by Felicien | Dec 6, 2017 | Education
We like tech, it’s what we do. As the holiday shopping season kicks into overdrive, we are bringing you 12 of the most requested, most wanted tech gifts for 2017. Check back each business day between now and December 19th for another must-have tech item and why you should check it out.
If you’re a gamer, especially a console gamer, you’ve no doubt heard of or are watching the Xbox One X. Microsoft has taken its flagship console, the Xbox One, and turned it up a few notches. Sporting 40% more power than any other console on the market and a 6 teraflop GPU (that’s crazy fast), it’s able to produce true 4K visuals.
The new Xbox comes equipped with a 4K Blu-ray disc drive (only console that has this), 4K DVR and 4K streaming, fastest load times of any console on the market, and is compatible with all of your Xbox One games and accessories. The Xbox One X comes with a 1TB hard drive and retails for $499.99 and is in stock at most retailers but you might want to check availability before driving down to your local retailer.
The Xbox One X is an impressive piece of hardware that brings 4K visuals to stunning life. Now you just need that beautiful new 4K TV. (check back next week for more on 4K TVs)
Happy Holidays and good luck on the tech hunt from all of us here at {company}!
by Felicien | Dec 6, 2017 | Education
When business owners regale the virtues of Office 365, others listen and say, “Well, maybe one day we’ll look into it.” The problem with this kind of thinking is that it puts O365 in a box only reserved for larger companies, and that’s not how the platform is designed to work. Many of the features Microsoft has recently added are beneficial for small businesses that want to grow.
An Upgrade from Traditional Licensing
New, small businesses tend to take a casual approach to licensing, buying individual licenses for their personal/work computers as needed. That’s fine, but only for a while. Eventually purchasing one-at-a-time licenses for the Office Suite or other important software becomes expensive and complex to manage from an administrator’s perspective.
O365 is designed for businesses that have grown beyond a few people, into a staff of employees with multiple desktop computers and mobile devices. When you purchase a package, you’re purchasing services based on the number of users, instead of trying to manage individual licenses, or one-time purchases. This makes it easy to plan for upcoming hires while creating a system that you can manage easily. It also helps you close the door on significant security vulnerabilities.
Collaboration Through the Cloud
Cloud tools are everyway these days, and O365 does a particularly good job of encouraging cloud collaboration. No matter what documents you’re working on, they are connected across Office 365 via platforms like SharePoint, so that you team can see them, share and work on them at the same time. Cloud collaboration is built in from the ground level for Word, Excel, Outlook, PowerPoint, and other core Microsoft apps.
Additionally, Office 365 adds powerful collaboration tools that help teams communicate.
The “Teams” app allows people to connect with each other and share information in a more casual IM/email combo.
Planner lets you to schedule events across the office, or assign tasks to specific teams.
Yammer is a social space where you can share docs, videos, updates and questions with your groups.
Office 365 comes with plenty of collaboration tools for the modern business—All you have to do is take advantage of them.
Syncing Data Across Everything
O365 is fully synced, another advantage of using cloud computing to share data. In other words, it doesn’t matter which device you switch to, your O365 apps will all be updated with the latest changes so that you won’t miss out on anything. This widespread syncing is a boon to young companies that need flexibility for their busy employees who hop from one device/location to another. Everything stays up to date, and no one gets confused because a meeting or document got changed.
Plus, syncing with Office 365 doesn’t require a VPN (virtual private network) or other complex setup on your part—Everything syncs right “out of the box” for the services you use, without any extra effort.
Cost Considerations
Startups may see higher fees when they first switch to O365, since the subscription-pay structure is more expensive than a one-time software purchase. However, Microsoft designed it this way to provide more value by including additional services and tiers for different types of businesses.
The good news about this subscription model is that fees are very predictable. They become a set item on the budget so you don’t need to worry about sudden expenses when adopting new technology or creating a new position.
Excellent Threat Intelligence
When you’re ready to upgrade your security, Office 365 is right there waiting for you to make the move. Part of the O365 package (including in the E5 Enterprise tier) is a new Threat Intelligence that includes tailored administrator reports about ongoing security efforts, new threats, and steps to take to secure data. These reports also access systems operations look for suspicious activity, and report it in alerts.
Remember, hackers love to target smaller companies because they often don’t have the strong security that larger corporations do. Prove them wrong by advancing your security efforts.
Reliability and Recovery
Microsoft aims for 99% uptime on its O365 services. If they do go down, you can bet that they’ll be available again in short order. This reliability is important to meet key deadlines – It’s also better than many smaller vendors can offer. Additionally, the cloud-based nature of O365, and the extended use of OneNote and backup services means that data is generally easy to recover if the worst happens and you lose information.
New Lead Management Services
One of O365’s newest benefits for smaller companies is Connections, an email marketing service that allows you to manage and automate leads from Outlook. Set appointments, keep track of contact information, reply to discussions, and much more. It’s very useful for a business that’s still building a customer base but isn’t quite ready for a full marketing platform.
Simplified Invoicing and Listing
Finally, Office 365 provides Listings and Invoicing, two vital services for small businesses. Listings helps you manage your online business profiles to make sure your contact/location information shows up where it should. Invoicing helps you quickly create, send and monitor invoices for clients, plus it’s customizable for a variety of industries.
Interested in Microsoft Office 365 for your business? Let’s talk about it! CompNetSys provides a variety of data services and IT consultations for companies like yours. Contact us at 1.866.205.8123 or sales@compnetsys.com to learn more.
by Felicien | Dec 5, 2017 | Education
We like tech, it’s what we do. As the holiday shopping season kicks into overdrive, we are bringing you 12 of the most requested, most wanted tech gifts for 2017. Check back each business day between now and December 19th for another must-have tech item and why you should check it out.
There’s little denying that this year’s “must have” tech item must be the new iPhone X from Apple. The iPhone X (pronounced “ten”) arrives during the tenth anniversary of the original iPhone back in 2007. Apple has released their iPhone 8 this year as well, but the big dog here is the iPhone X.
Sporting a 5.8-inch, OLED super retina HD display, the screen is capable of 4K video up to 60 frames per second, stunning colors, true blacks, and a 1,000,000 to 1 contrast ratio. It’s the largest iPhone screen to date. It sports dual 12 MP cameras that use facial recognition to unlock your phone. The home button is gone and has been replaced with facial recognition.
The phone is water and dust resistant and covered front and back in the most durable glass in a smartphone. The iPhone X has an all glass and steel construction including surgical grade stainless steel. The new iPhone charges wirelessly.
If all this sounds like your cup of tea, prepare to empty the bank to get one. The 64 GB model will run you $599.99 while the 256 GB model goes for $799.99, both prices are with a two-year contract. It comes in both silver and space gray. All Apple stores, carriers, and retailers have limited stock with several not shipping until mid-December. It’s best to get your order in as early as possible.
The new iPhone a bit too pricey this Christmas? Keep an eye out next week for a less expensive alternative for the must-have smartphone.
Happy Holidays and good luck on the tech hunt from all of us here at {company}!
by Felicien | Dec 5, 2017 | Education
Strategies for Telling the Difference Between Legit Companies and Scam Sites
The online landscape can often feel like a field full of landmines. Phishing scams and infected websites are everywhere, waiting for unsuspecting victims to make a wrong click or inadvertently hand over sensitive data.
As technology professionals, we know the importance of being able to tell a scam artist from a legitimate service provider. We also know the value of using real-life experiences as teaching tools. That’s why we’re going to share a recent experience of ours.
How We’re Using a Message We Received to Empower Online Consumers
Not too long ago, we received the following message through our website:
I am highly concerned about getting my computer fixed through this company today. Is there anything you can send me to confirm this is not a fraudulent company?
First, we should make it very clear, that no, we are definitely not a fraudulent company. On Time Tech has been providing strategic and reliable IT support to individuals and businesses in all industries for nearly 15 years. The combined experience and expertise of our team allows us to deliver the highest level of IT service for California business owners. You can check out our wide variety of dynamic and strategic service offerings here.
However, we also want to say: we get it. In fact, we applaud the vigilance in the message we received. Trusting your personal or business devices with an external company for repair requires a certain level of assurance. Businesses and individuals alike should never haphazardly send information to a company before doing their research.
So, we’ve decided to use this message as a teaching tool. What strategies can individuals and professionals use to detect fraudulent sites from legitimate ones? Our goal is to offer concrete tools that will help consumers of all kinds feel more informed and empowered when navigating the online marketplace.
Tips and Tricks: How to Tell a Legitimate Site from A Phony One
As mentioned, trying to secure products and services online can be a tricky game. Cybercriminals are constantly coming up with new and convincing ways to trick consumers and get their hands on sensitive personal or financial information. Consumers shouldn’t have to use guesswork to figure out whether a company site is safe or not.
So, let’s check out the leading ways consumers can determine if a site is legitimate:
Examine the Site’s Security Status
As soon as you visit a website, the first way to verify if the site is legitimate is to check the address bar for the site’s security status. In most browsers, a “safe” site will display a green padlock icon next to the word Secure to the left of the website address. Even better? You can click on that padlock icon to verify the specific security details of the website, including the type of encryption used.
Check Out the Site’s Connection Type
You can also use the address bar to determine the website’s connection type. Websites that use the https tag are usually more secure and in turn more trustworthy than websites that use the HTTP designation. The reason is that https sites have the most legitimate security certifications available. For phony and illegitimate sites, going through the process to get these certifications is too much of a hassle so they use the HTTP tag instead.
It’s especially important to make sure the website’s payment page uses the https tag. However, it must be noted that websites using an https connection can still – on occasion – be unreliable or illegitimate, so it’s important to verify the website using other strategies as well.
Evaluate the Website’s URL
You can also break down the different parts of the website’s address or URL to determine how legitimate it is. A website URL consists of three different sections:
The connection type – http or https,
The domain name – like ours for example, ontimetech, and
The extension – .com, .net, etc.
Even if you’ve verified a secure connection it’s a good idea to look for the following URL ‘red-flags’ that may indicate a suspicious site:
Numerous dashes or symbols in the domain name.
Domain names that imitate legitimate businesses like ‘Wallmart’ or ‘Faceb0ok’.
One-off sites that mimic the site template of a legitimate website, like ‘visihow’.
Domain extensions like “.biz” or “.info” – these tend to be illegitimate.
IMPORTANT NOTE: It’s important to keep in mind that while “.com” and “.net” sites are not inherently unreliable, they are the easiest domain extensions to obtain. As such, they don’t always carry the same credibility as “.edu” (educational institute) or “.gov” (government) sites.
Look for Sloppy Content and Bad English
Once you’ve examined the address bar, it’s a great idea to scan the website for bad English or sloppily written content. If you notice lots of poor-spelling, missing words, bad grammar or awkward phrasing, that’s an indication to question the credibility of a website.
Even if the website in question seems technically legitimate so far, checking out the content and the way the site is put together can help give you a better idea if the source is trustworthy.
Watch for Over-the-Top Advertising and Pop-Ups
This is another huge element to be on the look for. If the site you’re visiting has a huge amount of flashy and annoying pop-up ad’s or ad’s that automatically play audio, the site probably isn’t legitimate. The following types of website ads are red flags:
Ads that take up the whole page.
Ads that require you to take a survey, or complete a task before continuing.
Ads that redirect you to another webpage.
Explicit or suggestive ads.
Use Google
Once you’ve explored the site content, if you still have doubts, use Google Reviews as a tool to determine legitimacy. Type the website in question into the Google search bar and review the results. Google compiles user reviews of high-traffic sites near the top of the search results – check and see if the site in question has any reviews and read them thoroughly. Make sure the reviews you read are from reliable, third-party sources.
Google also has a useful Transparency Report webpage. You can use this site to quickly run a website’s address through the Google transparency service to see the safety rating it’s been given from Google.
When in Doubt, Use the Website Contact Page to Reach Out
When it comes down to it, it’s always better to be safe than sorry. Most websites will include a Contact Us page where users can ask questions and send comments and concerns to the owner of the site. If you’re able too, call the number provided or send an email to help verify the legitimacy of the website. Sometimes getting in touch with another human is the best way to determine legitimacy. If the site in question doesn’t have a Contact page listed anywhere, it should be an immediate red flag.
Navigating a Dangerous Cyber Climate: Balancing Fear with Strategy
No matter what kinds of websites you’re visiting it’s always a good idea to be on the lookout for con artists and fraudulent websites. However, fear of being hacked or scammed should never take over your ability to connect with the companies you need to. You should never have to sacrifice getting things done because you’re afraid the internet isn’t safe.
That’s why it’s critical to get used to the detection strategies in this guide. If you rely on concrete strategies to assess website legitimacy and safety, you’ll feel much more empowered making decisions and handing over information on the world-wide-web. Furthermore, you won’t feel stuck or unproductive, because you’ll feel more confident in your ability to tell a scam from the real deal.
by Felicien | Dec 5, 2017 | Education
Apple has become an authority in providing us with useful software and the required fixes that inevitably come with the development of this software. This was proven true Wednesday, November 29th, 2017 after a bug in Macs High Sierra software was discovered. The bug was discovered by a Turkish software developer by the name of Lemi Orhan Ergin. Tuesday, November 28th Ergin made the announcement on Twitter, directing the tweet at Apple. The tweet reads “Dear @Applesupport, we noticed a huge security issue at MacOS High Sierra.” By Wednesday morning Apple had resolved the issue, meaning that their response time was less than a day after the issue was reported. If this isn’t an example of dedicated customer service I’m not sure what is.
The bug was only apparent in MacOS High Sierra 10.13 or 10.13.1 software. This bug caused a security issue in many Macs running the latest software as it allowed unauthorized personnel unchecked access to anything that existed on the Mac in question. Not only did it allow full access from the lock screen by simply choosing “other user” upon login, but it allowed access to the Mac through the use of the word “root” as the login name, without the requirement of a password. Ergin gave us the how-to on Twitter, listing the steps that would need to be taken as “System Preferences>Users and groups>Click the lock to make changes. Then use “root” with no password.” Ergin ended his tweet by saying “The result is unbelievable!”
Not only did the bug allow those with physical access to the Mac the ability to hack in, but it was also a potential issue with screen sharing. Through screen sharing hackers in remote locations could gain access to the information on the affected computers.
MacOS High Sierra 10.13 and 10.13.1 were the latest software update for the Mac, however, it has since been replaced with a software that fixes this bug. To correct the problem Mac users need only to update their Mac to the latest software. This can be done in the App store on your Mac. By first opening, the App store and then selecting updates in the toolbar users can see which software they are currently using. Here you can select the update button to update your Mac to the latest software. All updates that have occurred in the last thirty days will also be visible here so you can see if you were running High Sierra 10.13 or 10.13.1. This will give you insight into whether you had the potential to be affected by this bug.
It is fortunate that this bug was discovered and fixed so quickly. However, it also puts into perspective how sensitive the information we store on our devices may be, and even more how we should work to protect this information. Since the main threat of this bug was through physical access to Macs it is important to remember to keep sensitive devices in secure locations. If you don’t want others gaining access to your personal or private information precautions must be taken. It is also important to be aware of what software you are using on your devices and whether there are any known or reported issues with the software you are using. Mac users are able to find out which software they are running by selecting the apple icon in the left corner of the screen and then clicking “About this Mac.” After you are aware of what software you are using it is important to be aware of updates or new information that may surface regarding this software. There is no such thing as being too informed where the issue of security is concerned.
The High Sierra security issue is just one bug of many that Apple or any company work to fix each time a new software is released. This is to be expected, as fixing problems before they arise seems pretty much impossible. What is important to take away from this is the amount of effort we should all be put into keeping our devices locked and safe. To ensure that the files we consider to be for our eyes only are in fact only viewed by ourselves. We must remember to keep our devices in safe places, where not everyone will have access to them. It is also a good idea to be aware of what software’s we are running and when, as well as any potential issues the software might have. Staying informed however cannot ensure that there will not be issues, which is why people like Lemi Orhan Ergin and companies like Apple are essential to ensuring device security.
by Felicien | Dec 5, 2017 | Education
MacOS vulnerability gives any user full admin rights without a password
We all want to believe that the technology platforms we use are invincible. But, the reality is, software flaws exist. And some of these flaws don’t even require sophisticated hacking to exploit – they’re just sitting ducks, waiting to be found. Unfortunately, that’s the current challenge for Apple.
Apple is usually in the news for their latest innovations and new products, but recently an easily exploitable vulnerability in Mac’s High Sierra Operating System (OS) has made headline news. The security flaw enables a root superuser account without a password, giving attackers full access to all parts of a Mac machine.
The Background: How the MacOS Security Flaw was Detected and How it Works
High Sierra’s “root” bug was first revealed by Turkish software developer Lemi Orhan Ergin, who says security staff at his company happened to stumble upon the issue while trying to restore account access for a user. The issue was then made public by Ergin, who demonstrated the flaw in a Tweet to Apple’s tech support account.
The flaw is made possible any time a user encounters a prompt in High Sierra asking for a username and password. This includes logging into a machine with multiple users, installing an application, or changing settings. Users are then able to simply type “root” as a username, leave the password field blank, click “unlock” twice, and immediately gain full administrator access.
In other words, the bug allows any rogue user that gets their hands on a Mac computer to gain the deepest level of access to a computer, known as root privileges. Malware designed to exploit the flaw could also fully install itself deep within the computer, with no password required.
Even worse, is that the flaw can be exploited even when it’s not possible to enter a username at the main MacOS login screen. Users can still take advantage of the flaw via the system preference settings. For example, an attacker could enter the root as the username in the Users and Groups preferences setting, leaving the password field blank, and clicking on the unlock button.
After that, it’s possible for an attacker to wreak havoc on a business network. They can add new accounts with full administrative rights and could also turn off MacOS security features such as FileVault disk encryption, install malware, not to mention the ability to steal, copy or delete data.
Dangerous Access: Why the MacOS Flaw is Especially Scary
News of the security vulnerability spread like wildfire across Twitter and other social media platforms, with many security researchers confirming that they were able to replicate the flaw exploit. Security researchers Patrick Wardle and Amit Serper posted that they had been able to gain unauthorised access by exploiting the root flaw. WIRED also independently confirmed the bug.
What’s terrifying is the fact that the attack could be used on a logged-out account. This raises the possibility that someone with physical access could exploit it just as easily as malware, meaning the threat is both internal and external. Users could, for instance, use the attack to gain root access to a logged-out machine, set a root password, and then regain access to a machine at any time. This means if someone did this to any company machine sitting on a desk, they could come back later and do whatever they wanted.
Wardle explained the external threat as well. He noted the flaw can also be exploited remotely if the target MacOS system has resource sharing services enabled.
“Attempting to log in creates the root account with a blank password,” said Wardle, a security researcher with Synack. “If the root account is disabled, logging in remotely re-enables it.”
This creates a huge threat to MacOS systems and leaves devices vulnerable to potential threats within and outside business organizations.
How to Patch the Flaw: Setting a Root Password to Prevent Unauthorised Access
Unfortunately, despite suggestions that the flaw can be mitigated by disabling the computer’s guest account, this doesn’t work. It simply restarts the computer with Safari as the only application running.
It is possible to mitigate against the flaw, however, by adding a password for the root user. Here are the directions for adding a root password:
Access the Users and Groups preferences pane.
Select the Login Options
Select the Join Network Account Server
In the dialog box that pops up, click on Open Directory Utility.
From the tool’s menu bar, select
Here, you’ll be able to assign and change the password for root privileges.
IMPORTANT NOTE: Simply disabling the root account in the Open Directory utility tool does not work, as the root account becomes re-enabled when entered into the username field upon login
However, the safest fix is to install Apple’s newly released update. About 18 hours after the vulnerability was made public, Apple released a patch for the ‘root privileges’ flaw. If you haven’t yet applied the latest update, you should do so asap. Apple blamed the flaw on a logic error in the validation of account credentials. They improved credential validation strategy with the patch and accepted responsibility for leaving users vulnerable to threat.
“Security is a top priority for every Apple product, and regrettably we stumbled with this release of MacOS,” the company said in a statement. “We greatly regret this error and we apologize to all Mac users, both for releasing the OS with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.”
Frightening Patterns: MacOS Security Flaws Becoming More Common
“We always see malware trying to escalate privileges and get root access,” says Wardle. “This flaw is the best, easiest way ever to get root, and Apple has handed it to them on a silver platter.”
And unfortunately, the root access bug isn’t an isolated event. The flaw is only the latest in a disturbing series, that has plagued the High Sierra OS. On the day the operating system launched, Wardle determined malicious code running through the software that left data up for grabs. Another reported bug apparently showed the user’s password as a password hint when trying to unlock an encrypted partition on their machine known as an APFS container.
Wardle argues that flaws could be identified and stopped quicker if Apple launched a “bug bounty” for information about security vulnerabilities in its desktop software. Bug bounties are becoming an increasingly popular way for tech companies to proactively mitigate threats and identify system vulnerabilities. Apple already has a bug bounty for iOS, but still nothing for MacOS.
“A bug bounty program is a no-brainer. Maybe this is something that will encourage them to go down that path,” claims Wardle “It’s crazy these kinds of bugs keep blowing up. I don’t know if I should laugh or cry.”
Despite the efficiently released patch from Apple, this latest security flaw should leave Mac users on high alert. Staying in tune with the latest Mac product line is great, but it’s even more important to stay in tune with Mac security updates and potential software flaws. You can only protect your business data if you know the latest threats to combat.
If you have questions about the MacOS security flaw or need a hand making sure you have it patched, reach out to our team of technology experts. Trying to mediate a wide variety of cyber threats can be time-consuming and stressful – sometimes checking in a team of professionals makes all the difference.
