As you may have seen in the news, last week the technology world was shaken by the disclosure of two vulnerabilities in modern processors, known as Meltdown and Spectre. These vulnerabilities are unusual, in that they target the CPU directly, which means that the operating system is not the source of the problem. In other words, any server, PC, mobile, or embedded device running an affected processor is vulnerable and will need to be patched.
Though these vulnerabilities are unusual in some ways, Meltdown and Spectre are similar to other vulnerabilities in the ways that they can be exploited. To exploit these vulnerabilities, an attacker must execute malicious code on a vulnerable system, via such means as an email attachment, browser plugin, or document macro. This means that normal digital hygiene practices apply very well to this situation.
To eliminate your exposure to these vulnerabilities, be sure to stay current on security patches for all network connected devices; including servers, PCs, and also network printers, firewalls, etc. Patches have already been released by Microsoft for Windows 10, and by Apple for Mac OS and iOS. Microsoft will be releasing patches very soon for the other supported versions of Windows, and other vendors are already rolling out patches, as well.
In addition to operating system updates, PC and Server hardware manufacturers have released their own patches that cannot be installed via typical operating system update procedures. These updates can be obtained via the manufacturer’s website and installed manually. Some manufacturers have their own automatic update mechanisms. For example, if you have a Dell PC running the Dell Command Update client, then you will automatically receive a notification when a BIOS update is available.
If you have any questions or concerns about your network security, please don’t hesitate to email us at firstname.lastname@example.org or call us at 541-342-5531.
Researchers in the UK have successfully broken the previously unbreakable WPA2 Wi-Fi security protocol.
This is a major announcement because the WPA2 protocol is used in almost every Wi-Fi network, meaning countless computers, smartphones, “internet of things” devices, and others are vulnerable to attack.
Feynman Group has the following proactive suggestions for our customers and partners to avoid exploitation:
This particular security risk is only available to the Wi-Fi coverage area. A potential hacker must be within range of your wireless network to take any action.
Where possible, connect to the network using a network (Ethernet) cable instead of wireless.
If you have Wi-Fi installed at your home or office, check with the manufacturer to see if/when an update may be available.
Websites which are secured with HTTPS (such as Google.com) are generally still secure even when browsing over a public / vulnerable network.
Some Wi-Fi vendors have already provided patches for this security issue, and many others will follow in the coming weeks.
Imagine two hardware stores who share a parking lot; one hardware store is bright, welcoming, clean and well-maintained. The other has paint chipping off the building, a flickering ‘open’ sign and barred windows. Which one does the customer choose to enter?
The company website is the modern day store front. Now imagine there are two equally bright and welcoming hardware stores. How does one set itself apart from the other? The one who delivers the best customer experience.
Set your modern day store front apart with these strategies to improve your customer’s experience.
If a customer was in the hardware store checking out and the employee at the register asked them to write down their credit card information and proceeded to carelessly leave that sensitive information on the counter, how would the customer feel? Distrustful, not cared about. When a company website doesn’t have a SSL Certificate, it sends the same message to the customer; the company doesn’t care about securing the customer’s privacy and financial well-being.
In addition to assuring that the customer’s credit card data is secure, SSL certificates create a positive customer experience by preventing extra cookies and ads being injected onto the website.
Mobile is king. As of July 2017, 54% of users access the internet from their smartphones. It is absolutely necessary for a customer to be able to navigate a website effortlessly from their phone.
Let’s go back to our aesthetically equal hardware stores. Both of them are chains. One of them has the same layout in every single location. The customer walks in and knows exactly which aisle to find ceiling tiles without having to think about it. They are in the same aisle they were in at the location across town.
The same principle applies to mobile responsive design. A customer should intuitively know where to find what they are looking for across a website displayed on desktop, smartphone and tablet. This consistency builds familiarity and loyalty with the customer and allows them to focus on their purchase rather than everything the company is doing poorly. Consider asking your web designer to re-design your website using Mobile First Design.
Intuitive User Interface Design
Humans are hardwired to choose the path of least resistance. A customer should not have to work to find out what a company does, learn about their service or products, or how to purchase them. This is where user interface design is critical in creating a positive customer experience. Creating a website that is intuitive for the customer to acquire what they came to the website for is key. Here are a few principles to focus on to keep your potential customers from bouncing back to Google’s search results and retaining them on your website:
The three-click rule: Every destination on the website should be less than three clicks of a mouse away from the customer accessing it.
Simplicity: The #3 most visited websites in the world have one major thing in common, the simplicity of their website’s interface and purpose. See Google, YouTube and Facebook.
Usability: A customer should never have to pinch, zoom or slide. For mobile resolution, buttons should be big enough that they can be effortlessly activated with the tap of the thumb. Text should have high readability by using appropriately large font size and by selecting colors that have high contrast.
Information architecture: Scanning is how people read content on the web and 55% of all page views get less than 15 seconds of attention. Use hierarchy to help your customers quickly locate the information they are seeking. This is achieved by breaking up information into readable chunks, organizing it using subheadings, and optimizing for skimming with bullet points.
The shortest distance between a brand and a customer is a conversation. Chatbots are poised to become the standard that websites are for businesses in the near future. Using Artificial Intelligence, Chatbots can be programmed to suit the customer needs of any industry. They allow website visitors to ask questions as they would if they were talking to a knowledgeable customer service representative at the hardware store. The customer is provided on demand support and the automated service gives the company more efficiency to be productive and grow.
Creating a great customer experience in a store or on a website is subtle. The customer shouldn’t even realize why it is a great experience, it just is because everything works seamlessly.
WannaCrypt, also known as “WannaCry,” is a ransomware attack that made international news headlines for hijacking computer systems across the globe last week. WannaCrypt infiltrated thousands of computer systems and held their files hostage. Hackers demanded $300-$600 worth of Bitcoins for users to reclaim access. Its reach was massive, with over 150 countries falling prey to the malicious software. Businesses in China, UK hospitals, and Russia’s interior ministry were among the victims.
How Does WannaCrypt Work
WannaCrypt is believed to initially breach systems via email attachment – from there, it spreads quickly. The malware exploits a security vulnerability in Windows software called Server Message Block, which is used to transfer data between trusted computers. WannaCrypt employs EternalBlue (an exploit believed to be created by the United States National Security Agency that was later leaked by a hacker group) to spread throughout a business’ system in a matter of seconds, no user activity necessary. Meanwhile, a portion of the code called DoublePulsar installs a backdoor into the infected systems, giving the hacker remote control of the computers.
Reports of new infections have come to a halt, thanks to a malware researcher who discovered a web domain in the code. But this outbreak serves as a wakeup call to businesses and organizations everywhere: protect your IT systems.
The Consequences of Malware
Being the target of a malicious software attack can be costly. It puts sensitive information in the hands of hackers, puts you at risk for losing crucial files, leads to a pricey recoup process, and diminishes customer trust in your business. Your computer systems are home to the very information that keeps your business running – if they are compromised, it can be difficult to recover.
Steps to Better Security
Since ransomware is an imminent threat, it’s important to do everything possible to protect your business from infection. Here’s a list of preventative steps to bolster your IT’s network security:
Apply available critical and security updates to all computers regularly
Block potentially malicious files from entering your system using email anti-spam, anti-virus, and employee training initiatives
Request that employees only open attachments when they are absolutely necessary, and expected to arrive
Demonstrate additional caution with Microsoft Word for Adobe PDF files delivered by email
Test and validate data backups regularly
You can detect malicious software in your systems by configuring email alerts from anti-virus agent detections, employing network-based anti-virus and anti-malware software, and setting up monitoring on file servers to detect changes to your files.
How We Can Help
Our team here at Feynman Group has years of experience defending businesses from malware like WannaCrypt. We have expertise in preventative protections, as well as recovery solutions. Through our partnerships with Cisco AMP, OpenDNS, Cisco Firepower, and Datto, we can give your business the best chance of surviving malicious software attacks. This past week showed the world that it’s more important than ever for organizations of every kind to strengthen their IT security. If you’re not sure whether or not your business is properly protected, contact us for a free backup analysis today.
Today, we are celebrating the birthday of Richard Feynman — the inspiration behind our company’s name. The American theoretical physicist was known for keeping an open mind, finding pleasure in problem-solving, fostering curiosity, and keeping things simple. These are some of the central values that have guided our business from establishment in 1995 to this very day.
Richard Feynman was not just known for his incredible work and numerous awards in physics, but for his infectious energy and engaging perspective of the world around him. He combined brilliance, curiosity, and influence to change how people viewed problem-solving. Although Mr. Feynman passed away in 1988 after a battle with cancer, his legacy lives on. Here at Feynman Group, we continue to remember and live out Richard’s inspiring values in our daily work.
“The worthwhile problems are the ones you can really solve or help solve, the ones that you can really contribute something to. No problem is too small or too trivial if we can really do something about it.”
With the end of the first quarter of 2017 swiftly approaching, I’d like to take this opportunity to reflect on the year behind us as well as share a bit about our direction in the coming months.
Last year we made a concerted effort to focus on consistency as a theme, and while we experienced new and exciting opportunities – shifts in the industry, our expanding presence in Portland, the adoption of new technologies, and beyond – ultimately our concentration on consistency allowed us to grow alongside these changes. As a result, this growth has molded Feynman Group into a more mature, conscientious company.
Our dedication to community engagement continued in 2016 with our partners at Kids’ FIRST. Together, we raised over $50,000 at our annual 1 Day 100 Holes Charity Golf Marathon to aid children in Lane County. We are eagerly preparing for this year’s marathon in September, and we look forward to serving our community throughout 2017.
As Feynman Group moves forward, we are excited to continue building off of the positive growth we have diligently fostered. Alongside this effort, we are proud to launch our new logo which we feel reflects the progression and evolution of our brand. Finally, carrying us through 2017 is our concentration on acting deliberately and attentively as a company in order to best meet your technology needs. With that in mind, I sincerely thank you for the opportunity to serve you and your organization. Our partnership allows us to do what we love every day by helping your business thrive.
You may have heard the buzzwords HTTPS and SSL flying around more lately. That is likely because beginning January 2017, Google began flagging sites as “not secure” if they collect passwords and credit card numbers over HTTP.
What is HTTP?
HTTP stands for Hypertext Transfer Protocol. It allows for your web browser and a web server to relay information between each other.
What is HTTPS?
HTTPS stands for Hypertext Transfer Protocol over Secure Socket Layer. Unlike HTTP, the S in HTTPS indicates that the information from your web browser is encrypted before it is sent to the web server.
What is an SSL Certificate?
SSL is an acronym for Secure Socket Layer. An SSL certificate encrypts the data that is sent to the website you are interacting with from your computer, proving the identity of the website. Here’s how it works: your web browser requests a web server to verify the identity of the website you’re on. If verified, the web server will respond by sending an SSL certificate. When the website is deemed trustworthy, the HTTPS symbol will appear in the URL bar as a digitally signed acknowledgement that the site’s identity has been verified by a trusted authority.
How can I tell if a site is verified?
In the URL bar of your browser, a lock symbol will be displayed and the URL will begin with https://www…
Why do I want to interact with sites that use HTTPS?
Imagine you are the web browser and your bank is the web server. If you were in a public place and had to shout out your credit card numbers to your bank across the room, would you rather shout those numbers in plain English, or in a coded language that only you and your bank could understand? HTTP is plain English to snoops and hackers, whereas HTTPS is the coded language that makes your information much harder to crack.
Why should I Care?
Not only does Google label non-HTTPS websites as non-secure, they penalize these sites by dropping their ranking in search results. This directly affects your customers’ ability find you. In addition, beyond search ranking concerns, HTTPS is the security standard, and adopting it on your website helps keep you and your website’s visitors protected.
Are you ready to set up SSL on your website? Contact Feynman Group for more information.
You walk into a conference room with your laptop and a 55-inch tablet on the wall automatically recognizes you through ultrasonic wireless pairing technology. If you thought you were sitting in a meeting with George Jetson, I’d believe you.
The all-in-one cloud-based digital whiteboard, videoconferencing, and collaborative presentation platform, Cisco Spark Board allows for your team to have a shared and productive workflow experience onsite or on the road.
The Spark Board features an elegant aesthetic, integrating real-time visual, audio, and connectivity components into one sleek device. Connected through the cloud and secured by encryption, Spark Board makes it possible for any user with a Spark app-enabled device to be interactively present in a meeting from virtually anywhere. With intuitive navigation and flow, the Spark Board’s capacitive touchscreen operates nearly identically to smart phones and tablets. Additionally, it uses two-point multi-touch technology that allows two people to work on the board simultaneously.
The 55in Spark Board features a 4k video camera that captures everything from an entire room with an 86-degree wide angle mode, to focusing in on a presenter with its short-range setting. With 12 embedded microphones that use beamforming, a form of 3D audio technology, Spark Board isolates and amplifies the active speaker in a room of 8 to 10 people while suppressing background noise.
Between its sleek industrial design and ultimate collaborative capabilities, Feynman Group is ready to help your business team collaborate more effectively with Cisco Spark Board. Please contact us for more information.
Few people know Oregon’s rivers better than brothers Clay and Ty Holloway. The duo has been fishing since they were young boys, and their love for the sport has only grown over the years. The Holloways eventually decided to share their passion by leading guided fly fishing trips along the beautiful McKenzie River. They were working with an outstanding business idea; however, the brothers recognized their need for a stronger online presence to reel in more clients.
Feynman Group created an entirely new website for Holloway Bros using the newest version of WordPress. Feynman’s web professionals began by gaining a comprehensive idea of Clay and Ty’s vision, and customized the design to fit that vision. The Holloway’s fly fishing business has no shortage of visual appeal, so Feynman harnessed it with stunning photos and a color scheme that captures the beauty of the McKenzie River. “Our primary goal with the Holloway Bros site was to convey a sense of adventure and excitement in order to spark the interest of potential clients,” said Nathan Johnson, a website developer at Feynman Group, Inc.
To make the Holloway Bros site easy to navigate, Feynman used a modern and clean setup. It’s even mobile friendly, so that potential clients can have an equally outstanding experience viewing from their phones. Since Feynman used the newest version of WordPress, it’s both up-to-date and secure. The site features a blog, photo gallery, personal testimonials, social media information, and more in order to gain maximum traction with potential and returning clients.
After seeing the final product, Ty Holloway said, “Working with the Feynman Group was a real pleasure; they were extremely helpful throughout the entire process. The service was very personal, and any questions that I had were met with a quick response. I would recommend their services to anyone looking to improve their web presence.”
Thanks to Feynman’s website design, development, and hosting the Holloway brothers now boast a modern and user-friendly online presence perfectly tailored to their business.
On Friday, October 21, 2016, Internet performance management company Dyn suffered a series of three distributed denial of service (DDoS) attacks, beginning at about 4:00 AM Pacific time and concluding at about 1:00 PM. The attack involving tens of millions of IP addresses affected users’ abilities to access the websites of many of Dyn’s customers, such as Twitter, Reddit, Spotify, Etsy, and others. Experts believe the attack was targeted at Dyn with one source of traffic sourcing from devices infected by the Mirai botnet.
What is a DDoS attack?
A DDoS attack is when an overwhelming amount of web traffic is directed at an online service (such as a website) in an attempt to make the service unavailable to legitimate users. In this case, tens of millions of IP addresses flooded Dyn’s Managed DNS infrastructure with requests, causing Dyn’s customers’ sites to either fail to load or load very slowly. In other words, many users attempting to do their morning scan through Twitter were disappointed when Twitter did not load.
What is DNS? Note that the following has been simplified for the sake of simple explanation.
The domain name system (DNS) is what’s responsible for converting a domain name into its associated IP address when a website is accessed. Think of it this way: if the IP address is a set of GPS coordinates (latitude and longitude) for a business, the domain name is the street address (123 Street Ave).
When any URL is typed into the address bar of the web browser, a request is sent to a DNS server (many actually) to translate the URL into its IP address, which is then sent back to the browser, telling it how to access the website at the specified URL.
The incident on the 21st occurred when a large number of devices (many infected by the Mirai botnet) attempted to make too many requests to Dyn’s DNS servers, and the overloaded servers could not send back information to fulfill any requests.
It’s important to note that DNS hosting (the service provided by Dyn in this case) differs from website hosting. The latter generally refers to the location on a web server where a website’s files are stored.
What is Mirai?
Mirai is a new type of malware that targets “Internet of Things” or smart-devices – things like CCTV cameras, DVRs, the Nest smart-thermostat, even Internet-connected cars and refrigerators. Mirai is able to take control of such devices and use them to flood a target with traffic. When millions of infected devices are directed toward a single target in a DDoS attack, it’s enough to bring the target down across the web for both legitimate and malicious users.
How can I keep my smart-devices safe?
Be selective with which smart-devices you use. Not all devices are created equally when it comes to security. Research before you buy, and always opt for the most secure devices, even if they cost more.
If possible, disconnect your smart devices from an internet connection when you’re not actively using them. If there is not an option to disconnect your device from the internet, make sure it is powered off and not in a “standby” state.
Keep your devices up to date with the most current software.
Always use strong passwords. Some devices such as webcams and CCTVs use default passwords and settings, making them especially attractive targets for malware. Read your manual or do a Google search on how to change the passwords for these devices.
If your smart device has been infected by Mirai, you may be able to clean it by rebooting the device, however this action alone will not protect your device from being re-infected.
Disable WPS connection on your wireless router, and make sure your Wi-Fi network is password protected.
Contact Feynman Group if you have any security concerns and we will work with you to implement solutions relevant to your specific needs.
Does a DDoS attack pose a threat to my website?
If you’re concerned about the resiliency of your hosting environment, contact Feynman Group to discuss whether or not changes to your current situation may be necessary.