SIDEBAR
»
S
I
D
E
B
A
R
«
The Problem With Password
Apr 8th, 2016 by aperio

With data breaches on the rise for companies around the world, the goal of reliable cyber security remains a challenge. In just the past month, Verizon Enterprise Solutions faced an attack that reportedly compromised the basic contact information of 1.5 million customers, potentially exposing those users to additional risk from phishing attacks. Hospitals also struggled with ransomware attacks, including MedStar Health in Maryland and Washington, D.C., Methodist Hospital in Kentucky, and two California hospitals operated by Prime Healthcare, Inc. Several of these hospitals were forced to temporarily shut down their systems in order to keep malware from spreading. Disturbingly, at least one such hospital has admitted to paying a ransom to have its data unlocked.

Why Users Don’t Follow Security Requirements

Driven by the constantly increasing need to improve security, IT professionals often advise their clients to follow requirements that are seen as cumbersome. As a result, many otherwise well-intentioned users do not comply with these requirements. Even worse, some users are actually willing to sell password information for surprisingly low prices. In a study performed by SailPoint Technologies this year in which 1,000 office workers in various industries and from multiple countries were interviewed, an appalling number admitted to poor password practices such as:

  • Using a single password among several applications. (65%)
  • Sharing their passwords with co-workers. (30%)
  • Willingness to sell their passwords to outsiders for as little as $1,000. (20%)

Surprisingly, SailPoint’s study showed that even though employees expect other companies to make protecting their personal data a priority, they fail to do the same for their own clients. The study showed that 32% of the respondents had been impacted by security breaches at other companies. But in spite of this, many still continue to engage in poor security practices.

The Multi-Factor Authentication Solution

So if the worst users are actively dishonest and the best are still too likely to engage in risky security practices, what is the solution to the password problem?

One possible approach already in use by some companies is multi-factor authentication. With this approach a password is still used, but is combined with additional factors. For example, a company might not complete your online request to change your password until you provide a code they have sent to a phone number you previously designated. In another example, a user signing on to a company laptop might also be required to have their fingerprint or voiced scanned. Here, employees are effectively discouraged from using unwise security practices – you can share a password, but it’s prohibitively difficult to share fingerprints. And hackers who may have acquired a password are much more likely to be blocked by the additional requirement.

Some biometric technologies to facilitate multi-factor authentication already exist and more are on the way. Most of us are familiar with the use of fingerprints and voice recognition. Along with these, additional technologies include keystroke recognition, which focuses on the unique typing rhythms of users; palm vein recognition, which identifies unique vein patterns in palms and/or fingers; and heartbeat recognition, which relies on the unique electrocardiographic signals produced by an individual’s heart; and many more.

Not all of these technologies are sufficiently mature to provide reliable and cost-effective security at present. However, technology changes rapidly. What was expensive yesterday may well be affordable tomorrow. (For an example, see DIY Is Shaping Our Future – design student creates his own braces using 3D printing.)

Biometrics alone or multi-factor authentication are likely to be used in the future to meet security needs. In July, 2015, the Bloomberg BNA Privacy & Security Law Report published a report titled “Should the FTC Kill the Password? The Case for Better Authentication.” In this report, the authors argue that “…in certain circumstances the FTC should start requiring better methods of authentication than passwords alone.” Companies interested in preparing for the future will need to explore this approach.

Introducing our newest member to the Aperio IT team.
Apr 5th, 2016 by aperio

Hello everyone,

We would like to introduce you to our newest employee.  Tracie has accepted our offer of employment as our Inside Sales Specialist.  Her first week started today and she has already started out doing an amazing job.  Tracie has multiple years of experience as a Life Insurance Agent and graduated with one of highest IQ’s in her class.

As an Inside Sales Specialist, Tracie is responsible for assuring that our clients’ are ordering the right products and that all of their services are being renewed.

Here are some of Tracie’s responsibility:

-Assists the sales team by preparing and then following up on any sales quotations made for clients,

-Negotiating terms with distributors to find a cost best suited for our clients

-Liaise between other departments and the client to provide the service most suitable to the client’s needs, cost and time restraints

-Work closely with the sales team to assess the progress of the department and develop sales strategy accordingly

-Produce reports on progress within the department and outline any developed strategies to improve

We are really excited to add Tracie to the team and she is going to be a big help by being able to fully dedicate herself to her new role.

Thanks for Welcoming Tracie,

-Cary Warner CMO

 

DIY IS SHAPING OUR FUTURE
Mar 23rd, 2016 by aperio

We live in a time of rapidly changing technology. For example, 3D printing (also known as stereolithography or additive layer manufacturing, a process first patented in the 1980’s) is becoming more and more popular. It is already being used as a method for rapid prototyping for manufacturers, for doctors to create customized medical devices, and for individuals to create do-it-yourself projects. And recently, Amos Dudley, a 23 year old digital design student, has been in the news for creating his own braces using 3D printing.

It’s important to note that Dudley didn’t create his actual braces using 3D printing; however, the 3D printing was a key part of his process. He took a mold of his teeth using alginate powder, then used the casting to create digital models for multiple aligners, each for a different phase in re-aligning his teeth. Only then did he print those models using a 3D printer. From that point Dudley was able to create aligners from orthodontic grade retainer plastic he purchased on Ebay. The quality of this plastic was important both because Dudley needed to be certain it wouldn’t release toxic chemicals while in his mouth and because 3D printed plastic is too porous, potentially allowing the growth of unhealthy bacteria.

Dudley’s case is a excellent example of the risks and rewards presented by using DIY technology compared to conventional methods, and the conditions necessary to make it a worthwhile option. As a design student, Dudley had access to 3D printers, which helped to keep his costs down. He also had the time and willingness to carefully research orthodontic processes and materials, which reduced the risk of doing serious damage to his teeth or gums. Without this particular combination of factors, 3D printing might not have been a viable solution.

So does Dudley’s success mean orthodontists will be going out of business any time soon? Probably not. Dudley himself notes in his blog that his do-it-yourself aligners were required only to resolve issues that came up due to failure to use his retainers after previously having standard braces. It’s unlikely that an amateur would be able to perform the sort of evaluation an orthodontist with ten or so years of advanced schooling can, including knowledge of how the process of moving teeth can affect the long term health of teeth and gums.

However, at the very least the orthodontic industry should be taking note of 3D printing’s presence as a disruptive technology – that is, a technology with the potential to displace an established one or to “shake up” existing industries or in extreme cases, to create an entirely new industry. In this case, awareness of new technologies may cause consumers to question why they should pay the current high prices for orthodontic appliances. These new technologies may also allow greater competition in the form of cheaper appliances.

Do-it-yourself technologies such as 3D printing are a double edged sword for consumers. While they offer exciting opportunities, there will always be a need to evaluate the balance between lower costs versus the knowledge experts brings to any process.

Read more:
History of 3D printing
Examples of 3D printing printed organs, aerospace industry, and more.
Examples of disruptive technologies

Apple susceptible to malware and ransomwear
Mar 11th, 2016 by aperio

On March 4, 2015, Palo Alto Networks researchers determined that the OS X installer for the Transmission BitTorrent client was infected with previously undetected ransomware, which the researchers are calling KeRanger.

This is only the second ransomware targeting Mac OS X to be uncovered, following Kaspersky Lab’s discovery of the FileCoder ransomware in 2014. Still, the researchers noted, “As FileCoder was incomplete at the time of its discovery, we believe KeRanger is the first fully functional ransomware seen on the OS X platform.”

“This is the first one in the wild that is definitely functional, encrypts your files and seeks a ransom,” Palo Alto Networks threat intelligence director Ryan Olson told Reuters.

Two installers of Transmission version 2.90 were infected with KeRanger on the morning of March 4. “Transmission is an open source project,” the researchers wrote. “It’s possible that Transmission’s official website was compromised and the files were replaced by re-compiled malicious versions, but we can’t confirm how this infection occurred.”

The malware was signed with a valid Mac app development certificate, allowing it to bypass Apple’s Gatekeeper protection. When the app is installed, an embedded executable file is run, and the malware waits for three days before connecting with command and control servers via Tor, then begins encrypting documents and files on the infected system.

Once the encryption process is complete, the ransomware demands that victims pay one bitcoin (approximately $410) to decrypt their files. “Additionally, KeRanger appears to still be under active development and it seems the malware is also attempting to encrypt Time Machine backup files to prevent victims from recovering their backup data,” the researchers noted.

In a blog post, Thomas Reed, director of Mac offerings at Malwarebytes, suggested it’s an extremely bad idea to pay any ransom to decrypt files. “In the Windows world, paying the ransom sometimes results in getting a key that can successfully unlock the files,” he wrote. “However, it also can result in sending money to the hackers and getting nothing in return, or receiving a key that doesn’t actually work properly because the ransomware was poorly written.”

After the researchers notified the Transmission Project and Apple, the malicious installers were removed from Transmission’s website, and Apple revoked the app development certificate.

Tripwire director of IT security and risk management Tim Erlin told eSecurity Planet by email that the malware marketplace is ultimately driven by the population of targets, making Windows much more attractive to attackers than OS X. “It may have taken a little longer for ransomware to come to the Mac, but that shouldn’t be interpreted in terms of [relative] security, but in terms of target density,” he said. “There are fewer Mac users, especially fewer corporate Mac users, available to pay the ransoms. Apple is, however, growing faster in the PC market than Windows vendors. Any increase in Apple’s user base makes the systems a more attractive target for cybercriminals.”

And LogMeOnce CEO Kevin Shahbazi suggested by email that IT departments take the following steps to protect enterprise systems from attacks like these:

  • In controlled environments, IT teams should test and validate patches before they deploy to user desktops.
  • IT department should take adequate time to test software patches based on their organization’s policy. In some organizations, patches are tested for 30 days before being applied. If such a test was conducted, this malware issue would have been simply avoided.
  • IT department should perform a controlled roll-out by dispatching patches to select groups first, as part of a patch roll-out and validation.
  • IT department should ensure that software patches have an authentic digital signature.
  • Antivirus software must be up-to-date on all servers and desktops.
  • IT department should ensure that they have regular backup of their critical systems and data.
  • Network devices need to have firewall, to fend-off such attacks destined to firewalls.
  • SaaS-based password manager with proper backup.

“The first step is prevention, which needs to be planned in advance by deploying software and implementing security policies and procedures,” Shahbazi added. “Please keep in mind that security should be treated as a layered system, so your security posture should include defensive layers.”

By Jeff Goldman

Our Primary Mission
Mar 7th, 2016 by aperio

Is to become our clients’ trusted adviser by delivering best of breed technology solutions that increase organizational productivity and scalability, lower operational costs, and evolve in their ever changing business climate. Aperio IT has been perfecting the way we do business for more than 15 years. We continually and painstakingly examine our own operations to ensure our approach always exceeds client requirements and expectations. It’s what sets Aperio IT apart from anyone else in our space. Meticulous attention to detail, fanatical customer service, and hiring only the best people have been key to our success. As a result, we have a nearly 90% client retention rate.

SIDEBAR
»
S
I
D
E
B
A
R
«
»  Substance:WordPress   »  Style:Ahren Ahimsa