Tag Archives: Recent News

Posted on Author Atlantic Computer Services Categories Blog

Nvidia Drivers Should Be Updated For Security Issues

If you use a Nvidia graphics card, be aware that the company has recently released their first security patch of 2019, bearing the ID # 4772.  It’s an important one in that it addresses eight security flaws that leave un-patched systems vulnerable to attack.

It should be noted that none of the flaws addressed in this patch are rated as critical, but all are rated as high.

The issues addressed in the patch run the gamut of protecting your system. This ranges from denial of service attacks, to remote code execution, and in six of the eight cases, an escalation of privileges.

This patch is applicable across a range of Nvidia’s most popular products, including their GeForce, Quadro, NVS and Tesla graphics cards. So if you use Nvidia graphics cards, then odds are good that this patch will be of benefit to you.

This brings us to the topic of how to apply the latest patch.  If your system is Windows based, then applying the latest patch via the Windows control panel should be the only action needed.  If you’re a Linux user, then the specific steps you’ll need to follow will vary from one build to the next. It and may involve a bit of manual work, navigating to the Nvidia control panel after the driver has been updated.

Also note that if you have Nvidia products on your system, you can download and install an app called the GeForce Experience, which will alert you when a new patch is available and guide you through its installation.

In any case, this patch is important enough to warrant a special mention, as the issues it protects against are fairly high profile.  Make sure your IT staff is aware so they can put this one high on the list of priorities.

0
Posted on Author Atlantic Computer Services Categories Blog

Faster USB Standard Is Coming But There Are Complications

If you have a need for speed, you’ll be thrilled to know that USB 3.2 is on its way. It offers incredible transfer speeds up to 20GB per second, but there’s a catch that could throw a wrench into the works, or at least make things more complicated. At the most recent Mobile World Congress, it was announced that the new USB 3.2 specification will encompass both USB 3.0 and USB 3.1, which creates three different tiers of speed.

The three speeds include:

  • USB 3.2 Gen 1 will bear the moniker ‘SuperSpeed USB’ and will have transfer speeds of up to 5Gbps
  • USB 3.2 Gen two will be called ‘SuperSpeed USB 10Gbps, and as its name indicates, will offer transfer speeds that are twice that of the Gen 1 product
  • USB Gen 2×2 will be marketed as ‘SuperSpeed USB 20Gbps, with the promised 20Gbps transfer speeds

Of particular interest is the SuperSpeed USB 20Gbps product, marketed as 2×2.  It’s able to provide its impressive transfer rate because it utilizes “two lanes” of 10Gbps data transfer, but only when utilizing Type-C cables.  Fortunately, although Type-C cables got off to a bit of a rocky start, those issues are now a thing of the past. USB-IF is encouraging device manufacturers to copy their SuperSpeed nomenclature in an attempt to minimize end-user confusion.

Despite it being a bit more complicated than is necessary, this is very good news.  Transfer speeds have long been something of a bottleneck, and the new tech (USB 3.2 SuperSpeed Gen 2×2) is a welcome addition to the ecosystem.  Look for it to start being available later this year.

For the time being, there’s nothing to be done, except perhaps to make sure you’ve got a little extra money in the budget to spring for the new tech when it becomes available.

 

0
Posted on Author Atlantic Computer Services Categories Blog

Bots Are Attacking Retail Sites On A Large Scale

If you own a retail business, an attack known as “credential stuffing” is the latest online threat to be concerned about.  If you’re not sure what that is, read on and prepare to be dismayed. According to the 2019 State of the Internet, Retail Attacks, and TPI Traffic Report published by Akamai, there has been an surge in large scale botnet attacks against businesses, with retail outlets being the hardest hit.

In fact, according to the report, between May and December of 2018, there were approximately 28 billion credential stuffing attempts made.  One of the web’s largest retail sites suffered over 115 million bot-driven login attempts in a single day.

A spokesman for Akamai had this to say about the report:

“The insidious AIO (all-in-one) bots hackers deploy which are multi-function tools that enable quick purchases by leveraging credential stuffing and a number of evasion techniques, allowing a single AIO bot to have the ability to target more than 120 retailers at once.

A successful AIO campaign may go completely undetected by a retailer, which might see the online sales and record-setting transactions as proof its product is in demand.  They’ll have little to no indication that its inventory clearing was automated and used to fuel a secondary market or scrape information from its customers.”

In most cases, the damage caused by credential stuffing attacks is limited.  Customers whose accounts are compromised may find that they lose points or perks, and that unauthorized charges are made on their accounts. In some cases, a credential stuffing attack could lead to an attacker gaining a foothold inside your corporate network.  Also, large and pervasive attacks could strain web resources and have (on more than one occasion) crashed a web server.

Even in cases where your business isn’t directly impacted, an attack on your customers’ accounts is still an attack on you.  Unfortunately, with so many stolen credentials available on the Dark Web, it’s a notoriously difficult problem to come to grips with.  The best thing you can do is remain vigilant and maintain excellent communications with the customers you serve.

0
Posted on Author Atlantic Computer Services Categories Blog

Progressive Web App Office Software Coming To Windows 10

Microsoft has recently announced a new addition, coming soon to the Microsoft Store.  A free Office progressive web app (PWA), which is slated to replace the My Office app that comes pre-installed on Windows devices. The new app is functionally similar to the Office App you’re currently using, but it brings some exciting new features into play that users and IT managers alike will love.

In addition to being a central window giving you a birds’ eye view of your recent documents, contacts, and various Office files (Word, Excel, PowerPoint, Outlook), it also serves as a bridge between working offline and working online with Windows 10.

Users will be able to access Office apps installed locally on their devices, as well as web apps. They will also have a view into locally stored files as well as files stored on the cloud, which in the Microsoft ecosystem, generally means SharePoint and OneDrive.

In addition to that, because it’s a Progressive Web App, it can work offline as well and be pinned to the taskbar, just as you can do with a native Windows App.  The only catch is that you’ll need to be running the 1803 version of Windows 10 (or later versions) to make use of the new capabilities.

Although individual users will no doubt find a lot to be excited about, the company’s own statements make it clear that they’ve designed it with IT managers specifically in mind. That is, given that it will allow managers to customize the Office app with company branding and allow users to access a variety of third-party apps through the lens of the Office app.

In tandem with this announcement, Aaron Gustafson (from the Microsoft Edge browser development team) also announced that the next version of Edge will be built around Chromium and will allow users to install PWA’s from the browser itself. That build brings Edge back to par with both Google Chrome and Mozilla’s Firefox.

These are all excellent moves, and we can’t wait to start playing with the new app.  Kudos to Microsoft.

0
Posted on Author Atlantic Computer Services Categories Blog

Google Security Device Had A Microphone Nobody Knew About

Google has found itself in hot water for something they claim to be an honest mistake and oversight. Owners of the company’s popular Nest Guard (the centerpiece to their Nest Secure home alarm system) have recently discovered a microphone hidden in the guts of the device.  The microphone wasn’t mentioned in the product’s specification sheet, which has creeped out consumer groups around the country and the world.

Google claims that their intention from the beginning was to incorporate Google Assistant functionality into the design. This of course would necessitate the presence of a microphone, making their failure to mention it nothing more than an oversight. Unfortunately, consumer groups don’t seem to be finding that explanation convincing, which explains the push back the company is suddenly getting.

To be fair, Google Assistant functionality would be a superb addition to Nest Secure, but people should be aware of what precisely they’re getting when they open their wallets and buy a new product.  Especially given the fact that there have been a number of high-profile instances where data captured by microphones embedded in a variety of consumer products has already been mishandled and misused.

It ultimately doesn’t matter how many people would or wouldn’t have made the purchase had they known about the presence of the microphone.  The central issue is that they purchased a product without realizing it could be used to record them.

These days, privacy concerns are increasingly on everyone’s mind and with good reason.  Every day, what remains of our privacy seems increasingly under attack.  Innocent oversight or not, this was an unnecessary invasion of that privacy, and advocacy groups are justified in calling the company out for it.

If you don’t yet own a Nest Secure, but have been considering buying one, be aware.  There’s a microphone embedded in it.

0
1 192 193 194 195 196