Computerware Blog

When’s the last time you rebooted your PC or mobile device? If you’re drawing a blank to this question, then you should take the minute or two it takes to reboot as soon as possible (or 15 minutes if you’re still using Windows XP). To a computer, rebooting can be likened to getting a full night’s sleep; without it, performance will suffer.

A while back we discussed the POODLE vulnerability found in SSL 3.0 SSL encryption technology. This vulnerability is found in all operating systems, as it is found within the web browser’s abilities to process SSL encryption. Thankfully, major companies are stepping up to tackle the issue, and Microsoft has released a basic solution to fix the vulnerability in Internet Explorer.

The POODLE vulnerability itself is used to obtain information encrypted with SSL technology by analyzing web traffic. This technique is used to steal information such as credit card numbers, Social Security numbers or other private information. In non-tech speak, SSL (Secure Socket Layers) is an encryption protocol used to keep data safe on the web through security certificates. This method of encryption has long since been replaced by the more secure protocol TLS (Transport Layer Security), but several systems will revert back to their old SSL certificates in the event something has gone wrong with their TLS. TLS isn’t vulnerable to this issue, so in theory, a hacker could force their way into a network, exploiting the traffic coming in and out of the network for any worthwhile information.

According to the Microsoft security advisory, hackers exploit a man-in-the-middle attack to take advantage of this vulnerability:

In a man-in-the-middle (MiTM) attack, an attacker could downgrade an encrypted TLS session forcing clients to use SSL 3.0 and then force the browser to execute malicious code. This code sends several requests to a target HTTPS website, where cookies are sent automatically if a previous authenticated session exists. This is a required condition in order to exploit this vulnerability. The attacker could then intercept this HTTPS traffic, and by exploiting a weakness in the CBC block cipher in SSL 3.0, could decrypt portions of the encrypted traffic (e.g. authentication cookies).

Due to the nature of POODLE as a design flaw, it’s not something that can easily be patched. Therefore, most experts are saying that you’re better off disabling SSL 3.0 for their web browsers. Most servers don’t rely on SSL 3.0 anymore, which makes it obsolete. In fact, most major browsers are looking to disable SSL 3.0 completely within the next few months. Firefox is fixing the issue with the November upgrade, while Google is working to disable SSL 3.0 on all of its products. This makes the vulnerability obsolete for two of the biggest browsers, but what about Internet Explorer?

Turns out Microsoft has a way to fix that one, too. Microsoft has released a Fix It tool, which can help users disable SSL 3.0 without navigating through their Control Panel. Just click here for the tool on their official website. Otherwise, you must disable SSL 3.0 and enable TLS 1.0, 1.1, and 1.2. Follow these steps to do so:

In the Internet Explorer Tools menu (or your PC’s Control Panel), click Internet Options.

In the Internet Options window, click the Advanced tab.

Scroll down to the Security section. Notice there are checkboxes next to the available SSL and TLS options. Uncheck Use SSL 3.0, and check the following: TLS 1.0, TLS 1.1, and TLS 1.2. Be sure to check all of the TLS versions. Failing to do so could result in connection errors.

Finally, click OK, exit, and restart Internet Explorer. This allows Internet Explorer to refuse a connection with any servers which only support SSL, which ensures that the web traffic isn’t vulnerable to the POODLE vulnerability.

Computerware believes that quality security is key to a minimal-risk online environment. This fix isn’t a viable replacement for the latest security updates and patches, so you will want to ensure that you are always running the most up-to-date versions of your software, applications, and especially your operating system.

Computerware can apply all of these patches for your business’s systems so you don’t have to. Call us today at (703) 821-8200 to learn more.

Though not everyone believes them, we all know about the horror stories of the spirits of the dead that linger in this world, haunting locations where no one dares to tread. Every culture, though their beliefs vary, contains them to some degree. Their purpose is unknown, and they are thought to be caused by unfulfilled desires or regrets. But regardless of whether or not you believe in them, you better believe that your business can very well be haunted by ghost servers.

Just for one second, try to imagine your life without your personal mobile device. Mobile devices has pervaded our very existence, and they are integral tools for connecting to your business’s network. But even with this colossal amount of data on the device, some people still manage to lose them. What would happen if your smartphone fell into the hands of one of your competitors, or even a hacker?

A thorough data backup is important for your business continuity plan, and so is a fast and efficient disaster recovery solution. What's that? Aren't those the same thing? Unfortunately, the two concepts are far from the same thing, but many business owners are still under the impression that their data backup is also a disaster recovery solution.

Whether you like it or not, email is a standard communication method used by businesses around the world. Sometimes it can be difficult to come up with the right things to say, especially when you’re under pressure to respond. Thankfully, with the right formula, writing a good email doesn’t have to be nearly as hard as you might think it is.

As a business owner, you want to take every precaution against the latest threats that can affect your way of life. An updated threat called Cryptowall 2.0 (previously known as Cryptolocker) has been cut loose by malware developers, and it's capable of dealing irreparable damage to your business's network and data. This spear-phishing variant has the power to grind your network's files to dust, and in turn, your productivity.

Whether the world is ready for it or not, the Internet of Things (IoT) is on its way. As such, there is a lot of controversy about what actually constitutes the Internet of Things. Infoworld argues that a lot of what the public claims to be part of the IoT, is actually not a part of it, and that we need a more substantial definition for this oncoming phenomenon.

As technology continues to improve, workers are able to be more efficient and do more with less. In the name of efficiency, new technology changes things, including the office layout. "Hoteling" is the latest office trend in workplace efficiency, and with the right technology, you can organize your office in this new way and gain maximum collaboration out of your team!

How often do you deal with your company-owned IT equipment? Some businesses keep detailed records of their equipment and use security measures and policies to prevent theft; but if your business doesn't protect its equipment, you could be digging a hole into your budget without realizing it.

This past August, we reported on a new vulnerability with USB firmware called BadUSB. This vulnerability was discovered by Karsten Nohl of SR Labs. The BadUSB vulnerability was presented at the Black Hat security conference as a theoretical risk, but now, the code has leaked and this risk has become a reality. Oops.

The Internet is a vast and wonderful plain of many fruits and resources, but there are two sides to everything. It can also be a vile and disgusting place, with content that could make even the most hardened criminal flinch (or stare in astonishment). Keep your network safe by implementing a content filtering solution for your business.

It's football season! Many NFL fans are spending their Sundays glued to their TV sets cheering on their favorite team. This season, those in the tech industry who are concerned about net neutrality have also taken an interest in football--primarily due to a recent FCC ruling.

What we expected to be Windows 9 has been gradually revealed through leaks over the past several weeks, but Microsoft has thrown a curveball into the mix with Windows 10. The latest information, revealed during a public Microsoft Windows event, has gone into much detail concerning the nature of the newest incarnation of Windows, including its focus on enterprise and cloud-centric policy.

Working with technology can get pretty complicated and technical at times. We're here to help. We've got plenty of technology tips to share with the world, and we're going to unleash them on you once a week. For more helpful tech tips, search our previous blog articles. This week's tip will help you spot a nasty APT hack on your company's network.

Technology grows more powerful and complex every day, and there have been increasing efforts to automate certain repetitive tasks. In the near future, we may be able to look at fully automated assembly lines. While most companies are concentrating on what this means for their budgets, automation could very well be a threat to jobs around the world.

For users of Unix-based operating systems, there's a new threat on the loose. The vulnerability, promptly called the Bash bug, or "shellshock," is targeting systems equipped with Linux and Mac OS X. The bug allows remote users to execute arbitrary code within the operating system.

One California restaurant owner has recently taken on an interesting marketing strategy that goes against all conventional wisdom. Co-owner David Cerretini of the Italian restaurant Botto Bistro tells his strategy to USA Today, "I want to be the worst restaurant in the San Francisco area!" Strangely enough, his approach seems to be working.

With so many new trends popping up in today's technology industry, it's only natural that a change of pace, or even a change in strategy, be considered by any business hoping to take advantage of what the world has to offer. Your company needs to adapt to change if it hopes to be successful in the future business world.

As a business owner, your email contacts list is probably chock-full of clients and customers you've met over the years. This can make it difficult to find your target without sifting through countless names. Instead of getting flustered by an unorganized list, try sorting your contacts in various ways.