Back to Top

Tech, Web, Cloud & Cabling Services

Author Archives: Website Admin

Disabling SSL 3.0 Support on Your Server (POODLE Configuration)

 

Due to a critical security vulnerability with SSL 3.0  (an 18-year-old, outdated technology), we recommend disabling it on your server. We have instructions on how to do that in the Updating section but recommend reading the entire document to understand the scope of what this does.

What does POODLE do?
In short, it’s a way attackers can compromise SSL certificates if they’re on the same network as the target if (and only if) the server the target is communicating with supports SSL 3.0.

Google has a lot more detail on their security blog here.

Does POODLE affect my server/sites?
Because POODLE is a vulnerability in SSL technology, it only impacts sites using SSL certificates. If your server or your sites don’t use an SSL certificate, you don’t need to update your server. However, we recommend doing it now in case you do end up installing an SSL certificate at a later date.

Updating
How you update your server depends on whether your server uses a Linux® distribution or Windows® and if it uses cPanel.

cPanel

cPanel requires slightly different steps from any other control panel/operating system configuration.

To Configure cPanel to Prevent POODLE Vulnerability on HTTP

1. Log in to your cPanel (more info).
2. In the Service Configuration section, click Apache Configuration.
3. Click Include Editor.
4. In the Pre Main Include section, from the Select an Apache Version menu, select All Versions.
5. In the field that displays, type the following, depending on which version of CentOS you’re using:

CentOS Version Type this…
Cent OS/RHEL 6.x
SSLHonorCipherOrder On
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
Cent OS/RHEL 5.x
SSLHonorCipherOrder On
SSLProtocol -All +TLSv1

If you encounter errors while applying this update, please review this forum post at cPanel that discusses potential fixes.

6. Click Update.

Preventing POODLE on Other Protocols (FTP, etc.)

Right now, only servers using RHEL can protect themselves against POODLE on non-HTTPS protocols. They can do this by updating the latest version of OpenSSL, and then implementing TLS_FALLBACK_SCSV.

Servers using CentOS do not yet have a known fix for the vulnerability on non-HTTPS protocols. However, we will update this article with those instructions as soon as we do.

Linux (Apache)

Modify your Apache configuration to include the following line:

SSLProtocol All -SSLv2 -SSLv3

For more information on how to do that, view Apache’s documentation.

Windows (IIS)

Modify your server’s registry (which removes access SSL 3.0 support from IIS) using Microsoft’s document here. You can jump down to the Disable SSL 3.0 in Windows section.

What You Need to Know About the Big Chip Security Problem

According to Intel Corp.,most of the processors running the world’s computers and smartphones have a feature that makes them susceptible to hacker attacks. The chipmaker, working with partners and rivals, says it has already issued updates to protect most processor products introduced in the past five years, but the news sparked concern about this fundamental building block of the internet, PCs and corporate networks.

The revelation of the so-called Meltdown and Spectre vulnerabilities spurred a scramble among technology’s biggest players, from Apple Inc. to Amazon.com Inc., to enact fixes and reassure customers they were on top of the problem.

1. What’s the problem?

Modern processors guess what they’ll have to do next and fetch the data they think they’ll need. That makes everything from supercomputers to smartphones operate very fast. Unfortunately, as Google researchers discovered, it also provides a way for bad actors to read data stored in memory that had been thought to be secure. In a worst-case scenario, that would let someone access your passwords.

2. How bad is it?

The vulnerability won’t stop your computer working and doesn’t provide an avenue for hackers to put malicious software on your machine. Though it could put important data at risk, there’s been no report so far of anyone’s computer being attacked in this manner. More broadly, though, the new fears could undermine longtime assurances that hardware and chip-level security is more tamper-proof than software.

3. How was it discovered?

The weakness was discovered last year by folks Google employs to find such issues before the bad guys do. Usually, solutions are developed in private and announced in a coordinated way. This time the news leaked before the companies involved had a chance to get a fix in place.

 

 

4. What’s being done to fix it?

Chipmakers and operating system providers, such as Alphabet Inc.’s Google and Microsoft Corp., are rushing to create software patches that will close the potential window of attack. Intel said that it expects to have issued updates for more than 90 percent of recently introduced processor products. Amazon.com Inc. said “all but a small single-digit percentage” of its servers have already been protected. In a blog post, Google said its security teams immediately “mobilized to defend” its systems and user data. Some customers of Android devices, Google Chromebook laptops and its cloud services still need to take steps to patch security holes, the company said. Patches for Windows devices are out now and the company is securing its cloud services, Microsoft said in a statement.

5. Is this just an Intel problem?

No, though that seems to be what panicky investors initially thought. Intel says it’s an issue for all modern processors. But rival Advanced Micro Devices Inc. stated that its products are at “near-zero risk.” ARM Holdings, which has chip designs that support all smartphones, said that, at worst, the vulnerability could “result in small pieces of data being accessed” and advised users of its technology to keep their software up to date. Google fingered all three companies. Apple said all Mac computers and iOS devices — including iPhones and iPads — were affected, but stressed there were no known exploits impacting users and that steps taken to address the issue haven’t dented performance.

6. What will the fallout be?

Some computers, mostly older ones, could be slowed down by the software patches that will make them more secure. Intel said that in common situations software might be slowed down by as much as 3 percent or not at all. But in other rare situations, performance might be reduced as much as 30 percent. The company doesn’t expect any financial impact and said it thinks customers will keep buying. As the fixes haven’t been widely deployed yet, it’s unclear whether anyone will even notice or whether computer slowdowns will be widespread. Intel has only done lab tests.

Microsoft Office for iPad is here!

ipad-office

Edit, work, create, and get more done from your iPad, for free

ipad-office3

Four new, free apps are available on your iPad®. With both Microsoft OneDrive and Dropbox access, online storage—and access to your files—is always just a click away on your iPad. The new Microsoft Office apps give you the ability to flat out get more done.

  • With the new Microsoft Word app, you can edit, create, and save your docs, wherever work takes you
  • The new Excel app lets you analyze your data on the fly
  • Build and deliver your presentations—right from your tablet or phone—with the new PowerPoint app
  • The new Microsoft OneNote app helps you work collaboratively and stay organized on the go

With these apps, you can now access, edit, and save directly to your Dropbox account. You can even open and edit files that have already been saved in Dropbox.

Adding Dropbox is easy.  When you are in any of the new apps, follow these simple steps:

1. Tap on the arrow in the top left, then tap Open
2. Tap “Add a Place”
3. Select Dropbox

To get the Office apps for iPad®, open www.appstore.com/microsoftoffice from your iPad’s web browser.

 

How to install and activate Windows 10 using your Windows 7 or Windows 8 product key

windowsproductkey

Summary

Microsoft recently announced the first major update to Windows 10 which includes numerous improvements for end users and businesses. One of the welcome improvements is the compliance check when qualifying for the Windows 10 upgrade. Previously, Windows 7, Windows 8.0 and Windows 8.1 users needed to have either of those versions Windows installed and activated in order to qualify for the free upgrade offer. For persons who needed to perform a clean install of Windows 10 from the outset, it was a two step process of first validating the machine through the upgrade routine, ensure the Windows 10 Upgrade was activated, then proceed to perform a Reset. With the latest November Update (1511), users no longer have to go through this process. In this article, we take a look at how to install and activate Windows 10 using your Windows 7 or Windows 8 product key.

Details

For the purposes of this article, We are using a Windows 7 license to perform clean install using Windows 10.

Please note: The copy of Windows 10 you download must correspond with the edition of Windows you are licensed for:

  • Windows 7 Starter, Home Basic, Home Premium, Windows 8.0 Core, Windows 8.1 Core must use a Windows 10 Home ISO
  • Windows 7 Professional, Windows 7 Ultimate, Windows 8.0 Pro, Windows 8.1 Pro must use a Windows 10 Pro ISO
  • If you are using Windows 7 Enterprise, Windows 8.0 Enterprise, Windows 8.1 Enterprise editions you won’t be able to use the free upgrade offer.

Review complete instructions how to download the Windows 10 ISO in the following article:

How to download official Windows 10 ISO files

Review instructions here how to start a clean install if you desire, if you want to perform an upgrade, clickhere.

Have your Windows 7 or 8/8.1 product key ready. If you purchased a retail license, you can find the product key within the product box. The Windows 7 product key is normally found on an orange sticker attached to a pamphlet inside the box. The Windows 8/8.1 product key is found on a small business size card. See examples below. Please note, you can also use your OEM product key too if Windows came preinstalled on your computer.

Retail:

retail

Windows 8/8.1

windows-8

If your computer came preinstalled with an OEM version of Windows 7, look for the Certificate of Authenticity sticker attached to the chassis of your computer. Normally this can be at the side or top of the system unit. For laptops, look at the bottom of the chassis or inside the battery or memory compartment. It looks like the following:

productkey

If you are running an OEM preinstalled Windows 8/8.1 license, Windows 10 setup should automatically detect the product key and install it automatically.

With Windows 8, Microsoft had changed from stickers that have the product key that the user has to type in when installing the operating system to new BIOS embedded product keys. The idea is that by eliminating the sticker, you eliminate one of the easier ways for nefarious users to get a legitimate product key. Eliminating the product key sticker also removes any worry that the sticker might get damaged while at the same time eliminating the long and irritating process of typing in various letters and numbers when installing the operating system.

If the user has to reinstall the operating system on a machine that came with Windows 8, the installation process automatically grabs the software product key from the motherboard BIOS with no input from the user. This means that those familiar Windows product key stickers will no longer appear on the Windows 8 computers.

If you have lost your Windows product key, Microsoft recommends you purchase a new one. 

http://windows.microsoft.com/en-gb/windows/where-find-windows-product-key#where-find-windows-product-key=windows-7

You might be lucky by contacting Microsoft Support who might be sympathetic to your situation:
http://support2.microsoft.com/kb/326246/en-us

Contact the Microsoft store:
US: http://www.store.microsoft.com/Help/Contact-Us
1-877-696-77861-877-696-7786 FREE
Canada: https://www.microsoftstore.ca/shop/en-CA/Contact-Us

Microsoft Support Contact Information:
http://support.microsoft.com/contactus/?ws=support

General Microsoft contact site: http://support.microsoft.com/contactus#tab0

If you are prompted to enter a product key during Windows 10 setup (November Update aka 1511) from within a running version of Windows, your Windows 7 or Windows 8/8.1 product key will not work. Instead, you should activate your Windows 7 or Windows 8/8.1 first, then re-run Windows 10 setup. You will not be prompted to enter a product key.

windows10productkey

During Setup: If you are prompted to enter a product key when you boot from the Windows 10 setup installation media, click the option ‘I don’t have a product key’. Select the appropriate edition you are licensed for.

Windows 7 Starter, Home Basic, Home Premium, Windows 8.0 Core, Windows 8.1 Core will install Windows 10 Home ISO

  • Windows 7 Professional, Windows 7 Ultimate, Windows 8.0 Pro, Windows 8.1 Pro will installWindows 10 Pro ISO

setup

  • Out of Box Experience, if you are prompted for a product key, Click Do this Later.Complete the installationReview instructions how to activateHow to troubleshoot Product Activation in Windows 10windowstroubleshootSuppose you decide to reinstall Windows 7 or Windows 8?You can reinstall or restore a system image of your previous version of Windows and continue using it, this will not affect the validity of the license.

    If you continue to experience problems entering your product key:

    Click Start > Settings (press Windows key + i) > Update & security > Activation then click Change product key

    windowsupdatekey

    OR

    Press Windows key + X

    Click Command Prompt (Admin)

    At the command prompt, type the following commands:

    slmgr.vbs -ipk xxxx-xxxx-xxxx-xxxx (allows you to replace the current product key with the specified)

    xxxx-xxxx-xxxx-xxxx – represents your product key

    Hit Enter on your keyboard

    Exit the command prompt

    Restart your computer

    Wait a while and it should activate, if not, give it a few days.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Move Over Skype, Calling From Gmail

Kon’nichiwa, hola, and bonjour says Google, as it expands Gmail calling to support a total of 38 languages and four currencies including Euros, British pounds and Canadian / US dolla dolla bills y’all. The calling feature allows Gmail users to call landlines and mobile phones from within their Gmail browser for next to nothing, making the email center a one-stop shop for IMs, emails, video and voice calls. The year-old service is lowering its call rates to $0.10 per minute to mobile phones in the UK, France, and Germany, $0.15 per minute to Mexico, and $0.02 per minute to any number in China and India. Calling landlines is even cheaper — which would be fantastic if you actually knew someone that still used one. The expanded language support and cheaper calls adds another piece of ammo to Google’s arsenal as it goes head-to-head with Skype (which charges $0.18 – $0.25 per minute for calls to UK mobile numbers), after the company conveniently partnered with Google+’s arch nemesis for calls from within the social network. But hey, at least those late-night arguments won’t cost the former nearly as much as it once did.

 

To view the original article in it’s entirety, Click Here.

 

HAPPY FALL Y’ALL!

South Jersey Techies invites you to stop by our office our 3rd Annual Holiday Lights-to-Music Display!

This time we are celebrating Halloween! 

Located at 229 North Locust Ave, Marlton NJ.

We hope you enjoy the show and have a Spooktacular time!!

Visit 7pm thru midnight each evening now until Halloween

 

South Jersey Techies

Park and Tune into 89.9FM

 

10 Tips for CyberSecurity Recommended By The FCC

Cybersecurity is of paramount importance in today’s digital age as it plays a crucial role in safeguarding sensitive information, ensuring the privacy of individuals, and maintaining the integrity of critical systems and infrastructure. The Federal Communications Commission (FCC) in the United States recognizes the significance of cybersecurity and has provided recommendations and guidelines to help individuals, businesses, and organizations protect themselves from cyber threats. Here are some key points highlighting the importance of cybersecurity along with recommendations from the FCC:

 

  • Train employees in security principles – Establish basic security practices and policies for employees, such as requiring strong passwords, and establish appropriate Internet use guidelines that detail penalties for violating company cybersecurity policies. Establish rules of behavior describing how to handle and protect customer information and other vital data. We offer Security Awareness Training as an option for continuous security training for staff.
  • Protect information, computers, and networks from cyber attacks – Keep clean machines: having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. Set antivirus software to run a scan after each update. Install other key software updates as soon as they are available. We offer Managed Services & Support as an option for preventing cyber-attacks.
  • Provide firewall security for your Internet connection – A firewall is a set of related programs that prevent outsiders from accessing data on a private network. Make sure the operating system’s firewall is enabled or install free firewall software available online. If employees work from home, ensure that their home system(s) are protected by a firewall. We offer a Managed Network Services & Support as an option for firewall security.
  • Create a mobile device action plan – Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require users to password-protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Be sure to set reporting procedures for lost or stolen equipment. We offer Mobile Device Management as an option for a mobile device action plan.
  • Make backup copies of important business data and information – Regularly backup the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically if possible, or at least weekly and store the copies either offsite or in the cloud. We offer various Backup & Recovery Solutions as an option for business continuity & disaster.
  • Control physical access to your computers and create user accounts for each employee – Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel. We offer Multi-Form Authentication Solutions as an option for computer login security.
  • Secure your Wi-Fi networks – If you have a Wi-Fi network for your workplace, make sure it is secure, encrypted, and hidden. To hide your Wi-Fi network, set up your wireless access point or router, so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router. We offer Managed Network Services & Support is an option for Wi-Fi security.
  • Employ best practices on payment cards – Work with banks or processors to ensure the most trusted and validated tools and anti-fraud services are being used. You may also have additional security obligations pursuant to agreements with your bank or processor. Isolate payment systems from other, less secure programs and don’t use the same computer to process payments and surf the Internet. Risk Intelligence is an option we offer to identify potential vulnerabilities.
  • Limit employee access to data and information, limit authority to install software – Do not provide any one employee with access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs, and should not be able to install any software without permission. We offer Network & Security Assessments that can scan data repositories for user permissions, security and much more.
  • Passwords & authentication – Require employees to use unique passwords and change passwords every three months. Consider implementing multi-factor authentication that requires additional information beyond a password to gain entry. Check with your vendors that handle sensitive data to see if they offer multi-factor authentication for your account. We offer Cloud Security Assessments which are used to ensure proper password & security practices are in place.

Download the 10 Tips Below

SJT-QR-CyberSecurity-10 Tips

If you have any questions, please email us at support@sjtechies.com or call us at (856) 745-9990.

Quick Reference CyberSecurity Guide

In today’s digital age, cybersecurity is at the forefront of technology, both at the workplace and in our personal lives. With the increasing frequency and sophistication of cyber threats, it is essential that we all play a role in protecting sensitive information both business and personal.

 

To help you stay informed and vigilant about cybersecurity best practices, we have created a Quick Reference Guide for Cybersecurity to be shared with your users as a courtesy to better protect themselves from cyber threats and contribute to a safer digital environment.

Please Download Our Quick Reference Cyber Security Guide Below

Quick Reference CyberSecurity Guide

If you have any questions, please email us at support@sjtechies.com or call us at (856) 745-9990.

CALL US NOW!