Monday, November 14, 2011

Steve Jobs' Lost Interview

It is with great pride that I announce that tomorrow evening I will be interviewing Robert Cringely about the film "Steve Jobs: The Lost Interview".


I'm excited to talk to Mr. Cringely and I am also excited to discuss this lost footage and the relationship between what Mr. Jobs said in the interview and the modern marketplace.  Tune in and please call in as we have what is sure to be a lively discourse about this topic.

Wednesday, October 26, 2011

Cisco Announces Vulnerability in WebEx Player

Cisco has released an advisory regarding a vulnerability in their popular WebEx Player.  The exploit is already readily available, so if you have WebEx Player installed on your computer you should either:

A) Uninstall it (you can always download it again if you need it.) or

B) Update your version to the latest (you can obtain it here.)

Keep safe out there!

Wednesday, October 5, 2011

Steve Jobs 1955 - 2011

I was fortunate to be coming of age as Apple introduced the first viable personal computer. I wasn't fortunate to own one of my own until I went to college, however in elementary school I was lucky enough to have the (at the time) ubiquitous Apple ][ in the computer lab. My "uncle", son of a close family friend, worked for Apple for a brief time, and my father got a machine on loan from him to use in writing his thesis for his Masters degree. Apple's products have always been in the background of my life.

The engineers at Apple sparked my imagination about what computers could do, and Steve Jobs' personal example kept me inspired and focused in my life. I, too, dropped out of college in my first year. I never let that stop me from pursuing my dreams. I now support my family of four as a Systems Engineer, a job I never would have even thought about had it not been for my hands on experience with Apple's amazing products and ideas.

The world is a better place because of Steve Jobs, and I feel I owe him a personal debt. I will forever be grateful to him for his spirit, his innovation, and his drive.

He will be missed by many.

Thursday, July 14, 2011

ZITMO Attacking Android Devices

There are reports that a new variant of Zeus is in the wild and targeting Android devices. If you haven't already, it's time to get anti-virus software on your mobile device.

For Android, BlackBerry, and Windows devices I use and recommend Lookout.

As more and more of our computing is done on mobile devices such as smartphones and tablets, it becomes just as important to secure these devices as you would your laptop or computer. It's also important to be careful what you install on your phone, the Android Market is great in that it's open and easy to sell your software there... the downside of this openness is that it's all too easy for crooks to put malware in the market, and it stays there until it is discovered for what it is, often after someone's personal information has already been compromised.

Stay safe out there!

Friday, July 8, 2011

PDF iOS Vulnerability

Even though Germany took the step of issuing a security warning regarding the new PDF vulnerability in iOS, Apple has not yet released a patch for this serious problem. The ironic thing is that there is a patch available... if your device is "jailbroken".

I find it interesting that if you want your device to be secure you have to remove the "security" features to do it. It's also interesting that Apple seems to be taking its time to address this issue (since there's obviously a working fix that was developed externally for jailbroken phones.)

If you've got an iOS device, I'd recommend steering clear of PDFs until a patch is released!

Thursday, May 19, 2011

"MacDefender" Malware Removal

Here is an article that explains how to get rid of this nasty bug that is going around.

Thursday, April 21, 2011

Microsoft Releases End of Support Countdown Gadget

I had to mention this just due to the sheer irony of it. Microsoft has released a gadget that will countdown to the end of support for Windows XP, however since it's a gadget it will only run on Vista or Windows 7.

I thought that was pretty funny.

Obviously this is most likely intended for system administrators on corporate networks that are still in the process of migrating off of Windows XP, it's still funny that the only way to get a countdown timer for XP support is to not be on XP.

So, for all you XP users out there, there's only a few years left! Time to upgrade!

Friday, April 8, 2011

Epsilon Data Breach - What To Do?

I've had a couple of my clients contact me after they read about the data breach that occurred at Epsilon that was announced last weekend. They were curious as to why I didn't post about it on my blog.

The short answer is "I was busy."

However that doesn't mean that I don't think that this is a serious issue. I just think that if my clients are following the best practices which I've outlined in several other posts, they won't have to worry about this particular breach.

Will the data that was obtained be used in phishing attempts? Almost certainly. Will those attempts be sophisticated? I believe so. It's still not a reason to panic.

I fall back to my default position vis-à-vis email security. If a company contacts you via email with a link, and you weren't expecting it, don't click on it. Call the company, or contact them via their website (getting there manually, of course) and verify that the email is legitimate. Never enter any account, credit card, or personal information in an email reply or a form linked via email. If in doubt, delete the email and contact the sender.

I trust that my clients (all of whom are brilliant and successful in their own fields, and circumspect by training if not by default) will "do the right thing" when it comes to email use and security. I don't think I have to be "chicken little" every time a new breach occurs.

So, the "long" of it is, loyal reader, I trust you, even if I can't trust marketing corporations.

Thursday, March 31, 2011

Scam Email - Pretends to be Adobe Upgrade Offer, Steals Credit Card Information

There's an email going around purporting to be from Adobe Systems that is in fact a phishing scam. The URLs in the email have "adobe" in them, but are not actual Adobe Systems domains.

Once you click on the link you are taken to a site that will ask for personal information, including your credit card.

As always, my advice is that if you get an email with an offer that interests you, either go to the company's website on your own (without using links in the email) or call the company directly to verify that the email is legitimate.

Tuesday, March 29, 2011

Hacker Group Discloses Vulnerability on McAfee Webstite

Here's an interesting story, over the weekend the YGN Ethical Hacker Group publicly disclosed a vulnerability on the mcafee.com website. It's nothing to panic about if you are a customer of Network Associates or McAfee, however it is interesting that it is taking so long for McAfee to address the issue.

YGN originally reported the discovery to McAfee almost two months ago, and as of Sunday it had not been fully addressed. The vulnerability could be exploited to "spoof" the mcafee.com domain.

If you use McAfee products, I don't recommend changing anything, just be careful and don't click on any links you receive that purport to go to the mcafee.com website.

There's a good article on this on CNET. Interesting reading if you have some time.

Wednesday, March 23, 2011

Comodo Certificate Hack - Microsoft Releases Patch

Last week one of the root certificate authorities, Comodo, issued some fraudulent certificates for some very high-traffic and popular domains (including google.com, live.com, and yahoo.com.) The risk is that someone will use these certificates for nefarious purposes.

Microsoft deemed the risk bad enough that they released an out-of-band patch that will revoke the bad certificates. You can download this patch here. I highly recommend that if you are on a Windows machine you apply this patch.

More information about this problem can be read here. A good article about this story is available on cNet.

Thursday, February 24, 2011

Google Releases Google Apps Plugin for Microsoft Office

Google has released a plug in for Microsoft Office called "Cloud Connect" that allows users of Office to utilize the document management and collaboration features of Google Apps.

This is an interesting development in the Google vs. Microsoft battle. Microsoft's current document management solution, SharePoint, is cumbersome and expensive compared to Google Apps, and isn't really a true "cloud" solution. Until now, one of the big drawbacks of Google Apps was that the word processing and spreadsheet tools weren't as full featured as Microsoft's offerings. There were also compatibility issues when sharing documents between Microsoft Office and Google Apps users.

By integrating Google Apps functionality into the Microsoft Office platform, Google has provided a solution to this problem without having to re-invent the office suite wheel.

Exciting news for those of us who like to use the best of both worlds!

Friday, February 4, 2011

Big Patch Tuesday Next Week

Microsoft has announced that they'll be releasing patches on Tuesday to address 22 security holes. Unfortunately they will not yet be fixing the bug I discussed in my last post.

You may want to plan to do a manual Windows update Tuesday morning so that you don't experience slowness or reboots during the day.

Monday, January 31, 2011

Microsoft Issues Security Warning

Microsoft issued a security advisory on Friday for a vulnerability that was discovered last week. They have also released a "Fix It" that can be accessed from their knowledge base.

This is another one of those Windows bugs that would likely be exploited by sending an email or posting to a forum with a link to a malicious site. As always, my advice is that if you get a link in an email (even if it appears to be from a friend) verify that they sent it before clicking on it, and use caution when clicking on links from Twitter, Facebook, or other social networking forums.

Thursday, January 27, 2011

Facebook HTTPS Access - Better Late Than Never

Back in November I posted about the Firesheep issue with Facebook, and it appears that two months later Facebook is finally doing something about it!

Facebook has announced that they've enabled the ability to use their service over an encrypted connection (HTTPS), which addresses the issue with accessing Facebook over unencrypted WiFi (think Starbucks or McDonald's.)

You'll need to go into your account settings and enable this feature, which I recommend doing immediately. Go to Account -> Account Settings -> Account Security and enable "Secure Browsing."

Wednesday, January 26, 2011

AOL Mail Outage

AOL has been experiencing some problems for the last couple of days, and this morning they announced that some users may be missing email between November 2010 and January 2011.

According to their blog they are rolling out a fix this morning, so if you're an AOL user and some of your email is missing don't panic (yet.)

Friday, January 21, 2011

New Twitter Virus/Malware

Just a heads-up that there's reports of a new virus/malware being distributed via Twitter. This was first reported by the Internet Storm Center here.

The links will take you to one of those fake "anti-virus" sites that will attempt to load malware on your PC. For the time being, I'd avoid clicking on links in Twitter.

Thursday, January 20, 2011

Syncing Google Calendar with Corporate Exchange Systems

With the advent of smart phones, and with tablets becoming more and more ubiquitous, getting all of your information to play nicely together can sometimes be tricky. For those who use Google Calendar and also rely on Microsoft Outlook (yes, this is fairly common) for their personal information management, there's a great tool in Google Calendar Sync to get your appointments flowing between these two applications.

However, I've discovered that when you are working in a corporate environment using Exchange Server the calendar sync tool doesn't work well with meeting invitations. It took me a while to hunt down the solution for this, so I thought I would document it here in case any of my readers are struggling with this issue.

If you're running Outlook and using a corporate Exchange server, you will need to add your corporate email address as an additional email to your Gmail account. To do this you log into Gmail, click on "Accounts and Import" and then on "Google Account Settings". Click "Edit" under "Email Addresses" and then enter your corporate email address under "Add An Additional Email Address" and click "Save". Your corporate email account will receive an email with a link that you will need to click to verify this setting.

Note: be sure to check your company's I.T. policies prior to doing this, some companies do not allow this type of access to their network and it's important to verify that setting this up is authorized in advance.

It may take a few hours for the sync to start working (it took over 12 hours to work in one instance), however you will soon start seeing your corporate meeting invitations showing up in your Google calendar.

I'm not sure what it is in the sync mechanism that won't allow meeting invitations to sync over without adding the email address that the meeting is sent to, however this solution seems to resolve this issue nicely (though I was unable to find it in the Google documentation.)

I hope this helps you get all your information where it is most convenient for you to view it!

Tuesday, January 18, 2011

Changes to Facebook Privacy - 3rd Party Applications

According to the Facebook Developer Blog, changes have been made to their third party interface that allow developers of these applications to request your address and phone number from Facebook.

I've talked about Facebook privacy before, however I've never discussed the issues surrounding third party applications and Facebook integration. Personally, I don't use any applications that integrate with Facebook. While I'm comfortable using Facebook to keep in touch with family and friends (as long as I keep on top of my privacy settings), once you start allowing third parties access to the information that you have in Facebook, it gets harder and harder to keep track of who has what. To be honest, I haven't seen any third party applications for Facebook that offer me any value, so I'm lucky in that regard.

Now that Facebook is offering to provide your address and phone number to third parties (albeit with your permission) the issue gets more complicated. Some of these developers are very small, and it's hard to be certain if they are taking the necessary precautions to protect your personal information.

The upshot is that I'd pay careful attention now when the "Request for Permission" pop-up appears on Facebook. If the developer is asking for your address and phone number, and this isn't information that is already readily available on the Internet, then you may want to think twice before clicking that "Allow" button.

Update 01-21-2011 - There is a new post on the Facebook Developer's Blog stating that this function has been "temporarily" removed.

Friday, January 14, 2011

Outlook Slow After Patch Tuesday?

If your Outlook is slow after the latest round of Microsoft patches, it may be that KB2412171 is the culprit. I've seen some slowness myself, and a cursory search found this post on CNET's forum about the issue.

If you're experiencing the problem it appears to be intermittent. I'd recommend removing this patch until Microsoft resolves the issue.

I'll update this post when I have more information.

Tuesday, January 11, 2011

Microsoft Patch Tuesday

Just a reminder that today is patch Tuesday... Microsoft has updated for multiple vulnerabilities (including the one I mentioned last week.)

If you're a Windows user, be sure to patch your machine tonight. The details on the updates that were released for this month can be found here.

Good Article on Avoiding Scams

I just wanted to take a moment to share this article on CNet that has some great tips. I know I've discussed this before, and I can't say it enough times; you can't be too careful!

Wednesday, January 5, 2011

New Security Advisory From Microsoft

Microsoft has released a security advisory for a vulnerability in how Windows renders graphics, and an exploit has already been published to the Internet.

Microsoft has released a workaround that is somewhat complicated,(so complicated that the KB link is broken at the time of this posting.)

Probably the best way to protect yourself is to avoid opening unsolicited emails with attachments (which is always a good idea anyway.) There's no ETA on a patch for the bug.