Category Archives: Blog

eBay password alert

By | Blog | No Comments

eBay today announced to the stock market (still not on their shopping portal) that all their customers’ user name, password, email address, physical addresses, phone numbers and date of birth have been stolen in a cyber-attack. If you have an eBay account you should change your password immediately.

It is equally important to change login details at other accounts which use the same or a similar password. If you use the same email address and password combination at any other site the cyber-criminals will be able to login there and transact on your account.

There is a high degree of certainty that the stolen information has not been used on eBay yet. Such

activity would set off alarms which would inhibit the criminals’ ability to use information on other sites, so it is urgent that you change the same password across all sites assoon as possible. Now the leak has been detected, eBay itself is likely to be attacked. The stolen information is likely to be widely available eventually to a wide series of criminal gangs.

That one of the world’s biggest online businesses has been hacked should reiterate how important it is to remain vigilant with your personal and business IT security – both online and on the connected network in your office. Much of your personal information, such as your address, place of
birth and mother’s maiden name is either publicly available by statute or easily accessed, so NEVER use questions like this to confirm your identity.

Try to use long and complex passwords, i.e. combinations of alpha, numeric and special characters (£, !). Those with simple passwords, which eBay previously allowed, will be easily compromised, whereas those with long and complex passwords are likely to be safe. A good tip is to combine a couple of words and swap characters, for example, [email protected]£d1n8urgh22. You will soon know the complex password by heart and you can increment the number when asked to change your password.

Windows XP and Exchange 2003 sunset call draws near

By | Blog | No Comments

2014 sees some significant licensing and support changes from Microsoft. The software giant will issue their last security patch for Windows XP, MS Office 2003 and Exchange Server 2003 on 8 April, which will have enormous consequences for businesses which still have pockets of old software active.

The world was a different place when Windows XP shipped in August 2001. Prior to XP Microsoft split their desktop operating system offerings into enterprise facing products (Windows NT, Windows 2000) and home/small business products (Windows 95/98/ME). The vast majority of small businesses moved onto XP from Windows 98 before support for 98 was withdrawn, so few businesses faced the prospect of losing critical security support for a widely-deployed desktop operating system.

Windows XP was hugely successful operating system which, due to various circumstances, survived on the desktop longer than any previous O.S. The released of it’s intended replacement, Windows Vista, was delayed by years as Bill Gates personally took Microsoft engineers back to the drawing board to create a more secure computing environment.

When Vista finally shipped it was slow. All that extra security came at a performance cost, which users didn’t like. XP needed patching to keep the hackers at bay but it was quick and familiar. Uptake of Vista never met expectations.

Windows 7 eventually replaced Vista but by then the recession had hit, uptake was again disappointing, but this time for commercial reasons. If your PC is less than six years old it’s likely to be Windows 7 or Windows 8 but if it’s older than that, it’s more likely to be Windows XP than Vista.

New security holes will continue to be found after 8 April 2014 but from that date on they will not be plugged, meaning a disproportion of malware exploitations will be concentrated on known open doors.

Office 2003 also goes out of security support on the same date but if you have this version of Office it’s likely to be running on Windows XP; the same PC population will be affected. The withdrawal of support for Exchange Server 2003 will bring a different set of challenges for servers.

Exchange Server is the world’s most popular email, calendar and contact management system. It scales from enterprises down to small businesses and is part of the soon-to-be-discontinued Windows Small Business Server (SBS) group of products. Exchange 2003 is now four versions old and there will be few larger businesses still using the product but research shows there are still a large number of Windows Small Business Server 2003 in use.

If you are still using SBS 2003 it’s time to look urgently to replace your server. Email systems based on Exchange 2003 will be wide open to exploitation after April 2014.

Edinburgh solicitors held to ransom by cyber criminals

By | Blog | No Comments

Struan Douglas, senior partner at Edinburgh solicitors, Purdie & Co., sat down at his desk one morning in June to find his network unavailable and a message on his server from a criminal gang. His firm was being held to ransom.

The gang had compromised Purdie & Co.’s network, monitored backup activity then encrypted data on all backup tapes before encrypting the server. A demand was made for thousands of dollars to provide access to the data which was still on Purdie’s server but was no longer accessible.

The police were contacted immediately and Why Settle was called in to confirm if there was any way to unravel the encryption. Unfortunately the encryption was effective and the police offered little hope of apprehending the criminals.

In situations like this, paying the ransom is seldom a solution. The gang will have already made an assessment of the worth of the firm (and directors or partners). They most often return some data for the first payment but will continue to ask for more money for additional portions of data until they have as much as they believe the victim can afford to pay.

Struan said, “We never thought criminal gangs would be interested in a small firm of solicitors in Edinburgh but this experience was a real eye opener. They managed to find and exploit a vulnerability.

“The disruption this caused to our operations was enormous, the time-cost, incalculable. We recovered and Why Settle now look after our network security, which is now as robust as is practically possible, but we will remain ever-vigilant.”

Office 365 mailbox size doubles

By | Blog | No Comments

Microsoft have announced that Office 365 and Exchange Online users are to have their standard mailbox size doubled from 25GB to 50GB, just days after announcing SkyDrive Pro (which works with either SharePoint Online or SharePoint 2013) standard capacity to 25GB.

The moves sees the Microsoft bundle leap ahead of the (apparently) competitive Google Apps offering.

We don’t really see much of a competitive push from Google Apps for Office 365 (only a few clients use it, none overly impressed) but it’s clear that Microsoft are alert to the threat Google poses, which is a good thing. Office 365 ticks lots of boxes but there are still clear functional improvements to be made, in particular with SkyDrive Pro. Without Google lurking, the Office 365 roadmap would be less inspiring.

Malware and antivirus software

By | Blog | No Comments

We all understand the term ‘antivirus software’ but it no longer tells the whole story. Viruses are only one type of danger you need to protect your computers from and they are no longer even the most common threat. In the IT industry, we more commonly talk about ‘malware’, a generic term for viruses, trojans, spyware, worms and other threats, although the security products still refer to themselves as ‘antivirus software’.

Viruses are usually spread by email but the other threats are more commonly acquired by web browsing, and some get into systems on the back of freeware software, installed to help with a legitimate task. It’s a proverbial minefield for users who want software to do something outside their norm.

You can download free audio/graphic/video manipulation software, for example, from a plethora of sources, but most of this free software has a business model behind it. If it’s not obvious how they are making money out of you, there’s a chance there is more going on, on your PC, than you know about.

There are tell-tale signs. When we see a multitude of toolbars installed on a browser we know to look for spyware which can steal all types of information from your PC. If your browser search engine has changed without your knowledge, stop what you’re doing and raise the alarm.

Confirming what is and is not malware is not always straightforward. If you spend a few minutes searching for information on a product it’s likely that you’ll see it advertised on a legitimate website the next time you visit, as one MP recently discovered after complaining about an ‘inappropriate’ advert appearing on his screen. Determining if this is benign, or intrusive, is a matter of interpretation, but it is an indication of how easy your online activity can be monitored.

Like all software, anti-malware programs can fail to update, or even fail to operate. Having two layers of protection, one on the computer and one on the firewall, which sits at the perimeter of the network and can interrogate incoming traffic, is advisable, as are integrated management tools. Vipre, for example, alerts our Support Helpdesk if a PC has failed to adopt a recent signature update, allowing us to react and force the update. This feature alone has cut network infections by 50%.

Malware attacks are increasingly sophisticated, some don’t even use the internet, depending instead on propagation through memory sticks. Taking work off-network on a memory stick allows people to get things done out of hours, but if there is little PC security at home, where browsing habits can be more varied, the memory stick could return to your network with more than a few documents.

No matter what protection you have in place users need to remain vigilant. Alert them to the dangers and, if you don’t have one already, established an Acceptable Use of IT policy. Better still, impose controls on what staff can browse at the firewall.

Passwords are not enough, anymore

By | Blog | No Comments

If you have not heard about two factor authentication it’s probably time you did. Back in the pre-broadband 90s, when many small business networks were hidden from hackers by dial-up modem connections, which were inaccessible from the outside, password security was, at best, limited.

The word ‘password’, or a leaving a blank box, were used to access millions of PCs, but as soon as networks were made available to remote users more stringent password rules were required. There is always a cost to this greater security, most significantly in time and inconvenience. Users are now forced to select complex passwords and to change them regularly. The flood of calls to Why Settle support on a Monday morning during the summer, when people return from holiday having wiped their password from memory, is as predictable as the pollen.

Complex passwords are only able to secure your information to an extent, however. Networks can be (and are) hacked by what’s known as Brute Force attacks, when an automated attack tries user name and password combinations hundreds of times per minute.

The IT industry has also been slow to understand the patently obvious on many occasions. Your mother’s maiden name, first school or memorable date should be regarded as publicly available information, not used as security measures when a password reset is needed. For most of us, our mothers’ maiden names are a matter of public record and many record personal data on social networking sites.

Banks were first to waken up to the problem. Most consumer online banking still allows you to work with passwords and pin numbers but if you have an online business account you are already likely to be using two-factor authentication, obliging you to enter a unique code, generated by a separate device, as well as entering your user name and password.

This unique code requirement, as well as a password, is known two-factor authentication. It means that if a criminal gang attains your login and password details they would also need to have the unique code generator to access your data.

The sheer volume of our lives, and businesses, which exists somewhere on a server accessible from the internet opens up a vulnerability which has caught many unprepared. Just as the move away from ‘password’ became necessary, so too will two-factor authentication to protect your data.

Web-based browser threats now 70% of malware

By | Blog | No Comments

Microsoft’s most recent Security Intelligence Report, which discusses security risks the company identify from feedback from over 600 million PCs for the six months to end December 2012, highlighted the new No. 1 vulnerability on your network, internet browsers.

Most people intuitively think that email-borne viruses are the greatest threat to their data but the top position is now taken by web-based threats, which exploit internet browser vulnerabilities through malicious code. 70% of damage done to company networks came from this source.

In the long-term Microsoft intimate they will redesign how browsers interact with their Windows operating systems but in the here and now it remains critically important that network users keep their internet browsers up to date with security patches. Microsoft’s own browser, Internet Explorer, remains a dominant player in the browser market but the importance of security patches remains, whether you use Chrome, Firefox or another alternative. All should update automatically as soon as a patch becomes available.

As well as subscribing to malware protection software (often under-defined as antivirus software), you should, of course, also subscribe to signature updates for an appropriate firewall (such as the SonicWall range we are so fond of). You install a firewall to protect your network from malicious attack but by the time you have it out of the box it will already be out of date. SonicWalls, and their equivalents, automatically receive updates several times per week. They then analyse each web page before it gets to your browser.

Windows 8, quicker, more productive, enjoyable

By | Blog | One Comment

We have been using Windows 8 for several months now (since before the official launch), so have had time to form considered opinions on Microsoft’s new operating system……

It’s different.

Early user feedback is not as positive as feedback after a couple of weeks. Most people have been using the Start menu since the mid-90s (or all their computing lives), as a result, accessing programs and information has followed uniform steps now ingrained in their neural paths. We’re making what, for all intents and purposes, is a quantum leap with the move between Windows 7 (or earlier) and Windows 8.

Once you learn how to navigate your way around the new way of working the benefits become clear. Boot time, one of the perennial complaints about Windows, is quicker than ever. Back in the pre-Windows days Microsoft DOS computers would boot and be ready to work within seconds. With the adoption of Windows the software got a bit ahead of the hardware, seconds to boot became minutes. This user experience was embedded when Windows 95 came along and has been with us ever since.

More than anything Microsoft have done in the past, Windows 8 is a reaction to a competitive threat, specifically the new industry Apple created for tablet computing. The iPad allowed users a powerful experience, available within seconds of being switched on. Windows 8 is Microsoft’s first viable tablet operating system so it had to boot quickly.

Instead of the Start button and desktop icons you get tiles, which for some applications will look like large icons, although other tiles will present live information, anything from a weather report to a share price or, perhaps one day, the next job allocated to the user. You scroll or swipe through tiles to access the information or application you need.

We are also introduced to the Charm Bar, an area of the right of the screen where you can access a lot of resources, as well as search the web, files, applications or all three. Most users will initially deploy Windows 8 on a traditional desktop PC and screen or laptop but the operating system has been designed with touchscreen technology in mind, even if you don’t use a tablet.

Hovering over the top right of your screen will bring up a large menu displaying your open apps, which can be navigated to, closed or ‘snapped in’ to a resizable area of your monitor.

Smartphones and tablets have made touchscreen computing incredibly successful but the technology has often been viewed as a compensation for the lack of a keyboard and mouse. The keyboard and mouse is not about to go away in the short term, touchscreens are still not as precise as a mouse and may never be, while you cannot beat a keyboard for writing anything extensive, but the applications we currently use have been designed for the legacy tools at our disposal. There is already a trend underway for applications to work with touchscreen technology. The Windows 8 Charm Bar screams out to be swiped!

One of the main benefits of Windows 8 is its ability to synchronise your information (browser history, address book, Facebook and Twitter settings, email and apps) between devices. Change something on your work PC, then login from home and your settings change there too. This is a feature which is probably more useful than it sounds. You also get a Dropbox-style SkyDrive, which syncs your personal data between the cloud and your various devices.

After working with Windows 8 for a few weeks 7 (or earlier). They are getting through their work faster and enjoy the ease-of-use and control they have over not just the technology, but the information they work with. It’s also an extremely viable competitor to iPad and Android tablets, but that’s a story for another day.

End of security updates for Windows XP and Office 2003 announced

By | Blog | No Comments

Microsoft has announced that support for their once-heroic desktop operating system, Windows XP, and ubiquitous Office 2003, will end on 8 April 2014. After that day they will no longer issue security updates or hotfixes for either product. Windows XP was released in 2001 and remained by far the most commonly installed operating system during the entire shelf-life of its supposed successor, Windows Vista.

Compared to XP, Vista was slow and unpopular. Microsoft released Windows 7 in 2009 which eventually replaced XP as the most common operating system in use. Windows 8 is due for release in October, allowing legacy users on Windows XP to plan their move onto a newly release operating system.

Windows 8 gamble set for the market

By | Blog | No Comments

Microsoft will release the new version of its desktop operating system, Windows 8, in October this year, replacing Windows 7, which this summer is due to surpass worldwide sales of Windows XP and become the most popular operating system.

Windows XP was a solid, reliable and trusted operating system. It was a remarkable six years old before Windows Vista replaced it. Vista was years overdue and seemed to suffer perpetual delays as Microsoft undertook fundamental reengineering to its code in order to provide a more secure operating system.

The security improvement was achieved but Vista was unloved, most users, even in technical businesses like Why Settle, decided not to upgrade, sticking to the faster XP. By contrast, Windows 7 is loved by all.

Windows 8 is as big a departure from the norm as Microsoft have undertook since Windows 95 blew away the old file structure and interface, introducing the ubiquitous Start button. The new operating system is designed to work across desktop, tablet and phone. It borrows the Windows Phone 7 tiled look, which provides easy access to applications and can present live data even when the app has not been executed.

Windows Phone is a great operating system but it has struggled to gain traction among users and the less said about existing Windows-based tablets the better. Microsoft have watched Apple and Google carve out strategically important niches with tablets and phones, providing a base camp for them to potentially eat into Microsoft’s dominant position on the desktop.

The hope, for Windows Phone users (like me), is that Windows 8 provides the critical mass necessary for developers to write apps which will now work across phone, tablet and desktop. The hope for Microsoft is that Windows 8 will allow them to stop acting defensively and take a proper share of the tablet and phone markets.

It’s a risk. Right now, few desktop users see any need for a touch screen, the mouse and keyboard are their desktop tools of choice. They may be confused and irritated by Microsoft’s decision to try to make gains in mobile markets with their new desktop operating system. This release could determine who we buy our software from 10 years from now.