Back in September 2011 I wrote a blog article entitled "The Cyberweapon That Almost Succeeded in Blowing Up a Nuclear Power Plant" that told the story of the cyber attack on an Iranian nuclear power plant. Recently CBS 60 Minutes picked up on the Stuxnet story and created a 15 minute segment entitled "Stuxnet: Computer worm opens new era of warfare". Security professionals have been sounding the alarm for years that our power facilities, power grid, and manufacturing plants are vulnerable to sabotage by a cyber attack. I highly recommend you watch this video.
Tuesday, March 13, 2012
Friday, March 2, 2012
Windows XP Be Gone!
It is time to ditch Window XP! If your business hasn't moved to Windows 7, then the time is now...and here's why...
I'm not a Microsoft raving fan, nor am I an unofficial representative. Rather, I am just a computer consultant that has business clients and has to deal with the realities of the Microsoft dominance of the business computing market. When Microsoft came out with Vista and promoted its innovations, I took a pass and kept all my clients on Windows XP. Vista proved to be buggy, unstable and slow. Business needs systems that are reliable, stable and efficient. Waitng for Windows 7 proved to be the best idea. The improvements Microsoft made to Windows 7 over Vista were numerous and well worth the wait. It is fair to say that Windows 7 is my favorite of all the Microsoft operating systems.
Micosoft has annouced that it will stop supporting Windows XP in April of 2014. That may sound like along time away. But, let's get real! Lack of support means that there will be no security patches which will leave your computer vulnerable to the latest attacks. As a business you need to be in compliance with Federal and State data security laws and you can't be in compliance if you can't keep your systems secure. Also, lack of support means software vendors will stop making applications for Windows XP. So, increasingly your company will have fewer and fewer application options for new software or even updates to your current applications.
Your business needs to plan NOW for the transition.
Again, let's get real! You can't set up a new business computer and have all the functionality you have now with your old computer...in 5 minutes! Yeah, I know...you wish. It is going to take time and money. Plan your budget and plan for the time it is going to take to purchase, install, configure and train your staff.
And, if Microsoft stopping support on Windows XP is not enough, Microsoft is going to be coming out with Windows 8 by 2013 (And, maybe sooner if Microsoft can get is engineering act together!) Some of you may be thinking that it would be best to wait for Windows 8. You may be thinking choosing to transtion from Windows XP to Windows 8 would be fine. Think again. My recommendation is DON'T WAIT! Get Windows 7 while you can..here's why...
According, to Paul Thurrott who is a highly respected industry analyst for Window IT Pro magazine and SuperSite for Windows puts the reason into perspective, "Windows 7 was a minor update with extremely clear goals: Keep everything that was right about Windows Vista but make it faster, smaller, lighter, and more manageable. Windows 8, meanwhile, is a revolution. And these things take time." And, as a "revolution" as Paul Thurrott states, the operating system will most likely be like Vista was in that it will be buggy. Paul continues "...there's this measure of doubt that something has gone wrong....Some (developer) complaint posts are so long and so frequently commented on that they're actually locked because they've become too unmanageable. Finding a positive note here is next to impossible."
The wait for Windows 8 may take more time than you think, and there is a strong probabilty it won't be worth the wait for the intial release. But, regardless of what happens with Windows 8, Microsoft will continue with it's plan to phase out Windows XP. It is time to ditch Windows XP and move to Windows 7!
I'm not a Microsoft raving fan, nor am I an unofficial representative. Rather, I am just a computer consultant that has business clients and has to deal with the realities of the Microsoft dominance of the business computing market. When Microsoft came out with Vista and promoted its innovations, I took a pass and kept all my clients on Windows XP. Vista proved to be buggy, unstable and slow. Business needs systems that are reliable, stable and efficient. Waitng for Windows 7 proved to be the best idea. The improvements Microsoft made to Windows 7 over Vista were numerous and well worth the wait. It is fair to say that Windows 7 is my favorite of all the Microsoft operating systems.
Micosoft has annouced that it will stop supporting Windows XP in April of 2014. That may sound like along time away. But, let's get real! Lack of support means that there will be no security patches which will leave your computer vulnerable to the latest attacks. As a business you need to be in compliance with Federal and State data security laws and you can't be in compliance if you can't keep your systems secure. Also, lack of support means software vendors will stop making applications for Windows XP. So, increasingly your company will have fewer and fewer application options for new software or even updates to your current applications.
Your business needs to plan NOW for the transition.
Again, let's get real! You can't set up a new business computer and have all the functionality you have now with your old computer...in 5 minutes! Yeah, I know...you wish. It is going to take time and money. Plan your budget and plan for the time it is going to take to purchase, install, configure and train your staff.
And, if Microsoft stopping support on Windows XP is not enough, Microsoft is going to be coming out with Windows 8 by 2013 (And, maybe sooner if Microsoft can get is engineering act together!) Some of you may be thinking that it would be best to wait for Windows 8. You may be thinking choosing to transtion from Windows XP to Windows 8 would be fine. Think again. My recommendation is DON'T WAIT! Get Windows 7 while you can..here's why...
According, to Paul Thurrott who is a highly respected industry analyst for Window IT Pro magazine and SuperSite for Windows puts the reason into perspective, "Windows 7 was a minor update with extremely clear goals: Keep everything that was right about Windows Vista but make it faster, smaller, lighter, and more manageable. Windows 8, meanwhile, is a revolution. And these things take time." And, as a "revolution" as Paul Thurrott states, the operating system will most likely be like Vista was in that it will be buggy. Paul continues "...there's this measure of doubt that something has gone wrong....Some (developer) complaint posts are so long and so frequently commented on that they're actually locked because they've become too unmanageable. Finding a positive note here is next to impossible."
The wait for Windows 8 may take more time than you think, and there is a strong probabilty it won't be worth the wait for the intial release. But, regardless of what happens with Windows 8, Microsoft will continue with it's plan to phase out Windows XP. It is time to ditch Windows XP and move to Windows 7!
Saturday, December 3, 2011
A Computer Disaster Can Put Your Company Out of Business
"93% of companies that lost access to their data for 10 days or
more due to a disaster filed for bankruptcy within one year of the
disaster, and 50% filed for bankruptcy immediately." (Source: National Archives & Records Administration in Washington.)
Yes, disasters do happen, but we don't need to be helpless victims in the face of every disaster.
To prepare for various causes of computer system disasters there are two important approaches: prevent the disasters you can, and develop a recovery plan for those disasters caused by forces outside your control. There are many computer system disasters that are 100% preventable. Then there are circumstances that are out of your control like "acts of God" such as fire, flood, and earthquakes. Under those situations the best you can do is mitigate the consequences as much as possible. Whether you want to prevent disasters or mitigate the consequences of one you need a plan of action.
Why are so many small businesses ill prepared for a computer disaster?
This illustration provides an explanation: 3% of all hard drives fail on an annual basis. That statistic is constant whether you have one computer or 1000. However, there is a difference in perception between the company that has one computer versus a company that has 1000 computers. The company with 1000 computers experiences 30 computer hard drive failures each year. As result that company will have a process in place to replace those hard drives quickly and with as little disruption as possible. Contrast that with the company that has one computer. It may have yet to experience a hard drive failure. Therefore, there is a perception hard drive failures don't happen and are ill prepared and caught of guard when it does happen. I'm certain that the functioning of the computer system is just as important to the company with one computer as the one with 1000 computers. The difference is the company with 1000 computers has been taught through experience and developed disaster recovery process whereas the company with one computer has no experience with such a disaster and therefore is lacking the appropriate level of emergency recovery preparedness.
But, do you have to wait for a disaster to occur in order to learn what can happen and what you need to do to prevent that kind of disaster or be properly prepared with an emergency recovery process? Obviously, the answer is no. You can learn from your peers. What about that 1000 computer company? Don't you think that company may have some insight you would find useful? It is definitely very important for you to find an expert in this area. Lack of experience or knowledge can be extremely costly if that lack of preparedness results in the loss of your business.
Next: What Computer "Disasters" Can Be Avoided or Prevented
Yes, disasters do happen, but we don't need to be helpless victims in the face of every disaster.
To prepare for various causes of computer system disasters there are two important approaches: prevent the disasters you can, and develop a recovery plan for those disasters caused by forces outside your control. There are many computer system disasters that are 100% preventable. Then there are circumstances that are out of your control like "acts of God" such as fire, flood, and earthquakes. Under those situations the best you can do is mitigate the consequences as much as possible. Whether you want to prevent disasters or mitigate the consequences of one you need a plan of action.
Why are so many small businesses ill prepared for a computer disaster?
This illustration provides an explanation: 3% of all hard drives fail on an annual basis. That statistic is constant whether you have one computer or 1000. However, there is a difference in perception between the company that has one computer versus a company that has 1000 computers. The company with 1000 computers experiences 30 computer hard drive failures each year. As result that company will have a process in place to replace those hard drives quickly and with as little disruption as possible. Contrast that with the company that has one computer. It may have yet to experience a hard drive failure. Therefore, there is a perception hard drive failures don't happen and are ill prepared and caught of guard when it does happen. I'm certain that the functioning of the computer system is just as important to the company with one computer as the one with 1000 computers. The difference is the company with 1000 computers has been taught through experience and developed disaster recovery process whereas the company with one computer has no experience with such a disaster and therefore is lacking the appropriate level of emergency recovery preparedness.
But, do you have to wait for a disaster to occur in order to learn what can happen and what you need to do to prevent that kind of disaster or be properly prepared with an emergency recovery process? Obviously, the answer is no. You can learn from your peers. What about that 1000 computer company? Don't you think that company may have some insight you would find useful? It is definitely very important for you to find an expert in this area. Lack of experience or knowledge can be extremely costly if that lack of preparedness results in the loss of your business.
Next: What Computer "Disasters" Can Be Avoided or Prevented
Have you ever lost an hour of work on your computer?
Now imagine if you lost days or weeks of work – or imagine losing your client database, financial records, and all of the work files your company has ever produced or compiled. Imagine what would happen if your network went down for days, where you couldn’t access e-mail or the information on your PC. How frustrating would that be?
Or, what if a major storm, flood, or fire destroyed your office and all of your files? Or if a virus wiped out your server…do you have an emergency recovery plan in place that you feel confident in? How quickly do you think you could recover, if at all?
Many small business owners tend to ignore or forget about taking steps to secure their company’s network from these types of catastrophes until disaster strikes. By then it’s too late and the damage is done.
"93% of companies that lost access to their data for 10 days or more due to a disaster filed for bankruptcy within one year of the disaster, and 50% filed for bankruptcy immediately." (Source: National Archives & Records Administration in Washington.)
Your first response may be this is an astonishing statistic. But, is it all that surprising?
Obviously, this statistic would not even exist if all business owners had effective disaster recovery plans in place. I'm sure that these companies that declared bankruptcy after disaster thought their businesses were secure from the consequences the very disaster that put their company out of business. Unfortunately, there is a huge gap in the knowledge small business owner need to have in order to develop an effective disater recovery plan.
In the next series of blogs I will go over developing an emergency recovery plan for your business that will keep your business functioning through the loss of your computer systems or communication systems as well as loss of access to your company data and customer databases.
Having a disaster recovery plan is critical to not only your company continuing to conduct business but also staying in business.
Or, what if a major storm, flood, or fire destroyed your office and all of your files? Or if a virus wiped out your server…do you have an emergency recovery plan in place that you feel confident in? How quickly do you think you could recover, if at all?
Many small business owners tend to ignore or forget about taking steps to secure their company’s network from these types of catastrophes until disaster strikes. By then it’s too late and the damage is done.
"93% of companies that lost access to their data for 10 days or more due to a disaster filed for bankruptcy within one year of the disaster, and 50% filed for bankruptcy immediately." (Source: National Archives & Records Administration in Washington.)
Your first response may be this is an astonishing statistic. But, is it all that surprising?
Obviously, this statistic would not even exist if all business owners had effective disaster recovery plans in place. I'm sure that these companies that declared bankruptcy after disaster thought their businesses were secure from the consequences the very disaster that put their company out of business. Unfortunately, there is a huge gap in the knowledge small business owner need to have in order to develop an effective disater recovery plan.
In the next series of blogs I will go over developing an emergency recovery plan for your business that will keep your business functioning through the loss of your computer systems or communication systems as well as loss of access to your company data and customer databases.
Having a disaster recovery plan is critical to not only your company continuing to conduct business but also staying in business.
Friday, October 28, 2011
Are We Too Dependent on the Internet? Can the Internet Be Brought Down By a Few Select People?
Author Mark Bowden (famous for his book "Black Hawk Down: A Story of Modern War which later was made into a movie of the same name) explains how the fragility of the Internet
coupled with our dependence on use of the Internet is starting to become a
threat to our country's national security.
He explains in plain English how a few software engineers can create a
computer infection that would have the power to completely disrupt the
Internet. Below is a video interview of
the Mark Bowden discussing this very credible threat.
Saturday, September 17, 2011
The Cyberweapon That Almost Succeeded in Blowing Up a Nuclear Power Plant
This is a story of a "bomb" that almost succeeded in blowing up a nuclear power plant. It is NOT a story of terrorist bombs being dropped from the sky, airplanes flying into skyscrapers, exploding trucks parked outside of buildings, or suicide bombers. Not those bombs; I talking about a new kind of bomb. One that takes advantage of a hidden vulnerability of the world’s interconnected network of computers. This is the true story of the world’s first cyberweapon – known as Stuxnet. It is a story right out of a spy novel with all the intrigue, espionage, and suspense of stopping the bomb from inflicting it's damage.
The story begins in January 2010 when investigators with the International Atomic Energy Agency had just completed an inspection at the uranium enrichment plant outside Natanz in central Iran. They noticed increased activity of Natanz technicians in their white lab coats, gloves, and blue booties scurrying in and out of the “clean” cascade rooms, hauling out spent centrifuges. Any time the plant decommissioned damaged or otherwise unusable centrifuges, they were required to line them up for IAEA inspection to verify that no radioactive material was being smuggled out in the devices before they were removed. Normally Iran replaced up to 10 percent of its centrifuges a year, due to material defects and other issues. With about 8,700 centrifuges installed at Natanz at the time, it would have been normal to decommission about 800 over the course of the year.
But, when the IAEA later reviewed footage from the surveillance cameras they were stunned as they counted the numbers. The technicians had been replacing the units at an unbelievable rate. Estimates were between 1,000 to 2,000 centrifuges were swapped out over the course of a few months. Iran was not required to disclose the reason for replacing so many centrifuges. Officially, the inspectors had no right to ask. But, it was clear to the inspectors that something had damaged the centrifuges.
What the Natanz technicians and IAEA inspectors didn’t know at the time was that the answer they were seeking was hidden all around them, buried in the hard drives and memory modules of the computers in the Natanz plant. A highly destructive digital worm had been unleashed in Iran with one aim – to stop Iran’s nuclear enrichment program and prevent President Ahmadinejad from building a nuclear weapon.
How was this cyberweapon discovered and how it was stopped? Watch the video for the rest of the story…
http://youtube/stuxnet
The story begins in January 2010 when investigators with the International Atomic Energy Agency had just completed an inspection at the uranium enrichment plant outside Natanz in central Iran. They noticed increased activity of Natanz technicians in their white lab coats, gloves, and blue booties scurrying in and out of the “clean” cascade rooms, hauling out spent centrifuges. Any time the plant decommissioned damaged or otherwise unusable centrifuges, they were required to line them up for IAEA inspection to verify that no radioactive material was being smuggled out in the devices before they were removed. Normally Iran replaced up to 10 percent of its centrifuges a year, due to material defects and other issues. With about 8,700 centrifuges installed at Natanz at the time, it would have been normal to decommission about 800 over the course of the year.
But, when the IAEA later reviewed footage from the surveillance cameras they were stunned as they counted the numbers. The technicians had been replacing the units at an unbelievable rate. Estimates were between 1,000 to 2,000 centrifuges were swapped out over the course of a few months. Iran was not required to disclose the reason for replacing so many centrifuges. Officially, the inspectors had no right to ask. But, it was clear to the inspectors that something had damaged the centrifuges.
What the Natanz technicians and IAEA inspectors didn’t know at the time was that the answer they were seeking was hidden all around them, buried in the hard drives and memory modules of the computers in the Natanz plant. A highly destructive digital worm had been unleashed in Iran with one aim – to stop Iran’s nuclear enrichment program and prevent President Ahmadinejad from building a nuclear weapon.
How was this cyberweapon discovered and how it was stopped? Watch the video for the rest of the story…
http://youtube/stuxnet
Friday, August 26, 2011
Trick and No Treat with Scareware - Part 4
Visiting a Web Site Can Be Dangerous to Your Computer's Health!
If you didn't fall for the fancy websites and advertisements promoting scareware as a legitimate virus protection program, how else can you get scareware installed on your computer? Unfortunately, you can get scareware installed on your computer with out you being aware of it. The same methods used to get different kinds of malware on your computer are used to infect your computer with scareware.
These methods have changed recently in response to better security protections being used by businesses and home users. What cybercrimals have discovered is that is more difficult to spread malware through the network with increasing adoption of firewalls. Email filtering has made an it more difficult to distribute scareware through email spam. As a result malware and scareware are increasingly distributed through web browsers. Simply by visiting a website your computer can be infected with scareware. What's more, virus protection applications rarely detect this kind of attack.
To infect a computer through a web browser, an attacker must accomplish one of two tasks. Either, they must find a way to get a victim to visit an infected website, or get the victim to click a link on a compromised advertisement. The website may be a site the cybercriminal has created. The website can also be a legitimate website that has been attacked then HTML code has been inserted by the cybercrimal and this compromise has not been detected by the website owner. Usually, large organizations have the IT staff and resources to detect when their organization website has been attacked and compromised. But, smaller businesses do not have these resources. As a result there are a lot of small businesses whose websites are being used to distribute malware and are not aware of it.
To combat this latest method of distribution, search engine companies such as Google and Yahoo have developed "blacklist" of websites that contain malicious code. This protection method is not full proof, and there are still many websites that come up on search results that are compromised. It is a cat and mouse game. Protections are put in place to thwart cybercriminal attacks, so the cybercriminals change their methods to get around the protections.
How do you protect yourself? Continue to use firewalls, virus protection, and the major search engines. You can add to the protections your are currently using by obtaining a website monitor software such as McAfee SiteAdvisor. A power user suggestion: If you using Windows XP, logon to a user account that does not have Administrator privileges, and if you use Windows 7 keep UAC (User Account Control) turned on. Perhaps, the best protection is to stay informed.
If you didn't fall for the fancy websites and advertisements promoting scareware as a legitimate virus protection program, how else can you get scareware installed on your computer? Unfortunately, you can get scareware installed on your computer with out you being aware of it. The same methods used to get different kinds of malware on your computer are used to infect your computer with scareware.
These methods have changed recently in response to better security protections being used by businesses and home users. What cybercrimals have discovered is that is more difficult to spread malware through the network with increasing adoption of firewalls. Email filtering has made an it more difficult to distribute scareware through email spam. As a result malware and scareware are increasingly distributed through web browsers. Simply by visiting a website your computer can be infected with scareware. What's more, virus protection applications rarely detect this kind of attack.
To infect a computer through a web browser, an attacker must accomplish one of two tasks. Either, they must find a way to get a victim to visit an infected website, or get the victim to click a link on a compromised advertisement. The website may be a site the cybercriminal has created. The website can also be a legitimate website that has been attacked then HTML code has been inserted by the cybercrimal and this compromise has not been detected by the website owner. Usually, large organizations have the IT staff and resources to detect when their organization website has been attacked and compromised. But, smaller businesses do not have these resources. As a result there are a lot of small businesses whose websites are being used to distribute malware and are not aware of it.
To combat this latest method of distribution, search engine companies such as Google and Yahoo have developed "blacklist" of websites that contain malicious code. This protection method is not full proof, and there are still many websites that come up on search results that are compromised. It is a cat and mouse game. Protections are put in place to thwart cybercriminal attacks, so the cybercriminals change their methods to get around the protections.
How do you protect yourself? Continue to use firewalls, virus protection, and the major search engines. You can add to the protections your are currently using by obtaining a website monitor software such as McAfee SiteAdvisor. A power user suggestion: If you using Windows XP, logon to a user account that does not have Administrator privileges, and if you use Windows 7 keep UAC (User Account Control) turned on. Perhaps, the best protection is to stay informed.
Subscribe to:
Posts (Atom)
