Hyslop & Associates and Abbott Business Networks are offering a new workshop:

Understanding Ransomware and the Elevated Internet Threat to You and Your Family

Local Information Technology Expert Nate Abbott will present key information to help you remain protected from hackers who are actively extorting a billion dollars in ransom from millions of computer users around the world.   In this presentation you will learn what actual screens look like when Ransomware strikes a computer, and what to do if it ever happens to you.  Various hacking schemes will be discussed and demonstrated to help you be wary and safe in your Internet browsing and email habits.  Great information for the whole family, so attend and take it back home, or better yet, bring them in to this two hour class.

 

We know that this can be complex and confusing information so ample question and answer time is built into the presentation.  There is no such thing as a ‘stupid’ question.

 

Date/Time: 2 Options

 

  Monday, June 19th   9AM to 11AM    OR

  Monday, June 26th   5:30PM to 7:30PM

 

Workshop Fee:  $100

 

Register early – space is limited to 12 participants.

 

For a complete list of our classes, or to register for a workshop visit our website www.hyslops.com.  If you would like additional information, feel free to contact us.

DRAM and SSD Shortage

One of our primary vendors just sent us this message:  

"We wanted to alert you to an industry-wide Dynamic Random Access Memory (DRAM) and Solid State Drive (SSD) supply shortage that’s impacting pricing across all vendors. The shortage has caused a 50–105% pricing increase and is expected to continue through the first half of 2017.

"The shortage is related to the high demand of NAND flash in the PC, smartphone and tablet markets, which has caused a decrease in availability of SSD and DRAM products."

We wanted to make clients, partners, and others aware of this news because a surprising amount of our business in the last year has been upgrading systems by installing additional RAM memory and replacing spinning hard drives with SSD Drives.  It has made many computers that were manufactured since the release of Windows 7 fully adaptable to Windows 10 and newer applications that require more memory and demand faster disk storage access.  

If you have not upgraded to Windows 10, it may still be useful to look at DRAM and SSD upgrades as a way to avoid a premature computer purchase, even with the higher prices for these items.  Use our feedback page if you want more information or you operate a New Hampshire business that may benefit from these upgrades.

2016, the year of the Ransonmware exploit

On October 23, 2013, Steve Gibson reported on his weekly security podcast "Security Now" on the twit.tv podcast network, that about three weeks prior a new exploit called "Cryptolocker" had been discovered infecting computers at an alarming rate. 

In that podcast, Steve quoted another journalist, saying: "Dan Goodin at Ars Technica wrote said: 'You're infected. If you want to see your data again, pay us $300 in Bitcoins.' And the subhead was: 'Ransomware comes of age with unbreakable crypto and anonymous payments.' So, and if you want to [...] just put "CryptoLocker" into Google, and you will see, I mean, it is bad."

Three years later, what Steve and other security experts predicted about CryptoLocker and ransomware in general has come true.  It is the main malware threat concern of all Information Technology security personnel around the globe: how do I prevent my users from getting infected with ransomware, and how do I respond to it if they do?

We at ABN have prepared a 30 minute presentation to help IT managers and personnel at any company or organization become aware of ransomware, and to become better equipped to avoid the exploits of Internet ransomware threats.  This is available to our monthly contract customers for free with their support agreements, and for a small fee for anyone else. 
 

The Unbelievable Awesomeness of JunkEmailFilter.com

I have to take a moment to call out a really extraordinary service that I have done business with for several years.  The name of the business is "JunkEmailFilter.com", and it is run by one of the unknown soldiers for Internet integrity, Marc Perkel.

I became aware of this service because of the curmudgeonly rantings of John C. Dvorak, one of the most respected and longest running tech journalists still living.  He famously ranted "I GET NO SPAM" several years ago on my favorite tech podcast, TWIT (go to twit.tv for more on that), and I never quite forgot it.

As a result, when I was a bit frustrated with my efforts to control spam for clients who were using their own hosted email, mostly set up by me on Microsoft Exchange, I tracked Marc down and found that I was dealing with him personally in setting up service, and that he responded with lightning speed and perfect accuracy in setting up filtering service for my accounts.  The price for this service is amazingly low, and he can scale to whatever you need to support.

Furthermore, he is dedicated to our freedom and privacy on the Internet.  If you are not hosting your own email, but you want a completely secure and uncompromising email hosting service for yourself or your small business, then Marc is your man.  He provides that service also at similarly reasonable rates.

If you are still hosting email using Small Business Server or something similar like MDaemon, and you or your client cannot or will not migrate to a cloud service like Office 365 or Google Apps for Business, then you would be well served to put Marc's service in front of your own.  His is an extremely effective filter, and as I mentioned above, he works very hard to deliver service and support immediately via email.  It is very convenient to work with him.

Thanks to Marc for his help today, and lets hope that more like him step forward to eliminate spam and all of the nefarious cruft that crosses the Internet every day.

It Is Time To Choose a Password Manager

Dashlane and LastPass are the two major password keeper systems available, however there are quite a few and more coming every day.

I would recommend either Dashlane or Lastpass for the purpose of securely keeping your passwords in a reliable Internet based vault.   Here are my tips:

Dashlane seems to be oriented more toward Apple computer and device users.  David Pogue of Yahoo news recommends this service, and he has always been devoted to the Apple product side of things.

I found that the Dashlane program for Windows was a bit buggy, and LastPass wound up working better for me.  Both of them impose some adaptation on the user, so you should not expect totally smooth sailing in using either program.  Here are my main tips of the day for any of these programs:

1. Set a good strong password for the password manager and never, ever forget it. 

2. Make sure that you understand how password recovery works on your password manager in case you can't adhere to tip #1.

3. Make sure that you know how to go into the password manager vault and just look up your credentials for a website or service. 

Both programs are designed to automatically fill in user accounts and passwords for you, but sometimes they don't work with a particular website or service due to technical choices on the part of the service or website.  In those cases, you need to open up your Dashlane or LastPass program and copy and paste your user name and password into the site, or look it up and type it in. 

These are edge cases, and I don't have to do this often, but I know that if you just let LastPass or Dashlane take you along from their installation wizards, and you haven't really taken the time to learn to use them, you could be in for some frustration if they don't work on a site that you are under time pressure to log into.

Overall, they are great time savers, and both of them will generate new, very secure passwords for you that you would never have the ability to remember.  Both of them will import all of your saved passwords from your web browsers and store them in your vault when you install them.  After installation, they will ask if you want to do a security analysis, and they will offer to reset passwords for you that are heavily duplicated or very insecure (easy to hack/guess).  I would take it slow with that process so that you don't get locked out of anything if there is a problem.

Sneaky sneaky!

At this time, I use a very fine service called "LogMeIn".  Specifically, I use LogMeIn Central to manage remote desktops as part of my I.T. business.  When an end-user has a problem that we need to resolve, I can just jump directly onto their desktop using a LogMeIn remote access session, and interact directly with the user on their computer screen.  It is very nice.

This week, I received three messages that appeared to be from LogMeIn.  The first email was thanking me for my LogMeIn renewal payment of $999, which contained a Microsoft Word Document attachment named "receipt", or something like that.

I actually started to open the document before I thought about it because I was so upset by this message.  You see, LogMeIn has undergone a significant restructuring in the pricing in the last couple of years, and I reacted emotionally because I was keyed in to this information that has been discussed heatedly in user forums and elsewhere.

Then my senses came about me and I inspected the technical headers of the email to confirm where it came from, and sure enough, it was a phishing attack.  So, I filed it in my "Scams" folder and went about my business.

A week later, I got a message with the same reply address that indicated that my credit card on file at LogMeIn had expired and that my service would be terminated in 72 hours.  At that point, I second guessed my first conclusion because I DO have an expired credit card on file at LogMeIn, because I knew that at some point I would be using a less expensive service to replace LogMeIn.

So, I began to pro-actively migrate to the new service, but before I got to the tedious phase of updating my 200 supported computers with different remote support software, I took one last look at the last LogMeIn email.  The technical headers revealed that the originating server was HLERHGFWZ (41.158.9.115), and the originating sender was peremptorilyhrs79@rexhongkong.com.  So, after doing the smart thing and logging back into LogMeIn Central and checking my subscription status, I concluded that this was a sequential phishing attack with a very clever strategy.  Knowing that there were many users like me out there who were playing out the string on their LogMeIn Central accounts, they used a 1-2 punch to try and get us to click on their malicious email attachment. 

These are days to be wary, my friends, and pay attention to your mal-ware protections.  The stakes are continually being raised, and even the experts can be played.

My phone, the mighty Moto-X.

https://www.motorola.com/us/motomaker?pid=FLEXR2

This is my long-awaited review of the Moto-X, second generation phone, with some words about my experience with the first generation Moto-X, and the general effort that Google is making with this class of phones.

First let me say that the Moto-X is my phone.  I am an ex-iPhone user, and although I miss aspects of the iOS environment and the lovely hardware design and execution, I am not really looking back until someone answers this post anywhere with a complete user experience that matches or exceeds my results with Moto-X in the areas that I consider most important.

So, next let me state the priorities.  My smartphone is a business tool that I happen to enjoy when I am not using it for business.  There are many of us who approach this device this way.  Most of us like me are not teenagers or even in our twenties.  So to sum up my objective: I want a comprehensive communication tool with maximum Darwin award avoidance.

Communications: Texts, Phone calls, Emails, Tweets, WhatsApp messages, Instagram messages, Facebook posts, LinkedIn updates, weather alerts, news alerts, sports app alerts, and anything else the world wants to throw at me.  My job is to capture them all, sort them out by importance and respond to the ones that matter.  My hope is to enjoy a few of them that may not be important but provide fun or entertainment.  This is the marvel of the smartphone which makes them so interesting to manage. 

By the way, if you want my opinion of BYOD and how to control the smartphone in the workplace, here it is:  Manage the person, not the device.  Look for results and energy in your business enterprise from your employee/partner/associate.  Make no attempt to control what they are doing with their smartphone other than to thank them for their service and take it away from them when you have fired them for not getting the results you expect.  If the phone is theirs, make sure you have the right to wipe it and own the backup.

Back to Moto-X, I am dead serious about cell phone safety.  Since the early nineties I have had a cell phone in my car, and I consider the whole point of mobile communications to be my ability to respond quickly to an opportunity or concern.  Since I am an Information Technology provider, I spend too much time in my car to be cut off the whole time from communications, yet it has become abundantly clear that most forms of smartphone communication are lethal when driving, and sadly we have subjected this next generation to that experiment with some disastrous results.  I am determined not to add to those statistics, but realistically, I am going to know what is coming and going on my phone when I am behind the wheel.  That is where the Moto-X absolutely stands out.

When I am driving, if my wife texts me, my podcast pauses and my phone says to me "new text from Salma Hayek".  (It actually says something else, but I don't think Salma will mind helping save a few more lives, and my wife didn't have the cash to be included in this post).  Then the phone says "do you want me to read it to you?", and I say loudly and clearly "yes".  Then the phone says "OK, Salma Hayak says: thanks for the lovely evening last night, I particularly like the way it ended.  Let's do it again!"  (This is the kind of text I receive after we have spent the evening cleaning out the goat pen.  It's really fun and we just fall into bed exhausted!)  Then the phone says "Do you want to reply to Salma Hayek?", and I say loudly and clearly "yes", and the phone says "OK, tell me what you want me to send to Salma Hayak", and I say loudly and clearly, "Me too, let's do it again tonight exclamation point", and then the phone says "OK, I think you said "Me too, let's do it again tonight!", is that correct?, and I say "yes", and then the phone says "OK, sending text to Salma Hayek", and I have just taken care of a text while I was on the road driving my car.

OK, I am going to acknowledge some of the criticism that I am inevitably going to get about this last paragraph.  I hear you saying, "but Nate, ANY distracted driving is not appropriate, you should have 100% of your attention on your driving."  I am glad that you can't see my face right now.  The expression on it would offend you, but there is nothing I can do about that.  I have been driving for 41 years, and I have certainly averaged well over 20,000 miles per year over that lifetime of driving.  I am going to make an assertion here:  "All driving is distracted driving".  In my view, if there is a way that I can dispose of my distractions while keeping both eyes on the road and both hands on the steering wheel, then I am light-years ahead of those who are trapped in their distractions, unable to dispose of them and return their full attention to their driving.

Let's face it, if we all required ourselves to focus 100% on our driving, we would purchase cars equipped like taxicabs so that our passengers could be kept separate from us.  Mothers would not talk to their children on the way to school or soccer practice.  It's ridiculous.  We must seek the most reasonable, expedient and effective compromise that we can find, and I find the Moto-X to be exactly that compromise.

There are so many other subtle features of this phone that impress me and make me love it.  Most of them fall under the control of an app that they now call "Moto", and those features include "Assist", which I have been describing here, "Actions" when I wave my hand over the phone, or open the camera with a shake.  "Voice" is the voice response system of the phone with is so much better than Siri that there is not room or time for that expression of distain here.  With the new version, you can pick your own "Activation Phrase", which causes the phone to listen for your words and respond, so you could activate your phone with something iconic like "Frankly my dear, I don't give a Damn", or "Say hello to my stinky little friend".  "Display" scavenges battery life by illuminating only the portion of the OLED display required to show the time, or a key alert.

Another unique app is "Connect", which I believe might have saved the whole Windows phone/Windows 8 fiasco for Microsoft if they had just focused on it and introduced it four years ago.  Connect puts your phone activity on your computer screen via a Chrome browser plugin.  

Beyond these, there is the whole Google-verse of apps and ecosystem which I enjoy and find effective.  As I said above, there is some subtle integration that is unique to the Moto-X phones, the first one of which I got after it came out last spring on Verizon, and then having loved it so much upgraded to the right-sized 5.2 inch Moto-X 2nd gen phone.  I am partial to the Nexus Android experience, which is unchanged from that which is spawned directly from the software engineers at Google, and you get that Nexus experience on the Moto-X phone.  Interestingly, the giant Nexus 6 is made by Motorola and looks like a six inch Moto-X, yet it does not have the same processor and sensor architecture of the Moto-X phones, so it cannot do all of the same tricks.

When I had the original Moto-X phone, I bought a cool little add-on called "Skip" from Motorola, which allowed a small magnetic garment clip with an RFID chip in it to unlock the phone.  I do keep a lock code on my phone because I don't want a phone thief to be able to get directly in to my personal information, so Skip was a real time saver, but it is not compatible with the 2nd gen phone, about which I am a little bitter.  Something about the new NFC communications being incompatible with the old.  NFC is "Near Field Communications", which is a technology to allow smartphones to interact intelligently with objects nearby that contain NFC compliant RFID chips.  This is an emerging technology, and I thought Skip was a great use of it.

So, as a final note, the only downside for me about the Moto-X is that we have no way of gauging Google's enthusiasm for this phone, although we can say that it is successful enough that it was one of the five or six top smartphones of 2014 by most reckonings, and the only one that came directly from Google via their subsidiary, Motorola.  But wait, Google has sold Motorola to Lenovo, which means this could be all completely up in the air, except that if Lenovo and Google don't continue to partner on the development of the Moto-X phone brand and functions, it will drop out of the top six, and why would Lenovo or Google want to let that happen?  Google is a very tricky company to read because everything they do is a massive play on Internet traffic and search, the mother of all their businesses, and ostensibly the mother of all businesses.  I feel that I have no choice but to still bet on the Moto-X, my mobile friend.

Heartbleed Recap

This is a recap of the Heartbleed bug issue.  I have reviewed this issue over the past several weeks since it was disclosed, and I would like to take this opportunity to refine my message to clients, friends and followers in Social Media.

Initially, the risk associated with the “Heartbleed” vulnerability was widely overestimated in the media, but it is real, and the threat became more acute when the information about it went public while so many sites had the vulnerability.
 
As I understand it, the remediation process is mostly complete, but with some of the more extensive sites (meaning complex with many users, products, processes and connections), still not having patched the vulnerability.
 
Here is what I can say:
 
We will call the sites that you use most regularly, and for your most important stuff, i.e. banking, credit and investment, your “Class A” sites.  You should look for statements about the Heartbleed vulnerability on your Class A websites, and follow their recommendation exactly and right away.
 
We will call the sites that you shop at most regularly your “Class B” sites.  These might be Amazon.com, Walmart.com, Sears.com etc.  If you use any of them for significant purchases, or if you maintain current credit card information at any of them, you should do the same for them as you do for Class A sites.   You might want to check receipts for things that you have purchased in the last six months to help identify these sites.
 
If you use an online email service, such as Gmail, Yahoo mail, Hotmail, Microsoft Outlook.com, or anything like that, and you use that email account as the “password recovery” email address for a Class A or Class B site, then you should check your email service provider’s statement about Heartbleed, and follow their recommendations exactly.  Do this even if you use a desktop software program like Microsoft Outlook or Windows Mail to manage your email.  If the email service has a web portal, you must pay attention to Heartbleed.

In addition to these sites, if you have a Smartphone, and the smartphone comes with an associated account with Apple iCloud, Google Plus for Android, or Microsoft Outlook.com or Office 365,  include those account credentials in the Webmail category and treat them accordingly in the same way.  
 
Finally, you should be absolutely sure that none of the passwords that you use for these sites, Class A, Class B and Webmail, are the same.  Make sure that they are all strong and different.
 
I have recommended that you consider using a password manager such as LastPass to manage these passwords.  We, however, understand that many of our friends and acquaintances will find LastPass difficult to use because while we are fairly expert, there are areas where we have struggled using LastPass.  We have had to learn some special techniques that are part of the design of LastPass to deal with the various ways in which it sometimes fails to capture or incorrectly captures site information.  If for you, the number of these sites that I have described above is fewer than 20 or 30, then you may be able to maintain a manual list of your passwords, either on paper or in an electronic text file.  Remember that the existence of such a list is a security vulnerability in and of itself, and also, every time you change a password you must update your list.

We still strongly recommend that you adopt a password manager, and allot the requisite time and patience to become adept enough at using it that you don't get either locked out of your accounts, or get into a panic.

I think that this is the simplest message that I can give about password maintenance, and it is consistent with the best advice out there for creating and maintaining passwords.  A day will come when we no longer will need passwords, but until then, we must be as wary as a jeweler walking the streets of Manhattan.