CEBUG blogs http://www.cebug.org/blog en Notes from the Field: Feb 20, 2014 http://www.cebug.org/blog/notes-field-feb-20-2014 <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p>Comcast has made an offer to buy Time Warner Cable. The deal which was accepted by TWC would combine the numbers one and two cable companies in the United States. Comcast which owns a number of media properties such as NBC and MSNBC has already given marching orders to its lobbyists to get the deal approved. In response, there has been some rather heavy criticism of the deal asking both Congress and the Justice Department not to approve the merger. As usual, Comcast has said this deal would give customers more choice, but as noted in the press, past mergers involving Comcast had evolved into even poorer customer service and significantly higher prices.</p> <p>A new worm called the Moon worm is spreading through the Internet. This worm targets Linksys routers which includes a large number of home users including CEBUG members.  Initially the Linksys E1000 and E1200 were targeted but that list now includes the following models: E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, and the E900. It is possible that even the older routers could be affected so you need to keep updated on this list. All of these routers need to have their firmware updated. The E900 and E1000 is no longer supported so updating the firmware may be out of the question. Apparently, the remote access function has a problem in the firmware in which home networks have been owned. Linksys/Cisco initially made no comment about this, but just today expanded the list of routers affected by this problem. The mitigation is to configure a good password for admin access, turn of remote admin functionality, or restrict the remote admin function to specific IP addresses users control. Another option is to remove the firmware completely and install dd-wrt which is router software that makes better use of the hardware found on most routers. However the caveat I’d suggest is that you engage with a security and/or IT experienced individual who has experience in making this firmware change. It is not for the light hearted and can brick a router in no time if not done correctly.</p> <p>There is a report of phony SSL certificates being issued that allow smartphones to access banking systems; Modern browsers are not fooled by the phony certificates, but mobile apps are.</p> <p>Adobe has rushed out another patch to fix yet another zero day flaw. This affects Flash versions 12.0.0.44 and earlier for windows and the Mac, and versions 11.2.202.336 and earlier for Linux. There are three vulnerabilities fixed in this update.</p> </div></div></div> Mon, 24 Nov 2014 03:01:38 +0000 MBorsick 39 at http://www.cebug.org http://www.cebug.org/blog/notes-field-feb-20-2014#comments CEBUG February 2014 Notes http://www.cebug.org/blog/cebug-february-2014-notes <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p>I was going to combine some new information since the last CEBUG meeting with my notes from the last CEBUG meeting. However, I decided that the new information was significant enough that it probably should be presented in its own article. Hence, this document only covers what I discussed in the February 2014 CEBUG meeting.</p> <p>Microsoft News:</p> <p>Microsoft Security Essentials (MSE) for XP (a free download from Microsoft) was originally going to be killed as of April 8th of this year. Security definitions that are updated daily (at least) were also to stop on that day. However, Microsoft has backed off that policy and has extended offering the MSE software and definition updates until July 2015. MSE is a low-end security scanner that is admittedly not capable of catching all viruses and malware out in the wild. The best advice I can give to people is to go with a third party antivirus/antimalware vendor who will support XP after April 8<sup>th</sup>.</p> <p>XP Mode which is found in Windows 7 will continue to work, but no patches will be released for it. XP Mode is a virtualized version of XP which was offered to Windows 7 users to run software that would not run under Windows 7. My experience with different software revealed that older accounting software and computer tools that ran in XP would not run in Windows 7. Hence XP Mode was a very good solution for problems of this kind. Frankly, XP Mode was a smart move by Microsoft, but unfortunately, they didn’t continue offering XP Mode with Windows 8. I suggest that anyone who is running Windows 8.x get a copy of Oracle Virtualbox and create virtual machines running XP for this purpose. Virtualbox can be found at <a href="https://virtualbox.org/wiki/Downloads" class="elf-external elf-icon">https://virtualbox.org/wiki/Downloads</a></p> <p>A question has come up about new XP installs and if they still have to be activated if done after April 8<sup>th</sup>. The answer is yes: XP can and must still be activated. However there will be no support offered by Microsoft if you run into problems.</p> <p>Microsoft will still be able to silently reach into Windows XP PCs for more than a year after it stops patching the operating system to clean malware-infected machines, sources close to the company confirmed. The Malicious Software Removal Tool (MSRT) will continue to be updated and deployed via Windows Update through July 14, 2015, 15 months after Microsoft serves its final public security patches for XP on April 8<sup>th</sup>. By extending the life of the MSRT -- and more importantly, automatically running it each month -- Microsoft will be able to clean some PCs if massive malware outbreaks hit Windows XP after it's retired from support.</p> <p>XP market share has jumped up a fraction despite looming update cutoff. Market share is determined by the numbers of computers running different operating systems onto certain sites on the Internet. While the numbers of XP machines has dropped in the past year, it appears that the drop bottomed out at 29% and remained there for several months. Recently, however, the number of XP machines has climbed back over 31%. My guess is that the increase is due to XP machines that were kept off networks such as we do in our company, and only put them back on for specific purposes such as updating machines, or running specific software.</p> <p>Microsoft has renamed SkyDrive to OneDrive because of a lawsuit with the British firm sky Corp.</p> <p>Microsoft has a new CEO with Satya Nadella replacing Steve Ballmer. Bill Gates has rejoined Microsoft as a technical advisor. Gates is no longer board chairman and Ballmer remains on the board. John Thompson formerly of IBM and Symantec takes over as board chairman. The sentiment is that there will be no major chances at Microsoft as a result of the management change.</p> <p>Other News:</p> <p>The first wide-scale hack that involved television sets and at least one refrigerator has been observed. This is the first home appliance 'botnet' and the first cyber-attack from the Internet of Things, a buzz phrase which now includes all the devices that connect to the internet and talk to the manufacturers of different products. In this case, hackers broke into more than 100,000 everyday consumer gadgets such as home-networking routers, connected multi-media centers, televisions, and at least one refrigerator. The devices were then used to send more than 750,000 malicious emails to enterprises and individuals worldwide</p> <p>The Target breach over the holidays now includes Michaels stores in addition to Marcus-Neiman. There are at least five other retail firms across the United States and Canada which were affected by this breach. It appears that the breach involved at least a two pronged attack; one by installing scanners on exposed cash registers and the other by corporate passwords given to an HVAC vendor for remote control purposes. Hitting close to home, we were contacted by Target for credit monitoring purposes. It appeared that even though we did not purchase anything from Target during the holiday season, the breach was wide enough that personal information that Target keeps on file about its customers was also accessed.</p> <p>Bit torrent throttling increases as does the throttling of Netflix and Google. A recent net neutrality case that was determined in favor of Verizon suggests that the major ISPs will throttle most Internet traffic in deference to their own traffic. In order to offer increased speeds to companies like Google and Netflix, the ISPs are putting pressure on high volume content providers and possibly even their customers for higher prices. The FTC which lost the case is working on other solutions to this issue. One thing to note is that I have been receiving comments from different friends and customers that their Internet speeds have been dropping lately. That might be the result of the rather cold weather we’ve been having being that people appear to have nothing else better to do than access the Internet, but it’s something to keep an eye on.</p> <p>An Adobe flash update is now available and is rated as critical.</p> <p>Radio Shack which ran a commercials during the Super Bowl about remodeling their stores, will also be closing close to 500 of them. When I last checked, there was no list of what stores would be closing. As part of the discussion during the meeting this month, it was mentioned that Radio Shack, which some of us use for particular parts like fans, diodes, etc., has been removing that kind of merchandise in favor of cell phones, electronic toys, etc. The website is still offering electronic parts, but I am not aware of how long that will continue.</p> <p>HP will begin charging for BIOS and firmware updates as of Feb 19th. Enterprise hardware (the ProLiant server line in particular) not covered under warranty or an extended warranty will not get access to this updates which formerly were free. HP has said that security updates would remain free. No mention was made about the rest of the hardware they sell. One thing to keep in mind is that while most enterprise products are installed, they are usually only touched for updates and adding new software programs for use in networks. If the operating system is changed, in most cases with HP, the firmware has to also be upgraded. Most large companies already have paid extended warranties in place. However smaller companies and hobbyists will not, and as expected, has drawn an uproar from the IT community. HP has claimed that BIOS and firmware updates are intellectual property and are considered as being pad for around the IT industry. However a check of this kind of policy shows that right now, HP is alone in instituting a policy of this type. While I don’t think this will hurt sales of HP servers at larger companies, small businesses and hobbyists will probably move away from HP servers.</p> <p>Cryptolocker strikes again; a small law firm in South Carolina had all its documents encrypted as the result of being infected by Cryptolocker. The firm has its IT staff find a solution to decrypt its files which is one of the triggers to encrypt the files permanently and then waited too long to purchase the needed BitCoin ransom to unencrypt files. After the ransom was paid and the key was received, the firm found out the key did not work. The only solution that remains is to do good backups off the system and restore if infected. I saw just last evening were PCPitStop is claiming that they can detect Cryptolocker and stop it from infecting your machine. While I can’t speak to the accuracy of this claim, I have some serious reservations that their software can stop this attack in its tracks. Take good backups and then restoring if infected remains the best security practice for this kind of attacker.</p> </div></div></div> Mon, 24 Nov 2014 03:00:26 +0000 MBorsick 38 at http://www.cebug.org http://www.cebug.org/blog/cebug-february-2014-notes#comments CrytoLocker Still Rages on the Internet http://www.cebug.org/blog/crytolocker-still-rages-internet <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p>One of the things that I’ve been following the past several months has been the CrytoLocker Trojan. Known in the security community as WORM_CRILOCK. CrytoLocker is ransom ware which when downloaded and installed on a PC, will immediately begin to encrypt files on the infected PC and continue until it has done so to every file.  Once completed, the user gets a message to contact the Trojan author to purchase the unlock key using BitCoin as the payment medium. There is no known way for security companies to break the encrypted files to get past this problem.</p> <p>Originally, this Trojan was found on P2P sites as an activator of software such as Adobe Photoshop and Microsoft office. It also could be delivered via email attachments and was initially centered in Europe and Asia. However it has now spread to the US. October saw a large increase in infected machines. Now a new variant can also spread via removable drives.</p> <p>There are basically five checks you should do when reading email:</p> <ol> <li>First, you should ALWAYS be sure you know who the sender is.</li> <li>Next, double-check the content of the message before you click on any links or open any attachments.</li> <li>Refrain from clicking on any links in the email going directly to the site listed directly, that is, enter the site into your browser and either let the browser take you there or do a search for the site.</li> <li>Be sure your software is up-to-date which includes programs, operating systems, anti-malware/virus programs and definitions.</li> <li>Finally, BACKUP important date on the PC.</li> </ol> <p>Backups are important because your choice to dealing with the Trojan boils down to paying the ransom for the unlock key, or rebuilding the PC from the bottom up which could also include purchasing a new hard drive. You will still not have access to the encrypted files in any case. You can stop an infection early by unplugging the PC from the power source. This will stop the Trojan from encrypting files because it exists in active memory stopping the encryption process. You can then try to recover what data you can before you rebuild the PC. However you must accept the fact that no matter how fast you can reach the power cord, something will get encrypted before the power dies.</p> <p>People should also exercise caution when using flash drives and the like. That also includes never connecting their drives into unfamiliar or unknown machines. I mentioned during the January 2014 CEBUG meeting that most security vendors can detect the Trojan provided your vendor software scans removable drives when inserted into a PC. Most vendors, and I recommend Vipre here, will ask you if you want to scan the removable drive when it is inserted. I would always say yes and let it do its thing.</p> <p>Keep in mind that CyptoLocker depends on social engineering to spread. That means, it relies on the user to open the infected attachment, insert infected removable drives, or click on strange links. Using common sense and keeping your antivirus and antimalware software up-to-date will mitigate most of these problems. However if you don’t know the sender, or you are not aware ahead of time that you are being sent an attachment, don’t open the email or click on any link or attachment if you do open the email. Be safe out there…</p> </div></div></div> Mon, 24 Nov 2014 02:57:28 +0000 MBorsick 37 at http://www.cebug.org http://www.cebug.org/blog/crytolocker-still-rages-internet#comments Notes from the Field http://www.cebug.org/blog/notes-field <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p>The McAfee brand is being phased out by Intel. A couple of years ago, Intel bought McAfee and has been incorporating McAfee into its different products. The McAfee products will be renamed “Intel Security”. Expect to see this change complete by the middle of the year.</p> <p>Intel Security is going to offer free mobility tools for smartphones and tablets to customers running Android, iOS, and other operating Systems to its customers.</p> <p>Belkin also in the last year bought Linksys from Cisco who had bought out Linksys some time ago wanting to gain entry into the home router and switch market. This didn’t work out as planned, so Cisco exited the home market. Belkin will continue to use the Linksys brand and maintain the familiar blue and black form of the Linksys product line. Belkin is still in the process of integrating the Linksys line into its own product line. If you do a search on the Belkin website, you will find that Linksys is not found anywhere. In fact, you still have to go back to the Cisco website to get support.</p> <p>For those people who are interested in what Belkin will do with the Linksys line, Belkin has already announced some information and future products. The familiar WRT54G router will be resurrected using open source software from dd-wrt.com and is adding the latest Internet and Wi-Fi technology to the router. The price tag, however, will increase to the $300 price level.</p> <p>It has been rumored that Microsoft will release an update to Windows 8.1 in the month of April. This update will be free. Rumors have just started regarding the next release of Windows which will be called version 9.</p> <p>As much as I hate to add my voice to the doomsayers about the impending death of Windows XP, Microsoft is making it rather difficult for most users to continue using it. As you know, Windows XP will receive its last update on April 8<sup>th </sup>of this year. Office 2003 will also cease support as of April 15<sup>th </sup>of this year. To make matters worse, Microsoft will be stop providing security and malware updates to Microsoft Security Essentials for XP in addition to ending the MSE scanning software for XP on April 8<sup>th</sup>.</p> <p>Microsoft’s first scheduled update for 2014 will only be four updates none of which are critical. The updates will fix problems with Word, SharePoint, and Dynamics AX. One bulletin will fix a problem that is present in to XP and 2003 Server which has been actively exploited since late last year.</p> <p>Oracle is releasing 147 security updates for software it sells or provides free. Most of it is not user group material. However Java is. There are 36 patches to be released in this batch. From what I have read, these patches will be considered critical and will need to be installed quickly. Apparently there is an active exploit that the patches will plug.</p> <p>The Target breech has now expanded.  In addition to the 40 million customers who used credit and debit cards during the November 27<sup>th</sup> to December 15<sup>th</sup> time period, another 30 million customers who have guest accounts were also affected.</p> <p>The Adobe hacker breech that I mentioned several months has now widen. It is reported now that over 152 million customer account information was obtained.</p> <p>The revelations regarding NSA spying continue to amaze. It is reported now that the NSA has the capability to drive all the way to individual components such as a hard drive on a PC connected to the Internet to gather information. That also means that any routers, switches, etc. can also be compromised.</p> <p>One thing that I found Interesting is that the FBI has the capability now to activate a web camera without activating the activity light on the webcam which tells you it is operating. In effect, the FBI can watch you, using various techniques, to see you, people and things around you, and also what you are doing on the PC at the time the camera is turned on. If you have a lens cover for your camera, I’d start using it if you are not using your webcam. Of course, people will claim they have nothing to hide, but it has already been reported that different individuals have used this ability to spy on girlfriends, wives, etc.</p> <p>One last note and this is what I am seeing here crossing into my own network. I am seeing a high number of email with attachments containing the Trojan.Zip.Bredozp.b (v). This is a banking Trojan consisting of a keylogger, a Trojan horse that allows the software to continue to affect connected computers and networks, and a backdoor which allows for remote access. What I am finding is that the Trojan is coming in via my Roadrunner email account. With regards to my company account, the appliance I have at the front of my network that scans incoming and outgoing traffic is catching the Trojan and not allowing it through. However my Roadrunner email is not routed through the scanner, so the infected attachment is caught by the Vipre security software component that scans all email loaded into Outlook which I use for a client. Here is a case where I and others in the security field have recommended that people use the approach of defense in depth, the depth being not only the main scanner at the edge of my network, but also on the mail server, and finally on the Outlook client itself. Even in this case, it does happen, though rarely, that something will come through, so the advice that I offered in my blog post should still be followed in any case.</p> </div></div></div> Mon, 24 Nov 2014 02:56:21 +0000 MBorsick 36 at http://www.cebug.org http://www.cebug.org/blog/notes-field#comments Review - Xara Designer Pro v9 http://www.cebug.org/blog/review-xara-designer-pro-v9 <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p><img alt="Reviewer Rating of 5 out of 5" src="http://www.cebug.org/sites/default/files/site-images/ratings-05.jpg" style="float:left;height:109px;margin:7px;width:182px;" title="Reviewer Rating of 5 out of 5" />In this review for <strong><a href="http://www.xara.com/us/designer-pro/" title="Link to product page - Xara" class="elf-external elf-icon">Xara’s Designer Pro X9</a></strong>, I will begin with my customary summary of what’s new. Do keep in mind that I wrote an extensive review of their <strong><a href="http://www.cebug.org/cebug/node/34" title="Link to earlier review">Web Designer X9</a></strong> earlier this year. <strong>Designer Pro X9</strong> is their all-in-one program including all of the wonderful tools found in <strong>Web Designer</strong>, <strong>Page &amp; Layout Designer,</strong> and <strong>Photo &amp; Graphic Designer. </strong>These programs have all received upgrades as well. For me, as I use Xara in so different ways, owning the all-in-one product makes the most sense. Those new to the program or seeking a specific set of tools have those options available.</p> <p>One thing I discovered very quickly, because I had decided to opt for their new 64-bit version, was that none of my <strong>Adobe Photoshop</strong> plug-ins would work within the program! In hindsight, this makes total sense as those were all written for 32-bit programs. It did take me by surprise at first, so I do want to pass that warning on. I should add that, as I have older versions of <strong>Xara</strong> programs that are 32-bit there’s no difficulty in my using them within those. Eventually I suppose 64-bit versions of some of those more popular ones will come out. The good news, for me anyway, was because I had chosen to go with <strong>Designer Pro X9</strong>, all of its wonderful photo tools were available to me.  </p> <h2>What’s New?</h2> <p>What are those <strong>Photo</strong> tools? The first one I choose to test out was the ‘<strong>Healing’</strong> tool, intended to remove facial imperfections. This is actually an upgrade for their <strong>Magic Erase</strong> tool that has been around for a while. Many new controls over a photo (or image) have been added too. Then again, do not make the assumption that these are limited only to photo optimization sort of tasks.</p> <p><a href="http://www.cebug.org/sites/default/files/users/ikraus/my-images/auctionTile2004.jpg" title="Seamless Tile example"><img alt="Seamless Tile Example" src="http://www.cebug.org/sites/default/files/users/ikraus/my-images/small_auctionTile2004.jpg" style="float:left;height:90px;margin:7px;width:90px;" title="Seamless Tile Example" /></a>One good example would be when creating a custom seamless tile such as the one shown. The technic for doing this has been around for many years, but it is made even easier with these new tools. For those who’ve not done this before, here is how this is done: 1) Create a square or rectangle in the size desired for the end tile. 2) Apply whatever background color or texture is desired for the background. A simple background normally works best for these, while keeping in mind <strong>Xara’s</strong> anti-aliasing function so as to avoid those funny ‘white’ boarders. 3) Add in whatever items are intended to make up the image (hint: make use of the <strong>Background Erase</strong> process discussed next where appropriate). 4) Select all items and convert it to a bitmap. 5) Draw a horizontal line across this image and slice it in 2. Repeat with a vertical line to make 4 pieces. 6) Swap those 4 pieces from corner to corner so the outside corners of your square (or rectangle) are now meeting in the center. Nudge them around a bit until they line up perfectly. Group them together so they stay where you want. 7) Make a new bitmap image. 8) Disguise the join area by using either the new <strong>Healing</strong> tool or bring in new objects. 9) Once you are pleased with the tile make sure you select anything new added to before making your final bitmap copy. Export that out as either a JPG or PNG and you’re done.    </p> <p>The <strong>Background Erase</strong> process was a bit more complicated to test out but again worked very well. In essence, you split your photo into two sections; the part that is to be preserved and the part that is to be erased. By all means, take your time in setting up the two masks so they ‘hug’ the shapes involved. I found this worked well even for an image that had a somewhat complicated background so long as care was taken in setting up those masks. VERY COOL tool! Checking out <strong>Xara’s</strong> site for their <strong><a href="http://www.xara.com/us/designer-pro/whats-new/" title="Xara's list of new Photo Tools" class="elf-external elf-icon">What’s New in Photo Tools</a></strong>, I see there are quite a few more I will have to test out.</p> <p>Taking a quick look at the changes for <strong>Page Layouts</strong>, here are a few I’d like to mention. Support for <strong>Google</strong> fonts is now a given here, as it is in their <strong>Web Designer</strong> tools. Last time I checked, there were over 800 different typefaces available there with free licensing. Even better is their built-in preview that probably ties back into <strong>Google’s</strong> built-in interface. I’m not quite ready to toss out my collection of font CD’s, but I can see that day coming soon!</p> <p>Text areas can now be split into columns. Then there are the text flow, page numbers, page and column break controls, etc. These improvements are so impressive; this aspect of <strong>Xara</strong> now makes it my recommended program for clients wishing to produce their own newsletters and brochures. Due to the fact I have been using <strong>Xara</strong> for over 15 years, I feel confident in stressing their high degree of color control in the print process. When I take into consideration all of the different printers I have own myself over those years, as well as print shops, <strong>Xara</strong> has consistently done an excellent job in matching what is shown on the screen to what is printed. By all means, do check with a print shop in advance for how to create an optimal master to obtain the best results.</p> <h2>Real World Usage</h2> <p><a href="http://www.cebug.org/sites/default/files/users/ikraus/my-images/Bag-Mockup2013.jpg" title="Bag Mockup"><img alt="Bag mockup" src="http://www.cebug.org/sites/default/files/users/ikraus/my-images/small_Bag-Mockup2013.jpg" style="float:right;height:90px;margin:7px;width:90px;" title="Bag mockup" /></a>Within most reviews I write, I like to include something on actual usage of the item in question; particularly when talking about software with the versatility of <strong>Xara</strong>. For this review the subject I’ve chosen a short sewing project revolving around an organizational bag for all of the cables and so-forth accompanying my new laptop. The finished bag will go inside the larger bag holding the laptop itself and will be 15” x 11.” This bag will close with a zipper, but this will appear a few inches down from the top thus helping (I hope!) to keep things inside it even when opened. Discounting the space used by that zipper still provides a 21” by 15” surface area for some sort of quilting design.  </p> <p><a href="http://www.cebug.org/sites/default/files/users/ikraus/my-images/CelticKnotPatternBag.jpg" title="Celtic Knot Pattern"><img alt="Celtic Knot Pattern" src="http://www.cebug.org/sites/default/files/users/ikraus/my-images/small_CelticKnotPatternBag.jpg" style="float:left;height:90px;margin:7px;width:90px;" title="Celtic Knot Pattern" /></a>I’ve long admired <strong>Celtic</strong> work in quilts, and the small size of this bag makes it ideal starter project. The key to <strong>Celtic</strong> work is bias tubes of fabric, so they can curve around in the desired manner. Backgrounds for this kind of work can vary from plain, to pieced background, or even swatches of fabric appearing under the tubes in the manner of applique. In drafting the knot within <strong>Xara</strong>, a thickened line is used to represent the tubes using care to keep the curves smooth. Once I was happy with the overall design, an additional page was added to contain a half-sized copy of the design for printing. This will be used to trace the knot pattern on the background fabric to help in positioning the bias tubing.</p> <p>With all of <strong>Xara’s</strong> wonderful tools, creating a good preview of a proposed sewing or quilting project is quite easy. The folded up fabric is scanned thus creating a bitmap image that could fill the shapes used in the design. This really helps me in choosing what fabrics to use to achieve the look desired. This practice is also of great help in building the documentation to go with an item. For example, <strong>Xara</strong> is also used to create the labels attached to the back of my quilted items. Labels and/or documentation have become increasingly important for anything that could become treasured family heirlooms through many generations. This is also a nice way to provide washing and/or care instructions to help preserve that item.</p> <h2>Summary</h2> <p>In closing, I have to stress yet again <strong>Xara’s</strong> versatility, fast performance, and color management. Every new version offers nice improvements all within an easy to understand user interface. From the time I first saw the program demonstrated in 1995, I knew it was much more than just an illustration program. An opinion I still hold to this day!  </p> <p><strong><a href="http://www.xara.com/us/products/designer/" title="Link to product page - Xara" class="elf-external elf-icon">Xara Designer Pro X9</a></strong>- Xara Ltd. <strong><a href="http://www.xara.com">www.xara.com</a>.</strong> Software requirements: Microsoft® Windows® XP, Vista®, 7, 8; Intel® Celeron® or newer, or AMD® Sempron® or newer; 500MB of RAM; 300MB of available hard-disk space. Price: $299, with significant discounts for those owning other Xara products or upgrading from previous versions.  </p> <p><strong><em>Irene M. Kraus</em></strong> does custom web programming and multimedia productions while acting as a writer on various subjects. She heads up <strong>Computer Erie Bay User Group (CEBUG) </strong>based in Erie County, Ohio, and owns <strong><a href="http://designworksinternet.com/" title="Link to Design Works Internet" class="elf-external elf-icon">Design Works Internet</a></strong> and <strong><a href="http://krauskreations.biz/" title="Link to Kraus Kreations" class="elf-external elf-icon">Kraus Kreations</a></strong>.</p> <p> </p> </div></div></div> Mon, 24 Nov 2014 02:48:28 +0000 IKraus 35 at http://www.cebug.org http://www.cebug.org/blog/review-xara-designer-pro-v9#comments Review - Xara Web Designer v9 http://www.cebug.org/blog/review-xara-web-designer-v9 <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p><img alt="Reviewer Rating of 5 out of 5" src="http://www.cebug.org/cebug/sites/default/files/site-images/ratings-05.jpg" style="float:left;height:109px;margin:7px;width:182px;" title="Reviewer Rating of 5 out of 5" />I know I don’t normally do a review of <strong>Xara’s</strong> stand-alone <strong>Web Designer</strong> program, but the latest version is so packed with great features I had to give it a try! Keep in mind this is a program aimed directly at the web designer market. For those looking for other combos of designer tools, I’d suggest looking at their <strong>Page &amp; Layout Designer</strong> or <strong>Photo &amp; Graphic Designer</strong> programs; both of which have also undergone recent upgrades.</p> <h2>What’s New?</h2> <p>The <strong>v9</strong> of <strong>Web Designer</strong> includes several web oriented enhancements, so it is hard for me to pick and choose those to talk about. Foremost is built-in support for <strong>Google Fonts</strong>, which provides over 600+ (by my last count) of license-free typefaces that can be imported into a site. Gone, in other words, are the days when there were less than 10 font family choices one could use! The <strong><a href="https://www.drupal.org/project/fontyourface" class="elf-external elf-icon">@font-your-face</a></strong> module for <strong><a href="https://www.drupal.org/" class="elf-external elf-icon">Drupal</a></strong> has been around for a while now. Now I can easily constructing my wireframe previews utilizing the very same fonts intended to be used on the web server for a more accurate representation. All of which adds up to less work on my part and therefore reduced costs I can pass on to my customers.</p> <p>I must also mention the improved <strong>HTML 5</strong> standard support. As of the time I write this (June 2013), it is still cited as a <strong><a href="http://en.wikipedia.org/wiki/W3C_recommendation#Specification_Maturation" class="elf-external elf-icon">W3C Candidate Recommendation</a></strong>. Like many others, I’ve been waiting for a very long time for this recommendation to come out; with that being the last fact I’ll mention on that topic other than to extend my appreciation to everyone for getting this standard to this point! <strong>HTML 5</strong> should make the job of any web designer so much easier with its increased support of multimedia content and mobile devices. For designers wishing to check the current support status of the browsers they are supporting, I recommend using the <strong><a href="http://html5test.com/" class="elf-external elf-icon">HTML5Test</a></strong> site.</p> <p>Getting back to <strong>Xara’s Web Designer</strong>, what this means is – where possible – your exported <strong>HTML/CSS</strong> will contain optimized code for the best browser support and minimal usage of graphics. This is quite important in the support of mobile devices that really dislike standard graphic types. Keep in mind that one of the beauties of <strong>HTML 5</strong>, as a standard, is that it degrades so nicely in older browsers. This approach is also in keeping with Ethan Marcotte’s <strong><a href="http://friendlymachine.net/posts/2011/when-a-trickle-becomes-a-flood" class="elf-external elf-icon">Responsive Design</a></strong> concept.</p> <p><strong><em><a href="http://www.xara.com/us/web-designer/" class="elf-external elf-icon">Xara Web Designer 9</a> </em></strong>- Xara Ltd. <strong><a href="http://www.xara.com">www.xara.com</a></strong> Microsoft® Windows® XP | Vista® | 7 | 8; 32-bit or 64-bit versions available. Intel® Celeron® or AMD® Sempron® or newer processor. 500 MB RAM, 300 MB hard disk space for program files. $99 to $49 but discounts available to those upgrading.</p> <p><strong><em>Irene M. Kraus</em></strong> does custom web programming and multimedia productions while acting as a writer on various subjects. She heads up <strong>Computer Erie Bay User Group (CEBUG) </strong>based in Erie County, Ohio, and owns <strong><a href="http://designworksinternet.com/" class="elf-external elf-icon">Design Works Internet</a></strong>.</p> <p> </p> </div></div></div> Mon, 24 Nov 2014 02:26:51 +0000 IKraus 34 at http://www.cebug.org http://www.cebug.org/blog/review-xara-web-designer-v9#comments Laptop Security http://www.cebug.org/blog/laptop-security <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p>I thought I'd pass along these guidelines that I read recently from the Security Awareness email from the SANs Institute: </p> <p>1. Make sure your security software has not expired. If it has expired, renew or replace it immediately.</p> <div>2. Update the anti-virus, anti-spyware and software firewall before you use your laptop.</div> <div> </div> <div>3. Check to make sure that patches and updates are current.</div> <div>Windows: <a href="http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us" title="Link to Microsoft site" class="elf-external elf-icon">http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us</a>.</div> <div>Mac: <a class="ext elf-external elf-icon" href="http://support.apple.com/kb/HT1338" title="Link to Apple site">http://support.apple.com/kb/HT1338</a></div> <div> </div> <div>Not sure how to keep your software up-to-date? Contact a computer consultant or your Internet Service Provider (ISP), or ask the computer support staff at the office.</div> <div> </div> <div>4. On the road, pick your hotspot connection carefully. Don't log on to any public hotspot that presents you with an invalid security certificate.</div> <div> </div> <div>5. Turn off the wireless adapter (Wi-Fi) when you are not using it.</div> <div>This will help prevent hackers from breaking into your laptop wirelessly.</div> <div> </div> <div>6. Avoid using computer bags. They make it obvious that you're carrying a laptop. Tote your laptop in something more common like a padded briefcase or suitcase.</div> <div> </div> <div>7. Never leave access numbers or passwords attached to your laptop or in your carrying case.</div> <div> </div> <div>8. Carry your laptop with you. Always take your laptop on the plane rather than checking it with your luggage.</div> <div> </div> <div>9. Keep your eye on your laptop. When you go through airport security, don't lose sight of it.</div> <div> </div> <div>10. Avoid setting your laptop on the floor. Putting your laptop on the floor is an easy way to forget, lose track of it, or step on it.</div> <div> </div> <div>11. Buy a laptop security device. If you need to leave your laptop in a room or at your desk, use a laptop security cable to securely attach it to a heavy chair, table, or desk.</div> <div> </div> <div>12. Use a screen guard. These guards help prevent people from peeking over your shoulder as you work with sensitive information in a public place.</div> <p>These are all rather common sense thoughts, but I think they are best reviewed periodically and certainly open to public access for the road warrior in you . <img alt="Cool" src="http://localhost/cebug/sites/all/libraries/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-cool.gif" title="Cool" /></p> </div></div></div> Mon, 24 Nov 2014 02:21:22 +0000 MBorsick 33 at http://www.cebug.org http://www.cebug.org/blog/laptop-security#comments Needless to say, Some Significant Patches are Needed Now http://www.cebug.org/blog/needless-say-some-significant-patches-are-needed-now <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p>I thought I'd take a minute to update people on a couple of items that are of interest in the computing community:</p> <p>As most people know by now, Microsoft has posted an out of band patch to Windows Internet Explorer (the browser). This patch is in response to an unpublished hole in the IE code which was exploited by unknown hackers to attack Google. I won't go into the details of the exploit and who is responsible, but this hole has existed for some time and has been used to gather critical information from not only Google as widely reported, but now also three of the largest petroleum companies in the United States. Needless to say, it probably doesn't end there.</p> <p>If you have not yet patched Internet Explorer, go to Windows Update NOW and get it patched. You can thank me later. LOL!</p> <p>Another Microsoft vulnerability that surfaced was a unpatched problem with the 16 bit engine included with 32 bit Windows software from Windows 3.1 to Windows 7. This is being referred to an a <strong>17 year</strong> vulnerability. Used to run MS-DOS and what is now very old 16 bit software, it is included in all 32 bit Windows operating systems. It is NOT included in 64 bit Windows operating systems, so those of you who use 64 bit Windows are safe for the moment. A fix for this problem is expected in the February patch cycle. There are fixes for this now on Microsoft's website.</p> <p>For people using Adobe Reader and other of Adobe's products, there are patches available for these products on Adobe's website. Frankly its gotten to the point that hackers are moving from attacking Windows to now attacking 3rd party addons like Adobe Reader. I don't think there is a quarter that goes by when another major patch is needed for the Reader. This is one of those patches you need to do now, so get over to Adobe's site and get it patched.</p> <p>I have suggested the Foxit Reader for some time as a replacement, but in the past, vulnerabilities found in Adobe Reader have somehow been found in Foxit Reader. So be sure you check the Foxit site if you are using that instead.</p> <p>The last thing I wanted to mention and I forgot to say something at the last <strong>CEBUG </strong>meeting is that Microsoft is now patching on a twice a month cycle. Critical pathes and updates are being done on the second Tuesday of the month while "important" patches are being distributed on the fourth Tuesday of the month. Most people are unaware of the 4th Tuesday patch day. For that matter, if you are using some of the speciality Microsoft software like Dynamics, those updates and patches are distributed on an as available basis.</p> <p>If you are expecting Microsoft to patch on one or two days a month, as we have found out, we are sadly mistaken. At least we are not seeing a new patch every day &lt;G&gt;.</p> <p>For now...</p> </div></div></div> Mon, 24 Nov 2014 02:20:04 +0000 MBorsick 32 at http://www.cebug.org http://www.cebug.org/blog/needless-say-some-significant-patches-are-needed-now#comments Microsoft Releases Out-of Band Patch http://www.cebug.org/blog/microsoft-releases-out-band-patch <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p>Today Microsoft released an out of band patch which affects all Windows operating systems, but only addresses current supported editions. This security update resolves a publicly disclosed vulnerability in the Windows Shell. Specifically, this vulnerability addresses how the Windows Shell processes LNK and PIF files which are found in nearly all Windows operating systems from Windows 1 to Windows 7. Unfortunately, this update only addresses the problem on Windows XP SP3, Vista, and Windows 7. People using XP SP2 are NOT covered in this patch released because XP SP2 is no longer supported by Microsoft leaving support on July 13, 2010. Needless to say, older Microsoft operating systems are also not covered. This problem was first discovered on SCADA systems around the world. SCADA systems are computer systems used by electric and other utilities to operate the various services which deliver electricity, water, gas, etc. Originally spread by infected USB drives, a Trojan called Stuxnet is now installed via the drive-by method visiting infected webpages. In the past week or so, I have seen reports of users and corporations being infected by this Trojan. Most, if not all, anti-malware vendors have signatures out to combat this Trojan, but the reports of infection have been increasing rather than leveling off. I recommend that you immediately download this patch today. In fact, do it now! I have been monitoring this issue for several weeks now and was disappointed that Microsoft, in the beginning, did not see this as a significant threat. Of course, how things have changed. If you want more information on the Stuxnet Trojan, do a Google search on Stuxnet with the first result being the Microsoft article on the matter. BTW, if the irony isn't any stronger, don't use Bing because all the results come in based on the keyword STUDENT...</p> </div></div></div> Mon, 24 Nov 2014 02:18:47 +0000 MBorsick 31 at http://www.cebug.org http://www.cebug.org/blog/microsoft-releases-out-band-patch#comments Hackers targeting social networking services http://www.cebug.org/blog/hackers-targeting-social-networking-services <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p>I know Marlin's been posting a number of articles on security issues, so here's one of my own. <a href="http://www.zdnet.com/article/spammers-try-to-dupe-linkedin-users-in-zeus-attack/" title="Link to remote article" class="elf-external elf-icon"><strong>ZDNet in the UK</strong></a> recently published an article on a known spam/exploit attack directed at <a href="https://www.linkedin.com/" title="Link to LinkedIn site" class="elf-external elf-icon"><strong>LinkedIn</strong></a>, a popular social networking service aimed at business users. In a nutshell, this attack sent out messages that looked like the normal 'connection' request sent out by <strong>LinkedIn</strong>. The link in the message, however, doesn't take you to the actual <strong>LinkedIn </strong>site but a look-alike that will attempt to install a Trojan on the machine.</p> <p>According to that report, there is only one known person who is known to have fallen for this lure. My concern is that - taking into account how easily messages can be spoofed - such a thing can occur with darn near any kind of social networking service. Moral here is, I guess, to never follow links inside e-mail messages from such sites. Go to the actual known service site, login and check your messages there! Oie!</p> </div></div></div> Mon, 24 Nov 2014 02:17:33 +0000 IKraus 30 at http://www.cebug.org http://www.cebug.org/blog/hackers-targeting-social-networking-services#comments