Did Network Solutions Have a Massive eMail Breach?

Not sure, but this past few days gave me some strange indications that something was up on more than my client’s accounts. It all began with his hard drive (the actual hard drive assembly) having a complete failure. All data lost for regular recovery methods, this is one where the drive has been sent to a specialist that can possibly bring a dead drive back to life. Lesson all too well learned: Have backups.
Net impact of the failure of the drive: Time to upgrade to a new computer that supports RAID 1 (mirroring), so there is a completely redundant drive in place at all times. Next, reload Windows 7 and all the programs. Run updates (over 200 of them) and, from a drive replaced from last summer, get as much data as possible to use as a jumping off point. Done!
Now: Set up Outlook 2010 and configure for the emails. After digging out the server settings, they are there and the “Test Account Settings” are working. Check the Inbox. Nothing. Look in the Sent box. Nothing. Rinse, wash, repeat. Nothing, nothing, nothing. Of course, I checked, double checked and triple checked. Mail was coming in to Outlook, but the odd thing was a regularly sent email would appear to process through and show in the Sent box after moving via the Outbox, but no one was receiving anything. Set one of the accounts up on a separate computer. Same results. Disabled all the security systems in case I had a firewall issue in the new installation that may be blocking ports needed that I had set before. Still nothing. Swirling all around this were other things to get the business back to full capability. The end of the first day, I hadn’t figured it out, but I still believed it was on our end.

Day 2 came and in between the rest of the work to get moving forward, I had time to pick up the phone and contact Network Solutions provider for eMail support, Webs.com. The tech and I checked the settings and verified the account testing built into OutLook was working. He “reset the server.” Told me to wait about 15 minutes, then try again. I did….same results.

Day 3: Convinced it wasn’t me causing the problem, we contacted the support line. This time I went to the web based mail and was able to send and receive mail without problems. After some discussion of the settings, the testing, the POP3 accounts (about 20 minutes), the tech said the email accounts was suspended. Of course I wanted to know why, but, since I wasn’t the account owner, they said they couldn’t discuss it with me. Unfortunately, the owner was out at meetings, unable to get on the phone. I hung up and called later. One of the interesting things greeting me as I began the wait on hold was an announcement that if you’re using the web mail, your server might periodically go down and to try logging back in. Interesting. So not only am I having issues, sounds like someone else is. In this session, the tech told me that the passwords for the email accounts weren’t strong enough (from a security standpoint) and they had to be changed. Good reason to do so anyhow, so I did, following the direction to use at least one capital, one number, and one special character and have a length between 8 and 14. I did so, told the tech it was done and he said he’d lift the suspension, but had to call me and verify the account administrator was who he had been talking with (I had been added to the account by now). I told him I wasn’t at the office (since I had gone home) and asked if he had the number (assuming caller ID got recorded) and told him I wasn’t at the office. He acknowledged, hung up and my phone never rang.
About 20 minutes later, I checked the mail email account for incoming and there was one, saying no one answered the phone for validation. The number listed in the email was the office line. First I went to log back into the management account and a warning came up on the screen saying account management wasn’t available and to try again in about an hour. Seems to me more significant technology issues.
I called and the greeting message was that they were doing an emergency server replacement. This was the global message on the support line, before it even took you to the push this number prompts, so now I sense something is amiss. Add to this that the time from the earlier call to this one was about 4 hours. I gave up, it being about midnight by now.
Got up early, picked up the phone and called the support line, after logging into manage the account. This time there was no warning about the management function being down, so in I went. I will admit I was, let me say, terse with the tech who answered. I rapid fired the problem that began, the steps that had been taken and the dis-connect from the evening before, and added that it was now the fourth day of my client not being able to use the mail accounts, that were paid for and receiving. The answer was the password had to be strong when the scanners checked it, otherwise it couldn’t be unsuspended. I responded that the passwords had been changed last night, then summarized the correct implementation of their guidelines, and clearly stated they had suspended the accounts with no notice to the client, and now had kept him offline for 4 days. At that point she said she would lift the suspension, and it should be cleared in about 10 minutes. She added a warning that if the scanners saw it didn’t meet the specs, it would suspend them (note: automatically) again.
Analysis from my intelligence gathering training:
Network Solutions, for some reason, most likely as another barricade to email accounts on their servers being hacked into, has instituted an automated process to ensure email account passwords meet a minimum security standard. I agree. What bothers me is the client had no notice from them when the automated system injected itself into the process.
Network Solutions was making emergency replacements of servers, telling me either a major physical disaster happened (fire?), or they had been compromised so badly, they had to take them offline.
The observed issue of the notice that if you’re using webmail, you might be logged off, combined with the emergency server replacement tells me the issue happened in the email department.
I did a search as soon as I got off the phone this morning and checking the unsuspension. No indication of a breach at Network Solutions, but…sounds like something happened if a company that size, something happened for sure.

Sorry, Apple People, You’re Just Not That Popular

I know, you think I’m less than smart, but let me assure you, I have some idea what I’m talking about. I began as a wildly satisfied Apple ][+ user many decades ago. While others bought “inferior” computers that hit the market, from PET, Commodore, Atari and TRS-80…well, Atari was the bomb for gaming….I was forging ahead. I moved to the Mac line with a 512K, then an SE, a Mac II, then a IIcx. I learned how to make a computer work for humans because of Apple.

However, here’s the reality. Macs aren’t that popular. I support this by playing into the meme that Macs don’t get viruses, ergo, they are superior platforms. Nope, you have that wrong, but there is the genius of not only Apple, but the evangelized Apple faithful that have somehow missed the point of their lack of bad programmings disrupting their lives at the worst moment, as PC users have come to know and still not love.

Here’s the truth staring you in the face, Apple fanatics: You’re not popular with the people who create viruses, and therefore, you don’t get them. It’s not that your computer is in this uber operating system world, impenetrable by mere mortals out to steal credit card and bank account numbers. I know, in just about every single movie where the earth is saved from alines of environmental disaster, Apples are prominently displayed and used in the crucial scenes. I also know some of you believe that to be the real case.

What’s really up is this: The MacOS is built on top of UNIX, which is very secure, but the face that, depending on the link, the Apple market is about 10-12% and therefore, the effort to infect them is not worth the ROI, on one analysis point. Take the next step: How many Macs are used to manage and handle credit card databases, and large customer files? Pretty much none. Besides taking quite a bit of effort to learn the system inside and out, even if they could find ways in through security flaws, they would most likely find intellectual property, but not something they could make money on, like entire user profiles of banking/financial services, a key set of data for identity theft.

Consider, from a business owner’s view point: If you could set up to serve 87-90% of the market for the same effort to serve 10-13%, with the return per customer the same, which direction would you head? There will be a minnow out there (thank you, Scott Weber!) who gets this answer wrong and insists loudly they are correct, but you all know the right answer to remain viable in the market. That’s why you’re also not infected. Far more ROI in spending your energy developing and working the PC market and the associated Windows based server farms. Not to mention, Apple made a run at the server world and built a very cool piece of technology, but like Beta tape, the public went for the lesser versions in the PC based systems using LINUX and Windows.

That all being said, there are those, because the Apple market share is growing no doubt, who are taking up the challenge to infect the Apple Faithful. You’ve been spared due to not being attractive (I’m not talking the aesthetics of the device design, but the ugly fact that Apples aren’t used to conduct serious financial business). That’s my tough love for you. Some are coming after you and the good news is you can now enjoy virus and malware protection as we PC users do.

Now let me, after turning your meme upside down, drop it on (your) its head: If the MacOS doesn’t get viruses, as some smuggly post to Facebook, why, pray tell, would giant anti-virus companies have software on the market to provide anti-virus for the MacOS that doens’t get viruses? Oh, yeah, it would be a very silly and costly idea to serve a market that has no need, right? Software costs money and then, as any product has to return some what of a profit, or it will be dropped from the company offerings for failing to add to the bottom line.

Check this Dogpile search out: Looks like Symantec, ESET, Norton and Webroot, Avast, AVG just to name a few “small” companies trying to sell something “real” Mac users don’t need.

I’m hoping this dose of reality spurs the Apple faithful to break down and admit they have been a tool in the greater Mac propaganda machine, but then get online and download an appropriate software package to protect themselves. Speaking as a complete PC/Windows user for all my own (too) many computers, it’s a pain to get them, I have two layers of anti-malware/virus on all my systems, just to practice as much safe computing as possible. I encourage you Mac types to do the same. I see the helplessness in people’s eyes all the time, when they have contracted such an infection. Trust me, you don’t want to feel that way, let alone missing your working hours while I or your Mac tech (who should have already advised you to get software – if they haven’t, send them this link so they can be better providers for their customer base) conduct the technical exorcism rites.

If you need help in getting protected, contact me and let’s get you into the real world you actually live in.

Virtual Reality (VR) Coming to Your Life Sonner than You Think!

Virtual Reality, or “VR” for short, is coming on fast. I’ve been engaged in watching it for many years, and in the format of head mounted displays “HMDs,” I first experienced one about 1996, where the world around me was filled with flying dragons and you had to spot and shoot them before they got to you. Cartoonish by today’s standards, but I got the experience of wearing it and considering the usefulness and applications to come.

In March, Facebook bought a successful Kickstarter project, Oculus Rift for $2B. The foundation of VR has been the simulation and gaming industry, with applications in the engineering the medical field.

So why is Facebook interested in a gaming device? From Dice:

“In the longer term, Facebook could attempt to build a virtual reality, one in which users interact with each others’ avatars amidst a digital landscape, rather than via a newsfeed or postings. In theory, that sort of simulacrum presents some prime opportunities for advertising: imagine all the digital billboards and wall-ads that Facebook could sprinkle around a virtual city.”

Think Star Trek Holodeck, minus the tactile input of feel. Now consider the applications that may flow from that, when a very capable HMD is in the sub $300 range.

Here’s the conditions to look forward to: If you think it’s rude now for a group of people in one place to all be nose first in their smartphones, get ready to walk into Starbucks and see 5-6 people at the bigger common table, laptops open and on, and they all are interacting in a virtual world, while sitting next to each other.

There will be exciting uses, like going up the Eiffel Tower with friends, when you all aren’t in the same place, and certainly can’t afford the time or have the money to go there…or NASCAR races, or hiking trails in the Grand Canyon.

As with any technology, there will be appropriate and effective uses, and then someone will turn it into an obsession and amplify the angst we have over being present and not being there when we are physically with others right next to us.

You heard it here. It’s going to be part of our worlds. It’s been driven by the gaming community and then other industries will piggy back on what solutions were put in place. As a side note: The graphics card market, that is an essential piece of the puzzle, also matured as a demand from the gaming community, to get closer to virtual environments being very lifelike in look and experience. Expect the business world the pick up the banner and apply it to meetings, or distance learning, or project construction reports, with this being a path to further develop augmented reality, too.

“Steering the Ship:” The Watch Officer

In the first of this series of posts, I discussed the purpose of the Navigator, relating it to the planning of a the journey where the ship will need to be steered, and also as a function that constantly measured the progress against the plan.

This post is a discussion of the Watch Officer, which would be the term used on a merchant vessel, or on a Navy ship, this would be the position titled the Officer of the Deck (OOD). I’ll use these titles interchangeably with this added distinction: On a Navy ship, there is most often a Junior Officer of the Deck (JOOD) on duty as well. Quickly, the JOOD is there for two reasons in most all cases: They usually are the one that has the “Conn” (the authorized person who can issue rudder and engine orders legally). They are under the direct supervision of the OOD and are in a training mode to learn the skills of managing a ship at sea. Don’t lose that point in your organizational plan, even when the merchant ships economize down to one Watch Officer.

From the moment the vessel begins the voyage “taking all lines in from the pier and are legally underway,” the watch officer is continually stationed on the bridge until the vessel is anchored or moored. There is but one person assigned and it is a formal process of shifting the watch to the next person on duty and it is entered into the Ship’s Log.

The OOD is an experienced officer qualified by the Captain to perform this duty. In the merchant Marine, it is a licensed position, in the Navy, a formal letter of designation is entered in the Officer’s personnel record, indicating the authorization to stand this watch. In the Navy, despite any one captain signing such a letter, if there is a change of command, or the officer transfers to another vessel, they must have a new letter signed by the current captain, in order to stand the watch.

Here’s the function within your business: This is your Office Manager. The Office Manager, or in the case of the analogy, the WO/OOD make the moment to moment decisions that affect the “steering of the ship.” Whether they make a course correction, call down to Engineering to make sure the hot water heating in the berthing compartments is being repaired, or if to rig the decks for heavy weather, they are the on station eyes and ears of the person ultimately in charge.

This Officer is the one, in this case with a very formal legal authority, who can issue orders to the people who actually affect the steering of the ship. No one else can, or if they do, they are to be ignored by the person directing them, who does not have the “Conn.” Even when the Captain desires to directly override the steering of the ship, which I witnessed once, even the Captain must make a formal announcement of taking the Conn and it is also entered in the official record.

Is your Office Manager in a similar position? Have you granted them the autonomy to make sure every little detail is, in fact, directed and carried out with accuracy? Do they keep tabs on all of the operations to ensure the seamless management? Do they check with the assigned work force, or subcontractors to make sure the project plan is on track? If things are not happening correctly, what do you have in place to ensure you are contacted?

Captains have “Standing Orders.” Think of these as a set of policy notes, with the responses to circumstances that can be foreseen happening, both in good and bad circumstances. On a ship, it may be: If the baraometer drops more than X milimeters per hour, notify me. If someone is injured, notify me. If you sight land when it is not expected, notify me.

What things in your business do you want to be notified about, and in what manner? What if an employee in a company vehicle is in an accident? If a customer calls to demand a refund? The accountant calls and says the bank account is out of balance? Even if you work in the office with the office manager, there may be issues you desire to be informed about, and if you indicate this in your policies, whether you are in the office, out of the office, at lunch, or on vacation, it will be clear what you want to know.

Not only in a negative way, your policies can also be a platform for indicating, not only to the Office manager, but the entire workforce, who has what authority to make crucial decisions, either when you aren’t reachable, or at all times. From a legal standpoint, this clarifies all sorts of things for those unpleasant moments as well, when you may have to consult your lawyer. Obviously, it’s best to have such policies so everyone knows what to do, rather than, at the least, having a work stoppage, or at the worst, a major issue that goes unaddressed so long it endangers either the business or the reputation of the business.

Summary: The Watch Officer is always there, like your Office Manager, ever vigilant and the routine voice to keep the operation on track, and with that comes tremendous responsibility and accountability.

Back to the JOOD: If you believe you have to either build redundancy into your operation, or as someone news retirement, putting the JOOD “on the bridge” allows the experienced voice of the OOD help train them. The JOOD is an internship position. Use it effectively to make sure the business can continue.

The Watch Officer/Officer of the Deck don’t steer the ship, either, but they have the voice to make it happen.

“Steering the Ship:” The Navigator

Preface: Just this past week, in a training seminar, I heard the leader say: “I’d like to be the one to steer the ship.” The context was regarding being in charge of things in a business.

It grates on my nerves, knowing it has its place to connect the analogy with business, but as part of the day’s instruction, the discussion of moving from the “one person band level” to being the one who conducts was an important message. “Steering the Ship” is about being in total control, ergo, my view is it puts you mentally right back into the “one person band arena.”

For readers who have upper level management experience, this won’t be a good read, unless you’re trying to help someone that works with you get on board, and you haven’t found the way to get the light bulb turned on in their head.

For those without the life experience, and are intent on not being their business (you’re it!) forever, yet creating a structure that operates well under all circumstances, I hope this will gives you some understanding, ideas, or just plain coping skills to be the one not “steering the ship,” but being in charge of that process effectively.

I got involved in teaching in 1972, and have done it extensively in one-on-one environments, and also with up to 200 people in the room. Along the way, I found the understanding of training psychology (I’m no degreed expert, but I’ve been taught some and self-studied more, as well as practiced it) accelerates the process of a student reaching understanding, and in most all cases, finding a connecting, effective analogy turbo-charges the situation. Caveat: You need to have a comprehension of both ends of that analogy you put into play, where they come from and the one you are using to connect the dots.

Having also sat on the other side of the instruction/training equation, and finding how it helps me quickly grasp the topic makes it one of my “go to” techniques in most cases.

I can document 9 years of professional experience as assigned to sea duty on vessels where there is a person steering the ship. Across 20 years, I worked for, or evaluated Captains, or trained Captains and their crews. This is my hands on, in the trenches view of “steering the ship.” Hint: It’s not the Captain.

This will be presented in a series of posts, connecting the dots on the players involved, so you can see how it applies.

On to the main message:

The Navigator

If you delve into looking to comprehend the story of a ship as a valid the analogy of building a business where more than one person is involved in the running of it, there are plenty of lessons there in how that process runs. Make sure you get the best understanding by understanding things you can know about life aboard ship, so you may properly apply them to your personal plans and methods.

At a top level, a vessel at sea has some great applications to a business. It gets there, but it is way slower than a jet and has circumstances that change along the way, over days, if not months. It relies on internal and external equipment, communications and collaboration. That involves relationships with people, more importantly the “command climate” that is the over-arching philosophy which determines the decision making and attitudes of those involved.

Of course, it all begins with the Captain directing that a voyage occurs, but I’ll begin with by discussing a vital position that makes this all occur.

On the way to the destination, you need to plan the route. That route will almost never be a straight line, and it has to be carefully constructed, with deliberate effort to ensure you avoid the shoal water and other hazards that lay between you and your destination and which “aids to navigation” that will be used to tell you where you are, so you can get where you plan to go.

Who is assigned to do this? Your Navigator (I did that for a three and a half years, directly, as well as it being a professional skill necessary across the time in the career). Think of this as human in the analogy your set of plans: Your business and marketing ones specifically.

The Navigator is responsible to the Captain to gather the most current charts, port data (departing and arriving ports), tide and current data for the days when you will be leaving and arriving. In addition, the Navigator is the one who gets the weather forecasts together for the anticipated days of the journey.

While the port data is, for all practical purposes, a fixed value, and the charts, if they are in fact, updated with the most current information, are solid facts to make plans on, the tides and currents inject some uncertainty, but are generally accurate, having been analyzed by harbor pilots over the ages. The largest uncertainty, will be the weather.

The type of weather, and importantly, the size and type of your “vessel,” will determine the parameters of “acceptable” when discussing the weather you will face. Consider this determination much like the size of your business within your market place, what you must do to get to your destination, and the ability to forecast the actions and operations of the competitors, as well as supporting businesses (they are there now, but will they be tomorrow or next week?). What’s that “climate” on any given day, let alone what can you count on for tomorrow to be like? So, in this commentary, it is much like the weather, which you can make some reasonable determinations on to help improve the chances for success.

The Navigator then plots out the course on the chart, creates a voyage plan, which has some specific times to make turns, change speed and courses to get you where you want to go.

If you consider the proper construction of your business plan (and marketing as a separate one, if it’s not an embedded part of the business plan) there you have the concept: Plan it out in advance. This is your virtual Navigator.

I know you know this, but, have you ever just rushed out, thinking your mentally constructed, not written down plan was all you needed? Yes, some mariners have done that, too, and you can google up many, many stories on maritime disasters and investigations that tell the grim story of the unfortunate outcome, complete with the quotes of regret “I know I should have spent more time studying and planning this!’ being very common. It’s not to say it can’t happen and everything will be from “fine” to “AWESOME!” but you can’t count on it. A plan for your voyage give you a better idea by beginning with a destination (worthy of going to!), the milestones along the path that get you there safely, and a far more likely outcome of repeated success.

As in business, a voyage plan never ends like it was laid out to be. How much differently it will look like at your destination is somewhat under your control but some of it is not. If you are armed with this understanding, then you can have “pre-planned responses” for two things:

  • How to keep a measurement system in place so you see you’re leaving the planned voyage route right away;
  • A structured method to update the plan and implement the corrective measures.

What can change your plan? The open ocean currents and weather shift and are not affecting you as you planned. Might be a head wind, and strong current when crossing the Gulf Stream you maybe didn’t make a detailed enough plan for in the computations (or you did and it’s not what the forecasts predicted). You may get an S.O.S. message, or see another vessel you pass which needs assistance, and all of this either slows you down, or pushes you off track, to a small of large extent. How do you react?

If you realize you are off track early (because you have a cracker jack bridge watch team (to be discussed later in the series), using the required “best practices” to help you know this quickly, then you have a small correction to make. It may be as simple as speeding up (maybe even slowing down…) a bit to compensate for the next time frame (in your real life, that may be you stay up and write the catch up words for your KPI Million Word Challenge commitment). It may be a full blown re-evaluation of the plan you began with.

Like in all endeavors, the subtleties and nuances of what really happens is in the details. Navigating across large expanses of an environment require thoughtful effort to reduce the chances for mistakes, or failure to the minimal amount. Your plan causes you to lay out what you want to do and know where your strengths and weaknesses are, so you can plan accordingly, be in in resourcing, or measuring, or employing more help, internally or externally, for the support necessary to get to the destination.

And, to wrap it all up: The Navigator, as told by the Captain, has to know where the end point is that needs to be reached, and, if there are port visits along the voyage, or special considerations (VIP guests will embark for the trip, you won’t get paid unless a certain cargo is delivered be a certain date, etc), This is my entreaty to make you think of the end destination, before you plan to sail beyond the mouth of the harbor, and actually, not even leaving the pier without a plan and what’s necessary arranged is in place, and understood by those who will accompany you, or be supporting the journey.

And neither the Captain nor the Navigator “steer the ship.” Stay tuned!

Malware and Virus attacks get more “life-like”

I spent a few hours pulling a serious malware infection, actually a set of 8 different ones, off a client’s main system yesterday. He contracted the mess at 5:40 PM last Monday.

My contention os these attacks are getting more “life-like” is based on the manner in which he identified the moment of problems: He has a major customer and he ships mountains of product to them via UPS. On Monday afternoon (consider what else was going on in the Post-Christmas days and UPS), he received and email indicating an updated delivery status for his UPS shipment. His comment was it appeared to look very much like others he had received via the major customer, so he clicked on it. He said it didn’t have fancy graphics, but it certainly was a detailed looking email, not a one liner with a link.

It also reminds me of the 1-3 emails I get a day into one of my other blogging emails that obviously some scraper picked up off that site. They tend to be advertisements, but they are mixed in with emails that are my accounts at (fill in the banking institution) suspended, blocked, etc. Some of them actually are all dressed up with HTML graphics layouts, too. I stay away, but then I deal with this daily. For others, like my client, when one comes that makes sense to their work flow/life/personal business/social networking, there is a likelihood they will allow the malware in, and their firewalls may not stop it.

For the user: You have to be wary of things that look kinda true , but something still tells you it’s not kosher and look closer before clicking.

Be careful out there and practice safe computing!

For you techs, looking how to get rid of this:

Anyhow, it really embedded itself within his system, flagged as a Win32 password stealer by Microsoft Security Essentials. The good news, in early Tuesday, I convinced him to take the rest of the year off and reward himself for a great year, and I’d be over Thursday morning (since the malware would allow a network connection for a few moments, then cut it off, so a remote session was out of the question.

I used MalwareBytes, Microsoft Security Essentials, Kaspersky TDSS Root Killer and old school digging through the entire registry, after seeing the names in the user appdata roaming and local files under nonsense random lettering named .exe files and folders.

I called this one a “repeater,” as MSE would identify it, clean it, then it would fire itself back up about 30 seconds later. I would see 8 different start up program listings named BitNefender 2016, turn them off, and they would be back, activated in the next reboot. Interestingly enough, searching for that name in the registry never found anything, even after several tries.

It was the searching for the keys and values in the registry and manually deleting them) that, in combination of the MSE and MalWareBytes scans that finally got things working normally, including restoring a constant network connection.