Facebook Privacy Changes Go Live; Understand the 'Everyone' settings

Facebook has made important changes to their privacy options and every Facebook user should be aware of them.

The changes give users much better control of who sees your information, including being able to restrict viewing to an individual if you desire.

Settings include "only friends" and "friends of friends." A "customize" option allows users to show or hide a post from specific individuals or user-created lists. The options are available by clicking on a new "lock" icon that appears next to the "share" button when a Facebook user updates their status. Any setting may be chosen as a default and the default option may be changed as desired.

Especially important is the new "everyone" setting that determines whether a Facebook post will be seen on other services, such as in Google search results. Here is a description of the "Everyone" setting:

"Information set to 'everyone' is publicly available information, may be accessed by everyone on the Internet (including people not logged into Facebook), is subject to indexing by third party search engines, may be associated with you outside of Facebook (such as when you visit other sites on the internet), and may be imported and exported by us and others without privacy limitations.

The default privacy setting for certain types of information you post on Facebook is set to 'everyone.' You can review and change the default settings in your privacy settings. If you delete 'everyone' content that you posted on Facebook, we will remove it from your Facebook profile, but have no control over its use outside of Facebook."

Read this post from Facebook to learn more.

New Security Alerts for Adobe Flash

Adobe has released a new security bulletin titled: "APSB09-19 - Security updates available for Adobe Flash Player" which warns of "Critical vulnerabilities that have been identified in Adobe Flash Player version 10.0.32.18 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system."

Adobe recommends users of Adobe Flash Player 10.0.32.18 and earlier versions update to Adobe Flash Player 10.0.42.34 by downloading it from the Flash Player Download Center or by using the auto-update mechanism within the product when prompted.

Be careful at the Adobe Flash Player Download Center page as they will ask if you want to download and install a McAfee security scan program at the same time. If you have a working anti-virus solution, which is up to date with definitions, you should uncheck the option to download the McAfee program.

On-line safety - Firefox and NoScript

If you've been a client of Cavu Networks then you have been told that running Firefox as your primary Internet browser is preferred. There is a terrific Firefox Extension called NoScript that makes it even safer and is highly, highly recommended.

The NoScript Firefox extension provides extra protection for Firefox. This free, open source add-on stops potentially dangerous scripts and applets (JavaScript, Java, Flash and other plugins) from being run. NoScript also provides the most powerful Anti-Cross Site Scripting (XSS) protection available in a browser.

You can download and install NoScript here: http://noscript.net/. You can enable JavaScript, Java and plugin execution for sites you trust with a simple left-click on the NoScript status bar icon. There is also a good video called "Using NoScript" on YouTube which describes how to use NoScript which was contributed by John Wilkerson.

Voice-over-IP Helps Pediatrics Clinic Manage High-demand for H1N1 and Seasonal Flu Vaccines

One of Cavu Networks' clients is a pediatric clinic which has been working very hard to distribute seasonal and H1N1 flu vaccines to their patients in a fair and timely manner.

Last year, when there were no H1N1 issues, they were successful in having "drop-in flu clinics" using a first-come-first-served model. This year has been very different.

The problems this year are multiple: they have very little notice when they will be receiving vaccines from the state (H1N1 or seasonal), they don't know what form it's in (nasal mist or injection), they don't know how many doses they are going to receive and the demand for the vaccine has been very high.

A little more than a week ago they held a drop-in, first-come-first-served flu clinic and the turnout was overwhelming: 300 patients with 400 shots given in 3 hours with long lines of 1-2 hours leading to total staff and MD exhaustion. The line of people literally went out the door and around the building forcing families with young children to wait outside, though luckily, the weather was mild and dry. It was obvious that it was not a sustainable model.

Trying to pre-schedule patients for future flu clinics became the objective. There wasn't enough time to implement a self-scheduling website, but there was time to develop a telephone based scheduling system.

Their existing telephone lines were already clogged by people calling the main numbers to ask if there was flu vaccine available and when the next clinic would be. We decided to use a SIP trunk to provision a new telephone number. Using the VoIP capabilities of their Talkswitch small-business phone system to handle the new number was simple. Viola! A "Flu Hot Line" was created.

The flu hot line number was published on their website and added to the opening message of the main numbers. When the next batch of vaccines arrived they used the capabilities of the Talkswitch to direct the incoming flu hot line callers to a staff member who scheduled the caller. This kept the main telephone numbers clear of flu vaccine and flu clinic related calls.

After a flu clinic is scheduled the doctors are able to review each patient's electronic chart and flag if the patient will be receiving the seasonal flu, the H1N1, or both vaccines. The result: minimal waiting for families; prepared doctors and staff; and an efficient, smooth and calm 3 hour flu clinic. Success!

Fake Facebook e-mail “Subject: updated account agreement”

The latest actions directed towards Facebook users is an email telling the users that their Facebook agreement has been modified and they need to accept the new agreement. The agreement is attached as a .ZIP file.

It goes without saying (I hope) that this is fake and malicious and that users should never open file attached from someone they don't personally know and expect an attachment from. If this attachment is run it installs a trojan on the user's computer.

The e-mail looks like this:

Dear Facebook user,

Due to Facebook policy changes, all Facebook users must submit a new, updated account agreement, regardless of their original account start date.
Accounts that do not submit the updated account agreement by the deadline will have restricted.

Please unzip the attached file and run “agreement.exe” by double-clicking it.

Thanks,
The Facebook Team

Thanks to the Sophos Labs blog for this valuable information.

Fake Microsoft Outlook Security Update

There is an e-mail circulating with the subject "Microsoft Outlook Critical Update" which is very real looking, but very fake and dangerous.

The URL pointing to the "critical update" looks legitimate, but hovering over the hyperlink (or checking the source code of the mail) will show that the link leads to a totally different destination.

Sophos Labs indicates that the URL leads to the download of "a backdoor banking Trojan which allows a remote user to access and steal sensitive data and provides an intruder with remote access to the compromised system."

Remember that Microsoft will never send updates via a direct e-mail. Updates should be installed directly from the official Microsoft Update website at http://update.microsoft.com.

Welcome to the Cavu Networks blog

Welcome to the blog for Cavu Networks. We will use this blog to present and discuss information, tips and news worthy items about small business technology to our customers and colleagues.