Security Protection – Harry Waldron MVP Rotating Header Image

Facebook – How to better restrict Suggested Friends feature

Users of Facebook should be careful of all recommendations in the “suggested friends” category as documented in this CNET article below:

http://www.cnet.com/how-to/how-to-turn-off-this-creepy-facebook-feature/

Facebook’s Suggested Friends category is usually full of casual acquaintances, old friends from high school and other random people.  Lately, however, you may have seen random suggestions of people you don’t know, yet somehow vaguely recognize. It turns out, Facebook is using your phone’s location to match you with fellow Facebook users who are nearby, as first reported by Fusion.

There’s a lot that could go wrong with this feature, and frankly it’s a bit creepy. However, you can disable location services for the Facebook app on your phone, thereby preventing the social network from trying to play matchmaker.

Despite a Facebook spokesperson originally telling Fusion and CNET location was “one of the factors” used to suggest people you know, a Facebook spokesperson now claims the company is “not using location data, such as device location and location information you add to your profile, to suggest people you may know. “ Instead, the social network “may show you people based on mutual friends, work and education information, networks you are part of, contacts you’ve imported and other factors.”

Still, you may want want to restrict Facebook’s access to your location information. Here’s how …

Windows 10 – Anniversary release possibly targeted for August 2016

While Microsoft has not finalized the special WIN10 Anniversary release, there is speculation it could occur in early August 2016.

http://www.pcworld.com/article/3089078/windows/leaked-windows-10-anniversary-update-is-coming-august-2.html

Windows 10’s Anniversary Update will happen August 2, if a press headline posted, and then pulled, from Microsoft’s site is any indication. Spotted by Neowin Tuesday morning, the August 2 date would be four days after Windows 10’s free upgrade deadline ends on July 29.

The highly anticipated Anniversary Update will bring major improvements to Windows 10, which debuted almost a year ago on July 29, 2015. Windows 10 Insiders have received tastes of what’s to come in preview builds released over the past months, and we already know what some of its best features will be. Now we also have a date, and it makes the decision to upgrade to Windows 10 for free by July 29 a tougher one for holdouts.

BEST FEATURES OF WIN10 Anniversary release
http://www.pcworld.com/article/3053934/windows/the-windows-10-anniversary-updates-best-new-features.html

Windows 10 – Free publications for business deployment

Microsoft is offering free planning resources for companies who are evaluating migration to Windows 10

https://info.microsoft.com/Windows-10-for-Business-Onboarding-Kit.html

Whether you’re researching a future upgrade, or planning a deployment, the Windows 10 for Business Onboarding Kit is a collection of informative resources that will help you understand how to deploy Windows 10. Learn about secure automated deployment, get insights on how to protect your organization’s data and devices, and download materials to assist with employee readiness today.  Sign up now to receive:

1. Deploying Windows 10:  Automating deployment by using System Center Configuration Manager, by Andre Della Monica, Alessandro Cesarini, Russ Rimmerman, and Victor Silveira. This authoritative reference book explains how to deploy Windows 10 through a number of both attended and unattended automated methods.

2. Windows 10 Readiness Tools: Use this handy bundle of resources to distribute to employees during your Windows 10 deployment to help them get up and running. This kit will help your employees make a smooth and successful transition to Windows 10, so your organization can start enjoying the benefits of Windows 10 right away.

3. The Modern Workplace Watchdog eBook:  It’s time stop sacrificing flexibility and efficiency in the name of security. Learn how to protect the information, systems, and people vital to your business with Windows 10, the most secure Windows ever.

Carbonite Online Backup – Users prompted to change passwords

The online backup firm Carbonite has setup controls forcing all users to change their passwords immediately.  Carbonite has NOT been recently hacked.  However, they are concerned regarding older security breaches where user passwords had been discovered.  Many individuals use the same password for multiple sites. When a standard password is discovered, it allows attackers access to all other sites where this approach is used.  Carbonite has recently seen some unauthorized access due to these reasons and are taking this precaution.

https://www.carbonite.com/en/resources/carbonite-blog/carbonite-password-attack/

https://www.grahamcluley.com/2016/06/online-backup-firm-carbonite-targeted-password-reuse-attack/

What Happened — As part of our ongoing security monitoring, we recently became aware of unauthorized attempts to access a number of Carbonite accounts. This activity appears to be the result of a third party attacker using compromised email addresses and passwords obtained from other companies that were previously attacked. The attackers then tried to use the stolen information to access Carbonite accounts. Based on our security reviews, there is no evidence to suggest that Carbonite has been hacked or compromised.

What Information Was Involved –While we will continue to monitor and investigate the matter, we have determined that usernames and passwords are involved. Additionally, for some accounts, other personal information may have been exposed.

What We Are Doing — To ensure the protection of all our customers and the safety of their data, we are requiring all Carbonite customers to reset their login information. All Carbonite users will receive an email with instructions to reset their passwords. These emails will arrive in your inbox over the course of the day and evening. Our Customer Care team is standing by to assist anyone who needs additional help. This activity in no way affects existing or scheduled backups. Files are still being safely backed up. In addition to our existing monitoring practices, we will be rolling out additional security measures to protect your account, including increased security review and two-factor authentication [which we strongly encourage all customers to use].

What Carbonite Customers Should Do — Look for an email from Carbonite with instructions for resetting your password. We highly recommend all customers use “strong” unique passwords for Carbonite and all online accounts. Learn more about strong passwords at www.carbonite.com/safety. If you use the same or similar passwords on other online services, we recommend that you set new passwords on those accounts as well.

Is the email you received legitimate? — Yes. Carbonite sent an email to all customers an email asking them to reset their passwords.

 

Microsoft Windows 10 – improvements for WIN7 and WIN8 free upgrade offer

Microsoft has improved clarity for the free WIN10 upgrade window, for the WIN7 and WIN8 user community

http://www.pcworld.com/article/3089299/windows/microsoft-backs-off-sneaky-windows-10-upgrade-tricks-with-simple-new-pop-up.html

http://www.zdnet.com/article/microsoft-to-make-saying-no-to-windows-10-update-easier/

The new interface will feature three buttons with clear options, including Upgrade now, Choose time (in other words, schedule the upgrade time), or Decline free offer. Microsoft also plans to restore proper behavior to the “x” in the upper right hand corner. Instead of being treated as consent for an upgrade, clicking the “x” will simply dismiss the window, as it should be

Microsoft Windows – Reinstall techniques for WIN7, WIN8, or WIN10

This PC World article shares reinstall options for Windows 7, 8, and 10 as noted below:

http://www.pcworld.com/article/2364269/windows/how-to-reinstall-windows-like-a-pro.html

A full, clean reinstall is different from the Reset your PC option in Windows 10 and 8, or a manufacturer’s recovery partition or disk for Windows 7. Those built-in options will set your PC back to its factory-default state—which could include some vendor-installed junk you never wanted anyway. A clean install uses the generic Windows installation media that you can download from Microsoft, and it’ll have just the OS, no other frills.  Before we begin, back up all of your personal data. While you should back up your data regularly, it is especially important to do so before reinstalling an operating system.

Windows 8: Reset or Refresh Your PC — Windows 8 added ”Refresh your PC” and “Reset your PC” features that attempt to make installing Windows easier. Both of these options actually perform a Windows reinstall in the background, quickly installing a fresh Windows system from the recovery files on your computer’s drive, a Windows installation disc or USB drive.

Windows 10: Reset This PC — On Windows 10, this option is just named Reset this PC. You can reset your PC and keep all your personal files and Windows Store apps, or reset your PC and wipe everything from your disc. Either way, you’ll have to install all your desktop programs again, but that’s the point: You get a fresh Windows desktop system with all your system files in a known-good state.

Windows 7: OEM recovery partition or DVDs — In Windows 7 and previous versions of Windows, it’s up to the PC manufacturer to provide a recovery partition or recovery discs. Most manufacturers don’t include Windows installation discs with their computers. If your computer has a recovery partition, run your manufacturer’s recovery tool to reinstall Windows. On many PCs, you’ll have to press a key during the boot process to access the recovery tool. This key may be displayed on your screen. It should also be printed in your computer’s manual.

Ransomware – BART uses new design without command and control capability

Ransomware continues to be a highly destructive threat to information resources.  Design innovation continues as documented by the SANS Internet Storm Center and Phishme security sites
Phishme is reporting the discovery of a new ransomware which its creators have named Bart. Bart shares several commonalities with the Locky ransomware.  Bart is delivered by the same downloader, RockLoader.  The payment site bares a striking resemblance to the Locky page.
But Bart also deviates from Locky in other ways.  The ransom is much higher, 3 Bitcoins, approximately $2000.  But probably the most striking difference is that unlike most ransomware variants Bart does not require a command and control to facilitate the encryption and in fact looks like it has no command and control capability.  Bart does not utilize the complex public-private key or symmetric encryption methods that have become common in ransomware.  Instead it stores the encrypted files in password protected zip files, and utilizes a victim id and a tor-based payment website to  facilitate decryption.

Privacy – Facebook CEO takes precautions to cover webcam

Physical security precautions to cover webcam and microphones are shared in article below: 

http://mashable.com/2016/06/21/mark-zuckerberg-webcam-cover/

Facebook co-founder Mark Zuckerberg has been increasingly willing to share moments from his family and work life. But a photo he posted on Tuesday, intended to promote Instagram’s user milestone numbers, may have ended up revealing a little more about Zuckerberg than he intended: Dude hasn’t lost any of his hacker caution when it comes to protecting his privacy.

A couple of eagle-eyed observers pointed out that the laptop on Zuckerberg’s desk not only has tape covering the webcam, but there’s also tape covering the Apple laptop’s dual microphones. That’s right, even one of the most elite (and richest) coders on the planet still takes rudimentary measures to ensure that nobody is spying on him.

Adobe – Critical out-of-band security release JUNE 2016

SANS Internet Storm Center has a  PATCH NOW  rating on this “zero day” exploit circulating in the wild

https://isc.sans.edu/forums/diary/Critical+Adobe+Flash+Update+Patch+Now/21167/

https://helpx.adobe.com/security/products/flash-player/apsb16-18.html

Adobe did not release a patch for Flash on Tuesday, but instead alerted users of an unpatched, and actively exploited, vulnerability (CVE-2016-4171).  Today, Adobe did release a patch that fixes this vulnerability (and others). This is a “PATCH NOW” vulnerability that needs to be addressed as soon as possible.

MICROSOFT HAS JUST RELEASED “OUT OF BAND” UPDATE ALSO
Windows 8 and Windows 10 have Adobe Flash patching built into Windows Update (and please update as automatically prompted)

https://technet.microsoft.com/library/security/ms16-jun

More on specific vulnerability can be found here which is circulating in limited targeted attacks:
https://helpx.adobe.com/security/products/flash-player/apsa16-03.html

Leadership – Key Considerations before seeking new opportunities

John Maxwell shares an excellent leadership article related to key decision points for managers to evaluate prior to moving on to new leadership opportunities

http://www.johnmaxwell.com/blog/four-questions-to-ask-before-moving-on

Have you ever felt like you were out of place? That where you are, isn’t where you’re supposed to be?  That’s such an important question. Looking back over my four decades of leadership, I can see that my sense of having more to give played a key role in many of my career choices. Every career transition was triggered by a desire to give more. And the new position that followed definitely offered the opportunity to grow and expand my impact.

Here are the four questions I encouraged my friend to answer:

1. Am I Currently Exceeding Expectations? — Before you start looking for other places to give more, make sure you’re more than meeting the standard where you’re at! If you are already consistently exceeding expectations as an employee and/or leader, then you might need to look for other opportunities to contribute.

2. Am I Giving 100% OF MY Effort? — Resist the coaster’s mentality—that’s when you settle for less than your best simply because it’s better than what’s expected! If you’re not giving your 100% to where you are, then chances are that you would transfer that same attitude to a new position. Find a way to re-engage with your position and challenge yourself to be completely focused on giving your best work.

3. Am I Seeing and Seizing Growth Opportunities? — You may not realize it, but growth opportunities exist all around you. It’s easy to see your current discontentment as a sign that you need to leave. But in reality, it might be a sign that you need to level up. Don’t let your restlessness blind you to the opportunities to grow that may be present right where you are. Search hard for them, and don’t move on until you’re certain that you’ve made the most of every opportunity.

4. Am I Currently Mentoring Others? — whenever you leave a position, you take your influence, vision and momentum with you—unless you’ve spent time developing someone to take your place. The mentoring question is the last question to ask, because doing so always leaves things better than they were when you arrived. Plus, if you’re not giving to the people who are already in your life, then you’re not prepared to give to those you haven’t met!

The theme for all four of these questions is to be all that you can be where you are. Grow and give until you’ve filled the space that you’re in. When you know you’ve done that, it might be time to move on.

Featuring WPMU Bloglist Widget by YD WordPress Developer