Prager U, which is not an accredited university, has produced really good material that is very timely for the day after the bombing at the Arianna Grande concert. The video is a serious of short clips about Extremism and features several Muslims speaking out against Extremism. Please watch the entire thing. (You can pause after each speaker which averages about 7-10 minutes.)
Ever have a need to draw a radius in Google Maps? Now you can.
Here is a link to an explanation: https://www.youtube.com/watch?v=F85YgVXCk3Y
Here is the link to the site he is showing in the video: http://obeattie.github.io/gmaps-radius/?radiusInput=125&unitSelector=mi
The following information is a copy/paste of a bulletin we received The Department for Homeland Security and US-CERT. This is necessarily long, but does not contain the full bulletin due to its technical nature.
Please please take this seriously. You could lose your Word Documents, i.e. homework, portfolios, research papers etc, Excel Documents, Power Point files, Publisher files, digital memories (a/k/a family photos and movies) and any other data. If you have not made a backup of your data lately please do so NOW and then remove that external drive or media from your PC immediately. Here is another link to a different article on backup.
If you need assistance in taken precautionary steps please let us know.
Now the bulletin….
TA17-132A: Indicators Associated With WannaCry Ransomware
The WannaCry ransomware received and analyzed by US-CERT is a loader that contains an AES-encrypted DLL. During runtime, the loader writes a file to disk named “t.wry”. The malware then uses an embedded 128-bit key to decrypt this file. This DLL, which is then loaded into the parent process, is the actual Wanna Cry Ransomware responsible for encrypting the user’s files. Using this cryptographic loading method, the WannaCry DLL is never directly exposed on disk and not vulnerable to antivirus software scans.
The newly loaded DLL immediately begins encrypting files on the victim’s system and encrypts the user’s files with 128-bit AES. A random key is generated for the encryption of each file.
The malware also attempts to access the IPC$ shares and SMB resources the victim system has access to. This access permits the malware to spread itself laterally on a compromised network. However, the malware never attempts to attain a password from the victim’s account in order to access the IPC$ share.
This malware is designed to spread laterally on a network by gaining unauthorized access to the IPC$ share on network resources on the network on which it is operating.
Ransomware not only targets home users; businesses can also become infected with ransomware, leading to negative consequences, including
- temporary or permanent loss of sensitive or proprietary information,
- disruption to regular operations,
- financial losses incurred to restore systems and files, and
- potential harm to an organization’s reputation.
Paying the ransom does not guarantee the encrypted files will be released; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not mean the malware infection itself has been removed.
Recommended Steps for Prevention
- Apply the Microsoft patch for the MS17-010 SMB vulnerability dated March 14, 2017.
· Enable strong spam filters to prevent phishing e-mails from reaching the end users and authenticate in-bound e-mail using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent e-mail spoofing.
· Scan all incoming and outgoing e-mails to detect threats and filter executable files from reaching the end users.
· Ensure anti-virus and anti-malware solutions are set to automatically conduct regular scans.
· Manage the use of privileged accounts. Implement the principle of least privilege. No users should be assigned administrative access unless absolutely needed. Those with a need for administrator accounts should only use them when necessary.
· Configure access controls including file, directory, and network share permissions with least privilege in mind. If a user only needs to read specific files, they should not have write access to those files, directories, or shares.
· Disable macro scripts from Microsoft Office files transmitted via e-mail. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full Office suite applications.
- Develop, institute and practice employee education programs for identifying scams, malicious links, and attempted social engineering.
- Have regular penetration tests run against the network. No less than once a year. Ideally, as often as possible/practical.
- Test your backups to ensure they work correctly upon use.
Recommended Steps for Remediation
- Contact law enforcement. We strongly encourage you to contact a local FBI field office upon discovery to report an intrusion and request assistance. Maintain and provide relevant logs.
- Implement your security incident response and business continuity plan. Ideally, organizations should ensure they have appropriate backups so their response is simply to restore the data from a known clean backup.
Defending Against Ransomware Generally
Precautionary measures to mitigate ransomware threats include:
- Ensure anti-virus software is up-to-date.
- Implement a data back-up and recovery plan to maintain copies of sensitive or proprietary data in a separate and secure location. Backup copies of sensitive data should not be readily accessible from local networks.
- Scrutinize links contained in e-mails, and do not open attachments included in unsolicited e-mails.
- Only download software – especially free software – from sites you know and trust.
- Enable automated patches for your operating system and Web browser.
I love using Square to run my business! Process $1,000 without fees when you activate with my invite link: https://squareup.com/i/39D693A6?s=em
I know this may come as a surprise to many of you but there are still a little over 11 million PC’s still running Vista.
The following notice appeared on data security site and I thought I would share with all of my readers.
Thursday, May 4, 2017
Microsoft Ending Support for Windows Vista
Original release date: March 17, 2017
All software products have a lifecycle. After April 11, 2017, Microsoft is ending support for the Windows Vista operating system. After this date, this product will no longer receive:
- Security updates,
- Non-security hotfixes,
- Free or paid assisted support options, or
- Online technical content updates from Microsoft.
Computers running the Windows Vista operating system will continue to work even after support ends. However, using unsupported software may increase the risks of viruses and other security threats.
“Oh God, a hacker’s on the loose with a new (but familiar) Google Docs phishing scam, and journalists (among many others) are in the crosshairs.” – Adam Clark Estes
Please read the whole story…
But, if you don’t have time, just do this ….. IGNORE ANY NOTICES ABOUT SOMEONE YOU DON’T KNOW SHARING GOOGLE DOC’S WITH YOU!
What Is 5G? Everything You Need to Know. – http://www.pcmag.com/article/345387/what-is-5g
I am posting this from e-mail so I do not know if the link above will work, but hopefully it will. This link will take you to an article explaining what 5G wireless is and is not, in layman’s terms. The author does a good job of "splaining," in non-tech terms.
The bottom-line is this….don’t believe the wireless carrier’s claims of 5G service this year. It cannot happen yet…no matter what they advertise.
Read the article for more details. I am kind of excited now that I’ve learned more about the changes coming with 5G…it’s much more than simply faster speeds.
Dennis "MetroPCS Fan" Wilson