http://service.royaltechnologymanagement.com/announcements.php Thu, 03 Jul 2008 13:43:00 EDT http://service.royaltechnologymanagement.com/announcements.php?id=35 Thu, 03 Jul 2008 00:00:00 EDT We want to wish everyone a Happy and Safe Independence Day. God Bless America! http://service.royaltechnologymanagement.com/announcements.php?id=34 Thu, 26 Jun 2008 00:00:00 EDT I want to thank everyone who came down to our after hours on Thursday, it was a great success. We had a great time, lots of food, and we gave away a LOT of free stuff. Thank You Alex Roy CEO RoyAl Technology Management, LLC  http://service.royaltechnologymanagement.com/announcements.php?id=29 Sat, 24 May 2008 00:00:00 EDT If you are getting a warning message about AVG 7.5 expiring. Please contact our support department at: http://royaltechnologymanagement.com/contact.htm to receive the directions on how to upgrade, another free service for our customers. Thank You RoyAl Technology Management, LLC http://service.royaltechnologymanagement.com/announcements.php?id=28 Fri, 23 May 2008 00:00:00 EDT We have run tests and PC Manager is completely compatible with Windows XP Service Pack 3 (SP3). Issues we have seen with XP SP3 are mostly related to 3rd party applications.   Clients should carefully test their applications for compatiblity with Windows XP SP3 before its installation.  Please visit the Windows XP Service Pack 3 Release notes page. http://support.microsoft.com/kb/936929 - Updated URL.   Clients who have HP systems running on AMD processors should install the following linked patch before installing Windows XP SP3. Microsoft Windows XP SP3 Upgrade Utility for systems with AMD processors: http://h10025.www1.hp.com/ewfrf/wc/genericSoftwareDownloadIndex?cc=us&dlc=en&lc=en&softwareitem=pv-60484-1&jumpid=reg_R1002_USEN   The following linked article provides details about the issues with non-Intel-processor-based computers. You receive a “Stop 0x0000007E” error message after you upgrade to Windows XP Service Pack 2 or Service Pack 3 on a non-Intel-processor-based computer http://support.microsoft.com/kb/888372 http://service.royaltechnologymanagement.com/announcements.php?id=25 Thu, 15 May 2008 00:00:00 EDT With the price of living taking a steep increase, we are forced to raise our rates to $60.00 an hour for labor. We have not had a rate increase in 3 years. We are very sorry we have to do this but we are left with no choice. All appointments made after today, will be billed at this new rate. Please let us know if you have any questions or concerns. Thank You Alex Roy CEO RoyAl Technology Management, LLC  http://service.royaltechnologymanagement.com/announcements.php?id=18 Tue, 22 Apr 2008 00:00:00 EDT Web-based lending exchange LendingTree, which generates leads in the mortgage business by accepting online customer information, yesterday disclosed that it believes several former employees illicitly helped a handful of mortgage lenders gain access to customer data. "Recently, LendingTree learned that several former employees may have helped a handful of mortgage lenders gain access to LendingTree's customer information by sharing confidential passwords with the lenders," LendingTree stated in a letter sent April 21 to its customers. "When we learned of this situation, we quickly contacted the authorities, and LendingTree is helping with the investigation. We promptly made several system-security changes. We also brought lawsuits against those involved." LendingTree spokeswoman Allison Vail acknowledged the letter had been sent to customers, but declined to provide further details, such as how many customers would be affected. LendingTree believes the lenders gained illicit entry to its data systems to access LendingTree’s loan-request forms between October 2006 and early 2008. The Charlotte, N.C.-based firm stated that the loan-request forms contained such customer data as name, address, e-mail address, telephone number, Social Security Number, income and employment information. LendingTree said it is not aware of identity theft or fraudulent activity resulting from the breach. By Ellen Messmer , Network World , 04/22/2008 All contents copyright 1995-2008 Network World, Inc. http://www.networkworld.com http://service.royaltechnologymanagement.com/announcements.php?id=15 Sun, 30 Mar 2008 00:00:00 EDT Malware loaded onto Hannaford servers let attackers intercept credit card data Hannaford Brothers Cos, which earlier this month disclosed a data breach involving credit cards at its supermarket stores, this week shared more information with Massachusetts regulators about the ongoing investigation into the incident. In a letter to Massachusetts Attorney General Martha Coakley and Gov. Deval Patrick’s Office of Consumer Affairs, Hannaford’s general counsel Emily Dickinson shared details that Hannaford is uncovering in its investigation. The letter stated that malware loaded onto Hannaford servers allowed attackers to intercept card data stored on the magnetic stripe of payment cards as customer’s used them at the check-out counter, according to information Hannaford provided to the Massachusetts Attorney General. That information, taken in transit from the point of sale, included card number and expiration date but not the customer’s name. The attack resulted in card data being transferred overseas and has resulted in 2,000 known cases of fraud. “It’s an evolving situation,” said Carol Eleazer, vice president of marketing at Hannaford, noting that the computer forensics reports have not yet been completed on the data-breach incident. Hannaford’s security investigators, whom she wasn’t at liberty to name, are calling the attack “sophisticated.” She said the U.S. Secret Service is also involved in finding out how the data breach occurred. The attack was successful in spite of the fact that Hannaford is compliant with the Payment Card Industry rules for proving adherence to the PCI data security standards by undergoing an elaborate — and usually expensive — examination and certification required by card associations, including Visa and MasterCard. PCI also has requirements for periodic vulnerability scans. Hannaford says it received PCI certification last year and was recertified on February 27. Not surprisingly, the Hannaford data-breach case has already elicited a few customer lawsuits.  Some analysts regard the ongoing Hannaford case as raising important and unanswered questions about PCI and its purpose. If the attackers in the Hannaford case initially captured data from the point-of-sale device to a server in the store, they may have known that data isn’t required under PCI to be encrypted at that point, notes Avivah Litan, vice president at Gartner and an expert in computer network security used in retailing. “PCI only calls for the need to encrypt across an open network, usually the Internet or wireless,” says Litan. “In retailing, you almost never encrypt between the cash register point of sale and the store server.” As more information about the Hannaford data breach becomes known, there may be some industry effort to broaden the encryption requirement. However, Litan’s opinion is that requiring additional encryption would not necessarily be a good move because it would entail huge costs to retailers processing card data. Besides, she points out, the vulnerability scanning called for in PCI should address server weaknesses that would allow malware to be loaded onto a server. Litan says the second point about PCI raised by the Hannaford case is where the financial liability for the card-related fraud losses lies. The industry’s PCI mandate generally implies businesses that are PCI-compliant do not have to bear the cost burden of fraud resulting from criminals using cards obtained through a known data breach. Under PCI, that financial burden would fall on the business’ bank (known as the acquiring bank) seeking to get its money back from a card-issuing bank when a data breach resulted in card fraud. The card associations, such as Visa, are also part of the resolution process under PCI, which hasn’t yet been tested in any known case. “This all becomes who’s responsible,” says Litan, who said the Hannaford case may end up being one that casts light on how these important legal and financial concepts related to PCI play out in a real-world situation. If PCI doesn’t offer any cover for businesses that go through the PCI certification process, notes Litan, the question will be why exactly should they be doing it? Litan adds that the customer lawsuits filed against Hannaford are a separate matter legally that are bound to have an impact on the entire matter, as will any influence exerted by state or federal regulators. Eleazer at Hannaford said the company has no immediate response to these complex legal questions, though it’s aware of the PCI rules. She says Hannaford regards PCI as “the gold standard for the industry.” Eleazer also said the company expects to share more about what occurred in the data breach “for the good of the retailing industry.” “Our first priority is to our customers and our relationship with them,” she concluded. Hannaford earlier acknowledged about 4.2 million credit and debit card numbers used at its supermarket stores in six states were compromised between Dec. 7 and March 10. It told the Massachusetts Attorney General’s Office that it now believes  the attack involved the installation of malware on servers in 300 stores. By Ellen Messmer , Network World , 03/28/2008 All contents copyright 1995-2008 Network World, Inc. http://www.networkworld.com This story appeared on Network World at http://www.networkworld.com/news/2008/032808-hannaford.html http://service.royaltechnologymanagement.com/announcements.php?id=1 Sun, 09 Dec 2007 00:00:00 EST All Events are Listed in Eastern Time. Unless otherwise stated.