Wednesday, October 29, 2008

New Protection of Information Law goes into effect January 1, 2009

New Protection of Information Law goes into effect January 1, 2009:

A new law is going into effect January 1, 2009 that will affect just about all businesses in Massachusetts.: 201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth. http://www.mass.gov/?pageID=ocamodulechunk&L=1&L0=Home&sid=Eoca&b=terminalcontent&f=idtheft_201cmr17&csid=Eoca

Basically, every business with employees and every business that accepts credit card payments will be effected (this essentially includes ALL businesses). The regulation states that “Every person that owns, licenses, stores or maintains personal information about a resident of the Commonwealth shall develop, implement, maintain and monitor a comprehensive, written information security program applicable to any records containing such personal information. Such comprehensive information security program shall be reasonably consistent with industry standards, and shall contain administrative, technical, and physical safeguards to ensure the security and confidentiality of such records”. We’ll be working with clients over the next two months to help as needed. For technology, the general things businesses need is to have a network firewall, encryption of wireless networks, strong password protection of networks and systems, and encryption of personal identifiable information.

Tuesday, October 28, 2008

How do I know if my system has the right Microsoft Security Patch installed?

Several people have asked us how they would know if their system is patched or not for Microsoft Security Bulletin MS08-067 (KB958644) (or any other patch for that matter).

Its easy! Go to “Control Panel” / “Add or Remove Programs” / Click the box for “Show Updates” / Sort by date (makes it easier to find).

You should see a reference to KB958644 with a date after 10/23/2008 if the new patch was installed.

CRITICAL Microsoft Security Bulletin

If your system isn't already patched for Microsoft Security Bulletin MS08-067 (KB958644), do it now! Its rare for Microsoft to release security updates outside of the normal Tuesday schedule, but for the first time I know of, Microsoft called 1000s of partners, and held conference calls to ask us to warn our clients and make sure they were patched. This is truly a critical threat.

The Critical Security Bulletin (MS08-067) is for a vulnerability in Server Service that could allow Remote Code Execution. Note that this affects all operating systems (even though it relates to "Server" Service - the vulnerability affects just about all desktop systems). If you run automatic updates, this update should be picked up, but we are advising clients to run the update NOW!

For more information and detailed information relating to your specific operating system, please go to
http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx
File information details can be found in
Microsoft Knowledge Base Article 958644

Note that there is always a risk when you install new updates, but initial testing by Microsoft is not showing problems and the patch can be uninstalled if necessary (there are no reported problems with commercially available software). However, in the case of this CRITICAL update, there is a greater risk of NOT installing the update.

An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability over RPC without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. If successfully exploited, an attacker could then install programs or view, change, or delete data; or create new accounts with full user rights.

Friday, October 24, 2008

Money tight, computer slow? - Get more RAM!

If your computer is driving you crazy because it's too slow, and your budget is tight, consider getting more RAM to see a drastic improvement in your system. If your computer is slow, and you hear your hard drive working over-time, its likely that you could see a significant improvement by just adding around $50 worth of RAM. The first step is to see how much RAM you currently have: Go to "Start" / "My Computer" / "View System Information". On the "General" Tab, you'll see a summary of your general system information. If you have less than 1G of RAM, you will definitely benefit from more RAM.

Yesterday's Boston Globe had a good article outlining a bunch of measures to revitalize your old computer: http://www.boston.com/business/technology/articles/2008/10/23/stretch_your_money_by_stretching_your_pcs_life_span/

Don't be disappointed if you can't afford a new computer right now, because there is a good chance you don't need one. In our experience, adding RAM is the highest-impact, lowest cost way to boost performance. If your computer can support 2G of RAM, you will see a BIG difference

Note that there are many different types of RAM, and there are specifications for the amount of RAM that can be added based on specific system models. If you want to go the "do it yourself" route, we recommend going to the manufacturer's web site (Dell, HP, etc) and entering your system information, or use the "RAM Finder" function that all of the major RAM manufactures have, such as at http://www.crucial.com/.

Thursday, October 16, 2008

Clocks move BACK November 2 - Check your BACK-UP

Remember that Daylight Saving Time ends on November 2 this year so clocks move BACK one hour. When the clocks change, we often hear reminders to change batteries in the smoke detectors in our homes. This is a great way to remember.

We'd like to start a new tradition to check your data BACK-up at this time as well.
  • Are you backing up ALL your critical files?
  • Are you taking your backup off site?
  • Are you backing up often enough (hourly, daily, weekly?)
  • Are you meting regulatory requirements?
  • Do you have a business continuity plan?

Checking your data backup on a regular basis can save you a lot of time an money in the event of a computer crisis! So we want to get everyone focused on checking their backup AT LEAST twice per year when the clocks change. (Please also change those batteries!)