Back to Top

Tech, Web, Cloud & Cabling Services

Author Archives: Website Admin

Disabling SSL 3.0 Support on Your Server (POODLE Configuration)

 

Due to a critical security vulnerability with SSL 3.0  (an 18-year-old, outdated technology), we recommend disabling it on your server. We have instructions on how to do that in the Updating section but recommend reading the entire document to understand the scope of what this does.

What does POODLE do?
In short, it’s a way attackers can compromise SSL certificates if they’re on the same network as the target if (and only if) the server the target is communicating with supports SSL 3.0.

Google has a lot more detail on their security blog here.

Does POODLE affect my server/sites?
Because POODLE is a vulnerability in SSL technology, it only impacts sites using SSL certificates. If your server or your sites don’t use an SSL certificate, you don’t need to update your server. However, we recommend doing it now in case you do end up installing an SSL certificate at a later date.

Updating
How you update your server depends on whether your server uses a Linux® distribution or Windows® and if it uses cPanel.

cPanel

cPanel requires slightly different steps from any other control panel/operating system configuration.

To Configure cPanel to Prevent POODLE Vulnerability on HTTP

1. Log in to your cPanel (more info).
2. In the Service Configuration section, click Apache Configuration.
3. Click Include Editor.
4. In the Pre Main Include section, from the Select an Apache Version menu, select All Versions.
5. In the field that displays, type the following, depending on which version of CentOS you’re using:

CentOS Version Type this…
Cent OS/RHEL 6.x
SSLHonorCipherOrder On
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
Cent OS/RHEL 5.x
SSLHonorCipherOrder On
SSLProtocol -All +TLSv1

If you encounter errors while applying this update, please review this forum post at cPanel that discusses potential fixes.

6. Click Update.

Preventing POODLE on Other Protocols (FTP, etc.)

Right now, only servers using RHEL can protect themselves against POODLE on non-HTTPS protocols. They can do this by updating the latest version of OpenSSL, and then implementing TLS_FALLBACK_SCSV.

Servers using CentOS do not yet have a known fix for the vulnerability on non-HTTPS protocols. However, we will update this article with those instructions as soon as we do.

Linux (Apache)

Modify your Apache configuration to include the following line:

SSLProtocol All -SSLv2 -SSLv3

For more information on how to do that, view Apache’s documentation.

Windows (IIS)

Modify your server’s registry (which removes access SSL 3.0 support from IIS) using Microsoft’s document here. You can jump down to the Disable SSL 3.0 in Windows section.

Hillary Clinton’s infamous email server: 6 things you need to know

Hillary Clinton’s use of a private email server when she served as US secretary of state has been a major issue for the 2016 presidential candidate. Here are the six most critical facts about it.

hillary_clinton3_3_3

The FBI recently wrapped up its investigation into Hillary Clinton’s use of a personal email server while she was serving as secretary of state. FBI director James Comey called the actions “extremely careless,” but recommended that no charges be brought against Clinton.

She is now the presumptive Democratic nominee for the upcoming presidential election in November, and her actions relative to the email server have become a hot-button issue among her opponents. The situation, however, is nuanced; and there are a lot of details to understand about the scenario. Here are the most important facts.

1. What happened?

While serving as secretary of state under President Barack Obama, Hillary Clinton used multiple private email servers to communicate regarding government business, according to the State Department. Additionally, it was revealed that Clinton never had a government (.gov) email address while she was serving in her post—we’ll talk about which email address she used in a moment—and her aides did not take any actions to preserve the emails sent through her personal account. This prompted an investigation by the FBI to determine if Clinton intentionally put classified information at risk.

2. Why does it matter?

Clinton handed over 30,000 emails to the State Department, of which 110 contained classified information at the time they either were sent or received, according to the FBI’s findings. During the investigation, though, Clinton asserted that none of the emails she sent or received were classified at the time. The biggest implication has been the potential threat to national security. While the contents of the emails have not fully been released, if they had contained sensitive information it could have possibly fallen into the wrong hands. As noted by the New York Times, Comey said it was “possible” that enemy foreign governments had accessed Clinton’s personal email account.

The second biggest implication is that of transparency. The Federal Records Act requires that all communication in certain branches of government be recorded on government servers, and it forbids the use of a personal email account for government business, unless those emails are then copied and archived. However, there are a lot of technicalities involved, and there is evidence that other government officials had violated the act. As Alex Howardwrote for the Sunlight Foundation, there is also evidence that Clinton tried to control the discoverability of the emails under the Freedom of Information Act (FOIA), which could set a precedent for limiting public access to government records. It is also believed that Clinton deleted 31,000 emails deemed personal in nature before turning the emails over to the State Department.

3. When did it start?

When she was appointed secretary of state in 2009, Clinton began using the email address hdr22@clintonmail.com, tied to a personal server. Clinton’s personal email server was first discovered in 2012, by a House committee investigating the attack on the American Consulate in Benghazi. In 2013, hacker Guccifer claimed to have accessed Clinton’s personal email account and released emails that were allegedly related to the Benghazi attack.

The next year, in the summer of 2015, the State Department began asking Clinton for her emails correspondence, and she responded by delivering boxes containing more than 30,000 printed emails. In early 2015, the New York Times reported that Clinton had been using her personal email exclusively, and never had a government email address. A federal watchdog group issued an 83-page report condemning the “systemic weaknesses” of Clinton’s email practices in May. On Tuesday, the FBI concluded its investigation and recommended against any charges.

4. What tech was used

When Clinton was running for president in 2008, she had a private server installed at her home in Chappaqua, New York. The domains clintonemail.com, wjcoffice.com, and presidentclinton.com, which were registered to a man named Eric Hoteham, all pointed to that server. In 2013, a Denver-based IT company called Platte River Networks was hired to manage the server, but wasn’t cleared to work with classified information. The company executivesreceived death threats for taking on the contract. It was later discovered that multiple private servers were used for Clinton’s email.

Clinton used a BlackBerry phone to communicate during her tenure as secretary of state, including sending and receiving emails through her private server in New York. The State Department expressed concern about the security of the device. Clinton had requested the NSA provide a strengthened BlackBerry, similar to the one used by President Obama. But, her request was denied. Instead, the NSA requested that Clinton use a secure Windows Phone known as the Sectera Edge, but she opted to continue using her personal BlackBerry.

5. Will she be prosecuted?

Right now, it’s too early to tell whether or not Clinton will be charged for her use of private email servers. While Comey’s recommendation that no charges be brought will likely weigh in the decision, it is ultimately up to the US Department of Justice to make the call. However, a recent Politico analysis of multiple, similar cases spanning the past 20 years, seem to point to an indictment being “highly unlikely.” According to a former senior FBI official quoted in the analysis, the Justice Department tends to avoid prosecution in cases that are not “clear-cut.”

6. What can businesses and IT leaders learn?

The first lesson that IT can learn from this situation is that transparency is critical, at all levels in your business. This isn’t to say that the CEO should be broadcasting his or her emails to all employees every week, but steps should be taken to ensure that information can be accessed if need be. As part of adigital leak protection program, security expert John Pironti said that organizations need to know if users are using a personal email account to conduct business.

“This behavior is often a violation of acceptable use policies and can expose an organization’s sensitive information to unsecured systems and e-mail accounts,” Pironti said. “Without this visibility an organization may not be aware that their intellectual property, customer data, or sensitive data assets are not being protected appropriately and they also may be in violation of contractual agreements with their clients regarding the security of their data as well as regulatory requirements.”

The second takeaway for IT is that policies should be enforced from the top down. Sure, a CXO may get their support tickets expedited, but that doesn’t mean that exceptions should be made that could compromise the security or integrity of the organization for the sake of comfort or convenience. Leaders should model the policies that are in place to showcase the importance of adhering to them, especially regarding security and privacy policies.

Finally, the importance of records management should not be overlooked. In Clinton’s case, since multiple servers were used, the FBI had to piece together “millions of email fragments” before they could look into them. Proper labeling and management of all records will make for a more cohesive environment and assist in accountability.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Wi-Fi-enabled ‘Hello Barbie’ records conversations with kids and uses AI to talk back

Today, Mattel released Hello Barbie, a WiFi-enabled doll that detects language and ‘talks back.’ But how will this high-tech toy impact real-life relationships?

Hello-barbie

She wears black flats, a motorcycle jacket, and skinny jeans. Her curly, bleach-blonde hair falls just past her shoulders. She has a permanent smile and large blue eyes. And, when you talk to her, she listens.

But this young woman isn’t an ordinary friend. “Hello Barbie” is less than a foot tall, weighs just under two pounds, and is made of plastic. And she is on sale for $74.99.

Mattel’s latest Barbie, marketed for children six and up, has just hit the shelves. She is unlike any doll before her—not only does she listen, but she can talk back.

To get started, kids simply download the Hello Barbie companion app. And to turn her on, you push a button on her silver belt buckle. Hello Barbie’s necklace is both a recorder and a microphone. Using WiFi, the jewelry will pick up a child’s questions and conversations—and transmit them back to a control center for processing. Speech-recognition software, operated through ToyTalk, will detect the input. Then, Hello Barbie will reply, using one of 8,000 pre-programmed lines. Examples include:

  • You know, I really appreciate my friends who have a completely unique sense of style…like you!
  • Here’s what’s up: I’m worried my sister Stacie is having a hard time finishing her homework. Does that ever happen to you?
  • I think Santa is real. There’s something very magical about the holiday season and I think he helps bring that magic to all of us!
  • So if you were planning the biggest, raddest, most unforgettable party of the year, what would it be like?
  • Of course we’re friends! Actually, you’re one of my best friends. I feel like we could talk about anything!

Hello Barbie’s dialogue, while perky and fashion-focused, reflects an attempt by Mattel to create a more well-rounded character than in the past. In 1992, Mattel pulled its string-operated Teen Talk Barbie from shelves after being criticized by The American Association of University Women for the inclusion of an unfortunate line: “math class is tough.” It is no mistake that Hello Barbie’s lines includes: “Oh nice! Fun with numbers! Teaching math sounds like a lot of fun. What kinds of things would you teach—Counting? Addition? Subtraction?”

Still, the implication that Barbie is being sold as a ‘friend’ is unsettling. “Hello Barbie can interact uniquely with each child by holding conversations, playing games, sharing stories, and even telling jokes!” boasts Mattel’s website. Hello Barbie, claims Mattel, is “Just like a real friend. [She] listens and remembers the user’s likes and dislikes, giving everyone their own unique experience.”

But is she really listening?

While Barbie may appear to listen and respond, “pretend empathy is not empathy,” said Sherry Turkle, professor at MIT and author of Reclaiming Conversation. Turkle worries about how children will understand their new ‘friend.’

“They are drawn into thinking that pretend empathy is the real thing,” said Turkle. “But objects that have not known the arc of a human life have no empathy to give. We put our children in a compromised position.”

Beyond the social implications of the doll, the capabilities of the recording technology raise privacy issues.

Using Hello Barbie involves recording voice data (see the privacy policy here) and requires parental consent. However, Mattel states that “parents and guardians are in control of their child’s data and can manage this data through the ToyTalk account.” The company also states that the recordings are protected under the “Children’s Online Privacy Protection Act,” and recordings containing personal information will be deleted once they “become aware of it.”

Still, the potential for misuse of this private data is a legitimate concern. “Obviously it is a security and privacy nightmare,” said Roman Yampolskiy, director of the Cybersecurity Lab at the University of Louisville. “[The] company [is] collecting data from kids—hackers [could be] getting access to private info.”

However, like Turkle, Yampolskiy is “more concerned about social development of the children interacting with it.”

“We are basically running an experiment on our kids and have no idea if it will make them socially awkward, incapable of understanding body language, tone of voice and properly empathize with others,” he said.

It all raises the question of what is meant, exactly by ‘real’ conversation? Turkle said, “Why would we take such risks with something so delicate, so crucial: Our children’s ability to relate to each other as human beings?”

Despite concerns, Hello Barbie is here, being shipped to homes across the globe beginning today. She is being turned on, spoken to, and listened to. And when children are finished with her, she is shut down, stood on a charger (Hello Barbie cannot stand on her own) and charged back up.

When she is turned on again, Barbie might ask: “Did you miss me at all?”

“Not even an itsy bitsy, eensy weensy bit?”

How children will respond remains to be seen.

Mattel did not respond to repeated requests for comment for this story.

Have questions?

Get help from IT Experts/Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

What You Need to Know About the Big Chip Security Problem

According to Intel Corp.,most of the processors running the world’s computers and smartphones have a feature that makes them susceptible to hacker attacks. The chipmaker, working with partners and rivals, says it has already issued updates to protect most processor products introduced in the past five years, but the news sparked concern about this fundamental building block of the internet, PCs and corporate networks.

The revelation of the so-called Meltdown and Spectre vulnerabilities spurred a scramble among technology’s biggest players, from Apple Inc. to Amazon.com Inc., to enact fixes and reassure customers they were on top of the problem.

1. What’s the problem?

Modern processors guess what they’ll have to do next and fetch the data they think they’ll need. That makes everything from supercomputers to smartphones operate very fast. Unfortunately, as Google researchers discovered, it also provides a way for bad actors to read data stored in memory that had been thought to be secure. In a worst-case scenario, that would let someone access your passwords.

2. How bad is it?

The vulnerability won’t stop your computer working and doesn’t provide an avenue for hackers to put malicious software on your machine. Though it could put important data at risk, there’s been no report so far of anyone’s computer being attacked in this manner. More broadly, though, the new fears could undermine longtime assurances that hardware and chip-level security is more tamper-proof than software.

3. How was it discovered?

The weakness was discovered last year by folks Google employs to find such issues before the bad guys do. Usually, solutions are developed in private and announced in a coordinated way. This time the news leaked before the companies involved had a chance to get a fix in place.

 

 

4. What’s being done to fix it?

Chipmakers and operating system providers, such as Alphabet Inc.’s Google and Microsoft Corp., are rushing to create software patches that will close the potential window of attack. Intel said that it expects to have issued updates for more than 90 percent of recently introduced processor products. Amazon.com Inc. said “all but a small single-digit percentage” of its servers have already been protected. In a blog post, Google said its security teams immediately “mobilized to defend” its systems and user data. Some customers of Android devices, Google Chromebook laptops and its cloud services still need to take steps to patch security holes, the company said. Patches for Windows devices are out now and the company is securing its cloud services, Microsoft said in a statement.

5. Is this just an Intel problem?

No, though that seems to be what panicky investors initially thought. Intel says it’s an issue for all modern processors. But rival Advanced Micro Devices Inc. stated that its products are at “near-zero risk.” ARM Holdings, which has chip designs that support all smartphones, said that, at worst, the vulnerability could “result in small pieces of data being accessed” and advised users of its technology to keep their software up to date. Google fingered all three companies. Apple said all Mac computers and iOS devices — including iPhones and iPads — were affected, but stressed there were no known exploits impacting users and that steps taken to address the issue haven’t dented performance.

6. What will the fallout be?

Some computers, mostly older ones, could be slowed down by the software patches that will make them more secure. Intel said that in common situations software might be slowed down by as much as 3 percent or not at all. But in other rare situations, performance might be reduced as much as 30 percent. The company doesn’t expect any financial impact and said it thinks customers will keep buying. As the fixes haven’t been widely deployed yet, it’s unclear whether anyone will even notice or whether computer slowdowns will be widespread. Intel has only done lab tests.

Microsoft Office for iPad is here!

ipad-office

Edit, work, create, and get more done from your iPad, for free

ipad-office3

Four new, free apps are available on your iPad®. With both Microsoft OneDrive and Dropbox access, online storage—and access to your files—is always just a click away on your iPad. The new Microsoft Office apps give you the ability to flat out get more done.

  • With the new Microsoft Word app, you can edit, create, and save your docs, wherever work takes you
  • The new Excel app lets you analyze your data on the fly
  • Build and deliver your presentations—right from your tablet or phone—with the new PowerPoint app
  • The new Microsoft OneNote app helps you work collaboratively and stay organized on the go

With these apps, you can now access, edit, and save directly to your Dropbox account. You can even open and edit files that have already been saved in Dropbox.

Adding Dropbox is easy.  When you are in any of the new apps, follow these simple steps:

1. Tap on the arrow in the top left, then tap Open
2. Tap “Add a Place”
3. Select Dropbox

To get the Office apps for iPad®, open www.appstore.com/microsoftoffice from your iPad’s web browser.

 

How to install and activate Windows 10 using your Windows 7 or Windows 8 product key

windowsproductkey

Summary

Microsoft recently announced the first major update to Windows 10 which includes numerous improvements for end users and businesses. One of the welcome improvements is the compliance check when qualifying for the Windows 10 upgrade. Previously, Windows 7, Windows 8.0 and Windows 8.1 users needed to have either of those versions Windows installed and activated in order to qualify for the free upgrade offer. For persons who needed to perform a clean install of Windows 10 from the outset, it was a two step process of first validating the machine through the upgrade routine, ensure the Windows 10 Upgrade was activated, then proceed to perform a Reset. With the latest November Update (1511), users no longer have to go through this process. In this article, we take a look at how to install and activate Windows 10 using your Windows 7 or Windows 8 product key.

Details

For the purposes of this article, We are using a Windows 7 license to perform clean install using Windows 10.

Please note: The copy of Windows 10 you download must correspond with the edition of Windows you are licensed for:

  • Windows 7 Starter, Home Basic, Home Premium, Windows 8.0 Core, Windows 8.1 Core must use a Windows 10 Home ISO
  • Windows 7 Professional, Windows 7 Ultimate, Windows 8.0 Pro, Windows 8.1 Pro must use a Windows 10 Pro ISO
  • If you are using Windows 7 Enterprise, Windows 8.0 Enterprise, Windows 8.1 Enterprise editions you won’t be able to use the free upgrade offer.

Review complete instructions how to download the Windows 10 ISO in the following article:

How to download official Windows 10 ISO files

Review instructions here how to start a clean install if you desire, if you want to perform an upgrade, clickhere.

Have your Windows 7 or 8/8.1 product key ready. If you purchased a retail license, you can find the product key within the product box. The Windows 7 product key is normally found on an orange sticker attached to a pamphlet inside the box. The Windows 8/8.1 product key is found on a small business size card. See examples below. Please note, you can also use your OEM product key too if Windows came preinstalled on your computer.

Retail:

retail

Windows 8/8.1

windows-8

If your computer came preinstalled with an OEM version of Windows 7, look for the Certificate of Authenticity sticker attached to the chassis of your computer. Normally this can be at the side or top of the system unit. For laptops, look at the bottom of the chassis or inside the battery or memory compartment. It looks like the following:

productkey

If you are running an OEM preinstalled Windows 8/8.1 license, Windows 10 setup should automatically detect the product key and install it automatically.

With Windows 8, Microsoft had changed from stickers that have the product key that the user has to type in when installing the operating system to new BIOS embedded product keys. The idea is that by eliminating the sticker, you eliminate one of the easier ways for nefarious users to get a legitimate product key. Eliminating the product key sticker also removes any worry that the sticker might get damaged while at the same time eliminating the long and irritating process of typing in various letters and numbers when installing the operating system.

If the user has to reinstall the operating system on a machine that came with Windows 8, the installation process automatically grabs the software product key from the motherboard BIOS with no input from the user. This means that those familiar Windows product key stickers will no longer appear on the Windows 8 computers.

If you have lost your Windows product key, Microsoft recommends you purchase a new one. 

http://windows.microsoft.com/en-gb/windows/where-find-windows-product-key#where-find-windows-product-key=windows-7

You might be lucky by contacting Microsoft Support who might be sympathetic to your situation:
http://support2.microsoft.com/kb/326246/en-us

Contact the Microsoft store:
US: http://www.store.microsoft.com/Help/Contact-Us
1-877-696-77861-877-696-7786 FREE
Canada: https://www.microsoftstore.ca/shop/en-CA/Contact-Us

Microsoft Support Contact Information:
http://support.microsoft.com/contactus/?ws=support

General Microsoft contact site: http://support.microsoft.com/contactus#tab0

If you are prompted to enter a product key during Windows 10 setup (November Update aka 1511) from within a running version of Windows, your Windows 7 or Windows 8/8.1 product key will not work. Instead, you should activate your Windows 7 or Windows 8/8.1 first, then re-run Windows 10 setup. You will not be prompted to enter a product key.

windows10productkey

During Setup: If you are prompted to enter a product key when you boot from the Windows 10 setup installation media, click the option ‘I don’t have a product key’. Select the appropriate edition you are licensed for.

Windows 7 Starter, Home Basic, Home Premium, Windows 8.0 Core, Windows 8.1 Core will install Windows 10 Home ISO

  • Windows 7 Professional, Windows 7 Ultimate, Windows 8.0 Pro, Windows 8.1 Pro will installWindows 10 Pro ISO

setup

  • Out of Box Experience, if you are prompted for a product key, Click Do this Later.Complete the installationReview instructions how to activateHow to troubleshoot Product Activation in Windows 10windowstroubleshootSuppose you decide to reinstall Windows 7 or Windows 8?You can reinstall or restore a system image of your previous version of Windows and continue using it, this will not affect the validity of the license.

    If you continue to experience problems entering your product key:

    Click Start > Settings (press Windows key + i) > Update & security > Activation then click Change product key

    windowsupdatekey

    OR

    Press Windows key + X

    Click Command Prompt (Admin)

    At the command prompt, type the following commands:

    slmgr.vbs -ipk xxxx-xxxx-xxxx-xxxx (allows you to replace the current product key with the specified)

    xxxx-xxxx-xxxx-xxxx – represents your product key

    Hit Enter on your keyboard

    Exit the command prompt

    Restart your computer

    Wait a while and it should activate, if not, give it a few days.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Move Over Skype, Calling From Gmail

Kon’nichiwa, hola, and bonjour says Google, as it expands Gmail calling to support a total of 38 languages and four currencies including Euros, British pounds and Canadian / US dolla dolla bills y’all. The calling feature allows Gmail users to call landlines and mobile phones from within their Gmail browser for next to nothing, making the email center a one-stop shop for IMs, emails, video and voice calls. The year-old service is lowering its call rates to $0.10 per minute to mobile phones in the UK, France, and Germany, $0.15 per minute to Mexico, and $0.02 per minute to any number in China and India. Calling landlines is even cheaper — which would be fantastic if you actually knew someone that still used one. The expanded language support and cheaper calls adds another piece of ammo to Google’s arsenal as it goes head-to-head with Skype (which charges $0.18 – $0.25 per minute for calls to UK mobile numbers), after the company conveniently partnered with Google+’s arch nemesis for calls from within the social network. But hey, at least those late-night arguments won’t cost the former nearly as much as it once did.

 


To view the original article in it’s entirety, Click Here.


 

HAPPY FALL Y’ALL!

South Jersey Techies invites you to stop by our office our 3rd Annual Holiday Lights-to-Music Display!

This time we are celebrating Halloween! 

Located at 229 North Locust Ave, Marlton NJ.

We hope you enjoy the show and have a Spooktacular time!!

Visit 7pm thru midnight each evening now until Halloween

 

South Jersey Techies

Park and Tune into 89.9FM

 

CALL US NOW!