BizTech review: Brother MFC-J5920DW Offers Ink-Efficient Printing

brother-MFC-J5920DWIn the digital age, printers get a bad rap as outdated and inefficient. But some new all-in-one devices still bring value and convenience to today’s offices. Brother’s multifunction MFC-J5920DW printer offers a full complement of features typical of a modern printer/scanner/fax machine.

You can read my review in CDW’s BizTech magazine here.

Do the math

Today we celebrate the 100th anniversary of Einstein’s General Relativity Theory and I am happy to contribute the following anecdote from my past. Einstein was a big deal for getting my early nerd on. Now I can finally tell the tale without fear of being shamed: nerds are also celebrated these days.

My very last class as an undergrad was working through the math for Einstein’s field emathpequation, that link gravity and mass and space time. For those of you interested, it looks like this:

Now, reading this explanation doesn’t really help me much, and I am sure most of you are just as lost as I am now in trying to get deeper into the actual variables that are part of this calculation. It actually depresses me somewhat, knowing that I spent weeks studying tensor calculus and differential geometry to decode this thing. At the time, I remember thinking that I actually understood what was going on. Remember it took Einstein several years to come up with his theories of relatively.

This actually is the second time in about a month where I realized that I have forgotten more mathematics than I have learned, which I guess is part and parcel to growing old. Earlier, I spent some time with my daughter and her fiance, who is taking a class in mathematical economics. As he showed me some of the equations that he is trying to figure out, I realized that I took several classes as an undergrad and at one time actually knew what they meant. Now they were just as impenetrable as Einstein’s equations. It was a frustrating experience for both of us. But then, it isn’t like I have had to use this stuff in any capacity in my daily life for decades.

I don’t want to give you the impression that I didn’t have a very good education — quite the contrary. It was an important experience that shaped so much of what I ended up doing, even if I can’t do the math any longer. I was a very lucky undergraduate at Union College, a small school in upstate New York. First, I had some terrific professors who guided my learning and put up with me in general. Second, the school at the time had a very liberal independent study policy that I was able to take advantage of. Eventually, I would take an entire year’s worth of independent classes, which taught me self-study and research that would serve me well as a tech journalist. And being a small school I was able to mix and mingle and dabble in non-mathematical classes and meet non-nerds too. Finally, I even had a very geeky part-time job, rebuilding a series of antique geometric string models that the college owned: that taught me a love of mathematical modeling before we had PCs, built-in pivot tables in Excel, or ways to write math in print, such as with TeX and MathML.

But anyway, it is nice to see all the posts (including a very nice NYTimes article) on the topic. And for those of you that can do the above math, kudos to you!

Detecting malware with Sophos XG Firewall and Security Heartbeat

Sophos has developed an interesting and innovative new security product that bridges the gap between its endpoint and network protection products. Called Security Heartbeat, it requires a Sophos XG firewall and any of Sophos’ cloud-based endpoint protection agents. The entry level firewalls start at $300 and larger models can go for ten times that, with support contracts extra.

We tested the Sophos products during November 2015. Sophos is not as well known as other firewall vendors, but the use of the heartbeat is such an obvious benefit and the kind of innovation that you wonder why it hasn’t been done before.

Why Johnny still can’t encrypt his emails

virtru expiration optionAs some of you who follow my work know, I have had a long history of using and complaining about email encryption programs, ever since working with Marshall Rose on our breakthrough 1998 book on enterprise Internet messaging. Rose was one of the key innovators of the Internet email protocols that we still use today, and a wonderful co-author.

Since those dark days, email encryption has certainly gotten better, as I wrote this past summer when I tested a bunch of products for Network World. But is it good enough to pass muster with academia? Not yet, at least on the level of the average undergraduate recruited for a recent academic paper in the “Johnny Can’t Encrypt” research series.

These papers began in 1999, when a Berkeley computer science team published the first study based on trying to use PGPv 5. The research design is very straightforward: pairs of students were asked to send and decrypt messages back and forth under observation. Few of the teams were able to complete the task in under 90 minutes. In 2006, another team at Carnegie Mellon tried again, this time using an Outlook Express plug-in with PGP v9. They had better software but less time to complete their tasks, and most eventually still failed.

And last month, a team at BYU tried again, this time using Gmail and Mailvelope. They gave their teams 30 minutes, with only one out of ten being able to get the job done. The most common mistake was encrypting a message with the sender’s public key, a rookie mistake. There were other user experience issues with the Mailvelope browser plug-in, and some students were clearly very frustrated and vented their low opinions of Mailvelope to the researchers.

PGP has been around a long time, since 1991 when it was created by Phil Zimmermann. Phil is still active in the field, having worked on a newer series of “Silent” email products. I spoke to another Phil involved with PGP, Phil Dunkelberger, who ran PGP and now is running a major effort to spread encryption to the world, Nok Nok Labs. He told met that their results “weren’t surprising, given that they were testing technology that has its roots in the 1980s. The problem is balancing ease of use with key management, and products need to focus on solving both issues if they are going to succeed in the marketplace.” While not singling out Mailvelope specifically, the history of email encryption is filled with other efforts that have failed because of these fundamental flaws.

I will admit that PGP, in whatever vintage (the current version that I have used is v10) isn’t the easiest software to use. Since it was sold to Symantec, it has fallen on disuse and there are a lot of other tools out there that are better alternatives. I was a bit surprised at all vitriol directed at Mailvelope by the BYU students: I gave it a brief spin and it seemed to work reasonably well. Perhaps I would have chosen Virtru (pictured above) or some other tool, but the BYU team was looking for a product that was highly rated by the Electronic Frontier Foundation in their email scorecard posted here.

While there are some issues with what EFF is trying to do, overall I like their scorecard. A big plus is because it shows the multi-layered world of how to protect your communications. Thanks to Ed Snowden, we are more sensitive to how we manage our encryption key infrastructure, and also understand the difference between encrypting the actual message data – the message body and attachments – versus the metadata contained in each message, such as subject lines and recipient names. As I wrote this summer, “encryption has finally come of age, and is appealing to those beyond the tinfoil-hat set.”

Certainly, we still have a long way to go before encryption will become the default mechanism for email communications. But today’s tools are certainly good enough for general use, even by the average undergraduate.

How EVault’s Hybrid Cloud Backup compares with CommVault

EVault’s Hybrid Cloud Data Protection covers a wider range of operating systems, features and enterprise applications than CommVault’s Simpana. EVault’s web-based portal is also more flexible and useful too. We tested these backup products during November 2015, connecting to a SQL Server instance running on a Windows Server 2008.

Click here for more info.

Webinar for Citrix: Listen to Your Customers, How IT Can Provide Better Support

UntitledIT needs to provide the best possible support to its end users. Indeed, treating them as your customers is critical. We’ll cover some of the lessons learned from the best and worst customer-facing organizations (including developing profiles such as Mailchimp did at right) to see how IT can make improvements in this area.

Here are the slides for my webinar, and you also can access the one hour session recording here.

Brian Krebs and the Rise of Mexico’s ATM Skimmers

ATMs have long been targets for thieves; there was the Tyupkin malware, which could control cash drawers, reported on last fall. But a more popular form of attack is carried out via ATM skimmers, which are typically overlays attached to the outside of the ATM unit. When you insert your card into the machine, these skimmers capture your account number and PIN, which will be used later to clean out your account.

ATM Skimmers Threaten Travelers

PC Magazine has a long list of suggestions about how to recognize these skimmers, as well as how to take care when you are getting cash in a new location to ensure you’re accessing the legitimate ATM service. This is especially a problem now that many ATMs are being made by private vendors and are situated in non-banking areas such as bodegas and bars. That could be an issue, especially with the rise of more sophisticated ATM skimmers. It is hard enough to obtain foreign currency from a legit machine, given language and other issues. Now you have to worry if you are just giving your identity to the bad guys

As ATMs become more popular, the crooks are paying more attention and getting more sophisticated in compromising operations. With that in mind, it’s worth reading a series by security analyst Brian Krebs that he posted in September. Earlier this year, he was invited to come down to Mexico and see the problem firsthand. He managed to find at least 19 different ATMs that all appeared to be hacked and retrofitted with tiny, sophisticated devices that store and transmit stolen data and PINs via Bluetooth technology. These ATM skimmers could have been installed by compromised employees bribed to open up the machines and insert the necessary circuit boards to trap customer data.

As Krebs wrote in one blog post, “Stolen card data can be retrieved from the Bluetooth components wirelessly: The thief merely needs to be within a few meters of the compromised ATM to pull stolen card data and PINs off the devices, providing he has the secret key needed to access that Bluetooth wireless connection.”

Unlike the more traditional ATM skimmers, there is no way to immediately know if a machine has been tampered with other than by analyzing the Bluetooth signals coming from the machine. In fact, Krebs found one such machine coincidentally at his own hotel! Despite meetings with the hotel security staff, he wasn’t able to get the ATM disabled.

Are Fake ATMs a Concern?

After more gumshoeing, Krebs was able to zero in on a company that is apparently producing these devices and masquerading as a legit ATM manufacturer. A fake ATM? Hold on, can that really be possible? Krebs described how it could work by generating canceled transactions. “For example, if the transaction is canceled before it reaches the processing switch of the customer’s bank, there would be absolutely no record of the customer using the ATM, despite the card data and PIN being compromised,” he wrote. This would make it harder for the banks to track down the compromised ATM, particularly if these canceled transactions were spread around the country.

Krebs mentioned that the problem isn’t unique to Mexico: Back in the U.S., a Connecticut fraudster was arrested in 1993 for placing fake ATMs across the state. The tipoff? These fakes never contained any actual cash to dispense.

Given these exploits, there are a few suggestions you should remember the next time you need get to cash. First, follow the PC Magazine suggestions on being aware of the kind of ATM you are about to use. Second, when abroad, use a bank-owned machine whenever possible and not a private, third-party ATM; the ATM skimmers that Krebs found were all from private parties.

If you do travel abroad frequently, make use of a special debit card that has a limited balance in case it does get compromised. Finally, examine your bank statements and reconcile all of your account activity as soon as possible after you return to ensure your account hasn’t been compromised.

SearchSecurity: Emerging security threats you are up against now

Blended threats and improvements to man-in-the-middle exploit kits have made malware more available to a wider audience of less-skilled cybercriminals. These bad actors can now launch drive-by attacks with just a few mouse clicks. At the same time, increases in state-sponsored hacking and the growing complexity of keeping modern browser plug-ins up to date have made the number of threats facing the enterprise network more numerous, sophisticated and pernicious. And even that old chestnut of social engineering has been made easier, thanks to the popularity of social networks that enable criminals to pose as co-workers or friends, mistakenly build trust and use that trust to steal credentials and assets from the unwitting.

You can read my post on SearchSecurity here on these and other trends in the threat landscape.

Network World review of Carbon Black and Cylance

Most of us know by now that traditional anti-virus doesn’t work, or at least doesn’t work well enough to be the sole line of defense against potential endpoint exploits. Last year Symantec SVP Brian Dye told the WSJ that traditional AV only catches 45% of malware, and many security professionals think the number is even lower. These days, most enterprises need more, or at least want an endpoint product that can actual prevent zero-day infections and exploits from happening and be more proactive.

CB tor exit node bahviourWe looked at two relatively new protective products, Carbon Black (now owned by Bit9, with a screen shot shown above) and Cylance Protect (with a screenshot of its threat analysis shown below). Both are designed to approach securing your endpoints from a different and more complete perspective. To be effective, a modern endpoint security tool needs to be both a gatherer and a hunter: being able to find a needle in the proverbial haystack, when you don’t even know what the needle looks like. That is where this new breed of tools comes into play.

cy threat detailsYou can read the review published today here.

Tips on staying connected when traveling internationally

I am on a two week visit with my daughter in Israel, and so far the connectivity experience has been difficult, to say the least.

Usually, my MO is to purchase a SIM card when I land at one of the airport gift shops: while that won’t be the least cost method, it is the easiest. I had a SIM card from my last visit, and could easily recharge the pre-paid account while my plane was still taxing up to my gate. However, I made my first mistake: I purchased the wrong plan, one that included unlimited Israeli minutes, but had no USA minutes.

There is nothing wrong with using pre-paid plans, but be sure to ask for all the details: in addition to voice minutes, you should ask if the plan includes texting and data and calls to back home. And it helps if there are fluent English speakers who work for the pre-paid company too.

Then, a day after my arrival, my daughter’s home DSL access died and was out for several days. Despite repeated calls to both her phone provider and her ISP, we got nowhere. A day after it came back out some thunderstorms knocked out our power for several hours. (Normally both are more reliable.) All these disruptions brought home exactly how important Internet connectivity is in our lives, especially when we travel.

If you have decent connectivity, you can make use of Skype and Facetime for your calls back home. Skype has several plans that bring the cost of calling down to pennies a minute, much less than what you’d buy if you have the right pre-paid cell voice plan. And Facetime is free, provided that the folks you are calling have iPhones or newer Macs running Yosemite or better Mac OS X.

As a backup, I was also carrying a Webbing Spot, which is a small device (smaller than most cellphones now) that costs $130. The Spot has the equivalent of a series of data SIM cards that cover most countries’ providers, so you don’t have to be fumbling with your phone. You just turn it on and it connects to the cellular broadband, then outputs a Wi-Fi signal so your computer and up to nine other devices can be connected. You need to purchase a data plan from the company: they start at 400 MB per day for $9.90 and range up to 2 GB for $80 per month. That could be less than your pre-paid or any American international plan.

Webbing has more than just connectivity: it has an entire web-based management platform where you can set policy rules for how your staff uses the device. For example, I had inadvertently turned off support for file sharing services such as Dropbox and forgotten to enable this, much to my dismay when I was trying to sync up my files.

One final piece of advice: if you make use of two-factor authentication for your various online accounts, remember that they may not work when you are overseas if they are sending your USA phone text messages with a one-time password. You might have to make alternative arrangements.