December 2014 News and Updates
What’s New
- 2014 Holiday Schedule – Below is our 2014 holiday schedule. We want to wish everyone a Merry Christmas and a Happy New Year.
- Christmas – Closed Wednesday, 24 December and Thursday, 25 Decmeber 2014. We will be open on Friday, 26 December.
- New Year – Closed Wednesday, 31 December [2014] and 1 January 2015. We will be open on Friday, 2 January.
- Focus for 2015 on Security – By any measure, the latter part of 2013 and all of 2014 year have been bad when it comes to security. We’ve had Target, JP Morgan Chase, Michaels, Neiman Marcus, Texas Health and Human Services, the IRS, the Department of Public Health and Human Services, Community Heath Systems / Tennova and Home Depot and those are just the ones that were reported (discovered?) and where the number of exposed records exceeded 1,000,000 records. We’re still waiting to learn the full extent of the attack on Sony but this looks like a deviation from what we’ve seen in the past (extended downtime and actual damage rather than just gathering data). We know that nothing is (or should be) considered un-hackable but these massive breaches should be an indication that we can and should be doing better. With the Target breach, it was a third party HVAC vendor that was the weak link. With the Home Depot breach, it was a third party vendor (there were other factors here also) again that was the weak link. The lesson to be learned though was that the attackers have learned that they don’t need to go for the hard targets directly but can leverage smaller, likely weaker targets against these large targets. With the introduction of the MyIT Program and the Network Ninja, began a push to transition from a reactive posture (call us when something breaks and we’ll come and fix it) to a proactive posture (we’ll watch your core network services for issues and fix them before something breaks). We will be continuing the MyIT program in 2015 and will continue refining the Network Ninja into a tool that can act as an early warning sign of problems.
- New, shorter domain Name – At long last, we have a new, shorter and easier to remember (and spell) domain name. Our old domain name (cybertechcafe.net) and all of the email addresses on that domain will continue to work but, effective immediately we also have the ctc.co (note, it’s not ctc.com but ctc.co, 5 letters). You can continue to reach us at www.cybertechcafe.net or support@cybertechcafe.net but, now, you can also simply go to www.ctc.co or help@ctc.co and get us there as well.
- Case Studies and Short Stories (that may or may not be based on real life events) – In addition to the monthly update emails, we will also be posting case studies and short stories (that may or may not be based on real life events) to the website and linking them to the Facebook and LinkedIn accounts. Our hope here is to present technology and security in the context of real-life scenarios “Bob got an email with a link, Bob clicked the link, horrible things happened” in addition to the sterile “there is an update to fix this very techincal thing that, if installed, would prevent a very horrible thing, maybe” type emails that we end up sending monthly. We’ve slipped a few in already and welcome you to submit content that may serve as a warning for someone later on (something like “I had a popup that said that my system had viruses with a link, so I clicked the link and my system got viruses” but with more detail).
Updates
Executive Summary – There are significantly fewer updates all around so far this month and I haven’t seen anything yet to rival the SChannel hole that we saw in basically every Microsoft product on the market. Adobe will be releasing updates for Reader and Acrobat tomorrow that adress critical vulnerabilities for both the Windows and Mac platform. Other notable news is Java, who (I believe) has almost survived the year with zero zero-days.
Microsoft – According to the Advanced Notification of December 2014, there are a total of 7 bulletins with 3 listed as critical and the remaining 4 listed as Important. Five of the bulletins address remote code vulnerabilities (a remote attacker can run programs on the computer as a result of the vulnerability), one is a privilege escallation (normal user can get administrative rights) and one addresses information disclosure. The updates address problems in Exchange, Windows, Office and Internet Explorer. Several of the updates do require a reboot.
Microsoft releases regular updates the second Tuesday of each month, often referred to as ‘Patch Tuesday’. These updates are catagorized as Low, Moderate, Important or Critical. Details on the categories are available here. The updates can include any supported Microsoft product from Windows to Office to Internet Explorer and server products like Exchange and SQL Server. If you have one or more of these products installed, especially if the update is listed as Important or Critial, it’s important that the updates are installed.
Additional details are available Microsoft Here.
Adobe – As has become par for the course, Adobe is remaining tight-lipped about what updates it will release tomorrow but there was a ‘prenotification’ posted on 4 December that an update would be released for Adobe Acrobat and Reader. Very little other than that the updates address critical vulnerabilities for Acrobat and Reader in both Mac and Windows is available thus far. Expect an addendum after the release with more info.
Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month. Adobe will also release ‘out of band’ updates if necessary to address critical vulnerabilities in their products. Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos, for interactive content like games, etc.), Adobe Shockwave and the Adobe Creative Suite (Photoshop, Illustrator, Acrobat, Lightroom, etc.).
Additional details are available from Adobe Here.
Java – The most up-to-date release version of Java, as of the time of this newsletter, is still Java 8 update 25. In 2013 (and earlier), Java was at the top of the list of threats for malware and zero day threats, a favorite for the bad guys. In 2014 though, Oracle seems to have stayed ahead of the curve. Internet Explorer and Adobe products (Flash, Acrobat, Reader, Shockwave, etc.) have taken over as the ‘most exploited / exploitable’ with Internet Explorer getting the most security patches in any single year this year in the first six months (yup). I’ll stop short of giving Oracle kudos this year, but I will say that it came as a pleasant and welcome surprise.
Java is a tool that’s widely used by banks, online service providers and even security companies for SSL VPN connections. Java’s ‘official’ release cycle is approximately quarterly but Java updates have been ‘fast and furious’ in recent months. It’s worth noting again that, if you don’t absolutely need Java on your computer, it’s not a bad idea to remove it altogether.
Additional details are available from Oracle here.
These updates will be automatically reviewed, approved and installed for MyIT Customers. If you would like more information about the Cyber Tech Cafe MyIT services for your business, please let us know. The Cyber Tech Cafe MyIT services are availalbe in three different levels (Bronze, Silver and Gold) and can provide updates only (Bronze), updates and proactive network auditing and monitoring (Silver) or updates, proactive auditing and monitoring and up to 10 hours of priority support at a significantly discounted rate (Gold). Pricing is based on the number of physical locations, servers and workstations that you have.