Keystroke Loggers are OS Agnostic

Keystroke loggers record every virtual keystroke you make. Have you run your security updates. (And Mac people? Windows people? I’m looking at you.)

From Microsoft:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
********************************************************************
Microsoft Security Update Summary for April 10, 2018
Issued: April 10, 2018
********************************************************************
This summary lists security updates released for April 10, 2018.
Complete information for the April 2018 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>.
Critical Security Updates
============================
ChakraCore
Microsoft Edge
Internet Explorer 9
Internet Explorer 11
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 version 1709 for 32-bit Systems
Windows 10 version 1709 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server, version 1709 (Server Core Installation)
Important Security Updates
============================
Excel Services
Microsoft Excel Viewer 2007 Service Pack 3
Microsoft Excel 2007 Service Pack 3
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Excel 2016 Click-to-Run (C2R) for 32-bit editions
Microsoft Excel 2016 Click-to-Run (C2R) for 64-bit editions
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft SharePoint Server 2013 Service Pack 1
Microsoft Wireless Keyboard 850
Microsoft Word 2007 Service Pack 3
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2013 RT Service Pack 1
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
Word Automation Services
Moderate Security Updates
============================
Internet Explorer 10
Other Information
=================
Recognize and avoid fraudulent email to Microsoft customers:
=============================================================
If you receive an email message that claims to be distributing
a Microsoft security update, it is a hoax that may contain
malware or pointers to malicious websites. Microsoft does
not distribute security updates via email.
The Microsoft Security Response Center (MSRC) uses PGP to digitally
sign all security notifications. However, PGP is not required for
reading security notifications, reading security information, or
installing security updates. You can obtain the MSRC public PGP key
at
<https://technet.microsoft.com/security/dn753714>.
********************************************************************
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
********************************************************************
Microsoft respects your privacy. Please read our online Privacy
Statement at
<http://go.microsoft.com/fwlink/?LinkId=81184>.
If you would prefer not to receive future technical security
notification alerts by email from Microsoft and its family of
companies please visit the following website to unsubscribe:
<https://profile.microsoft.com/RegSysProfileCenter/subscriptionwi zard.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&%3blcid=1033>.
These settings will not affect any newsletters you've requested or
any mandatory service communications that are considered part of
certain Microsoft services.
For legal Information, see:
<http://www.microsoft.com/info/legalinfo/default.mspx>.
This newsletter was sent by:
Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA
98052
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEELe29pj1Ogz+2MnKbEEiO2re18ugFAlrL6acACgkQEEiO2re1 
8ugDURAArw0n30Pv02dQJfwqf1VYnPG6BYdURT3TYf5QMMQweIG9y8aKnhCHJn55
JHmlNKsGcOOaEIid6On+ihUw0uHjx/Ct6XKtl/QDnZTt5AKt8Whj/8+LjPSQgPmF
+utXhqZBW/IeNgvtVaPLM55XXgao6IFt/UH0WKydV1AWdZ3/PuMR4hOIAwVHUBj9
z1MigLNkfWGUXZi02T7W4E/3Ea3nEdQnECvHsk/j2nF+k85FMPf1T3TOUE/sdNQI
F0m1za2FAU9E+GNLIyQ3hVdx/Zw2sI8WeqtL+48IZ1UNZ1XcwYUmZ/aN3x9hvqSj
MLbQXFTSmsXdV97eQYQmVEnkqC/KtYMnupXWULfTn6LnqqT17R10Zk94xVRFtMWo
ed1abogGO2x+UMulcrwrEjReQ3vhT1rJSvk7o/YbhbWo/D2o67oOzGx+Cz2ROXWt
CbLOie9q+UOXDjPBuTzPeG24f4AVKiIPr2VwTWY4IGjysENpSr+L1JPhL4KdO/yy
mLalrJmChPWuRR9y3sn3/hS9Blk7qMZEVWGGhizPbF68tXhnrTdz4lLj5d/gnWus
HXgm92RftfEjMEDp9SlWZZAMbKNzihMB8sgXJl52N8emhD4wsRqmh4E13TBHrBxk
h54mC77b1aWJqcIqo5b0RAyNW0BTmaikL3enEEriFtZQiZZzq5k=
=Dn1R
-----END PGP SIGNATURE-----

Tendenci 4 Microsoft Clients Update

To our Tendenci 4 clients experiencing difficulties, you are ABSOLUTELY STILL MY TOP PRIORITY and the top priority of the entire team.

Huge progress has been made by the team this week and with the help of you, our clients with DNS entries and flexibility and understanding. The good news is that at this point most of you are back on line.

The Tendenci 4 functionality is slowly being recreated on the latest version of Windows Server 2012 R2. In the short term, given I constantly troll the helpdesk, I know y’all are frustrated by the lack of full functionality.

Yet I need you to hang on just a bit longer as this process MUST BE DONE SECURELY. I simply can’t and won’t compromise on that. You don’t rush through open heart surgery and Tendenci, as y’all know, is quite a bit larger than other products because the challenges we address, sites with sometimes 100k users, are much more complex than shopping carts or photos sharing sites.

Still heartbreaking to me is that I am profoundly aware we have a few remaining very important clients to bring back online. And that is a task with multiple people actively working on restoring them, even if they are leaving (and who can blame them) but regardless we will get a stable version for them.

The Good News – The vast majority of Tendenci 4 sites are back online as I type this. Yes you are faced with limited functionality, but have patience as we have to rewrite a lot of code to make the jump to Windows 2012 R2 and most of us have been on the Linux side for a while now.  We are seeing your functionality being incrementally restored daily. ETA is probably early next week to get to 75% functionality.

25% of the functionality will only return if we can find a way to securely implement it for all of you such that each client is isolated. Thus the functionality we plan to restore is only within the limits of new security.

What are the known issues for Tendenci 4 clients (the .asp clients)?

Current limitations – all of which are in place to protect you.

  1. Four sites still off line. Top priority. Period. They know who they are and with each I have personally been in contact.
  2. Limited functionality. Everyone else on the Microsoft version of Tendenci who is back up is still facing limited functionality. We are aware of this. No need to submit a ticket. It is coming back as fast as we can do it SECURELY. If we can’t return functionality securely it will not return at all but that is hopefully not going to be the case as I think we can find a work around for all of it. Specifically items that we know are not working and can’t be turned on just yet are posted in a series of posts right after this one. But in brief we are aware of and working on the following.
    1. Notifications – these will be back by early next week at the latest. Like “forgot my password” and “payment submitted” (just not newsletters.)
    2. Newsletters – Not enabled. You will each need to sign up with a third party email relay service. It could even be your own Amazon Simple Email Service account. This is a required change for all clients to sign up with an SMTP relay provider like Mailgun. Newsletter Generator will return; however, Newsletter Send is NOT coming back on the shared mail server. You MUST sign up for a newsletter provider that supports smtp authentication and clean your email lists. This you can start now.
    3. Uploads – these will come back slowly, limited, restricted and only in non executable areas. You will not be able to upload asp files, js files or any form of executable file going forward. This is a permanent change, but really it is a return to how it was designed and at some point we diverged from fundamentals.
    4. FTP – FTP is not coming back to T4 going forward. Never. But before you scream, web sites are not FTP portals and full FTP is no longer feasible. It shouldn’t have been allowed in the first place except to restricted folders and that got lost over the years by our team despite being documented internally. The Internet has changed, we have to change with it. And fortunately there are so many options for you on this. For example on T5 you can FTP into one folder named media. Or use Amazon S3 for static files. So it will be OK. From dedicated servers to S3 buckets to dropbox to gdrive links – you will have lots of options.
    5. WYSIWYG – we will be implementing a stripped down version of one (1) of the two current ftp editors that are in T4. Think minimalistic like wordpress, but you can still jump over to another html editor and use code view to paste tables and such back in for richer formatting if you prefer. Neither of the rich text editors you are used to will be coming back in the same format for security reasons. But you have work arounds.
    6. WYSIWYG uploads – read only files, no java script, no flash. But you can reference those from an external data store (see FTP permanent discontinuation above.)

Next steps. Today yet another firewall that is already in place will have more of its functionality turned on. It is already handling all of the traffic and has quietly been keeping track of things to find patterns that we need to allow (whitelist) so that our other security rules don’t get carried away. Thus it will be brought online slowly.

The new firewall is another layer of security typically called a WAF (web application firewall). While it’s true that we already have a WAF that was running, it was one that reported instead of dynamically taking action to block an attack. Furthermore it was designed like a virus scanner to look for known issues, not the unknown. The new WAF analyzes the traffic passing in-between the firewalls instead of just protocols and ports so it is much more advanced. And if it doesn’t like something, it jumps into action and blocks it.

Remember iRobot? Ya, kind of like that. So we unfortunately WILL experience some false positives. Yet he’s had enough “training” and is ready to be turned loose so us humans can get mad at him and we can fully educate him on what is legitimate traffic and what is not. Studying logs is one thing, but he’s got to get into the wild and test the real world. We ask for your patience on this. Again, it is to protect YOU!

Moving carefully forward…

Sincerely,

Ed Schipul, CEO, Tendenci

Steve Ballmer Speaks at Houston Technology Center Forum

Houston Technology Center

HTC welcomes the CEO of Microsoft!

A gorgeous day downtown, the great folks at Houston Technology Center and guest Steve Ballmer – CEO of Microsoft drew dozens and dozens to Minute Maid Park’s Union Station for today’s Houston Technology Forum.

The Houston Technology Center is known for affording education, insight and more to entrepreneurs needing to climb the ropes to commercialization.   The topic of the day, presented by Microsoft CEO, Steve Ballmer, was “Strategic Implications for Houston as a Center for Innovation.”

“The most grand commodity of all is information” – Steve Ballmer

 

Steve Ballmer Microsoft Houston Technology Center

High Tech Talk

Highlights included the path that technology has taken in the last decade and where it’s going in the next.   Hand-held devices, resources technology and virtual worlds where business takes place with Avatars were all topics of discussion.   The forum mainly, however,   focused on informations technology and the important and continuing role it will play on business development in the years to come.

Steve Ballmer also spiced things up wit ha sneak peak of some great Avatar based progra ms for X-Box360 even giving away an X-Box to a lucky attendee at the end of the program.

Houston Technology Center Microsoft

Hugs to Houston Technology Center

Sheila Whanger did a great job organizing the event and it was wonderful to see Walter Ulrich, President & CEO of Houston Technology Center up on the stage as well.   Let’s not also forget the welcoming faces of   Downey Bridgwater, Chairman of the Board – HTC and Larry Kellner, Chairman of the Board – Greater Houston Partnership.

It was great, everyone.   Thanks so much to HTC!

Houston Technology Center Walter Ulrich 2

Trend Tuesday: Free Office Software on the Internet

With the rising popularity of smart phones and tablet devices, the business world is undoubtedly moving towards a mobile driven workforce. Since we are now constantly connected to the internet, the idea of   “cloud based” computing is becoming more practical. Google capitalized on this by creating Google Docs – a word processor accessed through the internet, rather than the traditional local program found on your computer, like Microsoft Word.   Google Docs was the first   web based word processor that allowed users to create and edit documents from any computer across any network. Naturally, Microsoft and other companies followed suit in order to keep their software relevant (and affordable) because of the fact, Google Docs is free. This led me to ask, Which one is best?

Google Docs– A free web based processor, presentation, and spreadsheet application. Users can create and edit documents online while collaborating in real-time with other users (meaning multiple people can edit a document at the same time). Includes a simple web interface that allows users to either save the file to a local computer, email it, or save it online. A downside is that there are limitations to the size of a file you create.

Open Office software logoOpen Office– A completely free and open source offline office application. While Open Office doesn’t have the advantage of a web based application like Google Docs, it includes advanced features that compete with Microsoft Office. Open Office includes support for the .doc format allowing users to create and edit Microsoft Word files.

ZoHo– A web based application, similar to Google Docs. Features a richer interface than the other two and like Open Office, can import many different file types like Microsoft Word. ZoHo doesn’t include as many features like Footnotes and Headers, which can be a big drawback for academics. Still, ZoHo is an adequate web based alternative for people looking to manipulate Microsoft Word files, something Google Docs can’t do.

The next version of Microsoft Office 2010, competes directly with Google by including cloud-based web apps that supplement the standard apps, Word, Excel and PowerPoint. The biggest drawback however is that Microsoft Office costs over $100 while the word processors listed above are completely free. Users must decide between the unquestioned advanced features of Microsoft Office and the convenience and price of web-based apps.

If you would like to explore this topic further, please read Mashable’s article on Microsoft Office

Trend Tuesday – Will Bing cut into Google’s market share?

You’ve probably seen the commercials, and maybe even the tweets. Microsoft is putting its hat into the search ring (again). This time, it’s shiny and new (and rebranded) with Microsoft’s “Decision Engine” called Bing.

https://www.youtube.com/watch?v=yIxfk3hS0uU&feature=channel

How it works

Bing is marketed as a “decision” engine – it displays results based on what Bing thinks is most helpful. Bing is fully equipped with what Microsoft is touting as a powerful set of intuitive tools to “help you make smarter, faster decisions.”

Bing decision making engine

Image searches allow you to view related searches, filter results by size, layout, color, style, and people… and customize your view. Mouseover an image and to give feedback on the result, and view similar images.

search for "kitten" images on bing

So, how’s it doing?

The SEM blog reported Bing’s release two weeks ago. So what has happened since then?

Bing had 11% of the search market share last week, according to Comscore. Much of this has to do with the fact that it’s Internet Explorer’s default search engine, and the television commercials may have people going on to just “check it out”…   but the bottom line is that 11% after two weeks is nothing to sneeze at. For now.

Also, advertisers are reporting that heat tracking studies have shown Bing’s ad placement to be more effective than even Google’s. There’s that good old Microsoft know-how at work!

bing - finding sushi

See for yourself

Keep watching this little engine that could. If Microsoft continues to innovate and give the people what they want – a way to cut through the clutter of search – they could take a niche group out of Google’s market share. One thing’s for sure – it’s “differentiate or get out” time… and that’s what Microsoft seems to get.

Oh, and no, there is no Bing iPhone app yet!