Discover how mastering email communication can boost business efficiency, avoid common pitfalls, and ensure secure, respectful online interactions.
Turkey Revenge
The turkeys are pissed this Thanksgiving they are seeking revenge.
Germs Infest 60% of Americas Phones
60% of Americans sleep with their phones, harboring germs. Cleaning regularly with UV sanitizer or alcohol wipes can help keep your phone and bed germ-free.
Smartphone Sanitizing: A Practical Guide
Securely erase personal data from your old smartphone before recycling. Protect your identity from hackers—easy steps to follow.
Why Soft Skills Matter in Today’s Job Market
Boost your career with essential soft skills like communication, teamwork, and emotional intelligence. Learn why they’re crucial for workplace success.
Cables Carrying Fake UL Marks
Underwriters Laboratories recently warned that two communications cable products carried “counterfeit UL marks.” Neither cable has been evaluated by the laboratory for safety. In addition, UL claims that the two cables do not contain required flame-retardant elements, so they both pose fire hazards. The first warning regards a StarTech product while the second carries the brand name Monoprice.
Back in January Underwriters Laboratories (UL) issued a public notice that identified StarTech communications cable as being mislabeled. According to an article in Cabling Installation & Maintenance, UL stated that the cable, “bears a counterfeit UL Mark for the United States and may pose a fire hazard.” The safety organization states, “The communications cable has not been evaluated by UL to the appropriate standard for safety in the United States, and is not authorized to bear the UL mark or any reference to UL.”
Further, the notice states that the cable “is missing required flame retardant elements. This may cause an increased risk of fire.” The box bears the brand name StarTech and has the terms “ISO 9011,” “UL,” “ETL,” and “IECQ” printed on it. According to UL’s notice, the cable jacket includes the following: “CMR Type 4PR 24AWG 75C (UL) E151955-A CSA LL79189 ETL Verified TIA/EIA-568-B.2 CAT 5E UTP 350 MHZ Patch Cable B-8A1004 ROHS Compliant.” The UL alert says that the cable was sold at overstock.com and may have been sold at other locations.
In a February article at Cabling Installation & Maintenance, there is a similar problem with cable sold by Monoprice. The UL issued, an alert to the public that Monoprice cable uses the UL mark without authorization and lacks certain fire-retardant materials. The UL alert says this cable is known to be also sold at www.greenconnectionsusa.com
The Fiber Optic Association has a YouTube video that demonstrates the fire dangers of counterfeit communications cable.
The StarTech response to the UL warning shared with Cabling Installation & Maintenance seemed more concerned about their ISO certification than correcting the problem. StarTech issued the following statement on January 24: “StarTech.com has been an ISO 9001 registered company since 1998 and is currently certified as ISO 9001:2008 compliant. As such, we take this matter seriously and have issued an internal corrective action report (CAR) and are investigating the circumstances surrounding this incident. Based on the outcome of our investigation, appropriate action will be taken.”
Monoprice’s response to Cabling Installation & Maintenance came from company rep. Chris Apland. The firm claimed they did not know about the misleading and dangerous cat 5 cables. He claims they did not know what their vendor was doing. “Unbeknownst to us at the time, Monoprice’s former vendor for the product in question was inappropriately labeling our product certifications.”
He goes on to claim the firm is sorry and has changed its ways. “Monoprice terminated our relationship with the vendor in question … We apologize to both UL and to our customers for any confusion this may have caused.” Mr. Apland added in the firm’s response that Monoprice’s “new vendor provides a higher quality Cat 6 bulk cable that includes the critical fire-retardant material called for in the UL complaint … we have since been in contact with UL through our China office…”
rb-
In order to prevent safety problems on your job site, the Communications Cable and Connectivity Association (CCCA) recommends the best practice is to buy proven quality, name-brand cables and patch cords for known vendors.
Other recommendations include:
- Check for the UL holographic label on all boxes or reels of cable.
- Verify the UL mark and cable type on the cable jacket.
- Consult the UL online certifications directory to find if the manufacturer has a UL listing via the UL file number (the E number).
- Verify the authorized UL marks and correct terminology appear in cable specifications (cut sheets)
- Weigh the box of cable. Substantially less weight may indicate non-compliant copper clad aluminum (CCA) conductors were used in place of solid copper
The CCCA has developed the Cable Check™ App to help check these best practices. Download the app from Apple’s (AAPL) iTunes to detect cables carrying fake UL marks on your job.
Related articles
- How Monoprice is eating the tech world from the inside out (buzzfeed.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: low voltage |
Tags: 2013, Cable, Cat 5, Cat 6, Fraud, Monoprice, Safety, StarTech, Underwriters Laboratories
Dropbox Warms Up to Corp IT for IPO
In preparation for its IPO, Dropbox is warming up to corporate customers reports InfoSecurity. the general consensus about Dropbox within the business community is that it is an excellent service, but lacks security. Data breaches, a lack of visibility into and control over how stored and shared files are used make the app seem insecure to many corporate users. GigaOM points out that large companies, including IBM (IBM), forbid its use. One of the criticisms, InfoSecurity cites is that employees leaving the company (either through termination or leaving to join a competitor) will automatically take any potentially sensitive files stored in their Dropbox accounts when they leave the company.
The new Dropbox Team (the corporate multi-user offering) dashboard seeks to make that more attractive. This paid-for service costs $795 per year for 5 users plus $125 for each additional user. The new dashboard provides the team leader with greater visibility and control over which members can access individual files, and what they can do with those files. In particular, if a team member leaves the company or just the team, access to the stored files can be immediately blocked.
These new features do not prevent an employee from opening a separate personal account and using that to exfiltrate sensitive files. However, InfoSecurity claims they make it more likely that it would be a planned (and probably illegal) act. Unfortunately, the greater part of the shadow IT use of Dropbox is likely to occur simply because the staff is seeking to make their jobs easier and more efficient. By providing an official Dropbox Team account, the need to bypass security becomes less pressing. Dropbox will benefit from increased income while business benefits from increased control.
A second new security feature within the new dashboard is the ability for the team leader to insist on and ensure the use of two-factor authentication by the team members. Optional two-factor authentication was announced by Dropbox last July. It followed the breach involving users’ re-used passwords. “Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts,” announced the company at the time. Two-factor authentication can solve this issue, and the team leader can now insist upon it and ensure that individual team members do not subsequently turn it off.
It is possible that this improvement to the corporate Dropbox may be the start of preparation for a Dropbox IPO. IDC estimates that the enterprise file-sharing market will be worth $20 billion by 2015, and Dropbox is currently valued at around $4 billion.
“Over 2 million businesses have people inside them using Dropbox. It’s already pervasive, we just want to make it easier for IT to say yes to those people asking for Dropbox,” Sujay Jaswa, VP of business development for Dropbox said in an interview with GigaOM.
Among business accounts, GigaOM says Google (GOOG) is getting traction with the Google Apps–Google Drive combo and Microsoft (MSFT) integrates SkyDrive storage with Office and Windows 8. Box, the company most associated with Dropbox-of-the-Enterprise, touts its support of all client devices but targets larger companies including Netflix, Dow Chemical, and Procter & Gamble.
rb-
Other competitors in the Dropbox-of-the-Enterprise niche are Accellion’s kitedrive, Egnyte, GroupLogic’s activEcho, SurDoc, and ownCloud. Still, it’s hard not to see all these rivals battling it out for the same paying business customers down the road.
At $125 per seat it seems awfully expensive, is it good enough for corporate IT to warm up to Dropbox in time to save its IPO?
Related articles
- Sure Dropbox is Potentially Insecure, but Does it Matter? (cloudave.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
School Kids’ Data at Risk – Part 2
In the Huffington Post article, “In Push For Data, Schools Expose Students To Identity Theft” author Gerry Smith writes about the growing risk of school kids data being stolen across the country.
Read Part One here:
Data Quality Campaign, an organization that encourages states to build student databases argues that students’ Social Security numbers are useful for education policy by creating “enhanced analytical opportunities” for evaluating school curriculum. “The more important conversation is not whether states are collecting Social Security numbers, but how they are ensuring the privacy, security, and confidentiality of all personally identifiable information,” Laird said in a statement to the Huff Post. “We can’t speak to how Social Security numbers are collected and stored at the local level,” she added.
The article cites one survey that concludes student PII is not stored very securely. Only half of K-12 schools use data encryption, according to a survey of IT employees at K-12 schools nationwide. 72% cited budget constraints as the primary barrier to improving their IT security, according to the survey by Panda Security (PDF). Collecting PII in central databases with lackluster security is asking or trouble, “This is making a much bigger honey pot for people with malevolent purposes to gain access to children’s information,” Joel Reidenberg, a professor at Fordham University School of Law. He told The ID Channel, “It’s a meltdown waiting to happen.”
School districts in 26 states now ask for students’ Social Security numbers. The Michigan Department of Education states (PDF), “A school district cannot mandate that parents disclose the social security number of their children.” Huff Post states that Texas is one of those states where education officials use PII to connect K-12 records to higher education and workforce data, according to Debbie Ratcliffe, a spokeswoman for the Texas Education Agency.
Last year, the Texas agency asked eight school districts to send PII, including Social Security numbers, through the mail on unencrypted CDs for research purposes. The article reports that Laredo Independent School District learned the CD it sent got lost in the mail, exposing nearly 25,000 current and former high school students to identity theft, according to the Texas Tribune. Ratcliffe told The Huffington Post that the request came from an agency employee who operated “way outside” normal protocol.
It was not the only school data breach in Texas.
- Beaumont school officials told parents that Social Security numbers belonging to an estimated 15,000 students were accidentally exposed online for nearly a year.
- The San Antonio Independent School District told parents that names and Social Security numbers of up to 360 students were mistakenly made visible through a Google search.
Still, the Texas Education Agency has no plans to stop asking school districts for students’ Social Security numbers, Ratcliffe told the author. “We have so many databases that use them that it would require quite a bit of change to make that happen,” she said.
Yet concerns over child identity theft have prompted at least five states — Nebraska, North Dakota, Washington, Maine and Wyoming. to create policies that restrict the collection and use of Social Security numbers in K-12 schools.
Jerry Coleman, director of school finance at the North Dakota Department of Public Instruction Coleman said in an interview, “To protect those Social Security numbers would be a hassle we don’t need,”
Parents can refuse to disclose their child’s Social Security number, and the student would be assigned a different identifying number. Ratcliffe, of the Texas Education Agency, said most parents disclose their child’s number anyway.
But privacy experts say, in most cases, parents should keep that information to themselves. “When someone asks for your child’s Social Security number, say no,” said Aaron Titus, chief privacy officer for Identity Finder, which helps organizations protect sensitive data. “I have found about 90 percent of the time when I push back a little bit, I get my way.”
Data breaches leave people six times more likely to become victims of identity theft, according to a survey by Javelin Research. Schools warn parents to monitor their children’s credit after a data breach. The Huff Post says credit reports only turn up 1 percent of fraud on children’s credit histories because thieves pair children’s Social Security numbers with new names and birth dates, a study by Debix found.
More than 18,000 child identity theft complaints were reported to the Federal Trade Commission. But experts tell Huff Post that figures on child identity theft are likely much higher because the crime often goes undetected for years. ID Analytics estimates more than 140,000 children are victims of identity theft each year, based on a one-year study of those enrolled in the firm’s identity protection service. When child identity theft victims turn 18, they find their credit has been destroyed, preventing them from taking out loans or renting apartments.
rb-
Consumers Unions points out that Michigan law restricts how Social Security numbers can be used. In Michigan, SSNs cannot be printed on ID cards, intentionally communicated to the public, and/or publicly displayed or mailed within an envelope.
Related articles
-
- Child Identity Theft: Warning Signs and Action (lexingtonlaw.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: 2013, Breach, Data, Identity Theft, K12, PII, Security, Social Security number
UP EAS Warns of Zombie Attack
Emergency Alert Systems at northern Michigan television stations sent out a fake emergency alert warnings. The alters warned the UP of a zombie attack after being hacked. The fake broadcast warned that bodies were rising from the grave and alerted people to avoid contacting the walking dead.
MLive 
reports the message went on Monday about 8:30 p.m.. The zombie attack warning interrupted “The Bachelor” on WBUP, ABC 10 and “The Carrie Diaries,” a prequel to “Sex and The City,” on CW. The same person got into Northern Michigan University’s public television station WNMU-TV 13. That message interrupted “Barney and Friends” at about 4 p.m., reports NMUstation manager Eric Smith.
“People panicked and it was crazy and we didn’t know how to stop it,” Cynthia Thompson, station manager and news director at ABC 10 and CW 5 in Marquette, MI said. The suspected hacker has been caught, according to MLive, Ms. Thompson could not release any further details on the suspect.
Attacks around the nation
Similar attacks were reported at Great Falls, MT station KRTV and KNME/KNDM in Albuquerque, NM. The security breach’s occurred at stations that didn’t have their login names or passwords reset from factory default settings, said Ed Czarnecki, senior director for strategy and regulatory affairs for Monroe Electronics Inc., a Lyndonville, NY based manufacturer of EAS equipment. “We are very aggressively working with authorities … to ensure that all broadcasters have updated their passwords on their critical equipment,” he said.
Michigan Association of Broadcasters CEO Karole White said the MAB is taking the issue very seriously and working with the Michigan State Police and Federal Communications Commission on the case. “Though this was kind of a pranksters joke, they could have used a different code that could have caused people to be very concerned and possibly even panic,” CEO White said.
InfoSecurity says the problem goes beyond just passwords. Mike Davis, a security expert with IOActive, submitted a report to US-CERT detailing flaws in the equipment used by the EAS system a month before the incident. “Changing passwords is insufficient to prevent unauthorized remote login. There are still multiple undisclosed authentication bypasses,” he told Reuters via email. “I would recommend disconnecting them from the network until a fix is available.”
Really, really, terrible software
According to Kaspersky’s ThreatPost, the flaws Mr. Davis unearthed allowed him to do exactly what Monday’s hacker did. “There is some really, really, terrible software on the other side of that box,” Davis said. “There are some known issues like authentication bypasses and what I would call back doors, although I don’t know if they were meant that way. While I can’t provide authenticated messages [from the EAS system itself], I can log into all of them and insert authenticated messages.”
“The problems that Davis found,” warns ThreatPost, “represent a serious weakness in the EAS system. Some of the ENDECs (encoder-decoder) are networked together in a way that enables them to relay messages to one another, so an attacker who could compromise one could conceivably cause problems on others, as well.”
rb-
Umm Networking 101, change your default passwords.
Haven’t the dead been roaming the halls of Congress for years? Brain dead anyway!?
Related articles
- Emergency Alert System devices vulnerable to hacker attacks, researchers say (networkworld.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow him at LinkedIn, Facebook and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: 2013, Apocalypse, EAS, Emergency Alert System, Hack, Marquette, Michigan, Northern Michigan University, Password, Security, Weak, WNMU, Zombie
School Kids’ Data at Risk
Gerry Smith writes about the growing amount of school kids’ data being stolen across the country. In the Huffington Post article, “In Push For Data, Schools Expose Students To Identity Theft” the author explains why. Data thieves want this information to commit identity theft. The author cites several recent cases:
- Hackers broke into the computer network of an El Paso, TX school district, They stole a database of about 63,000 students’ Social Security numbers.
- School officials mailed out 5,000 postcards with students’ Social Security numbers printed on the front in Wake County, NC.
- Social Security numbers of 8,000 Palatine, IL special education students were lost when laptops belonging to a state contractor were stolen.
- A former Broward County, FL high school teacher was sentenced to six months of house arrest for stealing the identities of students.
- A police officer for the Palm Beach County School District was sentenced to eight years in prison for stealing the identities of former students and teachers.
The article says these incidents highlight the growing risk of school kids’ vulnerability to identity theft. Across the country, schools have become conduits for children’s pristine Social Security numbers. The students’ numbers are increasingly falling into the hands of credit-hungry identity thieves. The frequent data breaches have prompted calls for schools to stop collecting sensitive student data. The breaches have angered parents like Art Staehling, whose 14-year-old daughter was among 18,000 Nashville students who had their Social Security numbers accidentally exposed online for three months in 2009.
They left the gate wide open for data theft
“They left the gate wide open,” Mr. Staehling told The Huffington Post. “It’s clumsiness. There’s no excuse for it. If schools want that information, there should be some sort of penalty paid if they don’t guard it with their lives. I haven’t found a reason why they honestly need it.”
Schools collect students’ Social Security numbers as part of a campaign to more precisely track their progress. But privacy experts told Huff Post there are less risky ways to identify students. The privacy experts accuse schools of needlessly exposing children to identity theft by gathering their Social Security numbers. Mn then not securing them.
The push for collecting student data began under the federal No Child Left Behind Act. Financial incentives in the 2009 stimulus package, including Race to the Top‘s $250 million in competitive grants drove schools to collect student social security numbers, according to Reidenberg.
The U.S. Department of Education has warned schools not to use students’ Social Security numbers in their databases. The Huff Post says the Feds urge schools to create other unique identifiers. The National Center for Education Statistics warned schools last fall that. They told educators that Social Security numbers are “the single most misused piece of information by criminals perpetrating identity thefts.”
School abuses student’s Social Security numbers
Despite the warnings, the collection and use of student’s Social Security numbers in K-12 schools remain “widespread.” An audit last year by Patrick O’Carroll, the Social Security Administration‘s inspector general. The IG found students’ Social Security numbers printed on transcripts, tests, and athletic education forms. According to the article, the audit concluded that schools were using the numbers “as a matter of convenience.” Mr. O’Carroll found there have been at least 40 data breaches of confidential student information at K-12 schools since 2005.
In his report, O’Carroll wrote.”We believe the unnecessary collection and use of Social Security numbers is a significant vulnerability for this young population. Each time a student provides his or her Social Security number, the potential for a dishonest individual to unlawfully gain access to, and misuse, the number increases.”
Read Part 2 here.
rb-
Consumers Unions points out that Michigan law restricts how Social Security numbers can be used. In Michigan, SSNs cannot be printed on ID cards, intentionally communicated to the public, and/or publicly displayed or mailed within an envelope.
Related articles
- Young children can be identity-theft targets (goerie.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: 2013, Breach, Cybersecurity, Data, Hack, Identity Theft, K12, Michigan, No Child Left Behind Act, PII, School Data Breach, Security