Security Protection – Harry Waldron MVP Rotating Header Image

AntiVirus – Malware Cleanup Test July 2014

Malwarebytes achieved a perfect score in malware cleanup during recent testing by the AV-TEST Institute.

http://securitywatch.pcmag.com/security-software/325924-antivirus-software-for-the-morning-after

http://www.av-test.org/en/news/news-single-view/17-software-packages-in-a-repair-performance-test-after-malware-attacks/

When your antivirus software is nicely installed and integrated with Windows, it has lots of chances to prevent malware infestation. It can block access to the malicious URL, kill the download before it executes, eliminate known malware based on its signature, detect and avert malicious behavior, and so on. But if the malware has already dug in its heels, that’s a different story. An arduous, months-long test by AV-Test Institute evaluated which products do the best cleanup job. Note that even if your antivirus is installed and running, it might miss a brand-new zero-day attack. If later on it gets an update that can detect that zero-day malware, it’s in the same situation as a product installed on an infested system. Well, it’s not quite as bad; at least the malware can’t fight back to prevent the initial antivirus installation.


Facebook – New Buy Button capability being pilot tested

Facebook is testing new e-commerce capabilities that have both security and privacy needs in a social networking environment

http://facecrooks.com/Internet-Safety-Privacy/Facebook-Testing-A-%e2%80%9cBuy%e2%80%9d-Button.html/

https://www.facebook.com/business/news/Discover-and-Buy-Products-on-Facebook-Test

Facebook announced this week that it’s testing a “Buy” button feature on the site that would allow users to make purchases without leaving Facebook. While it’s a good idea, and an inevitability, to combine online retail and social media, many users are likely to be put off by the thought of trusting Facebook with their credit card information. Facebook preemptively addressed those concerns in its press release announcing the new feature, saying: “We’ve built this feature with privacy in mind, and have taken steps to help make the payment experience safe and secure. None of the credit or debit card information people share with Facebook when completing a transaction will be shared with other advertisers, and people can select whether or not they’d like to save payment information for future purchases.” Of course, the site’s move into e-commerce will have plenty of detractors, and Facebook will have to prove it belongs on the same stage as industry giants such as Amazon and eBay. However, with Facebook’s already-massive user base growing every day, there’s no denying that the move will be a hugely profitable one for Facebook. It remains to be seen, however, just how users will react to the potential privacy ramifications.


Facebook Privacy – Ad tracking expands to non-FB sites

Some recent concerns have been raised for expanded ad integration outside of Facebook sites

http://allfacebook.com/trans-atlantic-consumer-dialogue_b133565

    Facebook’s announcement last month that it will include data from non-Facebook websites and applications in its ad preferences tool did not sit well with two privacy advocacy groups. Bloomberg reported that European Consumer Organization Senior Legal Officer Kostas Rossoglou and Center for Digital Democracy Executive Director Jeff Chester sent a letter to the Federal Trade Commission, announcing their formation of the Trans Atlantic Consumer Dialogue and calling on the agency to launch a probe of the social network’s practices.


Facebook Security – Instagram on public Wi-Fi risk

This article warns of a security flaw between the two social networks that can be compromised in certain circumstances.

http://www.cio.com/article/2459062/using-instagram-on-public-wifi-poses-risk-of-an-account-hijack-researcher-says.html

A configuration problem in Facebook’s popular Instagram application for Apple devices could allow a hacker to hijack a person’s account if they’re both on the same public Wi-Fi network. Stevie Graham, who describes himself as a “hacker at large” based in London, wrote on Twitter that Facebook won’t pay him a reward for reporting the flaw, which he said he found years ago. Graham wrote he hopes to draw more attention to the issue by writing a tool that could quickly compromise many Instagram accounts. He cheekily calls the tool “Instasheep,” a play on Firesheep, a Firefox extension that can compromise online accounts in certain circumstances. “I think this attack is extremely severe because it allows full session hijack and is easily automated,” according to Graham’s technical writeup. “I could go to the Apple Store tomorrow and reap thousands of accounts in one day, and then use them to post spam.”


Security – 2014 Dell Study of Data centric security model

A security model that centers around the embedding security within the data itself, rather than today’s focus on users, devices or operating systems might emerge in future.

http://www.cio.com/article/2457657/data-protection/security-must-evolve-to-be-all-about-the-data.html

But there was little debate Thursday morning in Boston at a panel discussion among Dell security experts, partners, analysts and customers that the
    digital equivalent of GMO protection embedded in data will be more than just a good thing – it will be mandatory to sustain any credible level of security into the future.
And while it is notoriously difficult to predict just about anything in IT, the panelists agreed with Don Ferguson, Dell senior fellow, vice president and CTO of the Dell Software Group, that a security model for applications that, “has not changed in decades doesn’t sustain us.” That model, which, “relies on the program to identify the person and what is the operation,” is now obsolete, he said. “Data are everywhere, on the device, in the cloud, moving around. You can’t find all the places that are moving it around, so data need to be self-protecting. And existing apps are not coded that way.” Changing that model, said Patrick Sweeney, executive director at Dell SonicWALL, would, “solve the BYOD problem.”


Facebook Privacy – Q2 2014 earnings conference commentary

During second-quarter 2014 earnings conference CEO Mark Zuckerberg shares key considerations related to Facebook privacy

http://allfacebook.com/2q-earnings-privacy_b133493

This is a really important question. I think this misunderstood about Facebook. One of the things that we focused on the most is creating private faces for people to share things and have interactions that they couldn’t have had elsewhere. So if you go back to the very beginning of Facebook, we’re more than 10 years. There were blogs and things where you could be completely public, and there were emails, right? So you could circulate something completely privately. So there was no space where you could share with just your friends and have that. It wasn’t a completely private experience, but it’s not completely public, and it’s 100 or 150 of the people that you care about. And creating that space, which was a space that had the kind of privacy that no one had ever seen before, was what enabled and continues to enable the kind of interactions and the content that people feel comfortable sharing in this network that don’t exist in other places in the world. So we’re comfortably looking for new opportunities to create new dynamics like that and open up new different private spaces for people where they can then feel comfortable sharing and having the freedom to express something you otherwise wouldn’t be able to. It’s one of the reasons why I’m personally so excited about messaging. Because like right now, I think that at some level, there are only so many photos that you’re going to want to share with all of your friends.


Facebook Security – Verified Page Scam July 2014

Facebook security warnings were issued to avoid interacting with “Verified Page” scam which has been in circulation this month.

http://allfacebook.com/verified-page-scam_b133080

QUOTE — WARNING: Do Not Turn Over Ownership Of Your Facebook Pages … Facebook page administrators, beware: While the social network does have verified pages,
    do not respond to notifications from a page called Verified Page that request permission to take ownership of your pages
. When we first saw this notification, we thought that Facebook finally decided to verify the Freshome Facebook page — Facebook is very vague on how this process actually works — but it seems that this notification was actually a scam that left Freshome without a Facebook page. How this scam/hack actually works: Somebody (with bad intentions) created a fake profile with a fake user name (Verified Page) and a very misleading profile picture (that actually looks like the notification came from Facebook) and asked us to take ownership of our page. Since Facebook is not clear on how this process works, we didn’t know what to expect, and we clicked approve, and now more than 1 million people who liked our page can’t access our Facebook page. It seems that the guy who took over our page unpublished the page from Facebook, and right now, if you try to access it, you will be redirected to Facebook main page.



Sharepoint Security – Best Practices July 2014

Excellent list of Sharepoint Best Practices published last week in TechNet

http://blogs.technet.com/b/harmeetw/archive/2014/07/23/protecting-sharepoint.aspx

QUOTE: The things we can control ….

1. Infrastructure – A solid infrastructure gets half the job done. Take  a look at couple of Extranet designs

2. Secure Login – The very first thing you want to implement is Secure Login. By default SharePoint is going to prompt for credentials if you are logging in to the portal from a computer which is not connected to corpnet. For environments which are going to use information which is going to be conferential in nature, I recommend implementing Two factor Authentication.

3. Protection against download copies  - All a user needs is a read access to download data and use it offline. Data downloaded then can’t be monitored and can be send to anyone. You can implement IRM in order to protect data in such scenario.

4. Scan the data – It is very important to know where the confidential/sensitive/PPI information is stored. Imagine a situation where some sensitive information is stored in a library which is not monitored aggressively or is not supposed to contain sensitive data

5. Abuse of Rights – This is where things gets interesting, how to protect data from the users who have access to it?

6. Auditing – You really need a detailed auditing, OOB SharePoint does a good job in auditing but you can always buy a third party product to get more detailed Auditing. Do not ignore Auditing.

Windows 9 – Adaptable UI optimized for the Device

Some early strategies for next generation of Windows is shared by Microsoft’s CEO Satya Nadella in this article.

http://www.informationweek.com/mobile/mobile-devices/nadellas-windows-9-and-device-plans-explained/a/d-id/1297502

QUOTE: Microsoft CEO Satya Nadella said during this week’s earnings call that the next version of Windows will “streamline” from three operating systems — Windows, Windows RT, and Windows Phone — “into a single, converged [OS] for screens of all sizes.” He also detailed Microsoft’s scaled-down device strategy, including its integration of Nokia, a subject Nadella had previously broached in only the broadest terms.

Regarding the next version of Windows — which is codenamed Threshold and likely will hit the market as Windows 9 — Nadella wasn’t talking about a single UI that magically scales across devices. There won’t be a desktop on your phone, and it’s unlikely that touch-oriented Live Tiles will appear by default when Threshold loads on PCs and laptops.

WORDPRESS – Best practices in authoring posts

These links provide best practices and advice on constructing blog posts in the Word Press environment

WORDPRESS – Writing Posts & BEST PRACTICES
http://codex.wordpress.org/Writing_Posts

WORDPRESS – Primary Lessons Menu page
http://codex.wordpress.org/WordPress_Lessons

WORDPRESS – Introduction to Blogging
http://codex.wordpress.org/Introduction_to_Blogging

WORDPRESS – Design and Layout
http://codex.wordpress.org/Blog_Design_and_Layout

WORDPRESS – Advanced Topics
http://codex.wordpress.org/Advanced_Topics

WORDPRESS – How to create your own personal blog http://www.siteground.com/tutorials/blog/wordpress.htm

WORDPRESS – Support topics
http://wordpress.org/support/

WORDPRESS – HOW TO CREATE BLOG POST (video)
http://www.dummies.com/how-to/content/how-to-create-a-blog-post-in-wordpress.html

Word Press – Beginners Guide (excellent)
http://www.wpbeginner.com/blog/

Word Press – How to rename Category tags
http://www.wpbeginner.com/beginners-guide/how-to-properly-rename-categories-in-wordpress/

TIP: Windows Essential 2012 “Live Writer” is a great WYSIWYG tool for WP blog posting

Windows Live Writer (can be downloaded here and works with Windows 8.1)
http://windows.microsoft.com/en-us/windows-live/essentials

How to use Windows Essential 2012 “Live Writer”
http://windows.microsoft.com/en-us/windows-live/writer-basics

QUOTE: Windows Essentials is a suite of free Windows programs such as Movie Maker, Photo Gallery, Mail, and Writer. These programs can help you organize and edit photos and videos, manage email, create blog posts, and keep your files in sync. The edition of Windows Essentials you can download depends on which version of Windows you’re running.

Network-wide options by YD - Freelance Wordpress Developer