Less Poking Around?

Google Seeks Patent on Needle-Free Blood Drawing Tech!

Google has filed for a patent on needle-free blood-drawing technology, described in a USPTO application published last week.

Application 20150342509 suggests four potential implementations of the technology, including its use in a device that has an evacuated negative-pressure barrel with a membrane sealing an aperture at the far end containing an accelerator barrel.

Upon activating a trigger, pressurized gas would shoot a microparticle within the accelerator barrel to subsonic speeds. The microparticle would consist of nano-sized gold particles bound with a biodegradable matrix consisting of polylactic-co-glycolic acid. That microparticle would pierce the membrane and a user's skin, drawing a drop of blood, which would be sucked up by the negative-pressure barrel.

The apparatus could be incorporated in a handheld or wearable device.

"Serving the diabetic community would be advantageous, both for Google, due to the size of the market, and for patients, for its ease of use," said Shane Walker, a medical technology analyst at IHS.

By Richard Adhikari

Email us: sales@ripeva.com

Call us: 563-213-4015

Toy company Hacked!

Information on more than 200,000 children has been Hacked and stolen!

VTech is the hacked maker of electronic toys and apps that leaked the data of 4.8 million customers, including hundreds of thousands of children, exposed gigabytes worth of pictures and chat histories on the same compromised servers. According to an article published on Motherboard, the website that first broke news of the breach, over 200,000 children's pictures and information has been stolen.

The Motherboard news site said a hacker who asked to remain anonymous was able to download almost 200 gigabytes worth of photos of both parents and children who had registered with the toy site. The hacker also obtained logs of chats conducted between parents and their kids and in some cases recordings of conversations. VTech encouraged parents to take the headshots and use them with apps that allow them to interact with children. The hacker, who said he didn't intend to publish or sell the data, provided Motherboard with 3,832 image files and at least one audio recording for verification purposes.

Source: 

Arstechnica

Email us: sales@ripeva.com
Call us: 563-213-4015

Windows 10 pulls update as concerns about bugs grow.

Windows 10 update mysteriously pulled!

The Downloadable versions of Windows 10 (version 1511), the November 2015 update have been removed after their release earlier this month.

Microsoft let people download the full copies of the installer using the Media Creation Tool (MCT). Media produced with the MCT can be used to perform both upgrades and clean installations and it's especially convenient when updating multiple systems. This ensures that only a single download is required. But the version 1511 MCT has been removed and replaced with the original July version. Systems can still be upgraded to the November update, but direct installation is no longer possible. Instead, the original RTM version must be in stalled and the upgrade to 1511 performed through Windows Updates.

This has become inconvenient. The ability to install 1511 on clean systems is quicker than going via the RTM version. It means on large download instead of two. Upgrading multiple systems with the MCT is also obviously preferable. It's mysterious because it's not really clean why the 1511 installer has been pulled.

Source:  Arstechnica T

Email us: sales@ripeva.com 
Call us: 563-213-4015

The Cryptowall Ransomware has Returned!

Intronis Industry and Tech Blog

CryptoWall returns for another round with CryptoWall 4.0

The gold standard in ransomware, CryptoWall, is making the rounds again with a new 4.0 release. In this revision, there are some pretty important changes that are going to make life more difficult for both infectees and security researchers looking to counter the software’s malicious activities.

If you aren’t already familiar with it, CryptoWall is a piece of software that falls under the category of “ransomware.” Ransomware products encrypt data on an infected system, preventing access until some amount of money is paid. The ransom for files is generally in the neighborhood of $500 but could be more or less depending on the developer. In most cases, the malware drops a list of targeted file types, such as .docx or .ppt, and attacks those. Once the files are encrypted, a message is displayed to inform the system’s user of the attack and how to pay the ransom.

Cryptowall 4.0 follows most of the “standards” for this type of malware. It uses the RSA-2048 algorithm, which is used by most major ransomware and is functionally unbreakable with current technology. It communicates with command, control, and communications (C3) systems using RC4 encryption, and communicates with its victims to collect the ransoms via the TOR browsing utility. It spreads via spam emails and so-called “drive-by downloads.” It also wipes shadow copies and disables system restore and startup repair, and network drives and local drives can both be affected.

What’s different about CryptoWall 4.0?

Where Cryptowall 4.0 differs is that it now encrypts the filenames as well as the files themselves, making it nearly impossible to identify which files are which. Previous iterations only encrypted the data within the files, not the filenames.

Additionally, the splash screen and ransom notes have been updated. Now, in addition to the usual instructions on how to pay for the decryption key and new filenames in each folder directory storing affected files, the ransom notes contain language that mocks the victim more than previous iterations.  Lastly, it seems that this version no longer uses the I2P protocol for communication, unlike version 3.0.

Recovering from CryptoWall 4.0 is essentially the same as in past versions: You either have to pay the ransom or restore from a backup. There’s no other way around it.

For more information on this variant, the helpful folks over at the BleepingComputer forums areactively peeling this bug apart, and they have a fantastic guide on removing the ransomwarehere.  For more information on ransomware, feel free to check out our Cybersecurity Resource Center or download our new e-book, The MSP’s Complete Guide to Cyber Security.

Call us : 1-855-974-7382  or Email us : sales@ripeva.com

Understanding the role of Information Technology in Regulations, Legislation, and Guidance

Technology has made implementations for small to midsize business more affordable than ever. With the technology implementations constantly evolving, the understanding of regulations and legislation for a particular business has become difficult and in some instances unmanageable for organization users that wear multiple "hats". Legislative bodies have been formed to assist with the requirements needed to maintain your business and minimize liability to you and your clients.

This post serves as an entry point for you to meet the legal technology related requirements for operating your business.

Industry	Standards and Legislation
Federal Government (non-DOD)	FIPS 199, 200, FISMA, NIST 800 Series, OMB A130 Appendix III
Department of Defense and other National Security Systems	DoD 8500.1 & 8500.2, DCID 6/3, DITSCAP,DIACAP
Health care	HIPAA, PCI
Financial institutions	GLBA, PCI
All publicly held organizations	Sarbanes-Oxley
Utilities	NERC,WISE
Education	FERPA, PCI

If you need further assistance with Information Technology compliance needs, please contact us to schedule a free consultation. We look forward to helping you maintain your business independence.

Call us : 1-855-974-7382

Mail us : sales@ripeva.com

5 Questions you should Ask Before Moving Email to the Cloud

Companies need the flexibility to deploy services in a private or public cloud depending on their unique needs or industry compliance requirements. In order to maximize flexibility and minimize the total cost of ownership.

If you are considering moving your email to the cloud, there are several questions to ask when deciding on which solution is right for your and your organization.

1. Can users access email both online and offline and on any device?

2. Is the platform based on an open, extensible standard?

3. What level of management support and security does your company require?

4. Does the vendor build on a modern, distributed and highly salable model?

5. What are your total costs, including software, infrastructure and operating expenses?

Cloud-based email solutions help companies meet growing expectations as well as cost reductions. It’s the next step for companies, and it’s one that will reward both employees and the bottom line.

If you need assistance, more information, or would like to schedule a free consultation, please give us a call at (855) 974-7382.  We look forward to helping you meet your needs.

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) was designed to improve the efficiency and effectiveness of the health care system and requires many things, including the standardization of electronic patient health, administrative and financial data. In response to the original HIPAA law, Health and Human Services (HHS) published an additional regulation referred to as the Privacy Rule that relates directly to organizations involved in health care operations that transmit health information electronically.

Typical organizations covered by HIPAA include:

• health plans
• health care clearing houses (billing companies);
• health care providers (“covered entities”) that transmit health information electronically; and
• their business associates

The HIPAA Privacy Rule:

• Establishes conditions under which PHI can be used within a Covered Entity and disclosed to others  outside that entity;
• Grants individuals certain rights regarding their PHI;
• Requires that Covered Entities maintain the privacy and security of PHI.

HIPAA also establishes security and privacy standards for the use and disclosure of “protected health information” (PHI).

Security Testing Tip: ShieldsUP

The Gibson Research Corporation is a world renown organization and has freeware tools available to help you assess your public facing security. ShieldsUp is a tool that helps you identify areas of concern on your router.

Please visit their website to test your Internet connectivity security: https://www.grc.com/intro.htm.

• NOTE: RIPEVA is not affiliated with the organization in anyway. This post is for information purposes only.

Security Fundamentals: What is access control?

Access control provides the mechanism for ensuring that only authorized personnel can access certain organizational information.

• NOTE: As the value of the information to the organization increases, more strict access control mechanisms are needed.

Top 3 Open Source CRMs

1. SugarCRM Inc. is the 800-pound gorilla in the open-source CRM category. Founded in 2004 by John Roberts, Clint Oram and Jacob Taylor, the Sugar open-source code has been downloaded more than 3 million times. The company has received $26 million in venture financing and employs more than 100 people. More than 12,000 companies use SugarCRM including Honeywell International, Starbucks Corp., First Federal Bank and BDO Seidman LLP. SugarCRM is written in PHP and is compatible with the MySQL database.

2. SplendidCRM Software Inc.'s development team formed in November 2005. The application is built on the Microsoft platform (Windows, ISS, SQL Server, C# and ASP). Designed for system integrators, SplendidCRM allows administrators to add user-customizable features such as .NET 2.0’s Themes, Web Parts and AJAX. SplendidCRM is positioned as a competitor to SugarCRM, as the two applications share many of the same features. For instance, both offer an Outlook plug-in and the ability to add custom fields.

3. CentricCRM has been around for seven years and has achieved a great deal of stability and robustness. In June 2007, CentricCRM (renamed Concursive as of December 2007) received investment funding from Intel Capital, the venture capital arm of Intel Corp. CentricCRM is aimed at the small-business market, although it has scaled up within Fortune 500 companies. Its more complex features can be turned off if they are not needed, and the administrative console allows for a great deal of customization. The free version comes with five user licenses. Centric CRM is written in Java and is compatible with MySQL databases.

What is a CRM?

1. Customer relationship management (CRM) is a system for managing a company's interactions with current and future customers. It often involves using technology to organize, automate and synchronize sales, marketing, customer service, and technical support.

What is a Power User in Windows

A member of the Power Users group may be able to gain additional rights and permissions on your computer, and may be able to gain complete administrative credentials. A member of the Power Users group may also be able to expose your computer to other security risks, such as running a virus or running a Trojan horse program.

By default, the rights and permissions that are granted to the Power Users group include those rights and permissions that are required to allow members of the Power Users group to modify computer-wide settings, to install drivers, and to run (or install) non-certified programs. For example, a member of the Power Users group could install a malicious program or a DLL, and then cause the administrator or a system service to run the malicious program or the DLL. By using this technique or other techniques, the member of the Power Users group may be able to gain additional rights and permissions on your computer, including complete administrative credentials.

To help prevent this problem, use these methods: 
Do not use the Power Users group.
Deploy certified Microsoft Windows 2000 or Microsoft Windows Server 2003 programs in your enterprise. Programs that are certified for Windows 2000 or Windows Server 2003 are written to avoid requiring unnecessary access or administrator-level credentials.

The Power Users group is a built-in local group that primarily provides backward compatibility for running non-certified (or "legacy") programs. However, members of the Power Users group can also change COM object registrations, change file associations, change Start menu shortcuts, and install drivers for hardware devices. For additional information about the default rights and permissions that are granted to members of the Power Users group, visit the following Microsoft Web sites.

Wiping Out Blackberry Data

To perform a manual wipe of your BlackBerry, you will need to do the following:

- On your main screen, click on Options
- Click on Security Options
- Click on General Settings
- On the Password field, press the options button and select wipe handheld
- You will be prompted to enter "blackberry" (no quotes) to confirm system wipe

** RECOMMENDED TO BE DONE FOR THE FOLLOWING:
- Resale of the Blackberry
- Recycling/Disposal of the Blackberry
- Sending the Blackberry in for service

How to fix Windows Update...

The following script is to reset the Windows Update service on a Windows based machine.


@ECHO OFF
REM ---------------------------------------------------------------------------
REM AUTHOR: Peter A. Koshakji
REM DATE: 6/15/2009
REM Batch file to fix the Windows Update Service Server 2003
REM Examples: Failed Installs/Blank Screen/Active X Issues.
REM Operating Systems: Server 2003 (Standard/Enterprise/Web/Datacenter)
REM http://support.microsoft.com/kb/555989
TITLE Fix Windows Update Service
COLOR 0e
ECHO Reregister DLL files for the windows update service.
regsvr32 c:\windows\system32\vbscript.dll
regsvr32 c:\windows\system32\mshtml.dll
regsvr32 c:\windows\system32\msjava.dll
regsvr32 c:\windows\system32\jscript.dll
regsvr32 c:\windows\system32\msxml.dll
regsvr32 c:\windows\system32\actxprxy.dll
regsvr32 c:\windows\system32\shdocvw.dll

REM Stop the Windows Update Service
net stop wuauserv
REM Start the Windows Update Service
net start wuauserv

REM Stop the Cryptographic Service
net stop cryptsvc

REM Remove the folder \Windows\System32\Catroot2
rmdir /s C:\Windows\System32\Catroot2

REM Rename the \Windows\SoftwareDistribution folder.
move /y C:\Windows\SoftwareDistribution C:\Windows\SoftwareDistribution-backup

REM Start the Cryptographic Service
net start cryptsvc

ECHO Reregister DLL files for the windows update service.
regsvr32 Softpub.dll
regsvr32 Mssip32.dll
regsvr32 Initpki.dll
regsvr32 softpub.dll
regsvr32 wintrust.dll
regsvr32 initpki.dll
regsvr32 dssenh.dll
regsvr32 rsaenh.dll
regsvr32 gpkcsp.dll
regsvr32 sccbase.dll
regsvr32 slbcsp.dll
regsvr32 cryptdlg.dll
regsvr32 Urlmon.dll
regsvr32 Shdocvw.dll
regsvr32 Msjava.dll
regsvr32 Actxprxy.dll
regsvr32 Oleaut32.dll
regsvr32 Mshtml.dll
regsvr32 msxml.dll
regsvr32 msxml2.dll
regsvr32 msxml3.dll
regsvr32 Browseui.dll
regsvr32 shell32.dll
regsvr32 wuapi.dll
regsvr32 wuaueng.dll
regsvr32 wuaueng1.dll
regsvr32 wucltui.dll
regsvr32 wups.dll
regsvr32 wuweb.dll
regsvr32 jscript.dll
regsvr32 atl.dll
regsvr32 Mssip32.dll

PAUSE

OSI Mnemonics

OSI Mnemonics for the OSI Model1. Physical
2. Link (i.e. Data Link)
3. Network
4. Transport
5. Session
6. Presentation
7. Application

OSI Mnemonics 1-7 of the OSI Model P,L,N(D),T,S,P,A
- Please Do Not Take Sales People's Advice
- People Don't Need This Stuff Presented Anyway
- People Design Networks To Send Packets Accurately
- Please Do Not Throw Sausage Pizza Away