A common issue that we encounter when migrating customers to AppRiver Secure Hosted Exchange or Office 365 is understanding the differences between public folders and shared mailboxes and when to use each one. If that wasn’t creating enough confusion, site mailboxes were recently introduced to combine SharePoint’s resource sharing features with emails and conversations processed by Exchange. So we are going to use this post to explain in a simple manner the differences between each option and when each can best be used to meet each requirement.

Public Folders
Public folders are designed for shared access and provide an easy and effective way to collect, organize, and share information with other people in your workgroup or organization. Public folders can also be used as an archiving method for distribution groups. When you mail-enable a public folder and add it as a member of the distribution group, email sent to the group is automatically added to the public folder for later reference. Main features are:

  • Public folders are stored in Exchange.
  • Public folders work well for enterprises with older versions of Office still deployed as well as brand new deployment.
  • Documents stored in Exchange don’t have the benefits of SharePoint document libraries (e.g. workflows, version control, metadata, etc.) and aren’t visible within SharePoint.
  • A common option used with public folders is to set an email account that will rout all incoming traffic to a public folder for a shared access.

Note: Office 365 has increased the limit on the number of public folders available to 250,000 folders.

Shared Mailboxes
Shared mailboxes make it easy for a specific group of people to monitor and send email from a common account, like public email addresses, such as sales@appriver.com or info@appriver.com. When a person in the group replies to a message sent to the shared mailbox, the email appears to be from the shared mailbox, not from the individual user. Shared mailboxes are a great way to handle customer email queries because several people in your organization can share the responsibility of monitoring the mailbox and responding to queries. Your customer queries get quicker answers, and related emails are all stored in one mailbox. Main features are:

  • Shared mailboxes provide a generic email address that can be used to send emails to a team.
  • Access to shared mailboxes is set under Exchange permissions.
  • Allows multiple users within an organization to monitor and reply to an email.
  • Reply email address is the shared mailbox address.

Site Mailboxes
A site mailbox can be used from a SharePoint team site to store and organize team email. It can also be used from Outlook 2013 (included with Office 365 ProPlus or Office Professional Plus) for team email, and as a way to quickly store attachments and retrieve documents from the team site. Main features are:

  • Emails are stored in Exchange.
  • Site mailbox is an app that you add to your SharePoint site.
  • It’s important to pick the right naming since once you have created a site mailbox, you can’t change its email address.
  • Invoking the site mailbox is done by cc’ing the email address of the site mailbox.
  • You can add folders from your site mailbox to your outlook favorites so that it is directly visible in Outlook.
  • When viewing a site mailbox from outlook, both email and documents are visible.
  • You can add documents by attaching them to an email message.
  • Security is driven by SharePoint team site permissions.
  • Integrates with Outlook and can be also accessed through the Office 365 web app.

If you need further information regarding Public Folders, Shared Mailboxes and Site Mailboxes and how each can be used within your organization contact support@appriver.com.

By: Aaron Cohoon

We’re getting reports from users on both AppRiver’s Hosted Exchange and Microsoft Office 365 platforms that calendar events are displaying two time zones on iPhones and iPads running iOS 8. Calendar events that were created on an iPhone or iPad running iOS 8 or higher, or created in Microsoft Outlook in some cases, display the server time below the device’s local time when opened on an iPad or iPhone running iOS 8.0.0 through 8.1.1.

In this example the user’s mailbox server is hosted with Office 365 in GMT:

Calendar item

While this issue seems to be cosmetic since the device’s correct local time is still displayed in the calendar, it can potentially cause major confusion for users when they edit an event from an iPhone or iPad, as the Start time will default to the server time. One user has created a video detailing the issue and challenge it causes with editing events and posted it on YouTube here.

Tech Tip:

To edit an event displaying two time zones tap the Start time field, and make sure the time zone is correct before saving the changes to the calendar event on the device. This won’t prevent the server time zone from being displayed, but it will keep your calendar appointments set to the correct time when editing events on the go

Why is this happening?

Several users have reported this issue to Apple, and in one case the following response has been forwarded from Apple Support:

“The customer is contacting us because both the local time, and either the time of the originator or the server is showing in the Calendar app.  This is expected behavior with iOS 8.The customer can submit feedback on this feature at http://www.apple.com/feedback.”

This is not behavior observed with other email and calendar clients supporting Exchange such as Outlook, Android, Windows Phone, or BlackBerry mobile devices. Calendar events should display the time zone the event was created in as determined by the client software (Outlook or the settings on your mobile device) not the time zone in which the server is housed. Time zones are controlled at the individual mailbox client level because each Exchange server can, and does house mailboxes of users who live, work, and travel throughout different time zones.

Time Zone override is the only feature in iOS 8 that is known to display two time zones in a calendar event.  Since Time Zone Override replaced the Time Zone Support feature in iOS, we can assume its expected behavior is to display events in an iOS device’s local time as well as the time zone in which the event was created.

For example, you live in New York, your time zone is EST, and you are traveling to London, in GMT, when you get to London you’re time zone is 5 hours ahead of New York time, but you have to call a client back home at 4 PM EST. The Time Zone override feature should display your calendar events that were created in New in both EST and GMT

Unfortunately, users are seeing their server times displayed while they’re home and all of their client settings are set correctly to New York (for this example). I have reported this as a feature bug to Apple as this happens even when Time Zone Override is turned off. To further confuse the perception of “expected behavior”, Apple has not included Time Zone Override in the official IOS 8 (now 8.1) manual as of today.

http://manuals.info.apple.com/MANUALS/1000/MA1565/en_US/iphone_user_guide.pdf

Resolution:

After extensive troubleshooting and providing several examples to Apple Support, my ticket on the issue was escalated to Apple’s Engineering team. Unfortunately there is still no fix, but I have been assured there is something in the works. Apple’s Enterprise team sent me an acknowledgement after their Engineering team reviewed my case and that of several other users.

“Thank you for calling in so we may add to impact on issue with Exchange accounts and calendars on ios 8. Apple is aware of this and currently being worked on.”

From what they’ve told me they have enough examples now to know the issue with dual time zones displayed in events is specific to an iOS 8 feature. However, I was also informed the reported impact has been minimal. In order to increase awareness so that there can be a fix applied in an update soon I encourage any user encountering this issue to submit feedback at the following web address: http://www.apple.com/feedback/iphone.html

 

 

logoFake Best Buy purchase confirmations attempting to spread malware have been circulating for the past week. These messages are simple. They appear with “Best Buy” in the [from] field and they inform the recipient that an order has been placed with Best Buy which needs to be confirmed for pick up. The recipient is then directed toward the attachment which contains a Trojan downloader commonly referred to as Kulzuoz or Zortob. This file is merely a means to infect the user so that more malicious software can be downloaded, thus the profile of downloader. At the time of our analysis this program was pulling down what appears to be software geared toward data theft, although this malware has been used extensively to infect users with FakeAV malware.

bestbuyvirus

The email campaign started on Thanksgiving Day in the U.S., a time when millions of consumers began flocking to the web to take advantage of online holiday deals. These messages are meant to catch any and all unsuspecting users off guard but might be especially effective with those who have actually made purchases at Best Buy recently.

The volume of messages has been quite high, as we have already quarantined nearly 1.5 million of these malware-laden emails. Here is a look at the traffic(number of emails seen inbound) from this campaign over the past 7 days:

bbuy_virus

The good news for our users is that we had predictive rules in from the onset of this campaign and therefore none of these messages have leaked through to our SecureTide users.

Over the past several day we have been seeing several malicious email campaigns posing as legitimate communication from Amazon. The first campaign is posing as messages from the amazon.co.uk with the subject line reading: Your Amazon Order Has Dispatched (#3digits-7digits-7digits). These messages purport to be order shipment notifications. These messages began hitting our filters on 10/31/14 and have been coming in consistently ever since. Thus far we have quarantined just over 600,000 of these messages. Each message contains a Word document (MD5: a75e196e6c0cabc145f4cdc3177e66ec) that contains a malicious macro. In most instances users should at a slightly lower risk with this infection vector, since macros are not enabled by default in more recent versions of Word.  The macro (if allowed to execute)leads to the install of a Trojan dropper. The malware currently creates a process named SUVCKSGZTGK.exe on the victims machine. Eventually this leads to the install of key-logging malware designed to harvest banking login credentials, email credentials and social media credentials. As we commonly see with this these types of campaigns, the payload can be changed out by the malware distributors so this dropper could pull down some other form of malware in the future.

Here is a look at the message:

amazon_sample_2

In a separate email blast, another group is distributing malicious emails posing as Amazon order confirmation emails. These emails are coming is at a slightly slower clip than the former campaign mentioned but we have quarantined nearly 160,000 of these message over the past few days. They appear from amazon.com with the subject reading: Your order on Amazon.com.  These email have a bit more of a legitimate look as they utilize actual graphics taken from Amazon. Instead of a malicious attachment, these messages utilize links to compromised wordpress sites. Clicking these links will launchthe download of a .scr file  named: invoice1104.pdf[dot]scr. Which should be a huge red flag to most users as the .scr file extension is used almost exclusively for malware infection these days. The .scr file(MD5: 09cb12d7cd0228360cd097baeaaa6552) is in fact a Trojan dropper that will lead to the install of more malware once it has infected the host. Once again, from here, the sky is the limit for the malware distributors since they can now download and install remote files of their choosing.

Here is a look at the message and prompt :

amazon_sample_1

 

popout

This is a very popular time of the year for these types of scams with so many people in shopping mode in preparation for the holidays. With many people expecting purchase confirmations and shipping confirmations with much more frequency, it increases the likelihood that people will far for this scam. Be extra cautious this holiday shopping season and if you are suspicious of unauthorized activity on your Amazon account, never follow the link in an email such as this, go directly to the website and check your account from there.

PunkinAh, Halloween.  A time when people dress up in creepy costumes and enjoy a marathon of classic horror flicks.  And while some people may be spooked more easily than others, here are five things that will alarm even the most fearless IT security pro.

 

  • Protecting a network without sufficient funds.  Whether it’s locating qualified staff or convincing upper management that system updates are necessary expenditures, the lack of funds can seriously impede the health of an organization’s security posture.
  • A future of unknowns.  IT security pros spend a lot of time researching the world of cybercrime so that they can stay out of harm’s way.  Happily, White Hats are good at disseminating information to their peers when breach occurs.  Vulnerabilities were recently found in Heartbleed SSL and Shellshock Bash, for example, and the community responded by sharing information and patching networks before incident.  But what about those unknown exploits?  It’s enough to keep IT pros up at night.
  • The next Zero Day attack. These large-scale attacks often leverage the aforementioned secret vulnerabilities and use them to spread online malaise quickly. Examples include Storm Worm, which targeted an internet-consuming public and Stuxnet or Duqu that was a customized espionage attack.  Oftentimes, these attacks are able to operate for quite a long time without anyone ever being the wiser.
  • Insider threats.  Threats can come from careless, lazy or even well-intentioned employees who have intimate knowledge of the company’s network and accounts.  In the case of a disgruntled former employee, access can be revoked immediately but with the employee who accidentally falls for a social engineering scam, your network may never be the same.
  • Falling victim to data breach.  We seem to hear about data breaches on daily basis as of late.  Not only must IT pros take care of internal damage to systems, but also worry about stolen customer data.  This is an expensive problem that can cost millions of dollars due to direct loss and preventative assurances, like paying for victims’ credit monitoring.  Then there’s consumer confidence and negative publicity that likely affects bottom line.

 

No one wants to be the next victim of data theft or deal with unknown attacks, and because of that, sometimes it’s good to be a little afraid as an IT Security Pro.  A small dose of fear can be healthy and motivate us to go the extra mile in preventative care.  After all, those who remain complacent in their security practice often find themselves to be the next target we’ll read about in tomorrow’s newspaper.