Goodbye Old Friend - Eulogy for the Best Printer Ever

IMG_5013.jpg

Finally saying my goodbyes to this classic beauty, a Canon Pixma iP5000, purchased some 13 years ago. I typically hate printers with a fury and a passion, but you were the diamond to polish my rough edges.

We've had many ups through the years, some downs. We've moved to 6 diefferent addresses together, and worked across 6 different versions of Windows from XP to 10. We made many Christmas gifts for loved ones during the leaner years, printed hundreds of treasured memories. You printed edge to edge, 4x6, 5x7, 8.5x11 and everything in between. You printed on letter, heavy stock, labels, envelopes, even canvas.

You were always there for me when I needed you; always willing to lend an ear through a lonely, late night at the office. You were like the pet I could never have (due to debilitating allergies).

My favorite thing we ever made were all the themed invitations, handouts, charts, and game pieces for wifey's Roaring 20s Murder Mystery birthday.

The past few years it has been getting harder and harder to find your ink cartridges, except for gross knockoffs that could never replicate your brilliance. Sadly, you died before I could use you to print photos of my youngest child. I need to replace you with your younger, higher end cousin, Canon Pixma iP 8720. She has promised me she will carry on your mission; but no printer could ever be as versatile, hard working or long-lived as you, you are irreplaceable.

I will truly miss you my gentle, sleek, easy to use photo inkjet printer. Your best color was always cyan.

Private services will be held Wednesday, December 20th, 2017, in the recycling bin at my local electronics recycling company. Friends and family welcome.

Of my friend, I can only say this. Of all the souls I have encountered in my travels, his was the most ... human.
— James T. Kirk

How Facebook Figures Out Everyone You've Ever Met

This article has a very interesting (and scary) look into how routine, mundane data about yourself and people you know can be so very valuable to a company like Facebook. Scrutinize everything you do online in regards to giving up personal data, personal access to your phone, and people you know.

KRACK WPA2 Wi-fi Exploit

You may well have heard of the security exploit that was discovered in the WPA2 key implementation that is widely used in all Wi-Fi network installations/devices, commonly referred to as the ‘KRACK’ exploit.

This does affect Wi-Fi networks, computers that use Wi-Fi connections, including laptops/desktop/smart phones/tablets, etc.

Information about the exploit can be found here (this is a technical document): https://en.wikipedia.org/wiki/KRACK

It should be pointed out in this document that it stresses that the weakness/exploit is in the WPA key management itself, (i.e. the software implementation), not in the encryption standards that are used to encrypt data for Wi-Fi connections, or the products that use Wi-Fi for data transmission.

For clients of FlightPath IT, we want to assure you that we have taken steps to apply a security upgrade to your Wi-Fi networking hardware that we manage at your organization, to protect your Wi-Fi communications from this exploit. We are also working to insure that any workstations or other devices that we manage for your organization will be updated with security patches from the vendor of the operating systems (Windows/Mac OS X, etc.)

To date, there are no reported exploits of this weakness in the WPA protocol key handling, but we are working proactively to insure that there is no risk in your organization.

Also, please be aware that if you are using a VPN connection over your Wi-Fi network, the data traveling over that connection would not be vulnerable to this exploit, since the VPN client software will encrypt that data separately.

If you have questions or concerns about this, please reach out to us and we will be happy to discuss in detail the steps we have taken to secure your infrastructure.

Ccleaner Ccompromised

Several publications are reporting that Windows efficiency tool Ccleaner has been compromised and the compromised version was distributed for over a month to over 2.3 million computers. Our company has never deployed or used this tool, nor advocated it's use. It was originally designed as a way to free up space on hard drives and evolved into a psuedo-privacy tool. I personally used it once in college and it removed some things that I needed, so it left a bit of a distate in my mouth, and I haven't given it a second look.

Anyway, if you use Ccleaner, make sure you are now using the current version, released on or after September 12th - and then once you are up to date with the latest version, I recommend unisntalling it - you don't really need it.

Tropical Storm Jose

Tropical Storm Jose is projected to hit coastal areas of southern New England starting late on Tuesday September 19th and the effects are expected to last into Thursday. Although a storm of this magnitude will bring lots of rain and wind, the biggest potential issue affecting our clients is power. Wind, trees and lightning can all disrupt power service. In general, critical infrastructure such as servers and network gear are protected by Uninterruptable Power Supplies (UPS) and surge protection and should be safe during power events. In addition, FlightPath IT staff is manually verifying the status of critical backups.

To prevent data or equipment loss for any non-critical computers, network gear or other infrastructure that are not protected by UPS or surge protectors (not basic power strips but true surge protectors) we advise our clients within the storm’s path to simply shut down and unplug these devices at the end of business Tuesday 9/19 as well as Wednesday 9/20. We also recommend unplugging these devices in the event of unexpected power loss during business hours. In some cases the danger lies not in the event of power loss, but in the restore of power as all the devices surge back on at the same time. Please contact us with any questions or concerns, at support@flightpathit.com or via our support line at 617-844-1411, option 1.

Equifax

US credit reporting bureau Equifax has released details of a massive breach that exposed social security numbers and other important credit details for 143 million Americans. This is ludicrous, one of the most imoprtant services this company should provide is protecting data - especially since most people don't even realize theeir credit worthiness and personal info is being tracked by this company.

Especailly reprehensible is that the breach occured for over 2 months and was discovered and stopped more than a month ago, but only became public today. In the meantime, 3 top executives sold off stock in the company.

You can see if you are victim of the breach by visiting here; though you have to endure a dubious, lenghty enrollment program.

Replacing Passwords

I recently read this article from Bloomberg concerning the progress of technology that could help replace passwords for security access. Passwords have lots of problems, the foremost of which is that the average person isn't aware how vulernable they are to password breaking or cracking.

The article discusses presence detection, voice recognition, facial recognition and other biometric measures, and while some of these technologies are promising, there are always people working tirelessly to break these technologies.

I personally believe we are a long way from getting rid of passwords. Essentially, even biometric measures just end up passing passwords behind the scenes, though the end user may not have knowledge of what that password is.

If we are a long way from getting rid of passwords, that means that our password are necessarily going to need to get longer and more complex and thus harder to rememebr.

When I started out in the industry, it was standard that a 6 character password was nearly impossible to crack with techniques available at the time. In the 16 or so years that have elapsed since I've graduated college, that safe number is more like 12 characters.

Best to practice safe secs.

Go(oogle) Phish

We've had a lot of clients hit by this phishing attempt today. Some people at one of our security service vendors were even hit, which just goes to show you no one is immune to these types of attacks. Google services for businesses (G Suite) is such a behemoth and in many cases is the "budget" solution. In our experience, being a behemoth means they are a large target. In our experience, the budget solution means they devote a lot fewer employees and a lot less money in protecting their clients and users, compared to their competition. If you are forced to use G Suite or other business solutions from Google, (or even just Gmail for your personal email) your best protection is enabling 2 factor authentication, followed by using password best practices that we have previously written about.