Security Protection – Harry Waldron MVP Rotating Header Image

Apple iPhone 6 – over 60 pounds of force to bend

Interesting tests by Consumer Reports that document new iPhone 6 casing holds up with other similar smartphones.,2817,2469381,00.asp

QUOTE: Apple’s iPhone 6 required less force to ruin than Apple’s iPhone 6 Plus, but more force than what Apple itself has been claiming the iPhones can tolerate. According to those who attended a recent press tour of the company’s “torture lab” for its iPhones, an iPhone 6 can handle at least 25 kilograms of weight—around 55 pounds—in a similar three-point flexural test. Apple maintains the iPhone 6 can actually handle more weight than that, but didn’t specify how much.

According to Consumer Reports’ tests, the iPhone 6 only started to deform, warp, or otherwise look different than it normally does once the test applied 70 pounds of weight to the smartphone. The iPhone 6 Plus held out for slightly longer, deforming at around 90 pounds.

Two days ago, the Internet erupted with photos of bent iPhone 6s, and a very-viral video of a guy creasing an iPhone 6 Plus with his bare hands. It seemed like a serious concern, yet everything about the uproar was highly unscientific. We don’t like unscientific, so we promised then that we would use our lab equipment to find out just how delicate the iPhone 6 and 6 Plus really are.

Hacked Account – Recovery tips for home users SEP2014

Kim Komando shares 5 page guides to recover stolen email or other accounts.  The key links to recovery resources for Facebook and other sites are helpful resources for home users

Unlike other online accounts, I wouldn’t use online forms to try to get back a hacked bank account. Call the bank or visit your local bank branch immediately. The bank will work with you to change the password and reverse any fraudulent charges. You may have to open up a new account, though. While you’re there, ask about using additional verification features. Most banks have a system that lets you verify any major charge before it’s made. For any online account, a little preparation beforehand makes your account much harder to crack. Check your online account’s security settings often. Make sure you have a rock-solid password and strong security question to keep hackers out.

Linux and Unix – PATCH NOW for Bash Shellshock vulnerability

Informative links below from Internet Storm Center (Webcast, FAQ, and Patch NIX now)

 The good news is that it’s an easy fix:  Debian (Ubuntu, etc.): apt-get upgrade bash …. RHEL (Fedora, CentOS, etc.): yum update bash

Apple iOS 8 Upgrade – Eight best practices

This PC Magazine security article shares 8 best practices to ensure a safe update of the new Apple iOS 8 operating system

QUOTE: Apple’s iOS 8 is here. If you’ve got an iPhone, you’re probably champing at the bit to download Apple’s latest and greatest OS. Or perhaps you’ve already pre-ordered an iPhone 6 or 6 Plus and are ready to party with a totally new handset. Either way, now is a great time to spruce up the security of your iOS device.

1. Wait – Don’t try to be among the first adopters and wait a few days until the dust settles
2. Shred It – Wickr’s Shredder feature to sanitize your phone before wiping it when trading in
3. Check Your Security Settings – Optimize your security settings as soon as you update to iOS 8 or get your new iPhone 6
4. Location, Location, Location – right off the bat iOS 8 asks you to enable location services before you can even play with the new OS. Go through the apps that request that data with a fine-tooth comb and deciding which really need the information
5. Medical Condition setup – iOS 8 users should set up a Medical ID. This is a virtual medical ID card that includes information like blood type, organ donor, allergies, and medical conditions.
6. Fingerprint Authentication – Be sure to enable Touch ID if you have an iPhone with a fingerprint reader, and deactivate Simple Passcodes to use a longer, more complex passphrase to unlock your device.
7. Lock Down the Lock Screen –  From the Restrictions section of the General settings, you can hide apps and even prevent apps from being installed or deleted. You can also set which apps can access your microphone, or other intimate settings, and prevent those settings from being changed.
8. Go Nuclear – A strong passcode and Find My iPhone go a long way toward keeping your phone, and its data, secure. But we can go further. Set your iPhone to automatically wipe its contents after 10 failed attempts to enter a security code.

Windows 9 – Preview Announcement set for September 30th

Several articles note that new attributes of the new operating system will be previewed on September 30, 2014

QUOTE:  Microsoft issued invitations on Monday for a Sept. 30 event where it will unveil the next version of Windows, according to multiple online reports.  The San Francisco press conference will introduce the next iteration of Microsoft’s venerable Windows operating system. Most pundits and analysts expect the OS to be dubbed “Windows 9,” with the company sticking with the numerical moniker of the 2012 predecessor. It has also been known by the code name “Threshold.”

Presumably set for release in the first half of 2015, Windows 9, may be either the last major release of the operating system or the first in a string of smaller, less-ambitious updates as Microsoft accelerates its already too-fast-for-enterprise release schedule.  A revamped Start menu — one that hews more closely to the one in Windows 7 — a de-emphasis of the touch-first “Modern,” née “Metro,” mode and UI (user interface), and the ability to run Modern apps in Windows on the classic desktop have been bandied as Windows 9’s most obvious changes.

The mention of “enterprise” in Microsoft’s invitation bolsters the speculation that Windows 9 will be primarily aimed at business and corporate customers, who have spurned Windows 8 because of its split-UI personality. That, in turn, argues for a surfacing of new features and other changes that make the OS easier to operate and navigate with mouse and keyboard, still the primary input methods for business PCs.

It’s important for Microsoft to make Windows 9 attractive to those customers, Gartner analysts have said, if Microsoft is to convince them to move beyond Windows 7 — which has a lock on the corporate market — in time to avoid a repeat of the Windows XP longevity problem.

Leadership – Key Question to ask during fact gathering

From the excellent Leadership blog by John Maxwell, the key question of “What Do You Think?” is examined

QUOTE:  The simple act of asking the right questions of the right people can provide crucial information, offer clarity and help you make better decisions. That process begins with the questions you ask yourself. It continues with the questions you ask others. When you ask the right questions of people on your team, it not only gives the above benefits, it can also improve your connection with them and demonstrate your openness and teachability.

In my upcoming book, Good Leaders Ask Great Questions, I share the eleven questions that I continually ask members of my team. Today, I’ll talk about the question that I ask my most often: “What do you think?” These words come out of my mouth a dozen or more times every day.

1. Gathering Information – want good information from multiple sources and perspectives
2. Confirming My Intuition – what can you do to validate your belief?
3. Assessing Someone’s Judgment or Leadership – fastest way to assess people’s thinking and observation abilities
4. Teaching How I Think – Why is a great tool for connecting and equipping.
5. Processing a Decision – Sometimes people need a number of different perspectives in order to discover the best choice

Apple – How iPhone 6 compares with iPhone 5s

From the Apple product announcements a head-to-head comparison of both phones are made that highlight new iPhone 6 features and whether it is advantageous to upgrade:,2817,2468229,00.asp

QUOTE: Previous generations of iPhone have mostly been spec bumps, with the iPhone 5’s screen increase from 3.5 to 4 inches and the new A7 chip in the 5s making most of the news, along with some camera improvements. This time, Apple has released two phones to cover its bases, both with larger screens and the even faster A8 processors.

We won’t know for sure until we get the iPhone 6 in for a full review, but we expect real-world performance to be somewhat similar, at least at first. When app developers start making more complex apps and games to match the A8’s power, you may see some lag on your iPhone 5s, but it’s clear you’d need some pretty serious games to slow the A7 down.

Apart from the screen and CPU, there are also some interesting new features in iOS 8, most notably Apple Pay, which will arrive in October and promises to make mobile payments a more accepted standard. And if any company’s going to do it, it’s Apple. Unfortunately for those with the iPhone 5s, this feature requires NFC, which only the iPhone 6 and 6 Plus will have.

Windows XP – Unofficial version of SP4 on the way

This non-Microsoft implementation of SP4 is mainly to provide a shortcut in building an XP based system from scratch as it is essentially a rollup of all past security updates.  This would be used at one’s own risk and by technical professionals who could repair issues without support by Microsoft.  This new resources may be useful in some settings, as long as technicians understand the inherent risks.

QUOTE: Some five months after Microsoft ended support for Windows XP, a developer is preparing to make an unofficial service pack for the 13-year-old OS available on general release.  Using the project title of Unofficial Service Pack 4, Greece-based developer harkaz started work in September 2013 on bringing together all the official updates from Microsoft in a single package.

In his description of the Windows XP service-pack project, harkaz said: “Many users — including me — who won’t be able to upgrade their old machines to a newer OS would like to easily install all Windows updates in one convenient package. For this reason, I started working on a Service Pack 4 package.”  According to harkaz, Windows XP Unofficial SP4 is a cumulative update rollup for Windows XP x86. It can be applied to a live Windows XP system that has a minimum of SP1 installed. Alternatively, it can be integrated in any Windows XP installation media.

Apple Watch – Early Review of this new device

This InformationWeek article provides early review of Apple Watch accessory

QUOTE: Nonetheless, Apple Watch is a brilliant piece of engineering. While it may lack a reason for being, it appears to be a triumph of fashion and entertainment. It’s likely to appeal to Apple customers, many of whom can afford the unnecessary expense of the Apple Watch.

Starting at $349, Apple Watch should prove popular with well-heeled young people, a group likely to be delighted with the social interaction enabled by the product: the ability to send heartbeats to one another via the device’s haptic sensor, to transmit doodles, and to reply to email via menu options or voice input rather than typed text.

The Apple Watch, beautiful though it may be in comparison to other smartwatches on the market, is useless in the sense that it isn’t even a stand-alone product; it’s an iPhone accessory. It needs to be paired with an iPhone for GPS data and WiFi connectivity. It needs to be paired with an iPhone because otherwise it might cannibalize iPhone sales, as the iPhone has done to the iPod.

The Apple Watch isn’t so much a revolutionary product as a devolutionary one: It marks the migration of technical functions into the objects and activities of everyday life. It marks an even greater emphasis on design as a differentiator. Apple Watch won’t be a runaway hit like the iPhone or iPad; but it will help Apple expand the focus of the technology industry beyond mobile devices and the desktop.

Best Practices – Top 10 security recommendations for businesses

QUOTE: This list is not entirely focused on mobile security, but is general to corporate security. Here’s my list of 10 security best practice guidelines for businesses:

1.Encrypt your data: Stored data, filesystems, and across-the-wire transfers all need to be encrypted. Encryption is essential to protecting sensitive data and to help prevent data loss due to theft or equipment loss.

2.Use digital certificates to sign all of your sites: Save your certificates to hardware devices such as routers or load balancers and not on the web server as is traditionally done. Obtain your certificates from one of the trusted authorities.

3.Implement DLP and auditing: Use data loss prevention and file auditing to monitor, alert, identify, and block the flow of data into and out of your network.

4.Implement a removable media policy: Restrict the use of USB drives, external hard disks, thumb drives, external DVD writers, and any writeable media. These devices facilitate security breaches coming into or leaving your network.

5.Secure websites against MITM and malware infections: Use SSL, scan your website daily for malware, set the Secure flag for all session cookies, use SSL certificates with Extended Validation.

6.Use a spam filter on email servers: Use a time-tested spam filter such as SpamAssassin to remove unwanted email from entering your users’ inboxes and junk folders. Teach your users how to identify junk mail even if it’s from a trusted source.

7.Use a comprehensive endpoint security solution: Symantec suggests using a multi-layered product (theirs, of course) to prevent malware infections on user devices. Antivirus software alone is not enough. Antivirus, personal firewall, and intrusion detection are all part of the total approach to endpoint protection.

8.Network-based security hardware and software: Use firewalls, gateway antivirus, intrusion detection devices, honey pots, and monitoring to screen for DoS attacks, virus signatures, unauthorized intrusion, port scans, and other “over the network” attacks and attempts at security breaches.

9.Maintain security patches: Some antivirus programs update on what seems like a daily basis. Be sure that your software and hardware defenses stay up to date with new antimalware signatures and the latest patches. If you turn off automatic updating, set up a regular scan and remediate plan for your systems.

10.Educate your users: As I wrote in The second most important BYOD security defense: user awareness, “it might be the most important non-hardware, non-software solution available. An informed user is a user who behaves more responsibly and takes fewer risks with valuable company data, including email”.