Archive for August, 2015

Dynamics Ax 7 Preview

August 28th, 2015

Dynamics AX 7 will be accessible through a web-based client instead of a Windows desktop client. This means any shared in user will be able to access the Dynamics database through a basic web browser instead of needing to install customised applications on every system and device. Thus Web-based clients allow anyone in any location to access the different Dynamics modules. Having common web-based clients can improve productivity and facilitate business-wide collaboration on projects online regardless of location.
Access the client, anytime, anywhere and only one development UI to manage.
The user experience in Dynamics AX 7 is based on the same framework used in Windows 8, and being improved upon in Windows 10. This interface uses the hypertext markup language version 5 (HTML5) as a base. The HTML5 interface is designed to be lightweight and intuitive. It is context sensitive and the AX redesign is a dramatic departure from the normally bland windows and menus that have been found in previous versions of Dynamics AX. The new environment brings Dynamics in line with many other current Microsoft products. It will also make it easier to use Dynamics on mobile devices without a mouse or keyboard.

Following the pattern that has been adopted by many other cloud-first software developers, Microsoft will end version-based releases of Dynamics similar to what was done with Office 365. Replacing the strict versioning system will be an approach based on the deployment platform. Each Dynamics platform will receive updates whenever necessary instead of re-releasing the entire software suite. This will make it easier to stay current since compatibility problems will no longer be an issue with incremental upgrades.

Some of the new features that catch our eye:

Financial management.

1. Ability to export account structures to Excel
2. Functionality to view ledgers and advanced rule structures that are affiliated with a particular account structure on a single view
3. Ability to filter Management Reporter reports based on dimension, attributes, dates and scenarios (this is within report viewer instead of exclusively in report designer)
4. New functionality to manage budget vs. actuals and create ledger forecasts
5. Capability to create an unlimited number of layouts for budget plans and forecasts
6. Print the Vendor Invoice Transactions report with information from the Detailed Due Day List which includes the days past due.

Human capital management.

1. Ability to transfer skills and certificates to employees that have completed a course and/or class
2. Increased efficiency for verifying employment
3. New functionality to enable employees (and their managers) to edit their own personal information within the system
4. Encrypt ID numbers (SSN) for more secure data
5. Capability to view date effective timeline changes
6. Employee and Contractor lists are automatically filtered by the company you’re logged into.

The Warehouse management module released in AX 2012 R3, in CU8 and CU9, including planned enhancements, will replace the current Warehouse management II features. The new module has more advanced features and flexible warehouse management processes than those offered in the Warehouse management II features

There are some features that may not make it to the first release (e.g. support right to left Arabic text) so discuss with us before deciding on whether to go with Ax 2012 R3 CU9 or Ax7 or when to upgrade).

Note: to upgrade to Ax 7 your should be at Ax 2012 R3 CU8 or later.
(For many a reimplementation will be faster, less disruptive and more cost effective but you need to think ahead. Migrating history data seldom makes sense in practice- he pain of doing without it is usually shorter than the time to migrate! and the effort and cost is better invested into the new system.)

Windows 10 – WaaS – Windows as a Service

August 24th, 2015

Windows 10 Pro and Enterprise editions have a new upgrade delivery method called Windows as a Service, and the inclusion of Microsoft Desktop Optimization Pack (MDOP) as an SA benefit.
Windows as a Service acts as the transition from periodic major releases to continual updates, and it gives enterprise organizations added flexibility in how they update user devices.

Microsoft has three methods by which customers can receive updates:
1.Current Branch: Updates will stream to devices, akin to the present Windows Update. However, Current Branch users cannot delay updates.
2. Current Branch for Business: This model regularly delivers security updates, and it permits update deferrals for eight months, giving IT the chance to install updates after broad preview validation. Business customers can start testing as soon as preview features are released via the Windows Insider Program.
3. Long-Term Servicing Branch (LTSB): Under this more traditional model, security updates and fixes are delivered regularly, and organizations will be able to update at a service pack-level pace.

Windows 10 gives customers several options to manage delivery of updates based on their needs.
For example, Windows 10 Enterprise includes LTSB, which caters to devices with strict change management policies where only security and critical updates are required and feature updates are not delivered. Customers that purchase the Enterprise edition can add SA coverage to gain access to Current Branch and Current Branch for Business, along with the ability to deliver new feature updates after increased assurance of validation. On the other hand,
Windows 10 Professional only includes Current Branch and Current Branch for Business.
Windows 10 Education Current Branch and Current Branch for Business is available to active SA customers.

It’s important that customers understand the delivery method included in each Windows 10 edition, so that they can license Windows based on how they want updates to be delivered to end-user devices.

What in the SA coverage?

MDOP was a subscription license a customer needed to buy in addition to SA to take advantage of a suite of technologies that personalize the user experience, simplify application deployment, improve application compatibility, and assist in management and device security. With the release of Windows 10, MDOP is now included through SA coverage.
Customers interested in MDOP can purchase the Windows 10 Enterprise Edition with SA to receive this benefit.
Organizations renewing SA, through either the Enterprise Cloud Suite or Windows Enterprise, need to plan for a price increase due to the inclusion of the MDOP technologies.

On Aug. 17, Microsoft released MDOP 2015 with complete support for Windows 10, and it is now available for download for volume licensing customers (as well as MSDN subscribers). Microsoft has more details on enhancements to the MDOP suite.

In addition, Microsoft has published Windows 10 content to help organizations with planning and deploying Windows 10. Those resources include: technical demos, IT Pro FAQ and forums, system requirements, and details on key features.

Mobile malware coming your way every day

August 24th, 2015

This is a summary of a blog post by Michael Canavan is the Vice President, Sales Engineering, Kaspersky Lab North America
That I feel is important enough to share.

Malware is a threat to all platforms not just to Windows devices.
The more popular the O/s the more it is targeted , and the more vulnerabilities are found.
Smartphones connect us with social media accounts, banking services, and retailers.
The important question for a mobile device is not just whether its operating system is secure, but whether it has an effective security patching strategy for when (not if) the latest malware eludes a device’s safeguards.
The mobile device market is dominated by two operating systems.
Android owned 81.5 percent of the market in 2014, compared to 14.8 percent for iOS
However, only Apple can patch its mobile operating system similar to the way desktop OS manufacturers patch security holes and shortcomings.
Android’s openness is a strength, but is also its greatest security weakness – Google doesn’t have the last say when distributing security updates and patches – the OEMs and service providers hold that power. Google is virtually powerless to stop malware from compromising an Android device, unless the program comes through the Play Store.
Controls that block the installation of unknown, third-party software are easily circumvented, which an easy means of attack for cybercriminals.
Mobile malware — 99 percent in fact —mainly targets Android devices.
The number and kinds of attacks of mobile malware are growing at a staggering pace,
In 2014, the number of mobile malware attacks against Android more than quadrupled, affecting about one in five Android devices.
When you consider that mobile devices now often store critical information – credit card numbers, online banking logins, etc. – and are more vulnerable to a host of attacks, it’s critical to defend devices against malware. Most users don’t get updates in time, or at all.
Users are installing unknown, third-party software and no controls (e.g., security software) in place to detect malicious apps or activity.
Complicating matters is Apple’s controls for iOS. It’s true that software sources are more tightly controlled through the App Store, but protection software is banned, and it’s unclear how often iOS devices are compromised.

In these days of BYOD this raises questions for the safety of your corporate systems.
If the mobile devices are provided by your company the you can restrict what is loaded by whom, enforce patching, control what sites are accesses us etc.
Ask us about mobile device management.

Martyr’s Day – new U.A.E. public holiday

August 19th, 2015

UAE President Sheikh Khalifa bin Zayed Al Nahyan announced on Wednesday that November 30 will be observed as in memory of those who have died while serving their country.

The President also ordered that this national event be declared a public holiday.He added that national ceremonies and events will be organised where all state institutions, nationals and non-nationals will be engaged to promote, mark and remember the values of sacrifice, dedication and loyalty.

In a statement c, Sheikh Khalifa said the day is ” tin ribute to the sacrifices offered by the nation’s martyrs and its loyal people, who offered their lives so as to keep the UAE flag flying aloft while they were performing their national duties within and outside the country, in civilian, military and humanitarian fields”.

Windows 10 Introduction

August 12th, 2015

Security – major threats revealed – August 2015

August 8th, 2015

A major vulnerability plaguing Firefox has Mozilla warning users to update the Web browser to Firefox 39.0.3 to fix the vulnerability The browser is set to automatically update by default, but users should manually check to ensure that the update has indeed gone through.
An advertisement on a news Web site in Russia was offering an exploit for the browser that searched for specific, sensitive files, before uploading those to a server that appeared to be located in the Ukraine.
The vulnerability allows hackers to violate the browser’s same origin policy and inject script into a non-privileged part of Firefox’s built-in PDF viewer. Same origin is a security practice in which a Web browser allows scripts running from one Web page to access data from a second one, if both pages are from the same origin. The bug allows an attacker to read and steal sensitive local files on the victim’s computer.
Mozilla said that since the vulnerability is specific to its PDF Viewer, versions of the browser that do not contain the PDF Viewer, such as Firefox for Android, are not at risk.
The company said that the exploit leaves no trace of itself on the local machine, making it difficult for users to know if their files had been compromised. Mozilla urged users running Firefox on Windows and Linux systems to change any passwords and keys for programs targeted by the exploit. Mac users were not vulnerable to the particular exploit found in the wild, but would be vulnerable if another hacker designed a payload targeting Macs.

Firefox users on Windows machines should change the passwords for the following files: subversion, s3browser, and Filezilla configurations files, .purple and Psi+ account information, and site configuration files from eight different popular FTP clients.

Linux users, meanwhile, should change passwords associated with global configuration files such as /etc/passwd, user directories including .bash_history, .mysql_history, .pgsql_history, .ssh configuration files and keys, configuration files for remina, Filezilla, and Psi+, text files with “pass” and “access” in the names, and any shell scripts

Before the dust has had a chance to settle on one major security flaw uncovered in the Android mobile operating system, a second massive vulnerability — dubbed “Certifi-gate” — has burst onto the scene.
The new vulnerability can allow attackers to “gain unrestricted device access, allowing them to steal personal data, track device locations, turn on microphones to record conversations, and more,” according to Check Point. The problem cannot be completely fixed with a patch.

Check Point has a scanner app that Android users can download from the Google Play Store and run to determine whether their devices are vulnerable. The Certifi-gate vulnerability allows applications to gain illegitimate privileged access rights that are normally used to support remote applications, according to Check Point. Those applications might have come pre-installed on the device, or been intentionally downloaded by the user, but currently there is no way in Android to revoke the certificates that allow those privileged permissions.

This latest flaw “affects hundreds of millions of Android devices, as most popular OEMs (original equipment manufacturers) have collaborated with these vendors. The same scale applies to the previously disclosed Stagefright vulnerability, which potentially affects 95 percent — about 950 million — of Android devices.

Google, Samsung and LG this week said they would start providing more frequent — about once a month — security updates for their Android devices. Google’s own Nexus devices are not affected, nor has the company seen any attempts to exploit the vulnerability.

Apple users have largely skirted the bugs, viruses and other malicious software that plague Microsoft Windows and Google’s Android. But this flaw in Apple’s OS X is serious enough to sound the alarm.
German security researcher Stefan Esser published details about a zero-day vulnerability in OS X without telling Apple first and hackers moved quickly to exploit the flaw. It’s an adware installer that actually modifies a file that controls who can run what commands on a machine while Thomas was testing it.

The Sudoers File

The sudoers file is a hidden Unix file that determines, among other things, who is allowed to get root permissions in a Unix shell, and how. The modification made to the sudoers file, in this case, allowed the app to gain root permissions via a Unix shell without needing a password.

The worse part is that Apple has reportedly known about the zero-day vulnerability for quite some time because another security researcher had disclosed it previously.
There is no good way to protect yourself, short of installing Esser’s software to protect against the very flaw that he released into the hands of hackers worldwide, which introduces some serious questions about ethics and conflict of interest.
Another Apple bug, Thunderstrike 2, which will be revealed at Black Hat security conference in Las Vegas this week, is more concerning. That’s because firmware bugs can cause lots of headaches for both regular users and advanced users and are almost always harder to eradicate than any other bug.

A massive hack infiltrated Yahoo’s ad network for at least seven days, according to Malwarebytes’ official security blog- this anti-malware security company, discovered the attack and immediately notified the search company. With more than 6.9 billion visitors to Yahoo’s Web site every month, the attack, which began on July 28, constitutes one of the farthest reaching malware attacks ever recorded.
The hackers pulled off the attack using Web sites for Microsoft Azure, a cloud computing platform and infrastructure used for building, managing, and deploying applications and services. The scam worked by redirecting users to an Angler exploit kit, off-the-shelf software containing easy-to-use packaged attacks on known and unknown vulnerabilities.

Malicious ads do not require any type of user interaction to execute their payloads. Just visiting a Web site that contains malicious advertisements can be enough to trigger an infection.
Yahoo said it took immediate action when it learned of the campaign, and would continue to investigate it in the future. Because of the large number of visitors to Yahoo sites, it is difficult to know exactly how many Internet users have been affected.

The subtlety of a malvertising attack, combined with the complexity of the Internet advertising market, make it a difficult security challenge to overcome. That might be part of the reason such attacks are increasing. The number of malvertising attacks spiked in the first half of this year, registering a 260 percent increase over the same period in 2014,

“The major increase we have seen in the number of malvertisements over the past 48 months confirms that digital ads have become the preferred method for distributing malware,” said James Pleger, director of research at RiskIQ. “There are a number of reasons for this development, including the fact that malvertisements are difficult to detect and take down since they are delivered through ad networks and are not resident on Web sites. They also allow attackers to exploit the powerful profiling capabilities of these networks to precisely target specific populations of users.”

“This machine-to-machine ecosystem has also created opportunities for cybercriminals to exploit display advertising to distribute malware,” according to the company. “For example, malicious code can be hidden within an ad, executables can be embedded on a Web page, or bundled within software downloads.”

Synergy MMS for hospitality

August 5th, 2015

SynergyMMS is a Software as a Service (SaaS) solution designed exclusively for hospitality to enhance asset life and longevity by creating “synergy” between front office, engineering and housekeeping staff for enhanced workflow and communications.

Starwood Vacation Ownership offers flexible vacation options from spacious villa accommodations in the best locations in the most sought-after destinations to distinctive experiences around the world-all through Starwood Vacation NetworkSM and selected SynergyMMS maintenance management solution at all villa resort properties. This initiative was rolled out in Hawaii at The Westin Ka’anapali Ocean Resort Villas on the island of Maui and The Westin Princeville Ocean Resort Villas on Kaua’i. Sixteen resorts – with a total of 7,000 villas – will be equipped with SynergyMMS by November. The remaining six mixed-use resorts – consisting of 500 villas – in the SVO portfolio are company-owned and already have SynergyMMS as part of Starwood’s preventive maintenance program.

SynergyMMS has served as the brand standard for Starwood’s maintenance management program for many years, and Starwood Vacation Ownership is demonstrating true leadership in how they approach asset management. this asset management and preventive maintenance initiative, are to extend the lifecycle of equipment, reduce energy consumption, minimize equipment downtime, and reduce guest-reported maintenance requests.

In the vacation ownership environment, there are a number of additional electronics and appliances in villas that need to be maintained, from ovens, refrigerators and microwaves to entertainment systems. This is quite different from the usual hotel environment. As part of Starwood Vacation Ownership’s Maintenance Week program, each villa is taken out of inventory for a week once a year and every piece of equipment is checked. By tracking workflow in SynergyMMS for the maintenance of these assets, the tasks are completed efficiently. This also aids in establishing the equipment’s useful life, prolonging replacement cycles for equipment, and reducing energy and water consumption. A mobile solution

Systems Associates Inc. is a developer of software and hardware solutions for maintenance and energy management in the hospitality, education, government, commercial real estate and retail markets.
Synergy software Systems based in Dubai U.A.E is the regional and Asia Pac partner and is now implementing the solution for properties in this region.

Hailed as the ultimate solution for today’s mobile and multilingual workforce, SynergyMMS offers tools that help hotel maintenance staff work together without increasing demands on their time. Behind the scenes intelligence enables the program to direct the flow of activity and keeps staff constantly working towards the same solution. SynergyMMS is all about time, efficiency, and solving today’s most tedious preventive maintenance tasks and leverages mobile communications.

If your staff is discovering and fixing issues before the guest ever notices them, guest complaints will fall. SynergyMMS has been proven to reduce complaints by 30%!

When guests have less to complain about, then they have a better experience with less need for compensation.
Higher revenue and higher loyalty are the results.

Every guest typically shares his experience good or bad with 10 or more other guests. Social media reviews multiply that effect and leave on line opinions accessible globally by prospective customers and by competitors – forever!

Call us to find out how Synergy MSS can benefit your hotel or vacation resort from as little as $1 per room per month.


Windows 10 scam beware

August 3rd, 2015

According to Cisco, cyber criminals are impersonating Microsoft in an attempt to exploit their user base for monetary gain. They are doing this by spoofing the email to look like it is coming directly from Microsoft ( The email purports to contain the installer package for Windows 10. The attackers are even using a similar colour scheme to the one used by Microsoft. Cisco experts have been able to unmask the attackers, establishing that the message actually originated from IP address space allocated to Thailand.
Once a user opens the email, downloads the attached zip file, extracts it, and runs the executable, the user then gets a message informing that their PC is infected and their files are encrypted by CTB-Locker. They are then told to pay a certain amount of money within 96 hours to have their files decrypted or they lose those forever.
CTB-Locker is a notorious ransomware variant. The malware uses asymmetric encryption that allows the adversaries to encrypt the user’s files without having the decryption key reside on the infected system. Also, by utilizing Tor and Bitcoin they are able to remain anonymous and quickly profit from their malware campaigns with minimal risk.
Cisco recommends keeping a current backup of your files at all times.
These backups should be stored offline to prevent them from being targeted by attackers.
Microsoft isn’t distributing Windows 10 through email attachments or links embedded in emails.
If you have signed up for the OS, it will be automatically downloaded onto your system at some point in the next few days or weeks, and you will receive a notification on your PC when it’s time.
So delete any such mails

Management Reporter 2012 CU13

August 1st, 2015

Management Reporter 2012 CU13 . This release contains quality fixes as well as a number of regulatory features.

• View a report in the web viewer in a grid view
• Display zero rounded values, and zero actual values based on a report definition option
• Choose where the line number column displays on a report
• Display date formats in the report header based on regional settings
• Display calculated rows on the same line for different columns
• Report on closing transactions for Microsoft Dynamics AX 2012
• Additional fixes for product defects

In addition to the new features, there has also been a number of important changes made to installation and configuration.
• With Management Reporter 2012 CU13, removed the licensing checks within Management Reporter. All of the Microsoft Dynamics ERPs now support an unlimited licenses model, and licenses are thus not checked within Management Reporter. So please ensure you stay compliant on your number of users.
Microsoft PowerShell 3.0 or later is now a required prerequisite on Management Reporter server machines
• Changes were made to the database schema. If you had existing queries or scripts, then those may need updating
Microsoft SQL Server 2005 is no longer supported

Version Information: Management Reporter CU13 RTM – 2.12.13001.13