Back to Top

Tech, Web, Cloud & Cabling Services

Category: Security

Security Category

Windows 10 Privacy Settings Guide

Where do you draw the line on personal privacy? The right options are different for everyone. This guide shows the privacy settings that will help you to create the right balance of privacy and convenience in Windows 10.

Over the past year, We’ve read countless “privacy guides” for Windows 10. Most are well-intentioned, but they invariably take a simplistic approach to privacy: Just turn off every switch in the Privacy section of the Settings app.

If you do that, you’re not understanding the privacy landscape, which encompasses far more than just those settings. You’re also missing some important additional steps.

Windows 10 is a mix of software and services. With every session, a Windows 10 device exchanges a great deal of information with Microsoft’s servers. That’s neither unusual nor alarming. Microsoft’s chief rivals, Google and Apple, are also blending services into their software, with the goal of making your life easier and making that software more reliable.

So are other tech companies that you don’t think of as software companies: Amazon, with the Echo. Tesla, with its self-updating, software-driven cars. Your thermostat and your home security system.

There’s something profoundly satisfying about a service that anticipates your every move, reminding you when to leave for an appointment to arrive on time, or to pick up flowers for your anniversary tomorrow. Your digital personal assistant, whether it’s Siri or Cortana or Alexa or Google, needs to be able to see your calendar and contacts to make that magic happen.

But when that sort of personal attention goes too far, it “crosses the creepy line,” to use a phrase that Eric Schmidt probably regrets uttering when he was Google’s CEO.

The thing about that line is that it’s drawn in a different place for everyone. There are people who are thrilled at the idea that their PC or mobile device is so familiar with their actions that it can anticipate what they’ll do next. I know others who would like to build a virtual Faraday cage around their computing hardware so that none of their personal details can escape.

Both of those viewpoints, and everything in between, are perfectly valid. That’s why the software and services we use are loaded with switches and dials designed to help you take control of their potential privacy impact.

In this post, We’ll walk you through the big privacy questions for Windows 10, with enough context to help you decide which settings are right for you.

Note that this guide assumes you are using Windows 10 on a personal PC or one in your small business. If you are in an enterprise setting, or if you are in a regulated industry, you should seek professional assistance to ensure that you’re meeting proper standards.

Let’s start with the part of your PC that has the biggest impact on your personal privacy.

THE NETWORK

No one knows more about your online identity than your Internet service provider. Every packet you send or receive from anywhere online goes through their servers. When you travel and connect to Wi-Fi networks that are under the control of others, the owners of those networks can see every connection you make and can intercept their contents.

Regardless of the platform you use, that’s why it’s important you use encrypted connections for any kind of sensitive communications. Using a virtual private network whenever possible is an excellent best practice.

Windows 10 does offer one obscure option that can help protect third parties from tracking your movements based on your connections to Wi-Fi networks. (Note that this feature requires support from your Wi-Fi adapter, so if you don’t see this option, the most likely explanation is that your hardware doesn’t support it.) Under Settings > Network & Internet > Wi-Fi, turn the Use random hardware addresses setting to On.

windowsprivacy02

That step keeps third parties from matching your Wi-Fi adapter’s hardware address with your personal information, making it more difficult to track your location.

THE BROWSER

Countless third-party ad networks and analytics companies use cookies and other tracking technology to record your movements around the web and to correlate your online activities with your offline identity.

The result is a digital fingerprint that can be extraordinarily detailed and, unfortunately, outside of your ability to change.

To limit the amount of information that those ad and analytics companies know about you from your web browsing, consider third-party anti-tracking software such as Abine’s Blur, which is available for every web browser except Microsoft Edge. (That lack of solid support for add-ons is one reason I can’t yet recommend Edge as a full-time browser for most Windows 10 users.)

Another privacy product worth considering is Ghostery, although some are suspicious of this browser extension because of its uncomfortably close ties to the online advertising industry.

Ad-blocking software can also provide some privacy protection as a side-effect of performing its basic function. Here, too, watch out for close ties between some ad-blocking add-ins and the third-party trackers they supposedly protect you from.

Note that none of these steps is unique to Windows 10. Anti-tracking software is typically a browser add-in and works with most popular browsers.

THE OPERATING SYSTEM

With those two big, platform-independent factors out of the way, we can now turn to Windows 10 itself. When you use a Windows 10 device, it is capable of sharing the following types of information with Microsoft’s servers:

Your location

Windows 10 can determine your location to help with actions like automatically setting your current time zone. It can also record a location history on a per-device basis. Go to Settings > Privacy > Location to control the following:

  • Location on/off?Use the master switch at the top of this page to disable all location features for all users of the current device.
  • Location service on/off?If location is on for Windows, you can still turn it off for your user account here.
  • General location?This allows you to set a city, zip code, or region so that apps can deliver relevant content.
  • Default location?Click Set default to open the Maps app and specify the location you want Windows to use when a more precise location is not available.
  • Location history?Click Clear to erase the saved history for a Windows 10 device.

If location is on, a list at the bottom of the Settings > Privacy > Location page allows you to disable access to that data on a per-app basis.

Your input

If you enable Cortana, Windows 10 uploads some info from your devices, such as your calendar, contacts, and location and browsing history, so that Cortana can make personalized recommendations. If you don’t want any accounts on your PC to use Cortana, follow the steps in this article to disable the feature completely: Turn off Cortana completely.

Windows 10 uses some feedback from the way you type, write, and speak to improve performance for you and as a way to improve the overall platform. This isn’t keystroke logging; rather, the operating system uses a very small amount of information. A separate feature uses your speech and writing history to make better suggestions in Windows and Cortana.

You can control this collection with two sets of controls:

Under Settings > Privacy > General, click Info about how I write and turn it off so that your typos aren’t used to improve things like the built-in spell checker.

Under Settings > Privacy > Speech, inking, & typing, under the Getting to know you heading, click Stop getting to know me to turn off personalization.

To clear previously saved information associated with your Microsoft account, click the first link under the Manage cloud info heading. That takes you to this Bing Personalization page, which includes this prominent button:

windows-privacy01

Click Clear to remove that saved information from the cloud.

Files and settings

When you sign in with a Microsoft account, you have the option to save files to the cloud using OneDrive. Windows 10 also syncs some settings to OneDrive, allowing you to have the same desktop background, saved passwords, and other personalized settings when you sign in with that account on multiple PCs.

If you use a local account, of course, none of your settings are synced. If you use a Microsoft account, you can turn off syncing completely or remove certain settings from the sync list by going to Settings > Accounts > Sync Your Settings.

OneDrive is an opt-in service. If you don’t sign in, it does nothing. You can’t save files to OneDrive accidentally, and no files are uploaded without your explicit permission, which you can revoke any time. To disable OneDrive for all users on your PC, follow these instructions: Shut down OneDrive completely.

Telemetry

Microsoft, like all modern software companies, uses feedback from its installed base to identify problems and improve performance. In Windows 10, this feedback mechanism produces diagnostics data (aka telemetry) that is uploaded to Microsoft at regular intervals. The data is anonymized and is not used to create a profile of you.

The default telemetry setting for all consumer and small business versions of Windows 10 is Full, which means that the uploaded data also includes details (also anonymized) about app usage. If you are concerned about possible inadvertent leakage of personal information, I recommend that you go to Settings > Privacy > Feedback & diagnostics and change the Diagnostic and usage data setting to Basic.

THE APPS

Although the number of subcategories under the Privacy heading in Settings seems daunting, most of them govern access to your information by Windows Store apps. That set of apps includes those that are preinstalled (Mail, Calendar, Groove Music, Photos, and so on) as well as those you acquire from the Store.

Most of the categories offer a single on-off switch at the top, which you can use to disable all access to that feature by all apps. If you leave the feature enabled, you can use a list of apps at the bottom of the page to enable or disable access on a per-app basis.

This capability works the same with the following categories: Camera, Microphone, Notifications, Account Info, Call History, and Radios. The Other Devices category lets apps automatically share and sync info with wireless devices that aren’t explicitly paired with your PC. Use the Background Apps category to specify which apps are allowed to work in the background.

If Location is enabled, you have the option to disable location access on a per-app basis and to disable Geofencing.

The Contacts, Calendar, Email, and Messaging categories allow you to control which apps can have access to these features. If you want to share content from an app using email or messaging, this option has to be on for that app. Note that Mail and Calendar, People, and Phone always have access to your contacts; Mail and Calendar are always allowed to access and send email and always have access to your calendar.

Finally, one horribly misunderstood setting is available under Settings > Privacy > General. Advertising ID controls whether Microsoft serves personalized ads to ad-supported apps. If you turn this option off, you still get ads, but they’re not personalized. In any case, your information is not shared with advertisers.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Hillary Clinton Email Server: 6 Facts

Hillary Clinton’s use of a private email server when she served as US secretary of state has been a major issue for the 2016 presidential candidate. Here are the six most critical facts about it.

hillary_clinton3_3_3

The FBI recently wrapped up its investigation into Hillary Clinton’s use of a personal email server while she was serving as secretary of state. FBI director James Comey called the actions “extremely careless,” but recommended that no charges be brought against Clinton.

She is now the presumptive Democratic nominee for the upcoming presidential election in November, and her actions relative to the email server have become a hot-button issue among her opponents. The situation, however, is nuanced; and there are a lot of details to understand about the scenario. Here are the most important facts.

1. What happened?

While serving as secretary of state under President Barack Obama, Hillary Clinton used multiple private email servers to communicate regarding government business, according to the State Department. Additionally, it was revealed that Clinton never had a government (.gov) email address while she was serving in her post—we’ll talk about which email address she used in a moment—and her aides did not take any actions to preserve the emails sent through her personal account. This prompted an investigation by the FBI to determine if Clinton intentionally put classified information at risk.

2. Why does it matter?

Clinton handed over 30,000 emails to the State Department, of which 110 contained classified information at the time they either were sent or received, according to the FBI’s findings. During the investigation, though, Clinton asserted that none of the emails she sent or received were classified at the time. The biggest implication has been the potential threat to national security. While the contents of the emails have not fully been released, if they had contained sensitive information it could have possibly fallen into the wrong hands. As noted by the New York Times, Comey said it was “possible” that enemy foreign governments had accessed Clinton’s personal email account.

The second biggest implication is that of transparency. The Federal Records Act requires that all communication in certain branches of government be recorded on government servers, and it forbids the use of a personal email account for government business, unless those emails are then copied and archived. However, there are a lot of technicalities involved, and there is evidence that other government officials had violated the act. As Alex Howardwrote for the Sunlight Foundation, there is also evidence that Clinton tried to control the discoverability of the emails under the Freedom of Information Act (FOIA), which could set a precedent for limiting public access to government records. It is also believed that Clinton deleted 31,000 emails deemed personal in nature before turning the emails over to the State Department.

3. When did it start?

When she was appointed secretary of state in 2009, Clinton began using the email address hdr22@clintonmail.com, tied to a personal server. Clinton’s personal email server was first discovered in 2012, by a House committee investigating the attack on the American Consulate in Benghazi. In 2013, hacker Guccifer claimed to have accessed Clinton’s personal email account and released emails that were allegedly related to the Benghazi attack.

The next year, in the summer of 2015, the State Department began asking Clinton for her emails correspondence, and she responded by delivering boxes containing more than 30,000 printed emails. In early 2015, the New York Times reported that Clinton had been using her personal email exclusively, and never had a government email address. A federal watchdog group issued an 83-page report condemning the “systemic weaknesses” of Clinton’s email practices in May. On Tuesday, the FBI concluded its investigation and recommended against any charges.

4. What tech was used

When Clinton was running for president in 2008, she had a private server installed at her home in Chappaqua, New York. The domains clintonemail.com, wjcoffice.com, and presidentclinton.com, which were registered to a man named Eric Hoteham, all pointed to that server. In 2013, a Denver-based IT company called Platte River Networks was hired to manage the server, but wasn’t cleared to work with classified information. The company executivesreceived death threats for taking on the contract. It was later discovered that multiple private servers were used for Clinton’s email.

Clinton used a BlackBerry phone to communicate during her tenure as secretary of state, including sending and receiving emails through her private server in New York. The State Department expressed concern about the security of the device. Clinton had requested the NSA provide a strengthened BlackBerry, similar to the one used by President Obama. But, her request was denied. Instead, the NSA requested that Clinton use a secure Windows Phone known as the Sectera Edge, but she opted to continue using her personal BlackBerry.

5. Will she be prosecuted?

Right now, it’s too early to tell whether or not Clinton will be charged for her use of private email servers. While Comey’s recommendation that no charges be brought will likely weigh in the decision, it is ultimately up to the US Department of Justice to make the call. However, a recent Politico analysis of multiple, similar cases spanning the past 20 years, seem to point to an indictment being “highly unlikely.” According to a former senior FBI official quoted in the analysis, the Justice Department tends to avoid prosecution in cases that are not “clear-cut.”

6. What can businesses and IT leaders learn?

The first lesson that IT can learn from this situation is that transparency is critical, at all levels in your business. This isn’t to say that the CEO should be broadcasting his or her emails to all employees every week, but steps should be taken to ensure that information can be accessed if need be. As part of adigital leak protection program, security expert John Pironti said that organizations need to know if users are using a personal email account to conduct business.

“This behavior is often a violation of acceptable use policies and can expose an organization’s sensitive information to unsecured systems and e-mail accounts,” Pironti said. “Without this visibility an organization may not be aware that their intellectual property, customer data, or sensitive data assets are not being protected appropriately and they also may be in violation of contractual agreements with their clients regarding the security of their data as well as regulatory requirements.”

The second takeaway for IT is that policies should be enforced from the top down. Sure, a CXO may get their support tickets expedited, but that doesn’t mean that exceptions should be made that could compromise the security or integrity of the organization for the sake of comfort or convenience. Leaders should model the policies that are in place to showcase the importance of adhering to them, especially regarding security and privacy policies.

Finally, the importance of records management should not be overlooked. In Clinton’s case, since multiple servers were used, the FBI had to piece together “millions of email fragments” before they could look into them. Proper labeling and management of all records will make for a more cohesive environment and assist in accountability.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Hacker Steals 272M Emails & Passwords

Security firm announces it has persuaded fraudster to give up database of email addresses along with passwords users use to log in to websites

hacking gmail

The internet on Wednesday gave you another reminder that everyone has been hacked.

Hold Security, a Wisconsin-based security firm famous for obtaining hoards of stolen data from the hacking underworld, announced that it had persuaded a fraudster to give them a database of 272m unique email addresses along with the passwords consumers use to log in to websites. The escapade was detailed in a Reuters article.

It might sound bad, but it is also easily mitigated.

The passwords and email addresses, which include some from Gmail, Yahoo and Russia’s mail.ru service, aren’t necessarily the keys to millions of email accounts. Rather, they had been taken from various smaller, less secure websites where people use their email addresses along with a password to log in.

People who use a different password for both their email account and, say, Target.com, won’t be affected. But those who tend to use the same password for multiple sites as well as their email should change their email password.

“Some people use one key for everything in their house,” Hold Security founder Alex Holden says. “Some people have a huge set of keys that they use for each door individually.”

Holden said there is no way for consumers to check if their emails were included in his firm’s latest find. In 2014, when his firm tried to set up such a service after obtaining a billion hacked login credentials, his site crashed.

The hacker appears to have been largely targeting Russian users. Some 57m of the email addresses were for the country’s largest email provider mail.ru, which claims 100 million monthly users. Around 40m of the addresses were Yahoo Mail, 33m Hotmail and 24m for Google’s Gmail service.

In this case, the hacker had been bragging on internet chat forums that he had a treasure trove of login credentials that he was trying to sell. Holden, who is fluent in Russian, said he wouldn’t pay for the data but would give him “likes” on various social media posts in exchange.

The hacker, who apparently is quite young, agreed. “We kind of call him the collector,” Holden says in a heavy Russian accent. “Eventually, almost everyone gets breached.”

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

End of Support: Server 2003

end windows server 2003

 

A large number of businesses still run Microsoft MSFT -1.71% Windows Server 2003 and it’s unlikely they all will upgrade before Microsoft Corp. ends support on July 14, 2015, say analysts. Companies that don’t upgrade increase their cyber security risks because the company will no longer issue security updates and these systems will be more vulnerable to hackers.

Businesses worldwide run an estimated 23.8 million physical and virtual instances of Windows Server 2003, according to data released by Microsoft in July 2014. Analysts say the technology is more prevalent in industries such as health care, utilities and government. Yet it’s also still used in about 7% of retail point of sale systems, according to a report Thursday by Trend Micro Inc.4704.TO -1.11%

“Microsoft does not plan to extend support for Windows Server 2003 and encourages customers who currently run Windows Server 2003 and have not yet begun migration planning to do so immediately,” said Vivecka Budden, a Microsoft spokesperson, in an email.

South Jersey Techies offers various migration options to include Windows Server 2012 R2, Microsoft Azure, hosting partners and Office 365.

“It is going to be difficult to get this done in time,” said David Mayer, practice director of Microsoft Solutions at Insight Enterprises Inc.NSIT -1.12%, a provider of IT hardware, software and services.

Many of these same industries were impacted by the end of service for the Windows XP operating system on April 8.  Microsoft broadcasts these sorts of moves years in advance, so it shouldn’t come as a surprise to anyone. But, the product was stable and for many companies there simply wasn’t incentive to update.

“In general, everyone has been slow to migrate, especially those with servers that are running applications,” said Rob Helm, vice president of research at Directions on Microsoft consulting firm.

The problem in industries such as health care and utilities is that companies run legacy apps written by vendors who still require Windows Server 2003. For example, there are smaller vendors in health care that have not kept up with development and application modernization, said a health-care CIO who asked not to be identified. A hospital may have an inventory of 100 to 500 different applications and many applications will still require Windows Server 2003, he added.

Electric utilities, for example, widely use Windows Server 2003. There hasn’t been much movement to upgrade those systems, said Patrick C. Miller, founder of the nonprofit Energy Sector Security Consortium and a managing partner at The Anfield Group, a security consulting firm. Instead, utilities are working to better secure and isolate those systems.

“I’m concerned about directory services such as application authentication and user permissions,” said Mr. Miller. “If you compromise an Active Directory server, you get access to everything.”

For now, analysts are recommending that companies work out their risk of exposure and make plans to first migrate those applications that will be most difficult. Companies should make plans to harden servers that can’t be updated. That might entail putting those systems on an isolated network, where they’d be less prone to outside attack, said Mr. Helm.

To protect and upgrade your home or business

 please contact us 856-745-9990 or click here.

 

Disable SSL 3.0 on Your Server

 

Due to a critical security vulnerability with SSL 3.0  (an 18-year-old, outdated technology), we recommend disabling it on your server. We have instructions on how to do that in the Updating section but recommend reading the entire document to understand the scope of what this does.

What does POODLE do?
In short, it’s a way attackers can compromise SSL certificates if they’re on the same network as the target if (and only if) the server the target is communicating with supports SSL 3.0.

Google has a lot more detail on their security blog here.

Does POODLE affect my server/sites?
Because POODLE is a vulnerability in SSL technology, it only impacts sites using SSL certificates. If your server or your sites don’t use an SSL certificate, you don’t need to update your server. However, we recommend doing it now in case you do end up installing an SSL certificate at a later date.

Updating
How you update your server depends on whether your server uses a Linux® distribution or Windows® and if it uses cPanel.

cPanel

cPanel requires slightly different steps from any other control panel/operating system configuration.

To Configure cPanel to Prevent POODLE Vulnerability on HTTP

1. Log in to your cPanel (more info).
2. In the Service Configuration section, click Apache Configuration.
3. Click Include Editor.
4. In the Pre Main Include section, from the Select an Apache Version menu, select All Versions.
5. In the field that displays, type the following, depending on which version of CentOS you’re using:

CentOS Version Type this…
Cent OS/RHEL 6.x
SSLHonorCipherOrder On
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
Cent OS/RHEL 5.x
SSLHonorCipherOrder On
SSLProtocol -All +TLSv1

If you encounter errors while applying this update, please review this forum post at cPanel that discusses potential fixes.

6. Click Update.

Preventing POODLE on Other Protocols (FTP, etc.)

Right now, only servers using RHEL can protect themselves against POODLE on non-HTTPS protocols. They can do this by updating the latest version of OpenSSL, and then implementing TLS_FALLBACK_SCSV.

Servers using CentOS do not yet have a known fix for the vulnerability on non-HTTPS protocols. However, we will update this article with those instructions as soon as we do.

Linux (Apache)

Modify your Apache configuration to include the following line:

SSLProtocol All -SSLv2 -SSLv3

For more information on how to do that, view Apache’s documentation.

Windows (IIS)

Modify your server’s registry (which removes access SSL 3.0 support from IIS) using Microsoft’s document here. You can jump down to the Disable SSL 3.0 in Windows section.

World’s Largest Meat Supplier Attacked

The breach is the latest targeting of a crucial supply chain and comes three weeks after the Colonial Pipeline hack disrupted fuel operations in the U.S.

Here’s what we know:

What is JBS?
JBS USA is part of JBS Foods, one of the world’s largest food companies. It has operations in 15 countries and has customers in about 100 countries, according to its website. Its customers include supermarkets and fast food outlet McDonald’s and in the US, JBS processes nearly one quarter of the county’s beef and one-fifth of its pork. JBS’s five biggest beef plants are in the US, and the shutdowns have halted a fifth of meat production there, according to Bloomberg.

Its brands include Pilgrim’s, Great Southern and Aberdeen Black. The US headquarters is based in Greeley, Colorado, and it employs more than 66,000 people.

What happened?
Hackers attacked the company’s IT system last weekend, prompting shutdowns at company plants in North America and Australia. IT systems are essential in modern meat processing plants, with computers used at multiple stages including billing and shipping.
JBS hack shuttered nine US beef plants but normal operations to resume Wednesday
The hack, which the White House described Tuesday as ransomware, affected all of JBS’s US meatpacking facilities, according to an official at the United Food and Commercial Workers union that represents JBS employees. The cyberattack resulted in the closure of all nine of the company’s US beef plants, which are located in states including Arizona, Texas, Nebraska, Colorado, Wisconsin, Utah, Michigan and Pennsylvania, the union official said. The company said on Monday that it suspended all affected IT systems as soon as the attack was detected, and that its backup servers were not hacked.

The White House has said that the ransomware attack was likely carried out by a Russia-based criminal organization, and that it is dealing with the Russian government on the matter.
JBS’ operations in Australia were also affected. The Australian Meat Industry Council, a major trade group, said in a statement that “there is no indication whatsoever that this cyberattack will cause a major impact on Australian domestic red meat and pork products supply.”

What is ransomware?
In a ransomware attack, hackers steal an organization’s data and lock its computers. Victims must pay to regain access to their network and prevent the release of sensitive information.
Some sophisticated ransomware hackers, such as the Russian hacker group Darkside, sell their ransomware technology and take a cut of any ransoms paid to their customers.

Experts generally encourage ransomware victims not to pay any ransom. But a company’s ability to get back online without paying hackers may depend on whether it has protected backups of its data. In some cases, hackers can delete their target’s backups before locking its files, leaving the victim organization with no recourse.

JBS did not comment to CNN about details of the ransomware attack, including whether it paid the ransom.

This kind of cyberattack sounds familiar. Where have I heard that?
The hack comes a few weeks after a ransomware attack targeted Colonial Pipeline, which forced a six-day shutdown of one of the United States’ largest fuel pipelines. That May attack resulted in gas shortages, spiking prices and consumer panic. Colonial Pipeline has confirmed it paid a $4.4m (£3.1m) ransom to the cyber-criminal gang responsible.

Similar to JBS, Colonial Pipeline’s systems were hit with ransomware. Once a company has been hit by ransomware, its first course of action is usually to take much or all of its systems offline to isolate the hackers’ access and make sure they can’t move into other parts of the network.
That may be among the reasons why JBS shut down its operations and Colonial shut down its pipeline — to disconnect the companies’ operations from the IT systems that hackers breached. People briefed on the Colonial attack have said that the company halted operations because its billing system was also compromised and feared they wouldn’t be able to determine how much to bill customers for fuel they received.
The pipeline has since returned to normal operations.

Don’t be the next victim of a ransomware attack. Contact South Jersey Techies to discuss how your critical information can be secure.

If you have any questions, please call us at (856) 745-9990.

 

 

Cloud Computing: Companies Stay Cautious

In a new report from SolarWinds, 92% of companies say adopting cloud is critical to long-term success. But, most don’t think they’ll ever be fully cloud.

On March 29, IT management software provider SolarWinds released its annual report titled IT Trends Report 2016: The Hybrid IT Evolution, detailing some interesting trends around cloud adoption in the enterprise and the rise of hybrid IT.

First off, according to the results of the report, cloud adoption is a foregone conclusion for most businesses. The report found that 92% of the IT professionals who were surveyed said adopting cloud was important to long-term success in their business. Nearly 30% labeled it extremely important.

However, despite this widespread adoption, most organizations aren’t fully embracing the cloud within the whole of their organization. Joel Dolisy, CIO of SolarWinds, said that is because the cloud isn’t the best option for all workloads.

“The findings of this year’s study paint a clear picture: Cloud adoption is nearly ubiquitous, but it’s not now and will not in the foreseeable future be suitable for all workloads, and even if it were, very few if any companies would convert all of their existing applications to run in the cloud,” Dolisy said in a press release.

The data to support Dolisy’s statement came from the report as well. Only 43% of respondents said that half or more of their IT infrastructure will make it to the cloud over the next 3-5 years. And, 60% said it is unlikely that their entire infrastructure will ever be fully cloud-based. Additionally, 9% said they hadn’t migrated any piece of their infrastructure to the cloud.

Dolisy called the resulting dynamic hybrid IT, where an organization blends critical on-premises tools with cloud-based technologies. This affects IT as well, he said, because it shifts the dynamic of the corporate IT professional to one who can guarantee always-on performance regardless of where he or she is based. Additionally, these professionals need new skills and tools to effectively deploy and manage these environments.

Basically, the rise of this hybrid IT means that IT professionals are faced with two key tasks: Leveraging the cloud to increase efficiency and performance, while maintaining security of critical systems.

So, what are the benefits of this hybrid IT infrastructure? The SolarWinds report listed three in ranked order:

  1. Infrastructure cost-reduction
  2. Increased infrastructure flexibility/agility
  3. Relieving internal IT personnel of day-to-day management of some infrastructure

However, there are some challenges to managing this type of infrastructure as well. Of the respondents, 62% listed security as the top challenge within these type of environments.

Then, of course, there are also inherent challenges to encouraging cloud adoption as well. SolarWinds pegged the top three barriers to overall cloud adoption (which, in turn, affects hybrid IT) as follows:

  1. Security/compliance concerns
  2. Legacy system support
  3. Budget limitations

Nearly 70% have migrated their applications to the cloud, almost 50% have migrated their storage, and 33% have moved their databases.

So, how does this affect your organization? Well, new trends in infrastructure often require new skills to support them.

According to the survey, only 27% are convinced that their IT department has the skills needed to fully support a hybrid IT environment. To succeed in hybrid IT, respondents said they needed better monitoring tools, application migration support, distributed architectures, service-oriented architectures, and automation or vendor management tools.

Hybrid IT also require support from leadership as well. Of those surveyed, 56% felt that they had the support needed to do hybrid IT right.

“In short, IT is everywhere,” Dolisy said. “Effectively managing and monitoring the new environment—from on-premises to the cloud with multiplying endpoints—to be able to act when needed is more critical now than ever.”

The 3 big takeaways for readers

1. Hybrid IT, a mix of cloud and on-premises solutions, is growing as the prevailing trend in IT architecture. Almost all respondents said cloud was critical to future growth, but many felt that their organization would never be fully cloud.

2. Hybrid IT can offer cost reduction, increased agility, and management relief. But, it also brings security challenges, issues with legacy systems, and budget challenges.

3. If your organization is engaging hybrid IT, your IT professionals need the proper tools and skills to stay on top of it. Look into monitoring, different architectures, and automation to help support your staff.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Chrome Labels HTTP Sites ‘Not Secure

Google sends a nudge toward the unencrypted web

Starting in July, Google Chrome marked all HTTP sites as “not secure,” according to a blog post published today by Chrome security product manager Emily Schechter. Chrome currently displays a neutral information icon, but starting with version 68, the browser is warning users with an extra notification in the address bar. Chrome currently marks HTTPS-encrypted sites with a green lock icon and “Secure” sign.

Google has been nudging users away from unencrypted sites for years, but this is the most forceful nudge yet. Google search began down-ranking unencrypted sites in 2015, and the following year, the Chrome team instituted a similar warning for unencrypted password fields.

The Chrome team said the announcement was mostly brought on by increased HTTPS adoption. Eighty-one of the top 100 sites on the web default to HTTPS, and a strong majority of Chrome traffic is already encrypted. “Based on the awesome rate that sites have been migrating to HTTPS and the strong trajectory through this year,” Schechter said, “we think that in July the balance was tipped enough so that we can mark all HTTP sites.”

HTTPS encryption protects the channel between your browser and the website you’re visiting, ensuring no one in the middle can tamper with the traffic or spy on what you’re doing. Without that encryption, someone with access to your router or ISP could intercept information sent to websites or inject malware into otherwise legitimate pages.

HTTPS has also become much easier to implement through automated services like Let’s Encrypt, giving sites even less of an excuse not to adopt it. As part of the same post, Google pointed to its own Lighthouse tool, which includes tools for migrating a website to HTTPS.

 

Beware downloading some apps or risk

Popular apps on your smartphone can be convenient and fun, but some also carry malicious software known as malware, which gives hackers easy access to your personal information.

A security firm found that between 75 and 80 percent of the top free apps onAndroid phones or iPhones were breached. The number jumps as high as 97 percent among the top paid apps on those devices.

Whether these apps help advertisers target you or help hackers rip you off, you’ll want to do your homework before downloading apps, reports CBS News correspondent Anna Werner.

California’s Susan Harvey said she was a victim after she used a debit card to download a slot machine game app to her cell phone through a Google Play store account.

“It was something you purchased once, for like $15,” Harvey said.

When she went to reload the game, she found hundreds of purchases had been made — by her math, more than $5,000 worth of transactions.

“My heart sank, I just sat there looking at it… I physically, I was sick, because I didn’t know what they were,” Harvey said.

That story’s no surprise to cybersecurity expert Gary Miliefsky, whose company SnoopWall tracks malware. He said certain apps are designed to steal your personal information.

“What are the consequences for me as a consumer?” Werner asked.

“You’re gonna lose your identity. You’re gonna wonder why there was a transaction. You’re gonna wonder how someone got into your bank account and paid a bill that doesn’t exist,” Miliefsky said.

Milifesky said when you download an app, you also give permission for it to access other parts of your phone, like an alarm clock app that can also track phone calls.

“You think an alarm clock needs all those permissions? Access to the Internet over wifi, your call information, calls you’ve made, call history, your device ID? This to me is not a safe alarm clock,” Miliefsky said.

And there’s the weather and flashlight apps that he says exploit legitimate banking apps to capture information, as he showed us in a demonstration of what could happen when someone takes a photo of a check to send to their bank.

“The flashlight app spies on the camera and noticed the check and grabbed a copy of it. Shipped it off to a server somewhere far away,” Miliefsky said.

Last year the group FireEye discovered 11 malware apps being used on iPhones that gathered users’ sensitive information and send it to a remote server, including text messages, Skype calls, contacts and photos Apple fought back by removing the apps and putting stricter security measures in place.

“They get at your GPS, your contacts list…to build a profile on you,” Miliefsky said.

Some apps are simply collecting information for advertising purposes. In 2014, the Federal Trade Commission settled a lawsuit with a company over its popular Brightest Flashlight app, alleging it transmitted consumers’ personal information to third parties without telling them.

But Miliefsky said he’s found another flashlight app that can do much more troubling things.

“This one turns on your microphone in the background, listens in on you, and sends an encrypted tunnel to a server we discovered in Beijing,” Miliefsky described.

“You’re saying that they’re actually listening to people’s conversations and sending that audio back to Beijing?” Werner asked.

“Yeah, we’ve tracked it. I can show you where it does it,” he said.

Miliefsky said it can be traced to a few blocks from Tiananmen Square on Information Drive in Beijing.

He gave a report on that app to the FBI.

“Because to me, it’s spyware at the nth degree,” Miliefsky said.

His recommendation?

“We really have to look at our phone and say, ‘This is really a personal computer that fits in our pocket. Let’s shut down all the apps we don’t use. Let’s delete apps that don’t make sense and reduce the risk of being spied on,'” Miliefsky said.

The creator of the Brightest Flashlight app settled with the FTC, agreeing to change its policy and delete all the information it had gathered.

Harvey sued Google over her alleged hack, but a judge recently dismissed it, saying she and her attorney filed too late. Google said fewer than one percent of Android devices got bad apps in 2014.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

BBB Advises Caution for Web Surfers

Protecting your identity is important and with Wi-Fi networks popping up nearly everywhere, many consumers don’t realize the dangers that come with using a Wi-Fi connection that is not their own. According to a recent poll conducted by Wakefield Research and Wi-Fi Alliance, 32 percent of respondents said they have tried to get on a Wi-Fi network that was not their own, a startling 18 percent more than a December 2008 poll. The Better Business Bureau, along with the Federal Trade Commission (FTC), urges consumers to think ahead before surfing the Web on a Wi-Fi hotspot.

Wi-Fi hotpots like coffee shops, libraries, airports, hotels and universities are all breeding grounds for hackers. According to the FTC, new hacking tools—available for free online—make hacking easy, even for users with limited technical know-how.

Consumers should be cautious before using a non-secure wireless network and before sending personal information via unencrypted websites. When surfing on a non-secure Internet connection, an individual’s personal information, private documents, contacts, photos and even login information can be up for grabs as other users on the network have the capability of seeing what is being sent.

Steve Cox, President and CEO of the Council of Better Business Bureaus, warns consumers against two popular security scams that can be associated with using an unsecure Internet connection. “Many consumers don’t realize the repercussions that come from using a Wi-Fi hotspot. Phishing, a popular e-mailing scam, and smishing, a SMS texting scam, grow exponentially when hackers obtain access to personal information on the Web via an unsecure Wi-Fi network.” BBB urges consumers to protect themselves from such scams by securing their Internet surfing.

In order to confirm that an Internet connection is secure, BBB advises consumers to follow the FTC’s top Wi-Fi tips:

Make sure the connection is protected by a unique password. If a Wi-Fi hotspot doesn’t ask for a password, the Internet connection is not secure. If a hotspot asks for a password just to grant access, consumers should proceed as if the connection were unsecured. Only trust home and work internet connections that are protected by a customized user password. Wi-Fi hotspot connections with generic passwords are vulnerable to hackers.

Transmitted information should be encrypted. When sending personal information like addresses, credit card numbers and Social Security numbers over the Internet, make sure the website is fully encrypted and the network is secure. Look for https (the “s” stands for secure) at the beginning of the URL address to confirm its security.

Don’t stay permanently logged-in to wireless hotspots. Never leave your Internet connection running while your computer is unattended and make sure to log-off after every use.

Change your passwords frequently. When creating new accounts, make sure you use different passwords. Do not use the same password for different sites. If one password is hacked, the chances of other accounts being hacked becomes greater with repeated passwords.

For more advice on security scams, visit www.bbb.org or to learn more about protecting your privacy online and what to do if your information is compromised, visit www.OnGuardOnline.gov and http://www.ftc.gov/opa/2011/02/wireless.shtm

CALL US NOW!