Friday, July 10, 2015

Tabula Rosa Systems Security Bulletin 7/10/2015 - VMware Releases Security Advisory


National Cyber Awareness System:
07/10/2015 10:12 AM EDT

Original release date: July 10, 2015
VMware has released security updates to address a host privilege escalation vulnerability in VMware Workstation, Player and Horizon View Client for Windows. Exploitation of this vulnerability may allow an attacker to escalate privileges on an affected VMware system.
Updates available include:
  • VMware Workstation 11.1.1
  • VMware Workstation 10.0.7
  • VMware Player 7.1.1
  • VMware Player 6.0.7
  • VMware Horizon Client for Windows (with Local Mode Option) 5.4.2
Users and administrators are encouraged to review the VMware Security Advisory VMSA-2015-0005 and apply the necessary updates.
===============================================
For a great email parody, view the following link:

https://www.youtube.com/watch?v=HTgYHHKs0Zw&__scoop_post=bcaa0440-2548-11e5-c1bd-90b11c3d2b20&__scoop_topic=2455618
==============================================**Important note** - contact our company for very powerful solutions for IP management (IPv4 and IPv6, security, firewall and APT solutions:

www.tabularosa.net

In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki

 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo.  I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications. 

Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.
==============================================

Tabula Rosa Systems Security Bulletin - OpenSSL Releases Security Advisory



National Cyber Awareness System:
07/09/2015 12:31 PM EDT

Original release date: July 09, 2015
OpenSSL has released updates to address a vulnerability that could impact proper certificate verification. A remote attacker could ‘issue’ invalid certificates that pass validation by affected versions.
Updates available include:
  • OpenSSL 1.0.2d for 1.0.2b/1.02c users
  • OpenSSL 1.0.1p for 1.0.1n/1.0.1o users
Users and administrators are encouraged to review the OpenSSL Security Advisory and apply the necessary updates.
===============================================
For a great email parody, view the following link:

https://www.youtube.com/watch?v=HTgYHHKs0Zw&__scoop_post=bcaa0440-2548-11e5-c1bd-90b11c3d2b20&__scoop_topic=2455618
 --------------------------------------------------------------------------
**Important note** - contact our company for very powerful solutions for IP management (IPv4 and IPv6, security, firewall and APT solutions:

www.tabularosa.net

In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki

 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo.  I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications. 

Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.
==============================================

Thursday, July 9, 2015

Tabula Rosa Systems Blog Of 7/9/2015 - FBI, DOJ Want Companies To Back off End-to-End Encryption

 

Many companies and users are implementing encryption for their email. Even though this offers create security, governments are quite often opposed for reasons noted in the article below. Additionally, there is a possibility that by encrypting traffic, there is no checking for malware which might be a part of the payload.
==============================================================

infoworld.com 7/9/2015 - Grant Gross

FBI, DOJ want companies to back off end-to-end encryption
The agencies want tech vendors to retain access to encrypted data to comply with court-ordered warrants
U.S. tech companies should retain access to the encrypted information of their customers, instead of providing end-to-end encryption, in order to give police the tools they need to investigate crimes and terrorist activity, two senior law enforcement officials said.
The U.S. Department of Justice and the FBI aren't seeking new legislation to require tech companies to comply with warrant requests, at least for now, and they don't want companies to build encryption back doors that give the agencies direct access to communications and information stored on smartphones, said Sally Quillian Yates, the DOJ's deputy attorney general.
Instead, the DOJ and FBI, in their continuing efforts to combat the use of encryption by criminals and terrorists, are proposing that tech and communications companies retain internal access to encrypted information so that they can comply with court-ordered search warrants, she told the Senate Judiciary Committee Wednesday. Several tech companies already retain some access to customers' encrypted data, she said.
Legislation may eventually be necessary, but the DOJ is now looking for voluntary compliance from tech companies, she said.
With new encryption services from tech companies, "critical information becomes, in effect, warrant-proof," Yates said. "We are creating safe zones where dangerous criminals and terrorists can operate and avoid detection."
A recent push by tech companies toward end-to-end encryption, partly in response to reports of mass surveillance programs, has led the DOJ and FBI to raise concerns about law enforcement agencies "going dark" when investigating crime. Last September, FBI Director James Comey Jr. first questioned decisions by Apple and Google to offer encryption by default on their smartphone operating systems.
"The world has changed in the last two years," Comey told senators. "Encryption has moved from something available to something that is the default, both on devices and on data in motion."
Terrorist group ISIL (Islamic State of Iraq and the Levant) has used encryption effectively, Yates said. ISIL makes first contact with many potential recruits on Twitter, where the group has about 21,000 followers of its English language feed, but then directs them to communicate further on an encrypted messaging service, she said.
"This is a serious threat, and our inability to access these communications with valid court orders is a real national security problem," Yates added. "We must find a solution to this pressing problem, and we need to find it soon."
U.S. tech companies should be able to find a way to provide law enforcement access to encrypted data and still provide many of the security and privacy benefits of encryption, Comey said. "The tools we are being asked to use are increasingly ineffective in our national security work and in our criminal work," he said. "I don't come with a solution -- this is a really, really hard problem."
But Comey also rejected arguments by some computer scientists who say it's impossible to allow police access to encrypted data without also opening it up to hackers.
"I think Silicon Valley is full of folks [who] have built remarkable things that changed our lives," he said. "Maybe this is too hard, but given the stakes ... we've got to give it a shot."
While companies like Google and Apple were not included in the hearing, senators gave a mixed reaction to the testimonies of Yates and Comey. Some senators suggested it would be nearly impossible to prevent foreign tech vendors from offering encrypted communication products.
Senator Al Franken, a Minnesota Democrat, pressed Yates to provide statistics about the number of criminal cases affected by encrypted data.
Before creating new regulations, Congress needs to have a "clear understanding of the scope and the magnitude of law enforcement's security interests," Franken said.
Bottom of Form
Yates couldn't provide a number of cases affected, saying it was difficult because, in many cases, police don't seek a warrant when they know the information they want is encrypted. But Cyrus Vance Jr., district attorney in Manhattan, told senators his office has tried to pull data off 92 Apple phones running iOS 8 in the past six months, and on 74 of those devices, the data was encrypted.
Other senators were sympathetic to the encryption dilemma faced by law enforcement agencies. Senator John Cornyn, a Texas Republican, pressed Comey to tell lawmakers that U.S. residents will die if a solution wasn't found. Comey declined, saying he doesn't want to scare people. The FBI will do the best job it can with the crime-fighting tools it has, he said.
Still, Cornyn questioned companies that offer encryption without retaining some access to the data. "It strikes me as irresponsible, and perhaps worse, for a company to intentionally design a product in such a way that prevents them from complying with a lawful court order," he said.
==========================================================
**Important note** - contact our company for very powerful solutions for IP management (IPv4 and IPv6, security, firewall and APT solutions:

www.tabularosa.net

In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki

 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo.  I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications. 

Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.
==============================================

Netiquette IQ Security Bulletin 7/9/2015 - Adobe Releases Security Updates for Flash Player

National Cyber Awareness System:
07/08/2015 12:23 PM EDT

Original release date: July 08, 2015
Adobe has released security updates to address multiple vulnerabilities in Flash Player for Windows, Macintosh, and Linux. These include a critical vulnerability (CVE-2015-5119) in Adobe Flash Player 18.0.0.194 and earlier versions. Adobe is aware of a report that an exploit targeting CVE-2015-5119 has been made publicly available.
Users and administrators are encouraged to review Adobe Security Bulletin APSB15-16 and apply the necessary updates.
===============================================
For a great email parody, view the following link:

https://www.youtube.com/watch?v=HTgYHHKs0Zw&__scoop_post=bcaa0440-2548-11e5-c1bd-90b11c3d2b20&__scoop_topic=2455618
 --------------------------------------------------------------------------
**Important note** - contact our company for very powerful solutions for IP management (IPv4 and IPv6, security, firewall and APT solutions:

www.tabularosa.net

In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki

 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo.  I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications. 

Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.
==============================================

Wednesday, July 8, 2015

Tabula Rosa Systems Blog Of The Day - Millions Of Webcams Open To Prying Eyes On Internet

 

By Paul Van Osdol from wtae.com

Millions of webcams open to prying eyes on Internet
Experts say how you can protect your privacy
UPDATED 6:49 PM EDT Jul 06, 2015

PITTSBURGH —Action News Investigates has learned you may be letting the world into your living room without knowing it -- all because of webcams that are open to anyone on the Internet.

The Shodan website allows you to search the internet for webcams and other devices that have internet connections. Using Shodan, Action News Investigates found sites allowing remote access to places such as the East Allegheny and Mount Lebanon school districts.
There are an estimated 10 million web cameras and security cameras online, open to anyone who knows how to find them. Action News Investigates found dozens of them in the Pittsburgh area.
One woman probably had no idea images of her working in her kitchen were being broadcast live on the Internet. Nor did she realize her camera could be controlled by someone watching her.
There was also a webcam showing a Pittsburgh-area couple having dinner; a camera inside a Pittsburgh dog daycare; a security camera revealing people coming and going at the offices of a women's shelter; and a camera showing people at work inside a Pittsburgh-area business.
The people captured on those images were not identifiable. But others told Pittsburgh's Action News 4 investigative reporter Paul Van Osdol that they were disturbed to learn that their webcams might be open to anyone.
"That's kind of spooky -- real spooky," said Joe Riebling, of Bellevue.
“It's a big concern. I don't want people looking in on me,” said Lexi Rudolph, of Cranberry. "I think that should be fixed in some way."
Carnegie Mellon University computer scientist Lorrie Cranor said it has never been easier to find webcams on the Internet.
“People don't have to be sophisticated to figure out how to see your camera,” Cranor said. "You just go to one place. It’s one-stop shopping and you can go look at everybody's cameras."
One of those websites is Shodan, which calls itself the search engine for the Internet of things. It has also been called the scariest search engine on the Internet.
Shodan founder John Matherly said the site is not meant for snoops and trolls. Instead, he wants to highlight security shortcomings on the Internet to help make people more secure.
“Many cameras, even if they advertise security features, they have very poor security, a very, very poor security record,” Matherly said.
How can you protect yourself to make sure your webcam is not open to anyone? It’s as easy as creating a password.
But experts say many people never take that simple step, or they use the camera's default password -- the one supplied by the camera company -- which is almost as bad.
“Default passwords offer you almost no protection because once you figure out what brand of camera it is, you know what the default password is and you're in,” Cranor said.
“If you change the defaults, that's 90 percent of the battle right there,” Matherly said. "Very, very simple to do."
The Oakmont Yacht Club has security cameras set up for members to keep an eye on their boats. The club's website says only members with passwords can access the cameras, but Action News Investigates was able to view one of the cameras online.
A yacht club official said he had forgotten to create a password for the camera when it was installed. After he typed in a password, the webcam was not accessible.
When Homewood bar owner Denise Durrett set up security cameras, she made sure they were password protected.
“We wouldn't want anybody to just hack into our camera system because then they'd be able to see what's going on and maybe infiltrate getting into the bar,” Durrett said.
Pittsburgh's Action News 4 asked information technology consultant Raymond Delien to check his laptop webcam.
"Just entered my password, so that's giving me one level of protection, right?" Van Osdol asked.
"Correct," Delien said.
"So there's no chance that someone on the Internet is looking at this right now?" Van Osdol asked.
“No, no chance," Delien said.
It is also important to make sure your wireless network is secure with a password, Delien said.
==========================================================
For a great email parody, view the following link:

https://www.youtube.com/watch?v=HTgYHHKs0Zw&__scoop_post=bcaa0440-2548-11e5-c1bd-90b11c3d2b20&__scoop_topic=2455618
 
==========================================================
**Important note** - contact our company for very powerful solutions for IP management (IPv4 and IPv6, security, firewall and APT solutions:

www.tabularosa.net

In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki

 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo.  I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications. 

Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.
==============================================

Tabula Rosa Systems Blog of 7/7/2015 - How Can I Test My Internet Speed?

 


All  netizens want to have high Internet connectivity speed. Many would say, perhaps, that they are not satisfied with their speed and consistency.
The article below is a very nice one which helps you understand and measure your Internet speed.
 ==============================================================
How can I test my Internet speed?
Posted: Jul 06, 2015 7:57 PM EDTUpdated: Jul 06, 2015 7:57 PM EDT from www.kpho.com
By Ken Colburn, Data Doctors
Q: I’m paying for an internet service that’s supposed to give me higher than normal speeds, but it just doesn’t seem to be that fast. How do I know what I am getting?
A: The importance of a fast internet connectionhttp://images.intellitxt.com/ast/adTypes/icon1.png in today’s multimedia world goes without saying, but understanding all of the variables that can impact your actual user experience is vital.
The first thing you must understand is that consumer grade internet services are on ‘shared pipes’ meaning that others in your neighborhood or others on the same service can have an impact on your overall speeds (DSL and Cable share in different ways).
Think of it like you would water pressure; if everyone gets homehttp://images.intellitxt.com/ast/adTypes/icon1.png at 6pm and turns on the sprinklers at the same time, you will notice a difference in the water pressure.
Consumer grade internet speeds are generally sold as ‘UP TO’ speeds, which is a clever way of saying 'you aren’t likely to ever see those speeds."
Most internet providers tier their packages, so as long as your speed is within the rangehttp://images.intellitxt.com/ast/adTypes/icon1.png of the tiered package, they have provided the service that’s in their fine print.
Another very important factor for anyone that wants to upload pictures and video to YouTube or Facebook or for those that want to remotely access their computers is the ‘upload’ speed.
In our various tests, the upload speeds were generally the biggest problem with what was perceived as a slow connection (ex: it takes forever to upload a video to Youtube.)
There are a number of speed tests that you can run to check the average speed between your internet connection and a remote Internet server, however, understanding how to use these tools is essential.
Running a speed test on one site, one time is absolutely useless as it simply gives you the speed for that one moment.
Since we know speeds will vary throughout the day, you should use at least 3 different test sites (running each 3 times in a row) at 3 different times of the day.
Taking the average of all of those tests will determine what you can generally expect as your actual internet speeds.
Cnet.com offers a simple ‘bandwidth meter’ ( http://bit.ly/7t9WaS ) that will test the download speed only.
Speedtest.net offers both upload and download tests, but you must be careful not to be confused by all their advertisements (this link limits the ads displayed http://bit.ly/czdLsg ). Look for the aqua marine ‘Begin Test’ button just above the map graphic.
PCPitstop.com has a good bandwidth speed test (upload and download) buried within their ad laden website as well (the direct link is http://bit.ly/1nHmGj ) so be careful to avoid the ads that prompt you to download optimizers; they aren’t necessary.
The FCC has a speed test at Broadband.gov ( http://bit.ly/cuHpnF ) that’s a program designed to collect data for a mapping project, so you will be required to put your location information in before running all of their tests.
If it seems to take forever to get anything on the internet but your speed tests come up pretty decent, the problem could be one of the many malicious programs that can infect your browser.
Most of today’s malware is designed to work silently in the background of your computerhttp://images.intellitxt.com/ast/adTypes/icon1.png (as a process) and jump into action when you launch your internet browser.
The quickest way to see if you have excessive processes running in the background (a possible indicator of infection) is to launch the Windows Task Manager (Ctrl-Alt-Del) and look in the bottom left corner for ‘Processes’.
With nothing running, we like to see it in the high 30s for desktops and the low 40s for laptops. If you have 60+ processes running, you should consider having a qualified technical person take a deeper look at what the extra processes are to play it safe.
==========================================================
**Important note** - contact our company for very powerful solutions for IP management (IPv4 and IPv6, security, firewall and APT solutions:

www.tabularosa.net

In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki

 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo.  I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications. 

Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.
==============================================