Year: 2014

As it's name would suggest, Episode One - Setting the hook, is the first of hopefully several short stories written about the interactions of end users, systems administrators and the cyber criminals working hard to get in between them.  The stories are a mixture of completely fictional tales, my experiences in the better part of two decades in IT (the names have been changed to protect the innocent and the guilty alike) and, in some cases, a mixture of the two. My hope is that the stories are equally entertaining both to the non-technical and technical reader alike, possibly giving each a different perspective of the other and making everyone's job a little easier when it comes to using, managing and securing the technology that we all rely on day to day.…

Shadow IT - a term often used to describe IT systems and IT solutions built and used inside organizations without explicit organizational approval. It is also used, along with the term "Stealth IT," to describe solutions specified and deployed by departments other than the IT department. This has always been 'a thing' but we're definitely seeing a rise in shadow / rouge IT in many of the organizations that we support.  I can understand it from it's various different perspectives (end user, management and IT department) and can see merits for each but, as a contractor often responsible for a) finding and b) fixing the mess, I tend to side wiht the IT department in most cases.   From the users perspective, buying their own kit to do their job better,…

A new Internet connection, even from the same Internet Service Provider, can be a nightmare for your home or office network.   You can save yourself the trouble with a few quick and easy steps. Ok, so you have a small network at your office.  You have a couple of workstations, maybe some printers and possibly even a server or two.  Things are working well but you need to make a change to your Internet service.  Perhaps you have DSL and get an offer from the cable company for significantly faster service at the same price that you're paying now.  Perhaps you have DSL and get an offer from the same provider offering Uverse (faster) at the same or even a lower price.  Either way, you decide to make a change…

What's New 2014 Holiday Schedule - Below is our 2014 holiday schedule.  We want to wish everyone a Merry Christmas and a Happy New Year.    Christmas - Closed Wednesday, 24 December and Thursday, 25 Decmeber 2014.  We will be open on Friday, 26 December. New Year - Closed Wednesday, 31 December [2014] and 1 January 2015.  We will be open on Friday, 2 January. Focus for 2015 on Security - By any measure, the latter part of 2013 and all of 2014 year have been bad when it comes to security.  We've had Target, JP Morgan Chase, Michaels, Neiman Marcus, Texas Health and Human Services, the IRS, the Department of Public Health and Human Services, Community Heath Systems / Tennova and Home Depot and those are just the ones that were reported (discovered?)…

Quick and easy ways to protect yourself from cyber criminals this holiday season The holidays are coming and everyone's looking for a way to make a few extra bucks.  Unfortunately, this includes the scoundrels behind the fake tech support scams that seem to be so effective.  We've reported a couple of times in the past the telephone tech support scams but the ArsTechnica article below does a really good job of outlining (via the FTC complaint) how another similar attack works.  With folks spending a lot of time shopping online (with or without the holiday eggnog), the unfortunate reality is that many will become victims of these scams.  We've put together the following short list of some things to keep in mind when it comes to your computer: Find a good tech support…

Earlier today we erroniously posted an article noting that, regarding MS14-068 (the TLS patch), "it may be worth waiting to see if anyone else has problems with it".  That is not the case and all users should update as soon as is feasible.  This update addresses a "vulnerability in Kerberos could allow elevation of privilege and could allow for forging of part of Kerberos service ticket.".   Contrary to the earlier post, this update should be applied as soon as possible.     From the Microsoft Technet site directly (bold and italics added): Summary: This security update resolves a privately reported vulnerability in Microsoft Windows Kerberos KDC that could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account. An attacker could use these…

The Internet Storm Center posted earlier today that Microsoft plans to release MS14-068 today which apparently addresses a critical vulnerability in several versions of Windows that can allow an attacker to escalate access on a vulnerable computer.  The text of the ISC article is below and I suspect Microsoft will be making downloads available shortly.  I have not seen any indication (yet) that this is remotely exploitable, so it may be worth waiting to see if anyone else has problems with it.  Additionally, I still haven't heard much about MS14-075 and there are no additional details on the Microsoft site (yet).  We expect to this update available to MyIT customers so that will be installed during normal reboots.     Today, Microsoft will release MS14-068. This is one of the bulletins that…

What's New 2014 Holiday Schedule - Below is our 2014 holiday schedule.  As we move into the 2014 holiday season, we want to wish everyone a Happy Thanksgiving, a Merry Christmas and a Happy New Year.   Thanksgiving - Closed Thursday, 27 November and Friday, 28 November 2014. Christmas - Closed Wednesday, 24 December and Thursday, 25 Decmeber 2014. New Year - Closed Wednesday, 31 December [2014] and 1 January 2015. What do the Target Breach and Home Depot breach have in common?  In December of 2013, we learned that Target had suffered a massive security breach where the identities of more than 40 million people were exposed.  In September of 2014, we learned that Home Depot suffered a massive security breach where the identies of more than 50 million people…

RAID is not a backup (and backup is not RAID) How can I use RAID and backups to protect my data?   Today, our lives revolve around data;  documents, spreadsheets, pictures, movies, contacts, calendars, emails, etc., and all of that data resides on a hard drive somewhere.  Those hard drives, how they're configured and how your data is (or is not) protected is the subject of this article.  If you have any data, grab a cup of coffee and a comfy chair and I'll try to explain RAID, backup and why the two aren't the same in human readable language :). Why are things like RAID and backups important?  The value or importance of things like RAID and backups are directly related to the value or importance of the data.  If…

Do you have a smartphone?  If so, is it encrypted?  Smartphones (and / or tablets) like the iPhone and various Andriod phones have offered the option to encrypt the phone for some time now.  I've been a big fan of this for some time and have a number of clients that routinely store sensitive information (emails from clients, documents, photos, etc.) on their phones or have VPN access to their offices on their phones that also make extensive use of the encryption options available.  It's always been hard though to get folks that don't know that they have sensitive information on their phones to encrypt them though because it's perceived as an extra layer of complexity without any real benefit.  That may no longer be the case though.  According to…