Archive for the ‘IT News’ Category

New Net Neutrality Rules Approved by FCC

Thursday, February 26th, 2015

 

The Federal Communications Commission voted this afternoon to enact new rules to regulate the internet and ensure the preservation of net neutrality.

(more…)

Tech Support Scammers Shut Down by Federal Court

Thursday, November 20th, 2014

 

Tech and IT support is a necessity for every enterprise today. Unfortunately, scammers know this, and use this knowledge to take advantage of tech users by creating software that falsely informs them that their computers are malfunctioning, and then offers a sales pitch for a high-price fix for these computer problems, which don’t actually exist.

 

Scammers make big money selling these fake tech support services in the guise of legitimate software. Three big names involved in litigation with the federal court include PC Cleaner, Inbound Call Experts and Boost Software. All three sell software that markets itself as legitimate, only to inform the user during installation that there are critical problems with the machine. The software then informs the user that the company’s tech support can fix the machine, at a high price. Users may receive a call from the company’s telemarketers in an attempt to further the pitch.

 

The federal court temporarily shut down two of these telemarketing companies yesterday, according to the FTC. This isn’t the first time the FTC has punished fraudulent tech support scammers, according to IT World.

 

In July the agency got a US District court to slap the operators of several international tech support rip-offs to pay more than $5.1 million in fines and retribution on charges they masqueraded as major computer companies, including Dell, Microsoft, McAfee, and Norton, to trick consumers into believing their computers were riddled with malware and then charge them to “fix” the “problems.”

 

The FTC also has a number of tips for dealing with suspicious tech support software or telemarketers:

 

  • Don’t give information to an unknown caller who is soliciting you over the phone. This includes credit card information, passwords, or any information that could allow them to take control of your computer remotely.

 

  • Caller ID is not always an effective way to authenticate a caller, as they can bypass the ID and make the number appear legitimate.

 

  • Any attempt to pressure you into paying an immediate or subscription fee for tech support is probably not legitimate.

 

  • If you are searching for tech support, look for contact information on your tech support company’s page or software package. If you search for tech support online, you may get scammers ads which may appear to look legitimate but are not.

 

tech support scam

 

For all of your facilities and logistics needs, trust the experience of DHA. An award-winning management consulting and contracting firm primarily serving federal, civilian and defense agencies, DHA group supports clients’ mission-critical work by delivering expert professional services. Follow us on FacebookLinkedInTwitter and Google+.

 Source

http://www.itworld.com/article/2850041/ftc-gets-federal-court-to-shut-down-120m-tech-support-scam.html

 

HP Discloses Signed Malware Vulnerability

Friday, October 10th, 2014

certificateEarlier this week HP softly announced, via the release of several client advisories, that on Oct. 21, 2014, they will be revoking a digital certificate that HP had used in the past to sign certain software components that had shipped with many of their older products. HP announced that they were taking this step in response to malicious software that had been signed with the certificate 4 years ago, in 2010.

 

What is a Code Signature?

Code signatures are essentially digital seals of authenticity, unique and incredibly difficult to replicate strings of data that identify a piece of software as being a legitimate product of a specific company. They are used to both combat online software piracy, and to provide customers with the assurance that they are using a genuine product and not malware. Signed digital certificates are highly prized by hackers because they make it all the easier to fool unsuspecting users into believing a piece of malware to be an authentic product.

 

Is This A Serious Problem?

According to HP, no. Representatives of the company stated that the malware was traced back to a Trojan horse virus that had infected a staff member’s office computer and, through sheer chance, automatically renamed itself to a file that was later accidentally included in a software package containing the digital signature. HP believes the threat from the intrusion to be minimal, in large part because the software package in question was never distributed to any customers and the certificate itself expired several years ago and thus cannot be used to create new files.

However, the certificate in question was used to sign a considerable amount of HP software, including several fundamental hardware and software drivers. As a precaution HP is revoking the certificate, and issuing a new one for software already in use.

 

Stay on Top of IT News with DHA Support Group

An award-winning management consulting and contracting firm primarily serving federal, civilian and defense agencies, DHA group supports clients’ mission-critical work by delivering expert professional services. Follow us on social media on FacebookLinkedInTwitter or Google+.

Source: http://krebsonsecurity.com/2014/10/signed-malware-is-expensive-oops-for-hp/

Shellshocked: Bash Bug Puts Millions of Devices at Risk

Thursday, October 2nd, 2014

 

News this week of a vulnerability in the software program known as Bash put millions of devices running Linux and Mac operating systems at risk of being hacked. Already, hackers have started exploiting the vulnerability to access these devices through a back door entrance created by the bug in order to run their own commands on the devices,.

 

The vulnerability is known as shellshock. This is because Bash, an open source software program written more than 2 decades ago, is “a shell utility, a black-boxy way of interfacing with an operating system that predates the graphical user interface.” Essentially, Bash was written back in the early days of the internet as a way for software engineers to interface web software with an operating system.

 

Bash was written and rewritten constantly through the years as the internet and operating systems evolved. But in 1992, an error was written into Bash’s code. Despite the idea that the many eyes looking at open source code allow it to be corrected faster than proprietary code, this error went unnoticed, and continued to hide until just now. The bug was uncovered this past week, and hackers immediately went to work on exploiting it. According to Wired, the bug allows hackers to run their own commands on web servers and take control of machines running Linux and Mac operating systems.

 

“The shellshock attacks are being used to infect thousands of machines with malware designed to make them part of a botnet of computers that obey hackers’ commands. And in at least one case the hijacked machines are already launching distributed denial of service attacks that flood victims with junk traffic, according to security researchers.”

 

Linux released a patch soon after the vulnerability was discovered. Though it was discovered that the patch can be circumvented, Linux is recommending that users install the patch anyway, as it will fix some of the vulnerabilities. Apple has also released a Bash patch for the Mac OS X.

 

Bash bug

 

An award-winning management consulting and contracting firm primarily serving federal, civilian and defense agencies, DHA group supports clients’ mission-critical work by delivering expert professional services. Follow us on social media on FacebookLinkedInTwitter or Google+.

Sources

http://www.wired.com/2014/09/hackers-already-using-shellshock-bug-create-botnets-ddos-attacks/

http://www.wired.com/2014/09/shellshocked-bash/

http://www.techradar.com/us/news/computing/apple/apple-releases-bash-bug-patch-for-os-x-1267228

 

Buying Data and Rights to Data

Thursday, July 3rd, 2014

 

Big data is big business these days, and in a new trend, many businesses are turning to third-party sources to buy additional data to supplement their own data. This additional data can help complete data sets and improve the ability to analyze data effectively.

 

The issue here is that most of the time, what’s actually being purchase is the rights or a license to use the data for a predetermined amount of time. This presents several potential problems. Once the time period is up, a business which bought data can no longer use it. “This means that all the reports, dashboards and metrics you built on the third-party data may need to be revised or replaced once the contract ends,” according to IT World. In addition, IT World notes that by entering into a contract with a third-party provider, you often may be giving them the rights to your data:

 

Another problem that often arises in these contracts is that the provider can analyze your data and create aggregate data that is based, in part, on your data. Many contracts include a provision that gives the SaaS provider the right to analyze your data and create derivative aggregate data based on your data and your usage of their systems. These contracts also say that the provider owns that aggregate data and can exploit it in any manner the provider deems appropriate.

 

To prevent these issues from occurring, read the fine print when purchasing data from a third party source. In many cases you may be able to negotiate fairer terms for your data exchange.

 

third party data

About DHA Group, Inc.

DHA Group, Inc., headquartered in Washington, D.C., is an award-winning management consulting and contracting firm primarily serving federal civilian and defense agencies. DHA Group supports clients’ mission-critical work by delivering expert professional services. Since DHA Group’s 1994 founding, our ability to improve productivity, cost effectiveness and efficiency has contributed to significant corporate growth and earned us a reputation for quality, value and excellence. For more information about Government Makes Research Data Available, please visit us atwww.dha-inc.com or call 202-347-9865, or join the conversation on FacebookLinkedInTwitter or Google+.

 

Source

 

http://www.itworld.com/420891/who-legally-owns-your-big-data?source=spotlightpromo

 

Many Still Vulnerable to Heartbleed Bug

Friday, June 27th, 2014

 

You may remember that several months ago the IT security world was rocked by the exposure of the Heartbleed bug. The bug, which affects OpenSSL, exposed vulnerabilities in 600,000 servers, leaving account information and passwords vulnerable on thousands of websites. Users on websites including Facebook and eBay were encouraged to change their passwords and use different passwords on every site.

 

Soon after the discovery of the bug, a massive effort to patch vulnerable servers began. Within one month, nearly half of the 600,000 vulnerable servers had been patched, with 318,239 still vulnerable. Unfortunately, this rate has not held in the second month of knowledge of Heartbleed’s existence. Since the initial rush to patch in the first month, only about 9,000 servers have been patched, leaving 309,197 still unprotected.

 

The slowdown can be attributed to the initial rush by the big online players with the resources to patch their servers doing so as soon as possible. Smaller online companies, however, have not made the same efforts, and the number of servers being patched is expected to continue to decrease. Even though new, non-vulnerable servers are coming online, it is expected that many of these vulnerable servers will continue to function for a long time to come. It is for this reason to internet users should use different passwords for all their accounts. In addition, you can determine whether or not a website is vulnerable using this free checker from McAfee.

 

 

Heartbleed bug

 

About DHA Group, Inc.

DHA Group, Inc., headquartered in Washington, D.C., is an award-winning management consulting and contracting firm primarily serving federal civilian and defense agencies. DHA Group supports clients’ mission-critical work by delivering expert professional services. Since DHA Group’s 1994 founding, our ability to improve productivity, cost effectiveness and efficiency has contributed to significant corporate growth and earned us a reputation for quality, value and excellence. For more information about Government Makes Research Data Available, please visit us atwww.dha-inc.com or call 202-347-9865, or join the conversation on FacebookLinkedInTwitter or Google+.

Source

http://www.zdnet.com/heartbleed-over-300000-servers-still-exposed-7000030813/

 

Government Makes More Research Data Available

Friday, June 20th, 2014

 

If you’re unfamiliar with Data.gov, it is the portal through which the federal government makes available a vast quantity of federally-funded research. This data is machine-readable and accessible to anyone who wants it. The collection of data is part of an effort to stimulate economic growth by making this research available so entrepreneurs and innovators can use it to create new technologies and drive growth.

 

This week, the research portal announced that it was making more data available on the site. A lot more, in fact. Data.gov has now made available the research of more than 700 federal R&D facilities in the energy, healthcare, and space industries. “These facilities, operated by agencies like NASA, the Department of Energy (DOE) , and the national Institutes of Health (NIH), include cutting-edge research tools and together represent billions of dollars of taxpayer investment,” according to a post on its website.

 

In order to access this data, interested parties must go to Data.gov, where the policies of individual facilities regarding the data can be found. Different facitilies and agencies have different methods of data access. A contact person is listed for every facility who will be able to assist interested entrepreneurs and innovators. The site plans to continue its expansion of its database with additional research and other assets such as federally-funded intellectual property.

 

government data

About DHA Group, Inc.

DHA Group, Inc., headquartered in Washington, D.C., is an award-winning management consulting and contracting firm primarily serving federal civilian and defense agencies. DHA Group supports clients’ mission-critical work by delivering expert professional services. Since DHA Group’s 1994 founding, our ability to improve productivity, cost effectiveness and efficiency has contributed to significant corporate growth and earned us a reputation for quality, value and excellence. For more information about Government Makes Research Data Available, please visit us atwww.dha-inc.com or call 202-347-9865, or join the conversation on FacebookLinkedInTwitter or Google+.

Sources

http://www.data.gov/manufacturing/federal-rd-facilities-open-collaboration/

http://www.informationweek.com/government/open-government/feds-to-post-open-data-from-700-randd-facilities/d/d-id/1278730?