Irish Environmental Technology

Standard

They say everything is bigger in the United States. Cars, food portions, the list goes on. In many ways, these are true statements.

One thing that has really stood out to me over the last week here in Ireland, is how much bigger and better environmental technology seems to be.  Especially compared to the US. As good as we are, at so many things, we also seem to lag behind many other countries in areas I would expect us to be better.

Here are some examples of prevalent environmental tech across the Emerald Isle.

Automobiles – By and large, they are smaller than in the US. Given how narrow some of the roads are, this is not a bad thing at all. However, more so than their size, it’s their environmental features that stand out. Most vehicles are diesel and diesel is generally less expensive. You find it at every petrol station. What I find most impressive is that the Diesel engine shuts down whenever you stop, saving fuel and emissions. As soon as you take your foot off the brake, the engine starts. It makes a ton of sense.

Hot Water – Hot water systems in many houses and apartments are optimized for utilization. For example, at the apartment we are presently staying in, the hot water system heats overnight so it’s ready for hot showers in the morning. It’s calibrated to deliver two hot showers a day. If there are more than two showers needed, you simply press a “boost” button to deliver enough hot water for one or more additional showers. It’s far more efficient than keeping a water tank continually heated 24×7.

Wind Farms – Many of the power plants I have seen also have wind farms on their grounds. Makes it hard to make the argument that the wind turbines are unsightly when they are standing alongside the large buildings and stacks of a traditional power station. I have also seen a number of free standing wind farms and they don’t look at all out of place or imposing.

Switchable Outlets – Every wall outlet I have seen has a switch adjacent to it.  When you plug something in to an outlet, you have to also switch the outlet on for it to deliver power to what’s plugged in. This helps conserve power by stopping the trickle effect where most devices draw even a small amount of power when plugged in, even if the device itself is off.

Solar – Many buildings have small solar panels on them to help reduce their reliance on the traditional electric grid. This is an area we are doing considerably better with in the US as well.

Food and Agriculture – Ireland has a rich farming history and that history has laid a strong foundation for continued local sourcing for the food supply. What I noticed, almost immediately, is that chicken is quite different from at home. My son loves wings and orders them whenever he can. The wings in Ireland are like they were when I was young, not the enlarged ones we see in the US now. That’s because these are truly free range chickens and there is considerably less fat and less waste because the portions make sense.

Air Quality – Other countries are generally considered to be far more accepting of smoking than the US, but I would contend that is not the case in Ireland. Smoking is clearly prohibited in nearly every building, private and public. Coupled with other initiatives around emissions and other air quality concerns, Ireland is a leader, not a follower.

Water Conservation – Most of the toilets in Ireland have two flush settings.  One that uses less water, for when there is only liquid waste to flush and second setting to use more water, when flushing solid waste.  I have seen this in the US, but very sparingly.  It’s fairly widespread in Ireland and keeps water conservation front and center and for everyone.

Advancing environmental technology is a national priority in Ireland. All aspects of technology seem to be front and center in terms of educational opportunity as well. I have seen numerous advertisements that encourage students to pursue technology education.  Ireland seems to be doing a much better job training their workforce in technologies for today and the future. As an example, I came across this government statement that seems to capture he national call to action: “The Government’s Strategy for Science, Technology and Innovation (SSTI) has set out a vision to make Ireland internationally renowned for the excellence of its research and to be a leader in using new knowledge for economic and social progress.”

I’d say that’s not just an impressive vision, it’s a reality taking shape in a small country on an Emerald Isle that has called upon the entire world to embrace green technologies for a better future. Well done Éire!

Today is Flag Day

Standard

usa-american-flag-gif-8

June 14 is flag day, a day of national pride for the Stars and Stripes, our dear Old Glory.

“That the flag of the United States shall be of thirteen stripes of alternate red and white, with a union of thirteen stars of white in a blue field, representing the new constellation.”

As resolved by the Continental Congress on June 14, 1777.

This flag was carried into battle for the first time on September 11, 1777.  Today’s flag has fifty stars on that same blue field, representing the present fifty States of these United States of America.

In perhaps a sad point of irony, my family has personally flown the flag on our home every day since September 11, 2001.  I had not realized the connection of the date until today.

There are several claims to the origin of Flag Day.  Today’s date, June 14, became Flag Day by law after Congress approved the observance and then President Harry Truman singed it into law on August 3, 1949.

Happy Flag Day!

 

Honoring Memorial Day

Standard

MemorialDay2017

When I was kid Memorial Day was always a long weekend to look forward to.  A trip to the lake to open the camp for the summer, parades and cookouts.  While the meaning of the day was known, it didn’t really resonate in the mind of a child.

As an adult, Memorial Day takes on its true significance.  While I have never had the honor to serve my country, I have the utmost respect for those who have and understand that today is about remembering those who have served and paid the ultimate sacrifice, whether in combat or years later as a result of their service.

A friend of mine, who is a veteran, posted a very heartfelt comment on his Facebook timeline this morning that sums up the day well.  He said that today is not a “Thank you for your service day.”  Rather, he contends, “It’s a day of remembrance and mourning.”  As I think back on all the years of parades and taps being played at the local cemetery, I understand and appreciate his words.

I know veterans of almost all the conflicts from World War II to the present.  I know veterans who have survived and veterans who have not.  I know veterans who have died decades later from disease caused by combat exposure.  I know veteran’s who survived the Allied invasion of Europe and I know their children, in some cases named after their friend and brother in arms, who died beside them in what could only have seemed like hell on earth.

My Dad was a humble member of the greatest generation and a veteran of WW II.  He served in the Pacific theatre with the US Army Air Corp, though he did not see direct combat.  I have aunts and uncles who served in that same war, as well as the Korean War.  I have cousins and nephews who are veterans and actively serving.  My father-in-law and his father before him, are career US Army officers, serving in WW II and the Vietnam War.  the legacy of service is strong on all sides of my family and I am grateful to each and every one of them, as well as to all veterans, who served to defend this great nation and all that it stands for.

I also can’t help but think how disheartened many of them must be with the current state of affairs in these United States of America.  I am not piling on to the popular political narrative, rather I am talking about the deep divides that dig at the very soul of our country.  After all that these brave veterans have fought for, I will never understand how it is acceptable to attack one another, physically or verbally, the way it is today.  The only comment I will make about politics, is my disgust with both parties, at how they put party and personal gain ahead of what is best for the people that elected them.  On this Memorial Day, I hope all of our elected officials will take pause and consider what these veterans, whom we have lost, would think of their actions and their rhetoric, when contrasted with these veterans service and sacrifice to the ideals of this great nation.

Today, I think about all of them with my most humble gratitude and respect.  The pride I feel for those I know who have served, is not easily communicated in words.  My sense of loss for those who are no longer with us is felt most for my family members, though not without equal compassion for those who are mourning their own losses today.

So as my friend closed his post today, “Either way stop and take a moment to remember the men and women that gave their lives so you could enjoy yours.”

Take Latest Ransomware Outbreak as a Warning

Standard

The following article was published in today’s Seacoast Online and Foster’s.

If you have read or listened to the news the last couple of weeks, or read my blog at mjshoer.com, you know there was a massive ransomware outbreak May 12. This has been widely reported as the WannaCry outbreak, this being the name of the ransomware that spread around the world, hitting companies in 150 countries, impacting hundreds of thousands of computers.

This was described as possibly being a cyber weapon of mass destruction, due to the speed and scope of the attack.

First and foremost, understand what ransomware is. It is a form of malware, malicious software hackers install on your computer to carry out a larger task. In the case of ransomware, this larger task is to encrypt all the data your computer has access to. Encrypted data is unreadable unless you have the decryption code. Encrypted files appear as an ongoing string of random characters, scrambled to protect the data it has encrypted. Without the corresponding decryption key, the data is useless. Ransomware holds your data hostage by encrypting it and withholding the decryption key until you pay a ransom to the hacker, commonly paid using the virtual and untraceable currency Bitcoin. This makes it extremely difficult, if not impossible, to track the attack to its source.

The WannaCry outbreak was unique for several reasons. Perhaps of most concern, it appears to have been based on a top secret hacking tool developed by the National Security Agency to spy on adversaries of the United States. The code for this tool was supposedly stolen by a hacking group and posted online, allowing hackers all over the world to see how the tool was designed and how it works. A phishing email was then crafted, targeting users of computers with a specific known vulnerability that had been discovered in March of this year. By scanning the Internet for computers with the vulnerability left unrepaired, the hackers had a rich set of targets.

Users were tricked into opening an attachment or clicking a link, which downloaded the malware onto their computer and began encrypting their data. Another unique element of this attack was that it also acted as a worm, spreading itself from one computer to the next within the same network without any other user needing to do a thing. This contributed to the rapid rate of infection seen that day.

In other words, one person inside a company needed to fall for the phishing email and click the bad attachment or link. Once they did, the hacker’s malware was installed on their computer and installed itself on any other computer with the same vulnerability on the company network.

This is why organizations like England’s National Health Service, FedEx and Spain’s Telefonica saw massive infection that required them to shut down computers in some cases for multiple days until the infection could be purged.

What’s worse is that it was preventable. The flaw this hack took advantage of was fixed March 14, yet nearly two months later, the impact was massive. Interestingly, the impact was worst outside the United States. What this says, which is a good thing, is that in the U.S., most companies regularly update their computers with important updates. This contrasts with the rest of the world, where updating computers is not nearly a high enough priority. This attack proves this.

Ransomware succeeds by tricking a user to open an unsolicited email containing an attachment or link. It amazes me we are still combating this today, as this is a well-known attack vector and perhaps, the easiest to defeat. Education and a little patience is all that is required.

The European Cybercrime Centre has a list of do’s and don’ts related to keeping yourself self:

Do’s

  • Update your software regularly. At the very least, install all critical and security updates. If in doubt, install all available updates to keep your computer’s operating system up to date and safe
  • Use Anti-Virus and Anti-Malware software. You should also be sure to keep your computers software firewall enabled at all times.
  • Browse and download software only from trusted websites. Avoid sites that offer paid-for software for free, including driver update sites not run by the actual hardware manufacturer.
  • If you keep any data on your local computer hard drive, be sure it is regularly backed up, ideally to the Cloud.
  • If you become a victim of ransomware, report it to the FBI. This helps it track outbreaks and when the opportunity presents itself, get the bad guys.
  • Check www.nomoreransom.org if you get hit. This free site, supported by various law enforcement agencies and private industry, may help you recover from an infection.

Don’ts

  • Don’t click on attachments, banners and links without knowing their true origin. What may look like legitimate files, banners or links, may not be what they appear to be. Hovering over the link is one way to check the URL to see if it is legitimate, but it’s far better to manually type in a link to your browser, instead of clicking a link in an email.
  • Don’t install mobile apps from unknown sources. If someone sends you a link to a mobile app for your phone or tablet, don’t click it. Go to the app store and search for the app there to check its legitimacy and install it. And don’t install or run unknown software.
  • Don’t take anything for granted. Verify everything. Confirm with senders they meant to send you any attachment or link. Verify SSL connections by checking the padlock icon to be sure it’s issued to the site you are on. When in doubt, make a phone call before you act.
  • Have you installed software to get free TV or movies? Think twice. It may be stealing data from your computer. Kids fall victim to this far too easily.
  • Don’t pay out any money. This just encourages more hacks and does not guarantee you will get your data back. One of the positives from this latest outbreak was that not much was actually paid out, considering how large the impact was.

I hope this information helps clarify what happened, why and how. More importantly, I hope these do’s and don’ts will help keep you safe from any future outbreaks.

The following image shows a screen shot of the Norse attack map.  This map shows real time intelligence on active cyberattacks taking place around the world.

Norse Map

It Was All Preventable

Standard

The WannaCry ransomware outbreak that has dominated new cycles since Friday was preventable.  I’m hoping this will be my last post on the subject, pending any potential developments.

The attack took advantage of a vulnerability in the Microsoft Windows operating system, which was patched on March 14, 2017.  What that means is that Microsoft was aware of the vulnerability and issued an update to fix it.

The problem is that hundreds of thousands, if not millions, of computers were noLockt updated with the patch.  This is really inexcusable.  While it’s true that in the past, and probably in the future, some patches have caused unexpected problems, the percentage of this occurring is relatively low.  The risk in not applying a patch due to this fear, is considerably high as evidenced by Friday’s outbreak.

Another factor that contributed to the success of this attack is the number of unsupported operating systems still in use at businesses throughout the world.  Windows XP and Windows Server 2003 were specifically targeted.  Yet another factor is that only one person within a company needed to initiate the attack.  Once activated, the attack spread across computers in a worm like manner, not requiring additional user intervention to continue spreading.

In my business, we will not support a customer who refuses to replace obsolete and out of support hardware and software, for this very reason.  The risks are simply not justifiable.  I also believe in a layered approach to security, not simply relying on a single line of defense to protect you.  Firewalls need to do more than just port forwarding and packet inspection.  The need to employ advanced services that help safeguard the network against ever changing threat vectors.  Innovative technologies like Cisco Umbrella are becoming a critical layer of defense.  Umbrella is a DNS service that inspects all calls to the Internet and blocks malicious traffic and sites.  An adaptive anti-virus and anti-malware solution that updates in real time, as opposed to downloading daily updates is another important layer of defense.

While Friday’s outbreak appears to be contained, the code has been widely distributed.  This means copycat attacks are a strong possibility.  The sky isn’t falling, but neither are you living inside of Fort Knox.  Don’t let down your guard.

There are some reports emerging last night and this morning suggesting that hackers linked to the North Korean government may be behind this attack.  At the moment, the evidence is not definitive and based on comparisons of past attacks that have been tied to these groups.  It may take months before we definitively know who was behind this attack.

Mid-Day Monday Update: Global Ransomware Attack

Standard

As of mid-day Monday, May 15, 2017, the second wave of the global ransomware attack that began on Friday, May 12, 2017, does not seem to have materialized.

Unless you have been completely disconnected from the world over the last 3 days, you have heard about the WannaCry ransomware outbreak.  While a kill switch was activated on Saturday, experts remained concerned that a second wave would still hit this morning, when millions of workers came back to work and turned on computers that have been offline.

It does appear that this has happened in Asia, though Europe, where the attack began, seems to have stabilized.  The United States seems to have endured the least impact from this latest attack.  Most sources report that over 200,000 computers in over 150 countries have been impacted.  Given that there are just under 200 countries in the world, this has hit just about everyone, everywhere.

The UK’s National Health Service was the most seriously impacted on Friday.  While they have stabilized most of their systems, they are still reporting, on their home page, that some services remain suspended, though any critical care remains fully operational and people should not hesitate to go to their local emergency center.

Companies from FedEx to Nissan are reporting severe impact, though most have been able to maintain business operations despite the attack.  China and Russia have both reported some serious impact from this attack, which spared no one.  While Europe is still recovering from the attack, with some companies remaining shut down while the infection is cleaned up, the attack was mostly active in Asia, as workers returned to work and powered up their computers that had been off since before the first reports from Europe began emerging on Friday.

What is most troubling is that this attack was preventable, if people had installed a patch that was released in mid-March.  What this attack has clearly shows is that the US is ahead of the rest of the work in being proactive about installing updates to computer systems.  It also showed that while some household name large organizations were hit, in some countries, it was primarily small businesses who got hit.  This confirms a significant fear that I have long had, that most small businesses do not proactively manage their IT, thereby making themselves more at risk than those that do.

It’s best to remain on high alert and exercise extreme caution with email messages containing links and/or attachments.  I suggest verifying with any sender you receive links or especially attachments from.  This attack appears to have spread through an attachment that recipients opened.  Instead of clicking on links in email, retype the link in your web browser, or go to the home page of the site and navigate to the page the link wants to send you to.  If a link has been compromised or is masking a malicious link, this is one way to try to avoid the malicious intent.  The bottom line remains to click or open as little as possible.

The European Cybercrime Centre, Europol EC3 has released an excellent tip sheet on avoiding ransomware. Download and share this helpful tip sheet with everyone you know.

Europol Infographic

Global Ransomware Outbreak

Standard

By now, you have certainly heard about the massive global ransomware outbreak that began yesterday, Friday, May 12, 2017.  In what is being called the biggest ransomware outbreak in history, organizations in more than 100 countries were infected with this cyber WMD.

There is some good news to report this morning.  A cyber researcher known as “MalwareTech” uncovered a kill switch in the hackers code and registered a domain that if, unregistered, triggered the encryption process.  By registering the domain that was uncovered, the spread of the encryption attack was stopped, at least temporarily.  What we can be sure of is that the hackers will be updating their code to circumvent their own kill switch now that it has been activated by someone trying to stop the attack.  So while we are presently in a moment of reprieve, do not let down your guard.

Consider the impact to the United Kingdom’s National Health Service (NHS).  The following screen shot is posted on their home page today:

NHS Homepage

Perhaps for the first time in history, people may have died as a result of this cyberattack, as it is reported that operating room and other critical health care systems involved in acute patient care were infected.  All non-emergency services were suspended at as many as 40 NHS facilities yesterday.

Here in the United States, FedEx confirmed that one or more of their US based operations had been infected.  The threat from this attack was so concerning that many companies instructed staff to shut down their computers and many networks were taken offline as a precaution until more is known.

In perhaps an ironic twist of fate, given current affairs, it is also reported that the Russian Interior Ministry had 1,000 or more encrypted machines.  This attack spared no one.

It has been confirmed that this attack takes advantage of an exploit in the Microsoft Windows operating system, that was first discovered by the National Security Agency (NSA).  The attack is using these exploits, which were made public by the group Shadow Brokers, earlier this year.

In yet another twist of irony, Microsoft quickly patched the exposure, once it was known, back in March.  If your company employs a comprehensive patching strategy, you should have been safe from this attack before it launched.  Unfortunately, many organizations treat patching their systems as a reactive task, when it absolutely, positively needs to be a proactive task.

I hear all too often, that organizations do not want to patch their systems until patches have been out for extended periods of time.  The theory is to let others find and resolve, unintended new issues that may crop up from a new patch.  In the past, this has been a legitimate concern.  However, over the years, companies like Microsoft and others have classified their patches, based on what they are intended for.  Simple feature updates that are more “nice to have” than “need to have” are typically wrapped up in non-critical updates that are distributed differently.  In other words, there is just no reason for computer systems to be left vulnerable to an attack like the one taking place now.

What is also unique about this current attack is how it is spreading.  It has a component to it that is referred to as a “worm”, meaning once it infect a computer on a network, it spreads itself to other computers in that network without those users needing to actually trigger the attack.  That is one of the reasons this spread so quickly throughout the day on Friday.  Another interesting aspect of this is that is appears that countries outside the United States have been hit hardest.  This suggests that US based companies are actually doing a better job at managing their infrastructures that foreign organizations.  However, do not allow that to give you a false sense of security if you are US based.

This attack was so successful that Microsoft even issued an emergency patch for Windows XP, the operating system that is now two generations back and support and updates for which, had been stopped by Microsoft back in 2014, 3 year ago!  Despite the widely communicated and widespread understanding that Windows XP support was ending at that time, far too many computers are still online and running this operating system.

The Wall Street Journal produced the excellent graphic below, to show how ransomware infections spread and specifically, in step 4, how the current attack moved so quickly:

WSJ_Wana_Info.png

Hopefully your internal IT team or your IT partner is already scanning your network and ensuring that all of your computers are secured against this threat.  Even if they have told you that you are safe, remain extremely vigilant.  Never click a link or open an attachment unless you are certain, beyond a shadow of a doubt, that the sender of the message is legitimate and that they intended to send you the link or attachment.  If it’s a link, consider retyping the link into your browser so that you do not run the risk of being redirected to a malicious site.  You just can’t be too careful.

%d bloggers like this: