Wednesday, April 16, 2014

XP Support Ending- What to do?

It's finally happening...support for the beloved platform, Microsoft XP has come to an end. Since it's initial release on October 25th, 2001 it has been a platform that many have used and a whole generation has grown up with. It's a platform that mostly everyone is accustomed to and comfortable using. However, starting April 8th, 2014 Microsoft will discontinue supporting it, curious about the reasons? According to the official Microsoft website this is the reason, "...the time has come for us, along with our hardware and software partners, to invest our resources towards supporting more recent technologies so that we can continue to deliver great new experiences." 

What does this mean for users of Windows XP? It means that from now on users will no longer get automatic updates that helps protect their PCs. Don't panic though, this doesn't mean that your computer will suddenly cease to function it just means that your computer will be more vulnerable to attacks because their will be no patches or fixes for any new bugs found. Not only that, but Microsoft has also stopped providing Microsoft Security Essentials for download on Microsoft XP- the worst part is that even Microsoft Security Essentials for XP will no longer get security updates. 

You're probably thinking, "Well this is going to be a problem since probably over 500 million households and other organizations still use XP as their primary platform", and guess what, you're right, it's going to be a huge problem. Already some governments have tried to negotiate with Microsoft in the hopes of extending the support contract so that users can stay protected. According to sources at bbc.com the United Kingdom has signed a 5.5 million pounds deal for extended support for Microsoft XP. The United Kingdom aren't the only ones shelling out big bucks to keep the operating system going the Dutch are also, many governmental agencies in the U.S. In fact it has become a bit chaotic everywhere with this news of discontinued support because now everyone has to update or be stuck with a vulnerable system. This especially causes a problem for items running Windows XP that houses sensitive data. This includes ATMs (already there are cases of ATMs spitting out money to hackers), and also government agencies that hold secret data. Everywhere, this discontinuation of security service is causing a problem for everyone. 

The important thing here is, "How can I protect myself?" Microsoft's solution is to upgrade to the current environment. Thankfully for us they have sent out an upgrade wizard called, Windows Upgrade Assistant that helpfully checks to make sure your system meets the requirements to upgrade to their latest 8.1 system. Just as a side note, if you already run Windows 8 it is very likely that you can also upgrade to 8.1 since both have very similar requirements, if not then it might actually be time to get a new PC/laptop. If you're using an old PC/laptop then this might not be a bad time for considering an upgrade especially because nowadays there are so many new, light, slim, powerful machines on the market. The most important thing is being safe when using your device because any sort of sensitive information that leaks out can potentially ruin one's life. It's better to be safe than sorry. 

In the end it's sad to see Windows XP slowly being phased out because for many of us it has been a huge part of our lives. However, it is understandable what Microsoft is trying to do, one cannot look on and appreciate the new if they are always stuck on the old. They become too comfortable and comfort is especially hard to leave behind. Right now this transition is a huge problem, but soon it will be nothing more than a memory. Only the future holds the answers to what will happen to Microsoft with this transition. Will they still stay at the top of the food chain with their Office suites or will competitors like Apple take over the market? Only time will tell. 

Wednesday, April 9, 2014

The Target issue at Target



There has been many speculations that the famous Target cause could've been easily maintained and handled better. However, just as most people know, it wasn't handled well at all, instead it blew up and made a big mess for Target. The question here is, what exactly happened that caused this security breach to happen in such a well grounded company?

Let's first get some background information. According to most sources the hack affected over 10 million customers that had an account with Target between the timespan of November 27- December 15, 2013. When a cnet reporter spoke to several of Target's former employees it came to light that actually Target did have a very sophisticated 1.6 million dollar malware detection system in place designed by security firm FireEye. This design was set up specifically to find any intrusions that might have tried to exploit the program (intrusions such as hacks and cyber attacks), before any real damage could be done to the heart of the system. The security system is actually a very clever one. It utilizes parallel networks so that to the hacker it's like seeing a doppelgänger, but they still wouldn't know which one is the real one. The security system creates a parallel network on virtual machines which leads hackers to believing that they have actually accessed the real system. In this way the "fake" system will be made aware of the problems before it actually gets anywhere in the "real" system, since every single step the hacker has taken to hack the system would be seen.

Now, we know that there actually was sound security in place. So, does that mean the monitoring system was down, or that notification wasn't sent early enough? According to some trusted sources this was not the case- in fact there was a team of professionals specializing in security set up in Bangalore monitoring the entire Target network servers. When they found the intrusion they immediately notified operators in Minneapolis that a problem was detected. However, the problem seems to have arisen from the fact that the function to automatically delete malware upon detection was turned off, so therefore a person needs to go in and manually remove the malware. The drawback to this is that sometimes decisions will not be made quick enough, and by then it may be too late.

In the end it almost seems like it was a chance of fate. No matter how one is to look at it, there were too many circumstances that led up to this. The fact that one unsophisticated little malware triggered such a large storm is almost unimaginable unless a set, a very specific set of things were to happen. Whatever the case may be Target presently faces many potential class action lawsuits and actions from banks as they demand millions for reimbursements and losses from credit card replacement and fraud.

It has yet to be seen what will happen to Target in the future, but for other corporations it would be wise to learn a thing or two from this Target incident. More corporations should be more aware of what kind of malicious code comes floating into their network, and at the same time they should know that to act fast is to be safe.