ACME Latest Victim of Security Breach

acme_0_60195Yesterday, very quietly ACME issued a press release regarding yet another security breach  involving credit & debit card data being exposed. It is clear now that these type of security concerns are cross-organizational. It also appears that companies of all sizes are struggling to deal to demands of data security and information technology in general.

Here is an excerpt from ACME’s press release yesterday.

We were recently notified by our IT services provider, SUPERVALU, of a separate, more recent attempted criminal intrusion that sought to obtain payment card information in some of our stores. This separate intrusion apparently occurred in late August or early September.  We have been informed that different malware was used in this recently discovered incident than was used in the incident previously announced on August 14, 2014. The new malware may have captured account numbers, expiration dates, other numerical information and/or cardholder names.

Importantly, sensitive information (like Social security numbers, birthdates or driver’s license information), was not affected in either incident, because that information is not collected as part of the payment process.

We promptly notified federal law enforcement authorities of this separate criminal intrusion and we are cooperating in the efforts to investigate this matter and identify those responsible.  Third-party data forensics experts are supporting an ongoing investigation into these incidents.  There has been no determination at this point that consumer data has been stolen as a result of either event.

ACME stores in Delaware, Maryland, New Jersey and Pennsylvania have been impacted by this latest security breach.

The best way today to protect yourself is password security and that means using strong and unique passwords for all of your online accounts.

You can read more from ACME here.

Share This:

Office 365 & OneDrive Arrive on MSN and Bing

I finally found my new home page for the internet. For years I had used iGoogle but of course Google discontinued that service in late 2013. Since then I have struggled to find a good home page. Microsoft’s MSN has recently been my go to home page and during the past several months several enhancements have been added, specially if you are an Office 365 and OneDrive user.

This week the ability to access and use Microsoft Office Online from Bing and the new MSN has been added.

bingoffice365

 

Accessing your online documents is easier then ever from both MSN and Bing. You will also be able to access Facebook, Twitter and Outlook.com email from the toolbar.

Office Online includes a version of Word, PowerPoint, Excel and OneNote that work in your browser without having to install anything. Just visit office.com and start working. All your documents are stored in your personal OneDrive cloud storage so you can access them using any computer. Both Office Online and OneDrive are free!

Share This:

Groups for Office 365 & OneDrive

office365-splitterMicrosoft has started rolling out Groups to Office 365 and OneDrive. For anyone who has worked on projects across organizations and with outside stakeholders collaboration can be a challenge and here we see Microsoft is trying to address that.

Microsoft yesterday announced it is rolling out the first phase of Groups for Office 365, a new collaboration feature, starting with the Outlook Web App email and calendar sites as well as OneDrive for Business. Next up, the company says it will add Yammer and Lync to the “Groups experience” though it did not specify when.

As you can see in the video below, Microsoft is trying to solve the problem of how best to share information while working across multiple ad hoc groups and project teams. The idea behind Groups is to make Office 365 the hub for connecting with colleagues via the applications already in use.

Share This:

Shellshocked Attacks

If you thought Heartbleed was bad prepare yourself for Shellshock.

Like Heartbleed, Shellshock’s technical complexity (when compared to other types of system vulnerabilities) makes explaining what the vulnerability is, how it works, and the potential damage very challenging.

This vulnerability has alot to do with bash commands, code injections and environmental-variable definitions but that’s enough tech talk and I will try to explain exactly what Shellshock is.

Simply put Shellshock is a vulnerability in Bash which is system software used by millions upon millions of computers that opens up the possibility that an attacker could execute arbitrary commands on any machine running it.

Bash, which stands for Bourne-Again Shell, is a command prompt on most Unix-based computers.

Bash, which stands for Bourne-Again Shell, is a command prompt on most Unix-based computers.

 

Bash has been around since the late 1980s and is the default shell for OS X, Linux and some versions of Unix. Out of the box Windows computers and servers do not run Bash, but versions of Bash are often installed on Windows afterward.

50% of web servers run Apache, which means they may have some version of Bash on them.
Bash is not the command line itself but it is the most common interpreter. One of the core functions of Bash is that it easily allows users to define functions as a way to pass text onto other systems and processes.

The problem is that there is a major vulnerability that occurs when specific characters are included as part of a variable definition.

If the characters “{ :;};” are included as the function definition, any arbitrary code that is inserted AFTER that definition is processed. This isn’t supposed to happen and it the heart of the problem here,

In other words, if I am able to define what looks like a normal function with those special characters and then I tack on a few shell commands at the end of that definition, Bash will wind up executing those commands.

This is what is known as code injection and it’s a common type of attack.

The problem is then made worse because countless utilities, particularly have access to Bash and use it in the background.

This means a vulnerable server does not need to have a user specifically type the injected code into the command line. Someone can craft a script that will use the Bash command line to be able to execute code.

Where Shellshock becomes really bad is if it’s turned into a worm. A worm is a self-replicating attack where the malicious program creates code that launches itself on other targets which then launch themselves on other targets and so on.

This is why system administrators around the world have been working their tails off to patch their systems as quickly as possible.

Are Regular Computers at Risk?

If you run Windows and have never installed Git or Cygwin or other programs, you are probably safe — but you still want to stay abreast of any security updates.

Linux users can check with their distro for updates to patch Bash.

As for OS X, if you’re familiar with the command line and compiling your own shell, you can update to a safe version, but that is not recommended unless you really know what you are doing and are comfortable with the potential ramifications of an upgrade gone wrong.

The best bet is to wait for Apple to issue an update.

As of today no one has come up with a way to execute code on individual machines (not servers), but the nature of these discovered vulnerabilities means that it could become a worm targeting, most likely in this case Mac systems.

The larger issue here are the countless systems that will probably never get upgraded.

Share This:

Goodbye Windows?

A Reuters’ report this weekend suggested that Microsoft may actually drop the Windows brand name from their 30 year old operating system.

Dropping the Windows name would certainly be an extraordinary move. Windows has been Microsoft’s staple brand ever since its introduction in 1985. To kill a brand with such universal recognition on its thirtieth anniversary would indeed be surprising.

Windows was born on November 20, 1985. Are the days of the "Windows" name numbered?

Windows was born on November 20, 1985. Are the days of the “Windows” name numbered?

However if you take a deeper look at this possibility Microsoft’s desired unification of its “Windows”, “Windows RT”, and “Windows Phone” brands under a single brand name — “Windows” — shows a willingness to make bold branding changes.  It also makes it a bit easier to make such a shocking and broad change, given that you’re changing one name, rather than several Windows subbrands.

Whether Microsoft decides to relally to make the shocking decision to re-brand its existing brand name with a more clear and consistent message remains to be seen.  We may find this out in Tuesday, October 30th when the new version of Windows is announced.

Although this possibility is fascinating and would be a bold move I really do not see Microsoft dumping the “Windows” name.

Share This:

MAVEN Orbits Mars

After a 10-month journey, confirmation of successful orbit insertion was received on September 21, 2014 from MAVEN and as a result our exploration of Mars continues.

Artist's concept of Maven in orbit around the planet Mars. Image Credit: NASA/GSFC.

Artist’s concept of Maven in orbit around the planet Mars. Image Credit: NASA/GSFC.

MAVEN will now begin a six-week commissioning phase that includes maneuvering into its final science orbit and testing the instruments and science-mapping commands. MAVEN then will begin its one Earth-year primary mission, taking measurements of the composition, structure and escape of gases in Mars’ upper atmosphere and its interaction with the sun and solar wind.

Space missions take a lot of time and patience. For example this mission has taken 11 years from the original concept for MAVEN to now having a spacecraft in orbit at Mars.

nasa-maven-mars

The primary mission includes five “deep-dip” campaigns, in which MAVEN’s lowest orbit altitude will be lowered from 93 miles  to about 77 miles. These measurements will provide information down to where the upper and lower atmospheres meet, giving scientists a full profile of the upper tier.

The spacecraft’s principal investigator is based at CU/LASP. The university provided two science instruments and leads science operations, as well as education and public outreach, for the mission.

NASA's MAVEN spacecraft recently completed assembly and has started environmental testing. In the Multipurpose Test Facility clean room at Lockheed Martin.

NASA’s MAVEN spacecraft recently completed assembly and has started environmental testing. In the Multipurpose Test Facility clean room at Lockheed Martin.

MAVEN like all space programs today is a joint venture. NASA Goddard Space Flight Center manages the project and also provided two science instruments for the mission. Lockheed Martin built the spacecraft and is responsible for mission operations. The Space Sciences Laboratory at the University of California at Berkeley provided four science instruments for MAVEN. JPL provides navigation and Deep Space Network support, and Electra telecommunications relay hardware and operations. JPL, a division of the California Institute of Technology in Pasadena, manages the Mars Exploration Program for NASA.

You can learn more about MAVEN’s mission here.

Share This:

iOS 8 Woes Confirmed by Apple

apple-logo-png-transparentApple’s iOS woes continue in a very real public way.

Apple today has recommended to users of its new iPhone 6 and iPhone 6 Plus smartphones to reinstall iOS 8 after an update this Wednesday led to complaints of lost cellular service (which is critical in a phone by the way) and functionality on the Touch ID fingerprint identity sensor.

Apple went as far as providing instructions to affected users on its support site for reinstalling iOS 8.0 through iTunes.

Apple reported that they are preparing a new software update, iOS 8.0.2, with a fix for the issue.

The iOS 8.0.2 update will release “as soon as it’s ready in the next few days” Apple said, without giving a specific date.

Earlier on Wednesday there were reports that Apple had withdrawn the iOS 8.0.1 update it rolled out earlier, after complaints from users. That update was meant to fix a number of bugs in iOS 8, which was rolled out last week.

Apple is also facing criticism from some users that the aluminium case of the larger iPhone 6 Plus, with a 5.5-inch display, bends under pressure. Stay tuned on this one.

Share This:

Apple’s iOS8 Woes Continue

apple-logo-png-transparentIf this happened to Microsoft this would be a BIG story. Apple’s latest OS is experiencing some problems. I recommend that if you have not upgraded the operating system on your iPhone you wait just a little longer so that Apple can get the reported bugs worked out.

It has been reported that Apple and its carrier partners have been hard at work testing out a maintenance release of iOS 8 in the form of iOS 8.0.1. The update was released this afternoon to correct the following issues:

  • Fixes a bug so HealthKit apps can now be made available on the App Store
  • Addresses an issue where 3rd party keyboards could become deselected when a user enters their passcode
  • Fixes an issue that prevented some apps from accessing photos from the Photo Library
  • Improves the reliability of the Reachability feature on the iPhone 6 and iPhone 6 Plus
  • Fixes an issue that could cause unexpected cellular data usage when receiving SMS/MMS messages
  • Better support of Ask To Buy for Family Sharing for In-App Purchases
  • Fixes an issue where ringtones were sometimes not restored from iCloud backups
  • Fixes a bug that prevented uploading photos and videos from Safari

However, in Apple’s haste to get 8.0.1 out the door to fix the above list of issues, it has apparently introduced two more crippling bugs according to growing reports over at Mac Rumors. Many iPhone users twho have upgraded to iOS 8.0.1 are reporting that their cellular service has been disabled by the update. In addition, a growing number of users are reporting that Touch ID functionality has also been disabled by the update.

I suggest waiting a week or two before upgrading your iPhone. if you have already completed the upgrade are you experiencing any of these issues?

Share This:

Office 365 Gets Free for Students

If you have a son or daughter in college, or if you are a student yourself listen up.

Microsoft just reduced their Office 365 cost for college students to zero. Yes zero in this case means free. All you need to enroll is an active college email address.

Office 365 and OneDrive

College students who sign up will get:

Microsoft Word

Excel

PowerPoint

OneNote

Outlook

Access

Publisher

Plus permission to install Microsoft Office on up to 5 Windows or Mac computers as well as Free mobile access on Android, iOS and Windows Phone. Plus tons of space in the cloud to store their school work.

1 TB of OneDrive cloud storage

Access to Office Online

This is a great service for any college student. In addition to the world’s best productivity suite Microsoft is offering 1TB of cloud storage. That can store ALOT of school work?

That’s not bad considering that at one time not very long ago Microosft Office cost about $100, or more.  This latest offer is part of Microsoft’s increased drive to stay competitive aas it struggles in the mobile market.

 

Share This:

Customizing Your iPhone Keyboard

With iOS 8 Apple is finally letting up just a little on their customization restrictions. Apple obviously realizes that many uses have grown accustomed to customizing their smartphones. It is one of the real advantages that both Android and even Windows Phone has over the iPhone. As  I mentioned last week, my favorite keyboard app, SwiftKey is now available on iOS, but there are even more keyboard apps available as well.

swiftkey-screenshot-3

I have a couple recommendations to try if you would like try customizing your iPhone keyboard.

SwiftKey: SwiftKey is a gesture-based keyboard that allows you to swipe across the keyboard to type without lifting your finger from the display. Your preferences can be synced across devices. This is my favorite one and one of things I miss most since switching to Windows Phone.

Swype – This is another gesture-based keyboard that has been very popular on Android. You type by swiping your finger from letter to letter in order to form your words. Swype also uses predictive technology to figure out what you are typing.

Minuum – This is a “little keyboard for big fingers”. If you have big fingers and have struggled with your iPhone’s keyboard you may want to check this one.

Fleksy: This one claims to be the “fastest keyboard in the world.” I have not tried this one out myself. With an advanced prediction and autocorrect algorithm it learns your typing style over time.

Share This:

1 2 3 4