Sometimes it helps to be old enough to remember how things were done in “pre-historic” times BEFORE there were computers on every desktop. To get a little perspective on the value of technology, ask clients how many more employees they would need if they had NO computers in the office. Even in a small office, most businesses would need at LEAST one additional employee. In a larger office, that number would be much higher. The work done would also be more costly in terms of paper, travel time, etc……not to mention more error-prone. Much of what computers do could simply NEVER be done by humans at a reasonable cost.

Now ask your client what those employees would cost, in terms of salaries, benefits, and, well, the other “costs” of having additional employees. The cost of the computer and a NerdCare plan to keep it running smoothly starts to look incredibly affordable in this context. In addition, the headaches that occasionally arise with computers don’t seem quite so bad when you compare them to the headaches and complexities that come with their, er….human counterparts.

So ask the question: What would you have to pay humans to do all the things these computers do every day? $4,000, $6,000, $10,000 per month? Makes that NerdCare plan to keep those “digital employees” well fed and happy seem like a pretty good bargain.

Dennis H in West Virginia, US

April 30, 2010

One of the many projects we are working on in our team is our RAF Enterprising system.
Click here to view our RAF Enterprising system

What is RAF?

RAF is an online single repository to all the important stuff in your company displayed in real time in a digestible and appealing fashion when you need it, where you need and how you need it. Your whole business in one spot.

Take a look and contact us if we can help your business.

The world of website security is a quickly changing, shifting environment. One moment your website may be as secure as you could make it, and the next moment a new vulnerability may be found in the site. The hundreds of thousands of clients world-wide using Content Management Systems (CMS) like Joomla, Drupal or WordPress are the most at risk. Due to the popularity of these systems, hackers have learned that they merely have to find a vulnerability in one copy of Joomla to infect over a hundred thousand websites at virtually the same time.

This week so far has been a somewhat special week in Joomla security particularly, as the Joomla security team has released two security patches, only days apart. If your company is running a Joomla CMS website, has your team upgraded your site to the latest version? What this done twice already this week?

At Nerds On Site, we offer NerdCare Assurance packages to our Joomla clients (as well as clients using any other CMS system), and all our NerdCare Assurance clients were upgraded by our team this week. First, our team upgraded all of our clients on Monday, using the latest patches available that day. Then, late last night our team upgraded all our clients again, using the 1.5.17 patch that was released at that time. This service offers peace-of-mind to our client. By having NerdCare Assurance protecting their website, they never have to worry about the latest patches and security releases, as our team will take care of that for free, no matter how many new patches are released in a week.

Is your website protected by a NerdCare Assurance plan? Contact our team to learn more!

Companies, System Administrators, (and your Clients) could all learn a lesson from the “Click-It or Ticket” campaign – launched a few years ago in the US to encourage the use of seat belts in automobiles to save lives. This article by Bruce Schneier discusses the fact that states with the strongest enforcement had the greatest success. The amount of money spend on media advertising was a less important predictor of success. Of course, with security awareness, or with any other attempt to change behavior, it’s not an either / or proposition. The important point is that enforcement is a key component. Without it, rules have little benefit.

Of course, the popularity of the iPad has brought about a new attack vector for the purveyors of malware. The attack does not actually affect the iPad, but is another way to trick Windows users into downloading malware. I suppose there is a touch of irony in using the iPad to attack Windows.

This story is a bit US-centric, but I suspect it’s only a matter of time until the same issue pops up in Canada and in other countries. The state of Massachusetts in the US has passed a law requiring ANYONE storing or transmitting Personally Identifiable Information about its residents to encrypt and protect that information. The fines for failing to do so are substantial. This is interesting because this law seeks to reach beyond the borders of the state. It will be interesting to see how this plays out in the courts over time. In any case, the growing problem is identity theft is likely to spawn similar laws around the world.

If you have clients who redact data from PDF documents before sending them, they should know that the “redacted” data may still be visible.

In an other round of the ever-escalating “armor vs. ordinance” malware battle, some malicious websites are now able to detect search engine “bots” and hide the malware from them. Detecting malware on websites is a priority for Google and Firefox, who use APIs to blacklist malicious sites.

On another front of that same battle, fake malware vendors are gaining ground and the legitimate AV products are having more difficulty detecting the “rogues”.

Breaches are going to happen. Here is an example of what a responsible dissemination of information looks like. Sadly, you rarely see this sort of transparency.

Dennis H in West Virginia, US

April 28, 2010

Zeus + PDF = another security challenge. PDF files have become one of the leading attack vectors on the internet, and everyone needs to know to be careful. Zeus, one of the nastiest banking trojans, is now being spread this way.

“No updates for you!” Microsoft is a bit gun-shy after recent blue-screen problems that were actually the result of underlying malware infections. Some new updates will not install if “certain abnormal conditions” exist in the kernel (a likely indication of a malware infection). Running “mrt” from the “Run” box on XP or from the search bar on Vista / W7 will remove most of these infections.

Here is a good summary of the security features of W7 that we should all be familiar with.

Not many Nerds are big fans of Norton Internet Security, but it’s good to see what they are up to. The 2011 version has some interesting new features, which are likely to consume even more resources that with previous versions. The additional complexity will probably confuse users as well.

Fix a problem – create a bigger one. Microsoft has incorporated cross-site scripting (XSS) protection into IE8, but researchers have found a way to turn this “fix” into an even bigger problem. Security is not easy.

In case you were wondering – yes, there are “security / spyware (depending on your perspective)” apps for the Blackberry.

Here are 3 reasons employees break security rules: They don’t know about them, the rule are not enforced, and the rules hinder productivity.

Public networks + smart phones = business risk. Everyone likes to be mobile, and what we used to call a “cell phone” is now a portable computer. The problem is, security on smart phones is often less robust and / or mis-configured.

Finally, here is a link to part two (so you can link back to part one) of a two-part series on protecting children online. It is a good summary and should be passed on to your clients who have young children.

Dennis H in West Virginia, US

April 20, 2010

This morning our development team took down our Trust Site (http://trust.nerdsisp.com) to work on a bug that has plagued the site for some time. First, we want to assure all our clients that the statistics posted on the trust site were always 100% accurate. The issue our team wanted to address was the timeliness of the stats, that is, we discovered that the statistics were always a few days behind. All maintenance work is now complete, and the statistics are now completely up to date and will remain that way.

As always, we appreciate your patience, and thank you for your patronage!

Most major providers of mail do not offer SSL secured email to their clients, and the Federal Trade Commission has officially put all Internet companies on notice, calling for the widespread use of HTTPS/SSL encryption for all mail services.

Nerds On Site is a leader in this field, as we have offered SSL secured mail to our clients for quite some time now, and have even made SSL secured webmail the default and only option available for our webmail clients. If you are not using SSL secured mail right from your desktop, or are unsure of your status, contact our team today, and we’ll assist you! It may surprise you to learn that automatic encryption of all your mail is completely free as part of Nerds On Site’s hosting services!

PDF files have become the de-facto standard for sending documents. We think of them as being relatively innocuous because they are generally not editable. The specs for these documents are very powerful, though. Contained within these specifications is the power to run code within the document. If that sounds a little scary – it should.

PDF documents have become one of the most widely-used attack vectors for malicious code writers. This has been mostly related to security holes in the programs used to interpret .pdf files, specifically Adobe Acrobat Reader and (to a lesser degree) Foxit Reader. Most of these attacks can be thwarted by disabling the javascript execution features of these readers.

The native code-execution features of PDF files are supposed to be sandboxed. We have seen, though, that a “sandbox” is not the digital equivalent of a maximum-security prison. There have been several instances where Java code has managed to “escape” from the sandbox.

Recently, Didier Stevens showed that it is possible to embed malicious code within .pdf files without relying on javascript. Jeremy Conway has also shown that it is possible to create PDF worms that can overwrite and infect other PDF files.

The bottom line – advise all clients to be very cautious about opening PDF files, especially those that are unexpected or from untrusted sources. Attacks have been surfacing in the wild and we may reach the point where even PDF files from trusted sources are a threat.

Both Adobe and Foxit are scrambling to address this issue. In most cases, Adobe (and now Foxit, with the latest patch) will warn before executing code, but the attacker can manipulate the text in the warning dialogue, so there will be efforts to trick users into allowing the code to execute. Warn clients about this!!!

Dennis H in West Virginia, US

April 07, 2010

I’m sure you’re asking yourself how software development can help you go green. Look around your desk, see all those sticky notes, requisitions, forms you need to complete – all paper that needs to be completed and either archived, sent back to other team members or other companies.

We’ve helped many companies do this. One of our clients used 600 pieces of paper per project, with over 100 projects a year, they used 60,000 pieces of paper. We developed an application that helped them go paperless. This helped them save paper, reduce costs and better organize their data. As well, each team member could access the information from any location without having to drive to the company office to access it.

Let us help you – if you have paper piling up, or a wall of sticky notes, send us an EMAIL.