Archive for the ‘Uncategorized’ category

Android Botnet Targets Middle East Banks

April 6th, 2014

The botnet — dubbed “Sandroid” — comes bundled with Android apps made to look like mobile two-factor authentication modules for various banks, including Riyad Bank, SAAB (formerly the Saudi British Bank), AlAhliOnline (National Commercial Bank), Al Rajhi Bank, and Arab National Bank.

. It’s not clear how the apps are initially presented to victims, but such scams typically infect the victim’s computer with a password-stealing banking Trojan. Many banks send customers text messages containing one-time codes that are used to supplement a username and password when the customer logs on to the bank’s Web site. That precaution requires attackers interested in compromising those accounts to also hack the would-be victim’s phone. Banking Trojans — particularly those targeting customers of financial institutions outside of the United States — may throw up a browser pop-up box that mimics the bank and asks the user to download a “security application” on their mobile phones. Those apps are instead phony programs that intercept and relay the victim’s incoming SMS messages to the botnet master, who can then use the code along with the victim’s banking username and password to log in as the victim.\

. Some 28,000+ text messageswere intercepted by the Sandroid botnet malware. This particular botnet appears to have been active for at least the past year, and the mobile malware associated with it has been documented by both Symantec and Trend Micro. The malware itself seems to be heavily detected by most of the antivirus products on the market, but then again it’s likely that few — if any — of these users are running antivirus applications on their mobile devices.

In addition, this fake bank campaign appears to have previously targeted Facebook, as well as banks in Australia and Spain, including Caixa Bank, Commonwealth Bank, National Australia Bank, and St. George Bank.

The miscreant behind this campaign seems to have done little to hide his activities. The same registry information that was used to register the domain associated with this botnet — funnygammi.com — was also used to register the phony bank domains that delivered this malware, including alrajhiankapps.com, commbankaddons.com, facebooksoft.net, caixadirecta.net, commbankapps.com, nationalaustralia.org, and stgeorgeaddons.com.

The registrar used in each of those cases was Center of Ukrainian Internet Names.

One problem with the whole banking infrastructure is that there are many targets for attackers. Researchers from consultancy MWR Infosecurity, uncovered four vulnerabilities in various mobile point of sale terminals – the ones that people behind the bar ask you to shove your card into, but the new ones that let the merchant set the thing up and manage it with their mobiles or tablets.( iZettle is the best known example in Europe ). In all cases, hackers can do what they want on the machine. The most likely scenario is they could change the code so that it reads the mag stripe… then they can clone the mag stripe after they’ve retrieved the PIN number. These point of sale devices are approved by Visa and MasterCard.

Malware appears to be well-detected by mobile antivirus solutions. Many antivirus firms offer free mobile versions of their products. Some are free, and others are free for the initial use — they will scan and remove malware for free but charge for yearly subscriptions. Some of the free offerings include AVG, Avast, Avira, Bitdefender, Dr. Web, ESET, Fortinet, Lookout, Norton, Panda Cloud Antivirus, Sophos, and ZoneAlarm. Incidentally, the mobile phone number used to intercept all of the text messages is +79154369077, which traces back to a subscriber in Moscow on the Mobile Telesystems network. Source – http://krebsonsecurity.com/2014/04/android-botnet-targets-middle-east-banks/ -

Dynamics Ax R3 introduction video

April 5th, 2014

On the 10th of April there will be an on-line experience event- if you have not yet had an invitation then please contact us for more information. This is a free webinar on the updated Microsoft Dynamics AX 2012 R3 to learn how you can deliver amazing customer experiences

Join the CFO of Kathmandu, the CIO of Ashley Furniture, and the IT director of Kent Corporation as they discuss their “reimagined customer experience” and the success they’re achieving with Microsoft Dynamics AX. We’ll share a “digital view” of a dynamic business solution (Microsoft Dynamics AX 2012 R3) that helps you engage with your customers on their terms, run dynamics operations and expand rapidly to better serve your customers.

For more information call\; Bindu or Bikram 00971433655589

SQL 2014 – standard version extra features

March 23rd, 2014

Recent changes in the documentation for SQL Server 2014 have include some significant changes that will have a fantastic impact on Standard Edition customers.

More Memory: The first s that the supported memory limit per instance is raised to 128 GB in SQL Server 2014

Buffer pool extensions: The Buffer Pool is one of the main memory consumers in SQL Server. When you read data from your storage, the data is cached in the Buffer Pool. SQL Server caches Execution Plans in the Plan Cache, which is also part of the Buffer Pool. The more physical memory you have, the larger your Buffer Pool will be (configured through the Max Server Memory setting). The Buffer Pool itself, is very fast (regarding latency).

The Buffer Pool Extensions itself consist of one file (the Extension File) that should be stored on very fast storage – i.e. an SSD drive. The Extension File is similar to the page file in the Windows OS. Instead of adding additional physical memory to your database server, configure an Extension File on a SSD drive – that’s it!

Memory pressure occurs when SQL Server needs more memory than is currently available. In that case the Buffer evicts pages from the Buffer Pool, which were least recently used. SQL Server uses a Least Recently Used Policy (LRU). If you have configured an Extension File, then SQL Server will write these pages into it, instead of writing directly out to our slow storage. If the page is a dirty one, then the page will be also concurrently written to the physical storage (through an asynchronous I/O operation). Therefore you can’t lose any data when you are dealing with the Buffer Pool Extensions. At some point in time your Extension File will be also completely full. In that case SQL Server has to evict older pages from the Extension File (again through a LRU policy), and finally writes those to the physical storage. The Extension File just acts as an additional layer between the Buffer Pool and the storage itself.

Seasonal greetings from Synergy Software Systems, Dubai

December 17th, 2013

As I head for U.K, with a seasonal cold I offer you this very cute seasonal greeting.

http://ak.imgag.com/imgag/product/preview/flash/bws8Shell_fps24.swf?ihost=http://ak.imgag.com/imgag&brandldrPath=/product/full/el/&cardNum=/product/full/ap/3166187/graphic1

Give it a little time and follow the simple instructions and share it with a child.

Cloud security breach – how would you respond?

December 1st, 2013

Over the 18 months ending June 2013, enterprises boosted their use of cloud storage by 90 percent, resulting in 45 percent more revenue for cloud service providers, according to report released by Verizon.

Is a concern about cloud security an irrational fear? In short, we have no way of knowing but attackers are likely to increase because the target audience is also increasing.

In the case of almost all the data breaches of the past year, the custodians of the data weren’t aware of the extent of their security weaknesses until their vulnerabilities were exposed by hackers. In some cases, they didn’t even know of the breach until the hackers boasted about it. What if they don’t boast?

Companies need to know the cloud provider’s contractual obligations because there is often a murky line between the cloud provider’s responsibilities and the customer’s responsibilities. expect different response from those who provide: Platform-as-a-service (PaaS) and software-as-a-service (SaaS) or infrastructure-as-a-service.

Successful intrusions may be infrequent – getting thirty million IDs and passwords is a difficult task, even from leaky on-premise infrastructures – but the consequences could be devastating. Finding out the extent of a data breach is hard. Kevvie Fowler’s SQL Server Forensic Analysis, explains in detail the tools, processes, data and logs required to identify and to collect the various data fragments (artifacts) to reconstruct the activity of an intruder.

If part of all of your infrastructure, platform or software is hosted in the cloud, then consider:.
How do you detect and repair any damage inflicted?
How would you find out what cloud data has been stolen?
How to plan your response to a security breach?

Azure moves forward

October 24th, 2013

Many advances recently announced here are two that caught my eye.:

Windows Azure Backup Services. A simple offering for backing up Windows Server to the cloud.

Hyper-V Recovery Manager a service that uses Azure to coordinate the replication and recovery of private clouds that use System Center Virtual Machine Manager. For disaster recovery, the service will help users to replicate between two sites, (both of which can be on-premise).

September 12th, 2013

ERP Project Recovery

Unfortunately, not all ERP projects go as planned. Indeed the majority still fail as a recent survey comfirms that not much has improved since the same survey last year. The relaity is that the situation may be worse, some users don’t even realise they have a bad system, or have learned to live with it rather than tell mangement it is not quite what they promised.

Synergy is regularly invited to help turn around problem implementations.

Sometimes project scope creeps, the ERP project team decides to customize too much, or the enterprise software vendor or system integrator simply isn’t able to get the job done.

Further, ERP failure can take many forms: from complete operational disruption to a lack of alignment or user buy-in that negatively affects the organization’s return on its ERP investment.

A frequent problem in this expatriate market is labour turnover of both customer and consultant staff, excerbated by short term expediency to offshore work which in the long run proves more expensive when it either has to be redone or no-one is around to support it. There is usually little evidence of documentation, or best practise checking in such cases.

Synergy Software Systems is one of the longest established enterprise solution practises in the region, and bases all its staff in Dubai. We have a low staff turnover relative to the industry and in most cases more senior and better certified consultants. Experienced senior consultants cost more, but they do better quality work in less time, add value and don’t cut corners.

Typical errors we find;

Incorrect set up of server, raid, windows and sql
Code not compiled and not to best practise.
Systems unpatched
Inappropriate configuraiton settings
Inappropriate data structures
Opening balances unreconciled
Duplicate data
Inventory not closed
Month ends not closed
Year ends not closed
Users unaware of basic navigation features, inquiries and reports
Unnecessary customisation
Unused modules
Many unresolved issues
Poor response time
Little use of workflows, alerts, BI
No management of database, table sizes, log files, data retention, etc.

If you need to reboot your projects and to get a firm foundation then give us a call – better still ask our customers about the value such an exercise brings.

Dynamics Ax Schools Admission Module for the U.A.E. from Synergy Software Systems

September 9th, 2013

This was developed and implemented in several schools in the U.A.E.to manage the complete back office functions of a major U.K. public school.

Some Key features include:

Enquiry,
Registration,
Admissions,
Waiting list management
Sibling management
Enrolment of students,
Assignment of students to class and year groups, house etc.
Re-enrollment,
Promotions,
Billing for academic(tuition) and non-academic fees .
Collection of fees
Debentures
Withdrawal process of Students based on the KHDA and ADEC rules, Refund process
Generation of transfer Certificate
KHDA reporting and compliance and ADEC requirements and compliance.
Integration into Access control, ID card generation, Schools portal in SharePoint, integration into a Library Management System
Implementing HR for Teaching, Admin and non Admin staff.

And of course the full suite of Dynamics Ax modules are available including : Financials, Purchasing, inventory, HR, CRM, Service module, Project Accounting, Document Management, Case Management, Alerts, Management Reporter, Retail POS, Questionnaire, Customer Portal

We also offer complimentary solutions for the Education sector for example: specialist School management software, rfid cards for self service library kiosks, cashless payment, and access control, Mimosa timetable software etc.

Call Bikram for more information: 00971 4 3365589

Get ready for CRM 2013 with Synergy Software Systems

August 29th, 2013

Dynamics CRM 2011 was released in 2010 and, in line with Microsoft’s other products, has had a facelift to enable it to continue to be a market leader. With the range of new laptops, tablets and phones available to users, the Dynamics CRM user interface had evolved to support these devices more natively. The new release includes an always online with cached offline mode for Windows 8 and iPad devices. The mobile user interface is dynamically created based on the same forms non-mobile users utilise. This will provide a great tool for the mobile workforce to engage in CRM wherever they are. Integration with Bing Maps, Skype & Lync is also provided

The new user navigation is designed to free up screen space and will remove CRM pop-up windows enabling new records to be created in a single pane. The updated UI will automatically be applied once the CRM 2013 upgrade is applied. The only exception will be the CRM administration area which continues to use the traditional ribbon menu and navigation.

Existing CRM forms will be upgraded and displayed in the new interface enabling customers to first explore and test the new process oriented interface before choosing to apply this. The updated process interface features several improvements since the Polaris release: Process bars will work across all standard and custom CRM entities. Whereas Polaris only supported 1 process per entity CRM 2013 enables multiple processes and administrators can define additional sales, service and other processes as required. CRM users can switch to another process when best suited but individual processes can be made role specific to correctly apply defaults and control user access to individual processes. Processes can also now flow through multiple entitles.

CRM has always enabled leads to be converted to opportunities and now the new process extends this. For example, convert a lead to an opportunity and when the sale is won convert the opportunity to a custom entity such as a project in the same window.

The process bar supports stage-gating to prevent users progressing records to the next stage when one or more steps haven’t been completed e.g. when a sales timeline isn’t set, or when a budget isn’t confirmed, or when a case origin not selected.

The new UI includes a form auto-save function. Users will no longer need to manually click a button to save CRM field updates. This simplifies data input by automatically saving field entries but will require changes to automated CRM processes that currently rely on the legacy manual ‘on-save’ function. CRM workflow processes should be reviewed and amended if they are currently triggered by users clicking the ribbon save button because this process will no longer exist in CRM 2013. The auto-save can trigger plug-ins on save and with separate scripting CRM can identify between auto-save and on-save methods when required.

Contact us for guidance to ensure your ‘on-save’ processes work correctly after upgrading to CRM 2013

Early adopters of the Polaris UI encountered restrictions when attempting to migrate CRM form customisations that involved custom code. For CRM 2013, Microsoft has stated that all supported CRM 2011 scripting and customisations will be migrated and supported when moved to the new UI. However, no legacy CRM v4 API customisations will be supported in this process.

These changes will have an impact on the user experience and on your configuration . Because the new UI reflects a major shift from the traditional ribbon based forms it presents both challenges and opportunities for existing Dynamics CRM customers so careful planning is strongly recommended before CRM 2013 is rolled out to end users. Please contact us to help you to put in place a plan to manage this change.

A new, server side Exchange sync replaces the email router for CRM to improve the sync of activities, contacts & appointments with remote users.

New Business Rules enable more native controls to be applied that currently require custom javascript. These are client side enforced condition and action-based rules including options to hide fields and enforce field entry when a related field value is set. The rules work across the web, Outlook and new mobile apps and are managed in the form editor. Synchronous CRM Workflows can also be configured using native functions to reduce the need for custom code.

To be eligible to upgrade to Dynamics CRM 2013 on-premise users must be running either Dynamics CRM 2011 or Version 4 and hold active Microsoft Software Assurance.

Note the licensing prices are changed for CRM 2013.

Version 4 users will first need to upgrade to 2011 before installing Dynamics 2013.

Legacy systems that will not be supported after upgrade to Dynamics CRM 2013:

• NO Windows XP to run either Microsoft Dynamics CRM for Outlook or the web application.
• NO Microsoft Office 2003
• NO Microsoft Exchange Server 2003 for email routing and tracking.
• NO Microsoft Exchange Server 2007 WebDAV protocol for email routing and tracking.
(Microsoft Exchange Server 2007 Exchange Web Services (EWS) will still be supported)

Review any third party add-ons that you might have installed and check with vendor that they are supported on CRM 2013, if they will not be at time of upgrade then you best option may be to request a different upgrade date.

CRM 2013 Transition offerings:

System Health Check. We start with your server and database set up and maintenance. Then we will review the code in your environment to ensure that it meets the CRM 2013 standards to support a fully automated upgrade. The review will also identify opportunities to simplify code utilising some of the new features of CRM 2013 including synchronous workflows and entity business rules, which we believe will offer opportunities to remove customisation from the system.

Key User Training. Training to your key users on how the new user interface works and how users can navigate easily around the user interface.

Form Re-design – post the upgrade your CRM 2011 forms will continue to work within the new refreshed user interface as scrollable forms. With the redesign comes an opportunity to take advantage of the new layout options and to re-design your forms to be more user friendly.

Guided Business Processes Enablement – CRM 2013 introduced business process flows created via the process configuration area of Dynamics CRM. Synergy Software Systems consultants can give you aguidance on the best way to utilise this new feature to increase user adoption, to drive consistency and to reduce on-going training costs.

Dynamics Ax for the C Level Executive

May 30th, 2013

Has your ip address been pinged recently?

April 28th, 2013

A home science experiment that probed billions of Internet devices reveals that thousands of industrial and business systems offer remote access to anyone.

HD Moore, a few weeks ago every Internet device in the world, perhaps including some in your own home, was contacted roughly three times a day by a stack of computers that sit overheating his spare room. Moore’s census involved regularly sending simple, automated messages to each one of the 3.7 billion IP addresses assigned to devices connected to the Internet around the world

On Tuesday, Moore published results on a particularly troubling segment of those vulnerable devices: ones that appear to be used for business and industrial systems. Over 114,000 of those control connections were logged as being on the Internet with known security flaws. Many could be accessed using default passwords and 13,000 offered direct access through a command prompt without a password at all.

Results he published in January showed that around 50 million printers, games consoles, routers, and networked storage drives are connected to the Internet and easily compromised due to known flaws in a protocol called Universal Plug and Play (UPnP). This protocol allows computers to automatically find printers, but is also built into some security devices, broadband routers, and data storage systems, and could be putting valuable data at risk

Management Reporter RU5 – now released

April 27th, 2013

Management Reporter RU5 brings new features to Management Reporter users, and support for two additional countries.

Key features in Management Reporter RU5 include:
Collapse detailed report into summary view – Any report displayed in the Web Viewer can automatically be collapsed into a summary view; Management Reporter report designers will no longer need to create both a detailed and summary view of the same report

Default Report Link Location – when storing reports in a SharePoint site or network location, use the new default Report Link Location to easily indicate where most reports should be stored by default
Management Reporter Web Viewer as default – the default report viewer for Management Reporter users has been changed to the Web Viewer, allowing reports to easily be viewed in the newest interactive report viewing experience. Customers can still open any report in the Management Reporter desktop viewer.

Report Designer available in Dynamics AX menus – Launch Management Reporter Report Designer from with Dynamics AX General Ledger and Budgeting
Storage of transaction detail reworked – Transaction detail for each report is stored with the data mart database, and no longer duplicated in the Management Reporter database. This means the size of transaction-level reports is significantly smaller and the Management Reporter database will not increase in size as additional reports are generated and stored
Language support for Brazil – customers will now be able to use Management Reporter in Brazilian Portuguese
Language support for Japan – customers will now be able to use Management Reporter in Japanese
Improved quality – fixed a variety of customer reported issues, including addressing issues involving SQL collation conflicts and data art data integrity

MR Documentation Installation, Migration, and Configuration Guides now available for download: http://www.microsoft.com/en-us/download/details.aspx?id=5916

• Using Management Reporter with Dynamics AX is easier than ever now that you can launch Management Reporter Report Designer from the menus in both Dynamics AX General Ledger and Budgeting. Only users that have permission to design or generate reports in Management Reporter will have the menu item available.
This video shows how you’ll be able to launch Management Reporter from within Dynamics AX 2012-

How do I get this new Dynamics AX functionality?
Use the following steps to load the Dynamics AX hotfix that adds the menu items:
• If you are on Dynamics AX 2012 R2, then follow the steps in KB 2840107 in order to download the prerequisite update to Dynamics AX.
• Apply the update to Dynamics AX.
The hotfix will be included in Cumulative Update 6 for Dynamics AX 2012 R2
After the hotfix is installed, yet – you will have menu items available but those are not yet configured to launch Management Reporter

Do I need to do anything in Management Reporter? • Management Reporter needs to be updated to Rollup 5 (2.1.1037.12) or later.
• To finish setting up the Dynamics AX menu items, you will need to use the Management Reporter Configuration Console to publish the location of the MR server into Dynamics AX using the “publish server connection” action.
• Once this has been done, the Management Reporter server address and the default company will be supplied by Dynamics AX.
• The Management Reporter client will need to be installed where the Dynamics AX client is installed. This can either be on local machines or on one or more Terminal Servers.

Dynamics for Schools – CRM

April 3rd, 2013

Constituent Relationship Management

Microsoft CRM provides schools with the tools they need for collecting data, then using that data for analysis and reports, and for designing and implementing effective enrollment and fundraising campaigns. It is user-friendly, so reports are easy to quickly generate. CRM data can be used for predictive analysis, enabling schools to predict application, enrollment, and retention rates.

From public school districts to universities, schools of all sizes are becoming increasingly reliant on CRM software to manage recruitment, communication, and retention. For these users, CRM stands for Constituent Relationship Management. Microsoft Dynamics CRM provides the perfect platform for managing information and communication with constituents:
 Current and prospective students
 Alumni
 Faculty, staff, and candidates
 Donors
 Administrators
 Community leaders

Microsoft CRM enables targeted marketing campaigns, and more personalized targeted communications in general to prospective students, donors, alumni, and faculty.With Microsoft CRM, manage the information from within Microsoft Office Outlook, so that your staff does not have to learn an entirely new system.

The hot trends in schools’ CRM usage are adoption of cloud-based technology and mobile access, and Microsoft CRM provides those options. With a cloud-based solution, users can access CRM through browser-based applications anytime, anywhere. Recruiters or alumni outreach representatives, for example, can make changes to data immediately, while in the field.

Targeted communication enabled by CRM leads to more personalized contact, which in turn leads to better results in terms of enrollment and fundraising. You can group your communication by subgroups of alumni and prospective students (such as international students, traditional students, night students, online students, etc.).

Schools of all sizes are turning to CRM software to save both time and money. Find out how business software solutions can help your school.

CRM 2011 Update Rollup 13 and sdk 5.1.15

April 3rd, 2013

Update Rollup 13 was released last week. This update provides long-awaited support for Windows Server 2012 as well as support for ADFS 2.1.
To install CRM 2011 on Windows Server 2012, a setup update is required first which won’t be available until April 9th. http://technet.microsoft.com/en-us/library/dn167638.aspx

SDK v5.0.15
A new version of the SDK was also released last week and it provides new DLLs that are compatible with both UR 13 and CRM Online. A new version of the Metadata Browser t adds new properties from UR 12.

Important new design considerations were added to the SDK for the new Auto Save feature in CRM Online . Microsoft explains that the reason for moving to an auto save is to keep consistency with modern applications and that it can’t be disabled or configured- this could be an abrupt change for users who have been using CRM for a while.

A very important note to customizers and developers explains that each auto save is considered an update so: workflows, plug-ins and auditing will trigger each time. The filtering attributes in plug-ins and workflows will be even more important so that those trigger only when specific fields are updated.
The following excerpt was taken from this page in the SDK – http://msdn.microsoft.com/en-us/library/hh913610.aspx.

Modern applications are moving to an implicit save model. The updated forms introduce this behavior in Microsoft Dynamics CRM Online. Auto save is not configurable. You cannot disable it or change the behavior. There is no save button. The auto save control appears in the bottom right area of the updated form and has the following behaviors:
When creating a new record there is a Create button in the command bar.
Auto save does not apply until the record is created.
After the first edit of the form, auto save occurs every 30 seconds.
Auto save retrieves any changes to the record and displays them without reloading the form.
Only data that has been changed since the last save are saved.
The field currently being edited is not saved.
Command bar actions like New, Close, or Qualify saves the record.
Closing the form saves the record
.

Note

Each time auto save occurs, it is considered an update to the record. Plug-ins, workflows, and auditing of records will treat each update as a separate event. Developers and creators of workflows need to consider the impact this will have on the business logic included in their plug-ins and workflows. Rather than triggering business logic on each update, you should include conditions to check the values of specific fields in the update to initiate your logic so that they won’t occur indiscriminately with each update.

Dynamics Ax 2009 sp1 – updated compatibility

April 3rd, 2013

Dynamics AX 2009 Sp1 is announced as compatibile with Windows 8, Microsoft Office 2013 and Internet Explorer 10.