Security Protection – Harry Waldron MVP Rotating Header Image

September, 2014:

Windows 9 – Preview Announcement set for September 30th

Several articles note that new attributes of the new operating system will be previewed on September 30, 2014

http://www.computerworld.com/article/2683914/microsoft-sets-windows-9-reveal-for-sept-30.html

QUOTE:  Microsoft issued invitations on Monday for a Sept. 30 event where it will unveil the next version of Windows, according to multiple online reports.  The San Francisco press conference will introduce the next iteration of Microsoft’s venerable Windows operating system. Most pundits and analysts expect the OS to be dubbed “Windows 9,” with the company sticking with the numerical moniker of the 2012 predecessor. It has also been known by the code name “Threshold.”

Presumably set for release in the first half of 2015, Windows 9, may be either the last major release of the operating system or the first in a string of smaller, less-ambitious updates as Microsoft accelerates its already too-fast-for-enterprise release schedule.  A revamped Start menu — one that hews more closely to the one in Windows 7 — a de-emphasis of the touch-first “Modern,” née “Metro,” mode and UI (user interface), and the ability to run Modern apps in Windows on the classic desktop have been bandied as Windows 9’s most obvious changes.

The mention of “enterprise” in Microsoft’s invitation bolsters the speculation that Windows 9 will be primarily aimed at business and corporate customers, who have spurned Windows 8 because of its split-UI personality. That, in turn, argues for a surfacing of new features and other changes that make the OS easier to operate and navigate with mouse and keyboard, still the primary input methods for business PCs.

It’s important for Microsoft to make Windows 9 attractive to those customers, Gartner analysts have said, if Microsoft is to convince them to move beyond Windows 7 — which has a lock on the corporate market — in time to avoid a repeat of the Windows XP longevity problem.

Leadership – Key Question to ask during fact gathering

From the excellent Leadership blog by John Maxwell, the key question of “What Do You Think?” is examined

http://www.johnmaxwell.com/blog/my-1-question-for-the-people-around-me

QUOTE:  The simple act of asking the right questions of the right people can provide crucial information, offer clarity and help you make better decisions. That process begins with the questions you ask yourself. It continues with the questions you ask others. When you ask the right questions of people on your team, it not only gives the above benefits, it can also improve your connection with them and demonstrate your openness and teachability.

In my upcoming book, Good Leaders Ask Great Questions, I share the eleven questions that I continually ask members of my team. Today, I’ll talk about the question that I ask my most often: “What do you think?” These words come out of my mouth a dozen or more times every day.

1. Gathering Information – want good information from multiple sources and perspectives
2. Confirming My Intuition – what can you do to validate your belief?
3. Assessing Someone’s Judgment or Leadership – fastest way to assess people’s thinking and observation abilities
4. Teaching How I Think – Why is a great tool for connecting and equipping.
5. Processing a Decision – Sometimes people need a number of different perspectives in order to discover the best choice

Apple – How iPhone 6 compares with iPhone 5s

From the Apple product announcements a head-to-head comparison of both phones are made that highlight new iPhone 6 features and whether it is advantageous to upgrade:

http://www.pcmag.com/article2/0,2817,2468229,00.asp

QUOTE: Previous generations of iPhone have mostly been spec bumps, with the iPhone 5’s screen increase from 3.5 to 4 inches and the new A7 chip in the 5s making most of the news, along with some camera improvements. This time, Apple has released two phones to cover its bases, both with larger screens and the even faster A8 processors.

We won’t know for sure until we get the iPhone 6 in for a full review, but we expect real-world performance to be somewhat similar, at least at first. When app developers start making more complex apps and games to match the A8’s power, you may see some lag on your iPhone 5s, but it’s clear you’d need some pretty serious games to slow the A7 down.

Apart from the screen and CPU, there are also some interesting new features in iOS 8, most notably Apple Pay, which will arrive in October and promises to make mobile payments a more accepted standard. And if any company’s going to do it, it’s Apple. Unfortunately for those with the iPhone 5s, this feature requires NFC, which only the iPhone 6 and 6 Plus will have.

Windows XP – Unofficial version of SP4 on the way

This non-Microsoft implementation of SP4 is mainly to provide a shortcut in building an XP based system from scratch as it is essentially a rollup of all past security updates.  This would be used at one’s own risk and by technical professionals who could repair issues without support by Microsoft.  This new resources may be useful in some settings, as long as technicians understand the inherent risks.

http://www.zdnet.com/want-windows-xp-sp4-unofficial-versions-are-on-the-way-7000033030/

http://www.ryanvm.net/forum/viewtopic.php?t=10321

QUOTE: Some five months after Microsoft ended support for Windows XP, a developer is preparing to make an unofficial service pack for the 13-year-old OS available on general release.  Using the project title of Unofficial Service Pack 4, Greece-based developer harkaz started work in September 2013 on bringing together all the official updates from Microsoft in a single package.

In his description of the Windows XP service-pack project, harkaz said: “Many users — including me — who won’t be able to upgrade their old machines to a newer OS would like to easily install all Windows updates in one convenient package. For this reason, I started working on a Service Pack 4 package.”  According to harkaz, Windows XP Unofficial SP4 is a cumulative update rollup for Windows XP x86. It can be applied to a live Windows XP system that has a minimum of SP1 installed. Alternatively, it can be integrated in any Windows XP installation media.

Apple Watch – Early Review of this new device

This InformationWeek article provides early review of Apple Watch accessory

http://www.informationweek.com/mobile/mobile-devices/apple-watch-useless-beauty-brilliant-engineering/d/d-id/1315568

https://www.apple.com/watch/

QUOTE: Nonetheless, Apple Watch is a brilliant piece of engineering. While it may lack a reason for being, it appears to be a triumph of fashion and entertainment. It’s likely to appeal to Apple customers, many of whom can afford the unnecessary expense of the Apple Watch.

Starting at $349, Apple Watch should prove popular with well-heeled young people, a group likely to be delighted with the social interaction enabled by the product: the ability to send heartbeats to one another via the device’s haptic sensor, to transmit doodles, and to reply to email via menu options or voice input rather than typed text.

The Apple Watch, beautiful though it may be in comparison to other smartwatches on the market, is useless in the sense that it isn’t even a stand-alone product; it’s an iPhone accessory. It needs to be paired with an iPhone for GPS data and WiFi connectivity. It needs to be paired with an iPhone because otherwise it might cannibalize iPhone sales, as the iPhone has done to the iPod.

The Apple Watch isn’t so much a revolutionary product as a devolutionary one: It marks the migration of technical functions into the objects and activities of everyday life. It marks an even greater emphasis on design as a differentiator. Apple Watch won’t be a runaway hit like the iPhone or iPad; but it will help Apple expand the focus of the technology industry beyond mobile devices and the desktop.

Best Practices – Top 10 security recommendations for businesses

http://www.zdnet.com/10-security-best-practice-guidelines-for-businesses-7000012088/

QUOTE: This list is not entirely focused on mobile security, but is general to corporate security. Here’s my list of 10 security best practice guidelines for businesses:

1.Encrypt your data: Stored data, filesystems, and across-the-wire transfers all need to be encrypted. Encryption is essential to protecting sensitive data and to help prevent data loss due to theft or equipment loss.

2.Use digital certificates to sign all of your sites: Save your certificates to hardware devices such as routers or load balancers and not on the web server as is traditionally done. Obtain your certificates from one of the trusted authorities.

3.Implement DLP and auditing: Use data loss prevention and file auditing to monitor, alert, identify, and block the flow of data into and out of your network.

4.Implement a removable media policy: Restrict the use of USB drives, external hard disks, thumb drives, external DVD writers, and any writeable media. These devices facilitate security breaches coming into or leaving your network.

5.Secure websites against MITM and malware infections: Use SSL, scan your website daily for malware, set the Secure flag for all session cookies, use SSL certificates with Extended Validation.

6.Use a spam filter on email servers: Use a time-tested spam filter such as SpamAssassin to remove unwanted email from entering your users’ inboxes and junk folders. Teach your users how to identify junk mail even if it’s from a trusted source.

7.Use a comprehensive endpoint security solution: Symantec suggests using a multi-layered product (theirs, of course) to prevent malware infections on user devices. Antivirus software alone is not enough. Antivirus, personal firewall, and intrusion detection are all part of the total approach to endpoint protection.

8.Network-based security hardware and software: Use firewalls, gateway antivirus, intrusion detection devices, honey pots, and monitoring to screen for DoS attacks, virus signatures, unauthorized intrusion, port scans, and other “over the network” attacks and attempts at security breaches.

9.Maintain security patches: Some antivirus programs update on what seems like a daily basis. Be sure that your software and hardware defenses stay up to date with new antimalware signatures and the latest patches. If you turn off automatic updating, set up a regular scan and remediate plan for your systems.

10.Educate your users: As I wrote in The second most important BYOD security defense: user awareness, “it might be the most important non-hardware, non-software solution available. An informed user is a user who behaves more responsibly and takes fewer risks with valuable company data, including email”.

Microsoft Security Updates – SEPTEMBER 2014

Critical Security updates to Microsoft Windows, Internet Explorer, Framework, and other products became available on Patch Tuesday.  Users should promptly update to enjoy best levels of protection. So far, no issues encountered in early use after installation.  

https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+-+September+2014/18627

http://technet.microsoft.com/en-us/security/bulletin/ms14-sep

Apple – iPhone6 and other announced products

The iPhone6 and ApplePay were two of most significant product announcements from recent product update cycle:

http://7online.com/technology/live-updates-apples-product-announcement/301057/

http://www.networkworld.com/article/2604369/smartphones/apple-introduces-iphone-6-and-iphone-6-plus.html

Quote: At its big fall event at in Cupertino on Tuesday, Apple unveiled two new iPhones: the iPhone 6 and iPhone 6 Plus. As expected, both new models sport much larger screens than previous versions. The standard iPhone 6 now sports a 4.7-inch display, while the iPhone 6 Plus comes with a massive 5.5-inch screen, putting it squarely in “phablet” territory. Storage on both iPhone models now tops out at 128GB, double the amount of previous models, and cameras have been updated as well.

http://www.networkworld.com/article/2604405/smartphones/applepay-aims-to-replace-your-wallet-with-an-iphone.html

Quote:  Apple’s event in Cupertino on Tuesday wasn’t all about iPhones. CEO Tim Cook also took the stage to launch the company’s new wallet-killer technology, ApplePay.  The new payment process works using NFC (near-field communication) technology, so all you have to do is hold your phone to a sensor at the cash register, then use TouchID to complete the process. ApplePay will be exclusive to the iPhone 6 and 6 Plus, because the new phones are equipped with the requisite NFC radio antenna.

Data Breach – Home Depot security compromise confirmed

Forensic investigations have confirmed security controls at Home Depot were compromised (stock price has fallen by 4% since reports surfaced). Article also reflects additional data breaches were reported in recent days, by grocery chain Supervalu, UPS Stores Inc. and Dairy Queen.

http://www.computerworld.com/article/2604360/home-depot-confirms-breach.html

QUOTE:  After nearly a week of investigation, Home Depot on Monday confirmed that intruders had indeed broken into its payment networks and accessed credit and debit card data belonging to an unspecified number of customers who shopped at its U.S. and Canadian stores.

The statement announcing the breach did not detail the number of stores affected or the total number of cards compromised. It merely noted that the company is looking into the possibility that the breach occurred in April.  Home Depot also said there is no evidence that debit card personal identification numbers (PIN) were compromised. Nor is there evidence the breach affected any Home Depot stores in Mexico or purchases made online at the company’s website.

The company added that it has been working around the clock to mitigate the situation since being told about the breach last Tuesday.  “We apologize for the frustration and anxiety this causes our customers,” Frank Blake, chairman and CEO of Home Depot, said in the statement. “We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred. It’s important to emphasize that no customers will be responsible for fraudulent charges.”

Since news of the breach went public, Home Depot’s stock price has fallen by about 3%, from $93.11 per share last Tuesday to $90.82 on Monday. After the company confirmed the breach late Monday, its share price dropped by nearly another percentage point in after-hours trading

Facebook Privacy – Warnings for publishing photos of children

Warnings related to protecting family privacy are noted in links below:

http://www.washingtonpost.com/news/the-intersect/wp/2014/08/25/why-you-might-not-want-to-post-your-childs-back-to-school-photos-to-facebook/

Slate article link

http://facecrooks.com/Internet-Safety-Privacy/Should-You-Post-Photos-Your-Children-Online.html/

QUOTE: Aug. 25 marks the first day of school in districts across the country, which means — for parent-friending Facebook and Twitter users among us — the first day in a month-long torrent of back-to-school photos.  This is all well and good — and, in most cases, adorable. But as thousands of parents surrendered images of their toothy, pony-tailed offspring to the open Web, it also evoked a long-raging, and inconclusive, debate: Should parents ever post pictures of their children online?

So let’s consider the risks and arguments in a little more detail.

Risk 1: Unsavory elements find/download your child’s picture
Risk 2: Someone misappropriates your child’s picture/identity
Risk 3: Your child, when he grows up, inherits an entire digital history he never made/wanted