Two major security flaws have been announced this week which are said to affect all Intel and some AMD and ARM processors. This has led to a surge of patches and updates being released by vendors that we feel is important to share with you.
What do we know?
The exploits are called Meltdown and Spectre which take advantage of critical vulnerabilities in many modern computer processing units, or microchips made by Intel and potentially ARM and AMD. Both attacks circumvent security built into major operating systems hence the need for fixes and patches.
It is important to note that no known exploits can take advantage of these vulnerabilities at present, however we would encourage that you follow good security practice to mitigate these risks and apply the fixes and patches relevant to your environment.
From a Nouveau perspective we are monitoring the situation and we will apply patches (if required) and updates to customers who have a support agreement with us. You should expect further communication from us on our course of action. If you do not have an existing support agreement with us, but would like help in terms of what steps you should be taking to ensure the security of your systems, then please get in contact.
For more guidance around these exploits, please visit the National Cyber Security Centre for some practical advice and more information.
Nouveau Vendor Updates:-
Intel and Linux have developed tools to detect and mitigate the Meltdown and Spectre vulnerabilities in Windows and Linux. See INTEL-SA-00075 Detection and Mitigation Tool (Windows) and INTEL-SA-00075 Linux Detection and Mitigation Tools (Linux) for further information.
Fortinet: strongly recommends upgrading to their latest publicly available software versions. For more information go to https://fortiguard.com/psirt/FG-IR-18-002.
Microsoft: have released updates, but we would encourage you to check your antivirus software before applying any fixes.
We are passionate about security. Passwords are currently an important part of everyday life, but slowly they are fading into the history books. When King Password dies, who is his heir? Read on to find out.
Passwords are passing; their time is slowly coming to an end. Their existence has persisted for year upon year, almost becoming an expected aspect of everyday life. There is rarely a day where you don’t use your password: whether you are logging into your emails or social media, it is almost muscle memory when you are plugging those special characters into your keyboard.
Passwords can be emotionally semantic… or maybe not. Most passwords, according to a 2016 KeeperSecurity study, are comprised of pet names, hometowns, childhood memories or someone special’s birthday, making passwords an extension of one’s personality. However, perhaps you are not attached to yours like some are. Perhaps your password is a carefully calculated string of nonsense, complexed and more secure than something that can be guessed by taking a quick look at your Facebook page. Either way, your password is still your password.
Well unfortunately for the semantic bunch, online security is getting ever-more sophisticated and passwords are on their way out. Seriously. Bill Gates stated at the RSA conference in 2004 that “people are going to rely less and less on passwords” as “they just don’t meet the challenge for anything you really want to secure”. Looking at how innovatory hackers have become, it’s clear Gates was right. Hacking has plagued our internet for as long as it has existed. It seems as if it’s only getting worse. From Ransomware like WannaCry and CryptoLocker to simple password cracking algorithms such as Aircrack-ng, businesses and people’s personal lives are at the crux of a world-wide epidemic that doesn’t seem to be slowing down.
If passwords aren’t the solution anymore, what is?
1: Two-step verification
Already adopted by the likes of Google and Microsoft, two-step verification provides users with an extra layer of security, rather than replacing passwords altogether. Consider it a ‘double check’, just to verify that it is you who is trying to login. It works like this: you type your password in, and the service will send you a push notification on a personal mobile device to confirm your login. This works because if someone has your password and is trying to login to your account, they are unlikely to also have your mobile phone in their pocket too. Right?
Two-step verification has been used by banks for online banking for years in the form of a Secure Key card or a Card Reader, but it’s only been hitting regular accounts like email and social media in recent years.
In 2013, the iPhone 5s was released: the first mobile phone with a fingerprint scanner for secure login. Since 2013, almost every brand has released a mobile device with a fingerprint scanner, ranging from mobile phones to even laptops and computers.
Not many people, however, understand the differences between the two main types of finger print scanner: optical and capacitive. Optical readers obtain a digital depiction of our fingerprints using light sensitive diodes that navigate the peaks and troughs of the finger. This information is stored and must be replicated when the device is trying to be accessed. Capacitive, the more secure version of the two, uses an electric current to identify and analyse the biology of one’s finger, and stores the information similarly to the optical variant. The electrical current varies depending on the image of our finger. The image the electrical current provides is more specific that an optical resolution.
Unless the hacker has somehow obtained your finger, they are unlikely to be able to access your devices and accounts using this method.
3: Facial Recognition (Biometrics)
At one point in time this technology was only ever seen in spy movies: iris recognition and physical feature identification. The only phone on the market (as of 04/09/2017) with this technology, the Lumia 950, uses Windows Hello to incorporate this security measure. The front facing camera opens and recognises the users eye using infrared light and matches it based on a stored image that the user activates when they first set up their device. Eventually, this along with fingerprint scanning could be combined to create the ultimate two-step verification process; a fingerprint and an image of your iris!
Although not implemented into everyday life yet, it can be expected that iris and fingerprint recognition will be used to access simple accounts such as your emails and social media instead of passwords. Very secure!
4: Heart Rate
What? Heart rate? Yes, you read that right.
A heart rate security system is based on an individual’s heart beat and uses the recorded data as an authentication system. Although like fingerprint scanners, there is one huge benefit to this style of authentication security. You do not need to touch anything. No need to touch a fingerprint scanner, type on a keyboard, pick up a phone… the list could go on. Why? Heart rates can be detected under the radar, completely behind the scenes, using bands such as the Nymi Band.
It works like this. Everyone’s heartbeat is completely different. It doesn’t just come down to heartrate. The size of the heart, the positions of the valves, the exact shape of the heart all influence the exact type of beat that occurs. Collecting this data in the form of electrical signals, like in an electrocardiogram allows completely unique authentication that is near impossible to replicate.
Again, it’s very unlikely that the hacker will have access to your heart – by that point I doubt you would really care whether or not they get into your accounts or not.
5: Single and temporary passwords
Single and temporary passwords are random number generated (RNG) codes that give access to accounts for a short period of time.
This method has been deployed mainly in password recovery systems. The user will specify a mobile number for their account and when they request to change their password an SMS message will be sent with a login code to change it. The benefits of this remove the need to go through extra security questions such as “who was your first employer” or “what was the name of your first pet”.
Other forms of this system are used as a primary login strategy. An example would be Yahoo!’s temporary code system that is used every time a user logs in.
Additionally, the use of this system can be seen in verification processes, for example within Steam Guard. Steam Guard is a security measure put in place by Valve Corporation to protect Steam users from video game trading scams. Whenever a user wishes to trade an inventory item, or logs in on a new device, a push notification lasting 30 seconds including a RNG based code will be sent to their mobile app to confirm the process of trade or log in. If the user misses the code, a new code will have to be generated and the old one will not work.
ONE DAY A PASSWORD WILL SIMPLY A BE A DISTANT MEMORY; AT LEAST YOU WON’T EVER HAVE TO CLICK THAT “FORGOT PASSWORD” BUTTON AGAIN… UNLESS YOU LOSE A FINGER OR TWO.
~ by George Balaam
We would like to welcome Ryan Bray to the Nouveau sales team. We are very excited that he has joined us and in order to get to know him a little better we thought we would ask him a few questions:-
1) Ryan – what attracted you to Nouveau?
My attraction to Nouveau consisted of two elements: the first was the people I met during the interview process and how all of the team share the same ethos of working with clients for long term success, and not just for short term transactional business.
The second element was, apart from the fact that the range of Solutions that Nouveau can provide is nothing short of amazing, but the depth and ability to deliver in-house. This demonstrates a real investment in people and a well thought out strategy to help our customers overcome their business challenges with innovative IT solutions.
2) What do you feel you can offer Nouveau?
My previous roles in Service Sales has often involved wearing multiple ‘hats’. My hands-on, sleeves-rolled-up and coordinated approach, working tightly with cross-functional teams has been an effective method in delivering client success. I am very versatile and enjoy not only the challenge of the sale, but also how can I help make our business run smoother and more efficiently. I have been an integral part of business improvement projects in the past and will be actively engaged to help the business grow.
3) What excites you about your future at Nouveau?
Being part of something great! Nouveau has a long history of successful client engagements, and to be part of the team that can drive our future client engagements to the next level is exciting.
4) How long have you been working in sales?
I have been in IT Sales for about 17 years. My passion for sales started when I was about 9 years old, and used to buy ‘Goody Bags’ of sweets from a local shop and then resell them at school for 100% mark-up. Business was booming until the Head teacher pulled me aside and asked me to stop as I was putting the school tuck shop out of business!
5) What are some of your biggest achievements in your career so far?
I have run my own business and I have been instrumental in the development of a new Global Service delivery programme which enabled me to win back a very challenging (and big) customer which was really rewarding.
6) What are some of your interests?
When I am not busy with my two kids, I love being active outdoors (I climbed Snowden in April and hope to take on Ben Nevis next spring). I’m also a keen and competent Sailor, taking part in the Round the Island Race in July, where we took second place in our class. I also love riding motorcycles (though I am currently without wheels ?), snowboarding and skiing.
7) How have your first few weeks been?
The team have been really supportive, and have not got sick of me asking loads of questions! Well, not yet, anyway!
Cyber-crime is constantly on the rise, with virtually all UK businesses exposed to cyber security risks according to a 2017 Government survey.
Last year, 46% of UK businesses have suffered a cyber-attack of some sort, and without comprehensive IT security, many of these businesses have suffered as a result – either through decreased customer trust or the actual theft of money and personal information.
WHAT IS CYBER SECURITY?
Cyber security encompasses the technologies, processes and practices that are put in place to provide protection from cyber-attacks that are designed to inflict harm against a network system or access data without authorisation.
The very best kinds of IT security for your business will offer a comprehensive solution to protect against a diverse range of issues. Ideally, your solution needs to include a firewall, anti-virus, anti-spam, wireless security and online content filtration. Discover how your business can benefit from a layered security approach with Fortinet Security Fabric.
THREATS TO YOUR BUSINESS’ IT SECURITY
Adware is a form of computer virus which fills your computer with advertisements and is a fairly common form of cyber-attack. Adware can often allow other viruses to enter your computer once you’ve accidentally clicked on them.
Ransomware is a type of malicious software that designed to withhold access to an individual’s or business’ computer system until a sum of money is paid.
Spyware is a form of cyber infection which is designed to spy on your computer actions, and relay that information back to the cyber-criminal.
The best IT security can prevent these types of viruses from taking effect and ensure that your data remains private and confidential within your workplace.
WHAT ARE THE BENEFITS OF CYBER SECURITY FOR YOUR BUSINESS?
- Protection for your business – cyber security solutions provide digital protection to your business that will ensure your employees aren’t at risk from potential threats such as Adware and Ransomware.
- Increased productivity – viruses can slow down computers to a crawl, and making work practically impossible. Effective cyber security eliminates this possibility, maximising your business’ potential output.
- Inspires customer confidence – If you can prove that your business is effectively protected against all kinds of cyber breaches, you can inspire trust in your customers that their personal data will not be compromised.
- Protection for your customers – ensuring that your business is secure from cyber threats will also help to protect your customers, who could be susceptible to a cyber breach by proxy.
- Stops your website from going down – if you are business that hosts your own website, a potential cyber breach could be disastrous. If your system becomes infected, it’s possible that your website could be forced to close meaning you will lose money as a result from lost transactions.
INDUSTRY LEADING CYBER SECURITY SOLUTIONS FROM NOUVEAU
We are proud to offer a diverse range of cyber security features and IT security solutions to help you enjoy the optimum levels of cyber security throughout your business.
For more information, or to take advantage of our great cyber security options today, get in touch with our expert consultants on 0118 918 6822 – alternatively, you can fill in our contact form, and we’ll get back to you shortly.
Hello! My name is George Balaam and I started working at Nouveau Solutions on the 21st August as a Marketing Apprentice. I will be working with Berni to ensure that Nouveau Solutions maintain a consistent standard of communication both internally and externally across all marketing platforms.
My role at the company will also play a part in managing and updating Nouveau’s store as well as building rapport with our customers via social channels such as Twitter and Facebook. I am looking forward to engaging with as many of our customers as possible online so please connect with Nouveau if you haven’t already. I am hoping to develop cohesive templates across our marketing communications to strengthen the overall image of our brand. Information on websites and on other external assets will be adapted to serve the needs of our customers so that our role as a business is easier to understand. I am looking forward to my future here at Nouveau Solutions and I am ecstatic that this opportunity has been given to me.
~ George Balaam