It seems that while most of us aren’t sorry to see 2017 in the rear-view, if recent news is any indication, 2018 isn’t shaping up to be any brighter for technology. My outlook on security for SMB technology is mixed at best – I’m certain we will see an escalating amount of attacks coordinated by organized and well-funded teams pursuing both criminal and political agendas, and we will continue to see the rise of propaganda in social media presented as facts-based journalism. On a more positive note, there are still plenty of technology options for SMBs that give them access to the same tools and software that the big boys use, but as with real life, graduating to an internet-savvy business world means preparing for an environment full of sharp edges.

To get you ready, I recommend the following technology resolutions:

1. Back up your data. This was #1 last year, and it will be #1 next year. Not just to a hard drive you keep right next to your computer or server, but offsite, and regularly updated. Data loss is not just a possibility – it’s an eventuality. But it doesn’t have to be fatal.
2. Use strong, unique passwords. The standards have changed, but the concept remains the same. Don’t use weak passwords, and certainly don’t use them for multiple, critical sites or services. Get a password manager to help keep track of them.
3. Secure your mobile device, including laptops. If you check email, correspond with friends, purchase goods and services, take photos, blog, socialize, whatever, put a password on it. Can’t get the fingerprint sensor or face scanner to work? Sorry charlie, put a password on it. Even a 4-digit pin is better than nothing.
4. Don’t value convenience over security. Being secure is hard work, but recovering from an attack or malware infection is ten times harder. Don’t learn this lesson the hard way.
5. Protect your technology in layers. Maintain malware protection and firewall on your workstations. Encrypt drives on mobile devices. Set up malware and firewall protection for your network. Backup your data (important enough to say it twice). Add malware protection to your email service. Train your employees on proper security maintenance. Every layer is additive and creates a strong defense on all sides.

The internet continues to be a major engine for both economic and civil change, and the world’s powers clearly recognize this. Many battles are being laid, fortifications are being built, and skirmishes are already in the open. Like tense borders between countries, this can make the technology landscape risky and sometimes even toxic. It’s not time to head to the bunkers yet, but you should definitely be diligent in protecting your own technology territory. The internet has gone from pristine frontier to a heavily populated and increasingly polluted environment, and if you don’t take necessary precautions, your organization could end up catching a nasty infection with long-term health implications.

Image courtesy of Stuart Miles from FreeDigitalPhotos.net

Let’s just start 2018 with a bang, shall we? If you thought Intel’s mind-boggling security flaw of late 2017 was a jaw dropper, this latest one is has got to be the “hold my beer” moment of 2018, and we’re only 3 days into the new year. Intel is topping itself with what appears to be a devastating hardware flaw that is requiring a major kernel redesign in both Windows and Linux-based operating systems. I chose the word “devastating” for good reason: analysts are predicting the rewrite to the kernels could result in up to a 30% performance decrease in just about every computer using an Intel processor and Windows or Linux operating systems. There’s also a good chance Apple’s OS will need to be patched to fix this flaw, as it is subject to the same hardware-level design goof.

What this means for you

Every computer made with an Intel chip produced in the last decade is affected. This results in one of two possible outcomes:

1. If you are running on an operating system that is due to be patched (all supported Windows flavors from 7 on, most Linux builds, Mac OSX) then you may experience a slow-down in performance, possibly as much as 30% for certain computing tasks.
2. If you are running on an operating system that won’t be patched, your Intel CPU has a major security flaw that can only be fixed by either replacing it with a CPU that doesn’t have this flaw, which, for the moment, doesn’t exist.

If you are exclusively a mobile device user – most of them are built with non-Intel CPUs, or you have a computer built on an AMD processor, this bug doesn’t impact you directly, but you are still likely to be affected. Analysts are predicting this flaw and the workaround implemented by software developers will heavily impact cloud computing hosts like Amazon, Azure and Google Compute, which happen to host most of the world’s websites and virtual computing platforms. So now on top of possible bandwidth throttling from ISPs free of Net Neutrality regulation, you can also look forward to everything on the web being just a little bit slower, at least for the foreseeable future.

Once again, you as the end-user can do little to fix or prevent this. Windows 7 and 8 users have the option of not applying OS updates, but given the severity of the CPU flaw, this is probably a much worse choice than taking a (possible) 30% performance hit. Same goes for Linux and Mac OSX users – patching is still optional, but the security risk is likely very high for not patching this significant vulnerability. And Windows 10 users? Unless you are in the rarefied company of an enterprise-managed Windows 10 environment (essentially no one in the SMB space at the moment) you will be getting patched whether you want it or not, as there is no way to opt out of updates, save never connecting to the internet. And let’s face it, if you don’t connect to the internet with your Windows 10 machine, you are already ten times safer than the rest of us.

A lot of clients, friends and family have asked me about what the recent FCC ruling means for them, and many of them admit that they don’t really have a full understanding of what Net Neutrality actually is. First, here’s a refresher on Net Neutrality. Spend five minutes even if you understand NN, as it might help you better explain this complex topic to a friend or colleague:

What does the recent repeal by the FCC mean for you?

Let’s be perfectly honest. This debate has been ongoing for years, but what precipitated the FCC ruling in 2014 that was just recently repealed was something that NN advocates had predicted and warned about for years: a content provider (Netflix) paid an ISP (Comcast) to get out from under a speed throttle the ISP put in place, ostensibly to preserve bandwidth quality for their customers, but seeing as Comcast got a very large payday to open up the throttle, it doesn’t take a degree in economics to see that someone used their monopoly position to strong-arm another company into coughing up more money. And lest you think (or a NN opponent suggests) this didn’t have an impact on you or I, Netflix raised its prices in October 2015.

While a certain portion of the internet is already in pitchfork and torch mode (and have been for years) given the repeal of a ruling that was created to prevent the sort of shenanigans like the Comcast-Netflix deal above, Net Neutrality has essentially been on the “honor system,” even while the ruling was in affect. It would be fairly dumb, even by today’s lowered standards, for one of the ISPs to immediately announce a pricing program similar to the dystopian scenarios offered by the internet. But you and I know that big corporations aren’t known for always behaving in the public’s best interest, and you can definitely count on them to focus on maximizing shareholder value. With the current state of internet service provider market competition (there isn’t any for most consumers), we as consumers don’t have much in the way of voting with our wallets as NN opponents would have us believe. The ISPs have us over a barrel, and they know it. It remains to be seen whether they will be benevolent shepherds or merciless overlords, but given the recent disregard by the FCC for public opinion, I’m leaning towards the latter.

Image courtesy of Stuart Miles at FreeDigitalPhotos.net

This week’s technology mega blunder comes courtesy of industry giant HP, and it was literally at our fingertips the entire time. HP, among many other laptop manufacturers, has long used software from Synaptics to drive its laptop keyboards and touch-pads, and unfortunately the latest security goof comes in the form of a keylogger built into, you guessed it, the keyboard drivers from Synaptics. According to HP, this issue affects quite a long list of models, dating back five years. Supposedly a patch has already been issued by HP, but it will largely be up to the laptop user to apply the software update.

What this means for you

Fortunately, the keylogger is disabled by default, so it’s not quite as colossal as Apple’s blank password exploit or Intel’s gigantic “oopsie-daisy“. According to both HP and Synaptics, neither company would have access to any data that might have been captured if the keylogger was enabled, but that was a sleight-of-hand distraction. The security concern wasn’t that HP or Synaptics was snooping on your laptop usage (they can do this through various methods they and Microsoft Windows aren’t bothering to hide), but that a malicious party could exploit this dormant software once they had privileged access to your computer. More to the point – technology created by humans will have flaws. Making sure your equipment stays patched and up to date is only one layer of defense. It’s incredibly “cold” out there security-wise, and having multiple layers (firewalls, antivirus, backups to name a few) is the only way to keep from “catching your death”.

It’s no secret that I’m a proud Android smartphone user, but a large majority of my clients and acquaintances are iPhone users, and I know that many of them have not been having a good weekend due to a series of bugs in the latest version of iOS. Some of the bigger bugs include a crash tied to notifications, auto-correct changing “it” to “I.T”, the calculator producing incorrect results if numbers are entered too quickly (let that one sink in!), and being unable to delete photos if your iCloud drive was full. Normally it’s Android users suffering as smartphone guinea pigs, but, just like last week’s ginormous OS X cock-up (supposedly fixed now), Apple seems fairly driven to join everyone else at the bottom of the barrel with its initial release of iOS 11.

What this means for you

Hopefully you’ve not destroyed your iPhone in a fit of rage because Apple just released 11.2 that supposedly fixes many of the above-mentioned bugs. Lest you think this was only a bug hunt, Apple, with this release, also started the roll out of their new ecash platform “Apple Pay Cash” which is their version of Venmo or Paypal, and introduced fast charging with Qi wireless accessories. But let’s be serious – this was a major bug hunt, and it seems like there was a long list of critters to exterminate. As always, if you aren’t experiencing problems (possibly because you held off on upgrading to 11 in the first place), you may want to sit tight to make sure Apple hasn’t introduce a set of new bugs while squashing the current ones, but if you are one of the many suffering from from the buggy state we Android users know as “Tuesday”, check your iPhone for the 11.2 update. Make sure you plug it in and connect to the closest WiFi for a (hopefully) better, more functional tomorrow.

Not to be outdone by Intel’s jaw dropping vulnerability reveal last week, Apple stepped up to the plate with what appears to be an epic “Hold My Beer” moment: the latest version of their computer operating system “High Sierra” can be completely compromised through a serious bug. Even more unfortunate is the fact that it is trivial to execute: in any instance of the OS X system asking for authentication to perform a task requiring administrative access, the user merely has to use “root” as the login name and leave the password field blank. Tapping “enter” repeatedly to authenticate will eventually result authentication being granted without ever having to enter any password at all.

What this means for you:

For the majority of the business world, this is a rare respite from the constant deluge of vulnerabilities that plague Windows users, but that is no consolation for the millions of Mac users out there who usually enjoy a relatively secure platform. At the moment there is no patch from Apple but sources say they are scrambling to release a fix soon. In the meantime this vulnerability can be fixed quickly, assuming your machine has not already been compromised. By default, the “root” account is not assigned a password, and assigning one plugs the hole immediately. But there is a catch: setting the password requires a little bit of technical work that initially may seem “too technical” for the self-professed “non-technical” user. You have a choice: earn your geek wings by following this guide from Apple on setting the root password, or give us a ring. We can fix this problem for you, remotely, in a few minutes.

I had a nice little article planned for everyone about avoiding Black Friday/Cyber Monday shopping “deals”, but Intel just had to hog the spotlight this Thanksgiving. Based upon findings by security researchers several weeks ago, computer chip manufacturer Intel has released information on multiple vulnerabilities in the following CPU models:

• 6th, 7th, and 8th generation Intel® Core™ Processor Family
• Intel® Xeon® Processor E3-1200 v5 and v6 Product Family
• Intel® Xeon® Processor Scalable Family
• Intel® Xeon® Processor W Family
• Intel Atom® C3000 Processor Family
• Apollo Lake Intel Atom® Processor E3900 series
• Apollo Lake Intel® Pentium® Processors
• Intel® Celeron® N and J series Processors

Given that this represents a large chunk of what most computer manufacturers have been selling since 2015, it’s safe to say that millions of computers and devices are at some risk. HOWEVER there are (as of the moment) no known exploits in the wild seeking to take advantage of the published security flaws.

As of this writing, the major computer manufacturers have not yet released any firmware updates that will address these vulnerabilities. Dell has said that patches are coming but has not said when, and Lenovo has said that it is “hoping” to have “some” firmware updates by the 23rd. For now, the most that anyone can do is run a tool provided by Intel (Linux and Windows only at the mment) to determine if their system is vulnerable. It’s not clear whether Apple computers are affected – the current consensus is “maybe not,” but don’t take that to the bank just yet.

What this means for you:

Don’t panic. Enjoy your holiday (if you are taking one), and give us a ring on Monday to schedule a check of your equipment. Even though I’m sure there are some black hats out there right now frantically working on a way to exploit Intel’s colossal goof, the actual execution still requires a fairly specific set of conditions for the exploit to be possible. In the meantime, make sure your critical data is backed up, keep your operating system, antivirus and anti-malware software updated, avoid clicking suspicious links, don’t open strange attachments, and above all, stay vigilant.

The technology gremlins are in beast-mode this week, and I haven’t had the time to pen a carefully thought-out blog post for you, but I did go back into our archives to dig out some treasures that I think are still relevant!

• Make Yourself Less Hackable (2012) – a few handy, still relevant tips on keeping ahead of the hackers
• Spear-Phishing Effectiveness on the Rise (2012) – Maybe not surprising, but tricking people with fake emails is still effective even now
• Stolen Laptop Equals $50k Fine (2013) – People are still walking around with laptops chock full of sensitive data
• Is your webcam spying on you? Maybe. (2013) – This is still happening, and now in higher-definition!
• Applebee’s demonstrates how NOT to do social media – Little did we know just how much influence Social Media would have.

Image courtesy of Stuart Miles at FreeDigitalPhotos.Net

It may not surprise regular readers to know that I don’t spend much time frequenting social media spaces despite working in the technology industry. Up until 2016, my primary beef with platforms like Facebook, Twitter and Instagram was a mix of privacy concerns and disdain for banal content that had to be sifted constantly for relevant information. When I participate, it’s with purpose and definitely clinical in nature. This approach seems even more justified now with recent reports of Facebook’s undue influence on last year’s elections, and it would seem that Americans aren’t the only ones getting tricked by fake news on Facebook, and in some cases, with much more dire consequences.

“But I needs my Facebook!”

Social media plays a critical role in the non-profit I support – our success in fundraising and spreading awareness comes largely through posting on Facebook. But as I have repeatedly said over many years, the Internet makes it increasingly difficult to separate fact from fiction, and it’s very clear that some folks are determined to exploit this ambiguity for anything but altruistic pursuits. The spread of fake news on Facebook is even more insidious primarily for its influence on the masses. Around the world, even more so than in the US, people have an overwhelming tendency to see the information pushed out on Facebook as “truth”, especially in nations where traditional media outlets are state-run or mistrusted, primarily because it often comes by way of a friend or relative, i.e. someone they trust. Where someone would be inclined to view a news piece from an established news agency with skepticism, that same story regurgitated by a friend or loved one would get a free pass on fact-checking.

It’s pretty clear that this is one Pandora’s box we won’t be able to close. Facebook and other internet companies are struggling to control the monsters they created – the dual-edged sword of the Internet that facilitates the spread of information greases the skids for all information with zero regard for integrity or morality. As you may have guessed, the latter two traits require humans to judge, and as even the biggest internet companies are finding out, this is like a child standing in front of a fire hose. They are getting soaked and knocked down by a seemingly unstoppable force.

There is no easy fix for this, but if every human were to do two things, we might prevail against the liars and crooks seeking to exploit our naive trust in the Internet: view social media with a healthy dose of skepticism and approach all viewpoints with an open mind. Blindly accepting every Facebook postings as truth is a one-way ticket to getting tricked.

Image courtesy of Stuart Miles at FreeDigitalPhotos.net