Unsupported software systems: Microsoft shuts down support for Windows 8.1, upgrade to Windows 10 ends today.

Unsupported software systems: Microsoft shuts down support for Windows 8.1, upgrade to Windows 10 ends today.

New York, NY – Microsoft’s Windows 8.1 is essentially a dead operating system. Microsoft ended mainstream support on January 9th. There will be no new features, or bug fixes. There is a last-ditch upgrade to Windows 10 via the Microsoft assistive technology loophole, but it ends today January 16, 2018.

All software has a lifecycle. It gets developed, released, updated, and eventually completely over written for a newer version. There is nothing to stop you from using unsupported software, but the dangers are huge.

Basically the unsupported software has no further updates, no bug fixes, no technical support, then there are the security weaknesses, and security bugs that can be exploited by hackers. We have seen ransomware attacks that are designed to target unsupported software systems. Ransomware systems like Wanncry and Petya have been very active in this field.

Unsupported Software Risks

Bottom line

If your version of any software system is no longer supported, you are putting your business at risk.

Devices connected to your network are more integral to your business then you think. Which means that a virus on any device could cause a major business disruption.

Although you can believe you can accept the risk of running unsupported software, you should treat it as a temporary strategy.

Unsupported software systems will expose your corporate network to cyberattacks. The cost and resources required to replace unsupported software will be much greater then making sure your software is supported. The perceived cost and impact of an adverse event caused by the unsupported software is huge, and can possibly put your organization out of business.

If your organization has decided to allow the use of unsupported software, senior management should fully understand the risks, and they should establish a policy for preventing unsupported software on its network. Such a policy must be part of the business risk management plan. It should specifically identify resources and earmark funding to implement the policy.

What can you do?

1) Inform senior management about the risks of running unsupported software.
2) Establish a corporate wide policy for preventing unsupported software use on your networks.
3) Ensure the corporate wide policy aligns with your corporation’s risk management plan.
4) Identify resources and earmark corporate funding to implement the policy.
5) Contact Adept Technologies: www.adepttech.com.

We at Adept Technologies have replaced numerous unsupported software systems in our industry.

Contact us today to see how Adept Enterprise can help your organization.

Call us toll free 1-888-392-9623

Meltdown and Spectre Vulnerabilities

Meltdown and Spectre Vulnerabilities

New York, NY – We at Adept Technologies have already updated all of our server systems at our datacenters and offices for the Meltdown and Spectre Vulnerabilities. We have already sent out updates to our “on-premise” software systems that support the fixes being released by OEM vendors.

For our “off-premise” solutions over the last ten years we at Adept Technologies have invested large sums of money in having our own hardware and datacenter spaces. We do not use Amazon, Google, Microsoft Azure or any other 3rd party “cloud” service providers and we never will. We do not use VMware or any other Hypervisor based technology. Unlike other technology companies that leverage these services to reduce their costs with your data, we are not like them, and you are safe with us.

We have added information based on outside sources on what is Meltdown and Spectre Vulnerabilities, it is listed below.

Adept Technologies Datacenters

What are Meltdown and Spectre?

Three critical vulnerabilities were recently identified by independent teams of security researchers. The three vulnerabilities, collectively dubbed Meltdown and Spectre, impact all Intel CPUs built in the last 10 or so years – which is quite a significant number of devices. These two vulnerabilities enable a malicious user LAN application to read the protected kernel memory of other processes (Meltdown) and applications (Spectre). This could include things like passwords, personal documents, and credit card data.

Who is affected by this?

Almost everyone, especially Cloud Server providers. Meltdown exclusively impacts Intel processors. So, if you have an Intel CPU you’re impacted. Spectre on the other hand impacts Intel, AMD, and ARM processors. Combined, the list of vulnerable devices includes PCs, Macs, Android and iOS devices, and smart devices – all of which run a potential vulnerable CPU.

How are they exploited?

Exploitation occurs through the execution of malicious untrusted applications. Proof of concept JavaScript code has been released for Linux. This means that all a victim has to do is visit a website that has been compromised. Spectre is a more difficult vulnerability to exploit, and to this point no proof of concept code has been seen in the wild.

What do they do?

The vulnerabilities enable an attacker that has gained access to the device to be able to defeat the barriers between the memory space of user-land (normal) processes and kernel process. This effectively enables a malicious application to read portions of kernel memory, which often contains data prior to being encrypted, processed, and sent to a socket.

How do I protect myself?

Update your software! Microsoft, Apple, Google, and other vendors have released patches to mitigate the risk Meltdown. If an update is available for your platform, install it. Intel has also announced that 90% of the CPUs released within the last 5 years will have a patch available by next week, which should mitigate the impact of Spectre.
Outside of software updates, use sound fundamental security principles when accessing the Internet. Avoid downloading an executing files from untrusted sources, and avoid visiting unknown sites.

More talent … Less technology

No one is safe from internet attacks, and A.I. defenses can’t help, Google security veteran says (https://www.cnbc.com)

Technology

A cybersecurity expert who has protected Google’s systems for 15 years said Monday no one is safe from internet attacks and software powered by artificial intelligence can’t help defend them.

Heather Adkins, director of information security and privacy and a founding member of Google’s security team, also advised consumers not to put sensitive personal information in their online communications.

“I delete all the love letters from my husband,” Adkins told several thousand people gathered for TechCrunch Disrupt 2017, a technology conference in San Francisco, after telling them “some stuff” like personal information shouldn’t be put in emails.

Network attacks “can happen to anyone … anywhere,” Adkins said during an onstage interview in which she urged startups to assume they would get hacked eventually and to prepare a response plan.

Google has said that more than 1 billion people use its Gmail program.

Adkins’ remarks came several days after the credit-monitoring firm Equifax revealed what may be the largest data breach to date.

Adkins explained that AI-powered security software is not particularly effective at stopping even 1970s-era attack methods, let alone more recent ones.

“The techniques haven’t changed. We’ve known about these kinds of attacks for a long time,” Adkins told the crowd, pointing to a 1972 research paper by James Anderson.

While AI is very good for launching cyberattacks, it’s not necessarily any better than non-AI systems for defense — because it produces too many false positives.

“AI is good at spotting anomalous behavior, but it will also spot 99 other things that people need to go in and check” out, only to discover it wasn’t an attack, says Adkins.

The problem in applying AI to security is that machine learning requires feedback “to learn what is good and bad … but we’re not sure what good and bad is,” especially when malicious programs mask their true nature, she said.

When asked what advice she would give to businesses to keep their networks safe, Adkins advised “more talent … less technology.”

“Pay some junior engineers and have them do nothing but patch,” she said.

…….Continue reading at https://www.cnbc.com

My Two Cents: I agree to disagree. The future reality is AI is here to stay and expand. Talented humans are needed to maintain, and help design the AI systems. The expansion of the Internet is alarming, and my thoughts right now are out on if this is a good thing or a bad thing. Back in the 1990s I thought it was a good thing when I lead the development of placing mechanical systems on the internet as a way of tracking and increasing productivity. I now believe this was wrong, based on the security risks that have exploded. AI is needed, we just do not have enough talented humans for the tasks at hand….

Facebook security boss says its corporate network is run “like a college campus”

Facebook security boss says its corporate network is run like a college campus (http://www.zdnet.com)

Technology

In July of 2017, Alex Stamos Facebook’s Security Chief told employees in a conference call that the company isn’t doing enough to respond to growing cyber threats: in fact, with Facebook’s “move fast” mantra, the vault that stores the keys to a billion lives is (deliberately) run like a college campus, but has the threat profile of a defense contractor, he said.

The threats that we are facing have increased significantly, and the quality of the adversaries that we are facing. Both technically and from a cultural perspective, I don’t feel like we have caught up with our responsibility.

The way that I explain to [management] is that we have the threat profile of a Northrop Grumman or a Raytheon or another defense contractor, but we run our corporate network, for example, like a college campus, almost.

We have made intentional decisions to give access to data and systems to engineers to make them ‘move fast,’ but that creates other issues for us.

The comments were part of an internal talk to employees during which he discussed the challenges Facebook had with keeping its networks secure, amid a growing danger of state-sponsored actors and advanced persistent threats, which in some cases have near-limitless resources.

For his part, Stamos, when reached, said that he had used the “college campus” line several times internally to describe challenges that the company faces, and used it as a figure of speech.

“My team runs network security for the company, and of course we secure it thoroughly,” he said Thursday.

Stamos denied that the comments were a criticism of the company’s management. “They care a great deal,” he said. “It’s not a criticism of anybody, just a statement of why our team needs to be creative in how we protect our corporate network.”

…….Continue reading at http://www.zdnet.com

My Two Cents: I would locate the Facebook employee or contractor that tapped this phone call that leaked this information to zdnet. Cyber Security teams are facing very tough challenges. The bad guys can be wrong multiple times, the Cyber Security teams cannot be wrong once… but we can all learn from our mistakes. I am sure the next conference call will be secure.

North Korea Escalating Cyber-Attacks

North Korea Escalating Cyber-Attacks With Little Fear of Retaliation (http://www.eweek.com)

Technology

Online attackers from North Korea reportedly stole confidential military documents, including war contingency plans drawn up by U.S. and South Korean forces. Without any downside, such attacks will continue, security experts say.

The data, part of a massive haul of 235 gigabytes taken during an intrusion spanning the months of August and September 2016, was only recently identified as the South Korean government pieced together what was taken.

Lee Cheol-hee, a South Korean lawmaker and member of the parliamentary defense committee, said that attackers had infiltrated the Defense Integrated Data Center, according to The Washington Post. The stolen data includes war plans and a scheme to assassinate North Korean dictator Kim Jong-un in the event of war, according to the South Korean lawmaker. The attack happened last year, but only 20 percent of the documents have so far been identified.

…….Continue reading at www.eweek.com

My Two Cents: I read that the documentation stolen was located in a network not connected to the internet. That a so called maintenance port was accessed with a laptop that acted as a go between the North Koreans and the South Korean systems. I am shocked that such a high classified network did not alert the South Koreans that a unknown device had attached itself to their system and was accessing data. But of course spies have access if they are already in the inside and are authorized access. I would review all the authorized user access records and locate the spies within the organization…. but then again don’t believe what you read…