Back to Top

Tech, Web, Cloud & Cabling Services

Category: Security

Security Category

Trump administration to move all federal IT into the cloud: Is it realistic?

US president Donald Trump recently signed an executive order on cyber-security that mandated federal systems move to the cloud. But, questions remain on the feasibility of that goal.

On Thursday, US President Donald Trump signed his long-awaited executive order on cyber-security, laying out his plans for addressing security in federal IT and across US infrastructure. The most ambitious mandate was that all federal IT systems move to the cloud.

President Trump’s homeland security adviser, Tom Bossert, said in a announcement that the government had spent too much time and money “protecting antiquated and outdated systems.” Bossert cited the Office of Personnel Management (OPM) hack as evidence of failing legacy systems.

Bossert said, “From this point forward, the President has issued a preference in federal procurement in federal IT for shared systems. We’ve got to move to the cloud and try to protect ourselves instead of fracturing our security posture.”

The executive order officially states: “Agency heads shall show preference in their procurement for shared IT services, to the extent permitted by law, including email, cloud, and cyber-security services.” It also calls for a report to be completed within 90 days describing the legal, budgetary, technical considerations for “shared IT services, including email, cloud, and cyber-security services,” along with a timeline for the initiatives and their potential cost-effectiveness.

Peter Tran, the senior director of worldwide advanced cyber defense practice at RSA and former US Department of Defense employee, said the anchor for the executive order will initially be the NIST Cybersecurity Framework (CSF), to both assess current risk gaps and determine a strategy moving forward. This will be the pacesetter by which all building blocks will either rise or fall specifically on the call to action to go cloud in an expedited manner…..security being a forethought,” Tran said.

However, the effectiveness of a move to the cloud to improve security among these federal systems remains up to debate. John Pironti, cyber-security expert and president of IP Architects, said that it could create a double-edged sword.

“The idea of standardization of security controls and capabilities through a cloud-only mandate in theory may make sense to establish an enhanced baseline for security, but at the same time creates a central target and common set of controls and capabilities that adversaries can then focus their attention on in order to be successful in their attacks,” Pironti said.

Following a central set of control standards and common technology platforms, combined with the centralized nature of the cloud, could actually make the federal IT systems weaker than their current iteration, Pironti said, which utilizes “distributed and varied computing assets and security controls.” And if hackers can find and exploit a weakness in this kind of system, it could lead to a bigger impact.

Pironti said that he believes the mandate will start out with the proper intentions, but if the affected government agencies simply follow the prescribed behaviors with no deviation, they may not be able to keep up with the changing threat landscape. While Pironti said that he’s in favor of accountability, he believes that the approach should be risk-based instead of mandated.

“I do not believe all agencies should be forced into a cloud model or required to follow the same set of prescriptive security controls,” Pironti said. “If an agency can prove that they are effectively operating in a reliable, available, and secure fashion then they should be allowed to continue to do so.”

Another question raised by the mandate is the feasibility of moving these systems to the cloud. Tran said that the executive order builds on an existing foundation, but the “proof is in the pudding.” The order, like other security plans, must be executed in a timely manner and show clear improvements in boosting security visibility and early threat detection, but it also must clearly show what “good” and “bad” security looks like in cloud infrastructure, Tran said.

“That’s really hard to do under an average planning and deployment timeline. Your compass needs to be ‘dead on,'” Tran said.

The impact of the executive order could also be seen in the private sector, Tran said, driving the growth of stronger policy, compliance, and governance around cybersecurity.

“The unique aspect of this current environment is security can’t effectively operate in a ‘de-regulated’ fashion by the mere nature that it’s security… Imagine if the TSA and FAA had no security protocols and structure?” Tran said. “Cybersecurity is no different whether it’s brick-and-mortar or click-and-mortar.”

The 3 big takeaways for readers

  1. Trump recently signed an executive order on cybersecurity mandating all federal IT systems move to the cloud, but questions remain about the feasibility and effectiveness of such a mandate.
  2. The move to the cloud could help modernize the systems’ approach to security, but it could also create a central point of attack for hackers, an expert said.
  3. The executive order could also impact the private sector, leading to more regulation and compliance around cyber-security initiatives, an expert said.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Windows 10 PPTP VPN Setup Tutorial

Manual Setup

Step 1

Click Start button in the bottom left corner of the screen (the one with Windows logo). Go to “Settings“.

Step 2

Go to “Network & Internet“.

Step 3

Select “VPN” in the menu on the left.

Step 4

Click “Add a VPN connection“.

Step 5

For the “VPN Provider” select “Windows (built-in)“. Connection name can be any as you like for example SouthJerseyTechiesVPN.
Server name or address” is your server address. It is not “pptp.sjtechies.com”, that is just an example.
For “VPN type” select “Point to Point Tunneling Protocol (PPTP)“.

Step 6

Scroll the window if needed and fill the “Username” and “Password” fields.
Check “Remember my sign-in info” and click “Save” button.

Step 7

After that you will see the newly created connection. Click on it.

Step 8

Click the “Connect” button.

Step 9

After a while it will connect and show you “Connected” status.

Step 10

You can also check the VPN status in the Network applet (the icon in your system tray at the bottom right).

Connecting the PPTP on Windows 10

Find the network connections icon in the bottom right corner of the screen (near the clock). The icon can be in the shape of computer display or wireless signal meter (you can see it on Step 10). Click on that icon. In the appeared list click on any network connection.
After that you will see another window with the connection list, click on the SouthJerseyTechiesVPN connection (the connection name can be different, you have set it up on Step 5).
Click the “Connect” button under the connection name.

Disconnecting the PPTP on Windows 10

Find the network connections icon in the bottom right corner of the screen (near the clock). The icon can be in the shape of computer display or wireless signal meter (you can see it on Step 10). Click on that icon. In the appeared list click on any network connection.
After that you will see another window with the connection list, click on the SouthJerseyTechiesVPN connection (the connection name can be different, you have set it up on Step 5).
Click the “Disconnect” button under the connection name.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

Windows 7 PPTP VPN Setup Tutorial

Manual Setup

Step 1

Start by finding the network connections icon in the bottom right corner of the screen (near the clock).
The icon can be in the shape of computer display or wireless signal meter.
Right click on that icon.

Step 2

Select “Open Network and Sharing Center“.
You can also get there by going through “Start” button > “Control Panel” > “View network status and tasks“.

Step 3

Click “Setup a new connection or network“.

Step 4

In the appeared window select “Connect to a workplace“, click “Next“.

Step 5

Click “Use my Internet connection (VPN)“.

Step 6

If you already have other connections configured, select “No, create a new connection” and click “Next” button.
If you don’t see this dialog window just skip this step.

 

Step 7

Internet address” is your server address. It is not “sjt-XXXXXX.reliablehosting.com”, that is just an example.
Destination name” can be any as you like for example SouthJerseyTechiesVPN.
Check “Don’t connect now; just set it up so I can connect later” and click “Next” button.

Step 8

Fill the “User name” and “Password” fields.
Check “Remember this password” and click “Create” button.

Step 9

Click “Close” button.

Step 10

Click “Change adapter settings“.

Step 11

In the connections list find the SouthJerseyTechiesVPN connection, the description should be “WAN Miniport (IKEv2)“.
Right click on it and select “Properties“.

Step 12

Click “Security” tab, for “Type of VPN” select “Point to Point Tunneling Protocol (PPTP)“.
For “Data encryption” select “Require encryption (disconnect if server declines)“.
Click “OK“.

Step 13

Double click on the SouthJerseyTechiesVPN connection icon.

Step 14

It will show the connection window.
Check “Save this user name and password for the following users” and select either your account or all accounts.
Click “Connect” button.

Step 15

After a while it will connect and show you “Connected” status.
You can also check the VPN status in the Network applet (the icon in your system tray at the bottom right). Click on that icon and you will see the connection list and their statuses.

Done. You are connected.

Connecting the PPTP on Windows 7

1. Find the network connections icon in the bottom right corner of the screen (near the clock). The icon can be in the shape of computer display or wireless signal meter.
Click on that icon.

2. You will see the list of connections. Click on SouthJerseyTechiesVPN connection and then click “Connect” button.

3. After that click “Connect” again.

You should see the status messages first and then “Successfully connected to SouthJerseyTechiesVPN“.

Disconnecting the PPTP on Windows 7

Find the network connections icon in the bottom right corner of the screen (near the clock). The icon can be in the shape of computer display or wireless signal meter.
Click on that icon, in the appeared list click on SouthJerseyTechiesVPN connection and then the “Disconnect” button.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

49% of businesses fell victim to cyber ransom attacks in 2016

Ransom is the top motivation behind cyber attacks, according to a report from Radware, and IT professionals are most concerned about data loss. Here’s what you need to know.

Nearly half of businesses report that they were the subject of a cyber-ransom campaign in 2016, according to Radware’s, Global Application and Network Security Report 2016-2017.

Data loss topped the list of IT professionals’ cyber attack concerns, the report found, with 27% of tech leaders reporting this as their greatest worry. It was followed by service outage (19%), reputation loss (16%), and customer or partner loss (9%).

Malware or bot attacks hit half of all organizations surveyed in the last year. One reason for the pervasive attacks? The Internet of Things (IoT). Some 55% of respondents reported that IoT ecosystems had complicated their cybersecurity detection measures, as they create more vulnerabilities.

Ransomware attacks in particular continue to increase rapidly: 41% of respondents reported that ransom was the top motivator behind the cyber attacks they experienced in 2016. Meanwhile, 27% of respondents cited insider threats, 26% said political hacktivism, and 26% said competition.

While large-scale DDoS attacks dominated the headlines of 2016, this report found that only 4% of all attacks were more than 50 Gbps, while more than 83% of DDoS attacks reported were under 1 Gbps.

“One thing is clear: Money is the top motivator in the threat landscape today,” said Carl Herberger, vice president of security solutions at Radware, in a press release. “Attackers employ an ever-increasing number of tactics to steal valuable information, from ransom attacks that can lock up a company’s data, to DDoS attacks that act as a smoke screen for information theft, to direct brute force or injection attacks that grant direct access to internal data.”

Despite the growth in attacks, some 40% of organizations reported that they do not have an incident response plan in place, the survey found.

The report listed five cybersecurity predictions for 2017:

1. IoT will become an even larger risk. The Mirai IoT Botnet code is available to the public, making it more likely that cyber criminals of all experience levels are already strengthening their capabilities. “In 2017, exponentially more devices are expected to become targeted and enslaved into IoT botnets,” the press release stated. “IoT device manufacturers will have to face the issue of securing their devices before they are brought to market, as botnet attacks from these devices can generate large-scale attacks that easily exceed 1 Tbps.”

2. Ransomware attacks will continue to grow. These attacks will target phones, laptops, and company computers, and will likely take aim at healthcare devices such as defibrillators in the future, the press release stated.

3. Permanent Denial of Service (PDoS) attacks on data centers and IoT operations will rise. PDoS attacks, sometimes called “phlashing,” damage a system to the degree that it requires hardware replacement or reinstallation. These attacks are not new, but Radware predicts they are likely to become more pervasive in 2017 with the plethora of personal devices on the market.

4. Telephony DoS (TDoS) will become more sophisticated. These attacks, which cut off communications in a crisis, “could impede first responders’ situational awareness, exacerbate suffering and pain, and potentially increase loss of life,” the press release stated.

5. Public transportation system attacks will rise. As cars, trains, and planes become more automated, they also become more vulnerable to hackers, Radware stated.

You help your business avoid ransomware attacks and other cyber threats by keeping software up to date, backing up all information every day to a secure, offsite location, segmenting your network, performing penetration testing, and training staff on cyber security practices.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

How to take control of your privacy in Windows 10

Where do you draw the line on personal privacy? The right options are different for everyone. This guide shows the privacy settings that will help you to create the right balance of privacy and convenience in Windows 10.

windows-10-privacy-blinds

Over the past year, We’ve read countless “privacy guides” for Windows 10. Most are well-intentioned, but they invariably take a simplistic approach to privacy: Just turn off every switch in the Privacy section of the Settings app.

If you do that, you’re not understanding the privacy landscape, which encompasses far more than just those settings. You’re also missing some important additional steps.

Windows 10 is a mix of software and services. With every session, a Windows 10 device exchanges a great deal of information with Microsoft’s servers. That’s neither unusual nor alarming. Microsoft’s chief rivals, Google and Apple, are also blending services into their software, with the goal of making your life easier and making that software more reliable.

So are other tech companies that you don’t think of as software companies: Amazon, with the Echo. Tesla, with its self-updating, software-driven cars. Your thermostat and your home security system.

There’s something profoundly satisfying about a service that anticipates your every move, reminding you when to leave for an appointment to arrive on time, or to pick up flowers for your anniversary tomorrow. Your digital personal assistant, whether it’s Siri or Cortana or Alexa or Google, needs to be able to see your calendar and contacts to make that magic happen.

But when that sort of personal attention goes too far, it “crosses the creepy line,” to use a phrase that Eric Schmidt probably regrets uttering when he was Google’s CEO.

The thing about that line is that it’s drawn in a different place for everyone. There are people who are thrilled at the idea that their PC or mobile device is so familiar with their actions that it can anticipate what they’ll do next. I know others who would like to build a virtual Faraday cage around their computing hardware so that none of their personal details can escape.

Both of those viewpoints, and everything in between, are perfectly valid. That’s why the software and services we use are loaded with switches and dials designed to help you take control of their potential privacy impact.

In this post, We’ll walk you through the big privacy questions for Windows 10, with enough context to help you decide which settings are right for you.

Note that this guide assumes you are using Windows 10 on a personal PC or one in your small business. If you are in an enterprise setting, or if you are in a regulated industry, you should seek professional assistance to ensure that you’re meeting proper standards.

Let’s start with the part of your PC that has the biggest impact on your personal privacy.

THE NETWORK

No one knows more about your online identity than your Internet service provider. Every packet you send or receive from anywhere online goes through their servers. When you travel and connect to Wi-Fi networks that are under the control of others, the owners of those networks can see every connection you make and can intercept their contents.

Regardless of the platform you use, that’s why it’s important you use encrypted connections for any kind of sensitive communications. Using a virtual private network whenever possible is an excellent best practice.

Windows 10 does offer one obscure option that can help protect third parties from tracking your movements based on your connections to Wi-Fi networks. (Note that this feature requires support from your Wi-Fi adapter, so if you don’t see this option, the most likely explanation is that your hardware doesn’t support it.) Under Settings > Network & Internet > Wi-Fi, turn the Use random hardware addresses setting to On.

windowsprivacy02

That step keeps third parties from matching your Wi-Fi adapter’s hardware address with your personal information, making it more difficult to track your location.

THE BROWSER

Countless third-party ad networks and analytics companies use cookies and other tracking technology to record your movements around the web and to correlate your online activities with your offline identity.

The result is a digital fingerprint that can be extraordinarily detailed and, unfortunately, outside of your ability to change.

To limit the amount of information that those ad and analytics companies know about you from your web browsing, consider third-party anti-tracking software such as Abine’s Blur, which is available for every web browser except Microsoft Edge. (That lack of solid support for add-ons is one reason I can’t yet recommend Edge as a full-time browser for most Windows 10 users.)

Another privacy product worth considering is Ghostery, although some are suspicious of this browser extension because of its uncomfortably close ties to the online advertising industry.

Ad-blocking software can also provide some privacy protection as a side-effect of performing its basic function. Here, too, watch out for close ties between some ad-blocking add-ins and the third-party trackers they supposedly protect you from.

Note that none of these steps is unique to Windows 10. Anti-tracking software is typically a browser add-in and works with most popular browsers.

THE OPERATING SYSTEM

With those two big, platform-independent factors out of the way, we can now turn to Windows 10 itself. When you use a Windows 10 device, it is capable of sharing the following types of information with Microsoft’s servers:

Your location

Windows 10 can determine your location to help with actions like automatically setting your current time zone. It can also record a location history on a per-device basis. Go to Settings > Privacy > Location to control the following:

  • Location on/off?Use the master switch at the top of this page to disable all location features for all users of the current device.
  • Location service on/off?If location is on for Windows, you can still turn it off for your user account here.
  • General location?This allows you to set a city, zip code, or region so that apps can deliver relevant content.
  • Default location?Click Set default to open the Maps app and specify the location you want Windows to use when a more precise location is not available.
  • Location history?Click Clear to erase the saved history for a Windows 10 device.

If location is on, a list at the bottom of the Settings > Privacy > Location page allows you to disable access to that data on a per-app basis.

Your input

If you enable Cortana, Windows 10 uploads some info from your devices, such as your calendar, contacts, and location and browsing history, so that Cortana can make personalized recommendations. If you don’t want any accounts on your PC to use Cortana, follow the steps in this article to disable the feature completely: Turn off Cortana completely.

Windows 10 uses some feedback from the way you type, write, and speak to improve performance for you and as a way to improve the overall platform. This isn’t keystroke logging; rather, the operating system uses a very small amount of information. A separate feature uses your speech and writing history to make better suggestions in Windows and Cortana.

You can control this collection with two sets of controls:

Under Settings > Privacy > General, click Info about how I write and turn it off so that your typos aren’t used to improve things like the built-in spell checker.

Under Settings > Privacy > Speech, inking, & typing, under the Getting to know you heading, click Stop getting to know me to turn off personalization.

To clear previously saved information associated with your Microsoft account, click the first link under the Manage cloud info heading. That takes you to this Bing Personalization page, which includes this prominent button:

windows-privacy01

Click Clear to remove that saved information from the cloud.

Files and settings

When you sign in with a Microsoft account, you have the option to save files to the cloud using OneDrive. Windows 10 also syncs some settings to OneDrive, allowing you to have the same desktop background, saved passwords, and other personalized settings when you sign in with that account on multiple PCs.

If you use a local account, of course, none of your settings are synced. If you use a Microsoft account, you can turn off syncing completely or remove certain settings from the sync list by going to Settings > Accounts > Sync Your Settings.

OneDrive is an opt-in service. If you don’t sign in, it does nothing. You can’t save files to OneDrive accidentally, and no files are uploaded without your explicit permission, which you can revoke any time. To disable OneDrive for all users on your PC, follow these instructions: Shut down OneDrive completely.

Telemetry

Microsoft, like all modern software companies, uses feedback from its installed base to identify problems and improve performance. In Windows 10, this feedback mechanism produces diagnostics data (aka telemetry) that is uploaded to Microsoft at regular intervals. The data is anonymized and is not used to create a profile of you.

The default telemetry setting for all consumer and small business versions of Windows 10 is Full, which means that the uploaded data also includes details (also anonymized) about app usage. If you are concerned about possible inadvertent leakage of personal information, I recommend that you go to Settings > Privacy > Feedback & diagnostics and change the Diagnostic and usage data setting to Basic.

THE APPS

Although the number of subcategories under the Privacy heading in Settings seems daunting, most of them govern access to your information by Windows Store apps. That set of apps includes those that are preinstalled (Mail, Calendar, Groove Music, Photos, and so on) as well as those you acquire from the Store.

Most of the categories offer a single on-off switch at the top, which you can use to disable all access to that feature by all apps. If you leave the feature enabled, you can use a list of apps at the bottom of the page to enable or disable access on a per-app basis.

This capability works the same with the following categories: Camera, Microphone, Notifications, Account Info, Call History, and Radios. The Other Devices category lets apps automatically share and sync info with wireless devices that aren’t explicitly paired with your PC. Use the Background Apps category to specify which apps are allowed to work in the background.

If Location is enabled, you have the option to disable location access on a per-app basis and to disable Geofencing.

The Contacts, Calendar, Email, and Messaging categories allow you to control which apps can have access to these features. If you want to share content from an app using email or messaging, this option has to be on for that app. Note that Mail and Calendar, People, and Phone always have access to your contacts; Mail and Calendar are always allowed to access and send email and always have access to your calendar.

Finally, one horribly misunderstood setting is available under Settings > Privacy > General. Advertising ID controls whether Microsoft serves personalized ads to ad-supported apps. If you turn this option off, you still get ads, but they’re not personalized. In any case, your information is not shared with advertisers.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

99% of business machines have not upgraded to Windows 10, according to study

According to a new study released by Softchoice, less than 1% of business machines have upgraded to Windows 10, opting instead for Windows 7.

Windows10controversy

Windows 10 has been one of the more controversial OS releases of recent memory, bringing privacy concerns, bugs that disable certain hardware, and other nasty surprises. And the enterprise, it seems, is avoiding it altogether.

According to a recent study by IT services firm Softchoice, less than 1% of Windows machines were actually running Windows 10. That means that, one year after the release of the latest Microsoft OS, more than 99% of machines haven’t yet made the switch.

The study was performed as part of a TechCheck analysis by Softchoice, which looked at more than 402,814 Windows devices operating among 169 organizations. So, what were these firms choosing instead of Windows 10? Overwhelmingly, they were running Windows 7.

“It appears businesses are hesitant to take advantage of the various Windows 10 upgrades and, at least for now, are satisfied with Windows 7,” Softchoice’s David Brisbois wrote in a press release. “Historically, OS upgrades have been viewed as major time and resource-consuming undertakings, and this may be influencing the decision today to hold off on Windows 10.”

The Softchoice looked at these Windows machines in both US and Canadian firms from January 1, 2016 through May 31, 2016. At the time, only 2,999 devices were running Windows 10, which accounted for a grand total of 0.75% of the whole.

In terms of business break down, 42 of the 169 businesses (25%) had no trace of Windows 10 in their environment. Additionally, 73 of the 169 (43%) had fewer than 10 devices running Windows 10 present in their environment.

In contrast, 91% of the machines were operating with Windows 7, which marked an 18% increase over the same period of time in 2015. The next largest group were the Windows XP holdouts, which counted for 5% of the devices. Devices running Windows 8 were at 4%, which is double from the 2% measured the year prior.

“It seems businesses don’t see an urgent need to move operating systems, so long as their cloud-based applications are still running fine on Windows 7,” Softchoice’s Microsoft director Craig McQueen wrote in a press release. “In addition to the security benefits, I think once organizations grasp the user benefits—such as touch and Cortana—we will start to see a boost in adoption.”

Although, some of those features may not be enough to sway some users. Cortana, for example, has proven very difficult to get rid of, and other updates have led to frozen machines. The most recent Windows 10 Anniversary Update actually broke some third-party webcams, without a workaround or fix until September. That’s bad news for a business that relies heavily on video conferencing.

Still, there are a host of new features and tools that could make it easier to get work done.

The 3 big takeaways for Readers

  • 1. A recent study by Softchoice has shown that less than 1% of enterprise organizations have upgraded their Windows devices to Windows 10, even a full year after the OS was released.
  • 2. Most business were still running Windows 7, according to the study, as Windows 8 also saw poor adoption rates after its release.
  • 3. A plethora of concerns over privacy and functionality, combined with the effort it takes to upgrade a whole organization, likely led to the low adoption numbers for Windows 10.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Mozilla Joins Google and Facebook in Phasing Out Adobe Flash

Web browsers don’t like the security and stability problems that come with Flash.

Another popular web browser has had it with Adobe Flash.

Mozilla said this week that it plans to gradually wean its Firefox web browser from Adobe’s ADBE -1.07% multimedia player. In August, Firefox will no longer support “certain Flash content” that it deems “not essential to the user experience,” although Mozilla did not specify what type of Flash content it was referring to.

Mozilla will still support “legacy Flash content” for an unspecified time, but the company urged websites that use Flash or Microsoft MSFT -0.25% Silverlight, another multimedia web player similar to Flash, for their videos or online games to adopt newer “HTML technologies as soon as possible.”

In May, Google GOOG -0.59% detailed its plans to end support of Flash for its Chrome web browser, and it hopes to completely rid itself of Flash advertisements by the beginning of 2017.

Google, like Adobe, is urging website operators to switch to the HTML5 coding language to display multimedia like video on their sites.

Flash is notoriously buggy and prone to many security vulnerabilities. Firefox believes that by ending support for Flash, its users will see “enhanced security, improved battery life, faster page load, and better browser responsiveness.”

Still, Mozilla is not totally cutting ties with Adobe. Mozilla said it would “continue to work closely with Adobe to deliver the best possible Flash experience for our users” as it phases the multimedia player out, and said that an engineering partnership between the two companies has improved some performance and stability in Firefox when it displays Flash content.

Last summer, Facebook’s FB -0.27% chief security officer Alex Stamos urged Adobe via Twitter to disable Flash because of its security vulnerabilities.

In April, Adobe issued an emergency update to Flash after security researchers found a flaw that allowed hackers to distribute so-called ransomware to owners of Microsoft Windows personal computers. Ransomware is basically a form of malware that lets hackers block people from accessing their computer or related computer networks so that a hacker can demand payment in return for access.

In 2010, legendary Apple AAPL -1.32% CEO Steve Jobs wrote a 1,700 word essay on Flash and why Apple’s problems with the multimedia player, which he claimed hurt the “reliability and security of our iPhones, iPods and iPads.”

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Ransomware 2.0 is around the corner and it’s a massive threat to the enterprise

The profits from ransomware are making it one of the fastest growing types of malware and new versions could negatively impact entire industries, according to a Cisco report.

ransomware2.0

Despite the efforts made to improve cybersecurity at many organizations, there are too many systems with aging infrastructure and vulnerabilities that leave companies at risk, with ransomware one of the most sinister threats, according to a new Cisco report.

Ransomware is a top concern because it’s become an area of intense focus for cybercriminals due to its effectiveness at generating revenue. Once a cybercriminal hacks into a company’s files and encrypts them, victims have little option but to pay the asking price for the code to decrypt their files. Ransomware is becoming more ominous as new versions are continually being developed.

“The landscape is simple. Attackers can move at will. They’re shifting their tactics all the time. Defenders have a number of processes they have to go through,” said Jason Brvenik, principal engineer with Cisco’s security business group, discussing the Cisco 2016 Midyear Cybersecurity Report.

Cisco used data from its customers to create the report, since there are more than 16 billion web requests that go through the Cisco system daily, with nearly 20 billion threats blocked daily, and with more than 1.5 million unique malware samples daily, which works out to 17 new pieces of malware every second, Brvenik said.

Brvenik has the following recommendations for companies wanting to improve security:

  • Improve network hygiene – Improve aging infrastructure to limit vulnerabilities.
  • Integrate defenses – Use machine learning techniques combined with novel data views.
  • Measure time to detection – Find out how long an attacker can live in your network before they are found.
  • Protect your users everywhere they are – Protect users whether they’re on a laptop, a smartphone, or another device. Don’t just protect networks but protect users. They are the target.

The next step in the evolution of malware will be ransomware 2.0, which Brvenik said “will start replicating on its own and demand higher ransoms. You’ll come in Monday morning and 30% of your machines and 50% of your servers will be encrypted. That’s really a nightmare scenario.”

Ransomware campaigns started out primarily through email and malicious advertising, but now some attackers are using network and server-side vulnerabilities as well. Self-propagating ransomware will be the next step to create ransomware 2.0, and companies need to take steps to prepare and protect their company’s network, Brvenik said.

New modular strains of ransomware will be able to quickly switch tactics to maximize efficiency. For example, future ransomware attacks will evade detection by being able to limit CPU usage and refrain from command-and-control actions. These new ransomware strains will spread faster and self-replicate within organizations before coordinating ransom activities, according to the report.

JexBoxx, an open source tool for testing and exploiting JBoss application services, had been used to allow the attackers to gain access to networks in the targeted companies. Once the attackers had access to the network, they encrypted multiple Windows systems using SamSam.

Overall, in all aspects of cybersecurity, there are too many companies with vulnerabilities that haven’t been addressed. Out of 103,121 Cisco devices connected to the internet that were studied for the report, each device on average was running 28 known vulnerabilities. The devices were actively running known vulnerabilities for an average of 5.64 years, and more than 9 percent had known vulnerabilities older than 10 years, according to the report.

“In April, Cisco estimated that 10% of all JBoss servers worldwide were compromised. And they were compromised using readily available tools and old vulnerabilities. Adobe Flash is still a favorite. It gives a viable attack surface for them. And we see Microsoft Silverlight vulnerabilities. This means to us that people are opportunizing those that work for them,” Brvenik said.

Brevik noted that the nature of the attack is also likely to change, focusing on service-oriented technologies and systems, with teams ready to attack and try to compromise systems. Advertising is a viable model for attack.

“We saw a 300% increase in the use of HTTPS with malware over the past four months. Ad injection is the biggest contributor. Adversaries are using HTTPS traffic to expand time to operate. That’s the attacker opportunity as it exists today,” he said.

It’s no longer reasonable to expect to block 100% of threats, but being able to detect the threat fast, and limit the time the attacker is in your system is key to minimizing the damage. In December 2014, the median time before an attack was detected was 50 hours. In April 2016, it dipped to a median of 13 hours for the previous six months, Brvenik said.

“It is a living number as defenses improve and attackers change. This is good. It says that for the customers that have these systems, when they are compromised, they’re now down to 13 hours as a median time to detect it. I wouldn’t leave the door to my house open for 13 hours; and that’s what you’re doing when you leave your door open to attackers for 13 hours.”

Industries that previously thought they were immune because their business was of little interest to attackers are wrong.

“No industry is safe,” Brvenik said. “Assuming that what you do is of no interest to attackers is not a good way to think of it.”

Three takeaways for the readers

  1. Of more than 100,000 Cisco connected devices studied for the report, an average of 28 vulnerabilities were running on each one.
  2. Self-propagating ransomware is around the corner and companies need to protect themselves from the threat.
  3. Ransomware is giving massive profits to attackers, encouraging them to create even more sinister ways to attack. The average time of attack lasts 13 hours, down from 50 hours in 2014.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Windows 10 Anniversary Update: Watch out for these nasty surprises

A major update to Windows 10 is being rolled out. These are the gotchas that are catching out early users.

windows-10-anniversary-update

Windows 10 users are getting the first major update to the operating system in just under a year, with the release of the Anniversary Update.

But alongside the new features and fixes are some more unwelcome changes, ranging from less control for users to frozen machines.

Here are the main gotchas to look out for, as well as some fixes.

Less time to change your mind

With the arrival of the Anniversary Update, those upgrading to Windows 10 from Windows 7 or 8 have less time to switch back to the earlier OS.

Prior to the Anniversary Update, Windows 10 users had 30 days during which they could choose to reset their machine and restore their original OS. However, following the update Microsoft has reduced this period to 10 days.

Microsoft claims it reduced the period after noticing that most users who chose to switch back did so within a few days of upgrading, adding the change will free storage space on users’ machines.

The reduction also coincides with the end of period during which Windows 7 and 8 users could upgrade to Windows 10 for free – meaning those now paying $120 or more to upgrade will likely be less keen to switch back.

Frozen computers and broken systems

When you update software there is always risk that something will break, and that’s exactly what seems to be happening for some who have received the Windows 10 Anniversary Update.

The most common complaint seems to be that the update causes the computer to lock-up soon after loading the desktop.

In response to the problem, Microsoft has been advising users to run Windows 10’s Maintenance Troubleshooter and if that doesn’t work, to perform a clean boot of the system.

Meanwhile, users are reporting the most reliable fix has been to roll back to an earlier build of Windows 10.

Another repeated complaint is that Microsoft’s virtual assistant Cortana is missing from the Task Bar, replaced instead with a search box. In affected systems, Cortana also seems to be disabled inside the Edge web browser.

Some users of Avast and McAfee anti-virus – both widely used products – are also reporting problems after the upgrade, as are gamers trying to use Xbox One controllers.

Cortana is more difficult to get rid of

If you’re not a fan of Microsoft’s virtual assistant Cortana then prepare to dislike the Anniversary Update.

Following the update, it is no longer possible to turn off Cortana from the virtual assistant’s in-built Settings menu.

Instead, if users want to ditch Cortana they will need access to specific admin tools or to edit the registry.

Users can also minimise the information that Cortana collects, although thisdoes require altering various settings.

Harder for admins to block ads

Another less welcome change is that Windows 10 Pro users lose the ability to use admin tools to block ads.

Prior to the update, admins could edit Group Policy settings to stop ads for apps showing in the Start menu and on the lock screen.

However, Windows 10 Pro users will lose that ability, and, following the update, disabling these ads via Group Policy settings will only be available to those running Windows 10 Enterprise, Windows 10 Pro Education, or Windows 10 Education editions.

Individual users should be able to turn off many of these ads by disabling Windows 10 tips, tricks, and suggestions and Windows Store suggestions in the Settings app, however.

Following the Windows 10 Anniversary Update, new installs of Windows 10 will show double the number of ads for Windows Store apps in the Start Menu. Some users have also reported a possible increase in the number of ads shown on the lock screen following the update.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Windows 10: Reasons not to upgrade; 5 good resume apps

From privacy to compatibility and control, these are the reasons why you might want to give the upgrade to Windows 10 a miss.

getwindows10

At the end of this month Windows 10 will, at least for now, cease to be available as a free upgrade to Windows 7 and 8 users.

Microsoft is engaged in a final push to get users to upgrade, stressing the new OS introduces fresh features to Windows and overhauls its design. However, is Windows 10 right for you? Here are some of the reasons you might not want to upgrade.

1. You’re worried about privacy

By default Windows 10 collects more data than many users are comfortable with. This includes information about how Windows and Windows apps are used, what you type, your contacts, your location, calendar appointments and more. If the virtual assistant Cortana is enabled, this data extends to web browsing history, voice commands and even more information about your activity.

Users of Home and Pro versions of Windows 10 can only reduce this data collection to the “Basic” level. On this setting, Windows 10 collects information about security settings, quality-related info (such as crashes and hangs), and application compatibility. Microsoft describes this information as being essential for maintaining and improving the quality of Windows 10 and says that only “anonymous identifiers” are transmitted.

However, questions remain about the information that Windows 10 sends back to Microsoft, even when you turn the data gathering settings down a minimum. Tech website Arstechnica found that even with the virtual assistant Cortana disabled, Windows 10 sends a request to www.bing.com that appears to contain a random machine ID that persists across reboots. Similarly, even when Microsoft OneDrive cloud storage was disabled and Windows 10 was not tied to a Microsoft account, the OS still seemed to be sending information to a server connected to OneDrive. While Microsoft stressed there is no query or search data being sent, Arstechnica queried the inclusion of a machine ID.

ZDNet’s Ed Bott has said the very basic telemetry data collected by Microsoft is anonymized and doesn’t reveal anything more than very high-level information along the lines of an unidentified Windows 10 user ran a particular app for half an hour.

However, for some users, even the gathering of anonymized usage data is more than they’re willing to put up with.

2. It might cause pain for older machines

Windows 10 can run on a computer with relatively modest specs, working on many older PCs that shipped with Windows 7. But just because you can run Windows 10 on paper, you may not be able to in practice.
While the Get Windows 10 app that schedules the upgrade from Windows 7 or 8.x should check your system compatibility, some users that pass this test complain the upgrade still fails or devices don’t work properly.

As Microsoft states: “The upgradability of a device includes factors beyond the system specification.”

Microsoft gives you the option to rollback your machine to its previous OS, but there are reports from multiple people who claim the upgrade left their machine virtually unusable. In these cases either the rollback feature didn’t work or it did work but the earlier OS is no longer stable, with previously working programs crashing.

f the upgrade process completes successfully, missing driver and firmware support has also caused difficulties for some Windows 10 users. Those affected cite problems such as monitors not working at their native resolution. Some of the Intel integrated graphics chips used in older laptops are also incompatible with Windows 10, though Windows 10 should warn of this fact.

These problems don’t seem to affect the majority of upgraders, but it’s worth being aware they exist, particularly if upgrading an older machine.

On a less serious level, upgrading to Windows 10 may not break your machine but it could mess with your settings. Microsoft has come under fire for Windows 10 changing users’ default settings in a number of areas, such as swapping the default browser to its own Microsoft Edge.

3. Less control over updates

Windows 10’s update process happens both more frequently and less obviously, with Windows Home and Pro users automatically receiving updates when they’re available.

Windows Home users have less control over how long they can postpone updates for, and less easily-available information about what changes these updates will make.

The lack of control that Home users have over when updates are applied led to a group of users petitioning Microsoft to let them delay and refuse these downloads. Their reasoning was that since forced updates can crash machines, for instance via bad firmware or driver updates, all users need control over how updates are applied.

Another core concern for some users when it comes to Windows 10’s frequent updates is the amount of data downloaded, with updates often weighing in at hundreds of megabytes. However, Windows 10 does allow users to block all but essential updates by toggling on ‘metered connection’ in the WiFi settings.

4. You don’t like the new look

As much as Windows 10 has won people over by bringing back elements of the classic Windows desktop and Start menu — anyone fresh from Windows 7 will need to adjust to Windows 10’s new look.

Unlike Windows 7, Windows 10’s Start Menu takes up far more room, thanks to a menu full of tiles that is bolted onto the side. While most users should be able to quickly adjust to these cosmetic and layout changes, other alterations may grate more. Perhaps the most controversial tweak to the Start Menu is theinclusion of adverts for apps in the Windows Store. These promoted apps are tiles that link to the Windows Store or to apps that have been automatically installed on your PC by Microsoft. With the latest Anniversary Update, the number of these promoted apps will double, from five to 10.

And while it can be argued that Windows 10 is arguably easier to navigate, with its search function built directly into the Taskbar, the new OS introduces some significant changes that may confuse new users.

Whereas Windows 7 allowed users to adjust their system settings using the Control Panel, Windows 10 has both the Control Panel and Settings pages — with some configuration options exclusive to one or the other. This mix and match approach has been described as disorientating by some users.

5. Missing features

Windows 10 may add many new features — the virtual assistant Cortana, the new Edge browser — but it also lacks some key elements of earlier Windows operating systems.

Perhaps the biggest omission are the placeholders for Microsoft’s OneDrive cloud storage service. In Windows 8.1, placeholders, also called smart files, let users see all of the files stored in the OneDrive service, whether those files were stored on the device or not. This feature was removed from Windows 10.Microsoft appears to be working on reintroducing placeholders, although there is still uncertainty about when they will be brought back.

Windows Media Center, the software for TV, music and movie playback is also gone from Windows, so if you are particularly attached, and not willing to mess around with an unofficial version, you may want to pass on the upgrade.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

CALL US NOW!