I was excited and energized
when I was asked to speak about "IT
Budgeting for Non-Profits" as part of the
Merrimack Valley Chamber of Commerce
breakfast series earlier this month. A big
passion of mine is discussing the changing
way of technology and how to fully utilize
IT within organizations, so I was thrilled
to speak about this topic to a group of top
executives and IT professionals.
During my presentation, I went over a few
key facts about IT for non-profits.
According to the NTEN Technology Staffing
and Investment Report July 2014/2015, IT for
non-profits is traditionally immature due a
budget constraint. There is an average of
one IT person per 28.3 employees and
technology adoption is still statistically
low. Leading organizations will have about
three times more IT staff than struggling
and are two times more likely to include IT
in Strategic IT Planning.
Posted on 3/10/2016 9:59:16 AM by Dr.
new SSL vulnerability, dubbed DROWN as if to
promote the hype, is gaining attention as if the
sky is falling. I wanted to take a moment to
make sure you understand its potential impact on
your business and hopefully show you that it is
not quite falling yet. In my fairly educated
opinion, SSL vulnerabilities like DROWN may have
a significant impact potential, but the risk
associated with them to your business is
frequently a lot more tolerable due to the finer
details. Here are some points as to why.
One of the most important factors that is
frequently underestimated is the fact that mere
support by the server of a deprecated protocol
like SSLv2 doesn't mean the protocol gets used.
Modern browsers actually will not allow a
connection to a server that can speak only
SSLv2. That is why POODLE vulnerability was a
dud - you needed SSLv2 conversation to exploit.
With DROWN this is not the case though, so it is
a bit higher impact. Allegedly, with DROWN the
attacker can extract the private key from the
server by deluging it with SSLv2 requests, and
then use the key to decrypt a client/server
conversation, even if it was encrypted with a
more modern protocol. A good description of the
actual effort required can be found
3/10/2016 1:40:57 PM by Dr. Eugene
Over the past several days, Winxnet Security experts noticed a new
type of a spear phishing attack,
one that is specific to tax season. What may look like a
legitimate email is actually a scheme to steal confidential
information about your employees.
Unlike the common ‘wire
money' requests or other
spear phishing vectors, this particular attack pretends to be
sent from your management team to your Human Resources department,
requesting sensitive employee information.
Here's an example
of the actual email request:
"I want you to send me the list of W-2 copy of employees
wages and tax statement for 2015, I need
them in PDF file type, you can send it as an
attachment. Kindly prepare the lists and
email them to me asap."
About Winxnet Providing innovative IT solutions since 1999, Winxnet
is a leader in IT outsourcing and consulting, software
development, and strategic technical advisory services
to the private and public sectors. With offices
throughout the Eastern United States, Winxnet provides
a broad reach with local expertise.