Hello & Welcome

Thinking Tools, LLC Receives 2013 Best of Freehold Award in Computer Networking
U.S. Commerce Association’s Award Plaque Honors the Achievement

WASHINGTON D.C., September 23, 2013 — Thinking Tools, LLC has been selected for the 2013 Best of Freehold Award in the Computer Networking category by the U.S. Commerce Association (USCA).

The USCA “Best of Local Business” Award Program recognizes outstanding local businesses throughout the country. Each year, the USCA identifies companies that they believe have achieved exceptional marketing success in their local community and business category. These are local companies that enhance the positive image of small business through service to their customers and community.

Various sources of information were gathered and analyzed to choose the winners in each category. The 2013 USCA Award Program focused on quality, not quantity. Winners are determined based on the information gathered both internally by the USCA and data provided by third parties.

About U.S. Commerce Association (USCA)

U.S. Commerce Association (USCA) is a Washington D.C. based organization funded by local businesses operating in towns, large and small, across America. The purpose of USCA is to promote local business through public relations, marketing and advertising.

The USCA was established to recognize the best of local businesses in their community. Our organization works exclusively with local business owners, trade groups, professional associations, chambers of commerce and other business advertising and marketing groups. Our mission is to be an advocate for small and medium size businesses and business entrepreneurs across America.

plaque of awardSOURCE: U.S. Commerce Association

CONTACT:

U.S. Commerce Association
Email: PublicRelations@us-ca.org
URL: http://www.us-ca.org

Windows 8.1 Release Date Confirmed

The Windows 8.1 release date for retail sale has been confirmed to be October 18. Users who own a Windows 8 license will get the update for free. Microsoft will be bringing some intuitive changes and upgrades to the operating system.
Microsoft will be putting in the finish touches to the Windows 8.1 before the final release. Features like the Bing search and Bing apps will be getting an upgrade. The top five features of Windows 8.1 are as follows:

PHOTO REWIND:

Microsoft calls it “Photo Loop” but the feature is similar to the “Photo Rewind” found in the BlackBerry 10. The feature allows the user to rewind a picture to solve problems like someone blinking or looking away at the wrong moment. But for the feature to work, the hardware on the device will need to support it.

LOCK SCREEN PHOTOS:

professionals using laptopThe lock screen on a tablet or PC can now sport a photo slideshow, the photos can be accessed from the hard drive of the device or from the cloud based SkyDrive. A tablet can look like photo frame, using this feature. Users will also be able to answer a phone call or access the camera without having to unlock the device with a password.

MOVE TILES AROUND:

Many users prefer to customize their screens by arranging the tiles in a particular group, Windows 8.1 makes it easier to move the tiles more purposefully and not by accident. Users will now need to press and hold a tile in order to move it, the right click can also be used to move tiles.

SNAP VIEW:

Users will now be able to multitask better with a new snap view, allowing the users to view two or three apps at the same time. The apps can also be resized according to the needs of the user.

DIRECTLY SAVE TO SKYDRIVE:

Files can be directly saved into the cloud based SkyDrive, as the feature has been integrated into the Windows 8.1. The SkyDrive allows users additional storage options, users can store music, eBooks and movies, and others.

Windows 10 Extended Servicing

Windows 10 Extended Servicing
Date Release: September 6, 2018
Source: Redmond Magazine

Microsoft’s Thursday announcement basically carved out another Windows 10 option for managing updates. In this case, Microsoft is offering a 30-month (2.5-year) support period between Windows 10 updates, which will come into effect sometime this month. However, the 30-month support period only applies to users of supported Windows 10 Enterprise and Education editions, and it’s only available when they follow the September channel update model. Microsoft’s Windows-as-a-Service model for Windows 10 has biannual updates, called “channel” releases, which typically occur in March and September and entail a new OS version number.

Organizations using the Windows 10 March OS updates will still have just 18 months of support for that OS version until they must upgrade the OS, or risk not getting future security updates. Microsoft will segment its March channel releases in this way starting with the Windows 10 version 1903 release, which likely means that this option will start being available in March 2019.

Nothing changes for Windows 10 Pro or Home edition users and Office 365 ProPlus users, who continue to get 18 months of support for a given OS version, no matter whether the OS update had arrived in March or September.

Microsoft summarized these changes in the following table:

Table Products

Microsoft’s revised support for Windows 10, starting in September 2018. (Source: Sept. 6, 2018 Microsoft announcement by Jared Spataro.)

Microsoft made this change — 30 months of support for September channel followers and 18 months of support for March channel followers — to add “more time and flexibility” for organizations. However, like all such Windows-as-a-Service pronouncements, it’s bound to perplex IT pros, who likely are still reeling from Microsoft’s last Windows 10 and Office pronouncements.

Cyber Attack Concept

The Next Big Cyber-Attack Vector: APIs
Date Release: September 6, 2018
Source: Security Week

With cyber-attacks on enterprise networks becoming more sophisticated, organizations have stepped up perimeter security by investing in the latest firewall, data and endpoint protection, as well as intrusion prevention technologies. In response, hackers are moving to the path of least resistance and looking for new avenues to exploit. Many security experts believe the next wave of enterprise hacking will be carried out by exploiting Application Programming Interfaces (APIs).

In fact, cyber adversaries are already targeting APIs when planning their attacks. The data breach at Panera Bread is a good example. The bakery-café chain left an unauthenticated API endpoint exposed on its website, allowing anyone to view customer information such as username, email address, phone number, last four digits of the credit card, birthdate, etc. Ultimately, data belonging to more than 37 million customers was leaked over an eight-month period. This raises the question on how to minimize the growing cyber security risk associated with APIs without hampering the benefits they provide in terms of agile development and expanded functionality.

API usage in application development has become the new de facto standard, whereby developers take advantage of integrating functionality from third-party provided services rather than building all the capabilities they need from scratch. This allows for a more agile development process for new products and services. According to a One Poll study, businesses on average manage 363 different APIs, and two-thirds (69 percent) of those organizations are exposing their APIs to the public and their partners. Developers can augment their code by searching API libraries such as API Hound, which uses machine scanners to find its 50,000+ APIs, or ProgrammableWeb, which maintains the world’s largest hand-curated directory of APIs — now measured at over 17,000.

To minimize their exposure to API-based threats, organizations should take the following precautions:

  • Think Security

    Unfortunately, DevOps security – or DevSecOps as it is now called – is often underrepresented in the software development process, including securing public-facing APIs. Developers need to consider the security implications of API usage within the overall development process, including ways in which APIs can be used for nefarious purposes.

    A fundamental component in securing APIs lies in implementing solid authentication and authorization principles. For APIs, developers commonly use access tokens that are either obtained through an external process (e.g., when signing up for the API) or through a separate mechanism (e.g., OAuth). The token is passed with each request to an API and is validated by the API before processing the request.

  • Apply Common Industry Security Best Practices and Standards
    Abiding to coding best practices and keeping tabs on the most common API vulnerabilities (e.g., SQL/script injections and authentication vulnerabilities) should be a core best practice for developers and DevSecOps personnel. The Open Web Application Security Project (OWASP) is a good source for this type of information.
  • Monitor via API Gateway

    When disparate APIs are stored in an applications code base, an API gateway can be used to monitor, analyze and throttle traffic to minimize the risk of DDoS attacks, and enforce preset security policies (e.g., authentication rules). According to One Poll, 80 percent of organizations use a public cloud service to protect the data behind their APIs with most businesses using the combination of API gateways (63.2 percent) and Web application firewalls (63.2 percent).

    Embracing these DevSecOps recommendations can minimize the security risks associated with API exposure and keep applications safe from cyber security breaches.