Despite the fact that fixing broken technology and fighting internet pollution puts food on the table at Casa C2, I don’t take (much) pleasure in delivering technology tales of woe and doom to you, so it’s refreshing when I can update you on a technology that I am keenly interested in, especially when it intersects with my favorite food. I’ve been impatiently and selfishly waiting for self-driving cars for awhile now, primarily because driving in Los Angeles is incredibly stressful and monstrously inefficient. Even though I know that widespread adoption and implementation is a ways off, there will come a time when I can dictate a schedule into my smartphone the night before a busy day, and then, on the following morning, walk outside to see a car pull up to whisk me off to the first of several onsite client meetings. No worries about traffic, parking, hours wasted in traffic, or whether I have enough fuel to get me to my next destination. Even if the time in the vehicle is lengthy, it’s time I can use to work, relax or even sleep.
For now, I’ll settle for getting a pizza delivered via self-driving car.
Of course, to do so today I would have to be in Miami, Florida, where Ford is currently taking its first steps to meet its 2021 goal of having a nationwide fleet of self-driving taxis and delivery vehicles. Based on the pilot program first launched in their HQ hometown Ann Arbor, Michigan, pizza-maker Domino’s is partnering with Ford on a Miami-based beta test of the driverless pizza delivery fleet. While I have mixed feelings about the potential surge in unemployed pizza delivery persons, I like the idea of pizza delivered quickly and efficiently by self-driving car. However, when the inevitable takeover by robots and AI of menial and easily automated jobs actually occurs, will it mean that humans will be free to pursue more enlightening and fulfilling employment, or will we end up with way too many idle hands put to poor use? This will be a true test of humanity and civilization: can we leverage the freedom technology can grant us, or will be squander it in the pursuit of idle pleasure. Is your vision of the future Rodenberry’s “Star Trek” or H.G. Wells’ “Time Machine”? I’m hoping (and working) for a Star Trek future.
Image courtesy of nalinratphi from FreeDigitalPhotos.net
Companies jumping on the cryptocurrency hype train is relatively old news. You’ve all heard about companies changing their name to some variant of “blockchain” just to cash in on the trading frenzy surrounding the hot new tech, regardless of whether they had anything at all to do with the industry or technology. As a nice follow up to last week’s blog about your server being secretly enslaved to mine cryptocurrency, the latest trend is to get your web browser to mine virtual coins. While there have been plenty of reports of illicit browser hijacking to crunch cryptocurrency numbers, online magazine Salon is offering up an ad-free browsing experience in exchange for using your “unused computing power” to mine, presumably as a way to offset lost advertising revenue.
What this means for you
Online advertising has been in a never-ending, escalating conflict with browsers and plugins that are designed to block ads. Content providers are also trying desperately to figure out how to monetize their visitor traffic without completely alienating those same visitors who are increasingly savvy to marketing gimmicks and have become sensitized to their rapidly dwindling privacy. Some content providers have moved directly to soliciting tips or donations directly from their viewers, but for sites like Salon, the donation model just isn’t appropriate. What remains to be seen is if visitors are sufficiently annoyed with the sites advertising to instead give up some CPU power to enjoy a brief respite, and what sort of impact it might have on their viewing experience. It will also be very interesting to see if other content providers jump onto this bandwagon. Could this be a new web browsing model: watch these ads or donate some CPU cycles? Humans have demonstrated their willingness to donate CPU power to causes like SETI@home and Folding@home, but are you willing to drop your spare CPU change into a for-profit company’s tip jar?
Cryptocurrency mining seems to be all the rage right now. While it wouldn’t be unusual for my clients in the finance industry to be keeping close tabs on technology’s “hottest” trend, I’ve been asked about cryptocurrency by just about everyone, including stay-at-home parents and retirees, mostly because a younger family member is either an avid PC videogamer or aspiring cryptominer trying to find a video card. Why on earth would cryptominers need cards normally focused on digital entertainment? It just so happens that the complex mathematical equations used to calculate the physics and graphics of a video game are very similar to the ones used to mine Bitcoin and other cryptocurrencies. But when they can’t find video cards to fill their mining warehouses, some cybercriminals are resorting to stealing processing power from your hacked server.
“Let my server go?”
Before you go yanking the cables out of your server and network because things are running a little slow lately, keep in mind that Microsoft is busy patching the snot out of the biggest CPU flaw known to man at this point, and as some have predicted, it’s taking a toll on all systems, big and small. However, if your server is running unusually slow, there is a possibility that your network may be compromised by either the Smominru or Wannamine botnets, especially if they include servers or workstations that haven’t been patched in awhile. Unfortunately these particular variants are very hard to detect, and can move laterally through networks as infected machines are isolated and disabled. Early reports from security research firms indicate that these infections are crippling and very hard to remove because they employ methods that include fileless deployment strategies that completely sidestep traditional antivirus protection. In the two above mentioned cases, they are relying on a widely known, but still largely unpatched exploit known as EternalBlue, so eliminating that weakness in your network will add a certain measure of security, but the most effective option by far is to continue training your people to avoid infection vectors in the first place, ie. stop opening those strange attachments and links.
After months of denying it had any significant role in the 2016 Presidential elections, Facebook finally admitted that its platform had been exploited by Russian propaganda agencies with the express intent of spreading “fake news” and creating division among Facebook users. Five months later, it seems they haven’t made any progress on this front, and have also managed to stir the pot on several other hot-button issues. Seeing as Facebook is still one of the largest social media platforms in the world, it’s highly likely you or someone you know and love uses Facebook. Becoming familiar with the current batch of controversies may help you visualize one of the biggest elephants in the internet room.
Here’s what Facebook’s in trouble for this month:
- Banning ads for cryptocurrency – the digitial coin movement is facing its own set of troubles (devaluation, fraud, investigations, etc) and Facebook is already on the hook for its other controversial ads. Not wanting any part of a potential law suit or the destruction of their users life-savings, Facebook will no longer allow ads related to Cryptocurrency trading. Crying foul, of course, is the industry and its investors, which despite its still strong overall valuation and big-bank backing, has its share of fringe enthusiasts that see this as more evidence of “deep-state” persecution of currencies not controlled by the government.
- Messenger for Kids app under fire – Facebook’s new chat app is targeted specifically at kids between the ages of 6 and 12. Personal opinions aside (I would never recommend letting a child near internet-connected ANYTHING at that age), health experts and child advocacy organizations are urging Facebook to stop development and distribution of the app.
- Cries of censorship as known troll accounts banned – this one may seem like a head-scratcher at first, but only if you are a reasonable human capable of critical thinking. Some folks on Facebook are crying foul after Facebook notified them that it removed known Russian propaganda sites from their news feeds. Rather than facing the sobering fact that they might have been influenced by someone who didn’t actually have their best interests at heart, these fine folks are actually siding with the trolls who bamboozled them in the first place. How do you say, “Mission accomplished” in Russian?
- Stuck in the middle of profit vs community: Facebook founder Mark Zuckerberg recently announced that Facebook will be pivoting away from publishing news from big, well-established organizations to focus on more community and friends interaction. Smaller news organizations like Patch are lauding the change, and the big pillars of journalism are understandably concerned. Can Facebook successfully walk the knife-edge between possibly enabling even more fake news and echo-chamber interaction over vetted and respected (but for profit!) news outlets?
Over the years since the internet has come to dominate the technology and business landscape, I’ve often compared the growing tide of malware and general bad behavior found online to pollution. Like its physical manifestation, the source of internet pollution can’t be tied to a single cause or factor or even several of them. The rising tide of malware, spam, cybercrime, and even fake news is caused by a relatively small group of ignorant, mercenary or even outright malicious agents, but because of the way the internet works, there are few practical ways to stop it from spreading everywhere. If you imagine that the internet is the ocean, this stuff is a gigantic oil spill, illegal toxic waste dump and six-pack rings spreading everywhere.
And your website is soaking in it.
Most of us access the internet like we tap our water supply – through (more or less) filtered pipes connected to the main source. Just like I wouldn’t recommend drinking your water straight out of a lake or stream without some filtering, accessing the internet without proper protections is asking for a nasty infection. But have you considered the chilling fact that your website is out there, right now, braving the internet without a hazmat suit? According to at least one internet security company, over half of all website traffic is generated by bots, and more than half of that traffic is malicious. More importantly, they found that for the smallest, least trafficked websites (0-10 human visitors per day) had the highest percentage of non-human traffic, and because they were less visible and more likely to be unattended, they were more likely to be attacked and successfully compromised. Does that sound like a website you know? Maybe your own website? On average, C2’s webserver is attacked several hundred times a day, and, let’s face it, compared to the rest of the web, we’re at the very low-end of the traffic scale.
As to why anyone would attack a site that isn’t visited that much? A compromised website has many uses, many of which actually require that attention not be drawn to the compromised activities occurring on your very own internet island. This allows the attackers to leverage your site’s computing and broadcasting power (however small), essentially drafting it into a massive mesh of zombified soldiers that aren’t limited by a workplace or home firewall. And there are a ton of low-traffic websites. It’s the internet-version of the age-old question of, “Which would you rather fight?” One massive, infected website, or a million tiny, but infected, websites?
Unless you are a skilled website administrator, securing your site isn’t trivial. Definitely leave it to the professionals, but don’t leave it undone. Your website is floating in polluted waters, and unless you take necessary precautions, your little bit of internet paradise might end up looking like the picture attached.
Image courtesy of Sujin Jetkasettakorn from FreeDigitalPhotos.net
Hawaiians got a small taste of cold-war nostalgia last week with a false alarm that warned of an imminent but non-existent ballistic missile threat. While authorities were relatively quick to clarify the lack of impending doom for the tropical islands, they could not forestall the sharp criticism from many fronts, including North Korea who was probably glad for a moment to not be the brunt of global scorn. At the crux of the 38-minute gaffe: a terrible user interface and-surprise, surprise-a human.
What we should take away from this
Aside from the uneasy reminder that North Korea appears to be a button-push away from making this false alarm into a very real one, this unfortunate mistake gave us a glimpse into a critical technology system (poorly) designed by humans. While it may be psychologically useful for us to shake our heads and make jokes about the government’s tendency to award crucial projects to the lowest bidder, Hawaii’s recent tour of nuclear apocalypse came courtesy of a system undoubtedly produced by such thinking. “Lowest bidder” and “technology” rarely result in quality in which you would entrust your business, so why should it be any different for our most critical technology platforms, just because they aren’t profit centers? The next time you are evaluating a technology purchase, make sure your budget matches the importance of the purchase.
It’s also important to note that for as much as we depend on technology to do everything from getting us to work, keeping us safe, and moving the human race forward as a whole, it has yet to replace or even supplement one very critical human trait that seems to be in short supply these days: common sense. A moderate investment in training your people on the reasonable and SAFE use of technology will pay off dividends far in excess of your costs, and can prevent panic-inducing moments like Hawaii’s False Missile Alert.
It seems that while most of us aren’t sorry to see 2017 in the rear-view, if recent news is any indication, 2018 isn’t shaping up to be any brighter for technology. My outlook on security for SMB technology is mixed at best – I’m certain we will see an escalating amount of attacks coordinated by organized and well-funded teams pursuing both criminal and political agendas, and we will continue to see the rise of propaganda in social media presented as facts-based journalism. On a more positive note, there are still plenty of technology options for SMBs that give them access to the same tools and software that the big boys use, but as with real life, graduating to an internet-savvy business world means preparing for an environment full of sharp edges.
To get you ready, I recommend the following technology resolutions:
- Back up your data. This was #1 last year, and it will be #1 next year. Not just to a hard drive you keep right next to your computer or server, but offsite, and regularly updated. Data loss is not just a possibility – it’s an eventuality. But it doesn’t have to be fatal.
- Use strong, unique passwords. The standards have changed, but the concept remains the same. Don’t use weak passwords, and certainly don’t use them for multiple, critical sites or services. Get a password manager to help keep track of them.
- Secure your mobile device, including laptops. If you check email, correspond with friends, purchase goods and services, take photos, blog, socialize, whatever, put a password on it. Can’t get the fingerprint sensor or face scanner to work? Sorry charlie, put a password on it. Even a 4-digit pin is better than nothing.
- Don’t value convenience over security. Being secure is hard work, but recovering from an attack or malware infection is ten times harder. Don’t learn this lesson the hard way.
- Protect your technology in layers. Maintain malware protection and firewall on your workstations. Encrypt drives on mobile devices. Set up malware and firewall protection for your network. Backup your data (important enough to say it twice). Add malware protection to your email service. Train your employees on proper security maintenance. Every layer is additive and creates a strong defense on all sides.
The internet continues to be a major engine for both economic and civil change, and the world’s powers clearly recognize this. Many battles are being laid, fortifications are being built, and skirmishes are already in the open. Like tense borders between countries, this can make the technology landscape risky and sometimes even toxic. It’s not time to head to the bunkers yet, but you should definitely be diligent in protecting your own technology territory. The internet has gone from pristine frontier to a heavily populated and increasingly polluted environment, and if you don’t take necessary precautions, your organization could end up catching a nasty infection with long-term health implications.
Image courtesy of Stuart Miles from FreeDigitalPhotos.net
Let’s just start 2018 with a bang, shall we? If you thought Intel’s mind-boggling security flaw of late 2017 was a jaw dropper, this latest one is has got to be the “hold my beer” moment of 2018, and we’re only 3 days into the new year. Intel is topping itself with what appears to be a devastating hardware flaw that is requiring a major kernel redesign in both Windows and Linux-based operating systems. I chose the word “devastating” for good reason: analysts are predicting the rewrite to the kernels could result in up to a 30% performance decrease in just about every computer using an Intel processor and Windows or Linux operating systems. There’s also a good chance Apple’s OS will need to be patched to fix this flaw, as it is subject to the same hardware-level design goof.
What this means for you
Every computer made with an Intel chip produced in the last decade is affected. This results in one of two possible outcomes:
- If you are running on an operating system that is due to be patched (all supported Windows flavors from 7 on, most Linux builds, Mac OSX) then you may experience a slow-down in performance, possibly as much as 30% for certain computing tasks.
- If you are running on an operating system that won’t be patched, your Intel CPU has a major security flaw that can only be fixed by either replacing it with a CPU that doesn’t have this flaw, which, for the moment, doesn’t exist.
If you are exclusively a mobile device user – most of them are built with non-Intel CPUs, or you have a computer built on an AMD processor, this bug doesn’t impact you directly, but you are still likely to be affected. Analysts are predicting this flaw and the workaround implemented by software developers will heavily impact cloud computing hosts like Amazon, Azure and Google Compute, which happen to host most of the world’s websites and virtual computing platforms. So now on top of possible bandwidth throttling from ISPs free of Net Neutrality regulation, you can also look forward to everything on the web being just a little bit slower, at least for the foreseeable future.
Once again, you as the end-user can do little to fix or prevent this. Windows 7 and 8 users have the option of not applying OS updates, but given the severity of the CPU flaw, this is probably a much worse choice than taking a (possible) 30% performance hit. Same goes for Linux and Mac OSX users – patching is still optional, but the security risk is likely very high for not patching this significant vulnerability. And Windows 10 users? Unless you are in the rarefied company of an enterprise-managed Windows 10 environment (essentially no one in the SMB space at the moment) you will be getting patched whether you want it or not, as there is no way to opt out of updates, save never connecting to the internet. And let’s face it, if you don’t connect to the internet with your Windows 10 machine, you are already ten times safer than the rest of us.
A lot of clients, friends and family have asked me about what the recent FCC ruling means for them, and many of them admit that they don’t really have a full understanding of what Net Neutrality actually is. First, here’s a refresher on Net Neutrality. Spend five minutes even if you understand NN, as it might help you better explain this complex topic to a friend or colleague:
What does the recent repeal by the FCC mean for you?
Let’s be perfectly honest. This debate has been ongoing for years, but what precipitated the FCC ruling in 2014 that was just recently repealed was something that NN advocates had predicted and warned about for years: a content provider (Netflix) paid an ISP (Comcast) to get out from under a speed throttle the ISP put in place, ostensibly to preserve bandwidth quality for their customers, but seeing as Comcast got a very large payday to open up the throttle, it doesn’t take a degree in economics to see that someone used their monopoly position to strong-arm another company into coughing up more money. And lest you think (or a NN opponent suggests) this didn’t have an impact on you or I, Netflix raised its prices in October 2015.
While a certain portion of the internet is already in pitchfork and torch mode (and have been for years) given the repeal of a ruling that was created to prevent the sort of shenanigans like the Comcast-Netflix deal above, Net Neutrality has essentially been on the “honor system,” even while the ruling was in affect. It would be fairly dumb, even by today’s lowered standards, for one of the ISPs to immediately announce a pricing program similar to the dystopian scenarios offered by the internet. But you and I know that big corporations aren’t known for always behaving in the public’s best interest, and you can definitely count on them to focus on maximizing shareholder value. With the current state of internet service provider market competition (there isn’t any for most consumers), we as consumers don’t have much in the way of voting with our wallets as NN opponents would have us believe. The ISPs have us over a barrel, and they know it. It remains to be seen whether they will be benevolent shepherds or merciless overlords, but given the recent disregard by the FCC for public opinion, I’m leaning towards the latter.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
This week’s technology mega blunder comes courtesy of industry giant HP, and it was literally at our fingertips the entire time. HP, among many other laptop manufacturers, has long used software from Synaptics to drive its laptop keyboards and touch-pads, and unfortunately the latest security goof comes in the form of a keylogger built into, you guessed it, the keyboard drivers from Synaptics. According to HP, this issue affects quite a long list of models, dating back five years. Supposedly a patch has already been issued by HP, but it will largely be up to the laptop user to apply the software update.
What this means for you
Fortunately, the keylogger is disabled by default, so it’s not quite as colossal as Apple’s blank password exploit or Intel’s gigantic “oopsie-daisy“. According to both HP and Synaptics, neither company would have access to any data that might have been captured if the keylogger was enabled, but that was a sleight-of-hand distraction. The security concern wasn’t that HP or Synaptics was snooping on your laptop usage (they can do this through various methods they and Microsoft Windows aren’t bothering to hide), but that a malicious party could exploit this dormant software once they had privileged access to your computer. More to the point – technology created by humans will have flaws. Making sure your equipment stays patched and up to date is only one layer of defense. It’s incredibly “cold” out there security-wise, and having multiple layers (firewalls, antivirus, backups to name a few) is the only way to keep from “catching your death”.







![printlogo[1]](https://c2techs.net/wp-content/uploads/2017/11/printlogo1-460x260_c.png)

