Archive for October, 2010

« Older Entries

Microsoft Dynamics CRM 2011: best-in-class functionality and value

Thursday, October 28th, 2010

For those seeking to migrate from an existing CRM platform due to cost, scalability, or integration issues (think Salesforce), Microsoft recently released the beta of Dynamics CRM 2011 for on-demand or on-premise users.  Native support for and integration with MS Office applications already resident in most office environments, as well as a price point nearly half that of Salesforce.com, make the choice a no-brainer for companies in the market for a CRM solution upgrade.  According to Microsoft, the beta of Dynamics CRM 2011 offers:

  • Familiar experiences through a next-generation native Microsoft Outlook client, Microsoft Office contextual CRM Ribbon, RoleTailored design and user personalization
  • Intelligent experiences through guided process dialogs, inline data visualizations, performance and goal management, and real-time dashboards
  • Connected experiences through cloud development, Windows Azure integration, contextual Microsoft SharePoint document repositories, teamwork and collaboration, and the Microsoft Dynamics Marketplace

Contact Gyver Networks today if your company is interested in learning more about what Dynamics CRM 2011 can do for your team.

Tags:
Posted in Database, Microsoft, Office 2007, Office 2010, SharePoint 2010, Software, Web | No Comments »

Microsoft releases Office for Mac 2011

Tuesday, October 26th, 2010

Mac users have a new productivity suite available to them today, as Microsoft released MS Office for Mac 2011.  The new version boasts Outlook, advanced Office Web Apps (OWA) integration, offline coauthoring options, the Office ribbon UI, document template gallery, Excel formula builder, Visual Basic support for task automation, and more.

For those looking for an excuse to migrate back to their beloved Mac from a Windows OS, the Office for Mac 2011 Outlook features a handy .pst import tool so you can import your mailbox right from Windows.

Microsoft is positioning Office for Mac 2011 as the “compatible … familiar … professional” choice, to be preferred over alternative office productivity suites.   It goes without saying OpenOffice is in their sights here, as it garners an increasingly greater share of Microsoft’s market by the day.

Some purchases of Office for Mac 2008 include a free upgrade to 2011.  Home and Student versions are available in single and 3-license family packs, and excludes Outlook.  Business versions are available in single and 2-license packs.  Both versions include limited technical support from Microsoft.

Tags:
Posted in Mac, Microsoft | No Comments »

Cisco study on mobility: Is the office really necessary?

Tuesday, October 26th, 2010

“Global study by Cisco reveals 60 percent of workers believe being in the office is no longer needed to be productive.  Demand to work anywhere, anytime stronger than desire for higher salary; two of three workers expect IT to allow access to corporate information with any device, personal or company-issued” – Cisco release

Mobile workers increase demand on ITA recent study commissioned by Cisco Systems, with statistics on worker mobility in relation to everything from productivity and corporate security, to company loyalty, salary and job preference, has been released with the tease line, “Is the office really necessary?”  The Cisco Connected World Report includes responses from workers and IT professionals in 13 countries worldwide.  Here are some of the key findings from the workers interviewed:

  • As many as 60% of workers believe their office is not integral to their productivity, with 66% expecting IT to permit corporate access from mobile devices, whether corporate or personal
  • A 66% majority said they would accept a position paying lower salary, provided it had greater flexibility with regard to mobile and  social media access, over a position paying a higher salary

The trends aren’t really surprising.  As offices offer increasingly greater options for mobile access, workers are going to continue to demand more.  The concern is actually with regard to the responses of the IT professionals interviewed :

  • Nearly half (45%) declared their company unprepared for increased mobile demand, citing security as the greatest impediment, with corporate policies and inadequate technology infrastructure factoring in as well
  • In support of their security concerns, 26% of IT respondents reported that one in four of the mobile devices issued to workers in the past year had already been lost or stolen

The study’s findings indicate that enhanced network infrastructure is absolutely necessary to accomodate the increasing demand for worker mobility, as well as management’s demand for worker productivity.  On the management side, progressive policies and employee education on mobile access will contribute to company morale and productivity, and, of course, data security.

Is your company ready to expand the boundaries of your office?  Contact Gyver Networks today to find out.

Posted in Cisco, Mobile, Network, Security, Uncategorized, Web, Wireless | No Comments »

Device driver and software compatibility lists for Windows Server, Windows 7, Vista, and XP

Monday, October 18th, 2010

You know the story:  you see a really cool new USB gadget or  some software that you just have to have online, in store, at a friend’s house.  You go to Amazon to order it, or maybeyou’re so excited you even drive to the mall to pick one up.  You get it home and plug it in, throw it in your DVD drive, whatever…

“Device not recognized?”  What?  It’s brand new!  How can it not work with Windows 7?

“Software does not support Service Pack 2?”  Aw, come on!

Well, you can avoid those moments of consternation by checking the compatibility of your coveted device and/or software before wasting your time and money hunting all over the Internet for drivers and patches that may or may not work from sites that may or may not be safe to download from:

Windows 7

See the Windows 7 Compatibility Center

See the Windows Logo’d Product List for Windows 7

Windows Vista

See the Windows Vista Compatibility Center

See the Windows Logo’d Product List for Windows Vista

Windows XP

See the Windows Logo’d Products List for Windows XP

Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows 2000 Server,
and Windows 2000 Professional

See the Windows Server Catalog

Legacy & Windows Me; Windows 98

Windows NT 4.0

Windows 98

Windows Me

 

Posted in Electronics, Hardware, Microsoft, OS | No Comments »

IPv4 addresses now 95 percent used up

Monday, October 18th, 2010

The final stages of the squeeze are arriving: of the 4.3 billion Internet addresses possible with today’s Net mainstream technology, 95 percent are gone.

That’s the word Monday from the Number Resource Organization, a group representing the world’s five regional Internet registries (RIRs) that dole out the numeric addresses.

“This is a major milestone in the life of the Internet and means that allocation of the last blocks of IPv4 to the RIRs is imminent,” Axel Pawlik, chairman of the Number Resource Organization, said in a statement.

ARIN, one of five registries that allocate Internet addresses, shows the steadily diminishing number of available "/8" blocks of 16.7 million IP addresses. In June, it was down to 16, but today, 12 remain.

ARIN, one of five registries that allocate Internet addresses, shows the steadily diminishing number of available “/8″ blocks of 16.7 million IP addresses. In June, it was down to 16. Today, 12 remain.

Text-based Internet addresses, such as http://news.cnet.com, are a convenient label for the numeric addresses that actually do the behind-the-scenes work when it comes to sending data such as a Web page across the Internet. Using today’s IPv4 (Internet Protocol version 4), though, the number of numeric addresses are dwindling. This is why Pawlik and many others are urging those with Internet operations to start supporting the more capacious IPv6.

A single IPv4 numeric address can be shared by multiple computers through a technique called network address translation. But NAT has its limits, so it’s no surprise that IPv4 addresses are in high demand.

Major companies including Comcast, Google, and Facebook are working to adapt to an IPv6 world, but countless smaller companies have yet to begin taking the plunge. Although IPv4-based Internet operations will continue to work, those with IPv4-only technology won’t be able to reach the IPv6 realm.

It was only last January that IPv4 exhaustion, as it’s called, crossed the 90 percent mark. Despite that rate and the difficulties of migrating to IPv6, the NRO does not believe there is a last-minute rush for IPv4 addresses. Meanwhile, the NRO is urging IPv6 action to head off fears of a “chaotic scramble for IPv6, which could increase Internet costs and threaten the stability and security of the global network.”

The entire IPv4 address space is divided into 256 blocks, each called a slash-8 or /8. There are now 12 /8s remaining. After seven more are allocated to the five RIRs, each RIR will get one of the last remaining five.

Those last five /8 blocks likely will be handed out to the registries in early 2011, NRO said.

That won’t be the complete end of IPv4 addresses, though, as the RIRs allocate the numbers to direct and indirect customers downstream.

IPv4 addresses are divided into four 8-bit chunks that together mean an IPv4 Internet address is a 32-bit number. IPv6 addresses, in comparison, use four 32-bit chunks for a 128-bit number. If you’re not conversant with binary math, that means there are 340,282,366,920,938,463,463,374,607,431,768,211,456 IPv6 addresses. So while the transition to IPv6 has been painful, IPv6 isn’t likely to run out of room any time soon.

Source:  http://news.cnet.com/8301-30685_3-20019836-264.html#ixzz12iS6GfIB

Posted in Web | No Comments »

DHS US-CERT security bulletin lists Microsoft, Adobe, Apple, Cisco, Google vulnerabilities as notable

Friday, October 15th, 2010

The Department of Homeland Security’s Computer Emergency Readiness Team (US-CERT) periodically releases comprehensive security risk updates for public review in an attempt to keep end-users as secure as possible.  The complete report can be found here, including links to updates, but notable – as designated by US-CERT – excerpts are listed below:

Microsoft released multiple updates in July.

  • Security Bulletin MS10-046 addressed a critical vulnerability affecting Microsoft Windows. This vulnerability is due to the failure of Microsoft Windows to properly obtain icons for shortcut files. By convincing a user to display a specially crafted shortcut file, a remote attacker may be able to execute arbitrary code.
  • Microsoft has released Security Advisory 2269637 indicating that it is aware of a remote attack vector for a class of vulnerabilities related to how applications load external dynamic link libraries (DLLs). See the Security Highlights section for further details.
  • The Microsoft Security Bulletin Summary for August 2010 addressed vulnerabilities in Microsoft Windows, Internet Explorer, Office, and Silverlight. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges.

Adobe released updates for Shockwave, Reader, and Acrobat.

  • Flash Player 10.1.82.76 addressed multiple vulnerabilities that may allow an attacker to execute arbitrary code or cause a denial-of-service condition. This vulnerability also affects Adobe Air 2.0.2.12310 and earlier versions. Refer to Adobe Security Bulletin APSB10-16 and US-CERT Vulnerability Note VU#660993 for additional details.
  • Adobe Security Bulletin APSB10-17 addressed multiple vulnerabilities in Reader and Acrobat. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition or execute arbitrary code.
  • Adobe security bulletin APSB10-20 addressed multiple vulnerabilities affecting Shockwave Player 11.5.7.609 and earlier versions. These vulnerabilities may allow an attacker to execute arbitrary code.

Apple released updates for QuickTime, iOS, and multiple applications.

  • QuickTime 7.6.7 for Windows addressed a vulnerability regarding a stack buffer overflow that exists in QuickTime error logging. By convincing a user to open a specially crafted movie file, a remote attacker could execute arbitrary code or cause a denial-of-service condition. Additional details are provided in Apple article HT4290.
  • Monthly Activity Summary – August 2010 3
  • iOS 4.0.2 for the iPhone and iPod touch and iOS 3.2.2 for the iPad addressed vulnerabilities in the FreeType and IOSurface packages. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or gain system privileges. Additional information regarding the vulnerability affecting the FreeType package can be found in US-CERT Vulnerability Note VU#275247 and Apple article HT4291.
  • Apple security update 2010-005 addressed multiple vulnerabilities affecting the ATS, CFNetwork, ClamAV, CoreGraphics, libsecurity, PHP, and Samba applications. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, cause a denial-of-service condition, or impersonate hosts within a domain. Refer to Apple article HT4312 for details.

Cisco released multiple Security Advisories in August.

  • Security Advisory cisco-sa-20100804-fwsm addressed multiple vulnerabilities in the Cisco Firewall Services Module. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition.
  • Security Advisory cisco-sa-20100812-tcp addressed a vulnerability affecting IOS Software Release 15.1(2)T. This vulnerability may allow an attacker to cause a denial-of-service condition by sending a specially crafted packet through normal network traffic.
  • Security Advisory cisco-sa-20100827-bgp addressed a vulnerability in the Cisco IOS XR Software Border Gateway Protocol feature. Exploitation of this vulnerability may result in the continuous resetting of BGP peering sessions, which may cause a denial-of-service condition for affected networks.
  • Cisco released Security Advisory cisco-sa-20100825-cucm and Security Advisory cisco-sa-20100825-cup to address vulnerabilities in Cisco Unified Communications Manager and Cisco Unified Presence. These vulnerabilities affect the processing of Session Initiation Protocol (SIP) messages. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition, which could cause an interruption of voice services.

Google released two updates for Chrome.

  • Chrome 5.0.375.126 for Linux, Mac, and Windows contained an updated version of the Flash plugin, which addresses multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.
  • Later in the month, Google released Chrome 5.0.375.127 for Windows, Mac, and Linux to address multiple vulnerabilities that may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or conduct spoofing attacks. Additional information can be found in the Google Chrome Releases blog entry.

Tags: , ,
Posted in Anti-Virus, Google, Microsoft, Security | No Comments »

Harnessing the Cloud for Hacking: Cloud password cracker is a sign of things to come

Friday, October 15th, 2010

Want to check if the password to your wireless network (or your neighbor’s) passes muster? For $34, you can do just that by using a password-cracking service that’s primarily aimed at “penetration testers”–people who are paid by a company to test its network’s security.

The service, known as WPA Cracker, is one of the first hacking services to rely on cloud computing. WPA Cracker went live on Monday–it uses pay-as-you go cloud computing resources to search for an encrypted WiFi Protected Access (WPA) password from 135 million different possibilities, says creator and hacker Moxie Marlinspike. Normally the task would take a single computer about five days, but WPA Cracker uses a cluster of 400 virtual computers and high-performance computing techniques. It takes only 20 minutes, he says.

“Security is moving into the cloud … so the attacks will follow security into the cloud as well,” says Marlinspike. “Password cracking is an obvious thing. Normally, it is cost-prohibitive to run CPU-intensive jobs. [With cloud computing] it costs a lot less money than doing it yourself.”

At its core, cloud computing is about providing services or infrastructure through the Internet that can easily be ramped up to meet demand. Online giants, including Amazon, Google, and Microsoft, all have services that offer the ability to run an application in a large data center or to rent time on a cluster of virtual computers, allowing customers to tap into large amounts of computing power more efficiently.

Security experts say the performance and costs advantages of cloud computing are already luring cybercriminals.

“We have seen attacks emanate from IP ranges associated with cloud-based computing services,” says Tom Cross, manager of advanced research at IBM’s X-Force security team. Cross would not elaborate on which services were involved, however.

Yet other real-world examples exist. In 2008, a spammer used Amazon’s Elastic Computing Cloud (EC2) service to blast out a massive campaign of porn-related junk e-mail. And last month, security firm Arbor Networks reported that a cloud application hosted on Google’s AppEngine platform appeared to be the command-and-control hub for a small botnet. However, Google removed the application for usage-policy violations and said that the malicious behavior was the result of a programming error, not criminal intent.

Even if the intent was not malicious, however, the example shows that poorly behaved applications can run in the cloud, says Danny MacPherson, chief security officer for Arbor.

“As more people start using cloud infrastructure, I absolutely think we will see malicious uses as well,” says MacPherson. “I would encourage anyone using those infrastructures to not make security a chewing-gum, bolt-on-after-the-development sort of infrastructure.”

In some ways, criminals have already started their own cloud services by compromising users’ computers and centrally controlling them. These botnets, as such networks are called, can be used for different tasks, such as sending spam, hosting malicious content, or sending a flood of data to overwhelm a target network. Some underground entrepreneurs even created an online market, dubbed Golden Cash, where criminals could buy or lease any number of compromised computers.

If a cloud service provider does not monitor its network sufficiently, a criminal could use the service to do the same thing.

“When you are building a botnet, what you are trying to do is use a lot of computers for some purpose,” Cross says. “If you can get a hold of a credit card, you can purchase a whole slew of virtual computers from a cloud provider.”

Already, Amazon’s service has become a playground for security researchers. This past summer, security firm SensePost revealed a number of techniques for abusing cloud services. By misusing the account creation process, for example, the researchers easily avoided Amazon’s 20-computer limit per customer. SensePost’s security team also demonstrated ways that malicious developers could create virtual-machine templates that included rootkits or other malicious code. If another Amazon customer used the template, they could find themselves vulnerable to attack.

“The cloud is going to offer the serious criminal huge computing resources on tap, which has lots of interesting applications,” says Haroon Meer, director of security research for SensePost. “If nothing else, it should change a few threat models.”

Source: http://www.technologyreview.com/web/24127/

Tags:
Posted in Security, Web, Wireless | No Comments »

Google’s WebP image support coming soon, ‘webconv’ tool released in SDK

Friday, October 15th, 2010

We’ve heard for some time now about the WebP image format Google made mainstream when it acquired On2 Technologies, but no notable browsers or image viewers support it natively.   There are some plugin options available presently for Chromium and on the Mac, but native support for WebP is coming soon to Google’s Chrome browser.  In support of that, Google recently  released the webconv WebP image conversion tool as part of their SDK.

For the hardcore graphics junkies out there who can’t wait to get started, here are a few WebP command line conversion tips to help  get a jump on implementation:

Syntax:

webpconv [-output_dir dir] [-format format] [-quality quality] input_file(s)

Arguments

-output_dir
Path to directory where files are placed. If no path is specified, files are created in the input directory.
-format
Output image format. Valid formats are: BMP, JPEG, PNG, WEBP.
-quality
Integer. Parameter that specifies the trade off between the file size and the quality of the output image. The range is from 0 to 100; 100 is the best image quality with the largest file size. If no value is specified, the default quality value corresponds to a target peak signal-to-noise ratio (PSNR) value of 42. A PSNR value of 42 is usually regarded as a good quality image.

Tags: ,
Posted in Google, Web | No Comments »

Microsoft Security Intelligence Report outlines malware trends, botnets top the list

Thursday, October 14th, 2010

Microsoft recently released a periodic SIR (Security Intelligence Report) designed to reveal trends in malware from over 600 million PCs around the world.  Yours may very well be one of them, if you didn’t uncheck the ‘I want to anonymously send information to Microsoft’ button during software/OS installs.

Among the information – and it is voluminous – that can be gleaned from the report are statistics relative to malware infection incidence by operating system, as well as a listing of the most prominent ‘rogue security’ (i.e., fake antivirus) malware and their ‘cover names.’   Have a look:

 

 

 

Fake antivirus

 

Microsoft chose to focus on botnet activity in this SIR as the predominant malware issue facing end-users today, bearing a great burden of responsibility for the spam that bombards you every morning, but also for many more serious crimes like identity theft.  Who would have suspected such nefarious activity from someone with a name as innocent-sounding as a “bot-herder”?

 

Bot network

 

The bottom line?  Stay protected with the latest antivirus and antimalware solutions, and contact Gyver Networks immediately if something gets through.  Loss of identities and/or invaluable data is too high a price to pay for complacency….

Tags: , , ,
Posted in Anti-Virus, Microsoft, OS, Web | No Comments »

Microsoft Office 2010 beta to end October 31st

Thursday, October 14th, 2010

Unlike the attention-grabbing reminder users experienced with the Windows 7 beta (where your PC would suddenly restart every two hours as a gentle prompt that the beta grace period was about to end and it was time to shell out some cash for a full version license), Microsoft Office 2010 beta will quietly expire on October 31st.

If the date mentioned in the EULA  snuck up on you and you’re really strapped for cash, you can download a 60-day trial from Microsoft that will grant you an additional stay of execution. Whether you decide to buy or try, though, you’ll have to uninstall the beta and reinstall the full version.

For environmental purposes, Microsoft is asking that users download their purchase copy electronically, as opposed to buying hard copies of the software.

Tags:
Posted in Microsoft, Office 2010 | No Comments »

« Older Entries