Looks like a pretty huge batch of updates is coming from Microsoft next week.
There's a lot of shenanigans going on the internet right now and as usual Microsoft's products are the targets.
Looks like it's the usual suspects; Internet Explorer and Windows OS components. In my position I need to look carefully at every one of these to see what subsystems are going to be changed by these updates.
In the past, a number of business-critical functions have suffered as a result of poor patch testing by Microsoft, even against other Microsoft products. In particular a recent update disabled IE users from using the Explorer view for SharePoint Shared Document folders. That was a fine piece of misery to work through, I can tell you!
While I won't be surprised, I will still shake my head if I see more image and font exploits this month, as I have seen for the last year or so. It seems like they are constantly tweaking long-standing vulnerabilities in order to continue to support OS-integrated systems like music and image tagging.
So it looks like I'm due for a good 2-3 hours of reviewing these updates next Wednesday to see what's going to pass muster so I can continue to strike the balance between security and productivity.
Thursday, August 4, 2011
Monday, August 1, 2011
Phishing, Spam, Fake Email, how to tell??
For years I've had an email account on Hotmail which I use to sign up for contests, get whitepapers, register free software, and any number of odd, mostly unimportant things.
When I get mail on this account, it is 100% stuff I don't really care about. Usually someone sold that email address to someone else and they are now sending me some kind of nonsense I can completely ignore by virtue of the account it's received with.
The interesting thing about this is after years of use, I get a lot of mail. In fact that email address has been passed around by 3rd party marketers, scammers, hackers, phishers, the whole lot. What I am able to learn from this is how to tell the difference between a real message and a fake one.
I didn't sign up with Facebook or Twitter with this account. I also don't email my family or friends. I don't use it for anything important like banking, PayPal, or Ebay. So, everything I get on it which CLAIMS to be from any of those sources, I can say without reservation is FAKE.
I encourage EVERYONE I support to get these kinds of email accounts. They not only protect your personal, important email accounts, but can give you a look into what the fake mail looks like so when it arrives in your legitimate mailbox, you just might be able to tell the difference.
When I get mail on this account, it is 100% stuff I don't really care about. Usually someone sold that email address to someone else and they are now sending me some kind of nonsense I can completely ignore by virtue of the account it's received with.
The interesting thing about this is after years of use, I get a lot of mail. In fact that email address has been passed around by 3rd party marketers, scammers, hackers, phishers, the whole lot. What I am able to learn from this is how to tell the difference between a real message and a fake one.
I didn't sign up with Facebook or Twitter with this account. I also don't email my family or friends. I don't use it for anything important like banking, PayPal, or Ebay. So, everything I get on it which CLAIMS to be from any of those sources, I can say without reservation is FAKE.
I encourage EVERYONE I support to get these kinds of email accounts. They not only protect your personal, important email accounts, but can give you a look into what the fake mail looks like so when it arrives in your legitimate mailbox, you just might be able to tell the difference.
Tuesday, July 12, 2011
Support your local developers!
We are seeing more and more widely-deployed applications change on a frequent basis. Microsoft's Office product changed significantly in 2007 and another big change came out just last year. For most users these changes were completely unnecessary, but in order to remain compatible with new document standards they were forced to upgrade.
Adobe Reader's product line had a similar change and worse still the installer opted you in to have an extra toolbar. Google product updates throw a browser on, so do Apple products.
These application updates frequently leave the user forced between a rock and a hard place; having to choose between 'keeping up' and being shut down due to rushed development bugs, insecure third-party applications and utilities, and a learning curve to find out where common commands were moved to.
Customized application development used to be the luxury of big business and their internal developer teams, or partnerships with the big IT companies out there like Microsoft, Lotus, Adobe and IBM.
Today, thanks to the growing open source movement, we have small development companies all over who are creating custom applications which are sustainable, safe, and deliver exactly what you need. You decide when it updates and how.
Over the life of a product forced upgrades can cost a lot in both hard and soft costs like retraining and lost productivity. In many cases a relationship with your local application developer can save you some real money.
Adobe Reader's product line had a similar change and worse still the installer opted you in to have an extra toolbar. Google product updates throw a browser on, so do Apple products.
These application updates frequently leave the user forced between a rock and a hard place; having to choose between 'keeping up' and being shut down due to rushed development bugs, insecure third-party applications and utilities, and a learning curve to find out where common commands were moved to.
Customized application development used to be the luxury of big business and their internal developer teams, or partnerships with the big IT companies out there like Microsoft, Lotus, Adobe and IBM.
Today, thanks to the growing open source movement, we have small development companies all over who are creating custom applications which are sustainable, safe, and deliver exactly what you need. You decide when it updates and how.
Over the life of a product forced upgrades can cost a lot in both hard and soft costs like retraining and lost productivity. In many cases a relationship with your local application developer can save you some real money.
Saturday, June 25, 2011
FTC's Google Investigation
This seems to be a big thing in the news right now. I shudder to think what this bit of news is distracting us from.
Why do I feel it's unimportant enough to worry about what I might be missing? Monopoly investigations in the tech industry have been little more than a money grab from courts and lawyers. Our rights as consumers aren't being protected.
Case in point; Microsoft. Once the target of a probe that was simply dropped in the U.S. after years of court battles. One of the key points was the forced distribution of the web browser in the operating system. This was a clearly egregious violation of antitrust laws, but somehow U.S. courts allowed themselves to be blinded to Microsoft's cavalcade of "experts" and allowed that point to simply fall by the wayside.
Not so in the EU; consider that Microsoft distributes the Windows operating system WITHOUT A BROWSER. It's completely separate from the OS and people can choose to run it or not.
Another case in point; Apple. Consider that you cannot install the OS on any non-Apple manufactured hardware. Consider that you cannot replace the battery in many of Apple's products and most of the software for it needs to be vetted through iTunes or Apple. Seems like Apple products are designed to promote trade and opportunity for only Apple and they are not interested in innovative partners (of course most of the truly innovative technologies are bought up by Microsoft since they can't seem to spell innovation much less create any).
One of the more recent arguments presented in an article is questioning the wisdom of launching an investigation into a high-profile member of the tech industry when it is that industry which is driving a significant part of the U.S. economic recovery.
Personally, I could care less if Google was making every dollar for the U.S. GDP right now; if they're breaking the law then they need to be punished. Punishing them for dominance of the search market? Uhm. No. Punish them for poisoning the way links are displayed in search results? Ok yeah get 'em.
Just don't forget, Microsoft's Bing uses Google search to give you your search results, so take heed Microsoft; you better get your lawyers over to Google to protect your... Innovative search engine...
Why do I feel it's unimportant enough to worry about what I might be missing? Monopoly investigations in the tech industry have been little more than a money grab from courts and lawyers. Our rights as consumers aren't being protected.
Case in point; Microsoft. Once the target of a probe that was simply dropped in the U.S. after years of court battles. One of the key points was the forced distribution of the web browser in the operating system. This was a clearly egregious violation of antitrust laws, but somehow U.S. courts allowed themselves to be blinded to Microsoft's cavalcade of "experts" and allowed that point to simply fall by the wayside.
Not so in the EU; consider that Microsoft distributes the Windows operating system WITHOUT A BROWSER. It's completely separate from the OS and people can choose to run it or not.
Another case in point; Apple. Consider that you cannot install the OS on any non-Apple manufactured hardware. Consider that you cannot replace the battery in many of Apple's products and most of the software for it needs to be vetted through iTunes or Apple. Seems like Apple products are designed to promote trade and opportunity for only Apple and they are not interested in innovative partners (of course most of the truly innovative technologies are bought up by Microsoft since they can't seem to spell innovation much less create any).
One of the more recent arguments presented in an article is questioning the wisdom of launching an investigation into a high-profile member of the tech industry when it is that industry which is driving a significant part of the U.S. economic recovery.
Personally, I could care less if Google was making every dollar for the U.S. GDP right now; if they're breaking the law then they need to be punished. Punishing them for dominance of the search market? Uhm. No. Punish them for poisoning the way links are displayed in search results? Ok yeah get 'em.
Just don't forget, Microsoft's Bing uses Google search to give you your search results, so take heed Microsoft; you better get your lawyers over to Google to protect your... Innovative search engine...
Thursday, June 23, 2011
FBI seizes servers: Reminds IT admins to have a back-up plan | TechRepublic
FBI seizes servers: Reminds IT admins to have a back-up plan | TechRepublic: "- Sent using Google Toolbar"
I'm not big on the cloud; there are a LOT of points of failure which get introduced and I agree there is a way to mitigate them but it's hard to get the purse strings to understand the need to maintain a network just in case the wind blows your cloud away!
Another client in my cloud doing something illegal which happens to take my site down too is not something I would have put in my DR plan; but definitely worth considering.
I'm not big on the cloud; there are a LOT of points of failure which get introduced and I agree there is a way to mitigate them but it's hard to get the purse strings to understand the need to maintain a network just in case the wind blows your cloud away!
Another client in my cloud doing something illegal which happens to take my site down too is not something I would have put in my DR plan; but definitely worth considering.
The Official Lookout Blog | Security Alert: Android Trojan GGTracker Charges Premium Rate SMS Messages
The Official Lookout Blog | Security Alert: Android Trojan GGTracker Charges Premium Rate SMS Messages: "- Sent using Google Toolbar"
Another good reason to use Lookout on your Android device. I have been using the free version for some time now. It's been nice to have a little comfort in knowing I have some protection against this sort of thing as well as the ability to restore my phone from backup in the event of a wipe.
Another good reason to use Lookout on your Android device. I have been using the free version for some time now. It's been nice to have a little comfort in knowing I have some protection against this sort of thing as well as the ability to restore my phone from backup in the event of a wipe.
Friday, June 10, 2011
Small Business Take Heed
There's enough IT things working against small business; from predatory consultants to vague billing from subscription services like phone and internet use. Your relationship with your bank is one of those things that's relied upon for all your critical business needs.
Today's ruling spells out in clear terms that you are responsible for conducting your business with the bank in a safe and secure way. Failure to do so with simple bank passwords and secret questions can result in the lost of hundreds if not thousands of dollars.
Some advice from the security world in regards to online banking is still pretty sound and I would encourage everyone with a commitment to business security to use it.
- Use a dedicated computer for financial transactions. Don't use it for anything else than your banking. No web browsing, no games, no photos, no email, no music or videos; nothing but bank activity. When you aren't using that computer; turn it off. Update it with antivirus and security updates on a weekly basis.
- Change your password every 3 months. A moving target is much harder to hit than a stationary one.
- Do not, ever use a mobile phone for banking. There is just too much risk and too many chances for failure.
- Do your banking on a schedule. Tuesday for deposits, Thursday for bill paying. Be consistent. Ask your bank to contact you for any odd transactions outside of the norm.
- Check your bank activity weekly. Usually when you do a deposit or bill pay, you can check your recent transactions. Do so and verify that they're legitimate.
A little extra work on your part can save your business.
Today's ruling spells out in clear terms that you are responsible for conducting your business with the bank in a safe and secure way. Failure to do so with simple bank passwords and secret questions can result in the lost of hundreds if not thousands of dollars.
Some advice from the security world in regards to online banking is still pretty sound and I would encourage everyone with a commitment to business security to use it.
- Use a dedicated computer for financial transactions. Don't use it for anything else than your banking. No web browsing, no games, no photos, no email, no music or videos; nothing but bank activity. When you aren't using that computer; turn it off. Update it with antivirus and security updates on a weekly basis.
- Change your password every 3 months. A moving target is much harder to hit than a stationary one.
- Do not, ever use a mobile phone for banking. There is just too much risk and too many chances for failure.
- Do your banking on a schedule. Tuesday for deposits, Thursday for bill paying. Be consistent. Ask your bank to contact you for any odd transactions outside of the norm.
- Check your bank activity weekly. Usually when you do a deposit or bill pay, you can check your recent transactions. Do so and verify that they're legitimate.
A little extra work on your part can save your business.
Subscribe to:
Posts (Atom)
My Zerply
