Security Protection – Harry Waldron MVP Rotating Header Image

Uncategorized

Privacy – Facebook CEO takes precautions to cover webcam

Physical security precautions to cover webcam and microphones are shared in article below: 

http://mashable.com/2016/06/21/mark-zuckerberg-webcam-cover/

Facebook co-founder Mark Zuckerberg has been increasingly willing to share moments from his family and work life. But a photo he posted on Tuesday, intended to promote Instagram’s user milestone numbers, may have ended up revealing a little more about Zuckerberg than he intended: Dude hasn’t lost any of his hacker caution when it comes to protecting his privacy.

A couple of eagle-eyed observers pointed out that the laptop on Zuckerberg’s desk not only has tape covering the webcam, but there’s also tape covering the Apple laptop’s dual microphones. That’s right, even one of the most elite (and richest) coders on the planet still takes rudimentary measures to ensure that nobody is spying on him.

Adobe – Critical out-of-band security release JUNE 2016

SANS Internet Storm Center has a  PATCH NOW  rating on this “zero day” exploit circulating in the wild

https://isc.sans.edu/forums/diary/Critical+Adobe+Flash+Update+Patch+Now/21167/

https://helpx.adobe.com/security/products/flash-player/apsb16-18.html

Adobe did not release a patch for Flash on Tuesday, but instead alerted users of an unpatched, and actively exploited, vulnerability (CVE-2016-4171).  Today, Adobe did release a patch that fixes this vulnerability (and others). This is a “PATCH NOW” vulnerability that needs to be addressed as soon as possible.

MICROSOFT HAS JUST RELEASED “OUT OF BAND” UPDATE ALSO
Windows 8 and Windows 10 have Adobe Flash patching built into Windows Update (and please update as automatically prompted)

https://technet.microsoft.com/library/security/ms16-jun

More on specific vulnerability can be found here which is circulating in limited targeted attacks:
https://helpx.adobe.com/security/products/flash-player/apsa16-03.html

Leadership – Key Considerations before seeking new opportunities

John Maxwell shares an excellent leadership article related to key decision points for managers to evaluate prior to moving on to new leadership opportunities

http://www.johnmaxwell.com/blog/four-questions-to-ask-before-moving-on

Have you ever felt like you were out of place? That where you are, isn’t where you’re supposed to be?  That’s such an important question. Looking back over my four decades of leadership, I can see that my sense of having more to give played a key role in many of my career choices. Every career transition was triggered by a desire to give more. And the new position that followed definitely offered the opportunity to grow and expand my impact.

Here are the four questions I encouraged my friend to answer:

1. Am I Currently Exceeding Expectations? — Before you start looking for other places to give more, make sure you’re more than meeting the standard where you’re at! If you are already consistently exceeding expectations as an employee and/or leader, then you might need to look for other opportunities to contribute.

2. Am I Giving 100% OF MY Effort? — Resist the coaster’s mentality—that’s when you settle for less than your best simply because it’s better than what’s expected! If you’re not giving your 100% to where you are, then chances are that you would transfer that same attitude to a new position. Find a way to re-engage with your position and challenge yourself to be completely focused on giving your best work.

3. Am I Seeing and Seizing Growth Opportunities? — You may not realize it, but growth opportunities exist all around you. It’s easy to see your current discontentment as a sign that you need to leave. But in reality, it might be a sign that you need to level up. Don’t let your restlessness blind you to the opportunities to grow that may be present right where you are. Search hard for them, and don’t move on until you’re certain that you’ve made the most of every opportunity.

4. Am I Currently Mentoring Others? — whenever you leave a position, you take your influence, vision and momentum with you—unless you’ve spent time developing someone to take your place. The mentoring question is the last question to ask, because doing so always leaves things better than they were when you arrived. Plus, if you’re not giving to the people who are already in your life, then you’re not prepared to give to those you haven’t met!

The theme for all four of these questions is to be all that you can be where you are. Grow and give until you’ve filled the space that you’re in. When you know you’ve done that, it might be time to move on.

Bluetooth 5.0 – increases range by 4X and speed by 2X

The new Bluetooth 5.0 wireless standard will increase range by 400% and speed by 200% and improve in automatically connecting enabled devices

Bluetooth 5.0 to Quadruple Range, Double Speed
http://www.pcmag.com/news/345316/bluetooth-5-0-to-quadruple-range-double-speed

The next generation of Bluetooth devices will have quadruple the range and double the speed of what is currently available thanks to Bluetooth 5.0, which was announced today by the Bluetooth Special Interest Group (SIG) and will be available to device manufacturers as early as this fall. Bluetooth 5.0’s specs are mostly in line with what SIG hinted last fall, when its chairman Toby Nixon said there is “a significant demand” to enhance Bluetooth. That demand stems in large part from devices connected to the Internet of Things, especially low-power beacons.

“Increasing operation range will enable connections to IoT devices that extend far beyond the walls of a typical home, while increasing speed supports faster data transfers and software updates for devices,” SIG Executive Director Mark Powell said in a statement. “And now with the ability to broadcast a much richer set of information, Bluetooth 5 will make beacons, location awareness, and other connectionless services an even more relevant part of an effortless and seamless IoT experience.”

Instead of automatically requesting to pair with a device, Bluetooth 5.0 will be smart enough to analyze the type of connection required to transmit the information. Warehouse managers, for instance, will be able to pinpoint an item in their inventory just by walking through the stacks. Travelers will be able to find the nearest Starbucks in a foreign airport without a Wi-Fi or 4G connection.

Orlando Tragedies – Fake Donation website warnings

As with most major events, fake donation sites and scams quickly emerge.  Users should always donate to the most mainstream and fully vetted sites where most of the donated monies will dgo to help the victims (e.g., American Red cross)

http://www.local10.com/consumer/call-christina/fake-donation-sites-created-in-wake-of-orlando-massacre-

http://give.org/news-updates/news/2016/06/bbb-offers-ten-giving-tips-for-orlando-tragedy/

http://arstechnica.com/security/2016/06/scammers-have-already-started-trying-to-exploit-orlando-shooting-for-bitcoins/

The vultures have already begun to descend on the tragedy in Orlando, Florida. A fake Twitter account claiming to represent the nightclub where the largest mass shooting in modern US history took place in the early hours of June 12 was calling for donations to assist victims—by sending bitcoins to buy bottled water and Oreo cookies. The account was suspended on Monday afternoon.

The scammers used a common tactic—they hijacked the name of the Pulse nightclub, attached the account to the various “hashtags” associated with the shooting, and built the account’s apparent profile by attaching an army of fake followers so they could draw the attention of people following conversations about the shooting. The Twitter account directed followers to a shortened Web address to make donations. That Web address linked to the six-month-old domain desifreemovies.net—a domain with a fake registration address in California and a contact e-mail account associated with the Hushmail anonymous e-mail service.

SAFETY TIPS FOR ONLINE DONATIONS Never click on links to charities on unfamiliar websites or in texts or emails. These may take you to a look-a-like website where you will be asked to provide personal financial information or to click on something that downloads harmful malware into your computer.  Don’t assume charity recommendations you spot on Facebook, blogs or other social media have already been vetted

Microsoft Excel – Advanced tips for importing and structuring data

PC World features article on advanced Excel tips for processing data that may not be structured into distinct columns initially  

Excel pro tips: Importing and parsing data
http://www.pcworld.com/article/3049943/software/excel-pro-tips-importing-and-parsing-data.html

Data imported from other spreadsheets or databases is already separated into fields, using something called a field delimiter—a comma, tab, space, or custom character—to separate one field from another. These databases import easily into Excel and place all the fields in separate columns. If your company pays bills and/or banks online, these sites usually offer copies of the company’s records in electronic form. CSV (comma separated values) is the most common data exchange format and, if offered, the best one to use. But what happens when all the data imports into one cell?

Importing & parsing data — If you copy a block of data from a webpage, a word processing file, or other text file, then paste into Excel using the Paste > Special > Text command, all the data is dumped into a column of single cells. This means the records are copied into separate rows, but all of the fields are in one cell. What a mess! Now what?

Microsoft Security Updates – JUNE 2016

Below are key resources documenting this recent monthly Microsoft Patch Tuesday release:

https://technet.microsoft.com/en-us/library/security/ms16-jun.aspx

https://isc.sans.edu/mspatchdays.html?viewday=2016-05-10

http://blog.talosintel.com/2016/06/ms-tuesday.html

Patch Tuesday for June 2016 has arrived where Microsoft releases their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains 16 bulletins addressing 44 vulnerabilities. Five bulletins resolve critical vulnerabilities found in MS DNS Server, Edge, Internet Explorer, JScript/VBScript, and Office. The remaining bulletins are rated important and address vulnerabilities in Active Directory, Exchange Server, Group Policy, SMB Server, Netlogon, Windows Graphics component, Windows Kernel-mode Drivers, Windows PDF, Window Search Component, and WPAD.

Leadership – Key attributes to look for in a Leader

John Maxwell shares excellent advice for IT and business leadership development

http://www.johnmaxwell.com/blog/moving-beyond-the-one-man-show-investing-in-the-right-people

In my book Developing the Leaders Around You, I devote an entire chapter to identifying potential leaders to develop. To me, this is the primary responsibility of any leader, and it’s also one of the most challenging tasks leaders face. It’s crucial to get it right. So what should you look for when you’re recruiting people to your side? Here are the five key areas I believe you should focus on:

1. Character — Without a doubt, the first thing you should look for in others in character. Strength of character is the foundation of all leadership; if a person’s character is flawed, their leadership will be as well.  And I ask three easy questions to help assess a person’s integrity:

a. Do they take responsibility for both their successes and their failures?
b. Do they fulfill their promises and obligations?
c. Do they meet their deadlines consistently?

2. Positive Attitude — After character, one of the most valuable assets anyone can possess is a good attitude. People with positive attitudes do things others can’t, see things others won’t, and go places others don’t go. Their willingness to see potential even in the most challenging circumstances sets the tone for everyone around them, and that makes them exceptional people to spend time with and develop.

3. Self-Discipline — The quickest way to determine if a person is self-disciplined is to look at two key areas: their emotions and their time. Self-disciplined people don’t allow the emotions of others to overwhelm them; in a volatile moment, they can keep a cool head. Self-disciplined people likewise don’t allow the urgency or distractions of the moment to command their attention. They know how to focus on what truly matters. If you can find someone in control of their emotions and their time, chances are you’ve found a person with great self-discipline.

4. People Skills — To be a leader, by definition, you have to work with other people—and that’s where people skills come in. When looking for people to raise up as leaders, you should always look for those who have an ability to understand others, and who make positive interactions with others a primary goal. How we behave toward others determines how they will behave toward us.

5. Discontent with the Status Quo — What I’m talking about is more of a willingness to be different and take risks. You want people who are willing to change and grow—and push you to do the same. Leaders who become satisfied with the status quo very quickly become followers.

I keep a constant eye out for potential leaders no matter where I go, and I encourage you to do the same. Look for men and women with a good attitude who genuinely like others and want to help make their community a better place. Look for people who have the character and discipline to follow through on their word. I promise you, they are out there.  Good leaders deliberately seek out and find potential leaders. Great leaders not only find them; they help them become great leaders in their own right.

Malware – Seven signs of an infected system in 2016

As enumerated below, slow performance, unexpected actions, or blocked access to system tools may be signs of malware infection

http://www.pcmag.com/article2/0,2817,2416788,00.asp

Computers are complicated enough that they don’t always do precisely what we expect. Sometimes an unexpected behavior is just a fluke; other times, it’s an outward and visible sign of an inward and terrible malware infestation. If you notice any of these security warning signs, your system may well be compromised.

1. Popup ads appear even when no browser is open.
2. Browser navigation gets redirected.
3. A security program you never installed pops up scary warnings.
4. Posts you didn’t write appear on your social media pages.
5. A program holds your PC for ransom. Some malware programs literally hold your PC or data for ransom. Overt ransomware threats may encrypt all your pictures and documents and demand that you pay to get them back.
6. Suddenly you can’t use common system tools.  If you suddenly find that trying to use these or other system tools triggers a message saying your Administrator has disabled them, it may well be an attempt at self-defense by malware on your system.
7. Everything seems perfectly normal. That’s right. Some types of malware do their best to hide all activity, leaving no visible traces.

If you think that malware has taken up residence in your PC, install a powerful antivirus utility or security suite immediately.  Already got one? Then apparently the malware got past its protection. Make sure your antivirus is fully up to date, and run a full scan. Also get a second opinion from a free cleanup-only antivirus like Malwarebytes Anti-Malware 1.70 or Comodo Cleaning Essentials 6.  You definitely want to get that nasty, malicious program out of your system as soon as possible, before it invites “friends” to make your security problem even worse.

Android Security – June 2016 update patches 40 vulnerabilities

Several important security updates have been recently released for Android users

http://www.eweek.com/blogs/security-watch/google-patches-40-android-flaws-in-june-update.html

In its June Android update, released on June 7, Google has fixed 40 vulnerabilities, eight of which are rated critical. Once again, the security update includes a familiar set of flaws, with media server issues and Qualcomm drivers topping the list.

In fact, six of the eight critical issues were found in Qualcomm drivers: CVE-2016-2062, CVE-2016-2464, CVE-2016-2465, CVE-2016-2466, CVE-2016-2467 and CVE-2016-2468. The flaws were found in the Qualcomm video, sound, GPU and WiFi driver components that are integrated with hundreds of millions of Android devices. All six vulnerabilities are privilege escalation issues that could potentially enable a malicious application to execute arbitrary code.

Google also once again had to patch vulnerabilities in its much maligned media server component. In the June update, Google patched 15 vulnerabilities in media server, including one critical remote code execution vulnerability (CVE-2016-2463), 12 high-impact privilege escalation flaws, one high-impact denial-of-service flaw (CVE-2016-2495) and a moderate impact information disclosure vulnerability (CVE-2016-2500).

With the 40 vulnerabilities fixed in the June update, Google has now patched at least 163 vulnerabilities so far in 2016. A key challenge, however, is getting handset vendors to implement all those patches and making them available to end users.

Google’s supported Nexus phones all get the Android updates relatively quickly after each monthly update is issued, but other Android phones have not been quite as fortunate. Google is now working on a plan to publicly pressure handset vendors that don’t make updates available quickly for end users and is planning to integrate a more robust updating system that helps keep devices up to date with patching.

Featuring WPMU Bloglist Widget by YD WordPress Developer