Archive for Company News

Coronavirus COVID-19 Disinfection on the Cheap

Coronavirus (COVID-19) has gathered significant attention worldwide because of how dangerous the virus is, how easily it spreads, and how difficult it is to detect.   So most people, whether government, professional, or civilian, are looking for an easy way to protect themselves and others as best they can.   Things like facial and toilet tissue, surgical masks, and hand sanitizers are selling out in stores and online.   As the number of cases in the US increase, so will the panic.  

But the military has dealt with this kind of thing for a long time, and the number one thing they rely upon for disinfecting is good old fashioned Sodium or Calcium Hypochlorite, also known as “bleach”.   There are many kinds of bleach, but Sodium Hypochlorite is typically referred to “Clorox” bleach. Both Sodium and Calcium Hypochlorite are widely available, but we prefer Calcium Hypochlorite because it typically contains more available chlorine per volume than Sodium Hypochlorite.  Bleach is a generic term which describes a chemical with the inherent properties of removing color, whitening, and disinfecting.   It does this by oxidation, which with “Clorox” is by a chemical reaction which causes the proteins in germs to lose their cellular structure, thus destroying them.

“So what?”  Everybody knows that bleach kills germs.   Yes, but did you know that even a small concentration of bleach kills germs?  You don’t need to dump a gallon of Clorox on everything to kill germs.   You can dilute it down to as little as .5% and still effectively kill germs on contact.  You can even dilute down to .05% and still be effective, but the exposure time becomes much longer.   So what do we (“not-healthcare professionals”) suggest for every day people to use this solution?  

Something as simple as a mini-spray bottle (think travel size pump hair spray bottle) with a .5% solution of Calcium Hypochlorite in water will be easily portable and moderately effective for most uses.   The dilution ratio doesn’t have to be exact, but it should be close.  If it’s a little higher that’s okay, but don’t go crazy.  The concentration will determine HOW LONG you must maintain contact with the solution, so start with a known concentration and then blend down.  Bleach is a reactive chemical, and deteriorates over time in higher concentrations, so choose a product that is individually sealed and use as needed.  The lower concentration of .5% should last for months in a sealed container.  For our mixture, we liked something like this pool product from Amazon.com.  It is 68% concentration in powder form in 1lb packs.  To make a 55 gallon drum of .5% solution, mix approximately 3 1/4 lbs of powder to 55 gallons of water.   Or for each gallon, add ~1 oz of Calcium Hypochlorate and mix thoroughly.    Remember that because it’s a solid powder it won’t mix easily in water, so if possible use warm water to help it dissolve more quickly and thoroughly.

So, fill the spray pump bottles and toss them in your pocket, your office drawer, your glove box, or backpack.  Spray on anything you want to touch, or on your hands after you’ve touched something you shouldn’t have.  Rub in thoroughly.  The .5% concentration shouldn’t discolor most fabrics or materials, but will definitely have a slight chlorine odor to it.  You can add scents to the mixture if desired to make it more tolerable for those sensitive to chloramine smells, but don’t add so much that it dilutes the solution to be ineffective.   

For more information see the US Army Public Health Command bulletin on Preparing and Measuring High Chlorine Concentration Solutions for Disinfection:  TIP_No_13-034-1114_Prepare_Measure_High_Chlorine_Solutions

Posted in: Company News

Leave a Comment (0) →

HID Signo Readers Announced.

HID announced an entirely new reader line today, called Signo.  What’s immediately noticeable is they are more sleek and stylish than the iClass R or RP models, but looking further, we found that there are some distinct differences that might just make switching to this new reader platform sensible.

For starters, the keypad reader model looks more functional, and the mullion keypad reader is a definite necessity.  The keypads are capacitive  touch style which should make them more reliable in harsh environments.

Dimensions for the readers is almost identical, with the Signo readers being a little slimmer, but probably not by very much.  See Feature Comparison Matrix.

What’s missing though, like in the RP series, is a long range parking lot reader like the R90.  This is a needed technology that should be added in the future (are you listening, HID?).

The Signo series seems to lump all the reader technologies in together, making the product selection a little less confusing than previous iClass reader selections.  This is most welcomed.  Supported technologies are 125Khz proximity, iClass, SEOS, Mifare, plus mobile credentials via Bluetooth and NFC, plus Apple’s Enhanced Contactless Polling technology for apple wallet credentials.  

Other features are better support for crypto keys (no more base encryption key in the wild, for now), automatic tuning/detuning for optimized read range, and OSDP support out of the box.  Reader tamper is now a dry contact relay (THANK YOU).   But the biggest thing installers are going to enjoy is that the Signo readers support remote management.  No more configuration cards to go around to every reader just to turn of the 125Khz prox read feature set.  This should have been done LONG AGO.   Firmware updates, configuration, and reader management can be done via mobile device or over OSDP (assuming your PACS supports it).

From our take, these readers appear to have been developed largely for the Campus environment (the Apple ECP is a dead giveaway), but certainly have the feature sets that would make them desirable in the commercial, government, and industrial markets as well.  We don’t  have any evaluation copies yet, but will definitely be looking at these for new projects where they fit and offer additional security, style, and convenience.

Feature Comparison Matrix

Reader RP40 Signo 40
Dimensions 3.3″ x 4.8″ x 1.0″ 3.15″ x 4.78″ x 0.77″
Read Range (typ)

iCLASS: 2.4″

125Khz Prox: 2.8″ to 4.3″

iCLASS: 1.6″ to 4″

125Khz Prox: 2.4″ to 4″

Power 85ma @ 16VDC 75ma @ 12VDC
Comm Wiegand & (optional) OSDP  Wiegand & OSDP
Reader Tamper Open Collector Output Dry Contact Relay
Configuration Programming Cards Mobile Device or OSDP
Weatherproof If optional gasket installed Yes
Certifications UL294, EAL5+ UL294, EAL6+
Price ~$200.00 ~$200.00

 

 

Posted in: Access Control, Company News, Security Technology

Leave a Comment (0) →

Why You Should Be Skeptical of Security Apps in the Cloud

The “Cloud” for most people has become an integral part of our daily lives.  It’s everywhere, yet many people couldn’t tell you what the cloud really is if you asked them.  It’s just there. 

In a nutshell, the cloud could be defined as “an internet server you don’t own, yet hosts your data”.   All this means is you’re using Software As a Service (SAAS), and someone else has developed the application, hosts it on their server, and you use it, or maybe even pay for it via subscription (like Ring or Canary).

Yet all too often, when we really closely inspect these services or applications we tend to find flaws, or sometimes downright intentional abuse, that leads to exposing more of our personal data than we would like.  In the case of  many apps for home or personal use, we can choose to accept some loss of privacy in exchange for the free or bundled software and storage.   However, in the business world this is rarely tolerated, and in some cases it’s against the law. 

For a fantastic example of this abuse, the Electronic Frontier Foundation has published an excellent article about Ring and its application that exposes multiple abuses of privacy.    The biggest takeaway from the article for us was that Ring appears to be using pinned certificates in a way that prevented data security experts from analyzing encrypted traffic generated from the application itself.   Now imagine an app from a state sponsored corporate entity like Huawei sending images, stored files, GPS data, voice recordings, or video from your phone or tablet to some server in another country.  See how big the risk is?

Click the link below to read the full article, but this summary puts it best:

“Ring claims to prioritize the security and privacy of its customers, yet time and again we’ve seen these claims not only fall short, but harm the customers and community members who engage with Ring’s surveillance system.”

https://www.eff.org/deeplinks/2020/01/ring-doorbell-app-packed-third-party-trackers

 

Posted in: Company News

Leave a Comment (0) →

Quantum Resistant Encrypted Communications

If quantum computing can reduce previous calculation times of decades down to seconds, then what does that spell for current military, government, and corporate technologies that rely on encryption algorithms?   The current idea is that encryption isn’t unbreakable, it’s just not practical because by the time the message is encrypted, it’s no longer relevant and most likely the encryption key (or even mechanism) has changed.   With Quantum computing, this all goes out the window, as now brute force decryption could theoretically be done in real time.  This terrifies everyone, and rightfully so.  

What about Blockchain?   Under the bitcoin blockchain algorithm concept, the encryption difficulty is adjusted after every 2016 blocks are mined.  This is typically an incremental increase or decrease as more or fewer hardware resources are thrown at mining bitcoin.   Thus, if you added a super quantum computer (or cluster of quantum computers), the difficulty would proportionally (and drastically) increase with the number of blocks that were mined (just in a much shorter time frame).

On October 23, 2019, Bitcoin’s price fell from around $8200 per bitcoin to under $7400 in a matter of minutes, because Google announced that Sycamore, its quantum computing platform, had achieved “quantum supremacy” and passed an impossible test.  The premise is that it completed a test calculation in 200 seconds that would take the world’s most powerful supercomputer 10,000 years to finish.   While the claim is somewhat questionable, there is no doubt that quantum computing has taken a foothold and will only advance from here.

Google Sycamore Quantum Computer

Google Sycamore Quantum Computer

The problem here is that someone trying to break the encryption isn’t likely to be actively participating in the blockchain.  They’re just going to be trying to decrypt packets or streams, or whatever they are intercepting and trying to decrypt.  So unless the encrypted blockchain communications platform changed the encryption difficulty to a level that it couldn’t actively mine itself (thus defeating the point of encryption to begin with), the communications would always be deciphered by the quantum computer.   Thus… all encrypted communications would have to be done with quantum computers.   It’s another round of keeping up with the bad guys, and technology has to step up to meet the challenge.

The downside is that this is financially well outside the possibility for most businesses and private individuals, meaning we are back to the equivalent of clear text passwords and messages as well as unencrypted financial transactions.   This would be disastrous for the financial and credit industries, as well as creating havoc in terms of privacy act enforcement, worldwide (think GDPR). 

How this plays out is anybody’s guess right now and the technology isn’t quite there, but in the mean time, all one can do is hope that Google really means it when they say “Don’t Be Evil”.

 

Posted in: Company News

Leave a Comment (0) →

NSA Warns: Update Windows Or Else

For the first time I’ve ever seen, the National Security Agency has made a public announcement about a private company’s product, warning that all Windows users that are still using older versions of Microsoft Windows XP, Vista, Windows Server 2003/2008, or Windows 7 should upgrade or face serious remote exploit risks. Their advisory can be found here: https://www.nsa.gov/News-Features/News-Stories/Article-View/Article/1865726/nsa-cybersecurity-advisory-patch-remote-desktop-services-on-legacy-versions-of/

Honestly though, if you’re still using Windows XP or Windows 2000 and it’s connected to the internet, you kinda deserve everything you get. I get it, there are still some ancient programs out there that never got upgraded and you just “can’t live without it”. And I can even understand if you’re still using Windows 7 (by the way, patch that too), but really, it’s been 18 years since Windows XP was released… stop clinging and move on.

Further information from the Microsoft CVE-2019-0708 security advisory:

  • Block TCP Port 3389 at your firewalls, especially any perimeter firewalls exposed to the internet. This port is used by the Remote Desktop Protocol (RDP) and will block attempts to establish a connection.
  • Enable Network Level Authentication. With NLA enabled, attackers would first have to authenticate to RDS in order to successfully exploit the vulnerability. NLA is available on the Windows® 7, Windows Server® 2008 and Windows Server® 2008 R2 operating systems.
  • Disable remote Desktop Services if they are not required. Disabling unused and unneeded services helps reduce exposure to security vulnerabilities overall and is a best practice even without the BlueKeep threat.
  • Note that Windows® 10 systems are already protected from this vulnerability, as it only affects the older versions of Windows® listed above.

Posted in: Company News

Leave a Comment (0) →

2019 Q3 and Q4 Class Schedule

The following North Carolina SP-FA/LV Exam Prep classes are set for the remainder of the 2019 calendar:

  • August 14, 2019 8:00A – 5:00P Greensboro ADI, 4500 Green Point Dr #103, Greensboro, NC 27410
  • October 16, 2019 8:00A – 5:00P Raleigh ADI, 2741 Noblin Rd # 101, Raleigh, NC 27604
  • December 11, 2019 8:00A – 5:00P Greensboro ADI, 4500 Green Point Dr #103, Greensboro, NC 27410

For additional information or registrations, contact National Training Center at (702) 648-8899 or sales@nationaltrainingcenter.net. Or register on-line at http://www.nationaltrainingcenter.net/index.xml.
Full NTC class schedule link: http://www.nationaltrainingcenter.net/instructor-led-training.xml

Posted in: Company News

Leave a Comment (0) →

Bitcoin Hacked! Hackers steal $70M dollars! And Other Sensational Journalism…

Bitcoin…  Another story.   The mainstream media, in their usual quest for drama and ratings, is in a fever pitch about the December 5 hack of Nicehash.com that resulted in the theft over over 4736 bitcoins (~$77M dollars as of this writing).  See here for what is claimed to be the blockchain identifier for the transfer:  https://blockchain.info/address/1EnJHhq8Jq8vDuZA5ahVh6H4t6jh1mB4rq

The claim that seems the most ridiculous is that “Bitcoin is NOT safe, and is hackable!”.   This is nonsense, and it is like saying that the US dollar isn’t safe because your neighborhood Bank of America was robbed.  The fact is, nicehash.com didn’t have adequate security measures in place to prevent the hack (even with the most annoying Captcha I’ve ever used), and it probably has ruined the company.

Nicehash is was a very popular and easy to use mining service where people (including myself) can mine for Bitcoin (and other cryptocurrencies) using their PC or specialized hardware built for mining. Nicehash pays miners a “fee” for mining cryptocurrencies, and pays them on a round basis.  The nice thing was they paid in bitcoin, no matter what coin you were actually mining.  Naturally, they had to have a pretty large amount bitcoin to be able to make these payments, and they advertised it regularly on the web.

Nicehash also had a policy of not making payments to external wallets (meaning, under the control of the individual miner, and not on nicehash.com) unless they had a mining balance of .01 bitcoin or more. That’s about $170.00 and many miners had just slightly less than that balance that was stolen from the community wallet that nicehash.com paid miners from. And because Bitcoin transfers are generally not traceable to an individual, the money is gone. In short, everybody loses.

The trouble sets in when someone, somehow, found a way to get into their Bitcoin wallet and transfer the coins out to themselves.  The FBI is almost certainly involved, as well Interpol, Europol, and possibly some other European or Slovenian police agencies.

So why still invest in Bitcoin? Because Bitcoin is based on a blockchain technology that is very reliable and secure.  The concept of bitcoin and it’s blockchain is not hackable in itself. Rather, nicehash.com was hacked and lost their bitcoin.  There are different types of blockchain strategies, and some are more efficient, quick, secure, and anonymous than others.  Bitcoin was the first cryptocurrency to use this concept, and while you can “see” what address funds are transferred to and from, you cannot see “where” physically (geographically) or any other identifying information for who or where the funds were sent to or from.

So what is blockchain? Google is your friend here, as there are tons of videos and wikis about blockchain and how the different types all work.   But in a (very simplistic) nutshell, blockchain is the concept that all transactions in an ecosystem are using a distributed cryptographic ledger, and most importantly, the SAME ledger. This means that if Zack, Sally, Mike and Kim are all in a trading club and are sending money to each other, they each have a copy of the ledger, and when Mike sends Zack funds, it is recorded on all four ledgers and the ledgers all have to agree (using a cryptographic algorithm) on the transaction date/time, amount, and transferees bitcoin address. If they don’t agree, the transaction is invalid and the transaction is rejected, thereby preventing someone from just inserting a million dollar credit to their own ledger.  As you can also imagine, for something like Bitcoin that’s been logging and recording all these transactions around since 2009, that ledger can be quite large… about 2 gigabytes large… and still growing.

The cool thing is this technology can be applied to other types of transactions, such as deed transfers, contracts, information exchanges, or gaming, to name a few. Because the transaction is secure, encrypted, and shared, it is virtually “hackproof”.  What isn’t “hackproof” is anything stored online, like Nicehash’s wallet,  or any other online wallet that you yourself don’t have the private keys for and can transfer to cold storage.   Online wallets are very convenient.  Coindesk.com is very popular and has exploded in recent weeks due to the popularity and price spike for Bitcoin, but it’s generally not considered a good idea to keep large sums of Bitcoin stored there unless you have an immediate need for it.  Keep it in an offline wallet and use cold storage.

So in short, Bitcoin is just like any other fiat cash currency, the bearer holds the value, and if you don’t take steps to protect it, someone else can (and probably will) steal it.

 

 

 

Posted in: Company News

Leave a Comment (0) →

Door Handedness

One of the questions that comes up all the time in access control design layouts is door handedness.  It’s not a hard concept to understand once you see it graphically, but it’s sometimes tough to remember in the field if you’re not accustomed to working with door hardware on a daily basis.

While we would typically prefer security doors to swing into the secured space (easier to barricade if needed in an emergency and the hinges are typically on the secured side), usually the handedness of a door isn’t left up to security and is based more upon building code and/or the function of the space.

The following graphic explains it better than I’ve seen it anywhere, and shows you the door swing based upon being on the Outside (or “unsecured” side where the card reader or key would be).

 

Courtesy of Specialtydoors.com

Also, note from the table below that a Left Hand door isn’t the same as a Right Hand Reverse door, as the lock hardware has to change in order to be able to latch properly.

  • Left Hand:  Door swings inward to the Left, uses LH Hinge, LH Strike, LH Lock.
  • Right Hand: Door swings inward to the Right, uses RH Hinge, RH Strike, and RH Lock.
  • Left Hand Reverse:  Door swings outward to left, uses RH Hinge, RH Strike, and LH Lock.
  • Right Hand Reverse: Door swings outward to Right, uses LH Hinge, LH Strike, and RH Lock.

 

So next time someone says that a door is a “Right Hand Reverse” door, you’ll know that they really mean the door swings out to the right towards you if you’re standing on the outside.

 

 

Posted in: Company News

Leave a Comment (0) →

Kile Unterzuber Receives NCESA President’s Award

We are proud to announce Kile Unterzuber has received the 2017 President’s Award by the North Carolina Electronic Security Association.

“The recipient of the 2017 President’s Award has been an outstanding leader to the NCESA for many years.  His exceptional ability to lead the industry in educational advancement has been respected and admired for many years.  His leadership passion has provided direction and pathways for the organizations through top level education.    The never-ending work of this volunteer has earned him the reputation of an unselfish and highly accountable industry advocate.  With many years of industry experience, Kile has proven through his honorable and ethical character that community and industry service is essential. He has always dedicated himself to better the world around him and the industries he serves.” — Chris Lohr, President NCESA

Posted in: Company News

Leave a Comment (0) →

LED Street Lighting for Security Purposes

Drive down any US city street these days, and the led-lightsold, yellow street lights now shine bright white and bright with the latest in modern street lights, LEDs.  LED lights are popular because of their tremendous energy savings, about 80-90% energy efficiency, when compared to a traditional incandescent light bulb. This means the LED lamp has about 80% of the energy used to illuminate actually goes into making the light, with the remaining 20% given off as thermal energy.   Compared with the highly inefficient incandescent bulb, which is about 25% converted to light, and 75% given off as heat.   So for any business, residence, or municipality, a huge savings in operating costs can be found by switching to LED lighting, and with federal subsidies for energy savings, the capital costs are partially offset as well.

But a small wrinkle has developed as the American Medical Association (AMA) has adopted guidance for communities on selecting among LED lighting options to minimize potential harmful human and environmental effects.   People are complaining about driving under the blue-white lights, or trying to sleep with one newly installed on the street outside their bedroom window.  According to the AMA:  “High-intensity LED lighting designs emit a large amount of blue light that appears white to the naked eye and create worse nighttime glare than conventional lighting. Discomfort and disability from intense, blue-rich LED lighting can decrease visual acuity and safety, resulting in concerns and creating a road hazard.  In addition to its impact on drivers, blue-rich LED streetlights operate at a wavelength that most adversely suppresses melatonin during night. It is estimated that white LED lamps have five times greater impact on circadian sleep rhythms than conventional street lamps. Recent large surveys found that brighter residential nighttime lighting is associated with reduced sleep times, dissatisfaction with sleep quality, excessive sleepiness, impaired daytime functioning and obesity.”   So the AMA is recommending that LED street lamps that are installed turn the color temperature down from 5000K or 4000K to at least 3000K, or a “warm-white” color that more mimics natural sunlight.

For the last 30 or 40 years, most street lamps have been high pressure sodium or mercury vapor lamps.  These are high intensity gas discharge (HID) lamps that operate by forcing an electric arc through vaporized mercury or sodium to produce light. The arc discharge is generally confined to a small fused quartz arc tube mounted within a larger borosilicate glass bulb.   The color is the big difference:  mercury vapor lamps usually produce a bluish/purple color when operating, and sodium lamps produce a yellowish/brown color.   Sodium is the most common type lamp until just recently because it was more efficient than mercury.

So what difference does this make from a security standpoint?  The color mostly…  Oddly from a security standpoint the color can make a difference from a psychological and electronic security perspective.   In the past we have generally recommended Metal Halide HID lamps instead of mercury or sodium, even though they operate similarly, because the color is a much more true white and allows for proper color identification in low light situations.  Mercury and Sodium lamps can make greens and reds look like different colors, and navy and black almost impossible to differentiate.  Enter LED lamps.  They look very similar to metal halide from a color perspective, and allow better color rendition for both human eyes and electronic eyes such as video surveillance cameras, most of which see in color these days even at night (if the lighting is good enough).  Below you can see the major difference between an older style sodium vapor lamp and a newer LED.

Old and New

Both lamps give off ample light, but there is an obvious color difference.  And while it’s not terribly easy to see from this photo, true accurate color renderings are harder with the yellow sodium lamps.   The LED lamp here is a hotter color temperature, around 4000K and has that bluish tint that is being complained about.   Lowering the temperature to 3000K would make it slightly more amber, but not anywhere near the color of the sodium lamp.

So if your business, facility, or municipality has LED lamps being planned, it may be prudent to push for a 3000K color temperature not only for security camera color rendering accuracy, but also from a psychological and health perspective, and you have the AMA helping make your case for you.

 

 

Posted in: Company News, CPTED

Leave a Comment (0) →
Page 1 of 2 12