iOS 5 iCloud Review and Considerations

October 27th, 2011

 by Christopher Tippins for the Software Synergy Group

In other articles (“iOS 5 Features Review” and “iOS 5 Upgrade Process” I’ve discussed new features of iOS 5 as well as the upgrade process.

In this article I’m going to focus on iCloud and important considerations before you make the leap into the cloud.

iCloud, as you may or may not know, is Apples answer (in some respects) to Google Docs as well as the many cloud services being offered by many vendors.  I’ve written an article previously that talks about some of these services and you can read it by clicking here.

You can read more about iCloud on Apple’s site by clicking here, but I want to focus here about some of the ramifications of using it that aren’t readily apparent on Apple’s site.

For starters we have to talk about the cloud in general.  Cloud computing is all the rage of late and everyone from Microsoft to Google are offering these services.

Why?

Storing data in the cloud allows users and businesses to store data on servers available on the Internet instead of storing this data on their local personal computers or servers.

This is a big plus as many people don’t back up their data and for business, the costs of running and upgrading servers can get very expensive over time.

There are pluses and minuses to both scenarios.

Read the rest of this entry »

The Duqu Virus – A New Stuxnet Variant

October 21st, 2011

by Christopher Tippins of the Software Synergy Group

Over the past year I’ve written several articles about a new type of computer virus – Stuxnet – one designed to infiltrate and destroy the control systems of Iran’s centrifuge systems that manufacture enriched uranium.

What has made Stuxnet (and now Duqu) so completely different than any other type of computer virus or malware is that it seems to have been state sponsored.  It is widely believed that it was either developed by Israel or the United States or perhaps by teams working for both countries.  Additionally, it was targeted to infect Siemens control systems and those specifically in Iran.

It’s unknown at this point where Duqu came from, but the first evidence of its existence seems to have occurred in Hungary sometime over the past four to six weeks.  Stuxnet wreaked havoc in Iran by targeting the systems that controlled the speed of the motors running the centrifuges and causing them to run wildly out of control and burning them out, all the while sending data indicating that the motors were operating within normal limits.  It is estimated that it set Iran’s nuclear program back a year or more.

The Duqu virus, which is believed to be based on code that came directly from Stuxnet, seems to have a completely different purpose.  First accounts indicate it is designed to do two things:

  • Gain remote access to systems for its designers and
  • Act as a keylogger to record keystrokes and other data and send that data package back to developers

Infection so far has been rare and this new virus may be nothing more than a test deployment to see how well it functions in the field as well as how easily it can be distributed without detection.  Interestingly, the payload or “dropper” program – the delivery application – has not been found, only the remnants of the infection and the resulting payload.

Aside from the amazing complexities of this malware and its design goal, these viruses represent a new era in warfare.  Ponder for a minute what the ramifications of these types of threats represent if code like this is developed to bring down portions of the power grid or the control systems of online nuclear reactors or communications systems.  In theory at least, these threats could do more damage to an infrastructure then an out and out barrage by conventional weapons.

Here are some links if you’d like to read more about this fascinating story:

http://www.forbes.com/sites/kenrapoza/2011/10/21/duqu-virus-likely-handiwork-of-sophisticated-government-kasperky-lab-says/

http://www.ynetnews.com/articles/0,7340,L-4137286,00.html

https://www.securelist.com/en/blog/208193178/Duqu_FAQ

http://www.zdnet.com/blog/security/hungarian-lab-found-stuxnet-like-duqu-malware/9683

http://www.nytimes.com/2011/10/19/technology/stuxnet-computer-worms-creators-may-be-active-again.html

10/23/2011:  Update:  The Boston Globe published an interesting article (click here) about a researcher who was able to duplicate at least some of the capabilities (remote access and control) of Stuxnet type applications – and do it with less then 20,000 dollars and in less then 2 months.

Tracking Web Traffic

September 19th, 2011

by Christopher Tippins of The Software Synergy Group

If you own or manage a web site one of the most important things you can do is track the visits to your site.  After all, if you don’t know what’s drawing people (or not drawing them) you will not be able to optimize your site to promote your business or products.

Google offers a couple of tools that will help with this and they can be setup fairly easily.  They also cost nothing.  One is Google Analytics and the other is Google Web Master Tools.  These are both good tools and you’d be wise to use them if you have a site, but lately I’ve been on a search for something a little better, a little easier to use and also that costs nothing – or – costs relatively little if your site isn’t drawing hundreds of thousands of page views per month.

The tool I’ve found is called Statcounter.

Statcounter is relatively easy to setup and costs nothing if your site draws a relatively small amount of traffic.  If your site draws less than 250,000 page views a month it’s free.  Over and above this, they have very reasonably priced plans that start at 5 dollars a month.  It’s tough to beat that (unless your web hosting provider can provide you with the same type of tools for free – some of them do, but they may not be as robust as Statcounter).

What’s also nice about Statcounter is that multiple accounts can be setup for administrative as well as simple statistical and summary viewing , meaning management may not wish to see the depth or intricacies of what is happening behind the scenes  but may only wish to see, for example, what are the most popular landing pages.  Managers may not be interested in what screen size people use or what browsers people are using to come to your site – but your web developer might.

Let’s take a look at some of what you can do with Statcounter.  I’ve posted this disclaimer before but it’s worth saying again that I’m not affiliated with nor do I derive any type of benefit or gain from Statcounter – it’s simply a tool I’ve found that I like and hope you will, too.

After creating an account an adding some simple code to your web site, you’re basically up and running.  Note that you’ll only be tracking data from the point of setting up your account and adding the code to your site.  From that point on, your data is logged.  It’s also worth nothing that Statcounter is invisible – meaning no one who visits your site will even know it’s running.  That’s a nice feature if you don’t want to have to “brand” your site with other company’s logos, links, etc.

Read the rest of this entry »

Office 365 Reviews

September 12th, 2011

by Christopher Tippins for the Software Synergy Group

Office 365 is one of the newest product (and service) offerings by Microsoft (actually a transition/upgrade from OLSB – Office Live Small Business).  It is a set of collaboration tools, software products and data storage solutions that live in the cloud as well as on a user’s computer – depending on which plan you sign up for.

While some might conclude that it’s Microsoft’s answer to Google Apps for Business, this is only partly true.  In addition to Microsoft’s Office line of products and data storage solutions, it also encompasses software, server and web applications designed to allow business to share data and administer these solutions on the ‘net.

The product, or products, come in a variety of “flavors” – they range from “basic e-mail for $2 per user per month to a complete solution for $27 per user per month that includes full Office Professional Plus desktop software, along with Office Web Apps; the most advanced versions of Exchange Online, SharePoint Online, and Lync Online; phone support 24 hours a day, seven days a week; advanced IT controls; and full enterprise voice capabilities with Lync Server on premises (Plan E4 only)” (click here for the FAQ or click here for pricing plans).

It’s important to keep in mind that this product was made public in June of 2011.  If you’ve been around the IT industry for any length of time at all you know that new products are fraught with problems, bugs and issues that take time to work out.  In other words, those who jump on any new IT bandwagon are usually the ones who wind up doing final beta testing or research and development for the vendor.

In my initial review of customer’s thoughts on this product as well as articles written from other IT professionals there are lots of kinks left to be worked out with this product and service suite.  I’m adding links to many of the articles I’ve read below if you care to delve into them, but here is a synopsis of what I’ve found so far:

Read the rest of this entry »

25 Years of Computer Hacking

August 31st, 2011

by Christopher Tippins of the Software Synergy Group

Over the past several weeks I read two very interesting articles about computer hacking and watched the equally fascinating videos that went along with them.

One was an article about the programmers who wrote the “Brain” virus some 25 years ago.  You can read that article by clicking here and watch the video interview with the programmers here.

The other was an article about the alleged threat by the group “Anonymous” to “kill” Facebook on November 5th of this year.  Read that article here and see the video here.  (Note:  Over the past week or two there has been much speculation as to how much involvement the group “Anonymous” has in this video and the threat itself, but since Anonymous has no central core or controlling body, it’s difficult to say.  Best evidence indicates that it’s a small splinter group of perhaps a few or more individuals who may be involved in Anonymous.  Also note that the original video account was closed on youtube and the link here is a copy of the original video posted a couple of weeks ago.)

These articles describe events that are separated by 25 years, give or take.

I remember the “Brain” virus and of course, many of its successors and variants.

I had just begun my career in network systems integration back then and this was a watershed moment.  The computer world was astonished that someone could actually write code that could attach itself to other programs and spread, well, just like an organism.

If you didn’t watch the video I reference above about the Brain virus, it’s a fascinating interview with the two men responsible for creating it:  Amjad Farooq Alvi and Basit Farooq Alvi, both of Lahore, Pakistan.

In the interview, they talk about how their goal was to simply see if something like this could work (other articles suggest they were trying to stop the proliferation of medical software – the truth may lie somewhere in between).

Of particular importance was their inclusion into the code their names, address and phone number along with a warning message that stated:

“Beware of this VIRUS.... Contact us for vaccination...”

Read the rest of this entry »

Google Apps and Outlook Calendaring

July 22nd, 2011

Google Apps for Business (also referred to as “Google Apps” in this article) represents a suite of products from Google that are designed to allow businesses to have their email, calendar and other data live in the cloud.

What is “the cloud” exactly?

It’s a server or group of servers that are managed by third party companies that take care of the nuts and bolts operation of same – businesses simply point their applications (or web browser) to a web site and their data resides on those servers as opposed to a conventional server that a business actually owns, operates and maintains in house.  A more detailed and thorough explanation and understanding of this concept can be found by clicking here.

In the case of Google Apps, these servers are owned, maintained and operated by Google, the search engine people we are all familiar with.

Specifically in the case of Google Apps / Gmail, it allows businesses to eliminate the need for an Exchange server and the associated costs of buying and maintaining the hardware, software and the typical maintenance that goes along with running it.  This can amount to a substantial savings for an SMB (small, medium business) as well as reduce downtown (as Google has the resources to build in a substantial amount of redundancy that most small business cannot).

In this article, I’m going to focus specifically on how the Outlook calendar works with Google Apps and Google Apps Sync.

Read the rest of this entry »

Web Conferencing

June 28th, 2011

by Christopher Tippins of the Software Synergy Group

One of the more interesting and useful services that businesses may want to consider using is web conferencing.

What exactly is web conferencing?

Simply put, web conferencing refers to a service that allows conferencing events (usually hosted by a presenter on a computer) to be shared with remote locations (attendees) (from this Wikipedia article).

How can businesses use this technology?

For a variety of purposes:

1.  It’s great collaboration tool to use with fellow employees and colleagues to work on joint projects.

2.  It can help sales by demonstrating product or services.

3.  It can be used to do remote training that would require an onsite visit, thus reducing costs – sometimes drastically.

4.  It can also be used as a security tool (via encrypted tunnels provided by the service) to present confidential information so that it doesn’t have to traverse the ‘net via email, file sharing services, etc.

5.  Use it to join with others across town or across the country for business meetings to review forecasts, compare actual to budgets, etc.  It can also be used to select new product designs, building plans, etc.

When one takes into account the rising costs of fuel and travel expenses, this is fast becoming an indispensable tool for business to help cut costs and increase productivity.

Read the rest of this entry »

Gmail Hacking Attacks

June 3rd, 2011

In the past few days reports are coming in indicating that specific high profile Gmail accounts were targeted for attack.  These attacks seemed to focus on top officials in US government.

How were these attacks carried out?

According to reports they were “phishing” attacks.  A phishing attack is perpetrated by someone who sets up a phony web site (in this case Gmail’s) that looks very much like the official site.  The attack victims are sent emails directing them to this site in hopes that they will enter their user ID and associated passwords.

What makes these attacks unique is that they weren’t random attacks designed to compromise the accounts of every day users of Gmail, but specifically targeted government officials in the US (and South Korea).   This is called “spear phishing”.

Who is behind these attacks?

Preliminary reports seem to indicate China.

What also makes these attacks unique is that they appear to be originating from nation states instead of lone individuals or groups.

I’ve written several articles about the Stuxnet virus and how it may have been the first cyber weapon designed by a nation(s) state to actually destroy machinery (the Iranian nuclear centrifuge program).

While these types of attacks above constitute very specific threats to governments and targeted individuals, phishing has been around for quite a while and is, in fact, a common means used to compromise accounts for identity theft and / or credit card fraud, etc.

How can you protect yourself against this type of threat?

Many types of anti-virus programs have anti-phishing features built into them.  It would behoove you, however, to be cognizant of what sites you are actually going to before you click on a link.

How do you do that?

Hover over the link and (depending on your browser) the URL  of the site should appear in an address bar.  Then it’s up to you use your head and a little common sense.  If you’re being directed to go a site like Google and yet the link reads as something different don’t click on it.

Also be aware that bona fide web sites rarely if ever request you to go to a site to confirm your account info.  That’s a sure sign that something is amiss.

Relying on technology and anti-virus programs to catch every one of these threats is probably not something that is going to work all the time.

Be smart and use your head.  Get in the habit of looking at the link you are about to go to before clicking on it.   It only takes a second.  While there are ways for hackers and bad guys to get around this and present what looks like a valid URL, this will go a long way towards helping prevent these types of attacks and getting you in what should be a good habit regardless.

Christopher Tippins for the Software Synergy Group

IT Systems Failures Cost Businesses 127 Million Lost Person-Hours: Survey

May 23rd, 2011

A rather astounding survey (see these articles here and here) released by CA Technologies (but conducted by Coleman Parkes Research Ltd.) found that businesses lose 127 million person hours per year because IT systems failures.  That works out to about 425 hours per year per average sized company.  About 200 organizations across a variety of company sizes and segments were surveyed.

Additional figures from this survey reveal this:

The 200 companies interviewed include representation from small (50-499 employees), medium (500-999 employees), and large (1000+ employees) sized organizations.

Per year, on average:

• Small sized companies lose $55,000+ in revenue
• Medium sized companies lose $91,000+ in revenue

These numbers are quite frankly, amazing and beg the questions:

What would a major IT systems failure do to your company and business?

Could your company even survive a catastrophic failure like this?

Perhaps most importantly, what can you do about it before it happens?

Disaster recovery and business continuity are key areas that management and business owners need to think about.

Here at the Software Synergy Group we can help you plan and map out a strategy to minimize the impact of system downtime.

As we move into hurricane season we are often reminded to hope for the best, but plan for the worst.  While many people take these types of steps for themselves and their families, it’s equally as important to think about this type of planning for your business.

Systems can and do fail.  Preparing for these types of scenarios are both prudent and wise.

We can help.  Contact us and talk to one of our partners to learn about what options might be best for you and how we can help you mitigate these risks.

Christopher Tippins for the Software Synergy Group

99% of Android Phones Leak Secret Account Credentials

May 20th, 2011

A few articles (here and here) have appeared in recent days about a possible security breach that allows users running Google’s Android operating system to have passwords and other data compromised.

Basically, the problem stems from “ClientLogin“, an authentication protocol for exchanging what should be secure data with Google’s servers.

This operating system has become prolific over the past couple of years as it runs on many different types of cell phones.  In the past 6 months it has surpassed Apple’s iOS (the operating system for the iPhone) as the deployed operating system of choice for smart phones (with RIM’s Blackberry a close third, but losing market share as the days and months go by).

One of the primary reasons for this is Android’s open development platform which allows anyone to create applications (or “apps” as they are frequently called) without going through an approval process (which Apple requires).

While an open platform might lead one to believe that it would present more opportunities for security problems, this may not be the case and the iOS versus Android operating system security issue is an often hotly debated topic on the ‘net.

The bottom line is that there is no operating system that is 100 percent secure.  If you’re using a smart phone to connect to the ‘net, there is always a chance that an unknown bug will surface leaving your data vulnerable.

Regardless of which device you choose, you can best protect yourself from these types of problems by making sure you run your respective gadgets update procedures to make sure you have latest revision of the operating system.  And if you’re running Android be wary of the applications you install.  If you’re using an iPhone, jailbreaking your phone opens you up to yet more vulnerabilities.

Google released a patch to fix this problem in version 2.3.4 but users don’t have to worry about a patch if they don’t have that version of the OS – it will be deployed as a server side fix (meaning Google will fix it on their servers).

Christopher Tippins for the Software Synergy Group.