Back to Top

Tech, Web, Cloud & Cabling Services

Category: Security

Security Category

Is Your Organization Using SHA-1 SSL Certificates? If so here’s what you need to know and do:

ssl

 

Following a recommendation by the National Institute of Standards and Technology (NIST), Microsoft will block Windows from accepting SSL certificates encrypted with the Secure Hash Algorithm-1 (SHA-1) algorithm after 2016. Given the number of mission-critical SSL certificates that are allowed to expire from inattention, administrators have their work cut out for them. By knowing what will happen, why it’s happening, and what you need to do, you won’t be surprised by these important policy changes.

What’s Happening?

On November 12, 2013, Microsoft announced that it’s deprecating the use of the SHA-1 algorithm in SSL and code signing certificates. The Windows PKI blog post “SHA1 Deprecation Policy” states that Windows will stop accepting SHA-1 end-entity certificates by January 1, 2017, and will stop accepting SHA-1 code signing certificates without timestamps after January 1, 2016. This policy officially applies to Windows Vista and later, and Windows Server 2008 and later, but it will also affect Windows XP and Windows Server 2003.

SHA-1 is currently the most widely used digest algorithm. In total, more than 98 percent of all SSL certificates in use on the Web are still using the SHA-1 algorithm and more than 92 percent of the certificates issued in the past year were issued using SHA-1.

Website operators should be aware that Google Chrome has started warning end users when they connect to a secure website using SSL certificates encrypted with the SHA-1 algorithm. Beginning in November 2014 with Chrome 39, end users will see visual indicators in the HTTP Secure (HTTPS) address bar when the site to which they’re connecting doesn’t meet the SHA-2 requirement. Figure 1 shows those indicators.

 

Figure 1: Visual Indicators in the HTTPS Address Bar

 

Google is doing this to raise end users’ awareness and to help guide other members of the Internet community to replace their SHA-1 certificates with SHA-2 certificates.

Why Is Microsoft Deprecating SHA-1?

SHA-1 has been in use among Certificate Authorities (CAs) since the U.S. National Security Agency (NSA) and NIST first published the specification in 1995. In January 2011, NIST released Special Publication 800-131A, “Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths.” This publication noted that SHA-1 shouldn’t be trusted past January 2016 because of the increasing practicality that a well-funded attacker or government could find a SHA-1 hash collision, allowing them to impersonate any SSL website.

Realizing that it’s highly unlikely that CAs and the industry at large will adopt more powerful encryption algorithms on their own, Microsoft is leading the charge by making Windows reject certificates using SHA-1 after January 1, 2017. Doing this will lead website operators to upgrade to stronger SHA-2 certificates for the betterment of all Windows users and the broader public key infrastructure (PKI) community. The Windows PKI blog post “SHA1 Deprecation Policy” noted that, “The quicker we can make such a transition, the fewer SHA-1 certificates there will be when collisions attacks occur and the sooner we can disable SHA1 certificates.”

In the end, the issue isn’t if SHA-1 encryption will be cracked but rather when it will be cracked.

What Do I Need to Do?

January 1, 2017, might seem like a long way away, but now is the time to understand the problem and how to mitigate it.

As per Microsoft’s SHA-1 deprecation policy, Windows users don’t need to do anything in response to this new technical requirement. XP Service Pack 3 (SP3) and later versions support SHA-2 SSL certificates. Server 2003 SP2 and later versions add SHA-2 functionality to SSL certificates by applying hotfixes (KB968730 and KB938397).

Web administrators must request new certificates to replace SHA-1 SSL and code-signing certificates that expire after January 1, 2017. As of this writing, that would probably affect only public SHA-1 certificates that were purchased with a long expiration date (three years or more) or long-duration certificates issued by internal SHA-1 CAs. Most third-party CAs will rekey their certificates for free, so you simply need to contact the CA to request a rekeyed certificate that uses the SHA-2 algorithm.

When ordering new SSL certificates, you should confirm with the CA that they’re being issued with the SHA-2 algorithm. New certificates with expiration dates after January 1, 2017, can only use SHA-2. Code-signing certificates with expiration dates after December 31, 2015, must also use SHA-2.

Note that the algorithm used in SHA-2 certificates is actually encoded to use SHA-256, SHA-384, or SHA-512. All of these are SHA-2 algorithms; the SHA number (e.g., 256) specifies the number of bits in the hash. The larger the hash, the more secure the certificate but possibly with less compatibility.

It’s important that the certificate chain be encrypted with SHA-2 certificates. (A certificate chain consists of all the certificates needed to certify the end certificate.) This means that any intermediate certificates must also use SHA-2 after January 1, 2017. Typically, your CA will provide the intermediate and root CA certificates when they provide the SHA-2 certificate. Sometimes they provide a link for you to download the certificate chain. It’s important that you update this chain with SHA-2 certificates. Otherwise, Windows might not trust your new SHA-2 certificate.

Root certificates are a different story. These can actually be SHA-1 certificates because Windows implicitly trusts these certificates since the OS trusts the root certificate public key directly. A root certificate is self-signed and isn’t signed by another entity that has been given authority.

For the same reason, any self-signed certificate can use the SHA-1 algorithm. For example, Microsoft Exchange Server generates self-signed SHA-1 certificates during installation. These certificates are exempt from the new SHA-2 policy since they aren’t chained to a CA. I expect, however, that future releases of Exchange will use SHA-2 in self-signed certificates.

What About My Enterprise CAs?

If your organization has its own internal CA PKI, you’ll want to ensure that it’s generating SHA-2 certificates. How this is done depends on whether the CA is running Windows Server 2008 R2 or later and if your CA has subordinate CAs.

If you have a Server 2008 R2 or later single-root CA without subordinates, you should update the CA to use SHA-2. Doing so will ensure that subsequent certificates generated will use the SHA-2 algorithm. To check which hash algorithm is being used, you can right-click the CA and go to the General tab. If SHA-1 is listed, you can run the following certutil command to configure the CA to use the SHA-256 algorithm:

certutil -setreg ca\csp\CNGHashAlgorithm SHA256

You must restart the CertSvc service to apply the change. Now when you view the CA properties, you’ll see that the hash algorithm is SHA-256. All future certificates issued by this CA will use SHA-256, but keep in mind that existing certificates will still be using SHA-1. You need to renew any SHA-1 certificates issued by this CA to upgrade them to SHA-2 certificates.

If your CA is older than Server 2008 R2, you can’t upgrade the CA to use SHA-2. You’ll need to rebuild it with a newer version.

If your organization’s internal CA is multi-tiered with one or more subordinate CAs, you’ll need to reconfigure them to use SHA-2. This is done using the same certutil command just given on each subordinate or issuing CA. Keep in mind that if you use subordinate CAs, you’re not required to update the root CA to SHA-2 since that certificate is at the top of the certificate chain, but it won’t cause any problems if you do. You still need to renew any SHA-1 certificates issued by the subordinate CAs to upgrade them to SHA-2 certificates.

Take Action Now

Administrators and website operators should identify all the SSL certificates used in their organizations and take action, as follows:

  • SHA-1 SSL certificates expiring before January 1, 2017, will need to be replaced with a SHA-2 equivalent certificate.
  • SHA-1 SSL certificates expiring after January 1, 2017, should be replaced with a SHA-2 certificate at the earliest convenience.
  • Any SHA-2 certificate chained to an SHA-1 intermediate certificate should be replaced with another one chained to an SHA-2 intermediate certificate.

The following tools and websites are useful for testing and for further information about SHA-1 remediation:

  • Microsoft Security Advisory 2880823. This website discusses the deprecation policy for the SHA-1 hashing algorithm for the Microsoft Root Certificate Program.
  • Migrating a Certification Authority Key from a Cryptographic Service Provider (CSP) to a Key Storage Provider (KSP). The section “How to migrate a CA from a CSP to a KSP and optionally, from SHA-1 to SHA-2” in this TechNet web page provides detailed instructions for upgrading a CA to use SHA-2.
  • Gradually sunsetting SHA-1.” This Google Online Security Blog post explains how the transition to SHA-2 affects Chrome and details Google’s rollout schedule.
  • SHA-256 Compatibility. This GlobalSign web page lists OS, browser, server, and signing support for SHA-256 certificates.
  • DigiCert SHA-1 Sunset Tool. This free web application tests public websites for SHA-1 certificates that expire after January 1, 2016.
  • DigiCert Certificate Inspector. This tool discovers and analyzes all certificates in an enterprise. It’s free, even if you don’t have a DigiCert account.
  • Qualys SSL Labs’ SSL Server Test. This free online service analyzes the configuration of any SSL web server on the public Internet.

Symantec Security Cloud

Symantec Endpoint Protection Cloud Windows client upgrade scheduled for August 5, 2019

The SEP Cloud client for Windows is updated periodically to provide improvements and defect fixes. The next update is scheduled to start on August 5, 2019.

WHAT’S NEW ?

In this release, the SEP Cloud client for Windows will be updated to version 22.18 to provide an enhanced protection framework and client stability.

  • Fixed an issue related to the OS feature on the agent, which was randomly failing with a medium severity while applying the Management policy.
  • Fixed an issue related to the security event: “A process modified a critical system resource.” This event was erroneously displayed in the console as a threat detection/remediation event. The event is now removed and will not be displayed in the console.
  • Enhancement to process HTTP error 429 status code request. The SEP Cloud agent will not attempt to connect with the cloud when the 429 status code is returned, but instead, try to connect based on the timeout information.
  • If the timeout information is not available, then the product will retry to connect in 15 minutes by default.

IMPACT

All Windows devices that are currently enrolled in SEP Cloud will automatically be updated in the background, using LiveUpdate. This update does not affect the security of your devices.

To start, the update is distributed to a small set of clients over the first seven days of the release, and then the remaining clients will get the update. If you want to update sooner, you can run LiveUpdate from the Symantec Endpoint Protection Cloud client UI.

Action Required

  • Windows device restart
    All users with Windows devices will be prompted to restart their devices after the update. Even if they delay the restart, their Windows clients remain Protected.

If no user is logged on the device when the upgrade is made available, then the prompt is provided until the user logs on. The product update will not force the restart of the device.

  • Windows installation package refresh
    Administrators who created a Windows installation package before August 5 should create and distribute a new one after August 5 to use for new Windows package deployments.

If you have any questions, please email us at support@sjtechies.com or call us at (856) 745-9990.

Windows 10 SSTP VPN Manual Setup Tutorial

Manual Setup

Step 1

Go to your start menu, and type in “network”.  In the search results click on “Network and Sharing Center”

Step 2

Select Connect to a workplace and click Next

Step 3

Click on Use My Internet Conection (VPN)

Step 4

Enter in the internet address (provided by your IT Professional), Name then Create

Step 5

Network and Sharing Center window should still be opened.  Click on Change Adapter Settings

Step 6

Right Click on the new connection you made, then go to Properties

Step 7

Go to the Security Tab, and change your properties to be the same as the below image. Press OK once done.

Step 8

Right Click the Connection and choose “Connect” option.

Step 9

You will be prompted for your username and password for your VPN. (provided by your IT Professional). Enter them as provided. ex. DOMAIN\username and password.

After a few seconds it will connect and show you “Connected” status.

Step 10

You can also check the VPN status in the Network applet (the icon in your system tray at the bottom right).

Connecting the SSTP on Windows 10

Find the network connections icon in the bottom right corner of the screen (near the clock). The icon can be in the shape of computer display or wireless signal meter (you can see it on Step 10). Click on that icon. In the appeared list click on any network connection.
After that you will see another window with the connection list, click on theVPN connection (the connection name can be different, you have set it up on Step 5).
Click the “Connect” button under the connection name.

Disconnecting the SSTP on Windows 10

Find the network connections icon in the bottom right corner of the screen (near the clock). The icon can be in the shape of computer display or wireless signal meter (you can see it on Step 10). Click on that icon. In the appeared list click on any network connection.
After that you will see another window with the connection list, click on theVPN connection (the connection name can be different, you have set it up on Step 5).
Click the “Disconnect” button under the connection name.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

Windows 10 PPTP VPN Setup Tutorial

Manual Setup

Step 1

Click Start button in the bottom left corner of the screen (the one with Windows logo). Go to “Settings“.

Step 2

Go to “Network & Internet“.

Step 3

Select “VPN” in the menu on the left.

Step 4

Click “Add a VPN connection“.

Step 5

For the “VPN Provider” select “Windows (built-in)“. Connection name can be any as you like for example SouthJerseyTechiesVPN.
Server name or address” is your server address. It is not “pptp.sjtechies.com”, that is just an example.
For “VPN type” select “Point to Point Tunneling Protocol (PPTP)“.

Step 6

Scroll the window if needed and fill the “Username” and “Password” fields.
Check “Remember my sign-in info” and click “Save” button.

Step 7

After that you will see the newly created connection. Click on it.

Step 8

Click the “Connect” button.

Step 9

After a while it will connect and show you “Connected” status.

Step 10

You can also check the VPN status in the Network applet (the icon in your system tray at the bottom right).

Connecting the PPTP on Windows 10

Find the network connections icon in the bottom right corner of the screen (near the clock). The icon can be in the shape of computer display or wireless signal meter (you can see it on Step 10). Click on that icon. In the appeared list click on any network connection.
After that you will see another window with the connection list, click on the SouthJerseyTechiesVPN connection (the connection name can be different, you have set it up on Step 5).
Click the “Connect” button under the connection name.

Disconnecting the PPTP on Windows 10

Find the network connections icon in the bottom right corner of the screen (near the clock). The icon can be in the shape of computer display or wireless signal meter (you can see it on Step 10). Click on that icon. In the appeared list click on any network connection.
After that you will see another window with the connection list, click on the SouthJerseyTechiesVPN connection (the connection name can be different, you have set it up on Step 5).
Click the “Disconnect” button under the connection name.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

Windows 7 PPTP VPN Setup Tutorial

Manual Setup

Step 1

Start by finding the network connections icon in the bottom right corner of the screen (near the clock).
The icon can be in the shape of computer display or wireless signal meter.
Right click on that icon.

Step 2

Select “Open Network and Sharing Center“.
You can also get there by going through “Start” button > “Control Panel” > “View network status and tasks“.

Step 3

Click “Setup a new connection or network“.

Step 4

In the appeared window select “Connect to a workplace“, click “Next“.

Step 5

Click “Use my Internet connection (VPN)“.

Step 6

If you already have other connections configured, select “No, create a new connection” and click “Next” button.
If you don’t see this dialog window just skip this step.

 

Step 7

Internet address” is your server address. It is not “sjt-XXXXXX.reliablehosting.com”, that is just an example.
Destination name” can be any as you like for example SouthJerseyTechiesVPN.
Check “Don’t connect now; just set it up so I can connect later” and click “Next” button.

Step 8

Fill the “User name” and “Password” fields.
Check “Remember this password” and click “Create” button.

Step 9

Click “Close” button.

Step 10

Click “Change adapter settings“.

Step 11

In the connections list find the SouthJerseyTechiesVPN connection, the description should be “WAN Miniport (IKEv2)“.
Right click on it and select “Properties“.

Step 12

Click “Security” tab, for “Type of VPN” select “Point to Point Tunneling Protocol (PPTP)“.
For “Data encryption” select “Require encryption (disconnect if server declines)“.
Click “OK“.

Step 13

Double click on the SouthJerseyTechiesVPN connection icon.

Step 14

It will show the connection window.
Check “Save this user name and password for the following users” and select either your account or all accounts.
Click “Connect” button.

Step 15

After a while it will connect and show you “Connected” status.
You can also check the VPN status in the Network applet (the icon in your system tray at the bottom right). Click on that icon and you will see the connection list and their statuses.

Done. You are connected.

Connecting the PPTP on Windows 7

1. Find the network connections icon in the bottom right corner of the screen (near the clock). The icon can be in the shape of computer display or wireless signal meter.
Click on that icon.

2. You will see the list of connections. Click on SouthJerseyTechiesVPN connection and then click “Connect” button.

3. After that click “Connect” again.

You should see the status messages first and then “Successfully connected to SouthJerseyTechiesVPN“.

Disconnecting the PPTP on Windows 7

Find the network connections icon in the bottom right corner of the screen (near the clock). The icon can be in the shape of computer display or wireless signal meter.
Click on that icon, in the appeared list click on SouthJerseyTechiesVPN connection and then the “Disconnect” button.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

Mozilla Joins Google and Facebook in Phasing Out Adobe Flash

Web browsers don’t like the security and stability problems that come with Flash.

Another popular web browser has had it with Adobe Flash.

Mozilla said this week that it plans to gradually wean its Firefox web browser from Adobe’s ADBE -1.07% multimedia player. In August, Firefox will no longer support “certain Flash content” that it deems “not essential to the user experience,” although Mozilla did not specify what type of Flash content it was referring to.

Mozilla will still support “legacy Flash content” for an unspecified time, but the company urged websites that use Flash or Microsoft MSFT -0.25% Silverlight, another multimedia web player similar to Flash, for their videos or online games to adopt newer “HTML technologies as soon as possible.”

In May, Google GOOG -0.59% detailed its plans to end support of Flash for its Chrome web browser, and it hopes to completely rid itself of Flash advertisements by the beginning of 2017.

Google, like Adobe, is urging website operators to switch to the HTML5 coding language to display multimedia like video on their sites.

Flash is notoriously buggy and prone to many security vulnerabilities. Firefox believes that by ending support for Flash, its users will see “enhanced security, improved battery life, faster page load, and better browser responsiveness.”

Still, Mozilla is not totally cutting ties with Adobe. Mozilla said it would “continue to work closely with Adobe to deliver the best possible Flash experience for our users” as it phases the multimedia player out, and said that an engineering partnership between the two companies has improved some performance and stability in Firefox when it displays Flash content.

Last summer, Facebook’s FB -0.27% chief security officer Alex Stamos urged Adobe via Twitter to disable Flash because of its security vulnerabilities.

In April, Adobe issued an emergency update to Flash after security researchers found a flaw that allowed hackers to distribute so-called ransomware to owners of Microsoft Windows personal computers. Ransomware is basically a form of malware that lets hackers block people from accessing their computer or related computer networks so that a hacker can demand payment in return for access.

In 2010, legendary Apple AAPL -1.32% CEO Steve Jobs wrote a 1,700 word essay on Flash and why Apple’s problems with the multimedia player, which he claimed hurt the “reliability and security of our iPhones, iPods and iPads.”

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Safari on iOS and Mac crashing, bug related to Safari Suggestions, here’s how to fix

A strange bug is affecting many Safari users today, causing crashes on iPhone, iPad and Mac. For many users, simply tapping in the URL bar will cause the browser app to crash completely.  The exact issue causing the crashing has not been locked down, but it appears to be related to Apple’s Safari Suggestions service. It’s a very annoying bug that is affecting a lot of people all of sudden today.

sjt-blog-safari-crash-ios

When you type a URL, Apple sends what you type to its servers, returning a response with autocomplete search queries, Top Sites and other info. There appears to be a bug in this server request that is causing Safari to randomly crash. Users are discovering some potential workarounds until Apple fixes the problem properly …

Disabling Safari Suggestions seems to be helping resolve the bug for many people on iOS. On your iPhone or iPad, go into Settings, tap Safari, and toggle off the ‘Safari Suggestions’ switch. This will fix the crashing, obviously its only a temporary fix until Apple sorts its servers out as it will disable the Safari Suggestions functionality.

Another option is to enter Private Browsing mode. In private browsing, by design Safari does not contact the suggestions server for intelligent completion options, so the server is never contacted and the crash never arises.

The bug is affecting users in many countries, but not all. It also depends on the state of your Safari, whether it has certain data cached already. The crash has been seen on iOS 8, iOS 9 and OS X 10.11. The bug could be even more widespread beyond these platforms however. It is pretty crazy flaw that is affecting so many people this morning, with many reports across European iOS customers.

We have contacted Apple about the issue for clarification, but it’s such a serious functional flaw that we expect a fix very shortly. Please note: this is an unrelated incident to the prank site CrashSafari.com.

Update: The Safari crash bug has now been fixed, according to Apple.

Have questions?

Get help from IT Experts/Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Scams that Target Small Businesses and How to Spot Them

Consumers are not the only ones vulnerable to scams.  If you own a small business or are part of a nonprofit organization, you could be open to several different types of cons without even realizing it.

The Federal Trade Commission (FTC) has put together a list of some of the more common scams and posted them on the website along with plenty of resources to help you spot con artists and keep them from taking advantage of you and your business.

“Your best protection? Learn the signs of scams that target businesses,” the FTC says. “Then tell your employees and colleagues what to look for so they can avoid scams.”

From the FTC website:

Fake Invoices

Scammers create phony invoices that look like they’re for products or services your business uses — maybe office or cleaning supplies or domain name registrations. Scammers hope the person who pays your bills will assume the invoices are for things the company actually ordered. Scammers know that when the invoice is for something critical, like keeping your website up and running, you may pay first and ask questions later. Except it’s all fake and if you pay, your money may be gone.

Unordered Office Supplies and Other Products

Someone calls to confirm an existing order of office supplies or other merchandise, verify an address, or offer a free catalog or sample. If you say yes, then comes the surprise — unordered merchandise arrives at your doorstep, followed by high-pressure demands to pay for it. If you don’t pay, the scammer may even play back a tape of the earlier call as “proof” that the order was placed. Keep in mind that if you receive merchandise you didn’t order, you have a legal right to keep it for free.

Directory Listing and Advertising Scams

Con artists try to fool you into paying for nonexistent advertising or a listing in a nonexistent directory. They often pretend to be from the Yellow Pages. They may ask you to provide contact information for a “free” listing or say the call is simply to confirm your information for an existing order. Later, you’ll get a big bill, and the scammers may use details or even a recording of the earlier call to pressure you to pay.

Utility Company Imposter Scams

Scammers pretend to call from a gas, electric, or water company saying your service is about to be interrupted. They want to scare you into believing a late bill must be paid immediately, often with a wire transfer or a reloadable card or gift card. Their timing is often carefully planned to create the greatest urgency — like just before the dinner rush in a restaurant.

Government Agency Imposter Scams

Scammers impersonate government agents, threatening to suspend business licenses, impose fines, or even take legal action if you don’t pay taxes, renew government licenses or registrations, or other fees. Some businesses have been scared into buying workplace compliance posters that are available for free from the U.S. Department of Labor. Others have been tricked into paying to receive nonexistent business grants from fake government programs. Businesses have received letters, often claiming to be from the U.S. Patent and Trademark Office, warning that they’ll lose their trademarks if they don’t pay a fee immediately, or saying that they owe money for additional registration services.

Tech Support Scams

Tech support scams start with a call or an alarming pop-up message pretending to be from a well-known company, telling you there is a problem with your computer security. Their goal is to get your money, access to your computer, or both. They may ask you to pay them to fix a problem you don’t really have, or enroll your business in a nonexistent or useless computer maintenance program. They may even access sensitive data like passwords, customer records, or credit card information.

Social Engineering, Phishing and Ransomware

Cyber scammers can trick employees into giving up confidential or sensitive information, such as passwords or bank information. It often starts with a phishing email, social media contact, or a call that seems to come from a trusted source, such as a supervisor or other senior employee, but creates urgency or fear. Scammers tell employees to wire money or provide access to sensitive company information. Other emails may look like routine password update requests or other automated messages but are actually attempts to steal your information. Scammers also can use malware to lock organizations’ files and hold them for ransom.

Business Promotion and Coaching Scams

Some scammers sell bogus business coaching and internet promotion services. Using fake testimonials, videos, seminar presentations, and telemarketing calls, the scammers falsely promise amazing results and exclusive market research for people who pay their fees. They also may lure you in with low initial costs, only to ask for thousands of dollars later. In reality, the scammers leave budding entrepreneurs without the help they sought and with thousands of dollars of debt.

Changing Online Reviews

Some scammers claim they can replace negative reviews of your product or service, or boost your scores on ratings sites. However, posting fake reviews is illegal. FTC guidelines say endorsements — including reviews — must reflect the honest opinions and experiences of the endorser.

Credit Card Processing and Equipment Leasing Scams

Scammers know that small businesses are looking for ways to reduce costs. Some deceptively promise lower rates for processing credit card transactions, or better deals on equipment leasing. These scammers resort to fine print, half-truths, and flat-out lies to get a business owner’s signature on a contract. Some unscrupulous sales agents ask business owners to sign documents that still have key terms left blank. Don’t do it. Others have been known to change terms after the fact. If a sales person refuses to give you copies of all documents right then and there — or tries to put you off with a promise to send them later — that could be a sign that you’re dealing with a scammer.

Fake Check Scams

Fake check scams happen when a scammer overpays with a check and asks you to wire the extra money to a third party. Scammers always have a good story to explain the overpayment — they’re stuck out of the country, they need you to cover taxes or fees, you’ll need to buy supplies, or something else. By the time the bank discovers you’ve deposited a bad check, the scammer already has the money you sent them, and you’re stuck repaying the bank. This can happen even after the funds are made available in your account and the bank has told you the check has “cleared.”

What’s new in search in Office 365

SharePoint now serves up search results personalized to your previous activity and permissions.

In SharePoint Online and on office.com, search is personal, and the search results are even easier to explore. Another user will see different results than you, even when you both search for the same words.

You’ll only see results that you already have access to, and other users can’t find your private documents.

Even before you start typing, you’ll see results based on your previous activity in Office 365. The results update as you start typing.

If these results aren’t what you’re looking for, click the link to see more results or press Enter to open the search results page and see and explore all the results. Here’s an example of search results from SharePoint:

Explore the search results to see more details about the people and files you’ve found, or refine your search to get other results. Here’s an expert tip to quickly see more, or less, details of a result – you can actually click anywhere in the empty space of the result.

You can navigate to locations that you want to explore further and, if you’ve searched in SharePoint Online, you can change where the results come from. For example, if you searched from a site, but really meant to search all of SharePoint, then you’re just one click away. Or, if the site you searched from is associated with another site, but you want to search all the associated sites.

When you exit a search results page, you return to the page where you started your search.

Windows 10 Pro is a dead end for the enterprise, Gartner says

Recent changes by Microsoft to the Windows 10 support schedule underline why Windows 10 Pro is an ill fit for most companies.

Windows 10 Pro is a dead end for enterprises, a prominent Gartner analyst has argued.

“[We] predict that Microsoft will continue positioning Windows [10] Pro as a release that is not appropriate for enterprises by reducing … support and limiting access to enterprise management features,” Stephen Kleynhans, a research vice president at Gartner and one of the research firm’s resident Windows experts, said in a report he co-authored.

Microsoft’s Windows 10 Pro occupies the middle ground between the consumer-grade Home and the corporate-level Enterprise in features, functionality and price. Because Enterprise versions of Windows have never been available to computer makers, Pro – sometimes, as in Windows 7, tagged Professional instead – has been the most popular pre-installed OS on new business PCs. (Corporations typically re-image new personal computers with Enterprise upon receipt of the devices.)

But although Pro or Professional has a long history in business settings, Microsoft has made numerous decisions in its Windows 10 migration campaign to separate Pro and Enterprise even more, pushing them apart. In Kleynhans’ view, the gap has become unbridgeable.

The last straw was Microsoft’s on-the-fly changes to Windows 10 support.

Last year, the Redmond, Wash. developer announced a six-month support extension for Windows 10 1511, the November 2015 feature upgrade, “to help some early enterprise adopters that are still finishing their transition to Windows as a service.” In February, Microsoft added versions 1609, 1703 and 1709 – released in mid-2016, and in April and October of 2017, respectively – to the extended support list, giving each 24 months of support, not the usual 18.

“Some customers have requested an extension to the standard 18 months of support for Windows 10 releases,” a Microsoft executive said at the time.

There was a catch: Only Windows 10 Enterprise (and Windows 10 Education, a similar version for public and private school districts and universities) qualified for the extra six months of support. Users running Windows 10 Pro were still required to upgrade to a successor SKU (stock-keeping unit) within 18 months to continue receiving security patches and other bug fixes.

Windows 10 Enterprise 1709, for example, and its free “supplemental servicing,” will exhaust support in October 2019. But Windows 10 Pro 1709 runs out of support on April 9, 2019.

“The one thing that really surprised me about the added support,” said Kleynhans in an interview, “was the fact that it didn’t apply to Pro. I think that this telegraphed the fact that, for businesses, Pro is being dead-ended.”

Even though the six-month support extension ended with the 1803 feature upgrade, the one that began reaching some users late last month, in the report Kleynhans co-wrote with Gartner colleague Michael Silver, the duo made clear that they believe Pro is viewed by Microsoft as a second-class citizen.

“Customers currently using Windows 10 Pro should continue to monitor Microsoft’s life cycle announcements because they will eventually need to budget for Windows [10] Enterprise as Windows [10] Pro becomes more ‘pro-sumer’ and small-business oriented,” they wrote in a six-item list of recommendations.

Another component of Microsoft’s current Windows 10 support strategy, something the company has labeled “paid supplemental servicing,” was also out of bounds for those running Windows 10 Pro. The extra support, which Microsoft will sell at an undisclosed price, is available only to Enterprise and Education customers.

Paid supplemental servicing adds 12 months to the 18 months provided free of charge.

“The extensions and paid support option only apply to the Enterprise and Education SKUs,” Kleynhans and Silver said in their report, “Plan and Budget for Short Windows and Office Support Cycles Based on Microsoft’s February 2018 Announcements,” which was published by Gartner last month. “Customers using Windows 10 Pro will still see support end after 18 months. In this way, Microsoft is further reinforcing that it expects enterprise customers to move to the Enterprise edition of Windows 10.”

 

CALL US NOW!