Monthly Archives: January 2014

10 Tips to Make a Secure Password

secure passwordHaving received a funny but rude post about passwords (email me at glyn@cmx.co.uk if you don’t mind and want to laugh) It reminded me that I haven’t published anything about passwords recently.
 
Regardless of whether you’re using a client PC, a server, a tablet, a smartphone, or any other digital device to access information, choosing strong passwords for the programs and services you use is essential. While a weak password may not always be the primary cause of IT services getting hacked, it can contribute greatly to the scope and severity of a hacking attempt.

To help you make the most secure passwords possible – both for administrators and for end-users – I’ve assembled ten bits of advice that should improve the strength and effectiveness of your passwords. Each of these suggestions don’t provide enough security on their own, so I’d strongly suggest adopting as many of these tips and techniques as possible.
 
There are several third-party applications that can help you automate and enforce password policies or allows users to reset their own passwords, like ManageEngine’s ADSelfService Plus and Specops Software’s Password Reset tool.
 
1. Adopt a password change policy
One of the best defenses against stolen passwords is to frequently change the passwords being used. There’s always a balance between security on one hand and usability on the other, so forcing passwords changes too often can lead to an excessive burden on users. Who wants to be forced to change their passwords every few weeks? Enforcing password changes every six months provides a good balance between frequency and security.
 

2. Use caps and special characters
Passwords that consist solely of traditional text characters can be easier to guess and hack by attackers. For example, a password like “waffle” can be easier for an attacker to guess using brute force methods, but something like “waff!E” would be much more difficult and time consuming to crack.
 
3. Avoid common words
It’s a tired old joke in IT circles: Many users adopt some of the most obvious and most insecure words for their passwords, ranging from the ubiquitous “password” to using their first names, name of their company, or the brand name of the monitor they were staring at when they came up with the password. A password policy that doesn’t allow users to use common, easily guessed words like “password” can help improve security substantially.
 
4. Develop a nonsense phrase
Some of the best passwords are based on nonsensical phrases that only make sense to the user that created them. For example, if the user has a dog named Ranger that likes to catch Frisbees, creating a password like “dograngerfrisbee” will be easy for the user to remember, but hard for attackers to easily crack using brute force methods or by guessing.
 
5. Enforce a minimum password length
In addition to comically simple passwords like “password” and “beer,” another common problem with many passwords are that they’re simply too short. “ABC” and “123” may be easy to remember, but they’re equally as easy for attackers to compromise. Enforcing a minimum password length of at least eight characters is yet another way to increase the complexity of assigned passwords.
 
6. Don’t share passwords
In this era of shared cloud services, sharing a common password can be an security Achilles heel into any organization. The marketing department may be using a SurveyMonkey account to generate web surveys, but multiple users use that one account. We’ve all seen sticky notes with passwords affixed to monitors, so work with your HR department to make sure that users know the importance of keeping passwords limited to only people that needs access. If a passer-by can easily spot and use a password in a public place, you have to assume that someone with more malevolent intent could see it as well.

    

7. Create unique passwords for each service
One of the ways that password breaches can become exponentially more damaging is if users are employing the same password on multiple services. If an attacker gains access to one service – say the corporate Facebook account – then he or she could potentially reuse that username and password combination on dozens of other cloud services.
 
8. Use a password management service
Sometimes the best approach to password complexity issues is to use a password management services like KeePass, Kaspersky Password Manager, or LastPass.
All of these password managers follow the same basic idea: Rather than having to remember all of those individual passwords, the password manager does that for you, automatically filling passwords in when needed. The only password you need to remember is the one to the password manager itself.
 
9. Adopt two-factor authentication
Outside of following all the steps described above, sometimes the most secure approach is to adopt two-factor authentication in conjunction with strong passwords. This requires users to enter a code generated by a separate application or device in order to login. These can take the form of something like RSA’s SecurID two-factor authentication token – a small hardware device that randomly generates an authentication code – to a software application, such as the two-factor authentication app that you can configure for Google Mail.
 
10. Use a biometric fingerprint scanner
Biometric hardware has advanced significantly in the past few decades, so authentication methods which once seemed like science fiction – the ability to scan fingerprints, analyse typing patterns, or recognize a users facial features – are now a reality. One of the most widely used biometric devices is a fingerprint scanner, which does exactly what the name implies: The user swipes her fingertip across the scanner to have her fingerprint read and to gain access. Major PC hardware vendors such as Dell, HP, Toshiba, and Lenovo offer laptops with integrated fingertip scanners, and several vendors 
sell stand-alone scanners that can be connected to any PC.

 

 
 

 

Import Facebook events into your Outlook calendar

Find out how to view special events such as birthdays stored on the Internet in an Outlook calendar on your local system.
 candles-birthday-cake.jpg
 
There’s a ton of information on the Internet, and thanks to Outlook, you can access some of it locally. Using Outlook’s Internet Calendars, you can synchronize special events stored on the Internet in your local copy of Outlook. Fortunately, the process of linking to these sources is easy.

About Internet Calendars

Before we launch into an example, here’s an overview of these special calendars. Internet Calendars are calendars that we view on the Internet. They’re based on a global standard that allows us to exchange information without consideration for the hosting application. These files use a format known as iCalendar and use an .ics extension.
Outlook supports two types of Internet Calendars: snapshots and subscriptions. You’ll send snapshot calendars using email. This calendar is a one-time review that isn’t linked to a source calendar, so it won’t update when someone changes the source.
To send a snapshot, open a new email message and click the Insert tab. You’ll find the Calendar option in the Include group. You can customize the calendar by deciding the amount of information that you send, as you can see in Figure A. For instance, you can specify a date range, busy status, and other appointment details.
Figure A
 

OutlookFacebook_Fig1_012814.jpg

 
The recipient can open the file as an Outlook calendar. In addition, the recipient can drag events from the snapshot calendar and use Outlook’s overlay feature (which we’ll learn about later) to visually merge the received calendar with their own. Some people use this feature to quickly back up their calendar(s). You can do so by selecting the calendar, and then clicking the File tab and choosing Save Calendar.

Importing Internet events

Snapshot calendars are static, but Outlook’s subscription calendars synchronize with the source calendar (stored on a web server). You download the calendar file to your local Outlook version. When the hosting site updates the calendar, those updates are downloaded to you.
Facebook is a great example because so many people have accounts. You can download two calendar files: your friends’ birthdays and events. Let’s download the birthday calendar.
1. Log in to your Facebook account.
2. Click the Events link on the left (in Favorites) (Figure B).
Figure B
 

FacebookOutlookFigA012714.jpg

 
3. In the top-right corner, find the gear icon, and click its dropdown arrow.
4. Choose Export (Figure C).
Figure C
 

FacebookOutlookFigB012714.jpg

  
5. Figure D shows the resulting dialog. You can click either of the circled links to begin the process. If you’re following this example, click the birthday link.Figure D
 

FacebookOutlookFigC012714.jpg

   
6. If Outlook is your default client, Windows will select it for you (Figure E). In this case, click OK. If Outlook is not your default client, select Outlook from the list or click Choose (if necessary). Figure E 
 

FacebookOutlookFigD012714.jpg

  
7. Click Yes to confirm that you’re subscribing to Facebook’s birthday Internet Calendar. Outlook will import the birthdays into a new calendar. This new calendar will automatically synchronize with Facebook to add, delete, or modify birthdays as they’re updating in Facebook. If you unfollow a friend in Facebook, Outlook will delete that friend’s birthday from your local calendar.
If the above process doesn’t work for you, follow these steps to add the calendar manually.
1. Repeat steps 1 through 4.
2. Right-click the appropriate link (see Figure D) and choose Copy Shortcut or Copy Link Location.
3. Open Outlook.
4. Open the Calendar window.
5. On the Home tab, click Open Calendar in the Manage Calendars group. If you’re using Outlook 2003 or Outlook 2007, choose Account Settings from the Tools menu.
6. In the resulting dialog, paste the copied link (Figure F).
7. Click OK.
Figure F 
 

OutlookFacebookFigF012814.jpg

  
 
Outlook will display birthdays and events in separate calendars, separate from your Outlook calendar. I don’t recommend combining them, but you can use Overlay to visually merge them. 1. Click the View tab.
2. Click the birthday calendar and then click Overlay in the Arrangement group; this will display the default calendar (yours) and the birthday calendar as one. In Outlook 2007, choose View In Overlay mode from the View menu. In Outlook 2003, use the Side-By-Side Calendars feature by checking individual calendars, accordingly.
Overlay is a visual enhancement; this feature won’t actually combine calendar files. You can add several calendars to the overlay, adding each one at a time.

Stay in touch

Outlook’s Internet Calendars are a flexible tool. You can share static appointments via email or download interactive calendars from the Internet into your local version of Outlook. Either way, you’ll have the information you need at your fingertips.

By Susan Harkins January 28, 2014

About

Susan Sales Harkins is an IT consultant, specializing in desktop solutions. Previously, she was editor in chief for The Cobb Group, the world’s largest publisher of technical journals
 

I found this while trying to find an article and I thought it should be on every companies notice board, I am putting on ours with a an acknowledgement signature strip, I am sure that’s why everyone loves me at cmx.

This is a story about 4 people…

Everybody, Somebody, Anybody and Nobody.

There was an important job to be done and Everybody was asked to do it. Everybody was sure Somebody would do it. Anybody could have done it, but in the end Nobody did it.

 
Somebody got very angry about that because it was Everybody’s job. Everybody thought Anybody would do it, but Nobody realised that Everybody wouldn’t do it.

It ended up that Everybody blamed Somebody when actually Nobody had asked Anybody to do it.

Single headlines don’t give you the whole story


Like nearly everyone else I read the newspapers, usually on line, I also read emails and articles that are of interest to us at cmx business computing.

The trend I have noticed is that articles are being written on the basis of quick one headline, one story articles  but if you put them all together you get a different picture which explains a lot more about whats going on.

Towards the end of last year I read the following headlines:



“IDC says PC sales fall 14.8% this year


“Is the PC an Endangered Species?”

“Desktops are dead in business and dying in the home”

“Microsoft’s Ballmer: ‘Nobody Ever Buys Windows. They Buy Windows PCs.”

“Die-hard XP admins just won’t let go, reveals survey”

“The PC’s not dead. It’s just gone high end

“Analysis Cheap and nasty PCs are dying out”

“AMD will focus less on desktop CPUs”


If you read the headlines above you will come to a few conclusions; XP users are staying with the old, The Tablet is killing the PC, Only expensive PC’s are selling, AMD see the future in Tablets and smartphones.

This is not what is really happening, they are not unconnected, lets look at the headlines in groups.

PC Sales are down, cheap PC’s are not selling, AMD is looking to grow elsewhere, XP users are staying put, people buy Windows PC’s..

However the truth is rather more complicated. There are less PC’s being sold for a few reasons, The first is XP. There are so many XP PC’s in use that the cost to business of replacing them all during a shortage of money and only tempered optimism is unreasonable, it is also generally viewed that the XP platform still has plenty of life in it and that the replacements are no better, probably worse. Couple this with the fact that no-one takes security seriously. This will all reduce overall PC sales.

The second reason takes some leaping in the thought process. Cheap PC’s are predominately bought for home use where they are used for games and browsing, not serious number crunching stuff. This is the area where the Tablet has made inroads. The old adage read “why have an expensive PC when a cheap one will do”, it now reads “Why have a PC when a tablet will do” and as tablets approach the same price as a round of drinks its an argument that makes sense.

Couple this with AMD who continually fights against Intel on price and you have the reason for their lack of popularity and the need to look elsewhere for business, hence the new AMD focus.

The last bit about Windows? thats simple. If you are buying a desktop computer your first question is do I buy Apple or Windows? Thats usually a choice swayed by software availability and performance not by operating system. This is a problem where you think a software package is up against a platform whereas in reality it’s just about software. The problem about software is do you want apps and compatibles or original and powerful..

What the story should have said is;

AMD and cheaper PC’s hit by low cost tablet uptake.
by Glyn Cheeseman 30 Dec 13


The low cost tablet has been making considerable inroads into the cheap end of the PC market where users want simple applications and mainly buy them for Internet browsing. This together with users retention of XP systems has caused an overall drop in sales of PC’s by about 14%. 

AMD who were the main supplier of cheap computers to this marketplace have been the main losers and have decided that they should go where the business is and focus on the smaller cheaper hand held devices together with the limited video card market.


AMD will suffer further making Intel totally dominant in the PC arena and they may find fierce competition from ARM and Snapdragon who are well established in the smartphone arena. AMD’s may fare better with video cards where their ATI arm are up against NVidea, but the smart money isn’t on ATI.

Lower costs tablets will see this part of the market shrink further as there is a race to the bottom for the price of hand-held tablets which are currently available new for £29. Effectively the PC market place has split into serious users and Internet browsers. 


If you strip out lower cost machines then the market for Windows based middle to high upmarket systems has remained quite buoyant in 2013. Add to that the XP users are going to be forced to upgrade their slowing ageing machines, some of which may be up to 12 years old, which will act as an extra boost to the market in 2014. XP users will loose all updates from Microsoft as the product has reached end of life. This does not mean that systems will stop working but they may be more vulnerable to attack from the Internet. Only time will tell if they are leaving it too late, if there more attacks like Cryptlocker then look for the sudden rush in March 2014.

So In conclusions mid to top end PC sales will remain bouyant in a replacement market, Tablets will be everywhere, taking over at the bottom end due to low prices but they may see Smartphones as the main threat as we we see more Phablets, the phone and tablet combined. One thing is for sure, it’s not going to be a pretty year for cheap computers and AMD. Not when you can buy a tablet for the same price as a round down the pub against a £299 AMD computer in Tesco’s.

I am often asked why I blog 

Its a great question and I am often, asking it myself! I write as a central focus for cmx business computing with the occasional personal thought thrown in. 

In the 1970’s my father ran a successful business in Colchester. He was known as a local character with a shop that everyone knew. It was a time when local towns had local businesses run by local people

with some of them on the local council. Notice the word local? The council made decisions which were good for local business and residents, there was always some local party political arguments but they were mild and not as controversial as modern decisions seem to be.

My fathers business sold Bang & Olufsen, Sony, JVC, Tandberg, Pioneer, Panasonic plus many other brands. It was unusual because he sold TV, HIfi, repairs, parts, CB, Cameras, records and tapes all from the same shop.

The thing that made him well known was that he wrote a column in the local paper each week for which he paid, as it was classed as advertising. He passed comments on local things and at one time his shop actually received mail sent to “No1 Roman Hole” a phrase he coined to describe the fact that his shop was in the middle of the new soon to be built precinct, Being Colchester the archaeologists had turned the area all around his 6000sq ft shop into a new landscape of muddy holes with roman bits sticking out.
When I say character I have a photo of him which was published in the local papers dressed as a roman soldier on top of Colchester Castle as a result. The former site of the shop is now TKMaxx. If you look carefully at the photo, at what was the back of his shop in Sir Isaacs walk, you will spot a hay crane top left, this was removed from the old

building and replaced here over the site of my old workshop, blue plaque anyone?

The reason for me mentioning all this is that he never ever talked about the Data transmission company that he started, which obtained patents and was unique in what it did; sending data from remote water tanks and pumping stations over the telephone lines, twenty five years before the Internet. The remote sites were battery and wind powered as the GPO (as it was) could get a cable wherever the power companies couldn’t. This company also designed and built industrial computers in the early 1980’s to process all this data and control the water systems for Borders and Fife regions in Scotland.

This company kept his shop going for twenty years. It launched Colchester computers, renamed Colmex and again to CMX.

He was also a keen photographer and cameraman, his films are now in the possession of the East Anglia Film Archive because of their diversity, quality and historical interest. They are known as the Ken Cheeseman Archive.

The reason that I go into all this when talking about blogs? Well its simple, everyone knew his local shop but no one except in Scotland knew about his industrial electronics company which kept the old company in business or anyone of his filming.

So his ’70’s blog definitely kept his favourite business in the limelight but the most profitable one often seemed like a well kept secret. That I am convinced is the power of the written word.

A blog can get your ethos across, and that always filters down from the top of a company to everyone in it. It raises your profile, promotes your credibility and hopefully brings you more clients who can benefit from your help and knowledge. Funny that Virgin, Lord Sugar are avid bloggers but the head of Tesco, Philip Clarke, has blogged nine times this year.

Thats why I blog now. The world has changed, the newspaper of the 2000’s is the web and you can’t be in front of people just by physically advertising as we are becoming immune to it – there’s another topic.

He always ended his piece with a plug for the business. CMX is one of the most experienced computer companies and I don’t care who knows it, wouldn’t you blog too? Thats why I am carrying on the tradition. Same method, different media.