Discover how mastering email communication can boost business efficiency, avoid common pitfalls, and ensure secure, respectful online interactions.
Turkey Revenge
The turkeys are pissed this Thanksgiving they are seeking revenge.
Germs Infest 60% of Americas Phones
60% of Americans sleep with their phones, harboring germs. Cleaning regularly with UV sanitizer or alcohol wipes can help keep your phone and bed germ-free.
Smartphone Sanitizing: A Practical Guide
Securely erase personal data from your old smartphone before recycling. Protect your identity from hackers—easy steps to follow.
Why Soft Skills Matter in Today’s Job Market
Boost your career with essential soft skills like communication, teamwork, and emotional intelligence. Learn why they’re crucial for workplace success.
Whats a Workweek?
Forty hours is considered a typical American workweek. The U.S. BLM reports that the average weekly hours and overtime of all IT employees is just over 36 hours. Add all of those minutes spent answering emails on your phone or stealing glances at your computer when you’re off the clock, you feel like it may easily turn into fifty or more.
Turkish workers average 51.2 hours a week, the most by far! Northern European countries Denmark and the Netherlands had the shortest work weeks – 38.3 hours and 39.1 hours. Here is an infographic from GetVoIP.com who put together a chart of average full-time workweeks in forty countries around the world. How does your workweek stack up with those in your own country and those in other countries?
Related article
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: 2018, Hours worked, Infographic, Jobs, life work balance, Stress, U.S.
Riskiest ZIP Codes
Credit rating firm Experian recently published a list of the top 100 riskiest shipping ZIP codes for 2017. In the list, U.S. ZIP codes were rated on the number of attempted fraudulent e-commerce transactions against the population of overall e-commerce orders for the ZIP codes.
Experian’s analysis of fraudulent transactions says international IP addresses affect the overall riskiness of a transaction. e-Commerce transactions from international IP addresses are much riskier than average—6.7x riskier from a shipping perspective. Additionally, Experian’s analysis shows that traffic coming from a proxy server—which could originate from domestic and international IP addresses — is 74 times riskier
then the average transaction.
The riskiest ZIP code for e-commerce fraud in 2017 was 97079 in Beaverton, Oregon according to Experian. In fact, Oregon had nearly half of the top 25 riskiest ZIP codes in 2017. The areas in and around Portland OR occupied 10 of the top 25 spots for riskiest e-commerce transactions. Beaverton’s highest risk international IP county is China.
The Miami Florida area put the sunshine state at #2 in the top 25 with nearly a quarter of the riskiest ZIP codes. Miami had 6 of the top 25 slots for the next most risky ZIP Codes for e-commerce firms. The riskiest Miami ZIP code is 33122. Miami’s highest risk international IP county is Venezuela.
South El Monte, California ZIP code 91733 is the third riskiest ZIP code on the Experian list for e-commerce firms to ship to. Experian says that 91733’s highest risk international IP countries are Taiwan and Hong Kong.
The riskiest Michigan ZIP code is 48204 in Detroit, which ranked 32nd on the list and is only 15% of the risk of Beaverton OR.
Other Michigan ZIP Codes on the top 100 list are:
| Rank | City | State | Zip Code | Fraud Attack Rate |
|---|---|---|---|---|
| 64 | Detroit | MI | 48227 | 276.6 |
| 68 | Detroit | MI | 48206 | 270.3 |
| 74 | Detroit | MI | 48228 | 262.4 |
The top 25 riskiest ZIP Codes according to Experian. Fraud attack rates show the attempted fraudulent e-commerce transactions against the population of overall e-commerce orders.
| Rank | City | State | Zip Code | Fraud attack rates |
|---|---|---|---|---|
| 1 | Beaverton | OR | 97079 | 2741.9 |
| 2 | Miami | FL | 33122 | 1935.1 |
| 3 | South El Monte | CA | 91733 | 1473.5 |
| 4 | Portland | OR | 97251 | 1257.6 |
| 5 | Portland | OR | 97250 | 1178.6 |
| 6 | Miami | FL | 33166 | 1155.1 |
| 7 | Portland | OR | 97252 | 1059.4 |
| 8 | Miami | FL | 33198 | 1010.6 |
| 9 | Miami | FL | 33195 | 921.7 |
| 10 | Miami | FL | 33192 | 769.1 |
| 11 | Portland | OR | 97253 | 726.2 |
| 12 | Portland | OR | 97230 | 676 |
| 13 | Portland | OR | 97217 | 635.8 |
| 14 | Minden | NV | 89423 | 629.2 |
| 15 | Houston | TX | 77072 | 625.4 |
| 16 | Portland | OR | 97233 | 623.4 |
| 17 | Wilmington | DE | 19801 | 584.6 |
| 18 | Portland | OR | 97218 | 562.1 |
| 19 | Des Moines | IA | 50314 | 544.1 |
| 20 | Chicago | IL | 60621 | 539.8 |
| 21 | Portland | OR | 97203 | 535.6 |
| 22 | Miami | FL | 33191 | 518.7 |
| 23 | Hillsboro | OR | 97124 | 505.3 |
| 24 | Portland | OR | 97254 | 502.5 |
| 25 | Manchester | NH | 3101 | 490.4 |
rb-
The increase in e-commerce fraud attacks should not surprise anyone. The growth of online information and the continuing tsunami of data breaches has put over 9.7 billion data records on the dark web. The plethora of stolen PII enables criminals to open fraudulent accounts, take over legitimate accounts and submit fraudulent transactions.
Another reason for the increase in online fraud activity is automation. In the past, criminals needed to do something, but they can now attack by simply downloading a file and automating the submission of thousands of applications or transactions
simultaneously.
Related article
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: California, Detroit, E-commerce, Florida, Fraud, IP address, Miami, Michigan, Oregon, PII, Proxy server, Risk, Security, Zip Code
ATM Jackpotting
The U.S. Secret Service has warned (PDF) financial institutions of logical (jackpot) attacks on Automated Teller Machines (ATMs). These ATM attacks originated in Mexico and have spread to the US. These jackpotting attacks are an industry-wide issue and as one vendor stated, are “a call to action to take appropriate steps to protect their ATMs against these forms of attack and mitigate any consequences.”
The attack mode involves a series of steps to defeat the ATM’s existing security mechanisms and the authorization process for setting the communication within the ATM. Internal communications are used when computer components like the mainboard or the hard disk have to be exchanged for legitimate reasons.
Description of an ATM attack
In a Jackpotting attack, the criminal gains access to the internal infrastructure of the terminal to infect the ATM PC or by completely exchanging the hard disk (HDD). There are a number of steps the attacker has to take for this type of attack:
- The top of the ATM must be opened.
- The original hard disk of the ATM is removed and replaced by another hard disk, which the attackers have loaded with an unauthorized and/or stolen image of ATM platform software.
- In order to pair this new hard drive with the dispenser, the dispenser communication needs to be reset, which is only allowed when the safe door is open. A cable in the ATM is unplugged to fool the machine into allowing the crooks to add their bogus hard drive to the ATM.
- A dedicated button inside the safe needs to be pressed and held to start the dispenser communication. The crooks insert an extension into existing gaps next to the presenter to depress the button. CCTV footage has shown that criminals use an industrial endoscope to complete the task
In other Jackpotting attacks, portions of a third-party multi-vendor application software stack to drive ATM components are used. Brian Krebs at Krebs on Security reports that Secret Service issued a warning that organized criminal gangs have been attacking stand-alone ATMs in the United States using “Ploutus.D,” an advanced strain of jackpotting malware first spotted in 2013.
Mr. Krebs also reports that “During previous attacks, fraudsters dressed as ATM technicians and attached a laptop computer with a mirror image of the ATMs operating system along with a mobile device to the targeted ATM. Once this is complete, fraudsters own the ATM and it will appear Out of Service to potential customers according to the confidential Secret Service alert. At this point, the crook(s) installing the malware will contact co-conspirators who can remotely control the ATMs and force the machines to dispense cash.
“In previous Ploutus.D attacks, the ATM 
continuously dispensed at a rate of 40 bills every 23 seconds,” the alert continues. Once the dispense cycle starts, the only way to stop it is to press cancel on the keypad. Otherwise, the machine is completely emptied of cash, according to the alert. While there are some risks of the money mule being caught by cameras, the speed in which the operation is carried out minimizes the mule’s risk.”
Specific Guidance and Recommendations
The most common forms of logical attack against ATMs are “Black Box” and “Offline Malware”. The steps to minimize the risks to ATMs are the same as any other enterprise device.
- Make sure firmware and software are current with the latest updates, are important protections to mitigate the impact of Black Box attacks. Four out of five cash machines still run Win XP or Win XP Embedded. The Secret Service alert says ATMs still running on Windows XP are particularly vulnerable, and it urged ATM operators to update to at least Windows 7 to defeat this specific type of attack.
- Use secure hard drive encryption protections against Offline Malware
- Use a secure BIOS remote control app to lock the ATM BIOS configuration and protect the configuration with a password.
- Deploying an application whitelisting solution.
- Limit Physical Access to the ATM:
- Use appropriate locking mechanisms to secure the head compartment of the ATM.
- Control access to areas used by staff to service the ATM.
- Implement two-factor authentication (2FA) controls for service technicians.
- Set up secure monitoring
- Use the most secure configuration of encrypted communications. In cases where the complete hard disk is being exchanged, encrypted communications between ATM PC and dispenser protect against the attack.
- Ensure proper hardening and real-time monitoring of security-relevant hardware and software events.
- Investigate suspicious activities like deviating or non-consistent transaction or event patterns, which are caused by an interrupted connection to the dispenser. Monitor unexpected opening of the top hat compartment of the ATM.
rb-
Followers of the Bach Seat know how to secure their PCs, I have written about securing PCs many times here. So the question is why not ATMs? Research says that consumers go into the branch less every year. The experts say that by 2022 customers will visit a branch only 4 times a year. In many cases, ATMs are the bank’s surrogates for most cash transactions. It makes sense to get it right.
Related article
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: 2018, 2FA, 7, ATM, Banking, BIOS, Encryption, Jackpotting, Microsoft, MSFT, Security, Whitelisting, Windows, XP
Barracuda Networks Has Been Bought
While the massive Equifax data breach is still fresh in everyone’s minds and the cybersecurity workforce is expected to be short nearly 2 million people. IT security expenditures to top $1 Trillion by 2022. Private equity giant Thoma Bravo, LLC has jumped back into the IT security market with both feet. Barracuda Networks has been bought by the private equity firm in a deal that’s valued at $1.6 billion.
Barracuda (CUDA) sells appliance and cloud-based cybersecurity and data protection services. Clients include; Boeing, Microsoft and the U.S. Department of Defense. Barracuda says it has over 150,000 customers. Upon the close of the transaction, Barracuda will operate as a privately held company.
Barracuda Networks has been bought
Barracuda Network was founded in Ann Arbor, Michigan in 2003. From Ann Arbor, it raised at least $46 million in venture funding prior to its IPO. CUDA went public on the New York Stock Exchange in November 2013, pricing its IPO at $18. Barracuda acquired Yosemite Technologies in 2009 to expand its offerings into the storage market.
Barracuda continued to innovate in the run-up to its acquisition. eWeek reports that in March 2017, Barracuda debuted new data backup and recovery capabilities for VMware and Microsoft virtual machines. In June 2017 Barracuda announced its new Sentinel service. The service uses artificial intelligence (AI) and container-based technologies to improve email security.
Barracuda also enhanced its network security products and services in 2017. eWeek reported in November that the company expanded the cloud capabilities for its Web Application Firewall (WAF) and NexGen Firewall products. The new capabilities include usage-based billing for the NextGen firewall running in the Amazon Web Services (AWS) cloud. The firewall included automated configuration capabilities for the WAF, thanks to an integration with the Puppet DevOps tool.
CEO BJ Jenkins commented on the transaction, “We will continue Barracuda’s tradition of delivering easy-to-use, full-featured solutions that can be deployed in the way that makes sense for our customers.”
Thoma Bravo
Thoma Bravo is a Chicago-based private equity firm with $17 billion under management. Their appetite for IT firms is rather broad. Some of it’s most notable purchases have been:
September 2014 – $2.4 billion purchase of Detroit-based Compuware.- December 2014 – $3.6 billion acquisition of Riverbed.
- In October 2015, they teamed up with Silver Lake to buy IT infrastructure management vendor SolarWinds for $4.5 billion.
- April 2017 – Purchased a minority stake in the freshly re-spun McAfee.
- June 2017 they purchased Remote Monitoring and Management (RMM), IT security management vendor Continuum.
Their portfolio has included brands such as; Bomgar, Digicert, Digital Insight, Dynatrace, Hyland Software, Imprivata, iPipeline, Nintex, PlanView, Qlik, SailPoint, and SonicWall.
Thoma Bravo has resold many of its holdings in recent years.
- March 2012, they sold SonicWall to Dell for an estimated $1.5 Billion.
- March 2015, they sold network security vendor Blue Coat Systems to Bain Capital for $2.4 billion.
- September 2015, sold its interest in infrastructure-focused solution provider Sirius Computer Solutions to Kelso & Co..
- January 2017, They also sold endpoint security vendor LANdesk Software to Clearlake Capital.
- November 2017, identity and access management vendor SailPoint Technologies went public with an IPO, however, the private equity firm is maintaining a controlling stake in the company.
TechCrunch notes that private equity firms began more aggressively buying up software companies last year. The thinking seems to be they can generate reliable returns from such investments. The biggest take-private deals lately include:
- Marketo, a marketing software maker. Went public in 2013 and was taken private again by Vista Equity Partners in 2017 for $1.79 billion in cash;
- The sale of event-management company Cvent last year to Vista Equity Partners in a $1.65 billion deal.
- Cybersecurity risk-monitoring platform SecurityScorecard raised $27.5 million from the VC arms of Google, Nokia, and Intel.
Other notable IT security equity funding recipients include; Attivo Networks, Darktrace, and SentinelOne.
Investopedia speculates that Thoma Bravo is paying a pretty high premium for Barracuda. CUDA now trades at 139 times earnings and 4 times sales. But under private management, its products will likely be integrated with the firm’s other software products to generate synergies.
CRN notes that being a privately owned company will give Barracuda a stronger ability to chart its own destiny. They will not have to “tap-dance to the Wall Street music,” Michael Knight, president and chief technology officer at solution provider Encore Technology Group, Greenville, S.C., said. He hopes Thoma Bravo’s infusion of capital will enable Barracuda to continue driving its public cloud business, a more solidified SD-WAN toolset, and more integrated endpoint security protection.
Rb-
I have used Barracuda products at past jobs. Including their SPAM-Email firewall appliances and their cloud-based backup up system. The pricing was adequate. Renewals were easy. The email firewalls were really robust and almost set and forget.
The few times when I needed tech support, it was available in Ann Arbor, Michigan. Barracuda, founded in Ann Arbor, was one of the early believers in the area as a high-tech hub. Barracuda has plans to spend $2.3 million on the expansion of its operations center in the former Borders Books offices at 317 Maynard Street. The expansion will add 115 new jobs in downtown Ann Arbor over the next four years. I hope that after Barracuda Networks has been bought by Thoma Bravo, the deal does not have a “Chainsaw Al” that will kill that growth.
Related articles
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: 2018, Amazon, Ann Arbor, Artificial intelligence, AWS, Barracuda Networks, Cloud computing, DevOps, McAfee, Michigan, Microsoft, MSFT, Next-Generation Firewall, Puppet, Riverbed, Security, SolarWinds, Thoma Bravo, Venture Capital, Virtual Machine, VMware
System Fails Tax Day Delayed
Tax day 2017 was delayed one day due to a hardware failure in a system supporting the oldest IT system in the U.S. federal government. (rb- I wrote about the almost 60 years old system here.) Nextgov reports that 18-month-old hardware supporting the Internal Revenue Service’s Individual Master File experienced a caching issue causing the system to fail.
The failure disrupted almost all other IRS systems and services because those systems ingest data from the Individual Master File. When those systems—such as Direct Pay and the structured payments portal—called to the Individual Master File mainframe and got no response, they too failed.
Dave Powner, GAO’s director of IT management issues, told Nextgov, “This was our biggest fear about one of these mission-critical systems crashing. Fortunately, it wasn’t down for a long period of time, so in that way, we dodged a bullet.”
The crash delayed the submission of some 14 million tax forms. It could be several years before the Individual Master File is fully modernized and rid of 1960’s-era technology. The article speculates that the update timeline could slip because the IRS says it needs to hire at least 50 more employees—while backfilling any attrition—plus an extra $85 million per year in annual non-labor funding over the next five years. Trump’s fiscal 2018 budget request called for a $239 million reduction in funding for the IRS, which has faced many cuts in recent years.
The author explains that the Individual Master File has data from 1 billion taxpayer accounts dating back several decades and is the chief IRS application responsible for receiving 100 million Americans’ individual taxpayer data and dispensing refunds. IRS first attempted to replace the system with a modernized Customer Account Data Engine, but that effort was canceled in 2009. A delivery date for CADE 2, the IRS’ subsequent modernization effort, has slipped several years even as contractors working on the project have earned as much as $290 million.
GAO identified the Individual Master File as the oldest technology system still working in government in 2016.
Related articles
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.