Symantec statement on source code release and our opinion

January 17th, 2012

We have reviewed the below statement from Symantec and while we are alerting you around this information it is our belief we do not have any current customers who are at risk.   If you have any questions or would like for us to do an additional review of your environment, please contact our helpdesk at 770.514.1640 or help@ajcomputers.com.

Statement from Symantec Corporate

In an effort to keep you up-to-date on the unfolding events surrounding the
Symantec source code disclosure, further investigation of the claims made by
Anonymous brings us to believe that the disclosure was the result of a theft of
source code that occurred in 2006. Since 2006, Symantec has instituted a number
of policies and procedures to prevent a similar incident from occurring.

Affected products include:

  • Norton Antivirus Corporate
    Edition
  • Norton Internet Security
  • Norton SystemWorks (Norton
    Utilities and Norton GoBack)
  • pcAnywhere 12.0, 12.1 and 12.5
  • Symantec Endpoint Protection
    v11.0, which is four years old
  • Symantec AntiVirus v10.2, which
    is five years old code, and a product that has been discontinued

Due to the age of the exposed source code,
except as specifically noted below, Symantec customers – including those
running Norton products — should not be in any increased danger of cyber
attacks resulting from this incident.

Customers of Symantec’s pcAnywhere product may face a slightly increased security
risk as a result of this exposure. Symantec is currently in the process of
reaching out to our pcAnywhere customers to make them aware of the situation
and to provide remediation steps to maintain the protection of their devices
and information.

How you can help customers using Norton Antivirus Corporate Edition, Norton
Internet Security, or Norton SystemWorks (Norton Utilities and Norton GoBack)

By keeping your customers’ solutions and virus definitions updated to the
latest version, you will help ensure protection against any new possible
threats that might result from this incident. Additional steps to take include
confirming that your customers are following best practices for protection
technology settings: tamper protection and IPS technologies defend against
vulnerabilities. Also consider enabling the uninstall password feature. This
helps prevents malware or other software from uninstalling Symantec AntiVirus
v10.2 or Symantec Endpoint Protection v11.0.

How you can help customers using pcAnywhere

As always with any remote control product (such as pcAnywhere), it is extremely
important that best practices are followed regarding physical security,
endpoint security, network perimeter security and secure remote access. For
example, all computers should have an endpoint protection technology installed
that is current and up-to-date. Corporate firewalls should not allow inbound or
outbound access to pcAnywhere without using VPN tunnels. Unauthorized
individuals should not be permitted on company property. Additionally,
companies should employ best practices when it comes to the configuration of
pcAnywhere – e.g. password strength, password retry limits, and requiring the
user to approve remote connections.

Symantec is committed to eliminating the increased risk as a result of the
exposure. In addition to a partner FAQ, we will also provide a technical white
paper that addresses initial remediation steps and issue maintenance patches as
a final step.

Given the nature of this ongoing investigation, we have no further details to
disclose at this time but will provide updates as we confirm additional facts.
For general information updates, please visit go.symantec.com/sourcecode.
For specific questions, please contact your Symantec account representative or
reference the partner FAQ or technical white paper being made available to you
via your partner account manager.

Posted in Business, Customer Service, Events, News | Comments Off

Deciding on a company name can backfire

September 19th, 2011

So over the weekend, Netflix decided to split their business into 2 separate companies – the Netflix we know and love which will be responsible for streaming video (to your DVD player, computer, smartphone, etc) and a new company called Qwikster which is responsible for the physical DVD shipments (which is actually the original Netflix business model).   The problem is, they didn’t secure all of the relevant domains and social media accounts to go with their new name.   On Twitter, there’s been a user called qwikster which does not represent Netflix and will see a significant jump in his mentions and follower count simply because of the confusion. 

So what do you do as the company?   Just get over it?  Try to buy the name (which violates Twitter’s terms of service) ?   Or something else?   With a marketing group and M&A team as large as Netflix, was this an oversight or just one of those things that people didn’t think was important? 

As a business owner or marketer, what would you do?

Posted in General, Legal, News, Social Media | Comments Off

Are you ready for …. everything?

September 6th, 2011

Normally this time of year, I’d be thinkin about being ready for football season, the NASCAR chase or the kids to all finally be back in school - but over the past few weeks there’s been a number of events which have occured which brought out my “are you ready for anything that can happen?”.   There’s been 3 earthquakes, a hurricane, flooding, 2 tropical storms and then the usual plethora of man made chaos in the world.   So the question here is – what you are doing to be prepared.

September is National Preparedness Month (ready.gov) and typically focuses on natural disaster preperation especially as severe weather season is upon us.   But the real question to any family or business is – What are you prepared for?   Do you have a plan for an event which causes you to leave your house or office?  Do you know who all your utility providers are and how to contact them?   What about critical information around letting friends and business associates know what is happening and how to get in touch with you.  There a loads of great information out there along with templates to use around organizing information and gathering all of details necessary.  All of these are great ways to get oranized, but sometimes you just don’t have the time to keep up with all of the changing information.   Here’s a couple of simple ways to deal with all of this:

  1. Make sure your computers are backed up somewhere off-site – we call this cloud based backups – there are even some free backup plans if you have only a small amount of data, all automated
  2. Use an inexpesive scanner to digitize all of your statements, receipts, etc - along with the backups, this gives you easy access to the information and allows you to get rid of the overwhelming load of paper you’ve been keeping.
  3. Make sure you have a couple of essentials like cash, flashlights and gas in your car – I know it sounds simple but a lot of people just expect ATMs and gas stations to be open – the recent flooding in New Jersey towns prove how easy it is for these things to be knocked out.
  4. Have a communication plan – know who to call when you have an emergency and let friends, family and business assocaites know something is going on – this way people who are worried about you at least know you have a plan and when you will get back to them.
  5. Have a backup communication plan – with the east coast earthquake, the cellular network was overwhelmed and people were unable to contact others.   Everything from BlackBerry Messenger, Skype, email, FaceTime, etc were all up and running as normal even though the major carriers where unable to connect phone calls.

 So as you can see, almost anything can happen in a very short time frame, but if you take just a couple of minutes and make some preperations in advance, you can be ready for almost anything.

Tags: , , , ,
Posted in Business, Contingency Plan, Disaster Planning, Events | Comments Off

Google Users Fall Victim to Man-in-the-Middle Attack

August 30th, 2011

Originally posted at Barracuda Labs Security Blog

Yesterday reports began to
trickle in that Google users in Iran were victim to a man-in-the-middle attack
through the use of an illegitimate SSL certificate issued for “*.google.com”.
This is the latest in a series of events involving a hacked Certificate
Authority, but this time there was clear evidence that the fake certificate was
being actively used.  Details of the attack and consequences are being
written about extensively elsewhere, so we will give a brief overview and link
to those directly involved and others with particularly insightful analysis.

The certificate being used
was issued by a Dutch certificate authority, DigiNotar. The consequence is that
this CA has essentially been given the “death penalty”. Microsoft, Mozilla and
Google have removed the DigiNotar root certificate from their chain of trust
and certificates signed by them will have no more trust than one you generate
yourself.  It is good to see that those who have the strongest position
when choosing which certificate authorities to trust are doing the right thing
here, with a technology that so many people rely on for security, privacy and
economic reason a “one strike and you’re out” system is appropriate.  With
each attack similar to this one, we see that the current system of Certificate
Authorities is quite open to abuse with the combination of centralized and
opaque trust.  Compromises of that trust can have severe
consequences.  The system is clearly broken, and while some are working on
replacement solutions, it is what we have to use in the mean time.

Users are advised to remove
the DigiNotar root certificate.

Firefox:

http://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert

Chrome:

http://googlechrometutorial.com/google-chrome-advanced-settings/Google-chrome-ssl-settings.html

IE:

Some newer versions of Windows seem to be automatically checking a CRL and
therefore are able to provide protection without a software update: “All
supported editions of Windows Vista, Windows 7, Windows Server 2008, and
Windows Server 2008 R2 use the Microsoft Certificate Trust List to validate the
trust of a certificate authority. There is no action required for users of
these operating systems because Microsoft has removed the DigiNotar root
certificate from the Microsoft Certificate Trust List.”

However older versions of
Windows do not provide automatic protection:” Microsoft will release a future
update to address this issue for all supported editions of Windows XP and
Windows Server 2003.”

http://www.microsoft.com/technet/security/advisory/2607712.mspx

The DigiNotar root will be
being removed from relevant Barracuda Networks products.

 

Further reading:

Google Online Security
Blog: An
Update on Attemped Man-in-the-Middle Attacks

DigiNotar Response: Diginotar
Reports Security Incident

EFF: Iranian
Man-in-the-Middle Attack Against Google Demonstrates Dangerous Weakness of
Certificate Authorities

Posted in Business, Contingency Plan, Customer Service, Email, Social Media | Comments Off

Google issues another corporate slap down for violating search engine rules

February 28th, 2011

Last week we wrote about how Google penalized JC Penny for something their search engine optimization company did – essentially broke the rules of ethical search engine ranking and placement.   While Google really tries to not publicly point out one company or another, in this instance the New York Times grabbed a hold of the story and ran about 2 pages in the sunday edition – that’s a lot of copy for very obscure business (Search Engine Optimization).   Basically their outside firm paid a number of other companies who were nothing other than listing sites (big pages with links to other web sites) to help JC Penney get to the top of search results for lots and lots of every day words.   See the NYT article for an in-depth view: article.

This week, Overstock.com was caught using a similar tactic – they worked with a some universities and had them list links to overstock’s web site using key words.   In the internal Google search engine ranking calculator, links from schools give a web site a lot more credibility than a link from regular site.    This week Google notified Overstock they were in violation of the terms of use.   Subsequently, their search engine ranking dropped like a stone.

So, what’s the lesson here?   For the next few months, lots of reporters are going to be digging into every company’s search engine placement and try to find any issues.   If you are a company big or small, make sure you or your search engine consultants are playing by the rules.   If you have good content and you have good inbound partners to link from, then you will be rewarded.   Google is constantly tweaking the search results grading and will continue to work to refine how companies are graded and ranked.    Play by the rules is their creedo and you will be rewarded.

So what do you think about the recent ‘de-ranking’ by google of these major companies?   Do you feel like you’ve been treated unfairly by Google’s ranking system?   Or is is that you’ve been promised that first search engine ranking placement by a search engine consultant and they have yet to deliver? 



Tags: , ,
Posted in Business, General, Search Engine, Web Site | Comments Off

When a country shuts down the internet, is your company at risk?

February 20th, 2011

With the proliferation of short urls for use in twitter, facebook, foursquare and others, many companies are purchasing domains not in the usual .com and .net but instead using formerly country specific domains like .co, .ly, .in and lots of others.  Over the past few weeks, we have all seen the unrest in Egypt, Libya and other countries which has caused some of them to shut down internet access.   So where does this leave the companies who own domains controlled by these countries?

Without getting into the technical details of the internet – the short answer is: it depends.   Every top level domain (TLD) name (.com, .net, .ly, .it, etc) are controlled by a specific country (.com is controlled by the US).  If the main registry for the TLD goes down and the backup copies go down, then all of the domains for that TLD will be inaccessible.  Some countries have started using out of country backup providers but many of the smaller ones simply haven’t gotten there yet.  Last week, Libya shut down their Internet for about 16 hours, fortunately for companies like bit.ly, their domains were still cached outside of Libya and were usable until the connection was restored on Friday only to be shutdown again on Saturday. 

A number of companies (posterious is one) are starting to shift over to new shortcut urls, but what a shift and disruption in their business this is causing, not to mention the engineering expense to plus the loss of brand collateral. 

So what would your business do in this situation?   What’s your backup plan if you own one of these domains?   Currently we own ajci.co but we’re not using it for anything critical (we use it as a short url for posts instead of bit.ly links).  Other domains we own with country specific TLDs we are using but only as a secondary option.   If something were to happen with the internet here in the US, we do have a backup plan in place to use an alternate domain name and an alternate hosting provider.  Just like every area of your business your internet presence deserves a disaster plan.

What is your business doing to ensure a single event can’t shut down your business or an outside entity can’t jepoardize how you communicate with customers?  I’d love to hear your thoughts.

Tags: , , , ,
Posted in Business, Contingency Plan, Customer Service, Disaster Planning, Social Media | Comments Off

New York Fashion Week gets internet savvy

February 11th, 2011

New York Fashion Week started yesterday and an exciting new trend I am seeing is the live broadcasting of runway walks for each of the designers.   Looking through the various show schedules I saw no less than 20 online streaming events.   Using tools like LiveStream, uStream and others the fashion houses are picking up on their successful past experiences and bringing the consumer onto the runway.  Being married to a fashionista myself has me wondering if all this video is working…  Do people look at the clothes on the runway and know that will work for them?   Or (as so many years in the past have shown), what’s on the runway and what appears in retail are dramatically different?  How does streaming a runway show really help – or is it just inexpensive publicity?  I think the move to put more and more of these types of broadcasts on the Internet allows exposure to so many more people than would normally have it (a typical fashion runway show invites 200-500 people).  Any way to inform and educate a consumer is good for business.  In these economic times, customers want knowledge – they want to know what is coming, where to spend money and most of them want a plan – do I buy this blazer because I can get more than 1 season out of it?  How about these boots – will they still be OK for the fall?  And the list goes on and on.  This move gives more people more time to decide how to spend their money wisely – a great idea!

Recently one of our clients made a bold move and became the first group to live stream video and interviews over the internet from their industry’s annual trade show.  The only company to do it in the event’s 57 year history.  The event organizers thought it was great as it brought the average consumer from their living room (or their office) into the show typically reserved for industry professionals only.  How many other industries are making this move and why aren’t more?

So what does this all mean?   Are the fashion houses getting more Internet savvy?  Are they just simply following the herd and doing what everyone else does to simply keep up?  Do the shows being broadcast bring any value to you?  Are you even going to watch?

Here’s a partial list of New York Fashion Week live streams and their schedules (thanks to Mashable! for being the first out with the list )

Tags: ,
Posted in Fashion, Video | Comments Off

Simple things that will ruin your day, analog issues meet a digital world.

January 5th, 2011

So just before the December holidays our office building sprunk a leak.  Some roof shingles came off from a windstorm and the next time it rained, we started to get water in the office.  But wait for the kicker – the leak was right over the top of my desk.  Our landlord (we rent our office) ran around and found a roofer to get up there and put a tarp over the top of the affected area.   This worked great, until another windstorm came and blew the tarp off the roof, just before New Year’s Day.  So after me calling the landlord 3 days in a row and the landlord calling the roofer 3 days in a row to get the tarp put on, it proceeded to rain – A BUNCH!

I had left the office assuming the tarp was being put back on and left some documents on my desk and a laptop as well.   Suprise on Monday – documents ruined and water all in the laptop – and NO TARP ON THE ROOF.  Those of you who know me, understand that I remained calm (not!), called my landlord calmly (not) and explained the situation calmly (not!). 

So this week, they are working on resolving the roof issue, but as you can tell – I now have a bunch of documents I have to recreate and a laptop which MIGHT be able to be salvaged (we’re still trying to dry it out and see if it will start).  So what are the lessons learned from here?

  1. Never assume someone else is going to do something they have shown they are not going to do
  2. Plan for the worst, a simple thing like a roof leak can cause major damage
  3. Know what to do and who to call in the event of an emergency or issue.
  4. Be persistent when an issue is not being resolved to your satisfaction

So an analog world issue causedhavoc in my digital world – a simple water leak causes digital damage and sets me back a day of work.   What would you have done in this situation?  Should I have done something different?   What’s your plan if something like this happened?

Tags:
Posted in Equipment, General, News, postaweek2011 | Comments Off

What are you doing different in 2011?

January 4th, 2011

W.L. Bateman said “If you keep on doing what you’ve always done, you’ll keep on getting what you’ve always got.”

Over the past couple of years, I’ve tried the resolution route, that”This year I’m going to…”, inevitably 90% of these are abandoned by March – either because the original premise was too complex or in the end on March 1 it wasn’t as important as it was on Jan 1.  The resolutions I’ve been able to carry from resolution to habit to just another thing I do are the ones where I can see the potential benefit, are easy to integrate in my day to day life and take only a few minutes a day.

For those of you who know me, you know I’m not a “This year I’m going to exercise every day” or “This year I’m going to volunteer 40 hours a week at the local charity”.  While these are great goals they are just not something I would do.  But things like “Take a portion of my salary every month and put it aside to make our year end taxes easier” or “Write a blog post once a week” or even “Get back to doing 1 fun thing as a complete family once a month” – these are things I can handle.

So here’s this year’s plan for both the business and personal

  1. Pay more attention to our clients.   While I am always listening to what our clients say, I think I’ve been avoiding the tough discussions with them.  This year, it’s more proactive conversations with clients.
  2. Do 1 fun thing with our family every month (like we used to).  In January, it’s an Atlanta Thrashers hockey game.
  3. Get to blogging at least once a week – wordpress.com motivated me with their The Daily Post challenge (you can find out more by reading my Jan 1 blog).
  4. Give myself a mental break from work 1 day every weekend – since the middle of the year it’s been a 7 day a week operation around here – every one’s mind needs a break.  I was pretty sick in 2nd half of December and it forced me to take a mental break, I was able to come back recharged and ready to go. 

There’s some others more minor stuff that I’m trying out this year, but the 4 above are the big ticket items.

So what are you going to do different this year, in your personal life and at work?   Are you going to use Twitter more (or less)? Are you going to finally get that start-up company you’ve been dreaming about off the ground?  How about that vacation you’ve been dreaming of – are you going to start saving for it?  Trying to run a half-marathon this year, what’s your training plan?

The reality of it is, if you keep doing the same things over and over, you can only except the same results.   How are you going to change the result you are getting by changing the things you are doing?   Let me know, I’d love to hear your thoughts.

Posted in General, postaweek2011 | Comments Off

Blogging Every Week for 2011 #postaweek2011

January 1st, 2011

I’ve decided I want to blog more. Rather than just thinking about doing it, I’m starting right now.  I will be posting on this blog  once a week for all of 2011.

I know it won’t be easy, but it might be fun, inspiring, awesome and wonderful. Therefore I’m promising to make use of The DailyPost, and the community of other bloggers with similar goals, to help me along the way, including asking for help when I need it and encouraging others when I can.

If you already read my blog, I hope you’ll encourage me with comments and likes, and good will along the way.

Signed,

Joe Vivona

Posted in General, News, Social Media | Comments Off

« Older Entries

Welcome to the A&J Computers Inc Blog. Here you will find our thoughts on technology trends and announcements.

#

Copyright © A&J Computers Inc., All Rights Reserved.