Author: nathan

What's New Facebook Campaign - Thanks to all of you guys, we have passed the 500 mark on our Facebook page and are using it to quickly get information out on things like out-of-band updates (like the 3 from Adobe) and general IT and security related topics (like the declaration of war by Anonymous on ISIS).  You can find us on Facebook here. 2015 Focus on Security - I noted in the January 2015 newsletter that we would be renewing our focus on security in 2015 and thought it proper that the first item in the 2015 newsletter gave more detail on the plans.    Better Communication - We are going to make better use of our website, newsletter and Facebook Page to keep you better informed.   We will publish important but low-priority / non-urgent stories to the website and link…

What's New Facebook Campaign - We have received a lot of good feedback on the news and articles that we've posted to our Facebook page and would like to take better advantage of it in 2015.  If you haven't checked out or Facebook page or don't already like us on Facebook, please consider checking it out or sharing it with your friends.  We often post news on new threats (malware, viruses, etc.), breaches (Target, Home Depot, JP Morgan Chase, etc.) or just general tech news on the Facebook page well before we're able to get the news out to our website or newsletter.  You can find us on Facebook here. 2015 Focus on Security - I noted in the December 2015 newsletter that we would be renewing our focus on security in 2015 and…

As it's name would suggest, Episode One - Setting the hook, is the first of hopefully several short stories written about the interactions of end users, systems administrators and the cyber criminals working hard to get in between them.  The stories are a mixture of completely fictional tales, my experiences in the better part of two decades in IT (the names have been changed to protect the innocent and the guilty alike) and, in some cases, a mixture of the two. My hope is that the stories are equally entertaining both to the non-technical and technical reader alike, possibly giving each a different perspective of the other and making everyone's job a little easier when it comes to using, managing and securing the technology that we all rely on day to day.…

Shadow IT - a term often used to describe IT systems and IT solutions built and used inside organizations without explicit organizational approval. It is also used, along with the term "Stealth IT," to describe solutions specified and deployed by departments other than the IT department. This has always been 'a thing' but we're definitely seeing a rise in shadow / rouge IT in many of the organizations that we support.  I can understand it from it's various different perspectives (end user, management and IT department) and can see merits for each but, as a contractor often responsible for a) finding and b) fixing the mess, I tend to side wiht the IT department in most cases.   From the users perspective, buying their own kit to do their job better,…

A new Internet connection, even from the same Internet Service Provider, can be a nightmare for your home or office network.   You can save yourself the trouble with a few quick and easy steps. Ok, so you have a small network at your office.  You have a couple of workstations, maybe some printers and possibly even a server or two.  Things are working well but you need to make a change to your Internet service.  Perhaps you have DSL and get an offer from the cable company for significantly faster service at the same price that you're paying now.  Perhaps you have DSL and get an offer from the same provider offering Uverse (faster) at the same or even a lower price.  Either way, you decide to make a change…

What's New 2014 Holiday Schedule - Below is our 2014 holiday schedule.  We want to wish everyone a Merry Christmas and a Happy New Year.    Christmas - Closed Wednesday, 24 December and Thursday, 25 Decmeber 2014.  We will be open on Friday, 26 December. New Year - Closed Wednesday, 31 December [2014] and 1 January 2015.  We will be open on Friday, 2 January. Focus for 2015 on Security - By any measure, the latter part of 2013 and all of 2014 year have been bad when it comes to security.  We've had Target, JP Morgan Chase, Michaels, Neiman Marcus, Texas Health and Human Services, the IRS, the Department of Public Health and Human Services, Community Heath Systems / Tennova and Home Depot and those are just the ones that were reported (discovered?)…

Quick and easy ways to protect yourself from cyber criminals this holiday season The holidays are coming and everyone's looking for a way to make a few extra bucks.  Unfortunately, this includes the scoundrels behind the fake tech support scams that seem to be so effective.  We've reported a couple of times in the past the telephone tech support scams but the ArsTechnica article below does a really good job of outlining (via the FTC complaint) how another similar attack works.  With folks spending a lot of time shopping online (with or without the holiday eggnog), the unfortunate reality is that many will become victims of these scams.  We've put together the following short list of some things to keep in mind when it comes to your computer: Find a good tech support…

Earlier today we erroniously posted an article noting that, regarding MS14-068 (the TLS patch), "it may be worth waiting to see if anyone else has problems with it".  That is not the case and all users should update as soon as is feasible.  This update addresses a "vulnerability in Kerberos could allow elevation of privilege and could allow for forging of part of Kerberos service ticket.".   Contrary to the earlier post, this update should be applied as soon as possible.     From the Microsoft Technet site directly (bold and italics added): Summary: This security update resolves a privately reported vulnerability in Microsoft Windows Kerberos KDC that could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account. An attacker could use these…

The Internet Storm Center posted earlier today that Microsoft plans to release MS14-068 today which apparently addresses a critical vulnerability in several versions of Windows that can allow an attacker to escalate access on a vulnerable computer.  The text of the ISC article is below and I suspect Microsoft will be making downloads available shortly.  I have not seen any indication (yet) that this is remotely exploitable, so it may be worth waiting to see if anyone else has problems with it.  Additionally, I still haven't heard much about MS14-075 and there are no additional details on the Microsoft site (yet).  We expect to this update available to MyIT customers so that will be installed during normal reboots.     Today, Microsoft will release MS14-068. This is one of the bulletins that…

What's New 2014 Holiday Schedule - Below is our 2014 holiday schedule.  As we move into the 2014 holiday season, we want to wish everyone a Happy Thanksgiving, a Merry Christmas and a Happy New Year.   Thanksgiving - Closed Thursday, 27 November and Friday, 28 November 2014. Christmas - Closed Wednesday, 24 December and Thursday, 25 Decmeber 2014. New Year - Closed Wednesday, 31 December [2014] and 1 January 2015. What do the Target Breach and Home Depot breach have in common?  In December of 2013, we learned that Target had suffered a massive security breach where the identities of more than 40 million people were exposed.  In September of 2014, we learned that Home Depot suffered a massive security breach where the identies of more than 50 million people…