ManageWatch Blog

Home

SECURITY ALERT | CryptoLocker and The Heartbleed bug

ManageWatch has seen a resurgence of a malicious virus known as CryptoLocker in the past few weeks. This alert will help you become aware of what CryptoLocker does and how you can help prevent an attack that could destroy your data.

CRYPTOLOCKER RANSOMWARE VIRUS

The CryptoLocker Virus is a Ransomware that gets into your PC through a downloaded file attachment and encrypts all your personal files and data, then holds the data hostage for ransom. The infected user is issued a 72 hour window to pay the ransom or the private encryption key will be destroyed and the files will remain locked.

WHAT TO DO IF YOU ARE INFECTED

When you discover that a computer is infected with CryptoLocker, the first thing you should do is disconnect it from your wireless or wired network. This will prevent it from further encrypting any files. Some people have reported that once the network connection is disconnected, it will display the CryptoLocker screen.

Contact your IT department or professional immediately
Contact ManageWatch Support | 877-857-5989

If you work on it yourself you should know…

It is important to note that the CryptoLocker infection spawns two processes of itself. If you only terminate one process, the other process will automatically launch the second one again. Instead use a program like Process Explorer and right click on the first process and select Kill Tree. This will terminate both at the same time.

HOW DO YOU BECOME INFECTED WITH CRYPTOLOCKER

This infection is typically spread through emails sent to company email addresses that pretend to be customer support related issues from Fedex, UPS, DHS, etc. These emails would contain a zip attachment that when opened would infect the computer. These zip files contain self starting files that are disguised as PDF files; they have a PDF icon and are typically named something like FORM_101513.exe or FORM_101513.pdf.exe. Since email usually does not show extensions by default, they look like normal PDF files and people open them.

For more in-depth information on CryptoLocker, its origins and what it does, you can view Bleeping Computer’s in-depth guide to CryptoLocker here: http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

THE HEARTBLEED BUG

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library.

(What is OpenSSL? Visit the official website for OpenSSL for more information: https://www.openssl.org/)

This weakness allows easy access and theft of the information that Is normally protected by the SSL/TLS encryption used to secure the internet. SSL/TLS is a protocol that provides communication security and privacy over the internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed bug allows anyone on the internet to read the memory of systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users without anyone knowing.

This means that username/ password combinations for the sites everyone considered secure may actually have been hacked and stolen and should be considered as such as of this point because there is no way to know otherwise until it’s too late.

WHAT YOU CAN DO NOW TO PROTECT YOURSELF

As long as the vulnerable version of OpenSSL is in use it can be abused. A fixed version of OpenSSL has been released and now it has to be deployed. Operating system vendors and distribution, appliance vendors, and independent software vendors have to adopt the fix and notify their users. Service providers and users have to install the fix as it becomes available for the operating systems, networked appliances and software they use.

1. TEST EVERY WEBSITE YOU VISIT FOR HEARTBLEED VULNERABILITY

There are now several options for users to test a website’s vulnerability to the Heartbleed bug. We’ve included two below that are being widely adopted to check if the OpenSSL for that particular website has been patched.

Heartbleed test | http://filippo.io/Heartbleed/
Heartbleed Checker | https://lastpass.com/heartbleed/

2. CHANGE ALL YOUR PASSWORDS ON SITES THAT HAVE BEEN PATCHED

Change all your passwords on websites that have been patched for the Heartbleed bug AFTER you test the website and see if it is up to date. If you change your passwords on a website that DOES NOT have the patch for Heartbleed, it is highly recommended that you check that website often and change the passwords AGAIN when the site is patched.

3. DO NOT USE THE SAME PASSWORDS AT TWO SITES THAT MATTER TO YOU

Do not ever use the same password at two sites that matter to you. Heartbleed or not, this lowers the security level of any site with that password to the level of the least-secure site where you’ve ever used it. A chain is only as strong as its weakest link; don’t chain your passwords together.

4. USE A PASSWORD MANAGER TO GENERATE DIFFICULT AND UNIQUE PASSWORDS

Use a password manager, which can generate an unlimited set of unique, “difficult” passwords and remember them for you.

5. USE TWO-STEP VERIFICATION PROCESSES WHEN AVAILABLE

Use “two-step” sign-in processes wherever they’re available, such as Gmail.

Due to the increasing public awareness of this bug, articles detailing the Heartbleed bug have surfaced all over the internet about its origins and what it means to internet security in the long run.
You can read more about The Heartbleed bug on the master site including their extensive list of Frequently Asked Questions and an answer regarding what is being leaked, how it’s being leaked, and processes of possible recovery from such leaks: http://www.heartbleed.com

 

Read More

Warning: Blog Content Under Pressure

 

Book Review: Stop Cybercrime from Ruining Your Life

Sixty Secrets to Keep You Safe

By Cynthia James

At Amazon http://www.amazon.com/dp/0615789714/ref=rdr_ext_tmb

 

Everywhere I turn I find another story about online security or the latest hacked company.  Up to now, I felt relatively smart about my online habits; mostly organized around the mantra “Be suspicious!”.  But I had no way to evaluate my actual level of safety, or to be safer, until I got this book.  Then I found out I am doing some things right but I could do more.  And I also found out how quickly the cybercrime threat has grown.  And what I could do to stay ahead of it.

The author gives us a list of steps to take and new habits, organized into groups, that make us much safer than we are now.  And most importantly, she shows us that we must share these tips with everyone we know.  Perhaps the most important idea in this book is that online safety is a community activity – just like it is in the real world.  You cannot dissociate yourself from the people you share your online connection with.  That is true whether it is your work group, your family, or strangers at a coffee shop.  And if one group is compromised, that could roll into the other groups – or your whole life.

Topics include the well-intentioned organizations that collect and keep too much information about us; she shares how we can recognize them and organize them so as to limit the threat and damage.  And also the limitations of the many organizations working to counter the threats; you have to follow simple rules because there is nothing the guards can do if you open the door and let the bad guys in yourself.

Most startling perhaps is that this is about more than just financial safety – some online badguys are a physical threat to you and your family.  And there are some surprises in here for businesses too.  It’s a scary list of companies, large and small, that have gone out of business because of hackers.

While there are suggestions for what to do if you have been hacked, this is mostly a book about how to not let the cow out of the barn to begin with.  This is a good book full of practical suggestions and real world advice for individuals and families.  A big surprise is how badly businesses need this information too.

Read More

4 Habits of Highly Successful Email Marketing + Infographic

4 Habits of Highly Successful Email Marketing Infographic

Email Marketers…

Use Known Customers Who Opt In. Use a Validation Service for Accurate Results

Use services like Data Validator to clean your lists and make sure they are as up to date as possible. Having an up to date email list is one of the most important steps to having a successful email campaign. Not only are you cutting down on the bounce rate by not sending to non-existent or inactive addresses, you are increasing the amount of contacts that ARE going to see your wonderful content.

These days, services such as MailChimp and ConstantContact require you to have an updated list before you are allowed to send anything at all. It’s considered best practice to gain recipients on a list from cultivating them through your website or other means, but not purchasing a list.

Spammers…

Use Old, Outdated Lists and Purchase Lists From a Provider. Data Validation is for Cowards!

The first step to being a spammer is making sure you have a list. Not just any list will do either. The list should be old. The older and more outdated the better. Who knows if all those people on the list are still active but it doesn’t matter. Quantity over quality is a spammer’s motto.

Email Marketers…

Make Sure to INCLUDE A Physical Address. Be A Real Company.

When using a service like MailChimp or ConstantContact, the initial setup of an email address list asks for a physical address and other pertinent information that will automatically be placed on the bottom of every email sent to that list. This is to ensure that you comply with the CAN-SPAM act with no issues and never forget to include the address on the bottom. Not including a physical mailing address is subject to a fine for each individual instance that it wasn’t included. When you send thousands of emails that can add up to devastating numbers.

Make sure you play it safe and comply with all the rules before pressing the send button.

Spammers…

Make Sure to Exclude a Physical Address. Who Cares If You Are a Real Business or Not!

According to the CAN-SPAM Act, it is required to put a physical mailing address on the bottom of every email sent out for marketing purposes. As a spammer, it’s important that you ignore this rule and exclude any way for someone to contact you.

Email Marketers…

Send Different Emails at Varied Intervals. Have a Conversation.

Frequency of email sent plays a major part in how effective your emails are and leaves a lasting impression on those you send them to. Today’s email inboxes are often bombarded with, well, spammers. People skim their newest mail looking for something that sticks out to them as relevant. With hundreds of emails to go through daily, make sure your contacts don’t end up seeing yours more than they would like to.

Seeing repeat emails just looks like you’re trying too hard to get someone’s attention and can have a negative impact on the way they view your brand or even cause them to unsubscribe just to make you stop sending to them, which is definitely not the desired outcome. You can avoid this by finding a good rhythm to sending your emails, study the best times, do A/B testing and see what works best for your contacts and your industry. Once you have that down, keep it up and it’ll be smooth emailing.

Spammers…

Send The Same Email, 3 Times a Day, Every Day. Maybe they’ll Accidentally Click On It!

Another golden rule to follow as a spammer is to make sure the same email gets sent very frequently. Keep sending it to the same people multiple times a day and since you have no way for them to unsubscribe or contact you, there’s nothing they can do to stop you from filling their inboxes. That counts as brand awareness doesn’t it?

Email Marketers…

Include an “Unsubscribe” Link Option. If They Feel They’re Not Your Customer, Let Them Leave.

Along with the physical address, it’s actually illegal not to include an unsubscribe option in your emails as well. You can be fined the same way for each instance where the unsubscribe link was not provided. People don’t want to feel trapped with you. That causes negative emotions and feelings that attach to your brand.

It’s always good to give your contacts options. When you include an unsubscribe link, let it take them to a page that gives them more than just an “all or nothing” unsubscribe option. Let them have choices like choosing receive your emails monthly instead of weekly, or every three months. By providing more than one option, studies show more people will stay if they feel they can choose when they receive their emails as opposed to quitting altogether.

Spammers…

Don’t Include an “Unsubscribe” Link Anywhere. The Important Thing Is to Trick Them Into Responding!

You know what’s best for your contacts, so there’s no need to include a way for them to unsubscribe, even if it is illegal and also part of the CAN-SPAM act. Including a way to unsubscribe would just give them a way to remove themselves from your irrelevant list and content so you can narrow down who really wants to talk to you. Remember, quantity over quality!

Take Away

The lesson to be learned is not to try and cheat the system by sending out irrelevant emails to whatever email list you can get your hands on. It doesn’t work out for you, your brand, or your subscribers and can often get you blacklisted or fined large sums if you ignore the CAN-SPAM act long enough for just one person to report you.

Take your time in cultivating your lists from people you know have given you their information freely. The emails sent to those contacts will have a much higher success rate because they were already interested enough in your business to give you permission to send to them.

Read More

Cloud Computing Results Survey

Cloud computing survey results

The cloud is changing the way people work everywhere, regardless of the industry or size. So that we can truly understand how the cloud is affecting you and the way you work, we asked a number of businesses to complete a survey outlining the biggest problems we can solve and the biggest benefits we can deliver.

The results were incredibly appreciated and revealing. We’re sure you’ll find the following insights as interesting as we did.

Click Here to Download the Cloud Opinion Survey Results_2013

 

Read More

Browser Security Breakdown: Internet Explorer 10 vs. Chrome 21 vs. Firefox 15 vs. Safari 5

ie10 google chrome firefox safari browser security breakdown

Read More

Understanding the difference between SAS, SATA and Near Line SAS Hard drives to select for servers.

the difference between sata and sdd hard drives

There still seems to be a lot of confusion out there about hard disk drives for servers.  When you cut through the hype what are the differences between SSD, SAS and SATA drives?  Add to the mix, NL-SAS drives which is a hybrid type of disk drive that is basically an enhanced SATA drive that is capable of utilizing the enhanced SAS command set. From drives that spin to all digital storage, which is the right choice?

When you are building out the specs for a new server or looking to upgrade an existing server, there are a myriad of hard disk drive storage options to choose from.  Today, I am going to focus on the most common drive options that cover the majority of standard server applications. These include SAS, SATA and NL-SAS hard drives. I will also cover the differences between digital storage and traditional spinning magnetic storage. There are also other types of drive types that are used for specialized server applications. The more specialized drive types will be covered in future articles.
With all these acronyms for drive types, we will first cover what they are and how their differences relate to each other.

Solid-state drive (SSD), may also be referred to as a solid-state disk, is a data storage device that uses electronic circuits as memory to store data persistently or in a non-volatile manner. Such that when electricity is removed from the drive, the data is left intact. SSD drives use compatible interface technologies similar to traditional block I/O hard drives such as SATA/SAS drives.  A key difference between traditional SAS/SATA hard drives is that SSD drives do not have any moving mechanical components, which distinguishes SSD drives from traditional spinning magnetic disks. Compared to traditional hard drives SSD drives are less susceptible to physical shock, are silent, and have greater performance characteristics for read/write access. The main drawback is that the cost per gigabyte is much greater than traditional disk drives, and current SSD drives do not have the large capacities as traditional SAS/SATA drives have available today.
Serial ATA (SATA) have replaced the standard parallel ATA or commonly called IDE drives. IDE stands for Integrated Drive Electronics which means that the disk control electronics is located on the drive itself. This allows newer hard drives to be able be switched out more easily or even utilized on different computers and still allow access to the data.  SATA drives spin at 5400-7800 RPM with data transfer rates up to 3/GS (gigabits per second) with some newer drives have up to 6/GS transfer rates.  SATA drives are the most common drive in the market today, and offer the largest drive capacities available. SATA drives today range up to two (2) Terabyte capacities and continues to grow.
Serial Attached SCSI (SAS) drives have replaced traditional SCSI drives.  They utilize the enterprise SCSI command sets for advanced functionality. The SAS drives usually have much higher spin rates usually 10,000 to 15,000 rpm as well as faster access times. Key differences between SATA and SAS include better device reliability and increased performance for data access reads and writes.  Drive reliability is a major difference as SAS drives have a much greater mean time between failures (MTBF). This means that SAS drives fail far less frequently than SATA, IDE, and Near Line SAS drives. This and the greater speed on data throughput make SAS the preferred hard drives for server and mission critical devices even though  the cost is much higher than SATA or NL-SAS drives.
Near Line SAS (NL-SAS) are drives are basically enterprise SATA drives with a SAS interface, R/W head and media (platter(s)). In addition, they have the rotational speed (spin) of traditional enterprise-class SATA drives (7800 or slower RPM) with the fully capable SAS interface command sets. Compared to SATA, NL-SAS drives have additional benefits such as the ability to connect a device to multiple computers, slightly faster interface, up to 30%, compared to SATA, no STP (Serial ATA Tunneling Protocol) overhead.  Reliability ratings fall in the same range as SATA drives so although they have many characteristics of SAS drives, they are not SAS drives.
In short, near line SAS drives are basically big, cheap and slow SAS drives targeted towards near line/occasional use storage solutions.  They can be cost effective solutions for storage space targeted towards NAS (Networked Attached Storage) servers and other non-mission critical, occasionally accessed data storage needs.
Summary – The key factors in determining what type of Hard disk drive to specify for a new server depends on the expected usage of the server.  The cost of the drives will depend mainly upon three key metrics: speed, reliability and storage capacity requirements.  For mission critical servers or servers that utilize disk intensive applications I would recommend utilizing SAS drives. For desktops, I usually recommend SATA drives, unless there is a need for local access and performance gains, such as some developers and architects. Disk access and data throughput can be important and have a noticeable impact upon the user. For non-critical storage, near line SAS drives are usually good choices as the SAS compatible interface allows for more seamless usage (command set) with server operating systems and array controllers.
By

Kurtis Kent
CEO of ManageWatch and Author of Network Documentation – the “How to” Made Simple

Read More

Microsoft Office 365 Consumer Version and Your Business

microsoft home office premium at a glance

Microsoft is breaking away from its normal “One price buys all” structure and has opted for the first time to offer its software, Office 365 Home Premium, as a monthly subscription.

With the new consumer version of Office 365, Microsoft is offering just one version for home users. It costs either $99.99 a year or $9.99 a month, which covers up to five computers in a household. They can include Windows PCs and/or Macs; Microsoft isn’t releasing a new OS X version of Office just now, but Office 2011, the current Mac version, is part of the package.

Though the new Office 365 allows users access to the advanced features usually only available through expensive enterprise options (you can see the full set of features here Microsoft Office Home Premium Features), Microsoft’s licensing strictly prohibits the use of Office 365 Home Premium in a corporate setting.

Office 365 Home Premium Excerpt from their License Agreement

Only one person at a time may use the software on each licensed computer or licensed device. The service/software may not be used for commercial, non-profit, or revenue-generating activities.

As more and more businesses adopt policies of BYOD (Bring your own device) and MDM (Mobile Device Management), having access to a corporate Office 365 has been a key for many. It’s only a matter of time before the corporate office starts seeing a more widespread use of Office 365 Home Premium Edition on their employee’s laptops and personal devices.

So what does this mean for businesses? Microsoft has made it clear that this new version of Office 365 with all the bells and whistles is strictly for personal home use. What alternatives to businesses have for their employees and how do they keep employees from utilizing the new Home Premium on their devices at work? While people may not have the answers right now, it’s definitely something that will need to be addressed sooner rather than later, so that licensing in corporate offices continue to stay compliant for industry best practice standards.

You can learn more about the new Office 365 Home Premium here: http://office.microsoft.com/en-us/compare-microsoft-office-products-subscription-plans-FX102898564.aspx

Home Office Premium At a Glance

The Home Premium release gives you the right to install the full desktop version of Office 2013 on up to five PCs (you can also devote one or more installations to Office Home & Business 2011 on a Mac). Although you need an Internet connection to install the Office programs, you don’t have to be online to use them. The package includes Word, Excel, Outlook, OneNote, PowerPoint, Publisher, and Access, along with 20GB of extra SkyDrive storage for the primary account holder and 60 minutes of Skype minutes per month. The subscription is good for one year.

Read More

IT, Networks, and Cloud Computing in 2013

The Forcasted state of IT in 2013

In the DBJ January 4-10 2013, special report on economic forecast 2013, they asked executives at the helm of the fastest-growing companies of North Texas of 2012 for their projections for 2013. In reading their answers I noted a tinge of worry as many CEO’s offer caution, but forecast a strong 2013.

As a business owner I look around the business climate in North Texas and I watch and listen to the news and read the papers (including the DBJ). With so much uncertainty and strife in Washington, a mostly unfavorable business climate, and challenges over fiscal spending limits, it’s only natural businesses should be concerned- it’s called survival instinct and good companies have a lot of it.

There is Some Good News

  • Interest rates remain low and will remain so for the near future.
  • The election and its associated business interruptions are behind us.
  • Home prices in North Texas are recovering and many new homes are being built.
  • Gas prices remain stable near $3.00 a gallon.

North Texas has everything to make 2013, and for that matter every year, a successful and memorable business year.  The question is one of attitude; do you see the glass ½ full with opportunities or ½ full of struggles and disappointments?

As a small business owner I know that every day brings its own challenges but what I must not do is bring any unnecessary doubt or worry to work with me.

I believe 2013 will be a rewarding and exciting year and I look forward to meeting its special and unique challenges.

Read More

The Nutshell Guide to Exchange 2013 by ManageWatch

featimg_40

The main focus for Exchange 2013 is further reducing cost of deployment and management. The four main areas that were changed to meet this goal were roles/deployment, management, storage, and end user productivity. Unlike Exchange 2007 and 2010 there may not be any major must have features for your organization, so if you are currently on Exchange 2010 the upgrade to 2013 might be a bit hard to justify. However if you are on Exchange 2003 you MUST upgrade to 2010 before you can upgrade to 2013; so now is the time to look at upgrading. If you are still on 2007 the features in 2010, which are further enhanced in 2013, should be reason enough to upgrade.

Take a glance at our in-a-nutshell guide to Microsoft Exchange 2013! Written expressly to easily describe the top changes, features, and advantages of using the new 2013 Exchange.

Click the Link below to download the free ebook! If it was helpful to you tweet or share it on Twitter or Facebook. Thank you in advance!

MW_Ebook_Exchange 2013

 

Still have questions? Give us a shout at 877-857-5989 or send us an email with your questions to info@managewatch.com

Read More

No Risk Business Solutions That Increase Productivity and Lower Cost

Make the right business IT decisions is easy

Business executives are under pressure to produce results in a complex and challenging business economy, where more is asked of fewer employees to produce better results. The first thought is often “What are some of the tools that successful companies are implementing to meet productivity challenges through agility, flexibility, and scalability?”

Business is hard enough as it is, so here are some easy decisions that you can make. On the surface these decisions seem like no-brainers, so why are some companies holding off on these innovative productivity business tools?

VOIP (Voice Over IP)

VOIP provides an easy, inexpensive way to make phone calls all over the world and when coupled with broadband services provide internet and video as well.

Recommendations: 3CX

Cloud (Public, Private, and Hybrid)

The cloud has revolutionized traditional IP computing with services such as Software as a Service (SaaS), Infrastructure as a service (IaaS), and Platform as a service (PaaS).  Cloud computing is both cheaper and more reliable than many corporate on-premise solutions.

Recommendations: Vazata

Virtualization (Hyper-V, VMWare)

Virtualization has reduced corporate IT costs by consolidating the number of physical servers required. With high availability for critical applications, and streamlines application deployment virtualization can simplify IT operations and dramatically reduce cost.

Recommendations: Microsoft & VMWare

SEO/Marketing (Search Engine Optimization)

The world as we know it has changed with the advent of the internet from a marketing perspective. Small companies can now compete on the same level as large companies without the customer ever knowing the difference through SEO and effective online marketing.

Recommendations: Insite Interactive

Outsourcing

It has been well-documented that outsourcing provides the company not only a competitive advantage through cost savings, but also a competitive advantage through greater productivity. Many companies already outsource payroll, accounting, and IT.

Recommendations: ManageWatch

Mobile Devices (Smart Phones and Tablets)

Workers are increasingly mobile with devices such as smartphones and tablets to do their work at the office, at home, and while traveling. Simply put, workers can be more productive than ever before by adopting mobile devices.

Recommendations: Apple & Android

In today’s complex economy successful companies know there are competitive advantages in these productivity solutions.

ManageWatch is a leading provider of network management and business solutions.

Read More