Bryley Basics: Scammer YGDNS.org

/in , /by

We received a seemingly legitimate email from YGDNS.org professing to square-away the ownership use of our domains, Bryley.com and Bryley.net, in China; the email was marked “urgent” and came with a person’s name, business address, etc.

I queried Mike Carlson, our CTO, who gave this reply:  “No serious problems, but certainly a scam. If you reply you will be offered the opportunity to register the domains along with other overpriced services.

Google search of “ygdns.org.cn” finds a couple well-written articles that indicate that this ygdns group has been doing this for a while, and if you respond take the extra step of calling. The calls are of the type “This needs to be fixed today!”; hoping to get a “yes” from whomever answers the phone by stressing the perceived urgency.

Note the fact that it was sent…with “Please forward… …this is urgent” line. Any legitimate registrar conducting a legally or procedurally required inquiry would send the request directly to you, to me, or our shared network operations mailbox. These are the publicly-available addresses associated with the bryley.com and bryley.net registrations. I’ve checked my mailbox, junk mail folder, and done the same on the network operations mailbox. Nothing from this company.”

So, we did not respond to any inquiries from YGDNS.org and advise the same to all.

Merchants should get ready for EMV credit cards in 2015

/in /by

The aging, magnetic-stripe credit cards are being replaced by EMV, a new standard with an embedded microchip that stores encoded user credentials with an optional PIN.  These two capabilities combine to reduce fraud by making EMV cards harder to clone and more difficult to use if stolen.

However, retailers and other merchants will need to upgrade credit-card processing hardware to comply with EMV.  Plus, validation and payment approval occur in separate, consecutive steps, which may require rewrites to existing Point-of-Sale (PoS) software.

Other considerations for retailers and merchants:

  • Cards are dipped, rather than swiped, which slows the process
  • EMV-processing applications/certifications takes time; apply early
  • PINs can enhance security, but at the cost of being slower to process
  • Training staff will be necessary for high-volume, credit-card processors

After October 15, 2015, many credit-card issuers (MasterCard, VISA, etc.) will not cover fraudulent issues generated with non-EMV cards; a not-so-subtle statement on complying with the EMV standard in 2015.

Recommended practices – Part-5: Software updates and patching

/in /by

This is a multi-part series on recommended IT practices for organizations and their end-users.  Additional parts will be included in upcoming newsletters.

In general, software manufacturers update their products for these reasons:

  • Resolve problems
  • Fix vulnerabilities
  • Make easier to use
  • Provide new features

The first two are of significant concern, particularly with operating systems (Microsoft Windows, Google DROID, Apple iOS, etc.) and with commonly used applications like Microsoft Office, Adobe Reader, etc.

Many operating-system manufacturers, especially those with large user populations (Microsoft, Google, Apple), release patches to address problems and security concerns.  These patches are typically small applications that either replace a portion of the operating system or update specific components (files) of the operating system.

Unfortunately, particularly with Microsoft Windows, patches that resolve an issue can often lead to unforeseen and unintended consequences; some patches actually designed to fix one area can break things in a different area.  Also, security updates are often time-sensitive; once released, it is important to apply them promptly.

Like operating systems, many popular applications require occasional updating.  Applications are typically not updated as often as operating systems, but their patching can critical to fix vulnerabilities.

The IT department or IT-outsourcing partner (i.e.:  Bryley Systems) of many organizations typically perform patch management with the objective “…to create a consistently configured environment that is secure against known vulnerabilities in operating system and application software.”2  These groups perform their patching in a cyclic fashion, often taking these steps:

  • Verify that the patch has a reasonable purpose in the environment,
  • Investigate its stability and usefulness by checking user forums,
  • Delay (if needed) deployment to ensure wide-spread acceptance,
  • Test it in the environment before deploying, and
  • Deploy and then validate this rollout.

If a rollout fails, procedures are in place to roll-back the operating system or application to its pre-patched state.  Periodic auditing and assessment is useful to ensure that the process is current and appropriate; audits should also identify systems that are not in compliance with the organizations patching standards.

Often, a Remote Monitoring and Management (RMM) tool – GFI, LabTech, Kaseya – or a patch-management tool – PatchLink, SolarWinds, Tivoli – is used to automate and centrally manage the process:  These tools permit the timely, managed deployment of patches and updates to groups of computers.

Notes:

2 Quote taken from the article by Jason Chan of PatchManagement.org “Essentials of Patch Management Policy and Practice”, but actual article is an excellent, in-depth treatise on this subject.

Other resources:

Bryley Systems’ President Gavin Livingstone Interviewed On Chamber Exchange

/in , /by

Tim Murray (President/CEO of the Worcester Regional Chamber of Commerce and former Lieutenant Governor of the Commonwealth of Massachusetts) interviewed Gavin Livingstone (President of Bryley Systems Inc.) on Charter TV3 earlier this year.

Gavin Livingstone Interview On Chamber Exchange

Visit http://www.Bryley.com/resources/videos/ to check out the rest of our video library.

Bryley Basics: Fixed-disk drive recycling and destruction

/in /by

Fixed-disk drives are located in most personal computers, servers, and even some copiers and printers; they store business data and confidential information.  When retired, they require special handling and recycling to ensure that this information is not available to others.  In addition, compliance and military standards dictate specific procedures regarding erasure and destruction.

Most fixed-disk drives house spinning disks within a metal enclosure; a read/write head passes over these disks to retrieve/record information.  Erasing the spinning disks is a good first step; physically destroying the spinning disks is also good since it then renders these disks unusable.  (Of course, someone can always try to put a disk back together, but the complexity and cost of this effort makes it extremely difficult and unlikely.)

When we recycle personal computers and servers, we take these steps to obliterate the contents of all fixed-disk drives:

  • When mounted within a computer, we run a multiple-pass cleanup utility that not only erases existing data, but also rewrites nonsense data back onto the drive to overlay previous data.
  • We then smash the drive into insignificant pieces using our Manual Disk Drive Crusher from Pure Leverage.

Our Manual Disk Drive Crusher quickly and easily destroys fixed-disk drives by crushing them in half.  The remnants are then recycled with confidence.

 

Mike Carlson achieves VMware VTSP 5.5

/in /by

VMware awarded Mike Carlson, our Chief Technology Officer (CTO), with the VMware Technical Solutions Professional 5.5 (VTSP 5.5) certification; a significant milestone in the VMware certification process that requires detailed product knowledge and the successful completion of six modules with corresponding tests.

Anna D achieves Adobe Accredited Sales Specialist

/in , /by

Anna D, Account Executive at Bryley Systems, completed the coursework and testing to become an Adobe Accredited Sales Specialist Creative Cloud.

Congratulations Anna!

ad16

HP to become HP Inc. and Hewlett-Packard Enterprise

/in /by

HP is a mammoth, $120B+ company covering two primary product areas:

  • Enterprise servers, Storage Area Networks, Cloud, software, and services
  • PCs and printers

By the end of 2015, it will become two separate companies that will follow these respective product areas:  Hewlett-Packard Enterprise and HP Inc.  Both companies will exceed $55B in revenue; both will be fully autonomous from one another, but will always share a common history.  Current CEO, Meg Whitman, will head Hewlett-Packard Enterprise; Dion Weisler, executive VP of HP’s printing and personal systems group, will run HP Inc.

For details, visit the Computer Technology Review article: “HP splits into two public companies to better adapt to changing market and customer dynamics”.  Also, see Maggie McGrath’s article in Forbes titled: “Hewlett-Packard confirms plans to split into two, cut an additional 5,000 jobs”.

Upcoming Bryley webinar on 12/10: “Get into the Cloud – Safely and Securely”

/in , , /by

On December 10th, 2014 at 2pm (EST), Bryley Systems will present: “Get into the Cloud – Safely and Securely”, which reviews Cloud Services and security.

Learn how to select from Cloud options while protecting data and related systems:

  • Select Cloud Services
  • Secure these Cloud Services
  • Secure associated systems and data
  • Ensure the integrity of your data

Click here to sign-up for this informational, no-charge webinar.

 

Ergonomics Made Simple – a brief primer from guest writer Marty Reed

/in /by

Are you sitting down?  Good!

Now ask yourself, how many hours will I be sitting in this chair today??  Wow, that many…

Have you ever asked yourself why you have a backache, or your wrists hurt or why the screen is so blurry?  These are all symptoms that your body is not happy with how you are doing your job.

Ergonomics is the low-tech part of a high-tech job; it is a way to align your body with your job and keep it happy!

So, put your feet flat on the floor (if they don’t reach, we have a problem) so that your thighs are parallel with the floor.  Place your wrists on your desk in front of your keyboard so your forearms are also parallel with the floor.  If you need a wrist rest to keep your wrist in a neutral or flat position, order one. If you need a back support to sit up straight, get an adjustable one (if it’s not already part of your chair).  If you can’t stand keeping your feet flat, get a flexing foot rest.  And keep your monitor an arm’s length away.

Next, with all of those gadgets sitting by your workstation, pick one with the easiest alarm to set.  Then set it for one-hour intervals all day long.  (And if you and/or your children play endless hours of video games, do the same thing at home.)

When it goes off, that means you have to get up off your chair. Yes, GET UP, NOW!  Walk to get some water or walk around the office – do something to wake up your muscles.  (Do not go for a smoke and you may have already had more than enough coffee; try water.)  You might even come up with a solution to the problem you were working on.

Visit the Mayo Clinic at http://www.mayoclinic.org/healthy-living/adult-health/in-depth/office-ergonomics/art-20046169 for more information on Office Ergonomics. 

Marty Reed is an Ergonomics expert providing training and consultation to local organizations.  Feel free to e-mail her at reed167@verizon.net.