“I’m too little; I have nothing of value…”

An all too frequent refrain from customers when I approach them about securing their network with a firewall or a software based Security Suite. However, you ARE valuable to the bad guys and the “little guy” is the new “ripe” target as the “bad guys” have now aggressively automated their attacks with bots. They no longer care about making dollars off of your data (although you’d be surprised what some “insignificant” data is worth) — it’s all about the cents. Your data bundled together with enough others starts adding up to real money. Remember — it’s computers doing all the sorting; one “bad guy” can launch A LOT of attacks and make a nice bit of money on the side.

Don’t want to believe me? How about what Dale Drew of CSO magazine had to say in October 2017:

“But here’s a sobering thought: every second, potential cyber victims are hit with roughly 15,000 malware attempts, 15,000 phishing attempts and 8,000 scans for known vulnerabilities or exposures..”

“So, while we may not always see them, cyberattacks are nevertheless ongoing. In fact, we’re witnessing a sharp and sustained increase in attacks over the public internet just within 2017.”

Source: https://www.csoonline.com/article/3235028/security/no-target-too-small-no-industry-untouched.html

Mr. Drew continues: “A recent Incapsula report found more than 50 percent of all web traffic is botnet traffic, rather than traffic initiated by human beings. While roughly 23 percent of botnet traffic is attributed to “good” bots like search engines and feed fetchers, approximately 29 percent of bot traffic is classified as the handiwork of bad actors or automated systems scanning for exposures.”

“In the last month or so, alone, automated attacks hit some honeypots upwards of 750,000 times in a single day.”

“In other words, the bad guys don’t even have to keep their fingers on their keyboards to successfully infiltrate as many networks and machines as possible; their bots are doing it for them.”

I would encourage you to read his entire article and start considering security on your computer the same way you think about it for your home or other property. The Internet is a wondrous place full of information but it is also still the “wild west” — you need to be cautious.

daviestrek Consulting is here to help you “secure the ranch.” we can assist with helping you make your passwords more secure, install a Security Suite on your individual machine, or install a Firewall for your network that’s far more robust than a big box store router or the router provided by your ISP. All of these items are very affordable and can even be billed out monthly if that fits your budget better.

Microsoft Releases More Win10 Updates

Paul Thurrott (http://www.thurrott.com) just reported that Microsoft has updated the shipping versions of Windows 10 again this month. It’s another Cumulative Update so you’ll need to reboot your machine after the update gets installed. With all the Bad Guy activity going on, it’s not really surprising to me. While it’s a pain in the rear to have to reboot so often, I take solace in the fact that Microsoft is ACTIVELY trying to keep the OS patched.

Paul has all the details of what’s included in the Update here:
https://www.thurrott.com/windows/windows-10/120470/microsoft-updates-shipping-versions-windows-10-6?_hsenc=p2ANqtz-97Df9Gwmt8493Tt9ml8c0JrEM9vQ1-ipr3S4eli95oFcNNiKLKN3C2HGdPdItgqLiGDHqGNY1NPrgc1RIIsPUcV6hY3w&_hsmi=53681954

Wannacrypt? No thanks!!

There’s a new Bad Guy in town and he’s holding us all up for a “King’s Ransom”. Especially if you dislike patching your devices regularly or you’re still steadfastly holding on to that old XP machine. But you ALWAYS update your machine when Microsoft releases patches, right??

According to Dictionary.com, Ransomware is:

“noun, Digital Technology.

1. malware planted illegally in a computer or mobile device that disables its operation or access to its data until the owner or operator pays to regain control or access.”
As reported yesterday (5/13/17) by ZDNet’s Danny Palmer (http://www.zdnet.com/article/wannacrypt-ransomware-microsoft-issues-patch-for-windows-xp-and-other-old-systems/) this one is SO BAD that Microsoft has actually released patches for the “dead” (AKA no longer officially supported without a REALLY expensive contract) OS’s — Windows Server 2003, Windows XP and Windows 8 (including RT).
If you’re using one of these systems, head over to Microsoft’s blog page on the subject (https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/) to get the patches you need.
Need help with this? Want more security advice? Contact Us and let’s talk!

So Long Quicktime, It was fun.

We’re recommending you remove the Quicktime Player from any machines you have it installed on.

It was a not so “quick” ride that has come to an end. Windows 8 & 10 haven’t played well with Quicktime anyway. In fact the plugin was deactivated with the last Quicktime update received this past January. Trend Micro recently discovered two major security flaws in the software. When they reported it to Apple they were told that there would be no more development of the product and the solution was to simply remove the product from your Windows machines. This came as a surprise because there had been no announcement about depreciating the software. As reported by The Register:

“We’re not aware of any active attacks against these vulnerabilities currently. But the only way to protect your Windows systems from potential attacks against these or other vulnerabilities in Apple QuickTime now is to uninstall it,” said Christopher Budd, global threat communications manager at Trend Micro, on Thursday.

“In this regard, QuickTime for Windows now joins Microsoft Windows XP and Oracle Java 6 as software that is no longer being updated to fix vulnerabilities, and subject to ever-increasing risk as more and more unpatched vulnerabilities are found affecting it.”

The flaws were reported to Apple on November 11, 2015, and acknowledged the same day by Cupertino. The following March, Apple told Trend Micro that “the product would be deprecated on Windows and the vendor would publish removal instructions for users.”

There’s a whole new world of video playing available these days from Flash (also a security headache) to the HTML5 standard. It’s time to upgrade from XP (also depreciated and unpatched) and make the leap to a newer system. Yes, there’s a learning curve but that’s true no matter what you buy.

Microsoft, Privacy and the Big Debate

hullabaloo

There’s been much made about the information Microsoft collects and uses for its own purposes. It’s really come to “light” with the push of Windows 10 upgrades and Microsoft’s inability to communicate anything effectively.

Here’s my take on the whole matter: Microsoft finally did what my mother always told me not to. (“If EVERYONE jumped off the bridge, would you have to?”) Oh sure, they’ve been collecting data on you all along. Just not as much and not as often. How do you think they knew how many machines were running what operating system and what kind of machine it was?

However, if the “new revelations” about the data Microsoft is collecting on you just scare you silly; I suggest you:

  • close that Chrome Browser,
  • deactivate your GMail,
  • shut down your
    • Facebook account,
    • Instagram,
    • SnapChat,
    • Twitter,
  • remove iTunes,
  • and shut down your iCloud account

Although from a “selling you out” and “invading your privacy” standpoint, the damage is already done.

Microsoft is not doing anything that the others aren’t already doing. None are completely transparent in what they do with the data. That’s a problem for anyone truly and deeply concerned about privacy.

Here’s my example. I’m not a Google fan. I was when they started out, but I became troubled with their revenue model. It bugs me. They rely almost entirely on advertising for revenue. That makes where I go, what I look at, click on and buy extremely attractive for collection — and that’s exactly what they do. Want to test it ? Look up anything you wouldn’t normally look for. See how long it takes the advertisements in Gmail or in the Chrome browser to change to what you just looked for. It’s creepy. I avoid their services. Now I still have an account because as a business, I need to be “everywhere” but I don’t use them for anything in my personal life.

I’m extremely sad that Microsoft has apparently “jumped on the bandwagon” but I am still more comfortable with them (or Apple for that matter) having my data than I am with Google.

There’s a couple of articles that are nice counterpoints. You can read more here:

http://www.zdnet.com/article/revealed-the-crucial-detail-that-windows-10-privacy-critics-are-missing/

http://betanews.com/2016/01/08/if-youre-fine-with-microsofts-approach-to-privacy-in-windows-10-youre-out-of-touch/

Microsoft ends IE 8,9, & 10 Support on Jan. 12, 2016

Microsoft has announced that they will discontinue patches and security updates for everything but the latest version of Internet Explorer (IE 11). They’ve created a new browser (Edge) and they intend to use it. Edge only works with Windows 10, but IE 11 works with Windows 7, 8.1, & 10. I have run into an issue with the IE11 upgrade on a couple of machines whose graphics drivers would not permit the install. The manufacturer had no updated drivers so there was no way to upgrade the browser. Hopefully the graphics drivers will get a refresh and IE11 will be allowed to install — otherwise that’s going to be *very* frustrating for a lot of people.

You’ll still be allowed to use the older version of IE, it’s just not going to get any patches to try to keep the bad guys out and you’re going to be nagged every time you do Windows Updates.

Here’s the official press release: https://www.microsoft.com/en-us/WindowsForBusiness/End-of-IE-support?tduid=(e6131b0a2d8fd84c949d3546391d2e20)(266696)(1503186)(skim66960X1514734X59f00d8e5f35e5eb1a1bc2265d8b4311)()