Tech, Web, Cloud & Cabling Services
BigBeagle.com Category
Symantec has recently become aware of a medium vulnerability in older versions of the server agent. The latest version addresses this vulnerability in new installations and was released February 15th, 2017. Server agents that are not already upgraded will be identified in the SEP SBE cloud management console starting on March 8th. A manual upgrade will be required to ensure you have the latest protection.
Due to a critical security vulnerability with SSL 3.0 (an 18-year-old, outdated technology), we recommend disabling it on your server. We have instructions on how to do that in the Updating section but recommend reading the entire document to understand the scope of what this does.
What does POODLE do?
In short, it’s a way attackers can compromise SSL certificates if they’re on the same network as the target if (and only if) the server the target is communicating with supports SSL 3.0.
Google has a lot more detail on their security blog here.
Does POODLE affect my server/sites?
Because POODLE is a vulnerability in SSL technology, it only impacts sites using SSL certificates. If your server or your sites don’t use an SSL certificate, you don’t need to update your server. However, we recommend doing it now in case you do end up installing an SSL certificate at a later date.
Updating
How you update your server depends on whether your server uses a Linux® distribution or Windows® and if it uses cPanel.
cPanel
cPanel requires slightly different steps from any other control panel/operating system configuration.
To Configure cPanel to Prevent POODLE Vulnerability on HTTP
1. Log in to your cPanel (more info).
2. In the Service Configuration section, click Apache Configuration.
3. Click Include Editor.
4. In the Pre Main Include section, from the Select an Apache Version menu, select All Versions.
5. In the field that displays, type the following, depending on which version of CentOS you’re using:
| CentOS Version | Type this… |
|---|---|
| Cent OS/RHEL 6.x |
SSLHonorCipherOrder On
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 |
| Cent OS/RHEL 5.x |
SSLHonorCipherOrder On
SSLProtocol -All +TLSv1 |
If you encounter errors while applying this update, please review this forum post at cPanel that discusses potential fixes.
6. Click Update.
Preventing POODLE on Other Protocols (FTP, etc.)
Right now, only servers using RHEL can protect themselves against POODLE on non-HTTPS protocols. They can do this by updating the latest version of OpenSSL, and then implementing TLS_FALLBACK_SCSV.
Servers using CentOS do not yet have a known fix for the vulnerability on non-HTTPS protocols. However, we will update this article with those instructions as soon as we do.
Linux (Apache)
Modify your Apache configuration to include the following line:
SSLProtocol All -SSLv2 -SSLv3
For more information on how to do that, view Apache’s documentation.
Windows (IIS)
Modify your server’s registry (which removes access SSL 3.0 support from IIS) using Microsoft’s document here. You can jump down to the Disable SSL 3.0 in Windows section.
Hillary Clinton’s use of a private email server when she served as US secretary of state has been a major issue for the 2016 presidential candidate. Here are the six most critical facts about it.
The FBI recently wrapped up its investigation into Hillary Clinton’s use of a personal email server while she was serving as secretary of state. FBI director James Comey called the actions “extremely careless,” but recommended that no charges be brought against Clinton.
She is now the presumptive Democratic nominee for the upcoming presidential election in November, and her actions relative to the email server have become a hot-button issue among her opponents. The situation, however, is nuanced; and there are a lot of details to understand about the scenario. Here are the most important facts.
While serving as secretary of state under President Barack Obama, Hillary Clinton used multiple private email servers to communicate regarding government business, according to the State Department. Additionally, it was revealed that Clinton never had a government (.gov) email address while she was serving in her post—we’ll talk about which email address she used in a moment—and her aides did not take any actions to preserve the emails sent through her personal account. This prompted an investigation by the FBI to determine if Clinton intentionally put classified information at risk.
Clinton handed over 30,000 emails to the State Department, of which 110 contained classified information at the time they either were sent or received, according to the FBI’s findings. During the investigation, though, Clinton asserted that none of the emails she sent or received were classified at the time. The biggest implication has been the potential threat to national security. While the contents of the emails have not fully been released, if they had contained sensitive information it could have possibly fallen into the wrong hands. As noted by the New York Times, Comey said it was “possible” that enemy foreign governments had accessed Clinton’s personal email account.
The second biggest implication is that of transparency. The Federal Records Act requires that all communication in certain branches of government be recorded on government servers, and it forbids the use of a personal email account for government business, unless those emails are then copied and archived. However, there are a lot of technicalities involved, and there is evidence that other government officials had violated the act. As Alex Howardwrote for the Sunlight Foundation, there is also evidence that Clinton tried to control the discoverability of the emails under the Freedom of Information Act (FOIA), which could set a precedent for limiting public access to government records. It is also believed that Clinton deleted 31,000 emails deemed personal in nature before turning the emails over to the State Department.
When she was appointed secretary of state in 2009, Clinton began using the email address hdr22@clintonmail.com, tied to a personal server. Clinton’s personal email server was first discovered in 2012, by a House committee investigating the attack on the American Consulate in Benghazi. In 2013, hacker Guccifer claimed to have accessed Clinton’s personal email account and released emails that were allegedly related to the Benghazi attack.
The next year, in the summer of 2015, the State Department began asking Clinton for her emails correspondence, and she responded by delivering boxes containing more than 30,000 printed emails. In early 2015, the New York Times reported that Clinton had been using her personal email exclusively, and never had a government email address. A federal watchdog group issued an 83-page report condemning the “systemic weaknesses” of Clinton’s email practices in May. On Tuesday, the FBI concluded its investigation and recommended against any charges.
When Clinton was running for president in 2008, she had a private server installed at her home in Chappaqua, New York. The domains clintonemail.com, wjcoffice.com, and presidentclinton.com, which were registered to a man named Eric Hoteham, all pointed to that server. In 2013, a Denver-based IT company called Platte River Networks was hired to manage the server, but wasn’t cleared to work with classified information. The company executivesreceived death threats for taking on the contract. It was later discovered that multiple private servers were used for Clinton’s email.
Clinton used a BlackBerry phone to communicate during her tenure as secretary of state, including sending and receiving emails through her private server in New York. The State Department expressed concern about the security of the device. Clinton had requested the NSA provide a strengthened BlackBerry, similar to the one used by President Obama. But, her request was denied. Instead, the NSA requested that Clinton use a secure Windows Phone known as the Sectera Edge, but she opted to continue using her personal BlackBerry.
Right now, it’s too early to tell whether or not Clinton will be charged for her use of private email servers. While Comey’s recommendation that no charges be brought will likely weigh in the decision, it is ultimately up to the US Department of Justice to make the call. However, a recent Politico analysis of multiple, similar cases spanning the past 20 years, seem to point to an indictment being “highly unlikely.” According to a former senior FBI official quoted in the analysis, the Justice Department tends to avoid prosecution in cases that are not “clear-cut.”
The first lesson that IT can learn from this situation is that transparency is critical, at all levels in your business. This isn’t to say that the CEO should be broadcasting his or her emails to all employees every week, but steps should be taken to ensure that information can be accessed if need be. As part of adigital leak protection program, security expert John Pironti said that organizations need to know if users are using a personal email account to conduct business.
“This behavior is often a violation of acceptable use policies and can expose an organization’s sensitive information to unsecured systems and e-mail accounts,” Pironti said. “Without this visibility an organization may not be aware that their intellectual property, customer data, or sensitive data assets are not being protected appropriately and they also may be in violation of contractual agreements with their clients regarding the security of their data as well as regulatory requirements.”
The second takeaway for IT is that policies should be enforced from the top down. Sure, a CXO may get their support tickets expedited, but that doesn’t mean that exceptions should be made that could compromise the security or integrity of the organization for the sake of comfort or convenience. Leaders should model the policies that are in place to showcase the importance of adhering to them, especially regarding security and privacy policies.
Finally, the importance of records management should not be overlooked. In Clinton’s case, since multiple servers were used, the FBI had to piece together “millions of email fragments” before they could look into them. Proper labeling and management of all records will make for a more cohesive environment and assist in accountability.
Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/
South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.
To read this article in its entirety click here.
The revelation of the so-called Meltdown and Spectre vulnerabilities spurred a scramble among technology’s biggest players, from Apple Inc. to Amazon.com Inc., to enact fixes and reassure customers they were on top of the problem.
Modern processors guess what they’ll have to do next and fetch the data they think they’ll need. That makes everything from supercomputers to smartphones operate very fast. Unfortunately, as Google researchers discovered, it also provides a way for bad actors to read data stored in memory that had been thought to be secure. In a worst-case scenario, that would let someone access your passwords.
The vulnerability won’t stop your computer working and doesn’t provide an avenue for hackers to put malicious software on your machine. Though it could put important data at risk, there’s been no report so far of anyone’s computer being attacked in this manner. More broadly, though, the new fears could undermine longtime assurances that hardware and chip-level security is more tamper-proof than software.
The weakness was discovered last year by folks Google employs to find such issues before the bad guys do. Usually, solutions are developed in private and announced in a coordinated way. This time the news leaked before the companies involved had a chance to get a fix in place.
Chipmakers and operating system providers, such as Alphabet Inc.’s Google and Microsoft Corp., are rushing to create software patches that will close the potential window of attack. Intel said that it expects to have issued updates for more than 90 percent of recently introduced processor products. Amazon.com Inc. said “all but a small single-digit percentage” of its servers have already been protected. In a blog post, Google said its security teams immediately “mobilized to defend” its systems and user data. Some customers of Android devices, Google Chromebook laptops and its cloud services still need to take steps to patch security holes, the company said. Patches for Windows devices are out now and the company is securing its cloud services, Microsoft said in a statement.
No, though that seems to be what panicky investors initially thought. Intel says it’s an issue for all modern processors. But rival Advanced Micro Devices Inc. stated that its products are at “near-zero risk.” ARM Holdings, which has chip designs that support all smartphones, said that, at worst, the vulnerability could “result in small pieces of data being accessed” and advised users of its technology to keep their software up to date. Google fingered all three companies. Apple said all Mac computers and iOS devices — including iPhones and iPads — were affected, but stressed there were no known exploits impacting users and that steps taken to address the issue haven’t dented performance.
Some computers, mostly older ones, could be slowed down by the software patches that will make them more secure. Intel said that in common situations software might be slowed down by as much as 3 percent or not at all. But in other rare situations, performance might be reduced as much as 30 percent. The company doesn’t expect any financial impact and said it thinks customers will keep buying. As the fixes haven’t been widely deployed yet, it’s unclear whether anyone will even notice or whether computer slowdowns will be widespread. Intel has only done lab tests.
Check out a recently developed and designed website by South Jersey Techies Website Team for Garden State Home Loans in Cherry Hill, NJ.
Microsoft Office 2013 was a popular productivity suite that included several essential tools such as Word, Excel, PowerPoint, and Outlook. It was released in 2013 and was widely used by individuals, businesses, and organizations of all sizes. However, like all software products, Microsoft Office 2013 has reached its end of life, and users are now advised to upgrade to Microsoft 365, the cloud-based version of Microsoft Office.
End of life, or EOL, refers to the point in time when a software product is no longer supported by the manufacturer. In the case of Microsoft Office 2013, this means that Microsoft will no longer provide technical support, bug fixes, security updates, or new features for this product. This makes the software more vulnerable to cyberattacks, viruses, and malware. Continuing to use Microsoft Office 2013 after the end of life date could result in data loss, security breaches, and other serious problems.
If you’re using Office 2013, it’s probably a good time to upgrade your version of Microsoft Office.
The best way to protect yourself and your organization is to upgrade to a newer version of Office:
Microsoft 365 is an all-in-one cloud solution with a number of different licensing options to fit your organization’s needs. The best part about cloud-based applications is that you no longer have to worry about retirements, patches, and end of support. Cloud licenses are automatically updated with new features, new applications, and security updates. Many cloud subscriptions also include installed (or desktop) versions of the application, so you can have the same look and feel of the Office applications you are accustomed to using, but built with more robust features and benefits.
Office Home and Business 2021 is for families and small businesses who want classic Office apps and email. It includes Word, Excel, PowerPoint, and Outlook for Windows 11 and Windows 10. A one-time purchase installed on 1 PC or Mac for use at home or work.
If you have any questions, please email us at support@sjtechies.com or call us at (856) 745-9990.
The EU GDPR is a law designed to protect and empower residents of the EU by guiding business usage of personal data. In essence, it is reshaping the way corporations handle personal data by controlling its collection, use, and storage. It will replace the regulations and frameworks of the existing 20-year-old directive (95/46/EC).
The data subject: This is any individual that can be directly or indirectly identified or uniquely singled out in a group of individuals, from any stored data.
Personal data: This is any information relating to an individual, whether in reference to their private, professional, or public life. It includes things like names, photos, email addresses, location data, online identifiers, a person’s bank details, posts on social networking websites, medical information, work performance details, subscriptions, purchases, tax numbers, education or competencies, locations, usernames and passwords, hobbies, habits, lifestyles, or a person’s computer’s IP address.
The data controller: This is the person who, alone or jointly with others, determines the purposes for, and means of, processing personal data. A data controller is not responsible for the act of processing (this falls to the data processor); they can be defined as the entity that determines motivation, condition, and means of processing.
Generally, the role of the controller is derived from the organization’s functional relation with the individual. That is, a business is the controller for the customer data it processes in relation to its sales, and an employer is the controller for the employee data they process in connection with the employment relationship.
Data processors: This is the person who processes personal data on behalf of the controller. Typical processors are IT service providers (including hosting providers) and payroll administrators. The processor is required to process the personal data in accordance with the controller’s instructions and take adequate measures to protect the personal data. The GDPR does not allow data processors to use the personal data for other purposes beyond providing the services requested by the controller.
Processing refers to any operation or set of operations performed upon personal data, whether or not by automatic means—such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure, or destruction. Processing must be fair and lawful, although transparency is significantly strengthened. The processor may not use the personal data for their own purposes.
Under the GDPR, data subjects can request the following:
We’re not done yet. There are four more important elements to consider with GDPR as you become ready.
For controllers, GDPR requires that breach notice must be provided, where feasible, within 72 hours of becoming aware of a breach; processors need to provide notice to controllers without undue delay. Any data breaches must be documented.
This requires the level and type of data being processed to be limited to the minimum amount of data necessary. This requires you to ensure that the purpose in which the data is agreed and the purpose in which the data was collected are materially similar. The processors should ensure that individuals’ privacy is considered at the outset of each new processing, product, service, or application, and only minimum amounts of data are processed for the specific purposes collected and processed.
The GDPR defines pseudonymization as “the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information.” To pseudonymize data, the “additional information” must be “kept separately and subject to technical and organizational measures to ensure non-attribution to an identified or identifiable person.” In other words, it is a strategy designed to enhance protection and privacy for applicable identifying data.
Although similar, anonymization and pseudonymization are two distinct techniques that permit data controllers and processors to use de-identified data. The difference between the two techniques rests on whether the data can be re-identified.
This requires the processing of personal data to be fair and lawful. Generally, only the level and type of data collected should be limited to the minimum amount of data necessary (see data minimization above). There are a number of methods in which the data may be processed, including: express consent (which may be withdrawn at any time), legitimate interest basis (the subject of which legitimacy may be challenged by the data subject), honoring obligations under the agreement with the data subject, or any other legal basis that may apply.
We know this information can be overwhelming, but taking the proper steps now will save you headaches later. SolarWinds provides products that can help you with getting ready. Our Risk Intelligence software is one of them, providing you with hard data on:
Search your ‘data at rest’ for risk areas and start the data mapping you need to get ready for GDPR.
Microsoft is previewing Stream, a new service for publishing and managing business videos. One day it will be the default video publishing system for Office 365.
On July 18, 2016, Microsoft announced that a preview version of a new service called Microsoft Stream was available. Like most of you, I passed over the news with an indifferent “whatever” attitude. But later I realized that the news was actually more important than I had first thought.
Microsoft Stream fulfills a niche by providing a secure place to share videos created within, and for, businesses. By using a cloud-based service like this, businesses can reap the benefits of video communication without the threat of anonymous forum trolls trashing the brand or harassing employees.
While it is still a preview version, Microsoft Stream seems mostly ready for prime time. All you have to do is set up an account with a valid business email—One can use a personal domain email—and then log in. To test how easy Stream is to work with, you can make a 10-second video with a smartphone. Upload your video to Google Drive and then drag and drop it on the Stream portal website.
The web service processes the video while you give it a title and a brief description. Stream then asks if you are ready to publish and when you say yes, it publishes the video after a few seconds of grinding. It takes all of two minutes from start to finish and requires nothing more technical than knowing how to drag and drop a file.
Gone are the days of worrying about file format, aspect ratio, preferred playback applications, and all the other minutia we had to go through in years past to get a video published. You just take the video and then publish the video.
The key features of Microsoft Stream have to do with managing videos after they are published. Videos can be classified and placed into specific channels. Those channels can have their access restricted to certain individuals or certain groups, like a specific department, for instance. Access is controlled via the Azure Active Directory system.
According to the blog post, Microsoft plans to integrate Stream into the existing Office 365 Video system. Once the integration is complete, Microsoft Stream will be the default system for publishing video in an Office 365 environment.
There are plans in the works to add intelligent search to Stream by taking advantage of tools like audio transcription and face recognition. Developers are also working on ways to integrate Stream with other tools, like PowerApps, Microsoft Flow, and SharePoint.
We are aware of Microsoft Bookings and how that application attempts to cut out other third-party developers by integrating appointment scheduling for small businesses with the standard Office 365 subscription. By offering Stream, a secure video publishing and management service, Microsoft is attempting to execute the same strategy for video publishing.
Microsoft Stream gives businesses a secure system for publishing videos. Through Stream, businesses control access and manage who can see what and when they can see it. And because it is all handled internally, problems with anonymous forum trolls are likely to be reduced.
It seems that Microsoft’s grand strategy is to become the only software company a business needs—ever. The glaring application that Office 365 is missing now is a double-entry accounting system that includes payroll, accounts receivable, accounts payable, and the general ledger. Should we be looking for an announcement regarding those applications soon, Microsoft?
Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/
South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.
To read this article in its entirety click here.
Google fiber is coming to your town. But not without a fight. After Louisville, Kentucky approved legislation that would allow Google Fiber to piggyback on pre-existing telecommunication infrastructure, AT&T sued the city.
“The ordinance in question, known as “One Touch Make Ready,” essentially allows Google (or any other ISP) to install its equipment on existing utility poles, including those owned and maintained by AT&T. Despite strong opposition from AT&T and Time Warner Cable, the ordinance passed with a 23-0 vote.”
AT&T claimed a need to defend past infrastructure investment, and that the ordinance violates current telecommunication rules. The city of Louisville countered claiming, “gigabit fiber is too important to our city’s future.” Google pledged to support the city.
Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/
South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.
To read this article in its entirety click here.
Mobile devices are almost universal in the enterprise in 2016. Tech Pro Research conducted a survey to see what devices employees are using for work, and how safe these devices are.
In new research conducted by Tech Pro Research, 98% of respondents said they use mobile devices for work. Smartphones and laptops were the most common, with 94% of respondents who use mobile devices using them. 74% of mobile device users said they work with tablets. Wearables haven’t found a widespread usage base in the workplace, with only 14% reporting using them. When users rated the security of devices based on vendors, Apple got the best ratings in all categories.
For smartphones Apple’s high ratings could be partially attributed to familiarity since 67% of respondents said employees at their company use iPhones. Only Samsung was close to Apple in terms of prevalence, and the company was way behind Apple in security ratings.
Apple also had the largest share of tablet use, and the highest security rankings, among respondents. 53% said they and their colleagues use iPads and 46% of users ranked security as very good or excellent.
Dell was the most popular brand among respondents, in terms of use for work, but it got third place in security ratings.
Security on wearables appears to still be developing, based on the mediocre security ratings among all brands, and the fact that security feature usage isn’t the norm for wearables yet.
Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/
South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.
To read this article in its entirety click here.
CALL US NOW!