On Friday May 12, 2017 we were notified by Infrastructure Engineers that a massive global attack was underway which had already infected hundreds of thousands of computers and servers worldwide. This attack was known as the WannaCry virus and it targeted a vulnerability in Windows-based operating systems by encrypting the contents of a hard drive and any shared drive that computer was provided access. To decrypt the contents and return the hard drive back to a normal state, users were presented with a message demanding a ransom payment in Bitcoins, a virtual online currency that is difficult to trace.
Microsoft had recently released a patch to secure this vulnerability, which we had scheduled to deploy with our next patching cycle on June 11, 2017 after validation in our labs. However with news of this attack and following the recommendation from Microsoft Support and our Infrastructure Engineers, we acted swiftly and began the patching process of our external perimeter servers, considered to be at the highest risk of being targeted. By the end of the day Saturday May 13th, our exterior perimeter was secured in our production environments. We continued the process Sunday May 14th to secure our Disaster Recovery sites and by the end of the day Monday May 15th we completed the securing of our desktops, internal application and database servers. Following these actions, we can confidently say that all servers have now been secured in the iCarol infrastructure against the WannaCry virus.
Guidance for our users
We advise all of our users to be sure you stay up-to-date on browser and operating system updates on your machines. If you are running a Windows-based operating system please be sure to run the latest updates (Control Panel > Windows Update > Check for Updates) to make sure you pick up the latest patches and protect yourself from WannaCry and other viruses.
We take our role as stewards of your data, including sensitive information about the people you serve and the important work you do, very seriously. Should you have any questions about system security in the wake of the WannaCry Ransomware attack, please do not hesitate to reach out to our Support Team.
Apple’s QuickTime program enjoyed a long run as one of the most popular plugins used for audio playback. It was recently announced, and confirmed by Apple, that they will no longer support the program for Windows users, due to security vulnerabilities.
Our Messaging users may recognize QuickTime as it relates to the sound effects associated with new incoming chats and arriving messages. Earlier this month, iCarol replaced audio playback with HTML5 Audio Elements. Now, no plugin, including QuickTime, is required to hear the sounds associated with iCarol Messaging *, making our Messaging services even easier to use and implement.
We understand that many reputable sources are strongly urging consumers to uninstall QuickTime due to the security vulnerabilities. We suggest consulting with your IT professionals at your center for guidance and assistance with that process should you choose to take action. We’re committed to providing the safest, most secure systems for our users, so you can rest assured that when you uninstall QuickTime you’ll experience no loss of usability or other negative impact to your iCarol Messaging program.
If you have any questions about this, please don’t hesitate to contact our support team.
Speaking of sounds, we are also considering updating the sounds that iCarol plays when new conversations and messages are received. We would love your feedback and ideas so watch our blog for that discussion coming soon!
* Internet Explorer 9 and above requires a Windows Media Pack to play the files we are using for chimes as native HTML5 Audio.
A user’s security level controls what they can see and do while signed in to iCarol. There are five basic security settings you can assign to any user, ranking from least capabilities to most they are: Trainee, Standard, Enhanced, Supervisor, and Admin. In addition to this overall security setting, there are many different Advanced Security Settings that you can enable for an individual user that allow for more customization for that particular user’s capabilities.
When Admin users first sign in to iCarol, they see a unique dashboard. This dashboard shows information that is mainly useful just to those who have this highest security permission, such as access to the iCarol User Community for networking and communication with other Admins worldwide, and invoicing and subscription information, for example.
One feature of that unique dashboard is the ability to see details on the current version of iCarol being used, and information about past and future releases and what functions those releases include. This is information that is helpful to all users, both non-Admin and Admin alike, so starting with our next release, tentatively scheduled to occur on April 4th, non-Admin users will see information about release history and future release plans on their own dashboard when they sign in.
This will help educate and inform users about the release process and will prepare users for visible changes they may notice in their systems. By providing this information directly we hope it will reduce the number of inquiries Admin users will receive from their staff and volunteers who are assigned lower security levels. In fact, in many centers there are very few people with an Admin setting, and in some instances of large networks, there may be no Admin users on site at a particular organization location.
We hope that by having access to this information, all of your users will be better informed about the iCarol system they are using and what changes they might expect to see, simultaneously reducing the need for Admin users to field questions about these changes. If you have any questions about this change, please contact our Support Team by opening a case.
Digital security is an important component not just for your office but for your home network as well. In the past few months there have been some staggering revelations of security breaches and vulnerabilities, probably greater in magnitude than all of computing history combined before it. Heartbleed, Target credit cards, the NSA just to name a few biggies. It’s getting more dangerous out there… Here are some tips I would suggest you follow on an ongoing basis to protect your digital security at home.
- Only use WPA2 encryption on your home wifi network. It can also be known as WPA2-Personal or WPA2-PSK. For more information you can check out this website
- If your access point supports having an unencrypted “guest” network in front of the DMZ, that is fine too. The DMZ keeps unauthorized traffic from your internal, encrypted network.
- Keep your router’s firmware up to date. Annually is probably sufficient. This makes sure any newly found vulnerabilities, coming both from your internet connection and over your wifi, that have been patched will be in place to protect you.
- Always keep the operating system on your computer, tablet and mobile phone up to date. You may think it is just cosmetic changes but they almost always have important security updates too.
OS X: Updating OS X
Update an Android
Update your iPhone, iPad, or iPod touch
- The most secure major web browser to use today is Google Chrome, partly because it is based on an open-source rendering engine, but also because it gets more frequent updates than some of its competitors
- Of course, always run antivirus software. My favorite for years is the free version of Avast. They will try gently but repeatedly to get you to buy the paid version but the free version is sufficient for most home offices.
- Windows Defender protects against spyware/malware (integrated in later versions of Windows)
By following these tips you can better ensure that the activity on your home network is safe and secure.