NRC Newsletter - January 2018
In this issue
Some thoughts on the Meltdown and Spectre vulnerabilities
Hansen wrote the following in a recent patch announcement:
You may have heard of the Spectre and Meltdown vulnerabilities, currently making worldwide headlines. At first, it looked like it was limited to Intel processors, but at this point, it looks like all processor hardware is vulnerable to some degree.
There are plenty of detailed articles out there about these two issues, but basically, the Spectre flaw can force applications to perform unnecessary actions, and then reveal secure information as a result. The Meltdown flaw is a way to look at information stored in memory that should not be accessible. Either of these can reveal critical information such as passwords, and so on.
New River Computing will be pushing Spectre and Meltdown patches as they become available. These will include Microsoft OS patches, browser patches, firmware updates, and so on.
Currently available information indicates that these flaws may not ever be fixed for some hardware. Older hardware may not receive firmware updates by the manufacturer, and the Spectre vulnerability is reported to be particularly difficult to mitigate.
In the coming months, we'll be working with our customers to ensure that hardware that will remain unpatched by the vendor is replaced with secure alternatives. You'll probably want to consider your home routers and other internet-connected devices and checking with vendors to see if firmware patches are available.
Forms in Office 365
Not enough people know about Forms in Office 365. A "Form" allows 365 users to create surveys, quizzes, and forms and automatically dump the results into an Excel spreadsheet. You can survey people inside and outside your organization.
Here is a four-question survey I created just for fun. If enough people respond, I'll post the results.
If you are a 365 user, you can get started at https://forms.office.com.
Law firms inching towards a formalized cybersecurity compliance regime
Back in October, Jeff spoke before the local Family Law subgroup of the Virginia State Bar Association. The day's presentations revolved around cybersecurity and the ethical duty of attorneys to protect client's information. Recent guidance from the Virginia State Bar is presented here (pp. 6-9). The good news for small law firms is the verbiage describing "reasonableness" of security measures—there is an explicit acknowledgement that small firms do not have the resources of larger firms. The "reasonableness" standard is unlike the HIPAA requirements that don't distinguish between enormous health care conglomerates and a small family doctor.
Did you know…
…that you can drag an email into the calendar icon in Outlook 2016 and create a calendar appointment? I'm often scheduling meetings with others, and frequently the discussion about the meeting time and the context of the meeting are all happening via email. When you drag an email to the calendar icon, it creates an appointment with the contents of the email copied into the Notes field of the calendar appointment. I was skeptical how useful this feature would be, but as it turns out, I use this feature all the time. Give it a try, maybe you'll find it handy, too!
