Microsoft is (re)launching Outlook.com and consolidating its various “free” email service domains under the Outlook.com brand in an effort to regain the former glory it once held with Hotmail.com which has since fallen to a distant third behind Google’s Gmail and Yahoo Mail. Microsoft estimates it will be spending anywhere from $30 to $90 million in marketing in all the major media over the next 3 months on a combination of attack ads aimed at Gmail users as well as informational campaigns they hope will help persuade users to switch (back, in many cases) to Microsoft.
What this means for you:
If you already have a Hotmail.com or MSN.com email address and you haven’t already converted over, you’ll be migrated over to Outlook.com gradually as Microsoft consolidates the services under the new brand. If you are considering switching (or opening another webmail account), the only feature Outlook.com is offering that differs from the competition is Contacts stored in your online address book will automatically update information based upon information available on social media platforms like Facebook, Twitter and LinkedIn. Gmail does this with G+ but you have to resort to third-party extensions and services to mine the other social media sites for this information. Beyond this feature, Outlook.com is mostly playing catch-up to Gmail, though their marketing dollars may steal some of Yahoo’s marketshare despite the company’s revamp of its webmail service a little over a year ago.
Windows users will probably be unsurprised to note that Adobe’s ubiquitous Flash plug-in requires yet another patch. This time, unfortunately, Adobe is scrambling to release version 11.6 to rectify 2 serious security holes that are already being exploited in the wild, and not just on Windows machines; Macs and even Linux is affected by the latest flaws.
What this means for you:
The flaws fixed by the above release may allow malicious websites to install malware either from just visiting a compromised website, or by redirecting your browser to open infected Microsoft Word documents or Adobe PDFs. There are malware websites being found on the web right now that can take advantage of unpatched Flash plugins and they will wreak havoc on your computer.
Patch Flash now. Here’s how:
- Go to Adobe’s website: http://get.adobe.com/flashplayer/ (works for any platform)
- Windows: Go to your Control Panel and look for the “Flash Player” control panel icon. Click the “Advanced” tab and then the “Check Now” button.
If you want to verify you’ve updated to the correct version, you can check it by visiting this link after patching: http://www.adobe.com/software/flash/about/
Microsoft seems to be taking Fat Tuesday to heart: this month’s package of software updates includes a whopping 57 fixes for security flaws across most of its current product line. Microsoft isn’t the only one patching: Adobe also has a handful of security fixes for its products – the most commonly installed are Flash and Acrobat. The security exploits patched are just as potentially dangerous as the vulnerabilities patched in Internet Explorer.
What this means for you:
Ideally, you either have an IT department watching out for you and making sure your software is being updated in a timely fashion, or you have Automatic Updating turned on and will automatically download and apply all critical and important patches released by Microsoft and Adobe. In the case of the former, it may actually be a week or two before the actual patches are applied, as many IT departments routinely test all MS patches before distributing them through the enterprise, mostly to ensure Microsoft doesn’t break something proprietary to your company’s platforms. And in the case of this month’s Patch Tuesday, they will have much more to test and deploy.
If your computer is relying on automatic updates received via the internet, make sure you pay attention to the little message popups in the lower right corner of your screen. Windows Update will let you know when its doing its thing, and will also notify you when it has finished applying the necessary patches. Not sure whether your machine has been patched? For most versions of Windows (XP, Vista, 7) you can click the Start Menu and select “All Programs” and scroll until you find “Windows Update”. Review the information on the screen, and if you have any questions, don’t hesitate to call us for a second opinion!
If Forbes is writing about it, then it must be entering the mainstream, right? According to their calculations, the latest jailbreak for the iPhone’s iOS 6 has been installed over 7 million times since its release last week, which is roughly equivalent to about 2% of the overall iPhone population, and that number is likely to grow over time to 10% according to Jay Freeman, the administrator of the “unofficial” jailbroken iPhone app store, Cydia.
“Jailbreaking” (similar to “rooting” in the Android world) is basically a process that removes the restriction of installing apps from a third-party app store not controlled by Apple. Apps found at Cydia commonly enable iPhones to do things that normally wouldn’t be possible under Apple’s strict programming and content guidelines, such as (before iOS 6) multitasking or something as simple as setting Google’s Map app as the default mapping application when you click on addresses on your iPhone.
What this means for you:
The explosion in popularity of smartphones and tablets has infused cultures everywhere with elements of hacking and tinkering as people become more comfortable with customizing the phone rather than just using “as directed”, right up to the point where they hit the limitations of the device, and in the case of the iPhone, the (sometimes arbitrary) limits set by Apple. Over the years, jailbreaking, once considered arcane and only for the most foolhardy hacker, has now become something simple enough that you could walk your grandmother through the process.
Let’s be real – jailbreaking your grandmother’s iPad is probably not necessary, but if she could do it, then surely you can do it. And if it means being able to finally get rid of Apple’s miserable Maps application and return to trusty Google Maps once and for all, jailbreaking starts to look a lot more inviting. In the end, jailbreaking is about deciding whether Apple’s vision for how you should use your phone or tablet meets your needs (which it does for the majority of Apple customers) or whether you are really ready to “think different.”
Caveat: Jailbreaking your iPhone or iPad, while legal in the USA, will void your warranty according to Apple.
In case you haven’t been keeping up on your popular internet news, Applebees has stumbled into the hornet’s nest known as the “Internet backlash” following the termination of food server Chelsea Welch. Ms. Welch posted a receipt she received from a customer who wrote a decidedly controversial message on the bill, refusing to pay the restaurant-suggested tip that Applebees (not the food server!) adds for serving large parties. Being of the digital age, Ms. Welch did what many do (right or wrong) when something offends them: they share it on the internet. And as things sometimes do on the internet, outrage happens.
Here’s where the fun begins. Instead of circling the lawyers around the Applebee’s camp and running some professional damage control, someone with control over Applebee’s Facebook page took it upon themselves to argue with the entire internet. They did it poorly and clearly without “adult supervision.”
Rule #1 of the internet: “Don’t get into an argument on the internet.”
Rule #2 of the internet: “Don’t post in anger.”
What this means for you:
If you are in business, and your business has an online component: Facebook page, Twitter account, G+ presence, etc., how you use that account is possibly one of the most powerful brand management tools in your arsenal. As a famous superhero is known to say, “With great power comes great responsibility.” Part of that responsibility is understanding exactly what impact your status update, tweet, post, etc. can have. In the case of Ms. Welch, she didn’t have a large audience to start with. I’m sure she shared the photo with only a handful of friends…who then went on to share with their friends…and so on, and so on. You get the picture. Also keep in mind that if you have employees, make sure they understand the responsibility they have in representing your company’s brand on the internet, officially, or informally. You don’t need to police their Twitter postings and friend them on Facebook, but it doesn’t hurt to gently remind them that if they are representing themselves as employees of your firm, that representation doesn’t end the minute they clock out at work, especially if they clearly (and proudly) display you as their employer on their social media profiles.
You may have already come across this strain of malware before: a big, official looking notice pops up on your screen accusing you of software piracy. You are offered the opportunity to pay your “fine” online, which appears to be the only way to remove the notice and get back the use of your computer. This form of extortion scam is known as “scareware” and has been around for years. Most technology users are savvy enough these days to no longer fall for this particular tactic, but a new form of scareware accusing users of viewing child pornography is now circulating that is giving even the most hardened malware veterans cause to pause. As you can imagine, being accused of this particularly heinous activity puts potential victims into the uncomfortable position of sharing this with someone else, something that they may be willing to avoid by paying what now may seem like a reasonable “fine”. Cybercriminals are counting on the squeamish and privacy-conscious nature of most people in this regard, and it’s likely we’ll see a huge uptick in this type of scareware tactic.
What this means for you:
No law enforcement agency in the United States issues fines via the internet, and they certainly don’t hold your computer hostage until the fine is paid. If your computer is infected with a scareware virus, immediately disconnect it from the network and contact your IT department or technology consultant, regardless of what you are allegedly accused of doing by the scareware notice. Any IT professional worth a darn will be intimately familiar with this particular type of malware and should be able to remove it from your computer, BUT, depending on the level of infection, your data and identity may be at risk, as well as your personal information, especially if you’ve accessed online bank accounts or other sensitive online information. You’ve backed up your important data on that computer right? Because many times, it’s easier to wipe a computer completely clean and start with a fresh operating system rather than cleaning up a malware infection. This is yet another reason in a long list on why you should be backing up your data regularly.
Image courtesy of Stuart Miles / FreeDigitalPhotos.net
Following recent attacks by hacktivist group Anonymous on various government websites, the Department of Energy has reported that it too has been hacked, and personal information on hundreds of its employees has been compromised. The DOE has been relatively tight-lipped about the breach, and it’s not immediately clear whether this may be related to Anonymous’s current campaign “Operation Last Resort” which aims to reform computer criminal laws in the wake of internet celebrity Aaron Swartz’s suicide. In the case of the Anonymous-led attacks, various government websites have been completely taken over by hackers and used to post derogatory videogame parodies and login credentials for hundreds of banking executives.
What this means for you:
The gloomiest of the doomsayers are saying that in the near future, there will be only 2 types of businesses: “Businesses that have been hacked, and ones that don’t know that they’ve been hacked.” We’re not there yet, but some analysts believe we’ve hit an inflection point in cyber security where the criminals are now ahead of the business world in terms of sophistication and advantage. If the above is any indication, many government institutions are probably even further behind businesses in terms of security. Does that mean it’s time to pack up all that technology and return to paper ledgers, brick and mortar storefronts and hand-written checks? Not yet, but the businesses that take an aggressive stance towards tightening up their ships will stay well ahead of the competition, especially when those looser ships start to spring cyber-leaks.
What’s the first step? Find out if you have an information security policy. If so, make sure it’s being enforced. If not, call me right away to start talking about how to get your company’s technology battened down for the coming storm.
Yesterday I posted about the real possibility of cybercriminals and spammers using Facebook’s upcoming “Graph Search” as a means to easily sort out and research potential targets. The Electronic Frontier Foundation, ever on the lookout for our privacy (even when we won’t do it ourselves), has put together an excellent guide on all the settings you should review in Facebook to make sure the data you want to be hidden from the general public stays that way.
What this means for you:
If you’ve ever taken a stroll (or even a dedicated walkthrough) of Facebook’s privacy settings, you probably gave it up for being unnecessary and complicated. Hopefully my previous article made you reconsider the “unnecessary” stance, and now EFF gives you a step-by-step guide to setting the privacy settings to what you want them to be. The only thing better would be having me sitting with you personally to go through each step and doing it for you. I could totally do that if you like, but while I was doing it, I’d be giving you a (possibly boring) lecture on why you should be learning how to do this for yourself, etc. Your privacy and security is important enough that you should understand exactly how Facebook shares your personal information. We are entering a period of time where getting duped by hackers is moving from nuisance to an actual threat on your livelihood and possibly even your personal safety, and the best defense is knowledge and preparedness.
Remember the announcement of Facebook’s new “Graph Search” feature? No? I don’t blame you. Until most folks can get their hands on it and see what it can do with data from people they know, it’s hard to envision how Facebook’s “innovation” is important. Security analysts, of course, eat and breath this stuff, and as they are trained (and expected) to do, they have extrapolated how this powerful social media search tool could be put to nefarious use. Christopher Hadnagy (Social-Engineer.org) put it succinctly:
Usually, a phisher or spammer collects a couple hundred email addresses and they’re hoping 10 percent of those who get it have an interest in what the email is about. With this tool, it gives a malicious person the ability to figure out whom to target with a particular message because they know their interests.
In case you aren’t aware how “phishing” works, the core conceit is focused on fooling the reader into clicking on links and providing confidential information to a counterfeit website. Phishing is most effective when the target gets an email that seems legitimate, e.g. using graphics and fake address from bank with which they already do business. Instead of having to rely on statistical probability, phishers can now target with ruthless efficiency any data available through Facebook’s Graph Search.
What this means for you:
If you are an avid user of Facebook with a tendency to openly share just about everything through social media, your data is already out there and viewable. If you are a casual Facebook user, but haven’t taken the time to adjust your privacy setttings, your data is already out there and viewable. Nothing has changed in that regard. However, up until now, you had a very, very thin layer of protection through the concept of “security through obscurity”. In other words, the sheer, overwhelming amount of data that is available greatly reduces your chances of being randomly identified and targeted. Think of it as wandering into the Library of Congress where the only way to find something was to know exactly what it was called and where it was located physically in the building.
Facebook’s Graph Search gives anyone the ability to search for anything in Facebook using a natural language query like, “Show me all the books on 19th century bridges built in the US with wood.” If those books are in the library and are viewable to the public, then they would be delivered in a tidy page that could be reloaded and refreshed whenever the search was needed. Here’s the key: the data is viewable only by those to whom you’ve granted permission to view. If you allow the public to see your contact information and “Likes”, that data will be viewable by not only your friends, but the internet, including the aforementioned phishers. If you haven’t reviewed the privacy and security permissions on your Facebook account, now is a good time to do so.
If you’ve been salivating at the prospect of upgrading to Microsoft Office’s latest iteration – 2013 – then your wait is officially over. Multiple SKU’s of Microsoft’s productivity platform will become officially available on Jan 29. Most importantly, Microsoft is now making the Office suite available to be “rented” via the Office365 Home Premium package. This subscription-based service will allow the main Office apps (Word, Excel, PowerPoint, OneNote, Outlook, Access, and Publisher) to be installed on up to 5 computers on your local network (Windows or Mac) for $99/year.
What this means for you:
Up until the arrival of Office365, most organizations couldn’t afford (or didn’t want to afford) an enterprise license for Microsoft products with the Sofware Assurance premium which basically guaranteed upgrades for their entire license base over a certain number of years. Instead they purchased what is known as a “perpetual use” license: it allowed the licensee to use the version of Microsoft software they purchased for as long as the software remains viable. This has manifested as many, many organizations running much older versions of Office dating back 10 or more years, and still quite happily getting work done without paying a single additional dime to Microsoft.
Microsoft, in an effort to keep the coffers full and users happy in all categories, has commoditized Office with this subscription service for everyone, allowing companies and families with tight budgets to remain competitive without breaking the bank. Office has been the predominant productivity package for business, and now with affordable pricing for entire households, Microsoft hopes to further extend and cement its grasp throughout the consumer market as well. Depending on where you stand in the industry, this is not always necessarily a bad thing. Broad standardization will lighten support burdens everywhere. On the flipside, crushing the competition might lead to stagnation in innovation, and as we all know, it’s been a long, long time since anyone every looked at a new version of Office with anything other than trepidation.