Microsoft SQL Server 2008 and 2008 R2 Approaching End of Life

What is SQL Server? SQL server is Microsoft’s relational database management system (RDMS) application. As its name suggests, it is used to manage the databases you use for your business. All of the programs your business depends on for management and productivity typically need access to a database. The data in this database is traditionally accessed through the RDMS. While there are several types of RDMS servers on the market, they typically have specific applications. SQL Server has been updated numerous times in the 11 years since SQL Server 2008 was introduced and the nine since 2008 R2 launched, with all types of additions for new dataflows and cloud resources. What Can You Do? Microsoft suggests that each organization chooses the modernization platform that best fits their company’s needs, but with so little time left before SQL Server 2008 and 2008 R2 lose support, it may be difficult to sufficiently modernize before the deadline. One (very attractive) option offered by Microsoft is that company’s utilizing SQL Server 2008 or 2008 R2 can move their existing databases to the Azure cloud and get support for three additional years. By migrating your SQL Server 2008 to the cloud (in Azure), Microsoft will continue to support your software through July 2022. This extended support gives organizations time to come up with a viable plan without having to move forward with unsupported software that could present a whole litany of security problems. If you are staring down the July 9th deadline, you may want to stop and act now. For more information about RDMS platforms and hosting, reach out to the IT professionals at SRS Networks today at (831) 758-3636.

Tech Terminology: API

When people talk about an application’s API, they often mean a web-based interface that returns data, but the API is actually just the code that governs the access point or points for the server. In fact, all an API does is facilitate the ability to get data from outside sources. It is effectively a door into a software. For the developer, the API is a way for their software to communicate with other pieces of software. This could have a myriad of uses. For example, if the database your application needs is structured outside of your development platform an API will allow developers to have a way to call on data from the database for use within the software they are developing. This allows developers to use data from other applications to integrate two pieces of software. Ever wonder why your favorite news site lets you sign in using your Facebook account? It’s because the developer of the news site uses the Facebook API to provide access to the content you are trying to access. The API is therefore extremely important for mobile application development. In fact, an API is one of a mobile application developer’s most crucial tools as it allows them to: Accelerate app development – An API allows developers to eliminate wasting time building specific integration methods. Increase an app’s functionality – An API provides access to data from other applications. Grow the app’s market – Tools with more integrations are more apt to be used. Now you have a cursory understanding of what it means when you hear someone talk about an application’s API. For more great content designed to help you better understand the technology you use every day, subscribe to our blog.

Prioritizing Network Security is a Must

Let’s Start with the Worst If you are interested in mitigating the risk that unauthorized access to your network can cause, you need to consider the worst-case scenario. The worst thing that can happen to any organization is to have their network breached and have their clients’ and employees’ personal and financial information stolen. This is on par with a fire ripping through your workplace or being caught up in a hurricane or tornado. It’s a slower death; and, with all the tools at your disposal today, it’s largely unforgivable, especially for the small business. Not only would you have to deal with the malware or attack that compromised this information, but you would also have to explain to your clients and employees that their personal, financial, and often medical data has been exposed. There is nothing that can deflate a company quite as fast as a data breach. You lose credibility, lose revenue, and soon, have to scale your business back just to stay alive. Then you are the company who laid off their workforce, further souring your reputation to potential talent. The slippery slope could all be avoided by instituting a comprehensive network security strategy, that includes software protection and training. What Needs to Happen to Avoid Tragedy A comprehensive network security strategy locks away the sensitive information behind stronger security solutions, like an enterprise firewall, making it harder to access if some unwanted entity does find its way onto your network. Additionally, you need to ensure that each member that has access to your company’s network has had threat awareness training. Teaching them about the threats that come from letting unauthorized actors onto your business’ network, can go a long way toward helping you avoid negative situations. We get how tough it can be on a business to invest in their network’s security, but with all the threats out there today, you have no choice. If you would like to talk to one of our knowledgeable technicians about how to implement network security that is right for your organization, call SRS Networks today at (831) 758-3636.

Unpatched Windows is Like Leaving Your Car Door Open in a Sketchy Parking Garage at Night with Wads of Cash in the Driver’s Seat

Why Are Windows Updates So Important? Microsoft Windows is complex software. It needs to be. In order to do everything, we need it to do every day, and work with everything we need it to work with, it contains a lot of features and capabilities baked in. The more complex your software is, the more chances there are that someone out there could find a vulnerability. This happens all the time, and when vulnerabilities are discovered, good software developers will quickly build an update that fixes them before they are exploited. That’s what Windows updates are. Sure, there are new features being added in many of the updates as well, but the security patches are what is truly critical. **Please note that sometimes it isn’t a good idea to just let Windows updates run automatically. Sometimes an update can break something else (like a third-party application or internal workflow). It’s best to test updates before deploying them across your network. Problems Get Exposed as they are Fixed Let me give you a more old-school example. Way back in the day, you used to be able to ‘hack’ a vending machine with fake coins called slugs. To combat this, new vending machines were created that had multiple sensors to measure and analyze the coin in real time to determine if it were real. When these new machines were released, they were also might newer looking than the old school, hackable vending machines. Word got out about how easily the older machines could accept a slug and encouraged people to seek them out to get free beverages. What can we take away from this? If you owned an old vending machine, you were at risk of being hacked. Older vending machines were targeted by people who knew that they were hackable, as opposed to the new vending machines that weren’t as easily exploitable. Risk increased as time went on if you owned an older vending machine. How often do you see vending machines that even take coins these days? I’m dating myself. When Microsoft releases security updates, this exposes the vulnerability to the world. This includes hackers. This means everyone is on bought time once an update comes out, because hackers know that not everyone will update. Older Operating Systems Have the Highest Risk If you are running a version of Windows (or any software) that has reached the end of its developmental and support life, you are playing with fire. For example, if you are still running Windows Vista (please, I hope you aren’t) then Microsoft’s mainstream support ended in April 2012. They offered extended support up until April 2017. Mainstream support is when Microsoft is still providing features, security updates, patching bugs, and more. Extended support is when Microsoft stops adding new features and only provides bug fixes and patches, and only provided that you are on the exact version of the software or operating system that Microsoft says they are supporting. Back to our example of running Windows Vista (my fingers crossed that this example is purely hypothetical and nobody is still using Vista), it’s pretty clear that Windows Vista was not the shining example of the perfect operating system and that by the end of life there were no flaws whatsoever for hackers to target. If you are […]

How to Make Your Workday Simpler

Utilize Themed Days This one comes from Jack Dorsey, the co-founder of Twitter and CEO of Square. By assigning each day a “theme”, you can determine when a newly assigned task should be completed immediately and gotten out of the way, or currently labelled a distraction and rescheduled for the appropriate day. Use Templates and Canned Responses Templates are an incredibly efficient tool to leverage when there is a task that requires repetition. Instead of redoing everything each and every time, a template simplifies your task by prepopulating the majority of what you need to share, leaving just the pertinent details for you to add. Canned responses serve a similar purpose, with the omission of the added details. This makes them ideal for out-of-office notifications, alerts, and other generic communications. By committing some time to writing them once, you can create a library to draw from as needed. OHIO – Only Handle It Once How often do you touch a task, only to put it down to deal with it later? How much time do you think you waste doing so? Instead of partially starting a task, only to postpone it until later, follow the OHIO (Only Handle It Once) method and handle it then and there. This could mean completing a task, delegating it as needed, reporting to the right person, or divvying it up onto your to-do list. Say No! Not everybody can do everything – in fact, nobody can. Therefore, you need to review your responsibilities and trim the fat, as it were. Take a look at your to-do list. If there’s an item on it that keeps getting pushed down, reconsider if that particular task is even necessary. The same can be especially true of meetings. While some can be very productive, many can be huge time sinks. This is especially true if attendees deviate from the agenda, if too much time was set aside for the meeting to take place, or if it isn’t really necessary at all. Finally, returning to the to-do list for a moment, consider making yourself a to-don’t list. Is there a task that you have found to be too much trouble than it is worth? Add it to your to-don’t list and avoid doing that task if you can help it. Cap Co-worker Interruptions Regardless of how good their intentions were, your co-workers can very quickly and easily become your biggest distraction in the office. While you may not always want to miss out on Jim’s latest round of Dad jokes or the latest gossip that Cathy has dug up, there will be times that you can’t be interrupted. Using your office’s chat system to give your colleagues the notice not to disturb you (while putting on oversized headphones) can help to maintain your focus by politely eliminating these distractions. Streamline Your Processes There are always those tasks that take longer than they really should, that force you to sink your valuable time into them when you could really better use that time doing something else. Instead of simply repeating these kinds of tasks over and over, it may be worth your time to investigate alternative means of doing things. Perhaps collaborating with other departments to create a better solution is your best bet, or even turning to other companies […]

“Paying the Ransom” Isn’t a Ransomware Defense

What Happened with SamSam You may recall the SamSam outbreak, which stretched from 2015-to-2018 and racked up $30,000,000 in damages across 200 entities. This large total was partially due to the fact that SamSam knocked out a few sizable municipalities, including the cities of Atlanta and Newark, the port of San Diego, the Colorado Department of Transportation, and medical records across the nation. The ransom demand sent to Newark gave a one-week deadline to pay up the ransom in Bitcoin, before the attackers would render the files effectively useless. In November 2018, then deputy attorney general Rod Rosenstein announced that two Iranian men had been indicted on fraud charges by the United States Department of Justice for allegedly developing the SamSam strain and carrying out these attacks with it. As Rosenstein pointed out, many of SamSam’s targets were the kind of public agencies whose primary goal was to save lives – meaning that the hackers responsible knew that their actions could do considerable harm to innocent victims. Unfortunately, those responsible have never been apprehended. How Some Cybersecurity Firms Just Pay the Ransoms According to a former employee, Jonathan Storfer, the firm Proven Data Recovery (headquartered in Elmsford, New York) regularly made ransomware payments to SamSam hackers for over a year. ProPublica managed to trace four payments made in 2017 and 2018 from an online wallet controlled by Proven Data, through up to 12 Bitcoin addresses, before finally ending up in a wallet controlled by the Iranians. This wasn’t a huge revelation to Storfer, who worked for the firm from March 2017 until September 2018. “I would not be surprised if a significant amount of ransomware both funded terrorism and also organized crime… So, the question is, every time that we get hit by SamSam, and every time we facilitate a payment – and here’s where it gets really dicey – does that mean we are technically funding terrorism?” According to Proven Data, they assist ransomware victims by using the latest technology to unlock their files. According to Storfer and the FBI, however, Proven Data instead pays ransoms to obtain the decryption tools that their clients need. Storfer actually states that the firm was able to build a business-like relationship with the hackers, negotiating extensions on payment deadlines – and the hackers would actually direct their victims to Proven Data. Another firm, Florida-based MonsterCloud, follows a few similar ‘strategies,’ according to ProPublica. In addition to paying the ransoms (sometimes without informing the victims), these companies then add an upcharge to the ransom payment. However, it becomes important to consider where the money that is used to pay these ransoms is actually coming from. In the case of SamSam, many of the victims received some kind of government funding, which means that – if the ransoms were paid – taxpayer money likely wound up in the hands of cybercriminals in countries hostile to the United States. Differing Accounts from Proven Data Recovery Proven Data provides the following disclaimer on their website: “[PROVEN DATA] DOES NOT CONDONE OR SUPPORT PAYING THE PERPETRATOR’S DEMANDS AS THEY MAY BE USED TO SUPPORT OTHER NEFARIOUS CRIMINAL ACTIVITY, AND THERE IS NEVER ANY GUARANTEE TO OBTAIN THE KEYS, OR IF OBTAINED, THEY MAY NOT WORK. UNFORTUNATELY, SOME CASES MAY REQUIRE THE PAYMENT OF THE DEMAND IN HOPES […]

NSA-Developed Malware Used in Third-Party Hack

Double Pulsar could be used to install additional malware on a target PC. At the time the threat could only be leveraged against 32-bit operating systems, but the Chinese-hacked tool struck later in the year versus 64-bit machines and newer operating systems. Symantec has found evidence that this threat was utilized, hypothesizing that the Chinese hackers built the tool after analyzing network traffic during a legitimate Double Pulsar attack. The possibility that the hackers discovered the threat through a different vector exists, such as stealing the threat from an unsecured server, but the fact remains that this sets a dangerous precedent for tools like these being taken and used against their intentions. It’s noteworthy to mention that the hacking group that utilized Double Pulsar is no longer active, but this shouldn’t mitigate the risks associated with it–especially since the tool is still out there for use by other threat actors. Thankfully, the Chinese tool also took advantage of a Windows vulnerability that has since been patched… so there’s that. This isn’t the first time that hacking tools utilized by the NSA were stolen and utilized by hackers. In 2017, a group called the Shadow Brokers stole and dumped several hacking tools online, which is where the name Double Pulsar was originally discovered. If anything, the revelation that this threat existed at some point in the past only further exacerbates the need for proper network security–especially state actors that take more liberties with the development of these types of tools. What are your thoughts on these developments and the possibility that these threats could be used to attack organizations like yours in the future? Let us know in the comments and be sure to ask us how you can secure your network from these threats. We have all kinds of tools at our disposal that can keep your business safe from harm. Call us today at (831) 758-3636 to learn more.

Tip of the Week: Simple Changes You Can Make to Make Work Easier

1. Show Up, and Be on Time (or Early) One way to ingratiate yourself with your new bosses, and make life easier at work is one of the simplest work strategies you can undertake. Just be there on time and be ready to work. Workers that show up early to work are typically viewed by management as more conscientious and nearly always receive higher performance ratings than their contemporaries. Fair or not, people who perform better late in the day aren’t viewed as favourably by their managers as people that come in ready to take the bull by the horns early and often. It goes without saying that people that miss a fair amount of work tend not to work anyplace for very long. This isn’t just because they don’t meet the demands of their schedule. Many organizations view those that perform satisfactorily at work but miss a fair amount of time with illness (diagnosed or otherwise), in a much less favourable light than people that are there on time every day and don’t necessarily perform at the same level. Like Woody Allen once said, “90 percent of life is just showing up.” 2. Schedule Yourself One Hour to Tackle Your Most Pressing Issues Working efficiently at the office can sometimes be a task in itself. There are so many times when your positive momentum is broken by emails, phone calls, visits for conversation, or IMs that you actually don’t produce as well as you are capable of. That’s why it is important to prioritize tasks, of course, but also to schedule yourself for an hour of uninterruptible work. Since most offices utilize some type of scheduling program to manage time, scheduling yourself for an hour early in the day has been proven to make people more productive. The best strategy is to start taking some proactive steps to avoid distractions. The first is to ensure that people know you will be unavailable for an hour every morning. Direct communication with your contemporaries is essential for this strategy to work. Another strategy to take is to understand that the technology that we all typically ignore, like the “do not disturb” button on your phone, works, and can be used for your benefit. By actually using the tools you already have that are designed to help people avoid distractions, it will be much easier to actually avoid them. 3. Stop Listening to Music to Focus The office can sometimes be a hectic place. This is especially true if you work in an open office. It might feel like you need to listen to music to get anything done. This is actually a non sequitur since you are just choosing the method of your distraction. IT consultants may seem that it helps you to get stuff done faster, but research shows this simply isn’t true. One prominent neuroscientist suggests that instead of listening to music while you try to be productive, listen to some beforehand so that you are relaxed and in a good mood. Music allows you to mentally put away some of the things that may distract you from any given task before you undertake it. 4. Wrap Up Your Day by Scheduling Tomorrow Sometimes, the end of the workday can’t come soon enough. The anticipation to get out of […]

Google Docs Working on Office Support

How it Worked In the Past Office files could technically be edited in Google Docs before, but they had to be converted into a Google-friendly file format. Once the conversion is finished, Google’s collaboration tools can be used to edit and comment on the file. There was also the option to use a limited toolset through Office Compatibility Mode. Unfortunately, this method isn’t particularly convenient, especially for businesses, where extra steps means extra time spent on something that adds up in the long run. For the sake of collaboration and compatibility, Google is working on native support for some of the Microsoft-exclusive file formats, which is a considerable development to say the least. According to Google, its programs will be compatible with the following file formats: Word filetypes: .doc, .docx, .dot PowerPoint filetypes: .ppt, .pptx, .pps, .pot Excel filetypes: .xls, .xlsx, .xlsm, .xlt Other Collaborative Google Updates In addition to Microsoft’s various file types, Google intends to include similar features that will be implemented through Dropbox Business. What Does This Mean for Your Business? The one big way that this could affect your business is through enhanced collaboration. You should still keep your internal solutions standardized, but the one big takeaway from this is that, if you were to use Google for your operations, you wouldn’t have to worry that your solution isn’t compatible with other solutions on the market. Of course, whether Microsoft gets the hint and makes a similar move is yet to be determined. SRS Networks can equip your business with any solution it needs to stay competitive and productive. To learn more, reach out to us at (831) 758-3636.

Even Cities Aren’t Immune to Ransomware

These numbers, by the way, come from a cybersecurity firm, as neither the federal government nor the Federal Bureau of Investigation track these kinds of attacks. As of May 10, of this year, there were 22 known attacks on the public sector. Unfortunately, there are likely more that we just don’t know about yet, as reports of these attacks usually crawl in months or even years after the fact. March Attacks March saw a few ransomware attacks on municipalities. The sheriff’s office in Fisher County, Texas, was infected and couldn’t connect to a state law enforcement database as a result. In Albany, New York, the capital city quietly announced that it had been victimized by a Saturday ransomware attack – a tactical choice on the part of the hackers, as there would be nobody there to fight back on the weekend. While the city initially gave an understated account of the attack’s effect, the real problems were much larger than a few belated marriage licenses and birth certificates. In addition to the clerical delays, the ransomware attack had also impacted the Albany Police Department’s systems. As these systems are effectively entirely digitized, the department was left without their incident reports, crime reports, and even their schedules. April Attacks April saw the entirety of Genesee County, Michigan’s tax department shut down by ransomware for most of the month. The infection has since been removed. May Attacks May has been exemplified by the complete shutdown of Baltimore, Maryland, due to an attack using a ransomware known as RobinHood. As a result of this attack, government emails can’t be sent, payments to city departments are on hold, and real estate transactions have been paused. While RobinHood leverages a notoriously powerful algorithm – even the National Security Agency may not be able to break it, according to cybersecurity expert Avi Rubin – it doesn’t help that Baltimore was also using outdated hardware and software. Baltimore City Mayor Jack Young has already gone on record to state that the city will not be paying the ransom of 13 Bitcoins, or approximately $100,000. Instead, the FBI and Secret Service have been called in, along with assorted cybersecurity experts. Despite these resources, the city isn’t expected to recover for months. Rubin provided some insight into why not paying the ransom is the right call for Baltimore, pointing out that if nobody paid the demanded ransoms, these kinds of attacks would quickly go out of fashion. However, many companies struck by ransomware will quietly pay up. Analysis has found that a full 45 percent of affected organizations ultimately pay the ransom to try and get their data back, while 17 percent of state and local governments will fork over the demanded cash. At SRS Networks, we have some experience in dealing with these kinds of things, which means we can confidently agree with the actions of Mayor Young and the statements made by Rubin – paid ransoms only encourage future ransomware attacks. What’s worse, what guarantee is there that any data will be restored even after payment is made? No guarantee at all. That’s why we’ve dedicated ourselves to assisting business users in protecting themselves against ransomware. Give us a call at (831) 758-3636 to find out more.