Computer News & Safety tips  – Harry Waldron MVP Rotating Header Image

January, 2017:

Leadership – Techniques to encourage personal growth of others

John Maxwell reflects on the need to encourage members of the team in their personal growth in sharing the following three key techniques

http://www.johnmaxwell.com/blog/be-quick-to-encourage-growth-in-the-people-you-care-about

Whenever I write or speak on the subject of leadership, I share that the best leaders are always on the lookout for opportunities to help people in their organizations grow. Helping team members grow is a great way to enhance your own growth and develop together as a team.

1. Be Quick to Listen — We live in a world that is clamoring to be heard. Between social media, blogs, video journals, podcasts and traditional media, a lot is being said, but not many are listening. So when you go out of your way to listen, you are communicating two things: one, that the person speaking has value, and two, that you want to add value to them.

2. Be Quick to Laugh — Nothing helps a person more than someone willing to share a laugh in times of stress, or times of trouble, or times of joy. That’s because laughter creates positivity. And positivity is essential for anyone trying to grow. After all, personal growth often comes with mistakes, bumps, and bruises, so it’s especially helpful when we have someone to help us laugh our way through the rough patches.

3. Be Quick to Encourage — It’s important to remember that we often see positive things in others that they don’t see in themselves. They may suspect these truths, but to have someone else come along and honestly point them out is a difference maker in ways we can’t imagine. When someone else sees and says the truth about who someone is capable of being, it goes a long way toward encouraging them to grow into that potential.

Ransomware – New Doxware technique makes sensitive documents public

A new technique described as “Doxware” is where sensitive documents are published in a “wikileaks” type fashion publicly until payment is rendered. While this would be targeted for highly specific companies or individuals, it is designed to bring in greater ransom payments.

http://www.darkreading.com/attacks-breaches/ransomware-has-evolved-and-its-name-is-doxware/a/d-id/1327767

The latest form of malware holds computers hostage and compromises the privacy of conversations, photos, and sensitive files. In recent years, ransomware has become a growing concern for companies in every industry. Between April 2015 and March 2016, the number of individuals affected by ransomware surpassed 2 million — a 17.7% increase from the previous year.

Many companies have figured out that they can avoid paying these ransoms by wiping a system clean, restoring it with backup drives, and going about business without being held hostage. But as a result of increased ransom-avoidance, cybercriminals have created an even more insidious threat. Imagine malware that combines ransomware with a personal data leak: this is what the latest threat, doxware, looks like.

With doxware, hackers hold computers hostage until the victim pays the ransom, similar to ransomware. But doxware takes the attack further by compromising the privacy of conversations, photos, and sensitive files, and threatening to release them publicly unless the ransom is paid. Because of the threatened release, it’s harder to avoid paying the ransom, making the attack more profitable for hackers.

Doxware requires strategic, end-to-end planning, which means hackers will target their victims more deliberately. Therefore, malicious players will be more intentional in whom they attack, giving corporate leaders, politicians, celebrities, and other public figures cause for concern.

Intel – 2017 Kaby Lake CPU processor details

This article and slideshow, from Extreme Tech, shares details for INTEL’s 7th generation CPU chips:

https://www.extremetech.com/computing/242015-intel-rolls-rest-kaby-lake-family

Intel didn’t just launch the new Core i7-7700K desktop CPU, it made a comprehensive update to its entire product line. The initial Kaby Lake mobile refresh was limited to a handful of SKUs; with this launch Intel is bringing out a larger number of cores intended for every price point. The new chips are, for the most part, drop-in replacements for the Skylake SKUs Intel launched in 2015 and 2016, though most of the models feature at least a small clock jump over and above what Skylake offered.

Kaby Lake is priced nearly identically to Skylake in virtually every case, but the Core i5-7600K has a 3.8GHz base clock and a 4.2GHz turbo clock, whereas the Core i5-6700K was a 3.5GHz – 3.9GHz chip. These gains are preserved through most of the product stack; the 35W Core i5-7400T has a 2.4GHz base, 3GHz turbo, compared with the Core i5-6400T with its 2.2GHz base and 2.8GHz turbo.

There’s a new nomenclature attached to many of Intel’s 15W and 28W CPUs. These new chips feature what Intel is calling “Iris Plus,” meaning they incorporate a 64MB EDRAM chip alongside the GPU core. The 128MB EDRAM cores that Intel has previously shipped with Skylake and Broadwell aren’t being carried over to the Iris Plus line, at least not for now. OEM uptake on these cores has never been high, even though they can improve integrated graphics performance by almost 100%.

All of the new 7th-Generation chips support VP9 hardware decode, as well as supporting H.265 encode/decode completely in hardware. As a result, all of these cores are comparable with streaming 4K video from Netflix or any other service that agrees to use Windows PlayReady DRM via the Edge browser. Intel has already said it won’t bring its EDRAM to any desktop quad-core SKUs this cycle, so if you were hoping for a non-embedded chip with Iris Plus you’ll have to look for a Skylake-based core or consider the Broadwell-based Core i7-5775C, which does have the 128MB cache.

USB Flash Drives – Kingston 1TB and 2TB devices

Kingston will offer 1TB and 2TB next month with the new DataTraveler Ultimate GT USB flash drive as described below:

http://www.pcmag.com/news/350768/kingston-datatraveler-ultimate-gt-is-worlds-largest-usb-fla

We are now spoiled for choice when it comes to deciding how to carry data around. There’s USB sticks, portable hard drives that don’t require a power cable, SD cards, and of course, the cloud. So the limiting factor isn’t how to carry data around in your pocket, it’s how much you can carry?

According to Betanews, Kingston is increasing the answer we can give to that question to 2TB next month with the launch of its DataTraveler Ultimate GT USB flash drive. By squeezing 2TB of storage into the Ultimate GT, Kingston can claim to offer the world’s largest capacity USB flash drive.

The Ultimate GT will be made available in 1TB and 2TB capacities with USB 3.1 transfer speeds, which is a good move considering how much data you can transfer on and off this stick. USB 3.1 offers a maximum of 1,280MB/s transfer speeds, although getting anywhere near that speed depends as much on the USB port as the drive itself.  It uses a zinc-alloy metal casing “for shock resistance,” includes a 5-year warranty

IoT Security – Norton Core Router provides advanced protection

The new Norton Core router is designed to improve network security for smart home devices as it sits between then and manipulative agents on the internet.

http://www.theverge.com/2017/1/3/14124662/norton-core-router-announced-smart-home-security-ces-2017

The Internet of Things is a security problem. The Mirai botnet attacks drove the point home in October. There are more and less secure devices, but they all share the same basic weaknesses: they’re underpowered, making it hard to implement serious security systems, and their basic functions require them to accept requests from anywhere on the web. That combination makes them easy targets for hackers, who can use the devices to build botnets or launch ransomware attacks. And since those aren’t the kind of problems you can fix with a software patch, the security world has been at a loss for what to do.

Today, Norton announced a new approach to the problem: building a better router. Arriving this summer, the Norton Core is pitched as a single device that will keep your smart things in line. Instead of trying to secure devices one by one, the Core solves the problem at the network level, using the router as a hub to monitor traffic from every device at once. Your thermostat likely doesn’t have the processor power to run robust malware checks, but the Core does, and since it sits between the devices and the wider internet, it also has the power to block and quarantine devices as soon as something fishy turns up.

In hardware terms, the Core is basically a high-performance router in a cool-looking shell. It has a dual-core processor to power those virus scans, and dual-band antenna to support up to 2.5 Gbps of bandwidth. It’s not an out-of-the-box mesh system, like Google Wifi or Eero, but it does share some of the aesthetic properties and smartphone-based controls as those systems. I didn’t get the chance to test the Core rigorously, so it’s hard to say how it stacks up on delivering bandwidth, but at $279 for a single unit (or $199 on preorder), you won’t be paying too much extra for the security features. Those high-performance specs also mean the Core has enough processor power to run robust internal security checks and automatically download patches, making the device itself significantly less vulnerable.

Hardware – Dell 27 S2718D is thinnest monitor in world

The Dell 27″ Ultrathin become the world’s thinnest monitor profile by moving all the ports in the stand base.

Dell Unveils Ultrathin 27-Inch Monitor S2718D
http://www.pcmag.com/news/350732/dell-unveils-ultrathin-27-inch-monitor

The 27 Ultrathin Monitor (S2718D) is Dell’s latest display, and it boasts the “world’s overall thinnest profile.” We’re all used to fumbling around at the back of a monitor blindly trying to plug in a HDMI, DisplayPort, or DVI cable, so Dell solved that problem and allowed this monitor to be incredibly thin by simply moving those ports to the stand base.

As for the display, it’s a 27-inch panel with a resolution of 2,560 by 1,440 running at 60Hz. It supports HDR output, but to a different spec than 4K TVs. Brightness is rated at 400 nits and it supports 99 percent of the sRGB color gamut. The contrast ratio is 1000:1 and the response time is 6ms gray-to-gray. Viewing angles are as expected: 178 degrees.

The monitor looks fragile due to how thin it is, but the hinge on the back is articulated meaning you can tilt and swivel it until you get the perfect angle for your viewing requirements. Dell will be launching the 27 Ultrathin on March 23 in the US at a cost of $699.99.

PENTEST Tools – NMAP 7.40 release

Happy holidays from the Nmap Project!  In case your Christmas break plans
involve a lot of port scanning, we’re delighted to announce our holiday
Nmap 7.40 release!  This version stuffs your stockings with dozens of new
features, including:

  *** 12 new NSE scripts
  *** Hundreds of updated OS and version detection detection signatures
  *** Faster brute force authentication cracking and other NSE library
  improvements
  *** A much-improved version of our Npcap Windows packet capturing
  driver/library

There are many more improvements which are all describe below.  Nmap 7.40
source code and binary packages for Linux, Windows, and Mac are
available for free download from the usual spot:

https://nmap.org/download.html

If you find any bugs in this release, please let us know on the Nmap Dev
list or bug tracker as described

https://nmap.org/book/man-bugs.html

Here are the changes since Nmap 7.31 from October:

* [Windows] Updated the bundled Npcap from 0.10r9 to 0.78r5, with an
improved installer experience, driver signing updates to work with Windows
10 build 1607, and bugfixes for WiFi connectivity problems. [Yang Luo,
Daniel Miller]

* Integrated all of your IPv4 OS fingerprint submissions from April to
September (568 of them). Added 149 fingerprints, bringing the new total to
5,336. Additions include Linux 4.6, macOS 10.12 Sierra, NetBSD 7.0, and
more. Highlights: http://seclists.org/nmap-dev/2016/q4/110 [Daniel Miller]

* Integrated all of your service/version detection fingerprints submitted
from April to September (779 of them). The signature count went up 3.1% to
11,095. We now detect 1161 protocols, from airserv-ng, domaintime, and mep
to nutcracker, rhpp, and usher. Highlights:
http://seclists.org/nmap-dev/2016/q4/115 [Daniel Miller]

* Fix reverse DNS on Windows which was failing with the message “mass_dns:
warning: Unable to determine any DNS servers.” This was because the
interface GUID comparison needed to be case-insensitive. [Robert Croteau]

* [NSE] Added 12 NSE scripts from 4 authors, bringing the total up to 552!
They are all listed at https://nmap.org/nsedoc/, and the summaries are
below:

*** cics-enum enumerates CICS transaction IDs, mapping to screens in
TN3270 services. [Soldier of Fortran]
*** cics-user-enum brute-forces usernames for CICS users on TN3270
services. [Soldier of Fortran]
*** fingerprint-strings will print the ASCII strings it finds in the
service fingerprints that Nmap shows for unidentified services. [Daniel
Miller]
*** [GH#606] ip-geolocation-map-bing renders IP geolocation data as an
image via Bing Maps API. [Mak Kolybabi]
*** [GH#606] ip-geolocation-map-google renders IP geolocation data as an
image via Google Maps API. [Mak Kolybabi]
*** [GH#606] ip-geolocation-map-kml records IP geolocation data in a KML
file for import into other mapping software [Mak Kolybabi]
*** nje-pass-brute brute-forces the password to a NJE node, given a valid
RHOST and OHOST. Helpfully, nje-node-brute can now brute force both of
those values. [Soldier of Fortran]
*** [GH#557] ssl-cert-intaddr will search for private IP addresses in TLS
certificate fields and extensions. [Steve Benson]
*** tn3270-screen shows the login screen from mainframe TN3270 Telnet
services, including any hidden fields. The script is accompanied by the new
tn3270 library. [Soldier of Fortran]
*** tso-enum enumerates usernames for TN3270 Telnet services. [Soldier of
Fortran]
*** tso-brute brute-forces passwords for TN3270 Telnet services. [Soldier
of Fortran]
*** vtam-enum brute-forces VTAM application IDs for TN3270 services.
[Soldier of Fortran]