Falcon Worx

No Contract?

Alan — Thu, 24 Sep 2009 17:41:15 +0000

The innovative minds here at Falcon Worx are at it again, and this time we have an idea so outlandish, so innovative, and so unheard of in our industry that we need your input! We’re considering offering our innovative Managed Services Program without an annual agreement. That’s right, you read it here first, we’re considering offering our Managed Services Program without an annual agreement! In case you’re wondering, no we’re not losing our minds, and no we didn’t have anything to drink with our lunch!

We’re talking a month-to-month agreement with all of the same great benefits and same great features as our annual Managed Services Program! This program has our new customers in mind, particularly the ones that could greatly benefit from our Managed Services Program but are afraid to take the plunge. Do us a favor and let us know what you think by completing the poll below!

Google Sync: Gmail Support

Alan — Tue, 22 Sep 2009 20:44:04 +0000

Today Google released a long awaited update for Google Sync that finally allows users to not only push their Google Calendar and Google Contacts to their Exchange enabled devices, but now their Gmail account as well! It’s the ultimate package we’ve all been waiting for, we can all finally have our Google calendar, contacts, and email delivered seamlessly to our phones. Officially, this update only supports Windows Mobile devices and iPhones. However, theoretically the Gmail push should work with any Exchange enable phone. You can read more about the update on the Google Mobile Blog.

Update: Adobe Flash Zero-Day Vulnerability

Alan — Thu, 30 Jul 2009 12:00:48 +0000

Last week we warned our customers of a serious exploit with Adobe Flash. You can read all of the details here. Today Adobe released an update for Flash that fixes this vulnerability. We highly recommend that you download the latest version of Flash today!

Download:

Adobe Flash Update

Adobe Flash Zero-Day Vulnerability

Alan — Fri, 24 Jul 2009 12:00:04 +0000

There’s a new zero-day vulnerability in the wild that exploits a security hole found in the very popular Adobe Flash 9 & 10 Player. With the introduction of Adobe Acrobat 9 and Adobe Acrobat 9 Reader came the ability to embed/view Flash animations in PDF documents. Technically, this vulnerability affects Adobe Acrobat on all platforms. However, attackers have only targeted PC users at this point.

Attackers are exploiting this newly discovered security hole by embedding malicious Flash content in PDF files and then sending these infected documents to victims. Once the victim opens the infected PDF file, a data stealing trojan is then loaded onto the victims PC. Adobe announced today that a patch to fix the security vulnerability will be released next week. So what do you protect yourself until then? We’ll tell you how!

Adobe has recommended that users disable flash in Acrobat until the fix is released. Security experts have also recommended that users completely disable Adobe Flash on their systems until the fix is released. Even though attackers have only used PDF files at this point, they’re concerned that this exploit may move to the web. Personally, I think that completely removing Adobe Flash from your system is a little overkill.

As always, don’t open PDF from people you don’t know. Even if the attachment is from a person you know, but something about it seems strange, trust your instincts. Contact the person who sent you the PDF file and ask them about it. The next thing you can do is disable Adobe Flash in Acrobat. You can do this by clicking Edit > Preferences > Multimedia Trust (Legacy) > Highlight Permissions for Adobe Flash > Change Permissions for Selected Multimedia Player > Never > Click OK.

Finally, I can’t stress how import this last step is. Make sure your antivirus software is fully updated! If your antivirus software is up-to-date, you’re going to be protected against all kinds of bad things floating around the internet!

Google Chrome OS

Alan — Sat, 18 Jul 2009 17:15:28 +0000

I’ve been getting a lot of questions about the upcoming Google Chrome OS so I’m going to give everyone my thoughts on it, and also answer a few common questions I’ve been receiving. Google Chrome OS is not an entirely new operating system built from the ground up. It’s really not going to be anything more than just a new distribution of Linux.

A new distribution of Linux in itself really isn’t exciting news or anything special. New and totally free distributions of Linux are released to the general public on an extremely frequent basis. The problem with Linux as a desktop operating system is that for the average person even a trivial task like installing a new program can be daunting if not impossible.

Linux isn’t like Windows or OS X, there isn’t a nice graphical installer that runs when you want to add a new piece of software to the machine. Installing a piece of software or installing operating system updates usually requires the end user to use a terminal interface. Some distributions of Linux are more user friendly than others, and some distributions allow self-installers (RPM packages for example) but the simplicity and familiarity isn’t there for the average user. Another huge problem is the lack of driver support. Once again, some distributions are better than others in this area.

The Google Chrome OS is built around the idea that all programs the end user needs to access will be delivered via the Internet and their web browser. Things like SaaS (Software as a Service) is becoming more common by the day, and here at Falcon Worx we implement SaaS and we also offer it to our clients. Google believes that with any software available via a web browser, you’ll never need to install a piece of software anyway.

With widespread support from PC manufacturers things like compatible drives shouldn’t be an issue. Google is doing a smart thing by targeting the small and relatively new netbook market as a starting point for their new operating system. Netbooks are designed for well, surfing the internet and not much more. They’re low powered, and don’t have much capacity. So accessing software via a web browser makes perfect sense.

In addition to widespread support from PC manufacturers, I’m sure Google will implement some type of self-installer for software packages that will be easy to use. As a result, software developers will probably release a plethora of software for Chrome OS. I’m sure we’ll see Chrome OS move to notebooks and then eventually desktops.

How successful will Chrome OS be with consumers? Only time will tell but I suspect it will be fairly popular. PC manufactures are going to be cramming the Google Chrome OS down consumer’s throats because it’s free. Unlike Windows, Chrome OS doesn’t come with a hefty licensing fee for each unit sold.

I’m pretty eager to get my hands on Google Chrome OS, if their operating system is anything like any of their other products I’m sure it will be pretty darn good if not great. Do I think that all software a person or company needs will be available via your web browser? For most companies that answer is no. It’s far too costly and security is always a concern. However, I do believe that SaaS will be more widely implemented for some types of software.

Password Management

Alan — Thu, 16 Jul 2009 12:03:12 +0000

Yesterday it was reviled that the password for an administrative assistant’s email account at Twitter was compromised. As a result, secretive company documents were leaked to the web. Additionally, the CEO’s wife had her email account compromised and so was their personal Paypal account. You can read all of the details here. Compromises like this are certainly embarrassing and can happen to anyone from any company.

This brings me to my next point, not only should your password be strong but your hints to reset your password should not be easily guessed. If you have your hometown, birth date, and your mother’s maiden name on your Facebook page, an attacker is going to exploit this information for their benefit. You can never be too careful! Last week we posted a link to a great website that assesses password strength.

So now that you have super strong passwords (and super secret password hints!) how in the heck do you manage them all? We’ll tell you how!There are many different ways of keeping track of your passwords, including several different websites that will store them for you. You log in to your account and then enter your master password. You will then be able to view the passwords for various websites that you’ve stored.

Personally, I’m not a fan of this type of system and here’s why. First of all, what kind of security does the website implement? If the servers were compromised, how are the databases structured? Would an attacker be able to extract any valuable data from the databases? The most important issue, how are the backups created, and how are the stored? What kind of physical security do the backups have? If someone were to physically steal the backups, would your data be at risk? Personally, I’d rather not take a chance!

A program that I use is called KeePass. Now is KeePass suitable for controlling access and tracking password usage shared by a group of network administrators? No it isn’t. There’s better software out there if tracking and controlling is your goal. This software quite simply creates an encrypted database which contains your passwords. KeePass is incredibly easy to use, you can be setup and storing your passwords securely within minutes!

There are versions for Windows, Linux, iPhone, PlamOS, BlackBerry, Android, PocketPC, and thumb drives. They have a version for just about every platform out there except for Mac. Sorry Mac Fans! The best part about this software? It’s FREE. Yes that’s right, I said FREE. This is a great example of open source with an awesome community of developers with the goal of creating software that benefits everyone! I highly recommend that you give it a try today!

DOWNLOAD:

KeePass

Update: Microsoft Zero-Day ActiveX Vulnerability

Alan — Fri, 10 Jul 2009 12:00:10 +0000

Great News! We touched on the the high profile ActiveX vulnerability floating around in the wild in one of our previous posts and we have an update to share with everyone. Microsoft has officially stated that a patch WILL be released on Tuesday, July 14th! Make sure you have your automatic updates enabled, and more importantly allow the updates to install once they’re downloaded! To our managed services customers, the patches will be deployed across your networks as soon as the patches are available on Tuesday!

Password Strength Checker

Alan — Thu, 09 Jul 2009 18:29:17 +0000

All of our customers and friends that know me well, know that I can get pretty crazy when it comes to password complexity. When it comes to safeguarding your data or content, you can never be too careful. One website that I absolutely love and use on a daily basis is The Password Meter. So what does this website have to offer, and why should you use it?

Quite simply, this website assesses the strength of a password string. By providing very easy to understand visual feedback, this website helps you break your old habits of creating weak passwords that can easily be cracked or possibly even guessed by an attacker. I highly recommend giving this website a test run, see how weak your passwords really are! When you’re done, use this website to create stronger ones!

Recommend Website:

The Password Meter

Microsoft Zero-Day ActiveX Vulnerability

Alan — Wed, 08 Jul 2009 15:07:07 +0000

There’s been a new type of attack in the wild that Microsoft’s Security Research & Defense blog describes as a “browse-and-get-owned attack vector”. This only effects Windows XP machines and Server 2003 machines, but Microsoft recommends that users patch Windows Vista and Server 2008 to be safe.

So how does this attack occur and why should you be concerned? For this attack to be successful, the user simply has to open an email or browse to a website that opens a Video ActivecX Control. A malicious payload of the attacker’s choice is then downloaded onto the user’s system. This could be anything from annoying adware to password stealing programs that could allow an attacker to steal your online banking or Paypal credentials.

Currently, there’s no official patch for this exploit but there is a workaround that was just released. The workaround disables this particular ActiveX control in Internet Explorer. This will not degrade the end users experience because there is no legitimate need for this particular ActiveX control in Internet Explorer to begin with. The next round of patches are due from Microsoft on July 14th, which may or may not include a patch for this very serious security risk.

In the mean time, Falcon Worx recommends that all of our customers and friends visit the Microsoft’s Security and Defense blog to download the work around for this exploit. Go to the bottom of the page and click the “Fix It” image. Download the .MSI file, and just click “Next”. Yes, it’s really that simple!

Once again, this is an example of how Falcon Worx uses a proactive approach rather than a reactive approach. Why wait UNTIL you have a problem? Take care of the problem BEFORE it can occur, protecting your company from downtime! If you need assistance implementing this workaround, contact us to setup an appointment!

DOWNLOAD:

Microsoft Security Research & Defense Blog

Falcon Worx launches new website

admin — Fri, 26 Jun 2009 13:32:32 +0000

We are proud to announce the launch of our new website. We are up and running and ready to serve(r) ha ha. Want to see how much you can save on day to day IT services and basic network management? Take a look at our nifty Savings Calculator that can see here. Big savings people, big savings.

Let us know what you think, we welcome any suggestions or questions, so don’t hesitate to give us a call or email us. We would like to thank the creative folks at bighouse graphix for the site design and development. Check back here often for updates and specials, or better yet, just join our email signup list and keep up to date with the newest applications, hardware and mobile applications.