The Nomad RoadTrip

 

With Mobile devices becoming more indispensable every day there's a growing market for additional battery capacity. Companies like EE have for many years been supplying USB power packs that can be used to charge your mobile devices when away from the office, and we internally use a 12Ah unit to change multiple devices when off site. 

The Nomad is slightly different to the usual footprint because you can only change it in the car

During out test, we struggled to find a cigarette lighter socket in our vehicles that would take the size of the unit but when we did (in the boot) it fitted very well with no movement and remains firmly connected. The charge indicator is on the top and clearly visible in the vehicles we used. When you compare this to the usual setup where your power pack floats around the vehicle on its charging wire as you drive this is hugely more practical. 

The device connections are USB-A (the standard usb socket we're all used to) and the new USB-C socket which is a new standard. The reason for this is unclear, and I suspect many of us would have preferred 2 x USB-A until the USB-C standard becomes more widely used but it is what it is. The power output is apparently 1.5A per port (so that's 1.5A useable unless your lucky enough to have a USB-C cable to use). 

When charged which takes a couple of hours, and we're assuming having all the LED's illuminated indicates this, then pressing the button supplies power to the accessories. Its a real shame that you have to actually do something to make it start supplying connected devices as in our test we found that we were pre-programmed to just plug it in and go forgetting to push the button and of course not powering anything. I have no idea why they did that either, surely when you connect it to the car it should power the output automatically? I can't think of a situation where you would plug it in to the car, connect your devices and NOT want it to start supplying them, but its too late to change it now. 

In our test we used an iPhone 6S+ and it charged it from just below 50% to full in about an hour which you may not think is particularly fast but it is comparable with other devices. 

So in summary its a good idea but with a relatively small capacity (3000mAh), relatively high price $50 and problems finding a socket in your vehicle that will take the size of the unit its probably not something that will go mainstream anytime soon. As a side note, for anyone in the UK we did find that it interfered with DAB radio especially when placed in the boot near the DAB antenna so that's something to watch out for. 

Please see the Nomad Website Here

Continue reading
  3013 Hits
  0 Comments

Copyright

© GENADMIN

3013 Hits
0 Comments

Backup and Restore Strategies

Its that time of year when we like to remind our customers that having a complete and tested backup and restore strategy is a business critical requirement especially when many customers work on a set and forget basis. That is, they set it up, and then forget about it only being vividly reminded when the server catches fire or some other disaster. We've recently had one customer who setup an online backup almost 3 years ago and when they really needed it they found the company had gone bust two years ago which in short means, no backup. Another customer in Q4 last year had an online backup solution which used a local key stored on the backup server to encrypt the backup, which is great until the server blows up and you can't restore the data without the key that's now lost. These are just simple examples of how set and forget which is so often promoted as beneficial is really not in any way a benefit. 

So whatever your backup solution, please take the time at least one a year if not more often to analyse log files and actually 'test' the restore process and make sure it works as expected.

If your using any of GEN's backup solutions then we're more than happy to work with you to actually carry out a full restore onto another system to test the solutions. 

 

Continue reading
  2607 Hits
  0 Comments

Copyright

© (c) 2016 GEN

2607 Hits
0 Comments

Counterfeit HP Consumables

Counterfeit HP Consumables

Hewlett Packard are not by any stretch the only manufacturer to loose revenue to cloned consumables, but they are by far the largest supplier effected by corporate procurement of counterfeit items. GEN as a HP partner will of course only supply HP branded consumables and we're confident that our supply chain is trustworthy, but in December 2015 a large IT distributer was found to have a significant stock of counterfeit HP consumables and had of course supplied those to corporate customers. 

There has always been an argument that counterfeit supplies somehow help to control the price of genuine products but its rarely backed up with any evidence and if you actually analyse the cumulative effect that counterfeit consumables have then the opposite is far more likely the case. The reason for this article is that one of our good customers has recently returned a HP Laserjet printer to us for repair still containing a counterfeit cartridge. The damage to the printer was as a direct result of the failure of that cartridge and as such we are in a difficult position. In all likelihood we'll repair it at our cost under its warranty and then speak to the customer about the risks of counterfeit items, but how many times must we take the loss before we simply have to start charging for the repairs? 

And its not just us that will loose out, of course HP in many cases make zero (or less) profit on the actual hardware but instead rely on revenue from the consumables to fund future development. If the market becomes saturated with counterfeit consumables then, (a)  HP will have no other choice but to charge more for the hardware, (b) HP will not honour its warranty where fake consumables have been used and (c) HP will have its reputation for high quality products tarnished unfairly by printer failures resulting from sub-standard fake consumables, and who looses out in the end? We do. 

Now identifying counterfeit consumables is actually quite hard as they are deliberately manufactured to be 'clones' of the genuine article but the key indicator is the cost. If your suddenly offered consumables (in small quantities) at significant discounts then they are almost certainly fake and/or substandard. 

The only advice we can give is to purchase your consumables from HP Authorised distributors or Partners and that way your assured genuine items. 

HP have their own pages dedicated to counterfeit consumables which I'll link in HERE

Hardware, consumables and duty are the three factors that any business must factor into a price performance calculation when looking for a new hard copy solution and we would always do that for you, but if your a business that has purchased a number of HP printers and are now having issue with the cost of consumables then do talk to us as we can in many cases offer bulk pricing which over time can provide a significant saving. 

Continue reading
  3520 Hits
  0 Comments

Copyright

© GENADMIN

3520 Hits
0 Comments

iPhone and Error 53

iPhone and Error 53

With the iPhone 6 (and later) which have been in circulation for a little over a year now there are certain caveats that must be observed when repairing them. The two that are related to Error 53 are: 

  • There are 4 screws which hold down the connectors to the screen assembly, and they are different lengths for a reason. If you get them wrong then the long one will drive a hole through the PCB and there's no way back from that. 
  • The touchID sensor has a unique ID and that ID is paired with the system board and these must be kept together. Only 'Apple' can update the system board to work with a different touchID sensor. 

So, whilst we know this and when we repair iPhones we ensure that we keep the same touchID sensor and put the right screws in the right places, this isn't always the case in the third party repair marketplace. The screws in the wrong holes are unforgivable but the TouchID sensor is a little more complex because the issue only appears when you try and upgrade the iPhone to IOS9, so as long as your on IOS8 or earlier you're going to be fine, try and upgrade and your phone is dead. 

The real issue here however, is not that the TouchID sensor was discarded/replaced in the past by a third party repairer, its that Apple have decided in their ultimate wisdom to implement a 'check' in IOS9 which will retrospectively render customer's iPhones useless when they upgrade, and without any warning at all. We and the whole industry assumed at first that this was an oversight or error, but Apple have made no efforts to resolve it rendering customers phones worthless in the thousands. For Apple its a win because the customers now have to purchase a new iPhone and hope that they have a backup of the dead one, but that's not always as simple because the newly purchased iPhone will be IOS9, and the backup will most likely be IOS8 which of course will not restore to an IOS9 phone - thanks again Apple. There are third party Applications such as DiskAid, etc which can transfer the majority over but its hard work and a world away from the 'everything is simple and intuitive' that Apple likes to imply. 

The future is uncertain, and it all depends on how many users are ultimately effected and whether any regulator steps in to enforce some sort of resolution, we'll just have to see. 

 

Continue reading
  3783 Hits
  0 Comments

Copyright

© (c) GEN 2015

3783 Hits
0 Comments

Voice Encryption

Voice Encryption

Intercepting voice traffic is relatively simple and in most cases involved a simple wire tap at the telephone exchange, to counter such wire taps, advanced voice encryption technology was required which converted your voice into a series of tones that was then transmitted over the telephone network and decoded at the far end, a method which for many years worked flawlessly but for one issue; both parties had to exchange a key before the conversation took place and how did they do that? Well they had to meet up or send it by post or courier. Regardless, analogue voice encryption is still commonplace in the right sort of organisations and works very effectively. 

Then came GSM (or Mobile phones) which initially used packet switching which was digital and existing analogue voice encryption failed to work because of the voice compression employed by the mobile networks. This was swiftly solved by re-working the encryption algorithm to use a smaller subset of tones, which in turn greatly reduced the voice quality over the circuit, which wasn't the best to start with. A few years later with 3G and faster data rates there began to appear voice to data applications which provided a clean method of encryption without needing to interfere with the voice channel. There are several versions of this original protocol mostly based around RSA and could only be used on fairly powerful smartphones due to the encryption overhead, something the Russians avoided with a clever take on the you speak, i speak system whereby a sentence was spoken, recorded, encrypted and then sent to the receiver which decrypted it and played it, the receiver then spoke a reply which was recorded, encrypted and passed back to the caller to be decrypted and played. Whilst taking some time to get used to, this didn't require powerful smartphones and was even harder to crack due to each message having its own key variant. 

Anyway, getting onto the today and a general prevalence of VoIP as a standard used by many businesses across the world. VoIP and more specifically SIP and RTP have now established themselves as a functional standard allowing the multitude of different IP Telephony systems to talk to each other with fairly few issues. The only problem we have is that VoIP is insanely easy to intercept. 

 

The reason for this is that the voice part is sent in the clear, that is, just as compressed voice. Using a commonly available tool at any point on the network path, the voice data can be collected and converted back into speech. Additionally, the signalling protocol SIP, which is responsible for setting up and terminating the calls is also sent in the clear and easily intercepted to keep a log of who calls who, when and for how long. 

Now, if your only calling across the LAN, then its no real risk, and if your calling office to office over a VPN (IPSEC to L2TP) then its also no problem as the traffic will be encrypted whilst travelling between offices, But, if your making VoIP calls to people outside your own network such as customers, suppliers or mobiles, then your calls are wide open. 

I'm pretty such most businesses won't care, as the risk is low and who would want to intercept their phone calls anyway? Well, its never that simple, especially in a digital age where even our own Government wants to start keeping histories of our internet use.

What's the value of a third party knowing who your calling and when? Or, of that same third party being able to listen in to your conversations with suppliers, customers, sales reps, etc? The value is, as always what someone else will pay for it. 

So, can it be secured? Sure it can, but doing so isn't a DIY job and requires some work to implement. Its done in several stages as below...

1. Secure your IP Telephony Solution so it supports end to end encryption of both SIP (Signalling) and RTP (Voice), which is SIPS and SRTP respectively.  

2. Secure your mobile devices with a client that supports encryption. 

3. Secure your SIP Trunk provider (the provider of the phone lines - although they are called trunks nowadays). 

4. Secure your critical customers and suppliers, which may take some persuasion but you will know those who can't or won't and take appropriate measures when speaking to them.

 

I have personally seen a customer of ours install secure IP Phones in key suppliers to ensure the privacy of their conversations, which might seem extreme, but its a cheap and simple option to ensure security is maintained. 

Above is the Counterpath Bria Client which is available on most platforms and fully supports encrypted voice as shown. Internally we use Bria on ALL our mobiles and all are encrypted. Our internal IP phones all clearly show if the conversation is secure or not and our staff are trained to understand the risks when not but when we're the supplier we would be expected to have the systems we're promoting to others :)

 

So, if your interested in securing your VoIP calls then give us a call today or contact us via the web. 

 

 

 

 

 

 

Continue reading
  3482 Hits
  2 Comments
Tags:

Copyright

© (c) 2015 GEN.

Recent Comments
Guest — Brett
Had absolutely no idea it was so easy to intercept voip! Just assumed it was more secure.
Saturday, 28 November 2015 12:29
Guest — Jade Sanderson
Everyone is pushing SIP now like its the new in thing, do you think this is state sponsored so they can more easily monitor phone ... Read More
Tuesday, 04 June 2019 17:08
3482 Hits
2 Comments

Counterintuitive Security from Apple

Counterintuitive Security from Apple

I'm sure everyone likes to think their data is secure, and when you work closely with numerous apple devices then you'll know how important it is to keep the information they contain secure, but there's a fine line between effective security and counterintuitive security.

Apple, once renowned for their security have crossed that line to such an extent that my strong alphanumeric password has been replaced with a short easily typed one just to mitigate the amount of time each day I have to spend re-entering it. Update some App's = Enter your password, Share Photo's = Enter your password, reboot the phone = Enter your password, download a free App = Enter your password, often several times and that's just the daily annoyance, added to which is "Your AppleID has been disabled for security reasons", "Your iCloud Session has expired", 'Verification is required","Your account has been accessed from another computer or device" or some other meaningless message that just wastes more of my precious time.

Can I turn this off = No. The only way around it is a simple, easily typed password. I once found that my contacts that I'd entered on my iPad weren't syncing to my iPhone which was extremely annoying as I really needed one of the contacts whilst I was out and can you guess why? Verify your iCloud password on the iPad. It doesn't say, verify it or I'll just stop syncing everything but I suppose I should have assumed as much. 

Then of course after this message appears, your @icloud email suddenly stops working with something like "Login to server imap.mail.me.com failed." perfect. Now what are you supposed to do ? Unlock or Change the password again, via the long winded and time wasting password reset process at iforgot.apple.com? Yep. then what, well then you have to re-enter the new password on your iPads, iPhones, Macbook's and so on. I've stopped using my @cloud.com email now just to avoid one more annoyance. 

I did a little verbal survey in the office here of no more than 10 heavy Apple users, and not one person had a sensible password for their apple ID for the very reasons above. We all have to deal with this nonsense on a daily basis and it wears you down. 

So how much is too much? Well that's simple - anything that meets the criterial of ANNOYING is too much and that's every time for me. When I first turn on my device then fine, good idea. confirm the password, but then just REMEMBER IT! How hard can that be seriously? If some people want to have to re-enter their Apple id and password 20 times a day then let's have a setting for that so the rest of us can TURN IT OFF. I don't like having a weak password and it gives me a bad feeling but I simply cannot cope with the constant stupid pointless requests for the same password over and over again.

 

If you own a Macbook you'll be more than familiar with stupid dialogues popping up hourly like...

 

and even more annoying....

and Finally something like this...

The issue with repeated pointless requests for your password and the security code from your credit card (which I now have to write down in my wallet because apple asks for it that often) is that it just becomes a learned behaviour and when something asks for it you just put it in, don't even look to see what's asking anymore, just type it in. That's where counterintuitive comes into this sad story, you get so used to being harassed for your password over and over again that you'll type it into any dialogue asking for it without even thinking about it. On the other hand, if you had to enter it only once when your phone first turns on, then a random request for your password would immediately raise suspicion. This is why the Apple way is the wrong way to go about security. I've absolute confidence that I could write a program that would randomly pop-up a fake "verify your iCloud password" dialogue and everyone would just type it in without a second thought. I'm not going to, but I could, and If I can then so can anyone else is the point I'm trying to make. As I'm writing this article, an email has just arrived below (I've changed the email address)...

  

Your Account - This email address is being protected from spambots. You need JavaScript enabled to view it.

 

*Resolution Verification Request:* #TI8CHG10918-ID92

*Date:* 14 - October - 2015

 

--------------------------------------------------------------------------------

 

*PLEASE PRINT THIS MESSAGE FOR YOUR RECORDS - PLEASE READ THIS MESSAGE IN FULL.*

 

Our users security means everything to us. That’s why we are contacting you 

today in reference to your Apple Account This email address is being protected from spambots. You need JavaScript enabled to view it. with us. The Apple 

Privacy Policy was updated on September 17, 2014 and now requires members to 

update the information we hold on them because of changes to our KYC (Know your 

Customer) terms and conditions.

 

We tried to contact you on 2 previous occasions to confirm this information 

before the deadline on the 17th of September and did not acknowledged a 

response. This will be the final email before termination of your iTunes ID 

within the next 48 hours and all associated data.

 

Please follow the link provided to your profile.

 

 >>> Validate My Apple/iTunes Ownership 

 

 

Regards,

Apple Help

 

This is an automatically generated email – please do not reply to it.

*Copyright © 2015 Apple Inc.

3 Infinite Loop, MS 11172-DM, Cupertino, CA 93151.*

 

Now, I'm smart enough to know that's a scam just trying to obtain my AppleID and password, but I wonder how many people will just click it as they have done over and over again because its a learned behaviour. I doubt if we'll even know but I hope I've made the case? If it makes YOU think about it then my job is done. 

 

How many people have received another stupid apple message like 

When of course this isn't a new computer or a new device, its the same device you've been using for the last 3 years, but nevertheless your forced to re-enter your payment information, again and again. How counterintuitive is that? If your just used to Apple making the same stupid mistakes over and over, then no one every pays attention to the pointless email's they send out about 'a new device used xxx', you just assume its wrong like as usually it is. But if the Apple framework actually worked and it only produced these messages when a new device was used with you apple ID then that would actually be useful wouldn't it. 

 

Maybe I, and the rest of the office are alone on this one and everyone else in the world thinks its a good idea to have to re-enter your password and payment info again and again, tell me? comment and let us know? 

Where did the Apple go where everything just worked? Does anyone even remember that Apple ? I do! 

 
Continue reading
  4678 Hits
  3 Comments

Copyright

© (c) 2015 GEN

Recent Comments
Guest — Ashford
YES!
Wednesday, 14 October 2015 15:16
Guest — Brian
You make a good point sir and I'm glad I'm not alone! I don't know why Apple has password crazy but it does make it an automatic b... Read More
Friday, 05 February 2016 15:29
Guest — smonkford
Well, i found my way here because the ipad i've been using for the last 24 months has suddently decided that my account has been a... Read More
Wednesday, 19 April 2017 20:56
4678 Hits
3 Comments

The Evolution of Business Communications with Gigaset Maxwell

The Evolution of Business Communications with Gigaset Maxwell

Introducing the Maxwell 10 from Siemens Gigaset

The way the world does business is changing rapidly – and your office communication devices need to keep up. That’s why we built the amazing new Maxwell 10. Maxwell is an all-in-one business communication marvel that does it all – from high-quality corded, cordless and handsfree phoning, to videoconferencing, e-mailing, web browsing, business apps and much more. Combining the power, convenience, and expandability of a multi-featured, multi-touch-enabled communication platform with the superb comfort and sound quality of traditional desktop telephony, Maxwell 10 ushers in a whole new era of advanced unified communication solutions for modern business professionals.

The first thing you’ll notice about Maxwell 10 is its display. With a full 10.1 inch display, it is perfect for getting things done. The scratch-resistant, 1280 x 800 resolution screen is illuminated by more than a million pixels, so everything is sharp, clear and in brilliant high definition. As the display is multi-touch-enabled, everything you need to do – from web browsing, to launching business apps. Generating a voice call is done with nothing more than a tap or two. Maxwell is optimally mounted on a stylish metal base, making it perfect not only for single user viewing, but also ideal for sharing information with others in the room.

We designed Maxwell 10 to be the most powerful and flexible office communication device ever. Therefor the choice for Android 4.2.2 fit the bill perfectly. It is making it the ideal complement to Maxwell’s wide range of powerful features. And Android’s endless customization possibilities mean it’s an OS as flexible and expandable as any office setting requires – so users can get the most out of their business interaction with speed, ease, and the utmost pleasure.

Keeping in touch with video calls reduces travel and mobile phone costs – and makes business communication more personal and effective. To ensure that video chats are the best they can be, we built Maxwell 10 with a gorgeous, high-definitiondisplay, and an integrated, state-of-the art, HD video camera. Together they offer picture quality that rivals real life, taking business via video to a new level of clarity and convenience. Maxwell offers unparalleled video quality and convenience, for simply better chats. Whatever video or photo needs an office has, Maxwell 10 lets users do business the smart way: in total clarity.

Maxwell 10 connects to just about any device, any technology, at any time. With full USB, Micro-SD, Bluetooth, HDMI, LAN, Wi-Fi, RJ-9 and electronic hook switch compatibility. Maxwell 10 works wonderfully with a huge selection of devices ranging from keyboard, trackpad, mouse, headset, projector, monitor and Wifi Access-Points – for the ultimate in office convenience that enables the maximum in productivity. And naturally Maxwell also supports full cloud and Google account connectivity, so users can access contact lists, calendars, e-mails and all external data quickly and easy. Simply put: Maxwell 10 is the perfect fit for any office.

 

Maxwell 10 is a true, business phone, with professional telephony features built into the hardware, as opposed to other devices that use a software-based application delivering inferior sound quality. Phoning with Maxwell 10 means reduced delay effects and echo, for superb audio quality and better conversations. And talking via speakerphone is just as nice. Thanks to Maxwell 10’s three built-in speakers and integrated front microphone, hands-free sound quality both heard and delivered is simply impeccable.

We can supply the Maxwell 10 for your existing IPPBX or a complete new IP Telephony System designed from the ground up specifically for your Business - Contact us TODAY!

 

Continue reading
  4868 Hits
  0 Comments

Copyright

© Content and Images copyright GEN and Siemens.

4868 Hits
0 Comments

SSLv3 and Embedded Devices

SSLv3 and Embedded Devices

Since the revelations about weak implementations of SSL there has been a rush to move away from it and a dash by website operators to renew certificates supporting TLS. Even while this was going on most browsers still supported SSLv3 and depending on the browser displayed various cryptic messages before proceeding. However, as of Safari 9.0 and Chrome 45 and Firefox 40 or thereabouts, SSLv3 has been disabled permanently with no apparent way to enable it. 

Let's look at what the following browsers give back to the end user when trying to open a secure SSLv3 Page: 

Chrome            ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Firefox because it uses SSLv3, a broken security protocol
Safari because Safari can't establish a secure connection to the server

For everything else there's MasterCard. 

Anyway, back to the issue in hard; why would you want to enable it anyway? its weak and broken right? Well, Kinda. It is weak and it is broken, but SSL isn't just used by websites, its been embedded into just about every router, switch, access point, embedded devices, concentrators, IP Phones and so on, many of which rely on SSL for their configuration pages. 

Some devices (e.g. Siemens IP Phones)  won't talk to you unless its via SSL, and yes, many manufacturers have released firmware updates that fix this, but (a) how do you get it on the device if you can no longer talk to it, and (b) some manufacturers (you know who you are) like to charge customers for firmware and refuse to support 'obsolete' equipment. 

So what can you do? Well, forget Safari, Chrome and Firefox and rather surprisingly turn to Microsoft Internet Explorer. I know, Internet Explorer. In IE 11 (and probably earlier versions) if you go into settings and then into advanced and scroll down you'll find you can enable and disable SSLv3 which is just perfect for talking to your hardware.

If that still gives some stupid message, then go into settings, Then Internet Options, Then Security and click on Trusted sites (the Green Tick), Then click the Sites button and another dialogue window will open with the URL already in there of your device (if not, then add it in) and click ADD. Then close. OK and try again. This time it will work even if it bitches about it. It makes sense to switch support for SSLv3 off again when you've done but that's just as easy. So top marks Microsoft for thinking that perhaps someone somewhere might have an embedded device that still has an SSLv3 certificate. 

(If anyone finds a way to turn on SSLv3 in Safari, Chrome or Firefox then let me know and I'll add it to the article.)

So far the list of devices I've encountered (which is by no means exhaustive) either directly or through support requests logged on our system which still have SSLv3 certificates are: 

  • Draytek Routers, Access Points and switches (Updates freely available)
  • Cisco Routers and various other hardware (Updates either not available for require a support contract)
  • Juniper switches, accelerators and security appliances (Updates either not available or requires some form of support contract)
  • Linksys routers, switches, IP telephony (Updates available for some but not for most)
  • Some older Bluecoat hardware (Updates not available - jump through hoops to try and get access to support then find its obsolete and there is no support)
  • Siemens Openstage Phones (Updates not available online - have to get from distributer - PIA)
  • AASTRA DECT Solutions (Updates hard to find online- unintelligible versioning and hard work to update)

(In fact a lot of phones including Grandstream, AAStra (now MITEL) have SSLv3 issues)

So in summary, when you think your device is down or isn't talking to you and your getting one of the errors above, its fine and its just your browser being an arse. Use IE, update the firmware if you can and continue on with your life :)

E&OE. 

 

 

Continue reading
  3956 Hits
  1 Comment
Recent comment in this post
Guest — Rich
How about an embedded serial server? Yup same gotcha! no firmware update, no way to fix it but no real risk leaving it as its LAN ... Read More
Thursday, 01 October 2015 18:05
3956 Hits
1 Comment

OS X El Capitan

Apple OS X Logo

OS X El Capitan is the upcoming twelfth major release of OS X

Apple Inc.'s desktop and server operating system for Macintosh computers.

It is the successor to OS X Yosemite and focuses mainly on performance, stability and security. 

 

Its due to be released to the public today (September 30th 2015) and many of our customers are already asking if they should upgrade. Well, the long answer is yes. Whilst in Microsoft Land we often recommend against an upgrade especially as so many issues are generally related to upgrade, in Apple Land upgrades rarely break anything save for some low level device/fs drivers. As with OS X Yosemite, there will be changes, but nothing so severe that you'll be unable to use your device. Just like iOS9 it will take a little getting used to but its worth the effort. Apple will undoubtably continue to support Yosemite for the foreseeable future, but with El Capitan comes a new graphics layer called Metal, which is going to hopefully open the gates to really immersive gaming and high end graphics applications on the apple platform. 

A summary of changes and features is available on our friends at Wikipedia (Donate to them if you can, its an invaluable service) and the official Apple page is available Here

If you run into any problems with the upgrade, or usability after the upgrade, then don't hesitate to utilise your GEN Support Contract for assistance as we Fully Support OS X.

Continue reading
  3112 Hits
  0 Comments
3112 Hits
0 Comments

GEN OfficeGateway ExtremeCX4

One of the latest configurations to enter the OfficeGatway family is ExtremeCX4 which can provide your business with 600Mbps downstream, and 80Mbps upstream for as little as £260 per month*

OfficeGateway has been around since the days of dial-up modem, where it was PC based and would dial-on-demand to provide a LAN with internet access. Those days are long gone, with speeds available up to 90Gbps symmetric at 1:1. The OfficeGateway now consists of several units depending on configuration to provide security features, web cache, site to site encrypted VPN's and a range of IDS and Packet Shaping options. Our basic OfficeGateway service, operating at just 80Mbps and providing a SPI firewall, VPN and user access control starts at as little as £69 per month*. The best part about OfficeGateway is that the entire solution from the hardware on site, the configuration and the connectivity are all totally managed so should anything ever go wrong, we'll fix it!

* UK Only, Site survey often required. Prices for installation depend on services, connectivity and features. 

For more information, and for a formal quotation contact us today!

Continue reading
  2978 Hits
  0 Comments
2978 Hits
0 Comments

The Truth about Unlimited

For many years the term 'Unlimited' has been used to describe broadband and Internet access services in general. In the early days, unlimited was about as misleading as it possibly could be with service providers closing accounts, limiting customers and imposing fines for 'unfair usage' but like all good things the law eventually caught up and that little scam was left by the roadside. Now days 'Unlimited' still features unanimously in advertising with such commonality that it now has to be combined by yet more pointless adjectives like 'Totally' as below: 

Of course Totally Unlimited broadband is much better than just Unlimited right? 

Nope, You can get Totally Unlimited Extra, which is of course even better right?

Or maybe 100% Unlimited is the one to go for because the Totally Unlimited isn't 100% Unlimited maybe? 

I'm not sure how many people are actually taken in by this sort of mis-use of compound adjectives but judging by the fact that every residential ISP is using them, it must have some impact. Regardless, the reality is that there is nothing like Unlimited about broadband in any sense of the word. Let's look at how it all connects together: 

There are Four main sections in the service provision between your premises and the internet when looking at FTTC (Aka Fibre Broadband): 

Premises to Cabinet: This is provided over copper pairs and provides a throughput of up to 80m/bit/s by 20m/bit/s, this section is limited by the line conditions and not everyone gets anywhere near this throughput. In addition, a profile (aka BRAS or IP Profile) deliberately limits this rate to 82% of the sync speed (note: ISP's can vary this rate depending on how much you pay etc). Regardless of the BRAS and SYNC speeds it is far from Unlimited. 

Cabinet to Exchange: This is provided over 10G/bit/s Fibre Connection, but each 10G/bit connection will be shared over all the connected premises, meaning that you are only guaranteed a percentage of that 10g/bit/s. To be fair in most area's, bandwidth exceeds subscription so there shouldn't be any contention here. 

Exchange to ISP: The connection over BT's high speed packet network to the ISP that your currently paying for broadband all depends on (a) the capacity in the BT network and (b) the capacity your chosen ISP has purchased, some can be as low as 10g/bit/s others more and this information isn't publicly available. 

ISP to Internet: The connection from your ISP to the internet is again not publicly available but can be as low as 10g/bit/s and will be shared with hosting, email, etc. 

So, where in this service scenario is there anything unlimited? Well, nowhere and it never has been. To add fuel to the fire, many residential ISP's use a technology called 'packet shaping' to slow down certain types of high bandwidth traffic such as bittorrent and P2P, and of course there's the ingress of net censorship in the UK where certain companies have managed to convince a judge to grant an order for ISP's to censor certain websites. The list so far (as of September 2015) is: 

 

Date of Sealed Court Order

Identity of parties who obtained the Order

Blocked Websites

27/04/2012

Members of BPI (British Recorded Music Industry) Limited and of Phonographic Performance Limited 

The Pirate Bay 

05/07/2012

Members of the MPA (Motion Picture Association of America Inc)

Newzbin2

28/02/2013

Members of BPI (British Recorded Music Industry) Limited and of Phonographic Performance Limited 

KAT or Kickass Torrents websites

28/02/2013

Members of BPI (British Recorded Music Industry) Limited and of Phonographic Performance Limited 

H33t

28/02/2013

Members of BPI (British Recorded Music Industry) Limited and of Phonographic Performance Limited 

Fenopy 

26/04/2013 and
19/07/2013

Members of the MPA (Motion Picture Association of America Inc)

Movie2K 
Download4All

01/07/2013

Members of the MPA (Motion Picture Association of America Inc)

EZTV

16/07/2013

The Football Association Premier League Limited

First Row Sports

08/10/2013

Members of BPI (British Recorded Music Industry) Limited and of Phonographic Performance Limited 

Abmp3
BeeMp3
Bomb-Mp3
eMp3World
Filecrop
FilesTube
Mp3Juices
Mp3lemon
Mp3Riad
Mp3skull
NewAlbumReleases
Rapidlibrary

08/10/2013

Members of BPI (British Recorded Music Industry) Limited and of Phonographic Performance Limited 

1337x
BitSnoop
ExtraTorrent
Monova
TorrentCrazy
TorrentDownloads
TorrentHound
Torrentreactor
Torrentz

30/10/2013

Members of the MPA (Motion Picture Association of America Inc)

Primewire
Vodly
Watchfreemovies

30/10/2013

Members of the MPA (Motion Picture Association of America Inc)

YIFY-Torrents

30/10/2013

Members of the MPA (Motion Picture Association of America Inc)

Project-Free TV (PFTV)

13/11/2013

Members of the MPA (Motion Picture Association of America Inc)

SolarMovie
Tube+

18/02/2014

Members of the MPA (Motion Picture Association of America Inc)

Viooz website
Megashare website
zMovie website
Watch32 website

4/11/2014

Members of BPI (British Recorded Music Industry) Limited and of Phonographic Performance Limited 

Bittorrent.am
BTDigg
 Btloft
 Bit Torrent Scene
Limetorrents 
NowTorrents 
Picktorrent 
Seedpeer 
Torlock 
Torrentbit 
Torrentdb 
Torrentdownload 
Torrentexpress 
TorrentFunk 
Torrentproject 
TorrentRoom 
Torrents 
TorrentUs 
Torrentz 
Torrentzap 
Vitorrent 

19/11/2014

Members of the MPA (Motion Picture Association of America Inc) 

Watchseries.It
Stream TV
Watchseries-online
Cucirca
Movie25
Watchseries.to
Iwannawatch
Warez BB
Ice Films
Tehparadox
Heroturko
Scene Source
Rapid Moviez
Iwatchonline
Los Movies
Isohunt
Torrentz.pro
Torrentbutler
IP Torrents
Sumotorrent
Torrent Day
Torrenting
BitSoup
Torrent Bytes
Seventorrents
Torrents.fm
YourBittirrent
Tor Movies
Demonoid
Torrent.cd
Vertor
Rar BG

20/11/2014

Cartier International AG Montblanc-SImplo GmbH Richemont International S.A.

CartierLove2U
IWCWatchTop
ReplicaWatchesIWC
1iwc
MontBlancPensOnlineUK
MontBlancOutletOnline

5/12/2014

Cartier International AG 

Pasmoldsolutions
PillarRecruitment

17/12/2014

Members of BPI (British Recorded Music Industry) Limited and of Phonographic Performance Limited

Bursalagu
Fullsongs
Mega-Search
Mp3 Monkey
Mp3.li
Mp3Bear
MP3Boo
Mp3Clan
Mp3Olimp
MP3s.pl
Mp3soup
Mp3Truck
Musicaddict
My Free MP3
Plixid
RnBXclusive
STAFA Band

29/4/2015

Members of the MPA (Motion Picture Association of America Inc)

afdah.com
watchonlineseries.eu
g2g.fm
axxomovies.org
popcorntime.io
flixtor.me
popcorntime.se
isoplex.isohunt.to
eztvapi.re
eqwww.image.yt
yts.re
ui.time-popcorn.info

7/5/2015

The Football Association Premier League Limited

Rojadirecta
LiveTV
Drakulastream

21/5/2015

Members of The Publishers Association

Avaxhm
Ebookee
Freebookspot
Freshwap
Libgen
Bookfi
Bookre

Of course these court orders did nothing to stop traffic as even the most basic user can download Tor, but its just another example of the word 'Unlimited' being abused. 

 

So, in summary, Can it be unlimited? No. 

But it can be better if you have a fat enough wallet. GEN for example who exclusively supply business customers can provide (a) a guaranteed bandwidth from the cabinet to exchange, (b) Prioritised traffic from the exchange to our networks, and (c) guaranteed bandwidth to the internet but it all costs money which is why residential broadband is so cheap, and business class is comparitively expensive. Bandwidth is bandwidth and the cost is the same, the more users that share the same bandwidth the cheaper it is for each - Its as simple as that!

E&OE - Credits to BT, Talktalk and Plusnet for their banner ads and absolutely no disrespect to their services is intended and they are just examples and in no way exclusive. Congratulations to the MPAA for publicising "ThePirateBay" to the world, most of whom had never heard of it before. All opinions given are that of the author. 

 

Continue reading
  3485 Hits
  0 Comments
3485 Hits
0 Comments

GEN CCS a valuable addition to our SAS service offering

VPN or Virtual Private Networking has been around for decades and the technology has come relatively mature and secure provided it is implemented correctly (which is rarely the case). 

GEN has been offering SAS (Secure Access Service) based teleworker access to our corporate customers networks for just under 5 years now and we currently have around 2500 users daily. To use SAS the teleworker has a username and password that they use to authenticate after which they are offered a number of services such as access to thin client web services, terminal services, NFS and file services, etc. 

The risk however, comes when a username/password is compromised and/or when a user does something stupid like write the credentials on the laptop or save them on the desktop etc. Even with the comprehensive set of security controls within the SAS service offering we cannot protect against users behaving in a way which is likely to compromise your network security. 

Introducing GEN CCS (Compound Cryptographic Service) as an add-on to SAS, CCS provides two factor or multi factor authentication using a number of methods depending on the application scenario. Some example scenario's that are currently available are detailed below: 

Daily PIN as a secondary authentication factor

In this scenario, each day a randomly generated PIN code of 4 or more digits is delivered to each SAS/CCS user via text message or iMessage and this PIN code is required to access SAS after the usual Username & Password. This second factor authentication means that users will not write it down, instead preferring to keep it on their mobile device and using it on the day as required.

Qualified PIN as a secondary authentication factor

For companies more serious about security the CCS console can be provided to a team of staff who can generate a PIN code on demand, giving it over the telephone to the remote user when requested. In this scenario the PIN code can last for the session, the hour or the day. The team handling the calls and issuing the PIN codes should rely on some form of validation process to ensure the remote user is clearly identified as an active employee with clearance. 

On Demand PIN Delivery

In this scenario an authenticated user on SAS is initially rejected and a PIN code generated and delivered to the mobile telephone of the user who's account was used, this PIN is then used to complete the authentication when reconnecting. PIN's generated in this way can last for the session, an hour or day as required. 

These services are not for everyone, but for corporates who are increasingly conscious that network security is as critical to the business as physical security, GEN SAS and CSS get the job done. 

For more information and an demonstration please contact us. 

Continue reading
  2750 Hits
  0 Comments
2750 Hits
0 Comments

Outlook Spam/Junk Filter Issues

 Microsoft Outlook

We recently became aware that some customers using Microsoft Outlook of various versions were experiencing missing email. Our technical team investigated and found the missing email's in the users Spam/Junk folders. The issue appeared to be localised to the last two months so we looked deeper and discovered that Microsoft had released an update to the Spam filter in Outlook in June. There are two issues that impact this, firstly some users due to their configuration cannot see the 'spam' and 'Junk email' folders without going into folder view, and secondly, even if you set the spam filter to 'None' it still in some circumstances takes action when it shouldn't. 

One of the most significant issues that our customers have experienced with this 'change' is that email's between users on the same domain are being flagged as spam, when of course they are not. Surely, if fred@ sends to tom@ then the spam filter should leave well alone? 

Further testing revealed that the updated spam filter was even more sensitive to spammy signatures (HTML Signatures that use external images etc) and that by removing the signature the email was passed. 

The Spam filter can be disabled within the outlook settings but we have found, and users have reported that Outlook continues to filter regardless. Therefore we have found registry settings that can be applied to all three versions of outlook to permanently disable the spam filter, and this is our recommended option if you don't have the time or enthusiasm to educate the user base on how to manage Outlook's crazy spam filter. A link to these registry files can be found in our FAQ here. If you have office 365 then you can also find an article on how to disable its spam filter at the same link. 

Continue reading
  3406 Hits
  0 Comments

Copyright

© 2015 GEN

3406 Hits
0 Comments

AntiSpam and AntiVirus Defence

GEN's development team is pleased to announce the general availability of our new Anti-Spam service for corporate email gateways and domains. Maxim extends our standard Anti-Spam and Anti-Virus gateways by providing process intensive enhanced spam and virus detection which greatly reduces the volume to Spam to virtually zero.

We asked 47 professional users of the GENZone platform to participate in the trial of this new service by subscribing an IMAP folder called 'Maxim' and moving any spam received into that folder. Using this feedback we were able to fine tune the system to maximise its effectiveness and gather valuable performance metrics. 

The fight against Spam

The detection of spam is a continuos battle between the spammers and companies like us who are dedicated to eliminating it. As we evolve so do the spammers and we have to invest ever more complex and expensive technologies to counter them. Some of the technologies are outlined below: 

Standards: The internet is governed by a set of standards known as RFC's and the email delivery protocol is specified by RFC822 and RFC5321. The standards exist so that email can be interoperable between all platforms and servers, but spammers using email bots don't care about being compliant. By enforcing the standards and rejecting violations we can eliminate a percentage of spam, and of course legitimate email from organisations who can't configure their email system correctly. 

The blacklist: A number of worthy organisations like Spamhaus, SpamCop, etc are dedicated to maintaining lists of domains, hosts and subnets which are used to originate spam. Using these blacklists is an expensive but effective tool to eliminate a good percentage of spam at the first gate. Blacklists however are not realtime, and there is always a delay between a spammer launching a mass mailing and the blacklists listing it. 

Authentication: Several technologies exist to verify sender domains and hosts such as SPF & DKIM and these can serve (where used by the receiving server) to block spoofed spam which constitutes the vast majority of scams. For example, the HMRC who are under constant attack from scammers specify in their SPF records two hosts that are allowed to send email for @hmrc.gov.uk and of course the spammers cannot originate email from those addresses so SPF wins the day and any email coming from, say This email address is being protected from spambots. You need JavaScript enabled to view it. that doesn't come from the two hosts listed in the SPF record are canned. This however all falls down then either the receiving server doesn't check, the sending organisation doesn't use it, or the sending organisation has been compromised.

DNS: The domain name system is that which coverts gen.net.uk to 212.140.242.10 and back again, and when you send email to someone @gen.net.uk DNS gives up the address of the mail server that is designated to receive that email, in this case farpoint.gen.net.uk. The RFC1124/1124 which form part of Internet Standard 1 specify clearly that every host on the internet should have forward and reverse DNS, that is gen.net.uk to 212.140.242.10 and 212.140.242.10 to gen.net.uk. So, when a host spamer.com connects from 212.140.242.50 to our mail server, we (a) check that 212.140.242.50 corresponds to spammer.com, that spammer.com has a valid MX record and that the host listed in the MX record actually exists on the internet. This is particularly hard for a spammer to forge and therefore this check eliminates a percentage of spam as well as a percentage of legitimate email from companies who don't know how to setup DNS correctly. 

Content Filtering: By far the most effective tool at eliminating spam which passes all the above tests is pattern matching. This involves looking and detecting elements in the body of an email and assigning a score to each detection. An example would be a HTML only email which scores 3 points, external links to pictures which scores 0.2 points each and so on. The more spammy the email the most points it will accumulate and once a threshold is reached the message is flagged as spam. Content filtering can make use of content lists which are maintained by third parties and provide known phrases and content to score. 

Bayesian Probability Filtering: A gross simplification of this would be that email which is known to be spam can be 'learned' and that data used to identify 'similar' spam. The area of mathematics is complex and the techniques even more so, but the result is the same in that spam that looks like spam based on learned data can be flagged as such, usually by giving it a score, such as +10

When you combine all these techniques together you wind up with a spam detection system that, in our tests has an effective performance of 99.67% which is exceptional in the market. Spammy email is passed through with subject modifications for your gateway to filter (or not) as you require, or for individual users to filter using IMAP or similar rules. Full Diagnostic information is provided in email headers to permit more complex filtering based on spam score or infection type should this be required by your IT Team. 

Customers with GENX and GENZone and those with gateways and dedicated services can have this added to their email feed for a nominal charge. 

For more information or to request a demo please contact us today.  

Continue reading
  3749 Hits
  0 Comments
3749 Hits
0 Comments

DESKTOP ENCRYPTION made simple

I was recently made aware that MacPaw Inc, a well known software house traditionally of Apple Mac Software had released a free of charge encryption package I felt compelled to try it. 

ENCRYPTO is a great tool which provides quick and easy AES256 encryption for your files. The setup is simple and operation couldn't be easier. Simple drag files into Encrypto and your done. A Password is used to secure the files and of course this is an absolute requirement to decryption. 

AES as a standard has some serious support for being strong and reliable, and much of internet encryption is now based on AES. 256 bit encryption means the likelihood of someone being able to crack your sensitive data is approaching zero. 

Advantages: 

  • Well, its so very simple to use and in our testing it worked flawlessly.
  • We liked the password hint feature but also felt it could jeopardise the security if not correctly applied. 

Disadvantages:

  • Whilst its available for both Windows and Mac, it is not available for Linux or iOS which will doubtless loose it some ground for multi-platform sites. 
  • There is no command line version so automation isn't going to be possible. 

The future: 

Well, its free of charge and I don't know how much more development MacPaw are going to put into it, but I hope they take it forward maybe with a paid version that supports command line automation, a range of Ciphers and possibly Linux and iOS support. There's a fairly small number of competitors that have any credibility in this market area such as GPG and OpenSSL both of which require some technical knowledge to operate. 

Please feel free to click the link above to go to MacPaw and take a look at Encrypto and their Gold Standard CleanMyMac/PC which I can highly recommend to anyone. 

 

 

 

Continue reading
  3683 Hits
  0 Comments
3683 Hits
0 Comments