Archive for the ‘Customer Service’ Category

Symantec statement on source code release and our opinion

January 17th, 2012

We have reviewed the below statement from Symantec and while we are alerting you around this information it is our belief we do not have any current customers who are at risk.   If you have any questions or would like for us to do an additional review of your environment, please contact our helpdesk at 770.514.1640 or help@ajcomputers.com.

Statement from Symantec Corporate

In an effort to keep you up-to-date on the unfolding events surrounding the
Symantec source code disclosure, further investigation of the claims made by
Anonymous brings us to believe that the disclosure was the result of a theft of
source code that occurred in 2006. Since 2006, Symantec has instituted a number
of policies and procedures to prevent a similar incident from occurring.

Affected products include:

  • Norton Antivirus Corporate
    Edition
  • Norton Internet Security
  • Norton SystemWorks (Norton
    Utilities and Norton GoBack)
  • pcAnywhere 12.0, 12.1 and 12.5
  • Symantec Endpoint Protection
    v11.0, which is four years old
  • Symantec AntiVirus v10.2, which
    is five years old code, and a product that has been discontinued

Due to the age of the exposed source code,
except as specifically noted below, Symantec customers – including those
running Norton products — should not be in any increased danger of cyber
attacks resulting from this incident.

Customers of Symantec’s pcAnywhere product may face a slightly increased security
risk as a result of this exposure. Symantec is currently in the process of
reaching out to our pcAnywhere customers to make them aware of the situation
and to provide remediation steps to maintain the protection of their devices
and information.

How you can help customers using Norton Antivirus Corporate Edition, Norton
Internet Security, or Norton SystemWorks (Norton Utilities and Norton GoBack)

By keeping your customers’ solutions and virus definitions updated to the
latest version, you will help ensure protection against any new possible
threats that might result from this incident. Additional steps to take include
confirming that your customers are following best practices for protection
technology settings: tamper protection and IPS technologies defend against
vulnerabilities. Also consider enabling the uninstall password feature. This
helps prevents malware or other software from uninstalling Symantec AntiVirus
v10.2 or Symantec Endpoint Protection v11.0.

How you can help customers using pcAnywhere

As always with any remote control product (such as pcAnywhere), it is extremely
important that best practices are followed regarding physical security,
endpoint security, network perimeter security and secure remote access. For
example, all computers should have an endpoint protection technology installed
that is current and up-to-date. Corporate firewalls should not allow inbound or
outbound access to pcAnywhere without using VPN tunnels. Unauthorized
individuals should not be permitted on company property. Additionally,
companies should employ best practices when it comes to the configuration of
pcAnywhere – e.g. password strength, password retry limits, and requiring the
user to approve remote connections.

Symantec is committed to eliminating the increased risk as a result of the
exposure. In addition to a partner FAQ, we will also provide a technical white
paper that addresses initial remediation steps and issue maintenance patches as
a final step.

Given the nature of this ongoing investigation, we have no further details to
disclose at this time but will provide updates as we confirm additional facts.
For general information updates, please visit go.symantec.com/sourcecode.
For specific questions, please contact your Symantec account representative or
reference the partner FAQ or technical white paper being made available to you
via your partner account manager.

Posted in Business, Customer Service, Events, News | Comments Off

Google Users Fall Victim to Man-in-the-Middle Attack

August 30th, 2011

Originally posted at Barracuda Labs Security Blog

Yesterday reports began to
trickle in that Google users in Iran were victim to a man-in-the-middle attack
through the use of an illegitimate SSL certificate issued for “*.google.com”.
This is the latest in a series of events involving a hacked Certificate
Authority, but this time there was clear evidence that the fake certificate was
being actively used.  Details of the attack and consequences are being
written about extensively elsewhere, so we will give a brief overview and link
to those directly involved and others with particularly insightful analysis.

The certificate being used
was issued by a Dutch certificate authority, DigiNotar. The consequence is that
this CA has essentially been given the “death penalty”. Microsoft, Mozilla and
Google have removed the DigiNotar root certificate from their chain of trust
and certificates signed by them will have no more trust than one you generate
yourself.  It is good to see that those who have the strongest position
when choosing which certificate authorities to trust are doing the right thing
here, with a technology that so many people rely on for security, privacy and
economic reason a “one strike and you’re out” system is appropriate.  With
each attack similar to this one, we see that the current system of Certificate
Authorities is quite open to abuse with the combination of centralized and
opaque trust.  Compromises of that trust can have severe
consequences.  The system is clearly broken, and while some are working on
replacement solutions, it is what we have to use in the mean time.

Users are advised to remove
the DigiNotar root certificate.

Firefox:

http://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert

Chrome:

http://googlechrometutorial.com/google-chrome-advanced-settings/Google-chrome-ssl-settings.html

IE:

Some newer versions of Windows seem to be automatically checking a CRL and
therefore are able to provide protection without a software update: “All
supported editions of Windows Vista, Windows 7, Windows Server 2008, and
Windows Server 2008 R2 use the Microsoft Certificate Trust List to validate the
trust of a certificate authority. There is no action required for users of
these operating systems because Microsoft has removed the DigiNotar root
certificate from the Microsoft Certificate Trust List.”

However older versions of
Windows do not provide automatic protection:” Microsoft will release a future
update to address this issue for all supported editions of Windows XP and
Windows Server 2003.”

http://www.microsoft.com/technet/security/advisory/2607712.mspx

The DigiNotar root will be
being removed from relevant Barracuda Networks products.

 

Further reading:

Google Online Security
Blog: An
Update on Attemped Man-in-the-Middle Attacks

DigiNotar Response: Diginotar
Reports Security Incident

EFF: Iranian
Man-in-the-Middle Attack Against Google Demonstrates Dangerous Weakness of
Certificate Authorities

Posted in Business, Contingency Plan, Customer Service, Email, Social Media | Comments Off

When a country shuts down the internet, is your company at risk?

February 20th, 2011

With the proliferation of short urls for use in twitter, facebook, foursquare and others, many companies are purchasing domains not in the usual .com and .net but instead using formerly country specific domains like .co, .ly, .in and lots of others.  Over the past few weeks, we have all seen the unrest in Egypt, Libya and other countries which has caused some of them to shut down internet access.   So where does this leave the companies who own domains controlled by these countries?

Without getting into the technical details of the internet – the short answer is: it depends.   Every top level domain (TLD) name (.com, .net, .ly, .it, etc) are controlled by a specific country (.com is controlled by the US).  If the main registry for the TLD goes down and the backup copies go down, then all of the domains for that TLD will be inaccessible.  Some countries have started using out of country backup providers but many of the smaller ones simply haven’t gotten there yet.  Last week, Libya shut down their Internet for about 16 hours, fortunately for companies like bit.ly, their domains were still cached outside of Libya and were usable until the connection was restored on Friday only to be shutdown again on Saturday. 

A number of companies (posterious is one) are starting to shift over to new shortcut urls, but what a shift and disruption in their business this is causing, not to mention the engineering expense to plus the loss of brand collateral. 

So what would your business do in this situation?   What’s your backup plan if you own one of these domains?   Currently we own ajci.co but we’re not using it for anything critical (we use it as a short url for posts instead of bit.ly links).  Other domains we own with country specific TLDs we are using but only as a secondary option.   If something were to happen with the internet here in the US, we do have a backup plan in place to use an alternate domain name and an alternate hosting provider.  Just like every area of your business your internet presence deserves a disaster plan.

What is your business doing to ensure a single event can’t shut down your business or an outside entity can’t jepoardize how you communicate with customers?  I’d love to hear your thoughts.

Tags: , , , ,
Posted in Business, Contingency Plan, Customer Service, Disaster Planning, Social Media | Comments Off

Spam Comes In All Forms – This One Carries the Wikileaks Moniker

December 8th, 2010

Spam, and the massive destruction that accompanies it, has a way of riding on the back of whatever topic is popular at the moment.  Right now, the latest news is spam carrying a Wikileaks worm.  Symantec released an article today warning the public of the threat entitled “IRAN Nuclear BOMB!” from the Wikileaks organization which is not the case.  The only content is a URL, which, when clicked, will download a threat identified as W32.Spyrat.

W32.Spyrat opens a backdoor using a predetermined port and IP address, allowing an attacker to perform the following actions on the compromised computer:

  • Read, write, and execute files
  • Steal stored passwords
  • Issue commands
  • Activate and view a webcam, if present
  • Log keystrokes
  • Create an HTTP proxy to route traffic through the compromised computer

Do not open this email or click on the URL if received. Read on for the full article at Symantec .

Julie Settle, A&J Computers Inc.

Tags: , , , , , , , , , , ,
Posted in Customer Service, Email, Events, News, Uncategorized | Comments Off

Yes, Small Business, There Is a Helpdesk Solution

December 2nd, 2010

Let’s face it — if your business is supported by computer technology, you need a Helpdesk.  You deserve a Helpdesk.  One of the main reasons a business fails (outside of negative revenue generation) is the inability to recover quickly from an IT disaster.  Disaster — it’s a big scary word.  And if your only desktop computer or your only server goes down and no one is able to recover the data from it, or recover it in a timely fashion, you’re toast.   No longer do you have a customer database, no longer do you have an accounting history,  no longer do you have a viable business.

This year, give yourself the gift of security.  Enlist a capable and responsible IT company to be at the ready when you need them. 

Better yet, give yourself the gift of preparedness and proactiveness.  Take the time to have your systems upgraded and cleaned up.  Create a plan of action for the New Year to extend the life of those precious machines.  Allow an IT professional to research the best equipment for your needs now and into the near future at the best price (because many are approved vendors and can get a better deal than you might). 

A viable IT company offers professional service and advice on:

  • Preventative Maintenance
  • Remote Patch Management
  • Equipment Purchases
  • Helpdesk and Support Services
  • On Call for Break/Fix Issues

As you, business owner, prepare for the annual holiday party, grant vacations and leave of absences, think about who’s taking care of your business while you are out running your business.   Have you checked with your IT guy to see if he’ll be around on Christmas morning for you if need be?  A back up plan of action is always a good idea.

A&J Computers Inc. has provided Helpdesk and IT support services for 21 years. 

Julie Settle

A&J Computers Inc.

Tags: , , , , , , , , , , , , , , , ,
Posted in Budget, Business, Customer Service, Equipment, General, Startups, Uncategorized | Comments Off

Back to Basics, Please… and Thank You

November 6th, 2010

Let’s face it …we’re all adults here. Truth be told, and I try to tell the truth as much as possible, some of us adults ain’t handlin’ email etiquette so good lately. And your business may be suffering because of it.

The top etiquette blunders are listed below for easy reference:

First things first:
Keep work email and personal email SEPARATE. There’s a variety of reasons to do this, and let’s just point out that there is a proper place for Aunt Sally’s “forward this to 8 friends now” message and also that your customer doesn’t need to know that your personal email address refers to you as captainunderpants@freeemailaddress.com . (BTW, there’s no need to test that address. I did and it goes nowhere).

Second:
Please keep tone and personality out of it – or make very sure it comes across – as intended.

Third:
How many emails do you receive a day? i can receive hundreds. When sending a professional message to someone, don’t expect them to remember the previous ‘conversation’. Confirm the meeting with date/time/reason. Another accepted method is to respond using the email with the conversation trail included. A little more work on the recipient’s part, but at least helpful.

Fourth:
Respect the privacy of others. We all send Group emails. No one needs to see everyone it went to. It’s also most likely considered an invasion of privacy. Do you want your home address plastered all over some mass distribution? Neither does anyone else. Use the BCC (Blind Carbon Copy) option which will shield the addresses.

Fifth:
Check, double check, and then triple check when forwarding emails to make sure that sensitive information from someone else is not included. I’m sure we are all guilty of this. It’s very embarrassing.

Sixth:
Keep the jokes at bay at work. Forwarded (again, personal) emails of jokes and photos are best sent to the personal account (read #2 again).

Seventh:
Step away from the attachments. No joke. Unless a document must be sent as an attachment and the recipient is aware that it is coming, just don’t do it. Attachments (like vermin) carry all sorts of malware, intended or unintended. A recipient’s box can quarantine the message, it can be sent to the Spam folder or it may just plain be manually deleted without being read.

Last:
Don’t send an album of photos (see #6). It’s better to upload to a photo album site and then let friends know about it.

And my personal pet peeve:
Check out the source of a ‘warning’ email before warning your friends and family. Websites like Snopes.com can truly help cut out a ton of life-saving emails with a little research effort on the sender’s part.

Thank you for your time today.

^ Julie Settle
A&J Computers Inc.

Posted in Business, Customer Service, General | Comments Off

It’s Customer Satisfaction That is Important

October 23rd, 2010

I recently heard someone speak on the topic of Customer Service and how important it is to improve and maintain it. True? Yes…to a point. What I think is more important than Customer Service is Customer Satisfaction. So what’s the difference?

Let me first explain that I work in a vertical that is largely unseen. You can’t really see what we do, when we do it, or how it’s done. That’s how the IT world works – unseen, off-hours…usually late at night or weekends. Basically it’s during the periods when you (the client) may be the least busy – at least online. Let me also say that we run a tight ship here. Never does a systems update, performance check, antivirus checks or clean up session get missed or overlooked. We sweat the technical details. It’s just what we do. And by the next business morning, when our client is back in their office, turning on their desktops, and opening up Outlook email and other necessary programs, everything boots up right on schedule and runs smoothly. And it used to be that because of that, every once in a blue moon, we get a call from a client telling us that our services were no longer required. And when asked, “Why”?, the answer was invariably, “Because everything always runs just fine.” Huh, go figure.

Now in this scenario, the client has received excellent service and is satisfied. Everything’s great, everything’s groovy for them. So where did we fail? We didn’t let them know that the reliability is courtesy of us. We worked ourselves out of a job. Customer service and satisfaction were there…just…not attributed to our efforts.

You bet we immediately took measures to change the way we interacted with our clients. We do a great job and we let them know on a periodic basis just what we did for them to get such great efficiency out of their network, website, email, Blackberry, hosted applications, remote back up, whatever. We make every effort to be proactive in our maintenance efforts. We know when something’s about to break and usually take care of it before the client ever knows it was a problem. And then we share that with them. And they are satisfied. And then so are we.

^ Julie Settle
A&J Computers Inc.

Posted in Business, Customer Service, General | Comments Off

Welcome to the A&J Computers Inc Blog. Here you will find our thoughts on technology trends and announcements.

#

Copyright © A&J Computers Inc., All Rights Reserved.