Security Protection – Harry Waldron MVP Rotating Header Image

Leadership – Watch out for the Blind Spots

John Maxwell encourages leaders to assess weaknesses they not readily see, by assessing the four symptoms listed below

Do you have any blind spots?…If you answered no, you now know where your blind spot is! Okay, I think most of us would acknowledge that we do possess blind spots. We assume there must be some areas where we “don’t know what we don’t know.” And we suppose that our personal blind spots have an effect on our lives – quite possibly a negative effect.

But what happens when a leader has blind spots? It affects so many more people than the leader alone. It can have a far-reaching impact — on the leader, his or her followers, and the entire team, department or organization. Here’s my definition of a blind spot: an area in someone’s life in which he continually fails to see himself or his situation realistically. This unawareness often causes great damage to the person and those around him.

Here are just a few basic blind spots exhibited by leaders:

1. A Narrow Perspective
2. Insecurity
3. Out-of-Control Ego
4. Lack of Character

Mobile Security – iPhone iOS 9 Exploit manipulates Siri to gain access

A combination of manual techniques and manipulation of Siri service can unlock an iPhone by someone with access to physical device.,2817,2491912,00.asp

RECOMMENDATION: Want to prevent it? Just turn off Siri on your lock screen.

A clever iPhone user uncovered a new exploit in iOS 9 (and 9.0.1) that allows a person—presumably with a list of handwritten steps—to bypass the device’s passcode and get into the Contacts and Photos apps.

So unless you have a bunch of selfies you don’t want anyone to see, or you use an alphanumeric instead of a four-digit passcode, you probably don’t have much to worry about. You can also cripple the exploit by disabling Siri on your lock screen, though you’ll lose convenience in the process.

Otherwise, here’s Lifehacker’s description of how it’s supposed to work—some iPhone owners have reported trouble getting the exploit to work as described. First, you have to enter the wrong PIN four times. On the fifth attempt, type in three numbers, then hold down Home to bring up Siri as you type in the fourth number (keep in mind that a typical iOS device will lock you out for a minute if you screw up a PIN five times in a row).

This time around, some obnoxious user can get into your phone’s Photos app via the Contacts screen. The video above suggests you need to incorrectly enter in the password a few times, then enter in half the passcode before invoking Siri. Then ask Siri “What time is it?” tap one of the alarms, then head over to the World Clock tab and create a new clock. Here, type in a couple letters, then tap to select the whole word. When the pop-up comes up, select “Share,” then text message. Now, you have access to the Contacts app, which also gives you access to photos if you try to change a contact’s photos

Facebook – New Rich Text authoring capabilities

Facebook is adding new rich text capability to notes and posting capabilities as shared below:

Facebook has given a significant makeover to its long-ignored feature: Notes. Now, the feature allows users to add cover photos, put captions and format texts, among other things. Facebook discussed the most recent update on the feature through a blog post on Friday, Sept. 25.

We’re rolling out an update to make notes on Facebook more beautiful and customizable,” writes Isaac Salier-Hellendag, a User Interface Engineer. “Notes are now an even better way to write a longer post and share with anyone—whether it’s a small group of friends or everyone on Facebook.”

It appears that Facebook is making the revamped version of Notes available to everyone in a bid to boost its publishing features, stimulating its 1.49 billion active users to think about the social network as a place for posting blogs as well.

The redesigned version of Notes comes with basic formatting tools, including block quotes, headers, as well as bulleted and numbered lists. “With this update, you can add a cover photo that represents what your note is all about,” reads the blog post.

The user may put a caption on the photo with the updated version. Photos can also be resized through the feature. In addition, the refreshed Notes touts more visually enticing layouts as well as new fonts to make the notes appear like a blog post and not just an extended user status.

Windows 10 Enterprise – Corporate maintenance documentation

An excellent resource on WIN10 security update options and other desktop management maintenance needs has been published on TechNet

In enterprise IT environments, the desire to provide users with the latest technologies needs to be balanced with the need for manageability and cost control. In the past, many enterprises managed their Windows deployments homogeneously and performed large-scale upgrades to new releases of Windows (often in parallel with large-scale hardware upgrades) about every three to six years. Today, the rapid evolution of Windows as a platform for device-like experiences is causing businesses to rethink their upgrade strategies. Especially with the release of Windows 10, there are good business reasons to keep a significant portion of your enterprise’s devices current with the latest release of Windows.

For example, during the development of Windows 10, Microsoft did the following:

1.Streamlined the Windows product engineering and release cycle so that Microsoft can deliver the features, experiences, and functionality customers want, more quickly than ever.

2. Created new ways to deliver and install feature upgrades and servicing updates that simplify deployments and on-going management, broaden the base of employees who can be kept current with the latest Windows capabilities and experiences, and lower total cost of ownership.

3. Implemented new servicing options – referred to as Current Branch (CB), Current Branch for Business (CBB), and Long-Term Servicing Branch (LTSB) – that provide pragmatic solutions to keep more devices more current in enterprise environments than was previously possible.

Firefox 41 – Security Improvements

Firefox 41 is an important release as several security issues are resolved in Firefox version 41

Firefox has announced several vulnerabilities have been fixed in Firefox 41 and Firefox ESR 38.

CVE-2015-4517: NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service

CVE-2015-4521: The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service

CVE-2015-4522: The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service

CVE-2015-7174 : The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service

CVE-2015-7175 : The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service

CVE-2015-7176: The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an incorrect argument to the sscanf function, which might allow remote attackers to cause a denial of service

CVE-2015-7177: The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service

CVE-2015-7180: The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allow remote attackers to cause a denial of service

Leadership – Requires paddling upstream against the flow sometimes

An excellent article from John Maxwell’s leadership blog:

What direction is your boat moving at this point in 2015? And how many fellow travelers are you partnering with?  Partnership in growth is so important. This is especially true for leadership growth. When we surround ourselves with others on the same journey, and seek to learn from great leaders ahead of us, we can make great progress together.

It can be such a temptation to take the oars out of the water and rest, especially if you’ve been working hard and are getting tired. But leadership growth is definitely a journey upstream. Without constant attention and effort at the oars, we can drift with the current, watching our goals slip farther and farther away.

Firefox 41 – New built-In Instant Messaging capability

Key features are noted in the PC Magazine evaluation of Firefox 41,2817,2491867,00.asp

The latest version of the browser, Firefox 41, made its debut this week with a new built-in instant messaging feature, letting you send and receive IMs when you’re in a Hello video call. At this point, the feature is only available on the desktop version for Windows, Mac, and Linux.

The feature comes after Mozilla in January officially launched the WebRTC-based Hello video-calling feature, developed in partnership with Spanish telecom giant Telefónica, in Firefox 35. Now, for the first time, Hello includes IM support as well.

The latest version of the browser also adds a number of other minor updates, including a new option to personalize your Firefox Account, from which you can access services like Firefox Sync to synchronize your passwords, bookmarks, history, and open tabs across your desktop and mobile devices. Now, you can add a profile photo on the desktop and Android versions, so you’ll easily be able to see who you’re chatting with via Hello.

Digital Camera Technology – Top 2015 models

The following PC Magazine shares top digital camera and camcorder models for 2015:,2817,2491802,00.asp

According to research firm InfoTrends, the human race will shoot one trillion photos in 2015. That number is astounding in and of itself, but perhaps equally incredible is that it represents a 50 percent increase over the number of photos created just two years ago. Video has some impressive stats of its own: according to ReelSEO, more than 300 hours of video are uploaded to YouTube every minute. That’s a lot of memories being created to view over and over.

There are several good reasons why you should still use a camera or camcorder. The larger sensors in DSLRs (digital single-lens reflex), mirrorless system cameras, and high-end compacts provide higher image quality than a smartphone. Smartphones don’t have zoom lenses; you may think you’re zooming but you’re really digitally cropping what you capture. The zooms and interchangeable lenses on digital cameras and camcorders let you get in nice and tight or go very wide (depending on the model, of course). One of the biggest reasons for a dedicated camera may also be one of the most mundane: shooting lots of photos and videos on your phone drains the battery and fills the storage, fast. If you shoot a lot, offload the work to a dedicated camera or camcorder; it will keep your smartphone running that much longer between charges.

Tablets – Apple iPad Pro compared with Microsoft Surface Pro 3

The PC Magazine review compares the new Apple iPad Pro with Microsoft Surface Pro 3,2817,2490941,00.asp

The iPad Pro measures 12 by 8.68 by 0.27 inches (HWD) and weighs 1.57 pounds, which is bigger and heavier than the original iPad but still surprisingly thin, nearly matching the iPad Air 2’s 0.24-inch thickness. Microsoft’s Surface Pro 3 is a bit bulkier at 11.5 by 8 by 0.36 inches inches (HWD) and 1.76 pounds.

Internally, the iPad Pro has Apple’s new A9X chip, its third-generation 64-bit chip, which is said to be 1.8x faster than the A8X found in the iPad Air 2. The Surface Pro 3 uses a real laptop chip: either an Intel Core i3, Core i5, or Core i7, making it a powerful machine for enterprise tasks and providing the full Windows experience. The iPad Pro doesn’t use OS X software, but iOS. Interestingly, Microsoft made optimized Office apps for the iPad Pro that Redmond presented on stage at the event

The iPad Pro is slightly more expensive, but both tablets are pretty similar in price, specs, and target market. Which one is better? We’ll let you know once we have the chance to test the iPad Pro.

EMAIL SPAM – Malicious Upatre/Dyre attack circulating

The ISC and other security sites warn of spam with malicious ZIP attachments that are being  sent in major waves.

ISC LINK – Uparte/Dyre malspam attacks

Any email filtering worth its cost should block numerous messages every day.  Most people are content to ignore these blocked messages; however, I’m always interested to see what exactly is being blocked.  Perhaps the most common type of malicious spam (malspam) I see from the spam filters is Upatre-based malspam

I’ve written diaries before about specific waves of Upatre malspam sending the Dyre banking Trojan.  I’ve only noticed emails with .zip file attachments from this type of malspam.  I recently looked through my organization’s spam filters and found the same thing again.  In this case, we found three different themes of malspam sent in a three-hour window, and all had Upatre malware sending Dyre.

In this three-hour window, we see several different types of subject lines.  Let’s concentrate on the top three:

1. Subject lines that start with:  Credit Note CN-
2. Subject lines that start with:  Message from “
3. Subject line:  Please view

Each of the above waves is botnet-based Upatre malspam.  A random check of the email headers shows almost every message came from a different IP address.  The subject line for each message contains the domain name of the recipient’s email address.  The subject lines, message text, and attachment names are different for each message.  The attachment is a .zip archive that contains an executable with an .scr file extension.

Featuring WPMU Bloglist Widget by YD WordPress Developer