Introducing PlanEOL

We are proud to introduce a new venture we have been working on for over a year. PlanEOL.com

A typical IT department has thousands of different IT assets, and their product lifecycle (End of Life) is critical for continued success. PlanEOL has one of (if not the) largest database of product lifecycle information, and it is growing every day. A subscription gives you the following:

Full access to the product database
Personal Roadmap of your IT assets with ability to export
Alerts for updates and additions
Notifications for upcoming End of Life dates
Access to specific vendor support information

A friend of ours was working at a large bank and tasked with identifying an upgrade schedule for all hardware and software assets to keep current on support. He wanted to sign up for a service to manage the process for him. After looking for a few hours he called me up and asked why there wasn’t a service he could subscribe to or at least a searchable database for support information? The idea for PlanEOL was born at that moment and we got to work.

Loading Server-Side Properties on Angular Startup

Sometimes you will need server-side properties (not exposed to the web) in your client-side angular app. A couple examples would be Stripe (payment service) key’s and Google ReCaptcha keys. These keys are normally saved in a properties file because they are different for each environment. To load them on startup (or refresh) in your angular app, do the following:

In APP.JS

/**
* Initialization of the APP, and refreshing...
*/
app.run(function ($rootScope, $state, $http) {

// Do an initial instance/session check here
$http.get('properties').then(function successCallback(response) {
        $rootScope.properties = response.data;
    }, function errorCallback(response, exception) {
        console.log(response);
        console.log(exception);
    });
});

The call to http://localhost:8080/properties should be a REST call that returns a JSON object of your properties.

Ransomware on the Rise

Researchers have seen a %3,500 increase in ransomware attacks recently. This is no surprise, as there have been a few developments to help spur the growth:

Exposure
It works! There have been a few stories in the news recently where enterprises have given in to ransom demands to get parts of their network back.

Payment Methods
Bitcoin cannot be traced to a particular bank (where the transactions can be reversed) so the attackers now have a convenient method of payment.

Work From Home!
I don’t think Romanian or Chinese hackers are terribly worried about the repercussions of ransoming a hospital in California.

Like always, make sure you have off-site backups and your security infrastructure is in place.

http://www.bbc.com/news/technology-36459022

The Specificity of Stuxnet

This post references an old (and great) article in Wired about Stuxnet. I went back and re-read it and was struck by the specificity of the virus:

“Stuxnet targeted used the Profibus standard to communicate. They also noticed that the virus searched for a specific value — 2C CB 00 01 — before deciding to attack its target PLC.”

…and

“Stuxnet was targeting a facility that had 33 or more of the frequency converter drives installed, all operating at between 807Hz and 1,210Hz.”

It’s not surprising that Stuxnet was designed to specifically NOT attack just any facility using Seimens PLC’s, that would be disastrous to the world economy (think about that for a second) but whomever (Israel or US tech teams) designed it had specific insider knowledge of the Iranian nuclear facilities. Do you think the Iranian government worries about that?

How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History