Introducing the Microsoft Band

Today Microsoft released more information about their upcoming smartwatch, named the “Microsoft Band”, and boy does it appear to be smart and unique.

The Microsoft Band comes with a variety of sensors including an optical heart rate sensor, gyro, GPS, galvanic skin response sensor, and UV sensor to monitor every aspect of your workout routine. All of this information is displayed through a 310×102 color display (Microsoft brags that there will be over 130 different backgrounds that can be selected for the display).

The battery life for the device is listed at 48 hours per charge.

What is compelling about the Microsoft Band is that it is not tied to one platform, meaning that it will work with Android, iOS and of course Microsoft Phones.  Microsoft is truly being inclusive as the Health apps will even be compatible with the motion co-processors (M7/M8) on the iPhone 5S and iPhone 6/iPhone 6 Plus as well as Android Wear devices. Microsoft is also working to ensure compatibility with products from Jawbone and Runkeeper.

Of course the Microsoft Band can also provide basic notifications for emails, texts, and tweets.

The Microsoft Band will be available for $199.

Share This:

OneDrive Goes Unlimited

Once, not very long ago Microsoft paid very little attention to the consumer market (except for the Xbox) instead choosing to spend their resources on enterprise. However times have been changing and Microsoft’s push towards capturing their share of the consumer market continues this week with a new OneDrive announcement.

Microsoft is the first internet based cloud service to offer unlimited storage. That’s right with a 365 subscription Microsoft now offers unlimited storage.

The new unlimited option will be slowly applied “over the coming months” to the OneDrive accounts of Office 365 subscribers.  The new advantage will apply to all Office 365 subscribers including Home, Personal, and even (already free) University customers.

Office 365 cloud

The announcement is sure to shock and upset online storage providers like Dopbox and Box. Companies like Dropbox have made good profits from subscription services. How will Microsoft’s new offering impact these paid subscription services for “storage only” providers?

What makes Microsoft’s plan unique is that you get Office 365 along with unlimited storage.  Microsoft will be the first to offer consumers this great feature.

Exactly how much damage Microsoft’s plan does remains to be seen at this point.  It is unclear exactly when the free-f unlimited storage will launch.  Microsoft is encouraging interested users to sign up for early access, but it has not committed to hard deadlines for the rollout.

Share This:

Microsoft Drops Nokia Branding

Microsoft’s march to controlling the “devices” side of their new “devices and services” business model continued this week.

Microsoft this past year completed its acquisition of Nokia’s Devices and Service’s and this week it was reported that the manufacturer name “Nokia” is being removed from all product references and of course will be replaced with “Microsoft”.

Nokia-Lumia-830-hero1-jpg

There has not actually been any phones released with the new branding so far, but this week Microsoft stated “we are looking forward to unveiling a Microsoft Lumia device soon”. I am predicting that by the upcoming holiday season you will start seeing one or two “Microsoft Phones” released.

The Nokia name, especially outside of the United States has been a very popular smartphone manufacturer and their branding, again outside of the United States has been very successful. With this being understood, Microsoft’s vision of building their own devices like the Xbox and Surface line needed to move to smartphones as well and Nokia was the right choice to purchase because Nokia also was the biggest supplier of Windows Phones worldwide.

Share This:

Cosmic Ray Activity Jeopardizes Space Travel

Maybe it’s good thing we do not have an active manned spaceflight mission at the moment. However with a planned mission to mars in the decade if this space weather does not calm down “Houston We Could Have a Problem”.

head_small5

This week the online journal Space Weather reported that due to a highly abnormal and extended lack of solar activity, the solar wind is exhibiting extremely low densities and magnetic field strengths, which causes dangerous levels of hazardous radiation to pervade the space environment.

“The behavior of the sun has recently changed and is now in a state not observed for almost 100 years,” says Schwadron, lead author of the paper and principal investigator for the Cosmic Ray Telescope for the Effects of Radiation (CRaTER) on NASA’s Lunar Reconnaissance Orbiter (LRO). He notes that throughout most of the space age, the sun’s activity has shown a clockwork 11-year cycle, with approximately six- to eight-year lulls in activity (solar minimum) followed by two- to three-year periods when the sun is more active. “However, starting in about 2006, we observed the longest solar minimum and weakest solar activity observed in the space age.”

These conditions brought about the highest intensities of galactic cosmic rays seen since the beginning of the space age, which have created worsening radiation hazards that potentially threaten future deep-space astronaut missions.

“While these conditions are not necessarily a showstopper for long-duration missions to the moon, an asteroid, or even Mars, galactic cosmic ray radiation in particular remains a significant and worsening factor that limits mission durations,” says Schwadron.

The study is the capstone article in the Space Weather CRaTER Special Issue, which provides comprehensive findings on space-based radiation as measured by the UNH-led detector. The data provides critical information on the radiation hazards that will be faced by astronauts on extended missions to deep space such as those to Mars.

solar_640

The high radiation levels seen during the sun’s last minimum cycle limits the allowable days for typical astronauts behind spacecraft shielding. Given the trend of reducing solar output, the allowable days in space for astronauts is dropping and estimated to be 20 percent lower in the coming solar minimum cycle as compared to the last minimum cycle.

How long will these high radiation conditions occur no one knows?

Share This:

Microsoft’s Zero-Day Vulnerability Exposed

And it was going so good for Microsoft recently.fixit_logo

Microsoft patched one bug in Windows last week, but missed another that hackers continue to exploit, according to McAfee.

Earlier this week Microsoft confirmed that cyber criminals are targeting victims using tricked-out PowerPoint files that exploit a “zero-day” vulnerability, or a bug that has not been patched.

“Microsoft is aware of a vulnerability affecting all supported releases of Microsoft Windows, excluding Windows Server 2003,” the company said in a security advisory yesterday. “At this time, we are aware of limited, targeted attacks that attempt to exploit the vulnerability through Microsoft PowerPoint.”

What was interesting about the latest Windows zero-day was that it was similar to, if not related to, a vulnerability Microsoft had patched just the prior week. In Microsoft Security Bulletin MS14-060 Microsoft fixed a flaw identified as CVE-2014-4114, which was also in the OLE code within Windows.

Like the latest vulnerability, CVE-2014-4114 had been exploited using malicious PowerPoint files. When the rogue files were opened — attackers attached them to email messages, using the presentations as bait to get users to open them — the malware payload executed. The same process is being used by the hackers to exploit the zero-day.

Microsoft also used the same description of “limited, targeted attacks” to describe the ongoing attacks leveraging CVE-2014-4114.

Symantec claimed that there was evidence that at least two hacker groups were exploiting the zero day vulnerability.

In its advisory, Microsoft recommended that customers apply an automated “Fixit” tool to block known attacks, and if necessary, take other steps, including using EMET 5.0 (Enhanced Mitigation Experience Toolkit) to harden PowerPoint’s defenses.

Share This:

U.S. Government Releases Ransomware Alert

uscert14

Today the United Stated Computer Emergency Readiness Team (US-CERT) released an informational ALERT regarding Ransomware. There is some very good information here describing what Ransomware how it is related the Malware, it’s impact andwhat you can do to avoid it. 

TA14-295A: Crypto Ransomware

10/22/2014 05:28 PM EDT

Original release date: October 22, 2014

Systems Affected

Microsoft Windows

Overview

Ransomware is a type of malicious software (malware) that infects a computer and restricts access to it until a ransom is paid to unlock it. This Alert is the result of Canadian Cyber Incident Response Centre (CCIRC) analysis in coordination with the United States Department of Homeland Security (DHS) to provide further information about crypto ransomware, specifically to:

  • Present its main characteristics, explain the prevalence of ransomware, and the proliferation of crypto ransomware variants; and
  • Provide prevention and mitigation information.

Description

WHAT IS RANSOMWARE?

Ransomware is a type of malware that infects a computer and restricts a user’s access to the infected computer. This type of malware, which has now been observed for several years, attempts to extort money from victims by displaying an on-screen alert. These alerts often state that their computer has been locked or that all of their files have been encrypted, and demand that a ransom is paid to restore access. This ransom is typically in the range of $100–$300 dollars, and is sometimes demanded in virtual currency, such as Bitcoin.

Ransomware is typically spread through phishing emails that contain malicious attachments and drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and malware is downloaded and installed without their knowledge. Crypto ransomware, a variant that encrypts files, is typically spread through similar methods, and has been spread through Web-based instant messaging applications.

WHY IS IT SO EFFECTIVE?

The authors of ransomware instill fear and panic into their victims, causing them to click on a link or pay a ransom, and inevitably become infected with additional malware, including messages similar to those below:

  • “Your computer has been infected with a virus. Click here to resolve the issue.”
  • “Your computer was used to visit websites with illegal content. To unlock your computer, you must pay a $100 fine.”
  • “All files on your computer have been encrypted. You must pay this ransom within 72 hours to regain access to your data.”

PROLIFERATION OF VARIANTS

In 2012, Symantec, using data from a command and control (C2) server of 5,700 computers compromised in one day, estimated that approximately 2.9 percent of those compromised users paid the ransom. With an average ransom of $200, this meant malicious actors profited $33,600 per day, or $394,400 per month, from a single C2 server. These rough estimates demonstrate how profitable ransomware can be for malicious actors.

This financial success has likely led to a proliferation of ransomware variants. In 2013, more destructive and lucrative ransomware variants were introduced including Xorist, CryptorBit, and CryptoLocker. Some variants encrypt not just the files on the infected device but also the contents of shared or networked drives. These variants are considered destructive because they encrypt user’s and organization’s files, and render them useless until criminals receive a ransom.

Additional variants observed in 2014 included CryptoDefense and Cryptowall, which are also considered destructive. Reports indicate that CryptoDefense and Cryptowall share the same code, and that only the name of malware itself is different. Similar to CryptoLocker, these variants also encrypt files on the local computer, shared network files, and removable media.

LINKS TO OTHER TYPES OF MALWARE

Systems infected with ransomware are also often infected with other malware. In the case of CryptoLocker, a user typically becomes infected by opening a malicious attachment from an email. This malicious attachment contains Upatre, a downloader, which infects the user with GameOver Zeus. GameOver Zeus is a variant of the Zeus Trojan that steals banking information and is also used to steal other types of data. Once a system is infected with GameOver Zeus, Upatre will also download CryptoLocker. Finally, CryptoLocker encrypts files on the infected system, and requests that a ransom be paid.

The close ties between ransomware and other types of malware were demonstrated through the recent botnet disruption operation against GameOver Zeus, which also proved effective against CryptoLocker. In June 2014, an international law enforcement operation successfully weakened the infrastructure of both GameOver Zeus and CryptoLocker.

Impact

Ransomware doesn’t only target home users; businesses can also become infected with ransomware, which can have negative consequences, including:

  • Temporary or permanent loss of sensitive or proprietary information;
  • Disruption to regular operations;
  • Financial losses incurred to restore systems and files; and
  • Potential harm to an organization’s reputation.

Paying the ransom does not guarantee the encrypted files will be released; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not mean the malware infection itself has been removed.

Solution

Infections can be devastating to an individual or organization, and recovery can be a difficult process that may require the services of a reputable data recovery specialist.

US-CERT and CCIRC recommend users and administrators take the following preventive measures to protect their computer networks from ransomware infection:

  • Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline.
  • Maintain up-to-date anti-virus software.
  • Keep your operating system and software up-to-date with the latest patches.
  • Do not follow unsolicited web links in email. Refer to the Security Tip Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
  • Use caution when opening email attachments. For information on safely handling email attachments, see Recognizing and Avoiding Email Scams.
  • Follow safe practices when browsing the web. See Good Security Habits and Safeguarding Your Data for additional details.

Individuals or organizations are not encouraged to pay the ransom, as this does not guarantee files will be released. Report instances of fraud to the FBI at the Internet Crime Complaint Center or contact the CCIRC

Share This:

Staples Latest Victim of Security Breach

Avoiding Malware is NOT "that easy" apparently for Staples.

Avoiding Malware is NOT “that easy” apparently for Staples.

This week several banks reported that they have identified a pattern of credit and debit card fraud suggesting that several Staples store locations in the Northeastern United States are currently dealing with a data breach. As what has become an all to typical response, Staples is only stating that it is “investigating a potential issue and has contacted law enforcement”.

The fraudulent charges occurred at other (non-Staples) businesses, such as supermarkets and other big-box retailers. This suggests that the cash registers in at least some Staples locations may have fallen victim to card-stealing malware that allows cyber criminals to create counterfeit copies of cards that customers swipe at compromised payment terminals.

In another all very typical statement from retailers that have fallen victim to malware and exposing their customer’s information to criminals the following statement was also issued by Staples. It makes me wonder if these victimized companies simply “copy & paste” their responses.

“We take the protection of customer information very seriously, and are working to resolve the situation,” Cautela said. “If Staples discovers an issue, it is important to note that customers are not responsible for any fraudulent activity on their credit cards that is reported on [in] a timely basis.”  

It is very apparent that malware is very often the root cause of these security breaches. It is also clear that organizations, big and small are struggling to deal with this issue and it is also clear that user security must be first taken seriously by each and every one of us. Password Management is more important today then ever before.

Be sure to check out my May 2014 “LastPass” training presentation to learn how to take control of your password management and stop relying on retailers to do it for you.

Share This:

West Chester Mobile Arrives

West Chester Mobile joins West Chester Connect in the app store.

West Chester Mobile joins West Chester Connect in the app store.

Recently we launched “West Chester Mobile” as a companion service to our new website. West Chester Mobile’s mission is to provide as many of our website services to our community and visitors as possible.

Our new mobile app can be found in the app stores for both Android and iOS devices. Unfortunately there is no app available for Windows Phones but I will keep trying to talk our provider, CivicPlus into writing one.

Although “West Chester Mobile” is now available there are more features already being planned to be added soon including the Document Center, Media Center, News Flash, Community Voice and Parking Meter Online Payer.

3

Screenshot of the Alert Center on West Chester Mobile.

Share This:

West Chester Website in the News

CivicPlus today is releasing a press release focusing on our website specifically and I wanted to share it here.

There is also an article which CivicPlus is preparing for publication titled “Communities in Motion” which will have a focus on our website and our continued efforts through technology in respect to community outreach.

civicplusPR

CivicPlus was, and continues to play an important part for us in helping to connect, collaborate and communicate with our community. You can learn more about CivicPlus here.

Share This:

A Microsoft Smartwatch is Coming

Windows-SmartwatchA Microsoft smartwatch is coming and it will work on Windows Phone! Don’t worry, unlike other smartwatches on the market this one will work across all platforms.

Microsoft is planning to enter the smartwatch arena by launching their own wearable fitness band in the coming weeks. Sources familiar with Microsoft’s plans tell The Verge that the launch of Microsoft’s wearable fitness band is imminent, and the device will be stocked at retailers in time for the holiday season. Microsoft’s wearable launch will mark 10 years since the company announced its SPOT smartwatch in 2004 that used FM radio signals to send instant messages from Windows Messenger, news headlines, stock information, and weather forecasts to your wrist.

Although Microsoft’s fitness band will have some smartwatch features, it will be primarily focused on fitness activities. The band will reportedly track steps, heart rate, calories burned, and other key health attributes thanks to a number of sensors embedded in the device. Microsoft has also been testing the ability to monitor heart rate through the day and night, and is expected to ship a final device that has around two days of battery life.

In 2003 Bill Gates was the CEO of Microsoft and he had a smartwatch dream, but like so many Microsoft projects it died a quick death, only to be resurrected in the next few weeks, some 11 years later.

In 2003 Bill Gates was the CEO of Microsoft and he had a smartwatch dream, but like so many Microsoft projects it died a quick death, only to be resurrected in the next few weeks, some 11 years later.

 

 

 

 

 

 

 

The key part of Microsoft’s fitness band will be its cross platform support for Windows Phone, iOS, and Android. Microsoft is developing separate apps for each mobile operating system to help support the features of its fitness band sensors, and smartphone notifications to the band will also be supported. It’s unlikely that Microsoft will brand its fitness band under the Lumia or Surface monikers, mainly because the device will work across all three mobile operating systems.

Share This:

1 2 3