Summertime Tech Advice

Summertime has finally arrived and that usually means many of us are headed to the shore for some rest and relaxation. Unfortunately our mobile devices usually tag along. If this is true in your case be sure to take care with your mobile devices as they are even more susceptible to the summer’s unique weather conditions then you are.

Avoid “Heat-Related Death”

Extremely warm (and hot) temperatures have noticeable effects on your phone’s battery, display and the parts inside your phone. There’s even a possibility of the ominously named “heat-related death,” which is exactly as horrible as it sounds. The best way to protect your tech is to keep it in the shade. If you do find that your phone has overheated in the sun, don’t panic and let it cool gradually. Do not put it in the refrigerator or freezer. Let it cool down on it’s own, and out of the sun.

Use a cooling pad when you’re working on a laptop outdoors, even if you don’t use one at home. Increased temperatures mean even new laptops could easily overheat in the summer sun. Also take the time to clean your laptop fan before heading into the sun. This will help to ensure that it is running properly and keeping your laptop cooler. Of course the best protection is to keep it in the shade.

Use “Protection”

Another concern is water damage. While your smartphone case protects against damage from dropping your phone, it will do little to protect your phone from damage caused by liquid, dust or sand. If you want to tote your cell to the shore, you’ll need a little something extra like a waterproof case. You can find these online easily. I found dozens of these cases at Amazon.com.

Share This:

US-CERT (Risks of Default Passwords on the Internet)

I will start posting cyber alerts that are published by the United States Computer Emergency Readiness Team (US-CERT).

US-CERT’s mission is to improve the nation’s cybersecurity posture, coordinate cyber information sharing, and proactively manage cyber risks to the nation while protecting the constitutional rights of Americans. US-CERT’s vision is to be a trusted global leader in cybersecurity — collaborative, agile, and responsive in a complex environment.

 
 
 
 

06/24/2013 03:11 PM EDT

Original release date: June 24, 2013

Systems Affected

Any system using password authentication accessible from the internet may be affected. Critical infrastructure and other important embedded systems, appliances, and devices are of particular concern.

Overview

Attackers can easily identify and access internet-connected systems that use shared default passwords. It is imperative to change default manufacturer passwords and restrict network access to critical and important systems.

Description

What Are Default Passwords?

Factory default software configurations for embedded systems, devices, and appliances often include simple, publicly documented passwords. These systems usually do not provide a full operating system interface for user management, and the default passwords are typically identical (shared) among all systems from a vendor or within product lines. Default passwords are intended for initial testing, installation, and configuration operations, and many vendors recommend changing the default password before deploying the system in a production environment.

What Is the Risk?

Attackers can easily obtain default passwords and identify internet-connected target systems. Passwords can be found in product documentation and compiled lists available on the internet. It is possible to identify exposed systems using search engines like Shodan, and it is feasible to scan the entire IPv4 internet, as demonstrated by such research as

Attempting to log in with blank, default, and common passwords is a widely used attack technique.

Impact

An attacker with knowledge of the password and network access to a system can log in, usually with root or administrative privileges. Further consequences depend on the type and use of the compromised system. Examples of incident activity involving unchanged default passwords include

  • Internet Census 2012 Carna Botnet distributed scanning

  • Fake Emergency Alert System (EAS) warnings about zombies

  • Stuxnet and Siemens SIMATIC WinCC software

  • Kaiten malware and older versions of Microsoft SQL Server

  • SSH access to jailbroken Apple iPhones

  • Cisco router default Telnet and enable passwords

  • SNMP community strings

Solution

Change Default Passwords

Change default passwords as soon as possible and absolutely before deploying the system on an untrusted network such as the internet. Use a sufficiently strong and unique password. See US-CERT Security Tip ST04-002 and Password Security, Protection, and Management for more information on password security.

Use Unique Default Passwords

Vendors can design systems that use unique default passwords. Such passwords may be based on some inherent characteristic of the system, like a MAC address, and the password may be physically printed on the system.

Use Alternative Authentication Mechanisms

When possible, use alternative authentication mechanisms like Kerberos, x.509 certificates, public keys, or multi-factor authentication. Embedded systems may not support these authentication mechanisms and the associated infrastructure.

Force Default Password Changes

Vendors can design systems to require password changes the first time a default password is used. Recent versions of DD-WRT wireless router firmware operate this way.

Restrict Network Access

Restrict network access to trusted hosts and networks. Only allow internet access to required network services, and unless absolutely necessary, do not deploy systems that can be directly accessed from the internet. If remote access is required, consider using VPN, SSH, or other secure access methods and be sure to change default passwords.

Vendors can design systems to only allow default or recovery password use on local interfaces, such as a serial console, or when the system is in maintenance mode and only accessible from a local network.

Identify Affected Products


It is important to identify software and systems that are likely to use default passwords. The following list includes software, systems, and services that commonly use default passwords:

  • Routers, access points, switches, firewalls, and other network equipment

  • Databases

  • Web applications

  • Industrial Control Systems (ICS) systems

  • Other embedded systems and devices

  • Remote terminal interfaces like Telnet and SSH

  • Administrative web interfaces

Running a vulnerability scanner on your network can identify systems and services using default passwords. Freely available scanners include Metasploit and OpenVAS.

References

You can learn more at the official US-CERT website.

Share This:

Windows 8.1 Preview

If you are currently using Windows 8 you are aware that it obviously is a work in progress. While Windows 8 works fine on touch screens it can be clunky on non-touch screens. In addition if Microsoft has dreams of the corporate world adopting Windows 8 in the workplace further development and customization is required. Microsoft has obviously been working on some of these issues as the upcoming release of Windows 8.1 (or Windows Blue) proves. As with Windows 8 and Office 2013 Microsoft will be releasing a “preview” a few months before the final release on June 26.

It makes sense to look at what the Windows 8.1 Preview will bring to the table, and its requirements and changes, before you make a decision whether you should upgrade your system to the preview build right away.

For many users, it may be better to wait until the final version of Windows 8.1 gets released. While there is no definite date set for that yet, it is likely that Microsoft will make it available just a couple of months after the release of the preview version.

Requirements
The system requirements have not changed at all.

  • 1 GHz or faster processor.
  • 1 Gigabyte or 2 Gigabyte of RAM depending on whether you are using a 32-bit or 64-bit system.
  • 16 Gigabyte or 20 Gigabyte of hard drive space again depending on whether you are using a 32-bit or 64-bit system.
  • Microsoft DirectX 9 graphics card.

Windows RT users need to have at least 10 Gigabyte of free storage on their device for the upgrade.
There is one main change though that users need to know about. You need to use a Microsoft account to sign in to PCs that run the preview build of Windows 8.1 There is no option to create a local account in the release, but Microsoft promises that it will be made available when the final version of Windows 8.1 gets released later this year.

Windows 8.1 Preview will be made available via Windows Store as a direct download and as a Preview ISO image. If you want to download it from Windows Store, you need to install an update first on the system that you get from the Windows 8.1 Preview download page. Next time you start the system after installing the update you receive a notification that you can get Windows 8.1 Preview for free from the store.

An Internet connection is needed to download the app from Store, but once it has been downloaded no Internet connection is required until the update has been successfully installed and the system rebooted.

You can alternatively download the Windows 8.1 Preview ISO from the download page and use it to install the operating system. You will need a product key that Microsoft makes available on the download page. It is likely that this is a generic key that all users who install the preview build share.

What’s New in Windows 8.1?

  • Boot to Desktop
  • More rows on start screen and additional tile sizes.
  • Improvements for mouse and keyboard users on the desktop and start screen.
  • Snap View feature improved, supports now up to three apps.
  • Internet Explorer 11.
  • Windows Defender with network behavior monitoring.
  • Device Lockdown with Assigned Access (RT, Pro and Enterprise) to enable a “single Windows Store application experience on a device”.
  • Pervasive Device Encryption for all Windows editions. Enabled out of the box and can be configured “with additional BitLocker protection and management capabilities”.
  • Improved Biometrics including optimization for fingerprint based biometrics.
  • Remote Business data removal.
  • Support for a wider range of VPN clients and auto-triggered VPN.
  • Broadband tethering.
  • Windows Store enabled by default for Windows To Go users.
  • Bring your own Device enhancements such as work folders, Wi-Fi direct printing, RDS enhancements and web application proxy.
  • SkyDrive is integrated natively into Windows 8.1 but does not sync data automatically to the PC. Placeholders are displayed instead.
  • You need to sign in to a Microsoft account to use the store.
  • All Windows 8 apps will work on Windows 8.1 but not the other way round.
  • Apps are automatically updated unless you are connected to a metered Internet connection.
  • Desktop background can now be displayed on start screen.
  • Lock Screen slideshow of photos.
  • Aggregated search powered by Bing.
  • Improved stock apps and new apps such as a Calculator, Sound Recorder and new Alarm features.
  • PC Settings updated (the start screen control panel) so that it is no longer necessary to switch to the desktop Control Panel.
  • Start button that links to the start screen.
  • Unconfirmed
    You will lose access to apps and programs that you have installed on Windows 8.1 Preview systems when you upgrade to the final RTM version of the operating system.

    I may actually end up waiting if it is indeed true that all applications will need to be re-installed when moving from the preview release to the final RTM. I am still waiting on what is happening here before deciding what to do.

    Below is a video preview of Windows 8.1

    Share This:

    West Chester Connect Is On The Horizon!

    Today the Windows Phone 8 app for “West Chester Connect” became available in the Windows Store. The iPhone and Android Apps are already available. Still waiting on Blackberry to approve our app, but that will not stop us from launching our very exciting new citizen engagement tool, “West Chester Connect” next month! Stay tuned for exciting details!

    West Chester Connect in the Windows Phone Store!

    The mission of “West Chester Connect” is to provide enhanced communication between our community and our staff. Work Orders that are reported through “West Chester Connect” shall be handled in the same professional manner as service requests made by telephone, walk-in or email.

    Work Orders shall be completed in a timely and professional manner at all times. It should be understood that anyone can access any work order filed through “West Chester Connect”.

    Citizens who submit work orders have the ability to receive “push notifications” on their mobile device as the work order is processed.

    Work Orders completed through “West Chester Connect” are a public record and shall be handled in the most efficient manner possible.

    The Borough of West Chester is committed to utilizing technology whenever possible in order to improve engagement and involvement between the members of our community and our government.

    Share This:

    Pink Floyd Invades Spotify

    A month or so ago my son was praising the merits of the internet music service, Spotify. I checked it out and there is a lot to like about it but I had a couple of problems with it.
     
    You can now enjoy the entire awesome Pink Floyd catalog on Spotify.
     
    1. Although there is a free version of this – you can not listen to Spotify on mobile devices without paying $9.99 per month. That is too expensive for me, especially since I already am a subscriber to Sirius/XM Radio.
     
    2. My son went on about the massive song selection, however I found that there was almost no Pink Floyd there. This was a big problem for me.
     
    Meanwhile, shortly after I checked out and gave up on Spotify my favorite rock group Pink Floyd gave the green light to Spotify to host the band’s entire catalog. Why did the greatest rock band ever formed do this? Well apparently Pink Floyd announced earlier this month that it would resist releasing its music on Spotify until the 1975 classic “Wish You Were Here” hit 1 million streams.
     

    Well, the song hit 1 million, and Spotify announced via Twitter that Pink Floyd’s tunes are now unlocked.

    You can check out Spotify at www.spotify.com.

    Now I have a decision to make….

    Share This:

    NASA Seeks Your Help

    On Tuesday, June 18, 2013 NASA announced an Asteroid Grand Challenge that solicits the public’s help in proposing asteroid-wrangling strategies for the agency’s Asteroid Initiative.

    “NASA already is working to find asteroids that might be a threat to our planet, and while we have found 95 percent of the large asteroids near the Earth’s orbit, we need to find all those that might be a threat to Earth,” said NASA Deputy Administrator Lori Garver, in a press release. “This Grand Challenge is focused on detecting and characterizing asteroids and learning how to deal with potential threats. We will also harness public engagement, open innovation and citizen science to help solve this global problem.”.

    Throughout recorded history there have been hundreds of Earth impacts with many of these occurrences causing death and destruction. Of course the one we are think of is the one that took out the dinosaurs 65 million years ago. There is some recent evidence that perhaps it was actually a comet that ruined everything for the dinosaurs, but even if was a comet – it was big – and it was from space.

    NASA seems too be on edge about asteroid strikes these days – and with good reason. Here are just some of the recent events if you missed them:

    1908 – This is one of the most infamous events in modern times. The explosion of an asteroid of Siberia, Russia destroyed 80 million trees in a remote region.

    1913 – A ship was destroyed when it was struck by a meteorite while sailing between Sydney and South America.

    1954 – The first recorded case of a human being injured from space rocks occurred on November 30,  in Alabama.

    1972 – A meteorite which ranged in size from a house to a car was filmed over the Rocky Mountains. Luckily the rock was reduced in size enough as it travelled through the atmosphere (photo below), otherwise the impact could have been a Hiroshima type event.

    2000 – A fireball exploded over the city of Whitehorse in the Canadian Yukon lighting up the night sky. The space rock that exploded was estimated to weigh about 180 tons.

    2007 – On September 15, a chondritic meteor crashed near the village of Carancas in southeastern Peru near Lake Titicaca, leaving a water-filled hole (photo below) and spewing gases across the surrounding area. Many residents became ill, apparently from the noxious gases shortly after the impact.

    2007 – On October 7, a meteroid labeled 2008 TC3 was tracked for 20 hours as it approached Earth and as it fell through the atmosphere and impacted in Sudan. This was the first time an object was detected before it reached the atmosphere and hundreds of pieces of the meteorite were recovered from the Nubian Desert.

    2013 – On February 15 an asteroid entered Earth’s atmosphere (photo below) over Russia as a fireball and exploded above the city of Chelyabinsk during its passage through the Ural Mountains region. The object’s air burst occurred at an altitude between 19 and 31 miles  above the ground. About 1,500 people were injured, mainly by broken window glass shattered by the shock wave.

    These are just a small amount of the countless documented collisions between space debris and the Earth. The problem we have is that NASA’s mission has been seriously damaged by recent cuts to it’s budget. In addition there are actually some things that NASA could do if a space rock was observed hurtling toward our planet, however there simply is not the money to monitor the space in a way that we should be, especially considering we are living in the 21st century and that we landed on the Moon 44 years ago.

    You can learn more about NASA’s Asteroid Initiative here.

    Share This:

    Microsoft’s Bounty Program

    Microsoft is following in the footsteps of Google, Facebook, and Mozilla by finally implementing a bug bounty program. These programs have helped Google and Mozilla create very competitive internet browsers which of course have been stealing market share away from Microsoft’s Internet Explorer for years.

    Starting on June 26, Redmond will kick off three bounty programs for exploits related to Windows 8.1 and Internet Explorer 11. Those who manage to crack Microsoft’s programs can collect up to $100,000 in reward money.

    These programs will allow Microsoft to reward work by researchers and improve the security of their software — all to the benefit of consumers.

    The three programs include:

    Mitigation Bypass Bounty: Earn up to $100,000 for an exploit against Microsoft’s upcoming Windows 8 update, Windows 8.1.

    BlueHat Bonus for Defense: Earn up to $50,000 “for defensive ideas that accompany a qualifying Mitigation Bypass submission,” Microsoft said.

    Internet Explorer 11 Preview Bug Bounty: Earn up to $11,000 for vulnerabilities on IE11 within Windows 8.1.

    Microsoft did not set a hard deadline for the first two programs, but participants have 30 days, or until July 26, to uncover a bug within IE11.

    The highest rewards will be given to those who demonstrate the ability of the exploit to bypass Microsoft’s security layers.

    Aside from offering heaps of cash to researchers, the three researcher-focused programs “will also help to fill gaps in the current marketplace and enhance our relationships within this invaluable community, all while making our products more secure for our customers,” Mike Reavey, senior director of the Microsoft Security Response Center, said in a statement.

    This move marks Microsoft’s first step into the world of bug bounties which their competitors have been using for years. I expect Microsoft’s Internet Explorer to improve as a result of this new program. I just wish they had done this years ago. 

    Share This:

    Office 365 Arrives @ Apple – Sort Of

    Timing is everything. We here at the Borough of West Chester have been in Microsoft’s (email) cloud for over 2 years now and in fact just a couple weeks ago we were upgraded to Microsoft 365. This week after more than a year of rumors, Microsoft has finally released a version of its Office suite for the iPhone (yes the iPhone). If you use an iPhone you can now access Office 365 from your smartphone.

    

    Office 365 in the iPhone App Store!

    The app, available for subscribers of Office 365, includes iPhone versions of Word, Excel, and PowerPoint, which will allow you to create, edit, and update all of your documents and sync them with Microsoft’s SkyDrive cloud storage service.

    However the app is currently only being offered for the iPhone, not the iPad. You can get around this somewhat by searching in the store for it on your iPad but selecting iPhone apps. Once downloaded you will need to increase the size (2x) to fill your screen. Until a true iPad app is available this is the only option if you want to access your Office 365 account on your iPad.

    Here is How to Setup Office 365 on Your iPhone or iPad

    1. Search for Office 365 in the app store. If you are using an iPad make sure to select “iPhone Apps” or you will not see it. The app is free so there is no reason not to install it – if you have an Office 365 account.

    2. Once downloaded slide through the short tutorial and at the end you will be promoted to log into to your account. Select “I have an Office 365 subscription” and enter your email address to activate Office.

    3. It will then ask you what type of account you have. Select “Organizational Account”.

    4. Once completed you will have access to any documents you have saved in SkyDrive or SharePoint.

    5. If you have an additional Skydrive account you can add it by selecting the “Open” folder and choosing Add a Place.

    With Microsoft now selling Office 365 as a subscription service to consumers I am sure a true iPad app as well one for Android devices is around the corner as well. Stay tuned.

    Share This:

    Securing Your Mobile Devices

    Our mobile devices (smartphones and tablets) are becoming a bigger and more important part of our daily lives everyday. Because of this security concerns are growing and becoming more complex as well. I have written about this before and I am sure I will again as security concerns continue to impact how we use these devices.

    The threat to our mobile devices is especially challenging because our smartphones are always connected, and they carry personal data, as well as being equipped with cameras, microphones, and positioning device. Because there are many built-in devices options their operating systems and apps complex. All of this adds up to increasing the way that cybercriminals can take advantage of any security holes.

    Here are some things you can do to protect yourself in respect to your mobile devices.

    Be careful when “checking in” on social sites: This is one of my personal weaknesses. I love to check in so that my friends can know what I am going. This is because Facebook, FourSquare and other geo-location programs are fun and sometimes you can score some deals for “checking in” at locations. However you should to be cautious of letting people know where you are – especially if you’re away from home.

    Don’t remember your passwords: Don’t set user name and passwords to be remembered in your mobile browser or in apps and make sure you always log out of accounts when you access them.

    Be careful what you share: Yes it’s fine to stay in touch with our friends and family via social networks, but be careful what you share. Even if your privacy settings are set to only let your friends see the information, it’s best to take the approach that once something is online, it lives forever. Think if you’re really ok with your grandmother or boss to see that update, picture or video.

    Don’t text or email personal information: While this might seem pretty basic, we may find we need to share credit card numbers or personal details with another person. But this should be done via a secure site or app or use your mobile’s other function (the phone itself – voice call). Emails and texts can be intercepted and then your information can fall into the wrong hands.

    Always remember that legitimate organizations like banks will not ask you to text personal details!

    Turn off your Bluetooth: If you’re not using this connection, it’s best to turn it off. Not only will this help save your battery life, but it prevents hackers from accessing your device through this technology.

    Share This:

    Microsoft Stores Are Coming!

    In news that continues Microsoft’s attempt to capture more of the tablet and smartphone market Microsoft Corp. and Best Buy Co. Inc. today announced a strategic partnership to create the Windows Store only at Best Buy. The comprehensive store-within-a-store will be in 500 Best Buy locations across the United States.

    Microsoft is about to invade space at Best Buy stores in the USA & Canada. 
     

    Ranging in size from 1,500 square feet to 2,200 square feet, the Windows Store will be the premier destination for consumers to see, try, compare and purchase a range of products and accessories, including Windows-based tablets and PCs, Windows Phones, Microsoft Office, Xbox, and more. Each store will feature an innovation space highlighting a variety of Windows scenarios across devices; a showcase section with the latest Windows-based PC form factors such as ultrabooks, convertibles, detachables and all-in-ones — including portable devices; and a standalone area featuring Microsoft Surface.

    Microsoft stated that “The Windows Store offers a large-scale, hands-on customer experience that will show customers how Windows and Microsoft devices and services can make it easier for them to work and play,” said Tami Reller, chief marketing officer and chief financial officer of the Windows Division at Microsoft. “We’re pleased to partner with Best Buy in bringing the latest technologies to consumers at scale in a unique environment where they can explore how Microsoft products fit together across entertainment, travel, music and other scenarios.”

    What does all this mean? Although Microsoft has stumbled recently with some of their decisions regarding Xbox One they realize one thing. Their presence must be established in the retail market and consumers must be provided the opportunity to try out their products if there is any real hope of Microsoft gaining market share in the tablet, smartphone and gaming markets.

    Share This:

    1 2