Working Computers Needed for Relief Effort

As you probably know some of the islands in the Philippines were recently wiped out by a typhoon in April. See below article snippet. Through various humanitarian efforts schools are being rebuilt so children can get back to school. However, my friend Andy Trish recently travelled to the Philippines and discovered that those efforts contain no provision for computers in those schools. Andy is taking it upon himself to pay his own expenses fully to install as many computer labs as in these newly built schools as there are computers to populate them. He hoping for upwards of 500 computers total.

Locally DHL has agreed to provide free shipping for any computers that we would like to send. Harbor Computer Services will prepare the computers and make sure they are in good working condition and package them up for shipment.

What we need are computers with at least 1 year of life left in them. A PC or Laptop will do. The PC’s need to be complete with mouse, keyboard and monitor. If you have any to donate please let us know and we’ll come pick them up.

Regarding tax write off, there won’t be any. This is a private effort. Andy is working with and us and DHL and other IT firms and BYond.org, to install the labs in their school projects but the equipment will not flow through them. It’s going direct from you to a school so when they open on day 1 there will be computers for the teachers and kids.

Email or call us if you have a computer or laptop hanging around the office that works but isn’t needed anymore.

Thanks for your support!

The situation

Typhoon Haiyan (locally known as Yolanda) struck Central Philippines on Friday, 8 November 2013, with an unprecedented fury through a combination of cyclonic winds (winds of 235 kph and gusts of up to 275 kph), heavy rains which led to flooding and landslides, coupled with tsunami-like storm surges along the coast lines. Haiyan made landfall in Guiuan, Eastern Samar, then cut across Visayas, the islands of Leyte, Cebu, Bantayan, Panay, and northern Palawan, finally heading out to sea, west of the Philippines.

According to the Philippine National Disaster Risk Reduction and Management Council (NDRRMC) update issued on 17 April 2014, this combination of powerful forces caused a devastating humanitarian impact resulting in some 6,300 deaths, around 28,700 people injured, and more than 1,000 people unaccounted for.

In addition to human suffering, Haiyan caused extensive destruction and damage to housing, livelihoods and infrastructure, leading to a drastic reduction in living conditions, income, and access to basic services. More than 16 million people (some 3.4 million households) were affected, with 489,600 houses totally destroyed and 595,100 partially damaged. Affected areas include Tacloban City (which received the heaviest impact) in Leyte Province; Eastern Samar (area of first landfall); the northern tip of Cebu and Bantayan Island; Negros Occidental; Panay Island, and; Palawan.

Should Businesses Foot the Bill for Free Public Wifi?

Comcast announced it has surpassed one million Wi-Fi hotspots across the nation, according to a press release that the company recently issued.

How did they do that?

Outdoor Hotspots: Comcast has placed Xfinity WiFi hotspots in public locations across the country, ranging from shopping centers and commuter stations to parks, sporting venues, beaches and boardwalks. Cities include San Francisco, Chicago, Boston, Philadelphia, Washington, D.C., and Atlanta as well as areas of New Jersey, Maryland, Virginia and Delaware.

Business Hotspots: Most Comcast Business Internet customers are eligible to receive an Xfinity WiFi hotspot for no additional charge when they order service. This is a value-added feature that directly improves their patrons' experience. Examples include restaurants, cafes and bakeries, retail establishments and office waiting rooms.

Neighborhood Hotspots: Recently, Comcast began providing residential customers with Xfinity Wireless Gateways the ability to have a second "xfinitywifi" signal (or SSID) in their home that is separate and distinct from their private and secure home Wi-Fi signal. This additional access point provides Xfinity Internet subscribers with a Wi-Fi signal without the need to share a homeowner's private network password. This service is included at no additional charge.

As a business, we received a  notice from Comcast touting that their new Wifi Service is available and includes at no additional charge a free public wifi within. Also note that this free public wifi can’t be turned off if you accept the wifi router from them. This is a big deal because it means that as a business YOU are paying for Comcast to provide free wifi to the general public. How are you paying? You are paying by agreeing to let the public use your available bandwidth that you bought for your business to use. This is important because streaming applications like Spotify, for example, are designed to use a lot of bandwidth. We’ve seen over and over again streaming applications grind business to a near halt. Further I really hate the idea of inviting the world onto your network. Comcasts routers were vulnerable to the recent Heartbleed episode and no security is perfect. The fewer people you have hitting your wifi the better.

Our recommendation therefore is that our clients do not accept the free wifi router from Comcast. Wifi routers are inexpensive enough to not warrant the risk.

-Amy

Alert: More News About Heartbleed

Companies are beginning to issue statements on whether or not their web servers were compromised by the Heartbleed vulnerability. If you use any of the services below you need to visit them and change your password. You also need to change your password for any other site where you have used that same password.

Facebook, Instagram, IFFT, Pinterest, Twitter, USAA, Intuit – Turbo Tax, DropBox, Box, LastPass, Minecraft, NetFlix, OKCupid, Wunderlist, SoundCloud

Google: Search, Gmail, YouTube, Wallet, Play, Apps and App Engine. That Play is effected is a big deal. That means your Android phone and tablets are wide open. Google has yet to announce how they will handle issuing updates for all of the apps in the Google Play store.

Yahoo: Yahoo Search, Yahoo Mail, Yahoo Finance, Yahoo Sports, Yahoo Food, Yahoo Tech, Flickr and Tumblr

Amazon: Elastic Load Balancing, Amazon EC2, Amazon Linux AMI, Red Hat Enterprise Linux, Ubuntu, AWS OpsWorks, AWS Elastic Beanstalk and Amazon CloudFront,

More Bad News:

Because GoDaddy’s own servers were affected it means that the certificates they issued are also effected and must be rekeyed and reinstalled. Although we recently switched to providing our own SSL certificates to our clients through ENOM most of our clients are still using GoDaddy certificates. This means that we’ll be asking for a new set of security keys for each of your from GoDaddy and reapplying the certificates to your servers. Since your server isn’t directly affected this is merely a precautionary measure.

Some Good News: Here’s what isn’t affected.

Your servers. Microsoft software including all of their hosted products are safe. Bing is safe. eBay, Amazon (store), PayPal, Federal Government websites, Nordstrom, Wal-Mart, Target, Bank of America, Chase, Capital One, e*Trade, Citigroup, Fidelty, Schwab, Ameritrade, USBank, Wells Fargo and LinkedIN are all safe. EverNote and Apple are safe.

If you have any difficulty changing your passwords ask us for assistance. If you have any questions about Heartbleed ask us about that too.

-Amy

Alert: HeartBleed

Heartbleed is the latest in an epidemic of attacks on the Linux foundation of the Internet. Most websites use Linux in one way or another but until recently the hacker community has left them alone. But a couple of months ago cPanel, the application that every website uses to publish itself, was hacked and now it’s OpenSSL. OpenSSL is the SSL certificate processing portion of websites. The hack allows your username and password and any other data that you enter into the website to be harvested in plain text defeating the whole purpose of an SSL protected website. The worst part about these recent hacks is that no one noticed them for the last two years.

You can find out if a website that you visit hasn’t been patched yet by entering its address into this tool http://filippo.io/Heartbleed/ I would recommend doing that for any website where you are entering in your username and password.

If you are curious about which websites were vulnerable, here are a few that still are as of last night: yahoo, flickr, eventbright, zoho, squidoo, petflow, fool, lastpass and slate. They are among tens of thousands.

So let’s say you use one or more of those common websites. You might feel that there’s nothing there in your personal information to worry about. There’s just your name, email address, home address, business address and perhaps some stored credit card information. The later is of course a concern but the larger concern is whether you used that same password any where else. That’s really what the bad guys are after. Because once they have a password of yours, they throw it at the websites that might yield money: credit card, banking, investments, tax returns, payroll, maybe they’ll order something from Amazon. That’s the real danger. So take the time to look and change those passwords.

If you need assistance, we’re here to help.

-Amy

p.s. My apologies for yesterdays post. It was not meant for you. I hit enter and sent it to the wrong group. That was for ThirdTier where we help other IT firms with technical issues and for the last 16 months we also help them build better businesses. It’s time to give back and help make this profession better as a whole.

What to do when you’ve been stolen

This week we’ve been working with the parents, of an employee, of a client. Do we usually do this? No. But when something extraordinary presents itself and we can help we will. Long story short. They were scammed, the home computer was infected (a MAC, btw) and their identify was stolen the first indication of which was the filing of a false tax return in which someone (not them) got a handsome check from the government. It happens all the time. A friend of mine in my neighborhood had the same thing happen to her. In fact thousands of people are now finding that they’ve been hacked and usually they are finding out when they go to file their tax return and the response is sorry you’ve already filed.

Where did they get the information? Was it your computer, a website, your bank, your library card, your insurance company, a credit card, mortgage company? Since you don’t know how or where someone got your identification from you have to cancel everything.

Start as if you’ve lost your wallet. This means new credit cards; new everything.

Then close your bank accounts and open new ones. Keep a permanent suspicious activity alert on those accounts. Consider removing online banking from the accounts. I keep two sets of accounts; one that has online banking with very limited funds and another than does not. Both require in person only account changes.

Follow the FTC recommendations.

http://www.consumer.ftc.gov/features/feature-0014-identity-theft

Follow the IRS recommendations.

Get An Identity Protection PIN (IP PIN):

http://www.irs.gov/uac/Get-An-Identity-Protection-PIN

Taxpayer Guide to Identity Theft:

http://www.irs.gov/uac/Taxpayer-Guide-to-Identity-Theft

ID Theft Tool Kit: Are you a victim of identity theft? If you receive a notice from the IRS, please call the number on that notice. If not, contact the IRS at 800-908-4490. Fill out the IRS Identity Theft Affidavit, Form 14039. (Please write legibly and follow the directions on the back of the form that relate to your specific circumstances.) http://www.irs.gov/file_source/pub/irs-pdf/f14039.pdf

Change your passwords…everywhere. Have your computers formatted and reloaded.

Above all take this seriously. It’s a giant hassle but it will never go away unless you go through this process and do it with some speed.

-Amy

New Facebook Scam in Your Email

This arrives in a friends email today. It looks just like a message from Facebook but it isn’t. How do you know? Hover your mouse and wait a second for the pop-up to appear that tells you where you are going to go if you click.

Above I hovered my mouse over the See Comment button and instead of facebook.com I see footmaniacs.com/zsl. That means that if I were to click I would be taken to a spoof website or an infected website that would download a trojan only my computer. Usually this is done to gather passwords for you account that they can later try at financial institutions or to gather personal information that can later be used to open a credit card in your name. To avoid this trap you should always hover to verify the destination before clicking anything.

Even better than hovering, just go to Facebook and read the comments there and delete the email. It always better to go to the source yourself.

be careful out there,

Amy Babinchak, Harbor Computer Services

Introducing Parrish Todd; More Scams Target Small Business

Introducing Parrish Todd. By now I think that most everyone has met Parrish and you’ve provided favorable reviews of his work thus far. Soon we’ll begin assigning Parrish to accounts so he can become a select groups “IT guy”. Parrish comes to us with 13 years experience in a wide range of areas, which is critical when working with small businesses. Parrish has worked in both small and medium networks; both consulting and as internal IT.

We are still hiring. We’ve narrow down the current crop of candidates and will be testing their technical skill on some real world problems then making our decision. So expect another new face. We like to get our new staff around to meet everyone, to see the full range of clients and get the broadest possible exposure to all of the things that we do.

More Scams Target Small Business. While many businesses are still battling Cryptolocker, the scammers have not been resting. New attacks seem to have a theme around social engineering. Social engineering is when someone calls to convince you of something by gaining your trust. For example:

• The State of Michigan sent out a scam alert that there’s a company trying to sell you on supposedly required compliance auditing.
• Microsoft is warning people that you’ll never receive a call from a Microsoft support person out of the blue. If one calls hang up on them right away. They just want your credit card and other personal information.
• One of our clients alerted us to a local “ambulance chaser” IT firm that is using the end of life date for Windows XP as a method to scare people into buying their services.
• Oakland University employees found out the hard way that their information was stolen. When filing taxes they are finding that someone already filed in their name and got a fraudulent refund!

The way to beat social engineering attacks is to simply not believe the person on the other end of the phone line or the letter writer. If you get any suspicious calls, email or letters give us a call before you give them any information. We can help you determine whether it’s legitimate or not.

Meanwhile over on our Facebook page:

*OneNote is now FREE for all platforms. Android, MAC and Windows

*New technology from Microsoft combines Kinect and projection to come up with an immersive experience. If you thought 3D was cool you have to see this.

*Microsoft Surface now available with 4G built-in from AT&T. Still comes with Office, 200GB One Drive and a year of free Skype calling. All at less than an iPad.

*Received a nice letter from Microsoft today

*Apple devices needs to be patched right away.

And more! Come follow us facebook.com/harborcomputerservices

- Amy Babinchak

Windows XP: It Was a Good Long Life

Windows XP arrived on the scene in 2002. 12 years is an unheard of life span for a supported operating system but its time has come to an end and the malware writers are really, really excited. They are excited about the opportunity presented by having an in production operating system that never gets another security update. A noticeable lull has occurred in new attacks and new security discoveries in Windows XP. The thought is that they are being held back until after the OS is no longer supported so that there will never be a fix for the issue. The same thing happened with Windows 98. Studies showed that after Windows 98 was out of support that is took about 12 minutes of Internet access before the machine was infected. We can expect the same thing to happen with XP.

Here’s what we need to do:

• Replace any XP computers with new ones
• Those that cannot be replaced must not have access to the Internet at all

Among our clients we see very few XP computers left. Those that are left fall mainly into the category of machine controllers or thin clients.  Thin clients can continue to be used because they are locked down from change and don’t directly access the Internet themselves. This makes them more resilient to changes over time and we can just keep those in place. For machine controllers we need to lock them down so that they have no Internet activity at all on them. This means no email, no internet and only the very limited function that they must do in order to run the machine that they are connected to. Any other functions must be moved off to another more modern operating system.

This won’t eliminate the possibility of infection but it will greatly lessen the chance. Infections today are mostly network aware which means that if they can get a foothold on your network the next thing they will do is look for additional computers to infect. They may even specifically look for XP computers.

What happened to make XP more vulnerable? It just got old. The security and OS design that was state of the art in 2002 isn’t even close today. We’ve reached the point in time where the code in XP just can’t be secured. It doesn’t have the capability because the technology to protect it didn’t exist at that time. So the code can’t be secured.

If we haven’t talked about securing your XP computers yet, let’s make sure that we do soon. That April 14th date is going to get here sooner than we realize.

--Amy Babinchak, Harbor Computer Services

It’s Cookie Time

It’s that time of year when we busily rush around while reflecting on what kind of year it’s been and how thankful we are for the great customers we have. We continue to be amazed by you and your success and humbled to be a small contributor. So thank you for another amazing year of learning and challenges; we enjoy every minute of it. Please accept these home-made cookies as a token of our appreciation.

We had a busy week of planning, shopping and baking last week and over the weekend. The cookies are being packaged and delivered this week by our very own delivery elf.

I know some of you wait by the door to be the first to grab them as they enter, so keep an eye out this week. The elf is on her way!

-Amy

Upgrading to Windows 8.1

If you have a Windows 8 computer, then your upgrade to Windows 8.1 is free. This is the latest version of Windows 8. This upgrade is also being delivered in a new way. It is coming down via the Microsoft Store and Microsoft expects therefore that ALL Windows 8 computers will be updated to the new version. They so much so expect this that they are withholding updates to Windows 8 and only publishing them for Windows 8.1. As the first example, Microsoft released Internet Explorer 11 to Windows 7 and Windows 8.1 but not to Windows 8.

The short story is that we need to upgrade your computer to Windows 8.1 and we need to do it soon. While it’s free to download, it is also a long slow process to complete. In fact it takes about two hours from end to end.

We’ve gone through and updated all of ours. They went off without a hitch so we’re optimistic that yours will too. Charley will be contacting all of you with a Windows 8 computer to schedule the time to perform the upgrade.

I’ll post some of the more interesting changes in Windows 8.1 is another blog once this project gets rolling.

-Amy

Free Office for Students

Microsoft announced that starting December 1st your school district can start handing out Office 365 free to its students.

Educational institutions, whether K-12 school districts or those in higher education, that license Office Professional Plus 2013 or Office 365 ProPlus -- the former is traditionally-licensed software while the latter is a subscription -- can now also hand Office 365 ProPlus subscriptions to students, free of charge.

Schools and universities must have licensed Office for staff and faculty institution-wide, according to Microsoft, to be eligible for the student give-away. When students graduate, their Office 365 subscription expires.

Office 365 ProPlus includes rights to download and install copies of the newest Office desktop applications on up to five Windows PCs or Macs owned by the student, as well as rights to run the iPhone or Android editions of Office Mobile.

This assumes that your school district uses Microsoft Office. If they don’t, then I have to wonder how good of job they can possibly be doing. Every business uses this software so every student needs to know it. I read recently that 85% of all job listing in Monster list proficiency in Office as a requirement. School districts are eligible for nearly free/severely discounted licenses themselves so there’s really no excuse for them not to participate.

But if yours doesn’t then there’s this option:

Students, faculty and staff at universities that do not equip employees with Office can instead pay a flat $80 for a four-year subscription to Office 365 University. That subscription program allows Office 2013 to be installed on up to two PCs or Macs, and Office Mobile on as many as two mobile devices.

Do note that just like in your business when the licensing allows multiple installations, it is multiple installations on devices used by a single individual never at the same time. So for example you can install it on your desktop and your laptop. Or your laptop and your phone. Or your desktop and your tablet.

-Amy

Equus and Cryptolocker Virus

I realize how that subject line reads so just so no one panics these are two separate topics completely unrelated.

Equus: While travelling recently in California I had the pleasure of taking my Third Tier team to be the speakers for the October SMBTechFest and since I was in the LA area I paid a visit to the Equus manufacturing facility. This is where complex custom server configurations, OEM machines and Laptops are built. They build $4.5 million dollars of equipment each week. This location is the largest of their build centers. I was given the tour by the facilities manager and national sales manager; it was very impressive. Not only for the method but for the results. In a year they have less than $1000 inventory loss and .01 failure. That is amazing considering how the value of computer equipment plummets with every passing day. Besides the equipment that we order from them, Equus also designed and builds all of the equipment for NetFlix. We saw machines being loaded with the entire NetFlix library. Now that’s some data transfer! Next time you rent a movie from NetFlix remember that it is being loaded from Equus equipment just like in your office. I witnessed the LEAN manufacturing process and how staff changes jobs to maximize efficiency at different times of day. As an ESOP the employees own this company and the value of their stock has doubled every year and it might even triple this year! Equus remains a strong American manufacturing company with a commitment to small and medium business. I’m happier than ever that we work with them to provide you with the best computer products available.

Cryptolocker: Cryptolocker continues to rage through the land. This virus arrives as an attachment and then proceeds to encrypt any files that the person logged into that computer has access to in the network. Anti-Virus software does not catch it because its behavior isn’t unusual in any way. It installs like normal software and it uses only the rights that the logged in person already has. This means it doesn’t break any rules. While not breaking any rules, it is still an attachment and it is still software. Using information provided on its behavior by bleepingcomputer.com we were then able to develop some precautions. We have done this via a new Group Policy deployment to your computers and a change in the backup permission settings. In addition, if you are a Harbor Secure Cloud subscriber then the attachments themselves are also blocked from your corporate email account. While nothing is 100% we believe that we’ve taken very good precaution to protect you.

I then took our procedures, the policies and an accompanying paper written by a member of my staff at Third Tier and put them together into what I called the Cryptolocker Prevention Kit and published it on my technical blog. It has been downloaded between 800-1000 times per day by other IT professionals around the world since. It has also been highlighted as THE solution by GRC, CNBC, SpiceWorks, Redmond Magazine and other prominent news sources. Unfortunately it has also been copied and published by others claiming authorship. The funny thing is that the policy puts a link to Harbor on the desktop. I’ve been getting some interesting calls and email from people that got the Kit from a stolen source and are now wondering how they got Harbor on their desktop! They lack the document that explains how to put their own information into the policy before deploying it since they obtained our Kit from another source. The moral there is to never deal with pirates only the original source.

We freely shared this information with our peers in the IT industry because we felt a need to do so. There was a lot of fear and uncertainty and since we had what we thought was a good solution we shared it. Better that more businesses get protected from disaster or extortion than fewer.

Next week I will be attending Microsoft MVP Summit in Redmond, where I’ll have many opportunities to provide input into new technologies being developed there.

-Amy

Time to Dedicate a Computer to Banking

Credit card processing organizations and banks are beginning to demand a dedicated PC that resides on a separate network from the rest of your computers in order to process a credit card transaction or access online banking. We have seen two instances of this so far and based upon the trend and industry reports from others we think that this requirement is going to spread quickly.

It means purchasing a computer just for this purpose. It means separating the wiring that the computer connects to from the others in the LAN. It means isolating the computer.

As far as isolation goes, most of you will be all-set. The Calyptix firewalls that we recommend have at least 4 networks available and all of the security tools necessary to create and protect the isolated space. For the computer, we are going to experimenting with a couple of very inexpensive devices – a PI and a thin client. We’ll be taking this project up in our lab to build and configure very simple inexpensive devices to service the purpose of online banking.

The PI is the same device that we’ve configured for our digital signage solution and the Thin Client is the same that we recommend as PC replacement for accessing terminal servers. In this case we’ll look to create a different configuration using these tried and true devices.

It’s our goal to stay ahead of the trend. So we’ll be ready with a solution when your bank issues the requirement or when you are ready to move to higher security banking.

-Amy

ALERT: Website Compromised

We have seen a rash of websites attacked and essentially destroyed recently. The attack is poorly executed and fills the website with enough garbage to cause it to be unable to run. The sheer number of files that are placed in the folders and the code changes make it impossible to clean. The website has to be reuploaded from the original files.

Therein lies the rub. We suspect that many of our clients do not have a backup copy of their website. It seems that generally web developers do not provide a copy. If your website was created recently (perhaps the last couple of years) then the developer can probably provide a copy to you. If not, then we should download a copy from your live site now and place it in your office for safe keeping.

Websites are pretty easy to attack because they often sit in their original state for many years without updates and the servers that they sit on are often not updated either.

-Amy

APC Surge Strip Recall

Gosh it’s been an interesting week.  

We received notification that APC has recalled some very old surge strips. These were manufactured prior to 2003. If you have one of them around they are a fire risk. Below is a picture of what they look like.

If you have one of these you will need to check the bar code to see if yours is effected by the recall. APC is offering a full replacement.

Please visit the following website and check the barcode against the list provided here.

http://recall.apc.com/en

If you need any help with this, just give us a call.

-Amy

Cryptolocker and Adobe Compromise

Cryptolocker: Regarding yesterday’s post about Cryptolocker. We are working on developing a block for the installer of this virus. Currently we are testing it on our own computers. This block uses software restriction policies to prevent the executable files from running. We are testing (dogfooding) on ourselves to make sure that this block doesn’t interfere with other applications. If it goes well, then we will plan to implement this solution to all of your computers. If you would like to opt out of this security measure please let us know. We will start with those that we can reach via group policy from your server. Any computer that is not part of a domain will not have the policy applied and will need to be individually seen. If you do not have a server then your PC’s will have to be configured individually. If you have a computer that needs falls into this category please contact your technician to have them apply the security setting. We can do this work remotely.

Adobe:  As you may have heard Adobe’s accounts database was compromised. If you have ever purchased anything from Adobe then your account information including probably your credit card for reoccurring subscriptions is in the hands of the bad guys. While we don’t know what they will do with this information or whether you will be picked from the list of nearly 3 million that they have, we do know that you need to change your password on your Adobe account. Please make a point of doing that today.

-Amy

ALERT: Cryptolocker Virus

This is the worst virus I’ve ever come across. Cryptolocker encrypts not only the files on your computer but ALL of the files that you have access to on the network.

There is no good cure. The only real solution is to reload every infected machine completely. The only other solution is to pay the ransom. Yes the makers of cryptolocker hold the decryption key and await your payment.

How To Avoid Infection

According to my best sources you get infected by doing one of these things:

• This infection was originally spread via email sent to company email addresses that pretend to be customer support related issues from Fedex, UPS, DHS, etc. These emails would contain an attachment that when opened would infect the computer.
• Via exploit kits located on hacked web sites that exploit vulnerabilities on your computer to install the infection.
• Through Trojans that pretend to be programs required to view online videos. These are typically encountered through Porn sites.

If you get this virus, all of your files will have to be restored from backup. This is not only time consuming but expensive. Please, please, please do not open any attachments. Only visit company work related websites and don’t click on anything that you don’t have too. Any questions at all about whether you should open or click please contact us and ask.

-Amy

Comcast Speed Increase Might Be Available to You

We have noticed that Comcast Business is now offering higher speeds for the same price. You might be able to get them to increase your speed.

This is what new customers are getting. However Comcast has no plans to increase the speed of existing customers. This means that you will be paying the same and getting less. Doesn’t seem right does it?

Our suggestion is that you call and ask for the higher speed. When they say that it is only for new customers, tell them that’s not the right thing to do because you are a good loyal customer that doesn’t want to have to move to another company to be treated fairly. This should work.

You’ll need the account number on your bill when you call. Here’s the number: (866) 683-1995

-Amy

Corporate Privacy Takes Another Hit

It seems like every time you browse the news headlines these days there’s another story about a corporation being hacked and losing their bank account, customers credit card accounts or identity. These kinds of loses are all perpetrated by people external to your organization. But last week, security researchers uncovered that Android devices store and backup to Google wifi passwords in clear text. It does this as part of the phone backup. Google provides a pretty slick backup and restore option for your phone so when you get a new one all of your applications, files, settings and yes wifi passwords are there for you. Nice from a user perspective.

Why is this important?

We have to think about what that means for your business. When an employee comes to your office and connects their phone to your LAN wireless then the Android is storing that password and sending a copy of that password to Google. As we know from previous disclosure by Google about their use of the data they collect, Google now has the right to sell, display, publish a connection to your network. This also makes Google the worlds largest holder of corporate wifi access credentials.

Will Google intentionally do something evil with this power? Probably not. But an individuals password could be guessed and the data harvested. It could be handed over to law enforcement or become part of government security data gathering. Imagine if you were a hacker and you got a list of those passwords. Now that the word is out that Google has a giant list of corporate access passwords you can bet that there’s plenty of bad guys trying to get their hands on it. It would make a really nice new rainbow table. (Rainbow table is the name given to lists of potential passwords that an automated tool will cycle through when attempting a hack.)

What should we do?

The danger is there. The way to mitigate the risk is to not allow phones of any type to connect to your corporate wifi. If you’d like them to be able to connect to a wifi while in the office, then we should connect them to a guest wifi that is segmented in the firewall from the internal network.

I would tackle this in the two ways. First by policy. Employees are likely to know and need to know the password to the corporate wifi. It would then be easy for them to add that to their phone. Your acceptable use policy needs to include a statement that phones should not be connected to the corporate wifi under any circumstances. Second we should lock down the corporate wifi to only specific MAC addresses or trusted machines with an installed certificate. Both methods will allow you to know that only devices and people that you trust have access to your corporate wifi and the data in your corporation.

- Amy 

Alert: Office Update Issues

There are two problems occurring due to updates to Microsoft Office 2010 and 2013. They effect different types of installations.

1. If you purchased your computer from a retail outlet it probably shipped with a trial edition of Office 2010. This trial edition has long since expired but is still installed on your computer. You have another version or edition of Office installed. If those conditions are met then your Office icons will go Orange and the file associations that allow you to click on a Word document and have Word open (as an example) are reset to the expired trial edition. The solution is to reset the file associations and remove the expired trial software.

1a. If you purchased your computer from a retail outlet it may have included a click-to-run version of office. This installation type is used by some computer manufacturers to minimize what they have to install on the computer before they ship it. Instead of installing office they install what is essentially a shortcut to download office. If you have installed office this way then the same file association problem will occur as above. You are most likely to experience this problem at home.

2. If you purchased Office through volume license and one of a set of two updates gets installed but not both, then the Outlook folder pane will be hidden behind a big blank space. The solution for this problem is to install the second update. Unfortunately the second update is currently a manual download and isn’t being delivered via normal channels (the mistake that Microsoft made) so it is unlikely that anyone will get the second update. We have the file and are ready to install it but we can’t do it proactively because to do so would also break Outlook.

Microsoft is currently working on automated fixes for these two issues which I would expect to happen soon. In the meantime if you hit either of these call us. We have the manual fix available and can do it quickly for you.

-Amy

Deadlines Approaching: HIPAA and Health Insurance Marketplace

There are two very important deadlines approaching.

HIPAA HITECH September 23rd: New rules for HIPAA go into effect September 23rd. Among these new rules is a definitely of Business Associate. You are a BA of a company subject to HIPAA if there is any chance that you may come into contact with Patient Healthcare Information (PHI). As you IT company we care about protecting PHI and that puts us into contact with it on occasion. You will need to have a BA agreement with us by September 23rd. I have a boiler plate document for that if you need one.

These new rules also include more specific language regarding your duty to encrypt patient information even while at rest on your server and other security measures.

<the information below is provided with permission by Cunningham & Associates a client of Harbor Computer Services>

Health Insurance Marketplace October 1st:

For your information --- The health insurance marketplace (a/k/a the exchange) will begin enrolling individuals October 1, 2013. All employers subject to the Fair Labor Standards Act, which includes companies with at least one employee and $500,000 in annual revenue, must notify employees of the existence of the new health insurance marketplace not later than October 1, 2013.

The Department of Labor has posted information about the notification requirement along with two model notices (copies attached. ED: blogs do no allow for attachments please email amyATharborcomputerservices.net for copies), one for employers who offer a health plan and one for employers who do not offer a health plan. The content and delivery requirements and model notices can be found at http://www.dol.gov/ebsa/healthreform/.

Please contact us if you have any questions.

Pat and Jack Cunningham

 

- Amy

SSL Certificates, DNS and Domains

We have fixed a price gouging issue. It wasn’t that long ago that we were able to obtain SSL certificates from GoDaddy at a very reasonable price for a basic certificate to protect remote access to the websites hosted on your servers. We turned to GoDaddy to supply these after running into pricing issues with other suppliers. This worked until now. But this year prices jumped at GoDaddy from $19, to $29 to $69 for renewals. So we went on a hunt and decided that it was time to register ourselves as resellers of these services and protect our clients (you) from this price gouging.

We are now registered with ENOM a bulk reseller of Comodo, Symantec and GeoTrust, TrustE, and SiteLock. They have the bulk pricing from these companies that we can pass along to you at very reasonable rates. For example, instead of a $69 SSL certificate renewal it will only be $30 for a basic certificate. We can also host your DNS records, websites and do domain registrations too. All will be at similar bulk rate pricing as compared to the general public pricing.

There’s no need to make any changes immediately. But as your domain renewals come due, SSL certificates expire we’ll be offering to renew them through this new service. I think that we have a win-win here and we’re happy to provide it to you.

- Amy

Meanwhile over on Facebook…

Harbor has had a Facebook page for quite some time. If you aren’t connected to us over there I would encourage you to do so if you are interested in what’s going on in the computer industry and with Harbor. Our blog is also syndicated to Facebook too.

Here are some of our recent posts:

Aug 12, 2013 8:04pm We got a new PC for the office. It's the NUC from Intel!

Nice fun short video. Surface RT vs iPad http://www.youtube.com/watch?v=o-O8IJZvmzA

As long as we're listing off things recently hacked, here's the news about Smart TV's. After GPS, Satellites, and cars why not TV's? http://mashable.com/2013/08/02/samsung-smart-tv-hack/

GPS has been hacked and demonstrated. http://www.cnet.com.au/students-hijack-us80m-yacht-with-gps-spoofing-339345024.htm

Can data breaches be beautiful? Only if you turn them into polka dots large and small. http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

Network Solutions outage affecting many businesses today. If you are having trouble reaching someone via email or getting to their website this is mostly likely the reason. So far we've been unable to reach network solutions to obtain an ETA for resolution.

Connect with us! https://www.facebook.com/harborcomputerservices

Digital Signage and Eliminating Projectors

We’ve been hearing from our clients that digital signage is of interest. Some want it for the visitors lobby to display company information. Some want it to do double duty as a presentation screen too. We have some good news on both fronts.

Digital Signage: Having seen the digital signage solutions being offered in the market by audio/visual specialists and the prices they are charging for such a simple technology we thought we might be able to do better while bringing the technology into range for even our smallest clients.  After some investigation I hit upon the kit computer called Raspberry PI.

The Raspberry PI is a very small but powerful device. The cap in the picture is for scale. The PI measures about 4”x2”. It uses a memory card like the one in your digital camera to house its memory, storage and operating system. It has an Ethernet port to receive data and an HDMI port to display data. It is very low power and can be powered by a powered USB port or a USB charger. (again like your phone) We load the operating system and software into the memory chip and then mount the device onto the back of any TV/Display with an HDMI port. Next through a subscription service we upload the data that it will display. We expect it to cost about $20 a month including data hosting. We’ve also partnered with Samsung for display discounts. They promise better than direct pricing but that doesn’t necessarily translate to better than Best Buy. As usual we’ll recommend the best option for you.

p.s. We’ve dog fooded this technology here in our office and it’s been running now 24x7 for last few weeks flawlessly. So were ready to deploy yours.

Eliminate Projectors in Your Conference Room: This topic dovetails nicely with the first one because it is dependent on the display that you purchase. Microsoft has announced that one of Windows 8.1 new technologies is something they are calling Miracast. In short this is wireless display technology. All you need is a Windows 8.1 (if you have Windows 8, then 8.1 is a free upgrade) and a projector or display that supports Miracast. Since Windows 8.1 releases in August I wouldn’t buy a display now that doesn’t support it. Hip, hip, hurray! No more cables and someday no more projectors. It seems likely that you’ll need cables and projectors around for a while yet since you are likely to get visitors that don’t have Windows 8.1. But even so, the future is here and this feature in particular has been a long awaited one.

-Amy

Comcast Reliability Issues

Over the last week Comcast has had reliability issues that have caused several of our clients to have intermittent issues. Through our efforts to represent our clients Comcast finally admitted to a serious internal problem. They made some temporary changes and these changes seem to have effected their internal phone systems, now making it difficult to communicate with them.

I’m sure that these issues will get resolved and that Comcast is working diligently to get things back in order. In the meantime please continue to let us know when you experience inconsistently with Comcast so we can verify that everyone’s service gets restored to full functionality.

Reviewing our Techs

Shortly most of you will receive an email from me asking to complete a survey. This short 10 question survey is designed to help me verify that my new technicians are doing a good job.

On my end of things, I see the incoming email requests from you and the tickets created by my staff. We have bi-weekly meetings to review client status where everyone reports on what’s happening with each of the clients they are responsible for and I pepper them with questions. Now I also have Ted as Technical Manager making sure that projects get completed in a timely manner and working closer with each tech. But the part that is difficult for us to see is our techs interaction with you whether in person or over the phone.

Each question is a simple yes or no with a box available for you to add some information that we might find helpful in our evaluation. I hope that you will comment so we can make the most of this process. And thanks in advance for the time that you will take to complete this survey.

-Amy

Lenovo Twist

Harbor joined the Lenovo partner team earlier this year after I went to a show in Florida and had an opportunity to put my hands on the new products in a small environment of 20 IT firms and about 5 Lenovo VP and upper Management types. I made some great contacts within Lenovo at that time. That level of contact is the type of thing that I look for in a new vendor. Will they treat you (our clients) as mere numbers or will they treat you as a valued customer and listen to the feedback that we pass up to them. Are they interested in small business or are they just making enterprise products that they think can shoehorn into smaller businesses?

I’m please to say that we’re now a Lenovo partner. I was suitably impressed with what they had to say, now they interacted, and now they’ve opened an assembly plant in the USA. They have also promised us better than website pricing when we purchase direct.

I placed the Lenovo Twist into Missy’s hands. She was still using the $200 Dell Netbook from several years ago. The upgrade served two purposes. First she really needed something mobile and the Netbook just wasn’t serving the purpose anymore and second, she’s our only non-IT person and so is the only one that can really give new hardware a realistic test.

The Lenovo Twist is a touch-screen laptop running Windows 8. The screen can flip around so you can use it as a tablet. It’s very thin, all things considered. It has 12.5” screen so it’s not huge but it’s “big enough for mobile work”. It can however double as a desktop replacement when paired with the USB docking station. The USB docking station can handle 2 DVI monitors, sound and 6 USB3 devices. 

The Twist has 12.5” touch display, i5 processor, 4GB ram, gorilla glass, and a solid state hard drive. It’s water resistant and anti-microbial. It is classified as an UltraBook which means that it’s thin, light and doesn’t have a DVD drive. It is lightening fast and has a battery life of about 6 hours.

I’m really, really impressed with it. Based on the solid feeling that it has I’m going to go out on a limb and say that it will live up to the reputation of Lenovo as being built like a tank. It feels like it will handle any amount of travel you can put it through.

It comes with Windows 8 Pro 64. Most importantly Missy took to it like a duck to water. She hadn’t seen Windows 8 before but immediately liked the touch environment, long battery life and instant start-up.  If you’d like to see one in person, we’re happy to bring it over next time your tech is in the neighborhood so you can check it out.

-Amy

“Eating Our Own Dogfood”

Eating your own dog food is a phrase that IT people use that means, using the products you recommend. There’s a verb for this too; it’s dogfooding. Dogfooding happens when we are testing something in production to see if it’s going to be worth mentioning to you or not. At Harbor we both Eat Our Own Dogfood and Dogfood hardware, software and services to see if they live up to their hype. It’s how we stay ahead and can make educated recommendations.

IT people have a lot of strange terms for things. Some items end up being our favorites and so they end up in production here as a permanent fixtures: Sharepoint, Office 365, Harbor Secure Cloud, Lync, Windows Phones. We just couldn’t get along without them. Some things are absolute winners like MultiPoint, Hyper-V, IP Phone systems, Spectorsoft and Remote Desktop Server. Some things comes and go: iPhones, NetBooks, Onsite Servers, Desktop PC’s, scanners, and fax machines.

Here’s a few of the items that we’re dogfooding right now.

• Intune, mobile phone management, Azure, SkyDrive Pro, non-domain environments, two-factor authentication, single sign-on and password servers
• Lenovo Twist, NUC, and Surface
• Policy’s, policy’s and more policy’s

We think that most of these are winners and so that’s were we are focusing. Some ideas come and go but the ones above are items that we’ve decided to really focus on because early indications are that these things are going to solve problems that we see developing.

Unsubscribe Does Work

I’ve been conducting an experiment on my email recently. The experiment was to determine if unsubscribing from mail I don’t want worked or didn’t work. It worked! I’m now getting a lot less mail that I’m not interested in.

Why unsubscribe?

The Can Spam Act paved a two-way street for spam. On one side of the street it makes advertisers provide an easy unsubscribe option and expects them to prove that you opted into their mailing list. On the other side is prevents anti-spam services from blocking mailing lists that you signed up for.

Now we all know that in practice we are getting newsletters and mail that we didn’t explicitly sign up for. I get a lot of mail where I can see that my address has been passed along by magazines, newsletters, website registrations, credit card companies, conferences I attended, etc. There are a myriad of ways for my name to end up on someone’s approved list that technically meets the requirements of the Can Spam Act but that doesn’t mean I want their mail. Since the spam filter can’t block this “legitimate” mail I need to unsubscribe.

In days past it was known that unsubscribing from mail just put you on more lists of email addresses that actually exist. Spammers sold these “verified” mailing lists at a premium. But the good news is that the Can Spam Act has done some good. I just went through a period of a couple of weeks where I went through and unsubscribed from everything I didn’t want as mail from that source arrived. My unwanted mail is now down to a tolerable minimum.

If you want to unsubscribe from an email, scroll all the way to the bottom and look for the unsubscribe link.

This will carry me through until the next conference I attend so this is a war that is never won, but the battle can be and the result is a much cleaner mailbox.

-Amy

The Small Medium Business Online Banking Crisis

Smaller businesses are now the #1 target for online banking theft. Your banking credentials are obtained through malware or social engineering or brute force username/password combination attempts. Here’s the rub: You aren’t insured against theft from online banking transactions. You money is just gone.

Meanwhile banks are encouraging all of us to participate in online banking. Some are even going so far as the charge additional fees for not using “paperless” accounts.

Here are a few sample thefts to read about. http://krebsonsecurity.com/2013/05/nc-fuel-distributor-hit-by-800000-cyberheist/

http://krebsonsecurity.com/2013/04/bank-sues-cyberheist-victim-to-recover-funds/

http://krebsonsecurity.com/2013/04/hay-maker-seeks-cyberheist-bale-out/

These types of cases are most often settled in favor of the bank and not the business. But even it they were settled in favor of the business, how many businesses can survive drained bank accounts AND an expensive lawsuit? It’s a mess. They are finding in favor of the banks by pointing out that the businesses haven’t taken up the bank on every security feature that they offer. Whether you know about these options or not is another thing. Your bank might not tell you. My credit union told me “Of course we would cover you in case someone broke into your account” “Oh that’s great. I can see that in writing?” As you can guess, the conversation ended there. They don’t have it in writing because it’s not really going to happen. “You should use our new Phone banking app!” “I don’t think so”

Security is one of those things that has no absolute. We can’t guarantee security, no one can. We can however make things more security. Being more secure than the next guy means that it’s more work to hack you than someone else, they will go to that someone else. So here’s what we did and what I suggest that you do as well. Recognize that you have to have online banking these days, here’s a suggestion for how to handle it.

• Open a set of bank accounts that have NO online access and keep most of your funds there.
• Authorize the fewest number of computers possible to access online banking accounts. (BTW, online banking includes ACH, wire transfers and payroll)
• Take advantage of EVERY security option that your bank offers
• Have current anti-malware software
• Install and configure EMET. It’s a free security package from Microsoft to protect against suspicious behavior in browsers.
• Install and configured Tracking Protection in Internet Explorer
• DO NOT authorize anyone to do banking over mobile phone
• Keep your limits low for ACH and Payroll transfers. Set instant alerts if your bank offers them

This is a place for serious policies and protective additional computer security. We can help by providing a boiler plate policy and installing and configuring additional security on your authorized banking computers.

If you really want to get serious, we can create a virtual computer that it only turned on for banking, then turned off again and used for nothing else.

Please think seriously about your security and let us help you make these important decisions.

-Amy

Cloud + BYOD = A Greater Need for Security

Seems that recently all of the articles are telling business owners to stop buying PC’s and let their employees buy them instead. I even saw that the AICPA (CPA’s association) was holding continuing education where the whole day was dedicated to BYOD (Bring Your Own Device) and Cloud. Of course if your dig into their credentials, the people giving the presentations were representing Cloud service providers so they aren’t unbiased and that’s really a problem because their advice isn’t complete; it’s one sided.

BYOD can be a good idea and it makes sense for some types of employees. We are definitely seeing that as the maturation of the information age comes upon us that the information worker is the new blue collar. There’s a history of blue collar workers preferring to work with their own tools (carpenters, electricians, plumbers) and then eventually being required to have their own set of tools in order to get a job in the first place. We are seeing the same pattern in the information age.

It started with smart phones but has now moved into laptops and oddly it’s actually the employees that want to use their own computer instead of yours. They think it will bring them more freedom to work the way they want to work and use the applications that they want to use. They also think that then you can’t tell them not to watch TV, listen to music or spend time shopping because it’s their computer. How you manage this new environment is really critical for your business and security becomes an even greater concern than it has previously.

There are many questions to be answered:

• If there’s a problem with the employee owned computer and the employee isn’t productive at work because of it, what will you do?
• If the employee owned computer is infected with malware and infects other employee computers, who will pay for the repairs?
• If an employee uses their own applications for work and those are not licensed properly, who is liable?
• If an employee uses their own application for work and those applications contain your data, how will you retrieve it when they leave your employment? Is there backup for that data?
• If one employee uses software X and another uses software Y incompatibilities are introduced. What now?

Policies will need to be implemented. I suggested that you think about them and implement them well before you start allowing employee owned equipment into your business. There are new human resource issues, new security problems, new acceptable uses. We have a host of sample policies to help you get started.

Security will need to be redesigned. The network will need to be reconfigured. A balance needs to be struck between making employees productive on their own computers and protecting the corporate computers from any malware that they might bring in. We need to protect the ownership of your data too.

It’s a brave new computer network out there. One that can bring benefits but that has huge potholes of disaster waiting for those that don’t plan. We really don’t want to see any of our clients suffer so let’s make that plan before any problems occur.

-Amy