Wednesday January 20, 2010
Time: 6:30 PM Eastern
Location: Money Concepts
Address: 323 Townpark Circle, Suite 100, Louisville, KY 40243
Topic: “Password Security and Password Cracking

Dana Epp - Microsoft MVP Guest Presenter: Dana Epp, MVP (Enterprise Security)
Founder & President of Scorpion Software (makers of AuthAnvil)


Description: Dana Epp is an industry-recognized expert in security and Microsoft MVP (2006-2010). Dana will talk about local and remote password security in SBS and SMB networks. He’ll also talk about topics such as two-factor authentication and tell you how you can implement this technology for your employees and customers.

Following Dana’s presentation, we’ll have a hands-on lab to demonstrate some of the tools on the market and methods to test (and break) passwords.

6:30 – 6:45 – Local events & introductions
6:45 – 7:30 – Dana Epp presentation (via GoToMeeting)
7:30 – 7:45 – Dana Q&A
7:45 – 8:20 – Hands-on Lab
8:20 – 8:30 – Door prize drawing and wrap-up

Door Prize: This month our door prize is an NFR copy of Windows 7 Ultimate.

VN:F [1.9.20_1166]
Rating: 0.0/10 (0 votes cast)

How To Create a FREE Password-Protected PDF

imageThis question comes up a lot:

I have the free Adobe Acrobat Reader, but not Acrobat Professional – can I still create a password-protected PDF?
I don’t feel like paying $360 for Acrobat Professional
just for the ability to do encryption or password protection.

The short answer is ‘yes’, but you’ll need another program to do it.

I recommend the FREE open source program PDF Creator 0.9.8 (16.8 MB).

Below are detailed instructions you can share with your employees and clients:
– (Part A) PDF Creator program installation instructions
– (Part B) Creating the password-protected and encrypted PDFs
– (Part C) PDF opening instructions


  1. Download PDF Creator 0.9.8 from SourceForge
  2. Double-click the PDFCreator-0_9_8_setup.exe file and choose Run.
    Choose Run
    (If User Account Control pops up in Vista or Windows 7, click Allow)
  3. Select your language (English) and click OK.
    Pick English and click OK
  4. When the setup Wizard launches, click Next.
    Setup - Click Next
  5. Accept the license agreement, and click Next.
    Accept the license agreement - click Next
  6. For Type of Installation, choose Standard installation, and click Next.
    Standard Installation - click Next
  7. For Printer name accept the default of “PDFCreator”, and click Next.
    Printer Name - click Next
  8. On Select Destination Location, accept the default and click Next.
    Default Installation Path - click Next
  9. The installation will install the PDFCreator Browser Add On (annoying) but you can later uninstall via the Control Panel.
    Uncheck “Yahoo!” and click Next.
    Uncheck Yahoo - click Next.
  10. Under Select Components, accept the defaults and click Next.
    Components - click Next
  11. On Select Start Menu Folder accept the default and click Next.
    Start Menu - click Next
  12. On Select Additional Tasks accept the defaults and click Next.
    Additional Tasks - click Next
  13. And then click Install and click Finish when the installation is complete.
    Ready - click Install then click Finish

Now that the PDF Creator program is installed, it’s time to convert a file into a password-protected PDF.

(Interesting Part)

  1. Make sure the document that you want to convert is CLOSED.
  2. Right-click the icon of the document you want to convert, and choose
    Create PDF and Bitmap Files with PDFCreator from the pop-up.
    Right-click document, click Create PDF
  3. At the “It is necessary to temporarily set PDFCreator as defaultprinter” prompt click Don’t ask me again checkbox and click OK.
    Click Don't ask me again - click OK
  4. The document will open and then close again, and you will be left with a PDFCreator 0.9.8 dialog box, as shown below.Click the Options button.
    Click Options
  5. On the Options page, expand the Formats tab on the left.
    Expand Formats tab
  6. Click the PDF icon on the left, click the Security tab on the right, and check the Use Security checkbox.
    Click PDF, click Security tab, click Use Security
  7. Choose the following:
    – Encryption level (40-bit or 128-bit)
    – Password to open (user password)
    – Password to change permissions (owner password)
    – Any other user restrictions you want to set
    Pick encryption and password levels, click Save twice
  8. Hit Save on the bottom right of the Options page, and then Save again on the main PDFCreator 0.9.8 page (seen in Step 4 above).
  9. When the Save as dialog box comes up, give the file a name and
    click Save.
    Pick a file name and location - click Save
  10. PDF Creator will pop-up a small animated splash screen…image

    …and prompt you for the password you want to use to create your document. Enter the password twice and click OK.

    Pick a password - click OK

  11. If you leave the ‘Owner Password’ blank (which fine if you want to) you will get an additional dialog box letting you know that it’s blank. For more on PDF handling, read this post about whiting out a pdf document.
    Optional screen - only happens when Owner Password is blank
    Click Yes to leave the Owner Password blank, or click No to go back and add an Owner Password.
  12. Once the document is saved, it immediately tries to open in your preferred PDF reader (I use Foxit Reader) and prompts your for a password. Type the User Password and click OK.
    Enter password - click OK
  13. You should now be able to see your password-protected PDF.
    You're done dude!

Congratulations – That’s a few hoops to jump through! 🙂

(The most important part)

  1. E-mail them the password-protected PDF document
  2. They open the attachment and get prompted for a password
    Enter password - click OK
  3. Once they enter the password and click OK, the PDF opens.


  • Part A is just a one-time thing.
  • Part B is every time you want to CREATE a password-protected PDF
  • Part C is what the client (recipient) and does each time they want to OPEN the protected PDF.
VN:F [1.9.20_1166]
Rating: 9.8/10 (10 votes cast)

Adobe Reader and Acrobat Flaw

PDF_icon As if PDF attachments weren’t already suspicious enough thanks to UCE, now you have to be concerned about PDFs that can allow someone to take control of your PC.

Yesterday (10/22) Adobe released an update to fix a critical vulnerability in the following software:

  • Adobe Reader 8.1 and earlier
  • Adobe Reader 7.0.9 and earlier
  • Adobe Acrobat Professional, 3D and Standard 8.1 and earlier versions
  • Adobe Acrobat Professional, Standard, 3D and Elements 7.0.9 and earlier

Security bulletin URL:

Here’s the interesting part:

This issue only affects customers on Windows XP with Internet Explorer 7 installed. (Vista users are not affected).

Take that, H8Rs. 😉

VN:F [1.9.20_1166]
Rating: 0.0/10 (0 votes cast)

Robot Has Detected Abnormal Activity From Your IP Address

I’ve gotten numerous calls about this piece of spam today, so I thought I’d blog it:

From: Administrator <sender changes>
To: <client name>
Sent: Sun Jul 08 18:15:22 2007
Subject: Worm Alert!

Dear Customer,

Our robot has detected an abnormal activity from your IP adress on sending e-mails. Probably it is connected with the last epidemic of a worm which does not have official patches at the moment.

We recommend you to install this patch <url omitted> to remove worm files
and stop email sending, otherwise your account will be blocked.


According to PC Tools’ ThreatExpert service, the trojan copies itself to the Windows system folder as ‘windev-72b5-203e.sys’ (md5: 8e2410698872f116620cbd7846adfa34) and registers the file as a service in order to load when Windows is started.

Detection names among vendors vary greatly and include the following:

  • TR/Small.DBY.DB (AntiVir)
  • Win32:Tibs-BAC (Avast)
  • Downloader.Tibs.6.K (AVG)
  • Trojan.Peed.OQ (BitDefender)
  • W32/Tibs.MV@mm (Fortinet)
  • Packed.Win32.Tibs.ab (Ikarus, Kaspersky)
  • McAfee 5069 07.06.2007 W32/Nuwar@MM (McAfee)
  • Worm:Win32/Nuwar.JT (Microsoft)
  • Win32/Nuwar (Nod32)
  • Tibs.gen124 (Norman)
  • Mal/Dorf-A (Sophos)
  • Trojan.Packed.13 (Symantec)
  • Possible_Nucrp-3 (Trend)

Recommended Action:

Don’t download it – update your anti-virus signatures

VN:F [1.9.20_1166]
Rating: 0.0/10 (0 votes cast)

Apples Need Patches Too – 13 of Them

According to the latest Apple security update (2007-005), Macs need patches just like any other personal computer.  And these aren’t soft and fuzzy patches for iPods. 

This security update corrects 17 vulnerabilities affecting software packages that ship as part of OS X 10.3.9 and 10.4.9. Some of these vulnerabilities allow attackers to execute any code they choose on your OS X machines.

Three of the fixed vulnerabilities include remote code execution in CoreGraphics, local privilege elevation in PPP, & Denial of Service vulnerability in Bind.   

Here’s the complete list:

  1. Alias Manager
  2. BIND
  3. CoreGraphics
  4. crontabs
  5. fetchmail
  6. file
  7. iChat
  8. mDNSResponder
  9. PPP
  10. ruby
  11. screen
  12. texinfo
  13. VPN

As my good friend Ron always says, “It’s easy to say you’re bullet-proof when nobody’s firing at you.”  I use both Macs and PCs, and somehow I don’t think they’ll make a Mac vs. PC ad out of this, do you?

VN:F [1.9.20_1166]
Rating: 0.0/10 (0 votes cast)

Geek Squad Employee Busted

Usually, technology and convergence of digital devices are wonderful things.  But when a Best Buy Geek Squad employee abuses technology to *allegedly* use his cell phone to video record a female customer showering in their own home, that’s disgusting.  Just imagine if that was your wife or sister – it’s unbelievable! 

Best Buy does background & credit history checks before they hire people.  Yet with over 90,000 employees, there are obviously some rotten apples in the bunch.  How many other bad apples are out there (at GS & other companies).  Have you done background checks on your employees?

I’ve got to wonder what the backlash and ramifications for everyone in the SMB market will be.  It seems like industry regulations for IT can’t be far behind.

One thing is for sure, this dude will never be a “Sleeper“, and that’s a good thing.

Source:  Gizmodo

(I use the word ‘allegedly’ for legal purposes.)

VN:F [1.9.20_1166]
Rating: 0.0/10 (0 votes cast)

1,000,000 Viruses

How many new viruses come out per month?  Back in the day we quoted 300 per month, then 400.  And today some say 1,968 per month.  That’s 64 new viruses per day / 21 each night while you sleep / 2.6 per hour.  Sobering thought, isn’t it?

Fortunately, you’ve got anti-virus software to protect you.  But how good is it?

Austrian firm AV Comparatives unleashed 1,000,000 virus samples on the top anti-virus products in their 13th comparative test of on-demand detection of malicious software.  The 17 victims were:

Obviously, some AV companies are MIA from that list.  How did your favorite AV software stack up? 

Hit the jump to the PDF report to find out (9 pages – 0.6 MB).

VN:F [1.9.20_1166]
Rating: 0.0/10 (0 votes cast)

Divorce On A Stick

Breaking the law just got even easier kiddos.  Now any idiot with $59.95 can violate trust between parents & kids, spouses, employees or co-workers by simply plugging in a USB stick.

Enter “SnoopStick” from CYBERsitter, or as I like to call it, “Yet another reason to lock down those USB ports in Windows Vista.”

“Oh,” you say, “that’s stuff’s been around forever.”  True – but it’s never been this easy before.  Any AOLer could pull this off.

Keep in mind, I have no problem with internet usage monitoring and reporting.  I’m a huge fan of ISA and sharing the reports with the business owners, employees, and even family members on the home network.  What I take issue with is surreptitious snooping and monitoring.

Read on.

The SnoopStick takes under 60 seconds to install, has no commands or passwords to remember, and lets you monitor PC activity in real time from any PC across the web.

Here are some of the ‘major features’:

  • Monitor all web site access (Works with all browsers and web enabled programs.)
  • Monitor both sides of all “instant messenger” communications (all popular IM programs.)
  • Monitor all email access:  SMTP, POP3, IMAP (to & from info.)
  • Monitor activities in real time, or retrieve activity logs from recent activity.
  • SnoopStick records EVERYTHING, whether you are monitoring in real time or not.
  • Store up to 12 months of activity logs.
  • All program modules are updated completely automatically.
  • Send the user a pop up message alert. A good way to tell them they’re busted!
  • Turn off/on Internet access with the SnoopStick locally or remotely.
  • Set allowable times for Internet access.
  • Prevent users from using certain types of Internet programs.
  • Block access to specified ports.
  • Block access to web sites.
  • One click “Block Social Networking” option instantly blocks access to sites like
  • Completely secure. Only your SnoopStick can access your computer or change the settings you have chosen.
  • Works with Windows 2000, XP, 2003, and is Vista ready.

Of course, this is all completely legal according to their website FAQ, as long as you own the computer?  And nobody would ever install this without telling their spouse / employees / etc. right?

And nobody would ever install this on an employee’s home computer without them knowing about it.  You know, the computer they use to access OWA, RPC over HTTP, http://companyweb and the corporate VPN, right?  Of course not! 

Just imagine the possible ramifications:  One of your employees who telecommutes every other Friday ends up in a custody battle with contested divorce lawyers and a cabinet full of legal bills.   The spouse pull out their trusty little SnoopStick that is filled with IM conversations and sensitive corporate info labeled ‘Exhibit C’.  Projected right up there on the big screen.  No PR nightmare there.

“HIPPA, party of two, your table is ready…”   Good times.

VN:F [1.9.20_1166]
Rating: 0.0/10 (0 votes cast)

Oops, Cisco Did it Again

So far, 2007 has not been a very good year for Cisco.  Yesterday they announced two more vulnerabilites in their Internetwork Operating System (IOS) – that’s 5 this year if my count is correct.  And today they announced vulnerabilites in some PIX and ASA appliances:

This month:

Last month:

The point is, just because you know about Patch Tuesday that’s not enough.  Ron Popeil doesn’t make IT security – you can’t just ‘set-it-and-forget-it’ after the Microsoft patches are rolled out.  If you’re a good SBSer you should (and probably already do) read Susan Bradley, Dana Epp and the SANS blog.  Security is a constant battle, and here are some more weapons to add to your utility belt.

Best Practices: 

  • If you ARE sporting Cisco gear on your networks, check out the Cisco Security Advisories website or subscribe to the RSS feed.
  • If you AREN’T running Cisco gear, be aware that everybody else on the internet is, and you may get support calls on internet connectivity issues if gear out in the cloud is affected.
  • Also, check out the United States Computer Emergency Readiness Team (US-CERT) Technical Cyber Security Alerts website or their RSS feed to stay on ahead of the security curve.
VN:F [1.9.20_1166]
Rating: 0.0/10 (0 votes cast)