Skip to Content

Blog

Windows 7 – is this the end?

Windows 7

Windows 7, as an operating system (OS), is probably the most popular OS in history, XP was good in its day but Windows 7 beat it. It was released in 2009 and in its first year sold 240 million copies, that’s 7 copies every second! It has become the staple business Operating System and it was only at the end of 2018 that Windows 10 became more popular. As of April 2019 Windows 10 accounts for 44%* of Operating systems on Desktops/Laptops with Windows 7 still having 36%* of the market. Windows XP that went end of life 5 years ago still has 3.5%*.

Nobody knows the exact number of computers in use worldwide but in 2015 it was estimated to be around 2 Billion, if we take that as todays figure then there are around 720 million Windows 7 PC’s in use worldwide! One hell of a successful OS for the last 10 years!

BUT in January 2020 Windows 7 is officially retired and in Microsoft terms is ‘end of life’! What does that mean? Well simply it will continue to work as it always has done, in much the same way Windows XP still works however there will be security risks which may be acceptable for a home computer but typically is going to be a major risk for business computers. Furthermore the latest applications and/or updates may not work on Windows 7.

Microsoft releases critical and security patches regularly for all operating systems as and when potential threats or vulnerabilities are found, the numbers per month vary but typically there are around 20 per month from Microsoft, from January 2020 these will not be released from Microsoft for Windows 7.

Options?

  1. Carry on as you are using Windows 7 and accept the risks.
  2. Upgrade your Windows 7 to Windows 10 subject to the computer hardware meeting Windows 10 requirements.
  3. Purchase a new computer which comes with Windows 10.

 

Essentially if you are a Windows 7 user Microsoft have effectively backed you into a corner, it is a major risk to continue using Windows 7 and the longer it is used after January 2020 the larger the risk becomes. The best advice, to be safe, is to move to Windows 10 however this will come at a cost.

Remember the WannaCry Ransomware attack on the NHS last year? This is estimated to have cost the NHS £92m and affected most XP machines within the NHS that were powered on at the time, the hack happened due to a vulnerability within the OS as no updates for XP had been released for 4 years. Something similar is a very serious threat to Windows 7 after January 2020.

Cloud53 would be happy to discuss the options with any company concerned about their OS strategy ready for the next decade.

*figures from netmarketshare April 2019

0 Continue Reading →

Windows Sandbox – Coming Soon!

A new feature coming to Windows 10, for Pro and Enterprise users and it is called Windows Sandbox. Windows Sandbox is software that allows you to create a temporary isolated environment which can then be used to run a potentially suspicious app or just for testing.

Sandbox will come as part of Windows Pro/Enterprise and will be shown as a feature ready to be installed

This implementation makes it easily accessible and less work than creating a Hyper-V session for a quick test.

sand

The set up for Sandbox is very simple, once opened it’s effectively a clean and new installation of Windows, no need for a complicated set up as with other virtual environments. It has the host’s diagnostic data settings and all other privacy settings are set to the default values, totally secure and away from your network. Each time a new session is closed all settings revert to default so every session is new and fresh.

This is a very convenient security measure to have in place. You will be able to witness first-hand what an application does when run, therefore if it is harmful you can remove it from your PC without ever opening it and exposing it to your files/network as the sandbox is ring-fenced.

The reason it does not affect your PC is because it uses hardware based virtualisation for the kernel isolation. That is done by relying on Microsoft’s hypervisor (Hyper-V) to have Sandbox separate from the host.

It is in the early stages but requires Windows 10 build 18305. Obviously as this is still in beta there could be compatibility issues and performance issues.

0 Continue Reading →

Cloud53 Sponsor Swinton Swimming Club

Swinton Swimming Club, who this year have a team of swimmers ranging from the ages of 8 years old to senior swimmers, have been participating in a 2- day gala which is held at Cappenberg in Lünen, Germany, which is Swinton’s twin-town, for almost every two years since the year 2000 to try and bring home the trophies.

In previous visits to this gala the club have won many medals for individual and team events and their trophies are displayed proudly in their trophy cabinet at their home in the Pendlebury Leisure Centre

SCC is a self-funded club via quiz nights and raffles, and although it does not receive any grants, this year we at Cloud53 have sponsored the club and supplied the team with their stylish polo shirts.

Cloud53 wish the Swinton Swimming Club the best of luck when they fly out on the 4th of July and hope they can bring home more trophies to add to their collection!
SwimmingClub

0 Continue Reading →

An Alexa Issue

51TFnR7AtGL._SY300_QL70_

Living in a world where people are always wanting the most up to date technological advances, there can be a darker side to these new products, an example of this has just recently been reported in the news.

The ‘Amazon Alexa’, a voice operated device which is referred to as a virtual home assistant which has a variety of different functions to allow you to say a certain phrase and the device will respond accordingly, has apparently been listening in on private conversations from its customers, when the device has not been triggered to be listening, and sent the recorded conversation to one of the people in the customer’s contacts list.

This goes to show that not every new device on the market is perfect and if we ever are in range of one of these voice operated products we should be careful on what we say, because you never know if something could go wrong and the conversation being unknowingly recorded, and possibly sent, is not just a harmless one about hardwood floors as this couple from Portland, Oregon experienced.

 

0 Continue Reading →

World Password Day

pw

 

What is World Password Day?

World Password Day is an initiative that aims to promote better password habits among Internet users around the world. Initiated by Intel in 2013, the annual event – which takes place on the first Thursday of May each year – will be celebrated on May 3, 2018 this time around and is supported by more than 170 organisations, including Dell, Microsoft, Toshiba and Cloud53!

While passwords are a common form of authentication on the Internet – they’re, more often than not, the only line of defence between hackers and your personal information. Once again this year, World Password Day gives us an opportunity to reflect on what makes a password strong and how we can protect our online identity by taking our passwords to the next level.

What is Password Security?

Password security, though often overlooked, plays an extremely important role when it comes to protecting your identity on the Internet. After all, it keeps unauthorized users from breaking into your online accounts and stealing your personal information for their nefarious purposes like impersonating you to commit crimes in your name, for example.

What Can You Do On World Password Day?

You can become a part of the celebrations by resetting your old, weak passwords to long, un-crackable ones and reminding your friends, family, and colleagues to do the same. With identity theft and other cyber-crimes on the rise, setting robust passwords is crucial and here we’re going to show you exactly how to go about that.

How Hackers Can Steal Your Passwords?

Have you ever wondered how hackers go about cracking your passwords? Well, here are some of the most common ways through which they can steal your passwords, and ultimately, your personal information:

1. Brute-force Attack

One of the most common password cracking techniques out there, a brute-force attack involves checking all possible key combinations until the right one is found. Since hackers use complex algorithms to try multiple combinations at super-fast speeds, rest assured that your short passwords will be cracked in no time!

2. Password Sniffing Attack

A password sniffing attack is a technique used by hackers to collect your credentials on unencrypted connections. By using a combination of easily available tools on the Internet, they monitor all incoming and outgoing traffic on a network so they can intercept your usernames and passwords as they’re being transmitted.

3. Phishing Attack

Even though phishing is an old trick in the hacker’s playbook, it’s still going strong and doesn’t seem to be going away anytime soon. Typically, it entails sending an email to the victim by impersonating a legitimate entity and requesting that they provide sensitive information like usernames, passwords, and even credit card details.

4. Social Engineering Attack

A social engineering attack requires little technical knowledge and relies on human error, tricking otherwise unwary employees or users into performing certain actions or revealing confidential information such as passwords or bank account details.

5. Dictionary Attack

In a dictionary attack, a hacker tries hundreds – or sometimes even millions – of likely possibilities derived from a predefined list of words or dictionary in order to defeat an authentication mechanism like passwords.

6. Keystroke Logging

Keystroke logging, also known as keylogging, is a technique that involves the use of a program to record or log every keystroke so they can obtain confidential information like passwords without the knowledge of the unsuspecting user.

So how do I make a secure Password?

Now that you know the common password security mistakes you need to avoid, let’s discuss how to create strong passwords. The following are some password creation tips to prevent hackers from accessing your online accounts:

1. The longer Your Passwords, The Better

The passwords you decide to use should be at least 12 characters in length so that they’re difficult to break. The longer a password is, the more combinations a hacker would need to try in order to successfully crack it.

2. Aim for Complexity

Password length and complexity go hand-in-hand in the quest to creating proof-passwords, so make sure you include lower-case and upper-case letters along with numbers and symbols. Mix them up like you mix your cocktails on a Friday night!

3. Unpredictability is Key

Unpredictability is key when it comes to password strength. Avoid predictable words, passwords based on dictionary words, as well as any references to your personal life or popular TV shows, video games, and movies.

4. Unique is The Way Forward

We’ve already highlighted this before, but its importance can’t be emphasized enough: Only use one password for one account.

 

0 Continue Reading →

Remote Access Warning

remote-access-laptop-hacker-security-300x300

About a month and a half ago, there were some reports surfacing of some TeamViewer users being hijacked. This mostly surfaced around 30-05-2016 to 02-06-2016, although there are some reports dating back to mid-June. The logs note that most of these computers were accessed through TeamViewer, with IP Addresses originating from a Chinese VPN, using a method known as “Custom Password”. TeamViewer has refused to explain what method is used for that to appear in the logs. The computers that were hijacked, had the saved passwords stolen, then they opened Chrome/Internet Explorer to attempt to send coupons or vouchers to China through Amazon, PayPal, or abusing any of the saved  passwords while logged into their machines.

Only a few of these computers were accessed by simple dictionary attacks due to the default 4-number password, which could be accessed in 23 hours of brute forcing. Due to the nature of TeamViewer, this password only resets when the application is restarted. Which isn’t that often…

A decent number of the intrusions also appear to coincide with the 01-06-2016 Denial of Service Attack on TeamViewer’s Authentication servers. TeamViewer declines any knowledge of a security issue, and has held their stance at it being the user’s fault for the issues that have been experienced. TeamViewer’s legal team has forced some article publishers to alter the statements about TeamViewer to cover up.

Most of these reports are unverified in a sense – as they are posted on a potentially anonymous forum, claims that cannot be verified. However, they are in such a high volume that some potential truth can be gleaned from the info.

0 Continue Reading →

This as a Service (TaaS), What as a Service (WaaS)???

It seems in IT everything is as a Service (aaS) yet given the amount of questions we at Cloud53 receive about this element of managed services, clearly it is a much misunderstood way of doing things to those non IT people.

The diagram below should hopefully make this much simpler to understand using something as a Service that we all understand.

car as a service2

 

If interested in any IT services as a Service (aaS) then please do give Cloud53 a call

0 Continue Reading →

Distributed Denial of Service (DDoS)

ddos

Recently it seems that every week we hear of a major website being unavailable due to a DDoS attack but what is it and why is it becoming so common?

A DDoS attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example a botnet) flooding the targeted system with traffic.

It appears that along with these attacks becoming more common, they are also becoming more serious in the sheer bandwidth that is being used. Speaking to a recent victim they saw over 80Gbps being used against their IP’s, very few providers could sustain that bandwidth. To put this into perspective in Q4 of 2013 the average DDoS attack was using an average of 2.14 Gbps.

In recent months major names have been attacked such as the BBC (reportedly over 600Gbps), Sony PlayStation network, TalkTalk, Carphone warehouse and many more but why?

It would seem that essentially the groups doing this wish to extort money from their victims, using blackmail with the threat that if they do not pay then attacks will continue. However could you trust a black mailer not to do it again after payment? This is why it is generally reported that companies do not pay, however it seems reasonable to assume that some companies do pay as these sort of attacks cost money to implement and so they must be worthwhile to the criminals?

The type of payment is the issue in these ransom situations as payment is always instructed to be made in bitcoins and so is totally untraceable (if you know what you are doing). It is also thought that money gained in this way often finds its way to support worldwide illegal activity.

You don’t have to be a large company to suffer a DDoS attack but the attackers do go to where they believe ransom money is available, however if you do become a victim of a DDoS attack and subsequent blackmail it is best to treat it as an exercise to bolster your security and potentially test your DR strategy, it is not advised to meet the demands of the cyber criminals.

0 Continue Reading →

Hacking – why does it keep happening?

computer-hacker
Obviously this week the big story has been TalkTalk who it would appear have been hacked and potentially allowed details of 4 million customers into the wrong hands. This is the third large cyber-attack which TalkTalk have received and it is not at present clear why TalkTalk are targeted or who did it but it is far from being the only company that keeps being hit!
Most, if not all, large companies will receive cyber-attacks every day, it is unfortunately the norm. This is the reason why large companies invest in heavily in cyber security but being ahead of the cyber criminals isn’t easy. Around 1 million new malicious programs are created on a daily basis according to security firm Symantec.
It is extremely unlikely that any large company has not received cyber-attacks, it is also very unlikely that any of these large companies haven’t suffered a breach of security due to these attacks at some point. It is only the clever companies that are aware of these breaches and learn from them. It is likely that many companies will not know they have been breached which is much more dangerous than being aware!
Can it be stopped? Very unlikely, unfortunately it is just a case of staying one step ahead of the hackers which in reality is extremely difficult and expensive.

0 Continue Reading →

All White for Winter?

snowMAIN_1788610b

We know the weather predictions are always a tad dramatic with phrases such as ‘Arctic Freeze’ and ‘El Nino’ but it is worth paying attention to the fact that your business could suffer because of the winter. At present weather predictions for this winter are suggesting the El Nino (named Modiki) weather Phenomenon and reportedly maybe the strongest since 1950. In this year heavy snowfall brought chaos to much of the country with temperatures in some areas being as low as -22C with around 50cm of snowfall, certainly worse than the ‘big freeze’ which we remember in 2009/10.

The ‘El Nino’ happens when ocean temperatures in the eastern Pacific, near South America, rise due to a change in the normal wind direction, creating knock-on effects across the globe due to the amount of heat released into the atmosphere. The polar jet stream tends to move further south, and brings wetter weather across the Atlantic, which causes heavy rainfall in warmer months (we have certainly had this), but can bring snow in the winter.

So is your business ready in case we do have a bad winter? Typically in the UK a bad winter means the public transport system grinds to a halt or at best is a very poor service. The reason for this, apart from the weather affecting equipment and roads, is due to Staff not being able to get into work and so we get into a vicious cycle!

If your staff cannot get into work whether it be due to public transport or the highways what contingencies do you have in place to allow your business to continue? Should it just be for a single day most businesses will be fine, albeit probably lose some revenue, however if the weather spell lasts a week or more then it could be much more serious.

Points to consider:

  • Remote access – Do you provide remote access whether it be via Remote desktop, Citrix, Outlook web access. Is this setup for all staff? Are they aware of the details? Do you have enough licences? Does your internet connection give sufficient bandwidth for inbound connections?
  • Telephony – do staff have desk phones at home? Can staff access the telephone system through soft phones (PC or smartphone apps). Can diverts be put on remotely?
  • Backup – if using onsite backups who will change the tapes/disks? How will the data get offsite for safe storage?
  • Meetings – do you have video conference services available to take meetings internally and externally given that travel is limited?
  • Communication – are staff aware of the business continuity plan? How they will access systems? How will staff communicate?
  • Suppliers – depending on your business your supplier’s business continuity plans maybe extremely important if you cannot receive deliveries of vital goods and services – they should be asked the question.

 

Whilst we have seen predictions previously for heatwaves, bad winters and even the end of the world eventually predictions do happen so it’s always best to be prepared. Please get in touch should you be interested in any advice on the above (excluding weather forecasts).

0 Continue Reading →