Spectre and Meltdown

Posted by Tim Luzadder, TCC Enterprise Infrastructure Director

As if software vulnerabilities were not enough, at the end of 2017 three new security weaknesses were publicized. Two were lumped together under the name Spectre and the third was called Meltdown. The announcement made a huge impact in the IT world because even though there are no known exploits of it at the time of this writing, the potential impact is catastrophic as they effect almost all Intel chips on computers AND phones made in the last 20 years.

The “flaws” are actually design elements that make the chips run faster, but can, in fact, expose data in the name of efficiency. What makes the problem so dramatic; is that the issue exists in the hardware architecture itself, so cannot be changed. It can be patched; however, that will make the chip run slower, so there is a cost to performance. One benchmark sets that slow down around 5 to 10%, but it can be up to 30%. And unfortunately, some patches caused some of the chips to not restart and so have been pulled for the moment.

Another aspect of the problem is that some software that was once secure, may not be. The fundamental assumptions that went into the security coding are no longer true. Most vendors are releasing patches and most cloud vendors have already applied them. However, some machines, especially any running older OS’s like Windows XP will almost certainly never be patched and will therefore remain vulnerable.

Who is affected? Everyone. This affects pretty much every device with an embedded computer chip from computers and phones to refrigerators and nanny cams. Because of the sheer size of the effort and the fact that this choice in how the chip is structured has been there for decades, a permanent fix involves a new circuit board.

One primary vector of the threat is that JavaScript on a web site could use Spectre to trick a browser into revealing username and passwords. So, it is vitally important that you keep your browsers up to date.

Contact TCC for assistance in developing remediation plans. Please visit our website https://www.e-tcc.com/managed-services.

 

 

TCC is a Sponsor of the NAEYC Public Policy Forum, March 4th – 6th

Posted by Michelle Thomas, TCC Senior Policy Analyst

Early childhood national conferences provide state policy makers and advocates with rich learning and networking opportunities that advance our capacity to better serve families and children.

The NAEYC Public Policy Forum will provide an opportunity for National Association for the Education of Young Children (NAEYC) members to gather, learn and mobilize advocacy efforts in Washington DC, from March 4-6, 2018. The event will culminate in State Team visits to Capitol Hill to ensure elected officials know who we are, and what our children, families, and educators need to thrive.

TCC Early Childhood Data Systems – Solutions that Work for States

Over the past 18 years, TCC has developed data solutions that support an array of early childhood programs, including: Child Care Development Fund (CCDF) subsidy program, child care licensing, quality rating and improvement systems (QRIS), pre-K management system, and professional development registry (PDR) systems.

States

We’ve taken our extensive experience and subject matter expertise to develop products that can be configured to meet any state need.

  • States use Ascend to manage the complex system of early childhood programming and better inform their short and long-term program, policy and investment decisions.  https://www.e-tcc.com/ascend
  • States use eXpedite as an off-line, mobile solution to capture licensing inspection and other early childhood data that may be collected onsite. Field data can be synched to Ascend or any back-end system in a matter of seconds. https://www.e-tcc.com/mobile-workforce-software

To learn more about TCC’s Early Childhood Data Systems please visit our website https://www.e-tcc.com/early-childhood or email Mike.Boyle @e-tcc.com.

TCC is an Amazon Web Services (AWS) Consulting Partner

Posted by Mike Boyle, TCC Director of Business Development

Moore’s law is the observation that the number of transistors in a dense integrated circuit doubles approximately every two years. According to Ray Kurzweil, American computer scientist, “Technology goes beyond mere tool making; it is a process of creating ever more powerful technology using the tools from the previous round of innovation.” So how fast is technology moving? It’s evolving.

With the changing landscape of technology, ingraining itself into more fluid constructs such as business intelligence, machine learning, and real time streaming analytics, businesses rely on trusted advisors. Figuring out who to trust is the next step. One of the key methods to finding advisors is a vetting system or process.

TCC Software Solutions is proud to announce that we are an authorized Amazon Web Services (AWS) Consulting Partner. Part of being a Consulting Partner is to provide professional services that assists customers of all sizes design, architect, build, migrate, and manage their workloads and applications on AWS.

For more information on TCC’s IT Managed Services and our AWS expertise, please visit our website https://www.e-tcc.com/managed-services or contact Mike.Boyle@e-tcc.com.

The Truth About Mainframe Security

Posted by Rick Fowler, TCC Director of Mainframe Services

Security is always a topic of discussion among my colleagues in the IT world. I have heard a variety of claims that mainframe technologies are not compatible with modern security approaches and represent a major risk.

I recently read an article on the SC Media website that refutes this claim. Crossno, J. (2017, May 04). The Truth About Mainframe Security – And Where You Should Be Focusing. Retrieved August 14, 2017, from https://www.scmagazine.com/the-truth-about-mainframe-security–and-where-you-should-be-focusing/article/655118/

The article states “The mainframe remains the most intrinsically secure platform on the planet for several additional reasons. First, all of the hardware and software that’s needed to complete mainframe transactions resides on a single machine, unlike a distributed environment where there is much network traffic that can be intercepted by an attacker. Second, mainframes’ front-end processors often handle the task of interfacing with the rest of the world, freeing up the system to do nothing but what it was expressly designed for – executing transactions. These front-end processors also handle the security aspects, effectively isolating the mainframe from the rest of the world.” This is a pretty compelling argument in favor of the safety of heritage mainframe systems.

The author pointed out that insider threat is significant in most breaches and this threat is massive and growing across all industries. Perhaps organizations should focus their efforts on safeguarding against insider attacks, where a positive difference can be made.

 

To learn more about TCC Mainframe Managed Services, please visit our website https://www.e-tcc.com/managed-services.