About Geeks-r-Us, Inc.

About Geeks-r-Us, Inc.

The principals of Geeks-r-Us, Inc. have served the computing industry in SW Florida for more than 35 years... More »

Our Clients

Our Clients

We value our clients, and enjoy working with the premier legal, non-profit, and service sector organizations in the southeastern United States. More »

Our Services

Our Services

We offer a full range of proactive management and security services to protect your data, systems, and staff from cyber-intrusions and system failure. More »

Unified Communications

Unified Communications

Are you as \"connected\" as you need to be? Let the Professionals at Geeks-r-Us perform a Communications Services VoIP Assessment for your firm. More »

 

Category Archives: Blog

The Eleven Critical Tips for Successful Videoconferencing: Part 2- Be Prepared

Intro

Practice Your Meeting, Don’t Try to Learn the Tech On-the-Fly

Dress For Success (and groom for it, too. And sit up straight, darnit)

Fine-Tune your Camera Position

Avoid Common Screen Sharing Snafu’s

The Eleven Critical Tips for Successful Videoconferencing: Part 1- Location, Location, Location

The start of any good meeting (in person or virtual) always begins with your meeting preparation. And just like any good realtor will tell you, it’s all about “location, location, location.”

LIGHTS: Your computer should be positioned so there is no bright light behind you. Keep your light in front of you, and at no more than a 45 degree angle to being directly in front. If you are doing evening calls, be aware that your computer screen can add additional light to your face.

Many people have invested in “ring lighting” and other fancy attachments for their computer/cameras. If you want to invest $2-300 in upgrading your lighting (and camera, and maybe a newer computer to handle the higher resolution, oh and don’t forget faster Internet at home…) that’s great – but wait until you’ve done all our recommendations here and you know exactly what you need (and how often you’re going to need it) to be successful.

Man on toilet with laptop computer
This is not the best location for video conferencing.

CAMERA: Raise your camera up to just a smidge below eye level (yes, that is a technical term). Use books, a higher tabletop, or even a stool to place your computer on (assuming a notebook with a built-in camera) so that for others in the meeting their view of you is eye level. Always be certain that you center yourself on your camera frame, and that your head is slightly above center vertically in the view without cutting off the top of your head.

Find someplace quiet; while you may be used to the kids screaming, barking dogs, trash pickup day, and the neighbors deathmetal polka band rehearsing next door, they are all distractions to the rest of your meeting team. Be aware of the small things (air conditioner, dishwasher, etc) that may not seem loud to you but are right in line with your microphone. If you can’t avoid ambient distractions, consider using earbuds or headphones with your computer. While wireless is all the rage, if you have wired (since you won’t be moving away from the computer) will eliminate problems or interference issues with Bluetooth headsets.

ACTION: 
Remember that with children and spouses around, the kitchen may not be the best room in the world to set up for your meeting. Unless you need to channel your inner Julia Childs it’s best to be somewhere that isn’t likely to be heavily trafficked and you interrupted. If you didn’t hold budget meetings at work in the office lobby last year… well, you get the idea.

On the subject of “where” – think about what is showing in the frame behind you. That funny “fart” award that your crazy Uncle Bunky gave you when you were twelve may be a cherished family heirloom, but it will detract from the proceedings as it peers over your shoulder at the virtual board meeting of the Civic Betterment Society of Bedford Falls. If you need to, have a close friend check out the view for you. Sometimes we get so used to odd belongings, a frayed chair, or that door frame chewed up that time a raccoon wandered into the house, that we don’t realize they may not telegraph the image we want to present to our co-workers, clients, etc.

I can’t finish this section without reminding everyone that while we will make the appropriate noises of approval (no one wants to be “that” person, after all), interrupting the meeting to show off your pet, child, or spouse is annoying. You didn’t bring them into office conference room so they could run around the table barking (or yelling), so no one really needs to see them via camera, either. A quick introduction or acknowledgement if they happen to inadvertently wander into the frame (You’re not in the kitchen, right?) is all that is needed.

NEXT: Part 2: Be Prepared

The Eleven Critical Tips for Successful Videoconferencing: An Introduction

Videoconferencing: A wonderful, almost magical technology that lets us stay home in our pajamas drinking rum coladas and playing with dogs during business meetings. There is a dark side, however, and that is the home, pajamas, rum, and dogs among a list of other no-no’s when conducting or participating in virtual meetings from your personal castle.

These tips apply whether you use RingCentral Meeting, Zoom, Skype, FaceTime, Google Meet, Hangouts, Microsoft Teams, or any of the other video chat services out there. If you’ve done any number of meetings so far during the pandemic isolation you’ve likely already encountered boorish video behaviours from your co-workers, and watched more than one meeting head suddenly south by the introduction of their “most precious and beautiful little poopsie-oopsie EVER!” (and we can only hope that was introducing an adored pet and not a spouse).

Woman at desk videoconferencing

But, oh newbie to the work-from-home movement, be not discouraged: There are lots of tactics you can use to make sure that you’re contributing positively to your video chat or videoconference.

We’ve gathered the most critical of these tips (which we’re posting over the next three days) and grouped them as follows:

  • Be Aware of your Location
  • Be Prepared for the Meeting
  • Be Attentive to the Meeting

We’ll also wrap up with a How-to-Wrap-Up at the wrap-up. by the end of this series, you’ll  be ready to vidconf like a pro!     Stay Tuned!

 

Is it Bad When Security Companies Leak Data? You Betcha…

This morning being The Dawning of the Age of GDPR (the European Union’s new regulations regarding privacy and data retention by businesses) I was glad to get an early start into all of the emails requiring my assent for them to keep sending me “stuff”, (I hope that about 80% take me off their email lists, but that’s another for another post).  I did, however, decide I wanted to read the latest white paper on Cyber Security from well-known Security and Compliance services firm AlienVault.  Oops…

Imagine my surprise when, after clicking on the new GDPR-mandated website box saying that yes, I know they’ll keep my data and relentlessly spam and call me, their marketing system popped open a new screen that dropped me into their SalesForce interface and started spewing 1,000+ emails of their clients and prospects from the system.  There’s no telling if this error was caused by SalesForce, the marketing automation platform Marketo, or just bad coding on the part of AlienVault employees, as all three company platforms were exposed in the code and data dump that took place. It should be noted that this wasn’t a web page that acted up and started showing its source code, it opened up an unencrypted form on the AlienVault web site that appeared to allow queries and posting to their SalesForce leads database via Marketo. I did not query their system for any information, the long, long list of emails were already displayed on the page. While I understand that “stuff” happens, for a security company to have such an egregious issue on the very first day of heightened regulation looks bad.

For the record, we do not use AlienVault (or any of the other companies mentioned above) in our service offerings.

New Ransomware Looks Like Your Office Copier

A second wave of the Locky ransomware variant called IKARUSdilapidated has been identified by security experts. The source of the ransomware is a botnet of zombie computers coordinated to launch phishing attacks that send emails and attachments appearing to come from a targeted recipient’s trusted business-class multifunction printer.

This is the second wave of IKARUSdilapidated ransomware spotted in the past month, according to Comodo Threat Intelligence Lab. The original attack, first identified on Aug. 9 and lasting three days, utilized spam messages that contained little to no content along with a malicious Visual Basic Script attachment.

 “This is a more mature campaign, targeting office workers whose workstations are part of a corporate network linked to multifunction scanners and printers,” said Fatih Orhan, director of technology at Comodo, in an interview with Threatpost. “As many employees today scan original documents at the company printer and email them to themselves and others, this malware-laden email will look very innocent.”

Emails part of the campaign use a popular printer model in the subject line to trick users into thinking the messages are legitimate. One such message reads, “Scanned image from M-2600N”. MX-2600N is the model of a leading enterprise-class Sharp multifunction printer. Messages contained malicious JavaScript attachments that if clicked on initiated a dropper program that downloaded the IKARUSdilapidated ransomware.

An easy solution to this is to always involve your trusted IT professional in the purchase and configuration of these devices, so that the subject line can be changed from the default and your staff and trading partners know what is and [more importantly] is not a legitimate email from your multi-function scan devices.  Your copier technician is rarely trained in these matters. We recommend that you limit scan and email to only off-site personnel, and using file-share delivery whenever possible.

 

[Threatpost: New Locky Variant ‘IKARUSdilapidated’ Strikes Again – 30 AUG 2017]

Election Equipment Vendor Exposes Voter Data Online

[EDITORS NOTE: This manufacturer is the same firm that makes the voting equipment used in Lee County, Florida]

Voter registration data belonging to the entirety of Chicago’s electoral roll—1.8 million records—was found a week ago in an unsecured cloud “data bucket” configured for public access.

The data was a backup stored in the cloud by Election Systems & Software (ES&S), a voting machine and election management systems vendor based in Omaha, Ne.

Researchers from UpGuard made the discovery last Saturday and privately reported the leak to a government regulator who connected them to the Chicago FBI field office. The FBI then notified ES&S, which immediately pulled down the data from the Amazon Web Services system.

Amazon buckets are configured to be private by default and require some kind of authentication to access what’s stored in them. For some reason, ES&S misconfigured its bucket to public months ago, opening the possibility that others had accessed the data before UpGuard.

ES&S confirmed in a statement that the copy of the backup file, a .bak or Microsoft SQL backup file, contained 1.8 million names, addresses, dates of birth, partial Social Security numbers and in some cases, driver’s license and state identification numbers. Jon Hendren, director of strategy at UpGuard and the person who found the exposed data, said that the databases also included fields indicating whether a voter was active. About 1.5 million of the records belonged to active voters.

There were two folders in the AWS bucket, Hendren said, containing about a dozen backup files, about 12GB in all. Also in the folder was some information on ES&S security procedures that included the hashed email passwords of ES&S employees. While the personal information of voters exposes them to fraud via phishing and other scams, the employee data poses a serious threat in another direction.

“There’s no telling how far a nefarious actor could get if they’re willing to use those credentials,” said Chris Vickery, UpGuard director of cyber risk research who has found other similar leaks via Amazon buckets. “There’s no way to tell if they would be able to infiltrate ES&S networks or systems, but the potential is there.”

ES&S sells a number of different electronic voting systems and vote tabulators. The City of Chicago is a customer of theirs, and it’s unknown what type of work was being done with the data or why it was being stored in a publicly accessible bucket.

“The backup files on the AWS server did not include any ballot information or vote totals and were not in any way connected to Chicago’s voting or tabulation systems,” ES&S said in a statement. “These backup files had no impact on any voters’ registration records and had no impact on the results of any election.”

The City of Chicago Election Board said it was notified of the breach by the FBI last Saturday afternoon at 5:37. By 9:44 p.m., the board said ES&S had taken the server offline. The board said in a statement that no systems, websites or servers managed by the board were affected and that none of its sites or networks reside on AWS.

“We were deeply troubled to learn of this incident, and very relieved to have it contained quickly,” said Chicago Election Board Chairwoman Marisel A. Hernandez. “We have been in steady contact with ES&S to order and review the steps that must be taken, including the investigation of ES&S’s AWS server. We will continue reviewing our contract, policies and practices with ES&S. We are taking steps to make certain this can never happen again.”

Vickery said it’s unknown whether anyone else accessed the data, nor whether ES&S had logging configured and enabled.

“Given the bucket name was easy to guess (“Chicago DB”) and had been up many months before I noticed it, I would say the chances of me being the first one are slim,” Hendren said.

Vickery added that ES&S websites do not have SSL enabled. A web-scanning and ranking service called CSTAR run by UpGuard determined the ES&S also falls short in that it does not have HSTS turned on, nor does it use HttpOnly cookies, secure cookies, DMARC or DNSSEC. It also displays the server information header.

 

[Threatpost: Vendor Exposes Backup of Chicago Voter Roll via AWS Bucket- 22 AUG 2017]

Lawyers E-Discovery Error Leads to Release of Confidential Client Information

A lawyer representing Wells Fargo in a lawsuit subpoena request has explained how she inadvertently turned over confidential information about thousands of bank clients.

Lawyer Angela Turiano of Bressler, Amery & Ross had overseen the e-discovery conducted by a vendor and turned over the documents to a lawyer for a defamation plaintiff without realizing she was releasing information about wealthy Wells Fargo clients, the New York Law Journal (sub. req.) reports.

The plaintiff and his lawyer told the New York Times about the release. According to the Times, the information consisted of “a vast trove of confidential information about tens of thousands of the bank’s wealthiest clients,” including customer names, Social Security numbers and financial data.

The information was turned over in a suit filed by former Wells Fargo employee Gary Sinderbrand against his brother Steven Sinderbrand, also a Wells Fargo employee. Gary Sinderbrand had sought emails between Steven and the bank through a third-party subpoena request.

In an affidavit, Turiano said she used an e-discovery vendor’s software to review what she believed to be a complete set of results and marked some documents as privileged and confidential. She did not realize she was using “a view” that showed a limited set of documents.

“I thus inadvertently provided documents that had not been reviewed by me for confidentiality and privilege,” she said.

Turiano also said the documents she flagged for redaction were not redacted before they were produced. “I realize now that I misunderstood the role of the vendor,” she said. “Finally, I now understand that I may have miscoded some documents during my review.”

According to the New York Law Journal, “The event highlights the increasing risks of relying on unfamiliar e-discovery technology—and the potential liability exposure to lawyers.”

Judges in New York and New Jersey have issued orders barring further release of the documents, requiring the plaintiff to delete any document copies, and requiring the plaintiff to give the digital file to the court for safekeeping.

 

[ABA Journal: Lawyers e-discovery error led to release of confidential info on  thousands of Wells Fargo clients- 27 JUL 2017]

Gizmodo Previews the Latest in Windows 10 “Stuff”

breaking down the Surface Studio and all the new stuff coming to Windows 10 Pro: