The Mysteries of Microsoft’s Model for Windows

“All they had to do was come up with a way to charge ten bucks a month and now no one steals music,” I overheard a college student say. He was talking about how Apple transformed from selling software (mp3s via iTunes) to renting access to songs, aka Software as a Service (SaaS). Apple Music now has the most paid music subscribers in the US and based on this success, “announced new subscription offerings for magazines, TV shows and video games”. 1

Per Forbes, 84% of new software is being delivered as SaaS. 2 This selling model built Netflix memberships (20 million renters at the height of its DVD service compared to over 150 million SaaS subscribers today 3 ), Dollar Shave Club razors, Stitch Fix and Amazon’s Subscribe and Save. Subscriptions moved Adobe’s market cap more than 87% since 2012 to $108 billion. 4

technology patches

Crunching the Patching Numbers

There were 16,516 Common Vulnerabilities and Exposures (CVEs)1 published in 2018. The time needed to analyze the relative importance of these to your organization would be something like 16,516 alerts times fifteen minutes to read and assess each one, which works out to about 500 days of work. If you decide that your organization is affected by twenty percent of these, that’s 3,304 vulnerabilities times an average of about an hour to patch each one — that will take about 40 days. And how many devices do you have that need this patch deployment? 2

Did You Feel a Drop? BUDR Pt. 2

Remember the panicked manufacturer with a progression of computer problems that recalled the proverbial “perfect storm”? Today I’m going to sort those problems out, and recommend ways to help keep those things from happening to you. To refresh, here’s what went on with that manufacturer:

The installed version of their ERP (Enterprise Resource Planning software) was too old to receive application maintenance and support. They hadn’t wanted to interrupt their workflow, and so hadn’t upgraded the ERP in more than five years.

It is time to consider upgrading from Windows 7

There are plenty of reasons to upgrade from Windows 7 before it reaches its end of life date on January 14, 2020.  Chief among them, Microsoft has indicated that, on this date, they will stop releasing security updates for Windows 7.  This will have major implications for anyone still running Windows 7, as it will leave them exposed to any known vulnerability indefinitely.

The nature of these vulnerabilities are such that they can have a cascading effect if exploited.  For instance, a recently identified vulnerability, designated ‘CVE-2019-0708,’ makes it possible for a malicious party to execute code remotely via Remote Desktop Services. This particular security flaw exists pre-authentication, meaning that it could easily spread from system to system in a similar fashion to how WannaCry malware spread in 2017.

Microsoft has indicated an attacker could “install programs; view, change or delete data; or create new accounts with full user rights.”

Fortunately, Microsoft has released a series of fixes for this particular vulnerability.  Starting January 14th, however, there is no guarantee that this will be the case and, except for in the most extreme circumstances, Windows 7 security holes will not be patched by Microsoft.

It is worth noting that Windows 10 is unaffected by this recent vulnerability, making this an excellent example of how upgrading to Microsoft’s latest operating system is the best way to ensure that your computer systems remain secure.

In short, by continuing to run Windows 7 past its end of life date, you could be undermining your entire security investment by effectively leaving the door to your network wide open.

Don’t wait until the last minute.  Talk to an IT expert about upgrading to Windows 10 today.  Give us a call at 978.562.6077 and selection Option 2.  We would be more than happy to help you get the process started.

The Snoopiness of Things

The 2015 Arkansas murder case that depended on smart-home devices, made the news again as the judge in the civil case upheld his ruling that James Bates is financially liable for the death of Victor Collins. The case against the accused was built on, among other forensics, records from Amazon whose Echo device was installed by the scene of Collins’ death, as well as evidence from a so-called smart meter. The smart meter reported inordinate usage of water around the time of death, which led the police to argue that a bloody patio was hosed down.

GDPR and You

Surprised that in the last month, between two small marketing list brokers, more than a billion personal records were found to have been leaked on the internet?1

That data then gets leaked and sold to potentially hold users’ computers or reputation for ransom. Or as in a 2018 hack, of DNA tester, MyHeritage, there is the ability to sell the data to the insurance and mortgage industries, revealing DNA disease susceptibilities, thereby making the user ineligible for coverage or a loan.2

GDPR to the Rescue!

Safer Internet Day!

Tuesday, February 5th is Safer Internet Day.  Being observed on the first Tuesday in February, what started out as a campaign to raise awareness about Internet safety is now celebrated in over 100 countries worldwide.

With Valentine’s Day just around the corner, many of us will go online for gifts such as flowers, candy, cute stuffed animals, a book, perhaps a gift card to a store or restaurant – whatever the choice may be, will you be shopping securely?  Online shopping is very convenient.

You can click here and there and order whatever product you desire and have it delivered to your front door.  You can compare pricing, look for deals, compare products, and it all can be done quickly and in the convenience of your own home, any time, night or day.  The downfall?  Wherever there is money and users to be found, there are malicious hackers roaming around.

Use familiar web sites.  You need to be aware of the safer online shops, like Amazon.  One tactic favored by malicious hackers is to set up their own fake shopping websites. Fake websites can either infect you the moment you arrive on them by way of malicious code. However, the most dangerous aspect you should be concerned about is the checkout process. Completing a checkout process will give cybercriminals your most important information: credit card data (including security number), name, and address. This opens you up to credit card fraud or social engineering attacks.

What are some key things to be aware of as you’re shopping?  Sticking with popular brands is as good as any advice when shopping online. Not only do you know what you’re getting by way of quality and price, but you also feel more confident that these well-established names have in place robust security measures.”1

 A few things to be aware of: 

  • Leery URL’s such as “coach-at-awesome-price.com” or “the-bestonlineshoppingintheworld.com”
  • A strange selection of brands – as an example, the website claims to be specialized in clothes but also sells car parts or construction materials
  • Strange contact information. If the email for customer service is “amazonsupport@gmail.com” instead of “support@amazon.com” then you should be suspicious that online shop is fake
  • Are prices ridiculously low?  An online shop that has an iPhone 7 at $75 is most likely trying to scam you

The old adage “if it seems too good to be true, it probably is,” rings true in this case, and it’s best to steer clear of these sites.

Use Secure Connections.  Wi-Fi has some serious limitations in terms of security. Unsecured connections allow hackers to intercept your traffic and see everything you are doing on an online shop.  This includes checkout information, passwords, emails, addresses, etc.

Before You Buy Online…

  1. If the connection is open and doesn’t have a password, don’t use it.
  2. If the router is in an exposed location, allowing people to tamper with it, it can be hacked by a cybercriminal. Stay away.
  3. If you are in a densely-crowded bar with dozens of devices connected to the same Wi-Fi hotspot, this can be a prime target for an enterprising cybercriminal who wants to blend in and go unnoticed. Continue to socialize, don’t shop.

Access secure shopping sites that protect your information. If you want to purchase from a website, make sure it has SSL (secure sockets layer) encryption installed. The site should start with https:// and you should notice the lock symbol is in the address bar at the top.

Update your browser, antivirus and operating system.  One of the more frequent causes of malware is unpatched software.  Online shoppers are most at risk due to the sensitive information involved. At a minimum, make sure you have an updated browser when you are purchasing online. This will help secure your cookies and cache, while preventing a data leakage.  You’ll probably fuss over having to constantly update your software because it can be a time consuming operation, but remember the benefits.

Always be aware of your bank statement.  Malicious hackers are typically looking for credit card data, and online shops are the best place for them to get their hands on such information.  Often times, companies get hacked and their information falls into the hands of cybercriminals.

For this reason, it’s a good habit to review your bank account and check up on any suspicious activity.

“Don’t wait for your bill to come at the end of the month. Go online regularly and look at electronic statements for your credit card, debit card, and checking accounts. Make sure you don’t see any fraudulent charges, even originating from sites like PayPal. If you do see something wrong, pick up the phone to address the matter quickly. In the case of credit cards, pay the bill only once you know all your charges are accurate. You have 30 days to notify the bank or card issuer of problems.”2

Using a credit card vs. a debit card is safer.  Credit cards have additional legal defenses built in that make them safer to purchase online compared to debit cards.  With credit cards, you aren’t liable if you are a victim of a fraudulent transaction, so long as you report the fraud in a timely manner. Secondly, credit cards give you leverage when it comes to disputing transactions with a seller. If you pay with a debit card, you can’t get your money back unless the seller agrees to it. With credit cards, the money you paid for a product isn’t counted against you until due process is complete, debit card holders however can only get their money back after this step.  Ultimately, banks are much more protective of credit cards since it’s their money on the line, not yours.

Additional tips for safety:

  • Never let someone see your credit card number – it may seem obvious, but never keep your PIN number in the same spot as your credit card
  • Destroy and delete any statements you have read
  • Notify your credit card issuer of any address change. Doing so will prevent them from sending sensitive files to the previous address
  • Keep confirmation numbers and emails for any online purchases you may have done
  • Immediately call your credit card company and close your account if you have lost or misplaced a credit card

Use antivirus protection.  The most frequent tip on how to be safe online is to use a good antivirus tool. It will keep you safe against known malware.  ”Before you begin shopping, outfit your phone or tablet with mobile security software. Look for a product that scans apps for viruses and spyware, blocks shady websites, provides lost-device protection and offers automatic updates.”3

Do not purchase from spam or phishing emails.  A phishing email with a fake offer for a desirable product is a hard thing to resist for many shoppers, so they make an impulsive decision and click on the “Order Product” or “Buy Now”, and that’s when the malware attack starts.  A phishing email is not like a standard email. The cybercriminal simply wants your click, and nothing else. The Unsubscribe button won’t stop the email spam.  The best solution in these cases is for you to simply mark the email as spam, this will remove the mail from your inbox and block the sender from sending more spam.

Keep a record of your transactions.  If you are a frequent online shopper, it may be difficult to remember from which site you bought a certain product.  So, write it down: what you bought, when and from what website.  Compare your spending details with the banking records from your online banking account, keep track of which websites you use for shopping and buying stuff online.

Hold on to your receipts and destroy them when you no longer need them.  Keep the receipt for your purchase, just in case you need to confirm it again, as well as for warranty and return issues.  If you want to get rid of receipt, make sure to destroy it completely, so that any possible identity thief won’t be able to find any information about you.

Don’t give out more private information than you need to.  ”In order to shop online you need to provide two types of information: payment information, such as credit card data, and shipping location, which is usually your home or work address. Be suspicious of online shops that ask for information such as: date of birth, social security number or any other similar information. They don’t need it in order to sell you things.”4

Don’t keep too much information on your smartphone.  These days, everybody stores a lot of important personal information on their phone, and most of us rarely take the time to secure them.  These devices are now much less about calling people, and more about photos, social media, etc.  Increasingly, people shop online using their smartphone, but this carries its own risks. Fake online shops can infect your smartphone with malware, and then have access to information such as phone numbers, notes, photos, and even app contents.  Be careful what information you store on your smartphone.

“Safer Internet Day is a great reminder that Internet security is something that needs constant vigilance. It’s also a great reminder that a lot of bad things can happen on the Internet if you don’t properly take precautions against them. With that in mind, be sure to have a safe and happy Safer Internet Day.”5

References:

1 https://www.welivesecurity.com – ESET Security Forum
2 https://www.pcmag.com
3 http://www.trendmicro.co.uk/home/internet-safety-for-kids/smart-mobile-tips-for-online-shopping/ – TrendMicro
4
https://bettermoneyhabits.bankofamerica.com/
5 http://www.holidayscalendar.com/event/safer-internet-day/

https://staysafeonline.org – Powered by National Cyber Security Alliance
https://www.americanbar.org – American Bar Association
https://www.foxnews.com
https://www.usatoday.com

Cryptojacking: Are you funding cybercrime without even knowing?

In 2017 we saw cybercriminals adopt a whole new approach to generating value from malware. Rather than stealing information or encrypting a victim’s files and demanding a ransom, cybercriminals started discretely hijacking computer systems and using them to generate cryptocurrency. In 2018, cryptojacking became one of the most prevalent forms of malware on the internet. The question to ask yourself in 2019 is “can I spot such an attack and, if I can, what do I do about it?”

Tis The Season for Porch Pirates – Don’t Let a “Would Be” Thief Ruin Your Holiday

Technology has made it very convenient to purchase just about anything and have it delivered at our doorstep. Online buying and package delivery has really become the norm for retail shopping. However, especially during the holiday season, there’s an unfortunate piece of news – “porch pirates” – those modern day thieves who steal packages from doorsteps. In a report from Package Guard, it claims that 11 million US homeowners have had packages stolen from their front door or porch in 2017, and those numbers are due to be higher by the end of this year.

Holiday Shopping Online. It’s Convenient, but Buyer Beware…

With black Friday just around the corner, many of us are starting to think about holiday shopping. We all love the convenience of being able to be at home in front of a computer vs the hassle of crowded malls and searching for parking spots. You can click here and there and order whatever product you desire and have it delivered to your front door. You can compare pricing, look for deals, compare products, and it all can be done quickly and in the convenience of your own home, any time, night or day. The downfall? Wherever there is money and users to be found, there are malicious hackers roaming around.