Android Phone are becoming a high target for Malware authors!

imageCNET’s Dennis O’Reilly recently reported that more and more Malware Authors are creating code for Android phones that are showing up even on Google Play for download.

If you are not installing a security application then your phone is exposed. If you or your office workers are connecting your phones to your company network you are not only risking your phone’s information but you could also be exposing your company’s network to attack.

We have many products to help keep your systems secure including your personal phones so please let us work with you to lock down your security before it is too late.

Remember, security starts with you. Be careful with what you download and the sites that you visit. Attacks can come in many shapes and sizes. Keeping the bad guys out requires a multilayer approach to security that includes using a security program, only using trustworthy sites for downloads, and be sure you keep watch of your credit cards and bank statements to ensure that they have not been compromised.

One of our favorite security companies is Sophos and they have a free security app that you can put on your phone to help keep it secure. But if you want more control over the company security and company provided phones we have some more advanced products that work very well to keep your data and personal information secure and safe from prying eyes.


Update: Adobe Login Outage

One of the biggest worries about using online applications or connections is losing access to them for a time.

This is a message I received this afternoon from Adobe, at least they are being upfront about the issue:



Reemergence of Cryptolocker called CryptoWall

Beware! This is some pretty bad stuff that is coming through your email.

It looks like the latest variant of Cryptolocker, called CryptoWall, is coming through email.  So far, we have seen emails coming through with subjects of “You received a voice mail” or “Balance Sheet”.  Since this is a new variant, it is not being picked up by many antivirus programs yet.

As a reminder, do NOT open any email attachments unless you are expecting them (even if the message looks to come from someone you know).  If you are unsure if a message may be a virus, please check with us prior to opening it. 

If you have an Vertical MBX phone system like ours, your forwarded voicemails come from


Microsoft fixes Internet Explorer Security Flaw

Everyone has been reporting on the issue with Internet Explorer on all versions running on XP, Vista Windows 7 and 8 machines and versions of IE  v6.0 and up. This flaw gave hackers the ability to take over your computer if you click on a bad link. A very serious issue indeed.

This flaw has been fixed, even on your XP machines, but you will need to be on the internet and you need to turn on automatic updates to receive the patch. cNet has reported that:

The patch, delivered at 10 a.m. Thursday, comes out of Microsoft's usual Patch Tuesday cycle because of its severity. It affected IE 6 through 11 and allowed attackers to install malware on your computer without your permission that could be used to steal personal data, track online behavior, or gain control of the computer.

Dustin Childs of Microsoft Trustworthy Computing, the company's security group, said in a blog post.

"If you're unsure if you have automatic updates, or you haven't enabled Automatic Update, now is the time."

Of the decision to fix Internet Explorer 6, 7, and 8, the only versions of the browser that still run on the 12-year-old Windows XP, Childs was terse.

"We have made the decision to issue a security update for Windows XP users," he said, noting that "Windows XP is no longer supported by Microsoft" and that Redmond "continue[s] to encourage customers to migrate to a modern operating system, such as Windows 7 or 8.1."

Of the decision to fix Internet Explorer 6, 7, and 8, the only versions of the browser that still run on the 12-year-old Windows XP, Childs was terse.

"We have made the decision to issue a security update for Windows XP users," he said, noting that "Windows XP is no longer supported by Microsoft" and that Redmond "continue[s] to encourage customers to migrate to a modern operating system, such as Windows 7 or 8.1."


Beware of a scam going around in which a "Microsoft Support Person" calls about windows system errors on your computer.


Microsoft will NEVER call YOU direct.

Microsoft says people are now falling victim to it every day, as it can be very convincing. And while you may be tech savvy your friends and family members may still fall for this, especially the elderly . Pass this on!

How The Scam Works

Mr. Smith has had a lot of problems with his laptop, including lockups and blue screens.

So he was relieved when the phone rang and the caller said he was with Microsoft Tech Support. "He said I'm from Microsoft, and we have noticed that you have had a lot of viruses," Mr. Smith said.

The caller explained that Microsoft, during a routine scan of his system, found his filled with problems that were slowing it down.

"I was gullible," Mr. Smith admits. "He said he could show me where the viruses were, and so I let him take control of the mouse."
Mr. Smith says the man directed his to a webpage that, once he logged on, allowed the caller to take control of his computer (something security companies can do).

The man then called up an internal page on the laptop that appeared to show it overrun with viruses. It showed hundreds of "errors" and "critical alerts." Mr. Smith was alarmed.

"He said he could remove the viruses for a hundred dollars, on a credit card," Mr. Smith said.

But something about it made Eyster suspicious at that point, and good thing: It was all a scam.

So What's In Your Computer?

The errors they show you are not viruses at all.

"They are calling about Windows errors,"

"But everybody has Windows errors.

So immediately you are listening."

"He spent an hour on the phone and at the end of the hour they told him they were going to charge him $300,". Then she had to remove the "malware" that the caller installed.

It's Not Microsoft

Remember: Microsoft will never call you unsolicited.

The company says this is a foreign scam to collect credit card numbers and install malware.

But if you have PC problems, like Mr. Smith did, it's so convincing. "I believed it, and I bit like a fish," he said.

Bottom line: If Microsoft calls you, hang up.

If you are having computer problems bring it into our showroom and we can assess any virus or malware issues you may be having.

Call: 724-838-7526


789 East Pittsburgh Street - Greensburg, PA  15601

Monday - Friday 9:00 AM - 6:00PM - Saturday and Sunday Closed


RingCentral Mailing on Heartbleed Bug


Dear Customer,

In response to the Heartbleed Bug, we are reaching out to customers to communicate the status of RingCentral’s service.

The OpenSSL Heartbleed Bug is a critical security vulnerability that affected many Internet sites. More information on the bug can be found at

The RingCentral service was not vulnerable to the Heartbleed Bug.

Additionally, we have worked with our phone manufacturers. Only Polycom VVX phone models have the vulnerability, and this is being addressed by Polycom. We will push out the update once available. Cisco phones and the remaining Polycom phones are not vulnerable. Note that customer messages are not stored on the desk phones.

As always, we recommend that customers configure their local networks using best practices to ensure that the user interfaces on VoIP phones are protected by customer firewalls.


The RingCentral Team


©2014 RingCentral, Inc. All rights reserved.
RingCentral is a registered trademark of RingCentral, Inc.
1400 Fashion Island Blvd, San Mateo, CA 94404.
Terms of Service / Privacy Policy



Office Online will shortly be available as a chrome app…

imageI question the need for this but it could possibly be useful for some of you. While Office Online apps already work in Chrome they will shortly be available as a Chrome Application. I just tried using it on my Nexus 7 with no luck, all I was able to access was my mail, calendar and contacts. However, on a computer it came up just fine in Chrome. The Office Web Apps seem to be getting better and better with each iteration.

Since the Nexus screen is only 7 inches I’m not sure that it is a big loss not having it there but I would still like the option.

To access Office Online right now go to and sign in with your account information. If you don’t have an online account you can sign up here.

Let me know what you think of this…


Update from LogMeIn about OpenSSL

As you may be aware, a major vulnerability has recently been discovered for OpenSSL, the popular encryption software that powers 2/3 of the web. Some LogMeIn services and products rely on OpenSSL, including the LogMeIn Free and Pro hosts used in our popular remote access products.
We take the security of our customer data very seriously and at this time have no evidence of any compromise, but like many web companies, our security team took immediate action to proactively address the issue.
We've updated the LogMeIn host and related services to close the vulnerability, and we're advising that customers take the following precautionary steps:

1. Check to confirm you're running on the latest version of LogMeIn.

You can do that by hovering your mouse over computers in your Central or My Computers page on the site.
OR by right clicking on the LogMeIn icon in your systems tray and opening LogMeIn Control Panel and click on the About tab.
Windows PC Mac
Confirm version number and above for Windows or version number and above for Mac
If you are using an older version, please click the Check Updates button in the LogMeIn Control Panel (as described above), and update the software.

2. Change your Windows PCs or Macs passwords – This is for your computer login credentials only. You do not have to change your LogMeIn account login.

3. Take a minute to review our FAQ on the LogMeIn help site.

In addition, our security team continues to perform a rigorous diagnostic investigation to ensure the protection of our users, and will provide additional product-specific updates if necessary.
The LogMeIn Team


Bloomberg News Reports that some Android Devices might be susceptible to the Heartbleed issue as well…

Millions of smartphones and tablets running Google Inc.’s Android operating system have the Heartbleed software bug — a sign of how broadly the flaw extends beyond the Internet and into consumer devices.

Although Google said in a blog post last week that all versions of Android are immune to the flaw, it added that the “limited exception” is one version dubbed 4.1.1, which was released in 2012.

Security researchers said that version of Android is still used in millions of smartphones and tablets, including popular models made by Samsung Electronics Co., HTC Corp. and other manufacturers. Google statistics show that 34 percent of Android devices use variations of the 4.1 software. The company said less than 10 percent of active devices are vulnerable.

The Heartbleed vulnerability, which was made public last week, can expose users to hacking of their passwords and other sensitive information. While a fix was simultaneously made available and quickly implemented by the majority of Internet properties that were vulnerable to the bug, there is no easy solution for Android gadgets that carry the flaw, security experts said.

Even though Google has provided a patch, the company said it is up to handset makers and wireless carriers to update the devices.


Aruba Security: OpenSSL Vulnerability (Heartbleed) Update


We recently published an announcement for the OpenSSL 1.0.1 vulnerability ("Heartbleed Bug") that has been making big headlines this week.  This vulnerability is very serious because it can allow an attacker to get the private keys that are being used to secure the communication, making it possible to launch a man-in-the-middle or other impersonation attack.
Our engineering and support teams have reacted quickly and patch releases for all affected Aruba products have been made available. Our OEM partners, our customers with active support contracts and AirWave 8.0 beta customers have all been notified. Many members of our Airheads Community have already started taking action.
Which Aruba products are affected?

  • Affected versions: ArubaOS 6.3.x, 6.4.x and ClearPass 6.1.x, 6.2.x, 6.3.x. Previous versions of these products used an earlier version of OpenSSL that is not vulnerable.
  • Aruba Instant and Aruba Mobility Access Switches are NOT affected.
  • Aruba Central cloud-based management has been upgraded successfully.
  • Patch release for AirWave 8.0 beta is now available on our support site.
  • Patch release for Aruba Mobility Controllers running 6.3.x and 6.4.x versions of ArubaOS, including FIPS version, is now available on our support site.
  • Patch release for Aruba ClearPass 6.1.x, 6.2.x and 6.3.x versions of software is now available on our support site.

What’s your best course of action?

  • Understand that this is an industry- and internet-wide vulnerability and Aruba is not the only one affected.
  • We recommend that you review Aruba security bulletin before calling Aruba support. It is important that any affected infrastructure components are upgraded to the available patch release immediately.
  • As a pre-caution, it is recommended that you update administrative access passwords to Mobility Controllers and ClearPass after the software upgrade.
  • Security policy for some of you may require server certification on Mobility Controllers and ClearPass to be re-issued. If the ClearPass server certificate is updated, and you have utilized the “ClearPass Onboard” functionality to onboard employee mobile devices to the network will have to take one more step: you will have to educate your users to re-connect to the wireless network and onboard their devices again to download the latest server certificate.

Security update: Your Carbonite backup is safe


Dear Carbonite User,

As you may have seen in recent news, a major vulnerability has been exposed in OpenSSL, a popular web encryption software used widely across the internet. This vulnerability - dubbed Heartbleed - makes it possible for hackers to access information transmitted from your computer even though it is being encrypted via the HTTPS protocol.

Carbonite Personal and Pro subscriptions do not use the affected encryption software. Your personal data was never at risk. With Carbonite's Personal and Pro subscriptions, your data is protected by the following safeguards:

  • Encryption: Your data is encrypted while on your computer and securely transmitted to our data centers, where it stays encrypted.
  • Data centers: Our state-of-the-art data centers are guarded 24/7, employ temperature control and biometric scanners, and have backup generators in the event of a power disruption.
  • Third-party compliance audit: We recently completed a six-month audit with an outside firm to ensure all of our practices meet the strict federal guidelines of HIPAA and the AICPA guidelines for SOC 2. The external auditor found that we met or exceeded the requirements.

If any of your other online vendors have been impacted by Heartbleed and you use the same password as you do for Carbonite, we recommend changing both passwords. Your Carbonite password should only be used for our service, and data security best practices state that a password should be at least 10 characters, with capital letters, numbers and symbols. For more on changing your password, please refer to the Knowledge Base.

Thank you for trusting us with your data.


The Carbonite Customer Support Team


Lenovo Laptop Battery Recall

On March 27, 2014, Lenovo voluntarily recalled certain lithium-ion batteries. These batteries were manufactured for use with ThinkPad notebook computers that shipped worldwide between October 2010 and April 2011. Lenovo is offering replacement batteries free of charge regardless of warranty status.
View March 27, 2014 battery recall FAQs.
Lenovo sold the batteries with new notebook computers or as optional or replacement batteries on the models listed below.

  • ThinkPad T410, T420, T510, W510, X100E, X120E, X200, X201, X201s Series
  • Edge 11, Edge 13, and Edge 14 Series
  • Option P/Ns 43R9255, 51J0500, 57Y4186, 57Y4564, 57Y4565, 57Y4625, 57Y4559, 43R9254, 0A36277

These models may have shipped with 3-cell, 4-cell, 6-cell or 9-cell batteries.
Until a replacement battery arrives, you should turn off the system, remove the battery, and only power your ThinkPad by plugging in the AC adapter and power cord.

Lenovo apologizes for the inconvenience caused by this issue. Shipment of quality products always has been and continues to be the foremost concern.

Goto: for more information


Is your Xfinity modem a Public Hotspot?

An interesting subject was brought up at our Friday meetings couple weeks ago about how Comcast is testing a new service for making your Xfinity modem into a public hotspot for the community around you. They are doing this by creating a second signal for each device that is totally separate from the one that you use for your personal connection to the Internet through their modem. Comcast states that the secondary signal does not take away any of your speed for your side of the connection.

They also say that there is no cross connection, so you don't have to worry about somebody hopping onto your side of the network. This public access is only available to those Comcast subscribers of the Xfinity Wi-Fi network service.

"Comcast’s newest Wireless Gateway broadcasts two Wi-Fi signals," the company said. "By default, one is securely configured for the private use of the home subscriber. The second is a neighborhood 'xfinitywifi' network signal that can be shared. This creates an extension of the Xfinity Wi-Fi network and will allow visiting Xfinity Internet subscribers to sign in and connect using their own usernames and passwords."

This service is being piloted in Pennsylvania, New Jersey, Northern Virginia, and the greater Washington, DC metro area.

There doesn't seem to be much advantage to individual Comcast subscribers when they are at home, since anyone with a home wireless network can already set up a guest access for visitors. But subscribers could potentially benefit when their out of the house and happened to be near another Comcast subscribers wireless Gateway. Through a partnership with the CableWiFi Alliance, Comcast already has a network of more than 150,000 hotspots in more than a dozen US cities.

There been several discussions on the benefits of providing this type of service besides the obvious one of expanding a user subscription benefit, one being that it provides hotspot access for emergency use or emergency communications.

The Comcast says there is no problem with interference, one concern that I have is the number of channels that will be used in a highly concentrated area and what kind of degradation you can expect from doubling the impact from each of these connections. Are these motives intelligent enough to help with this type of issue is a question that needs to be answered. I know that with products like Aruba wireless networking that we run into this concern all the time. So I can imagine that this might not be an issue in apartment complexes where you would have many households that might be providing additional signals, congesting the airwaves.


Sophos Anti-Virus engine for Microsoft Windows - vulnerability notification


Sophos has recently been notified of a vulnerability in Sophos Anti-Virus Engine (SAV Engine) running on Microsoft Windows platforms. The vulnerability could in theory have allowed a remote attacker to manipulate the SAV Engine, which could result in protection being disabled or bypassed by an attacker.

This vulnerability affects the Endpoint Security and Control for Windows client included in our Endpoint/Enduser, PureMessage, and SharePoint products.

The vulnerability has been fixed in the January engine, which was released on the 22nd of January. If products are configured in Sophos Enterprise Console to use the “recommended” subscription, they will be updated automatically. This is the default setup, so only customers who have chosen to use ‘fixed’ or ‘previous’ subscriptions will need to take action to ensure they receive the update right away. Sophos Cloud customers and users of the standalone client will all be automatically updated.

At Sophos, we constantly invest in making our products as secure as possible. When security issues like this are identified, we prioritize fixing them as quickly and completely as possible.  We would like to thank the researcher, Graham Sutherland from Portcullis Computer Security Ltd, for identifying this vulnerability and for disclosing it responsibly.

If you have customers using SAVi or SAVDi:

From the January release onwards, SAVi and SAVDi on Windows will only run as one of the following user accounts or groups:

  • Administrators
  • LocalSystem
  • LocalService
  • NetworkService

If an application without these permissions attempts to use SAVi, it will receive the following error return code:


On SAVDi the error message will be:

“SAVI interface could not be initialized”

For additional information about this vulnerability, please see this knowledgebase article.


TeamViewer-One alternative for LogMeIn Free


imageOne of the major changes in product availability this past 7 to 10 days that has affected me the most has been the loss of the product called LogMeIn free. This product help me out quite a bit as a management tool between my home in my office PCs. I had made a significant personal commitment to this in purchasing mobile tablet versions of LogMeIn Ignition which allowed me to access my PCs using my phone and either android or IOS tablets. So initially I went back to using our internal product called ScreenConnect but it didn't provide the security that I wanted personally so I get back into the pool to look for another solution.

One of the products it had been bandied about in industry postings, was a product called Team Viewer which has a noncommercial free product and is very much like the LogMeIn Free product that I was leaving behind. I was surprised how quick the connection was to access each of my workstations, much faster than LogMeIn Free was. But the actual capabilities of the program shows at the product is not as mature as LogMeIn Free. It does pass through sound and video fairly well with only a slight degradation of the actual video stream and the sound quality is quite good so those two things are both positive. The actual screen display seems a little bit crisper but that might be my own imagination.

I would say that more than 90% of the things that I would possibly need in doing remote support are there so being a free product this makes this a very viable replacement to LogMeIn Free. It has a very nice file transfer function which allows you to move files between the two machines very easily and again amazingly very quickly. The program takes up just shy of 300 K in memory so it does not require too many resources to run in.

The professional version of TeamViewer also includes online meeting and online presentation modes, has a one time fee but still seems a little bit overpriced to me. It does run on Windows, Mac OS, Linux and most phone operating systems. But I'm not sure I would recommend this product over GoToMeeting, GotoMyPC or the professional version of LogMeIn you know they both have continuing costs over the years. I like the broader range of capabilities that are inherent in those products. One aspect to remember is that when you purchase a license of the commercial version of TeamViewer that you don't have to purchase a license for each of the machines that you are attaching to. Those clients are all free.

WebSite to download software

TeamViewer Brochure


“Free” LogMeIn is soon to be discontinued.

imageLogMeIn has been one of my favorite tools for years and I have been using the Free version for my personal use to connect to all of my PC’s for remote control. Now LogMeIn has pulled the plug on the free version. If you still want to continue using this product you will have to purchase the Pro version that costs $99 a year though there is a discount for the initial purchase to $49 for the first year. If you want some other alternatives take a look at these two Lifehacker articles. Hopefully they will be helpful in determining which direction that you want to go.

Five Best Remote Desktop Tools

Click to view Whether you want quick access to your home computer from anywhere in the world or you're the go-to IT person for your friends and…Read…

Use Your Home Computer from Anywhere: A Comprehensive Guide to Remote Controlling Your PC

Your home computer is the perfect machine. It's customized to your exact needs, runs all your must-have apps, and holds every important file… Read…

Just as a reminder, if you are one of our customers and your office operation consists of five or more machines, consider our security suite product that includes four security components that every business computer user should consider, antivirus, anti-malware and patch management. The fourth component is the that will interest you if you need remote access to your office machine. LogMeIn Pro is part of this package and when you consider the cost of all the components if purchased separately then our security suite is a pretty sweet deal. Just $5/month/workstation gets you all of this protection. That’s $60/year/workstation, compare that to the just the cost of LogMeIn by itself at around $99 per year plus your antivirus program, plus antimalware. If you want more information on this product please don’t hesitate contacting us at 1-800-640-7506.


CNET article about $2M gas station card-skimming scheme

imageInteresting article about 13 individuals being indicted for theft, fraud and laundering from devices that they installed inside gas pumps in New York state. This appears to be another version of the skimmer device that was inserted into ATM’s to do the same thing.

If you are interested in reading the article here…

This just brings to mind that you have to be extremely vigilant in tracking charges to your credit cards even from sources that you would normally consider safe.

"By using skimming devices planted inside gas station pumps, these defendants are accused of fueling the fastest growing crime in the country," Vance said in a statement. "Cybercriminals and identity thieves are not limited to any geographic region, working throughout the world behind computers. In this case, the defendants are charged with stealing personal identifying information from victims in southern states, using forged bank cards on the East Coast, and withdrawing stolen proceeds on the West Coast."


Vertical’s Voice Over IP Solution

imageOne of the nice things about the Vertical Telephone systems is that they are a Hybrid type unit. What that means is that it can handle both analog phone lines as well as IP Trunk lines and that the handsets can be both local, digital direct and can use an IP handset as well. In a recent test setup that we did for me to have a phone presence on our system from my home office we programmed an IP phone to connect to our internal MBX system. Vertical’s Edge 8000 unit will work on MBX IP®, SBX IP® and XTS IP® telephony systems. Once set up this unit gives you all of the features that you have with a regular digital phone set, just not as many buttons. All of the keys on the side are programmable so you can set them up for line presence as well as many other features. Priced at $265 this unit will give you a great addition to your current Vertical environment.



Protect your files from Cryptolocker

Sophos is one of our partners that we work with and just love their products. We have been selling their Firewall products for years and since they merged with Astaro we have been working with their the rest of the security software products as well. They have put together a little video that discusses How Cryptolocker encrypts your files and extracts a ransom.(see below).  Here is an excerpt from their demonstration site.

Our Support teams have put together a video demonstration (embedded below) that shows what Cryptolocker actually looks like and how it works.

We’ll show you what the file looks like when it infects a computer (claiming to be a PDF document), what happens when it executes, and how the cybercriminals expect you to pay up (they offer to let you pay in bitcoins). You’ll also see how layers of protection from Sophos keep this from happening.

Remember though—you really don’t want to try this at home. If you see the ransom message from Cryptolocker on your computer, it’s too late. Your files are already encrypted, and only the ransom-takers have the encryption key to set them free. It’s much better to protect yourself proactively and keep your files backed up. We don’t recommend paying the ransom.

For more information on this type of threat, you can also download our whitepaper on ransomware (registration required), or use our Knowledgebase.

Watch Cryptolocker in action!


Worst Passwords of 2013

imageThere are a lot of solution out their to help you keep track of and to make strong passwords for you online access to all of your sites. It is important to not only have strong passwords (ones that cannot be easily guessed) but also to have different passwords for each and every site that you access. That way if one is compromised then the rest of your secure sites are not compromised as well.

What Makes a Strong Password?

  • It needs to contain special characters such as @#$%^&
  • It must be at least 8 characters long.
  • It must not have any common words such as 123, password, your birth date, your login name and any words that can be found in the dictionary.
  • a variation of capitalization and small letters

For best protection every password you use should be unique and have the characteristics of what is a strong password listed above. You may be wondering how you are going to remember so many passwords when you have a problem remember just one! Try some of these tips in creating and remembering your passwords:

1. First, think of a thing, date, phrase, event, place or anything that is unique only to you. Make sure that it is at least 8 characters in length. What ever you come up with use this as the focal point for creating the rest of the password. Some people call this the salt phrase.

2. Many use the following to confuse the spelling by replacing certain alpha characters with specific special characters. You can come up with your own rules for doing this but commonly people use the following.

  • Replace all the ‘a’ with @
  • Replace all the ‘s’ with $
  • Repalce any space with %
  • Replace any ‘o’ with 0
  • Replace any ‘i’ with !

3. Then for each site use either the site name or something about the site additionally added to your salt term. You can even vary the placement of the two parts to even make it more unique. Come up with some rules to use to help you remember and you will be on your way to a much safer online experience.

Page 1 ... 2 3 4 5 6 ... 47 Next 20 Entries »