Discover how mastering email communication can boost business efficiency, avoid common pitfalls, and ensure secure, respectful online interactions.
Turkey Revenge
The turkeys are pissed this Thanksgiving they are seeking revenge.
Germs Infest 60% of Americas Phones
60% of Americans sleep with their phones, harboring germs. Cleaning regularly with UV sanitizer or alcohol wipes can help keep your phone and bed germ-free.
Smartphone Sanitizing: A Practical Guide
Securely erase personal data from your old smartphone before recycling. Protect your identity from hackers—easy steps to follow.
Why Soft Skills Matter in Today’s Job Market
Boost your career with essential soft skills like communication, teamwork, and emotional intelligence. Learn why they’re crucial for workplace success.
8,200,000,000 Data Breaches
2019 is on pace to be the worst year ever for data breaches. If things continue at the same pace 8.2 billion records will be exposed by the end of 2019. The threat intelligence firm Risk Based Security reports that during the first half of 2019 over 4.19 billion records were exposed in 3,813 reported breaches between January and July 2019.
Those numbers work out to more than 20 data breaches a day. Eight mega-breaches that exposed more than 100 million records were reported. These web-based breaches were primarily the result of leaving databases accessible to third parties and failing to protect them. Forbes reports that these misconfigured databases and services accounted for 149 of the 3,813 incidents reported this year. According to Forbes, the mega-breaches exposed over 3.2 billion records and accounting for 78.6% of the total records exposed in the first half of 2019.
Largest data breaches
The 10 largest data breaches for the first half of 2019 are:
- Verifications.io (982 million),
- First American Financial (885 million),
- Cultura Colectiva (540 million),
- unknown organization in India (275 million),
- unknown organization in China (202 million),
- Dubsmash (161 million),
- Canva (138 million),
- Justdial (100 million),
- Mobile Drip (80 million), and
- Unknown U.S. firm (80 million).
The Verifications.io, First American Financial, and Cultura Colectiva breaches are ranked among the top 10 breaches of all time based on the number of records exposed.
Consumer Affairs says the Verifications.io, an email marketing company whose misconfigured database exposed 982,864,972 names, addresses, and Facebook, LinkedIn, and Instagram accounts. The information associated with the breach includes email addresses, dates of birth, phone numbers, fax numbers, genders, IP addresses, and personal mortgage amounts. As a result of the incident, Verifications.io has ceased operations.
If you’ve bought a house, particularly in California, another breach may impact you. First American Financial Corporation exposed 885,000,000 records. Consumer Affairs writes that exposed data included real estate closing transaction records that contained names, Social Security numbers, phone numbers, email and physical addresses, driver’s license images, banking details, and mortgage lender names and loan numbers.
Other interesting data breach infobits
- The number of breaches also reached a new high during the first half of 2019.
- The average number of records lost per leak was just 230.
- The majority of breaches had a moderate to low severity score and exposed 10,000 records or less.
Thankfully RBS says more critical data was less commonly stolen during attacks.
Social Security numbers were stolen in 11% of attacks,- Addresses were stolen in 11% of attacks,
- Account numbers were stolen in 10% of attacks,
- Birth dates were stolen in 6% of attacks,
The sectors impacted
- Healthcare 224 breaches,
- Retail 199 breaches,
- Finance and insurance 183 breaches,
- Government and information 160 breaches each, and
- Education 99 breaches..
Inga Goddijn, executive vice-president at Risk Based Security told ComputerWeekly.com,
It is hard to be optimistic about the outlook for the year … The number of breaches is up and the number of records exposed remains stubbornly high. Despite best efforts and awareness among business leaders and defenders, data breaches continue to take place at an alarming rate.
Phishing
Phishing is a tried and tested first step for gaining access to systems and services, the report said. The phished data can be used to perpetuate attach. The most frequently stolen data are email addresses and passwords. These credentials are valuable to attackers because they can be used across multiple domains (because we know users don’t use unique IDs for each account) for credential stuffing. These credentials can also be changed by the attacker (or the Owner). The report points out that 70% of the known breaches included email addresses and 65% included passwords.
Phishing can also lead to other critical but less monetized data. The report said phishing can lead to the exposure of unusual or unexpected types of data, including electronic signatures, calendars, marriage certificates, and company-issued employee ID numbers, all valuable for social engineering or spear-phishing attacks.
rb-
Businesses need to get their security act together – they were responsible for over 2/3’s of the breaches by RBS. The garden variety cyber-criminal is a script-kiddie who will run automated scripts looking for unsecured databases in order to scrape up any data they can. The big breaches make the headlines, but the everyday incidents make the money for most attackers.
Related Posts
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Why Coffee Is Called “a Cup of Joe”
Followers of the Bach Seat know that coffee is vital to life. And while there and many ways to have a coffee – drip, cold brew, cappuccino, Irish, lattes, macchiato, mochas, even worse – iced mochas. And many places to get your coffee from home, Starbucks, Dunkin Donuts, or the best – Tim Horton’s to get your morning pick-me “cup of joe.”
Why do we call our morning pick-me a “cup of Joe?” There are a number of theories why it’s “Joe.” The first theory dates back to 1898 when according to Driftaway Coffee‘s blog, Martinson Coffee trademarked the term “cup of joe.” Martinson Coffee was founded in New York in 1898 by Joe Martinson. The author speculates that the coffee may have locally been called “Joe’s coffee” or a “cup of joe.” As the company grew, “cup of joe” could have expanded from a local nickname to a more widely used term by the 1930s
Brooke Nelson at Readers Digest says the most popular origin story goes back to Josephus Daniels during World War I. Mr. Daniels was appointed Secretary of the U.S. Navy during World War I by President Woodrow Wilson.
Mr. Daniels, a teetotaler, and vehement white supremacist imposed General Order 99 that prohibited alcohol aboard U.S. Navy ships on June 01, 1914. According to this theory, the loss of easy access to booze aboard U.S. Navy ships led to increased coffee consumption by sailors. The sailors sarcastically called it their new beverage “a cup of Josephus” in honor of the man who had banned their booze. The snarky name stuck and eventually turned into “a cup of Joe” for short.
Ms. Nelson concludes that this origin story for “cup of Joe” is amusing, but probably not true. She points out that the term “cup of Joe” only appears in writing for the first time in 1930—long after the Navy’s alcohol ban. Barbara Mikkelso at Snopes.com also points out that U.S Navy ships had been officially dry for enlisted men since the spirit ration was abolished in 1862.
Another theory is that “Joe” refers to the average man and is often used as slang for “fellow, guy, or chap.” Snopes reports this usage dates to 1846 and is still present today. “Joe” is used to describe a typical guy who is interchangeable with any other guy:
- “G.I. Joe,”
- “Joe Blow,” or
- “Average Joe.”
So “cup of joe” could be another way of saying “the common man’s drink.”
Another origin story holds that “joe” is a mash-up of two other slang words for coffee “java” and “mocha.” The mash-up led to “jamoke,” which combines the words “java” and “mocha.” Eventually “cup of jamoke” was shortened down to a “cup of Joe.” People do love to shorten their slang terms, after all.
Snopes says jamoke is the best theory for morphing into joe. The British etymologist Michael Quinion found an early documented example from 1931 in the Reserve Officer’s Manual by a man named Erdman:
‘Jamoke, Java, Joe. Coffee. Derived from the words Java and Mocha, where originally the best coffee came from.’”
rb-
So, where did this nickname really come from? No one knows for sure. No matter what you call it (or how you take it!), you can always count on a cup of joe to help you function in the morning.
Related Posts
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: 2019, Andy Warhol, Coffee, Elvis Presley, jamoke, Java, Marilyn Monroe, Navy, POTUS
Symantec Sold
Updated 01/08/2020 – Broadcom is selling off parts Symantec less than 2 months after closing the deal. Reports have consulting giant Accenture buying Symantec’s Cyber Security Services unit for an undisclosed amount.
Under the deal, Accenture will take over Symantec’s global network of six security operations centers located in the U.S., the U.K., India, Australia, Singapore, and Japan. The SOC’s provide threat monitoring, analysis, and incident response services. Accenture says it will use the Symantec business unit to boost its managed security services.
—
Updated 09/17/2019 – As predicted below, Symantec has started slashing jobs. According to reports, up to 230 Symantec employees will be terminated on October 15, 2019.
—
I could have saved a bunch of people a bunch of money– IF you had read this post – you would already have a doubt about this deal – before professional prognosticators Forester said the same thing on August 9th. In their report analyzing the deal, the market researcher cited Intel’s 2010 acquisition of McAfee and subsequent $3 billion loss spinning the security company to private equity in 2016. They said the deal should serve as a warning to CISO’s about the future of Symantec’s product portfolio under Broadcom. Well NO DUH
—
Broadcom (AVGO) has acquired Symantec‘s (SYMC) enterprise security business for $10.7 billion in cash. The two firms consummated their hot-and-cold bromance M&A discussions in writing today (08/08/2018).
The deal is expected to bring in over $2 billion in annual revenue for the San Jose, CA-base firm. Broadcom intends to fund the transaction with proceeds from new committed debt financing. The transaction is expected to close in Q1 of Broadcom’s fiscal year 2020.
Broadcom, historically a semiconductor business has been on an M&A tear in the past few years, buying its way into a broader market position. First, with the 2016 – $5.9 billion purchase of network equipment vendor Brocade. Next was the 2018 – $18.9 billion acquisition of CA Technologies. Followed by today’s $10.7 billion pick-up of Symantec. In the presser Broadcom CEO Hock Tan called the Symantec purchase, “... the next logical step in our strategy … expanding our footprint of mission-critical infrastructure software within our core Global 2000 customer base.”
Rumors of the purchase first appeared in the press on July 03, 2019, with “advanced talks” happening on July 15th for purchase all of Symantec for $22 Billion, but by July 15, Symantec had reportedly walked away from the table. Reports (which appear to be true) at the time were that Broadcom was after just the enterprise-cybersecurity software business; leaving the consumer the business as an independent company or a spin-off to somebody else.
ChannelE2E says the potential deal makes sense on paper. Broadcom is known for acquiring struggling or slow-growth enterprise technology businesses, stripping out costs and boosting profitability. They explain that Broadcom’s secret to M&A success is clearly communicating staff reduction plans to acquired businesses, investors, and associated end customers. Broadcom is known for swift M&A staff cuts that include reasonable severance packages for employees — rather than long, drawn-out, torturous headcount reductions.
ChannelE2E also correctly predicted the Symantec team could face job cuts, layoffs, or potential business spin-offs as a result of the deal. Right on queue, Symantec announced layoffs of roughly 7% of its more than 11,000 employees during FY 2020. The company also plans to downsize, vacate or close certain facilities and data centers in connection with the restructuring plan.
The Symantec name will be sold to Broadcom as part of the transaction. Interim Symantec CEO Rick Hill said the remaining consumer business contributed 90% of the company’s total operating income, and the company expects to be able to continue to grow revenue for its Norton LifeLock business in the mid-single digits going forward. CEO Hill tried to spin the sale as a win in a presser.
This is a transformative transaction that should maximize immediate value to our shareholders while maintaining ownership in a pure play consumer cyber safety business with predictability, growth and strong consistent profitability.
Symantec’s struggles in recent years which may have lead to the buy-out are chronicled by Channele2e. Former CEO Greg Clark resigned in May 2019 amid weak enterprise cybersecurity software revenues. Executive team departures over the past year have also included Symantec’s CFO, chief operating officer, chief marketing officer and the head of its go-to-market teams. Board member Rick Hill has been interim president and CEO of the company since that time.
Symantec was late to cloud-and mobile-centric cybersecurity services, and faced intense competition from next-generation endpoint protection providers, including:
- CrowdStrike – Which recently completed a very successful IPO.
- AlienVault – Hot-shot next-gen endpoint protection provider that was bought up by AT&T in 2018 ahead of a potential IPO.
- Cylance – Another hot-shot next-gen endpoint protection provider that was bought up by BlackBerry in 2019 ahead of their anticipated IPO.
rb-
Deja Vu All Over Again
The sense of deja-vu all over again you are experiencing is real. Intel and McAfee tried this nearly a decade ago. Intel purchased top Symantec competitor McAfee for $7.7 billion. The expected “synergies” (WTF that means) never materialized. Intel ended up spinning off McAfee to private equity firm TPG in a 2016 sale that valued the business at $4.2 billion.
Related Posts
- Size of the information security technology market from 2016 to 2022 (in billion U.S. dollars) (Statista)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
The Secret to F-Keying at Work
We use keyboards at home, work and the car. The first keyboard to feature function keys was the 1965 Singer/Friden 2201 Flexowriter Programmatic as a standalone word processing system. Each of the function keys was programmable. The familiar 12 F-Keys were introduced in 1984 with the second generation Model M keyboard for the original IBM PC. It had 12 function keys in 3 blocks of 4 at the top of the keyboard. Over the years, various operating systems and applications have made use of function keys in different ways.
After you learn this list of F-Key secrets, you can improve your fun at work by F-Keying around in your cube as you work on your project.
• F1 – Universal – Opens a help or support menu in most programs.
• F1 – Apple macOS X – Reduces the screen’s brightness.
• F1 – Some computers – Used it to enter BIOS setup during startup.
• F1+WIN – Microsoft Windows – Opens the Microsoft Windows help and support center.
—
• F2 – Microsoft Windows – Renames a highlighted icon, file, or folder.
• F2 – Microsoft Excel – Edits the active cell.
• F2 – Apple macOS X – Increases the screen’s brightness.
• F2 – Some computers – Used it to enter BIOS setup during startup (Acer, Asus, Dell, eMachines, Gateway, Lenovo, Sony).
• F2+CRTL – Microsoft Word – Displays the print preview window.
• F2+ALT+CTRL – Microsoft Office – Opens the Documents Library.
—
• F3 – Microsoft Windows – Opens desktop search feature.
• F3 – MS-DOS or Windows command line – Repeats the last command entered.
• F3 – Browsers (Firefox, Chrome and IE) – Launches the Find bar.
• F3 – Apple macOS X – Opens Mission Control.
• F3 – Other programs – Will find the next search value after an initial search is performed.
• F3+CTRL – Microsoft Word – will lowercase any highlighted text.
• F3+SHIFT – Microsoft Word – Toggles between capitalizing each word, lower case and upper case for the selected text.
• F3+WIN – Microsoft Outlook – Opens the Advanced find window.
—
• F4 – Microsoft Windows 95 to XP – Open find window in Windows Explorer and Internet Explorer.
• F4 – Apple macOS X – Accesses dashboard.
• F4+ALT – Boss key – Microsoft Windows – Immediately closes the current program without saving. It can be used in an emergency to close browser windows you don’t want others to see.
• F4+ALT – Microsoft Windows – When no program is running it launches the Shutdown dialog box.
• F4+CTRL – Microsoft Word – Repeat the last action performed.
• F4+WIN – Closes the open window or tab in the active window.
—
• F5 – Microsoft Windows – Reload the page, document, or contents list in a folder.
• F5 – Microsoft Office – Open the find, replace, and go to window.
• F5 – Microsoft PowerPoint – Starts a slideshow in PowerPoint.
• F5 – Browsers (Firefox, Chrome, and IE) – Refreshes a web page from the cache.
• F5 – Apple macOS X – Increases the keyboard backlight.
• F5+CTRL – Browsers (Firefox, Chrome, and IE) – Forces a hard refresh of the web page from the server instead of the browser cache.
• F5+CTRL+SHIFT – Microsoft Word – inserts a bookmark in Word doc.
—
• F6 – Microsoft Windows desktop – Tabs from desktop files to the taskbar and the system tray icons.
• F6 – Browsers (Firefox, Chrome, and IE) – Move the cursor to the address bar.
• F6 – Apple macOS X – Decreases the keyboard backlight.
• F6 – Reduce laptop volume (on some laptops).
• F6+CTRL+SHIFT – Microsoft Office – Opens to another document.
—
• F7 – Microsoft Office Suite – Spell and grammar check a document.
• F7 – Mozilla Firefox – Places a moveable cursor in web pages, allowing you to select text with the keyboard (Caret browsing).
• F7 – Apple macOS X – Can be used to rewind media content.
• F7 – Increase speaker volume (on some laptops).
• F7+SHIFT – Microsoft Office Suite – Runs a Thesaurus check on the word highlighted.
—
• F8 – Microsoft Windows – Enter the Windows Start Menu, to access Windows Safe Mode (if pressed during the boot process).
• F8 – Apple macOS X – Can be used to pause media content.
• F8 – Used by some computers to access the Windows recovery system, but may require a Windows installation CD.
—
• F9 – Microsoft Word – Refresh document.
• F9 – Microsoft Outlook – “Send and Receive All folders” email.
• F9 – Reduce laptop screen brightness (on some laptops).
• F9 – Apple macOS X – Can be used to fast forward media content.
—
• F10 – Microsoft Windows – Activates the menu bar of an open application.
• F10 – Browsers (Firefox and IE) – Shows the Menu bar.
• F10 – Apple macOS X – Can be used to mute the speaker.
• F10 – Some computers – Increase laptop screen brightness.
• F10 – Some computers – Used it to enter BIOS setup during startup (Compaq, HP).
• F10+SHIFT – Microsoft Windows – The same as right-clicking on a highlighted icon, file, or Internet link pops out the context menu.
—
• F11 – Microsoft Windows Explorer – Enter and exit full-screen mode.
• F11 – Microsoft Excel – Adds a graph of highlighted cells.
• F11 – Browsers (Firefox, Chrome, and IE) – Enter and exit full-screen mode.
• F11 – Apple macOS X – Can be used to decrease the speaker volume.
• F11+CTRL – Microsoft Excel – Adds a new macro to the workbook.
• F11 – Used to access the hidden recovery partition when pressed during boot (Compaq, HP, Dell, eMachines, Gateway, and Lenovo).
• F11+SHIFT – Microsoft Excel – Adds a new sheet to the workbook.
—
• F12 – Microsoft Office – Open the Save as window.
• F12 – Browsers (Firefox, Chrome, and IE) – Opens browser debug tool.
• F12 – • F11 – Apple macOS X – Can be used to increase the speaker volume.
• F12 – Used to access the list of bootable devices on a computer when pressed during boot, allowing you to select a different device to boot from (e.g., hard drive, CD or DVD drive, floppy drive, USB drive, and network).
• F12+CTRL – Microsoft Word – opens a document.
• F12+SHIFT – Microsoft Word – Saves the Microsoft Word document (like Ctrl+S).
• F12+CTRL+SHIFT – Microsoft Office – Prints a document (Like Ctrl+P).
—
Newer Apple keyboards have F13, F14, and F15 keys for even more F-Keying around – in place of the Print Screen, Lock key, and the Pause key. They also have F16 – F19 keys above the number pad. Early IBM keyboards had F13 through F24 keys, but these keyboards are no longer used.
To access all the fun of F-Keying you may need to access Fn Lock key or the “Fn key”+“Fn Lock” key to strike F-Keying gold.
rb-
There’s nothing like F-Keying at work to make you more efficient. It may feel somewhat strange the first time you try to control your computer from the keyboard since we’re so used to navigating with the mouse. But, you can’t beat the ability to keep your hands on the keyboard.
Related Posts
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Fix Your Dongle – Today
If you use a Logitech (LOGI) wireless mouse, keyboard or other device fix your dongle! The Logitech wireless dongle (officially Unifying Receiver) is vulnerable to an issue discovered in 2016 as well as newly discovered vulnerabilities unless you’ve updated the firmware. Download and install the latest firmware update to protect against vulnerabilities.
Mousejack attach
Affected Logitech wireless devices are vulnerable to a hack called “Mousejack.” Mousejack, (CVE-2016-10761) was first reported in 2016 by IoT security firm Bastille Networks, Inc. The Mousejack attach works by sending malicious radio signals (packets) wirelessly to an unsuspecting user through Logitech Unifying wireless technology. Logitech only partially fixed the hole (Cert VU#981271) in 2016. Mousejack uses the vulnerable Logitech Unifying receiver to intercept and inject unencrypted signals within a range of about 100 meters.
Incomplete fix
Logitech did not recall the Unifying Receiver back in 2016 when Mousejack appeared. Four new vulnerabilities were discovered in 2019. The new vulnerabilities are based on the incomplete 2016 fix. Logitech will only fix two of the four vulnerabilities, the others will remain unpatched. The vulnerabilities are logged as:
Logitech will not fix the holes identified in CVE-2019-13052 or CVE-2019-13053, both of which impact all Logitech Unifying devices. A Logitech representative told the Verge:
Logitech evaluated the risk to businesses and to consumers and did not initiate a recall of products or components already in the market and supply chain.
Logitech plans to patch the security flaws in CVE-2019-13054 (impacts Logitech R500, Logitech SPOTLIGHT) and CVE-2019-13055 which affects all encrypted Unifying devices with keyboard capabilities.
All Logitech USB dongles
Marcus Mengs, the researcher who discovered these vulnerabilities, told ZDNet the vulnerabilities impact all Logitech USB dongles that use the company’s proprietary “Unifying” 2.4 GHz radio technology to communicate with wireless devices.
Unifying is a Logitech standard dongle radio technology, and has been shipping with a wide range of Logitech wireless gear since 2009. The dongles are often found with the company’s wireless keyboards, mice, presentation clickers, trackballs, and more.
- Sniff keyboard traffic,
- Inject keystrokes (even into dongles not connected to a wireless keyboard)
- Take over the computer to which a dongle has been connected.
- Steal the encryption key between the dongle and its paired device
- Bypass a “key blacklist” designed to prevent the paired device from injecting keystrokes
Bastille Networks
Techsupportalert.com reports that many of the vulnerable dongles are still on the market even though Logitech started releasing updated dongles sold with mice, keyboards, and stand-alone receivers.
Hard to find firmware update
Not long after the discovery, Techsupportalert.com, says Logitech issued a firmware update but it was hard to find on the support site and wasn’t widely known. If you didn’t update the firmware then (and most of us didn’t know about it) now is an excellent time to update.
Even if you installed the Logitech drivers and configuration app that came with the device, you are not protected. The required firmware update is not included, it must be downloaded and installed separately.
Give credit to Logitech, their firmware can be updated, where other manufacturer’s wireless dongles cannot be updated. This includes products from Microsoft, Dell (DELL, HP (HPQ), and Lenovo (LNVGY). In fact, any device that uses the same Nordic Semiconductor or Texas Instruments (TXN) chips and firmware for wireless receivers is vulnerable. The NordicRF nRF chip is a common chip used in wireless keyboards, mice, and presentation tools, which are frequently found in non-Bluetooth wireless input devices.
If you use a wireless device from Logitech or the Lenovo 500 devices, Bastille recommends you update your firmware. Any other non-Bluetooth wireless devices should be disconnected and you should contact your vendor and ask what models are not vulnerable before you replace your current gear.
Lenovo’s announcement is here.
Logitech’s announcement is here.
Here are the direct download links to the Logitech Unifying Receiver firmware update for PC, Mac, and the gaming mouse:
- Logitech PC firmware update (zip)
- Logitech Mac firmware update (zip)
- Logitech G900 gaming mouse firmware update (zip)
rb-
You probably have an affected device on your network. Logitech has sold well over a billion mice. Users can recognize if they’re using a vulnerable dongle if it has an orange star printed on one of its sides.
If you have any extra Logitech wireless dongles around (I have several) you may want to update them.
You should also check back in with Logitech support, to see if the promised additional fixes will be forthcoming in August 2019.
Related Posts
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: 2.4 GHz, 2019, Dongle, Hack, Keyboard, LOGI, Logitech, Moue, Mousejack, Nordic Semiconductor, presentation clickers, Security, Texas Instruments, trackballs, TXN, Vulnerabilities, Wireless