Google is planning to put an end to SSL exploits, hopefully before they happen with Chrome

The other day I posted about the BEAST that can circumvent SSL encryption used with websites and how a proof of concept would be demonstrated soon and actual exploits in the wild even sooner.

No sooner had I posted about that than Google’s Chrome development team had posted that they have an update already prepared for the Chrome browser that in theory should protect from the man-in-the-middle BEAST attack.

More information can be found over on The Register 

When the update comes….  Install it =)

 

 

 

 

1

What’s your favorite phone? Android? Which flavor?

What smartphone are you using and why?

Our office has moved to Androids, and in particular Samsung Epic 4G (original and the new Galaxy S II Touch) and absolutely love them.

I’d love you input….

SSL encryption broken – Proof of concept demo later this week #ph33r

My first reaction to the news that read “Hackers break SSL encryption used by millions of sites – Beware of BEAST decrypting secret PayPal cookies” was, “What took ’em so long?”

The article above gives all the details you can stand, and a quick search of Google for news articles will tell you everything else you want to know.

The skinny is this: All versions of Transport Layer Security (TLS) 1.0 and earlier are susceptible to listening in on their magic. IE: When you are using websites protected with TLS 1.0 and are hit with a browser exploit, everything is in the clear.

How do you protect against this one? Since this is likely a man-in-the-middle type exploit, using public wi-fi may make it easier for an attacker to make it happen. It also requires that the “BEAST” browser exploit be somehow loaded on your computer. How that payload will be delivered has yet to be determined.

Consider keeping virus definition up to date, using quality anti-virus like Trend Micro Worry Free for your business, or Titanium for your personal computer or smaller business. Keep the OS up to date, the browser and all support applications such as JAVA and Adobe Flash Player should also have the latest updates.

Be careful about which pages you visit, sites with questionable content (think porn, “warez”, etc) are excellent places to avoid.

Using a VPN when on public wi-fi is always a great idea.

While the proof of concept has not been released, expect copycat “BEAST” exploits to be out within weeks, or even days…

Be careful out there! (And don’t think this will be limited to Microsoft Windows and Internet Explorer…  Expect Mac, Android, iPad, iPhone, Mozilla & Chrome to get in on the action too)

 

We’re giving away Microsoft Office 2010 for the heck of it it! #Greenville

Microsoft Office Home and Student 2010 (Product Key Card)We have ended up with an extra Microsoft Office Home & Student 2010 Product Key Card, which has to be sold at the time of a new computer purchase… So, what are we to do with it?

I think the only cool thing to do is give it away!

Anyone who buys a HOME / PERSONAL computer from us during the month of September will be entered into our little contest.

On Oct 3rd, 2011, we will draw a name and give that person a free copy of MS Office Home & Student 2010 to go with that computer you purchased!

This is normally a $120.oo value…

Need a computer for your home or business, or maybe dozens of computers??? We are resellers and partners with some of the biggest names in computer and server technology! HP, Dell, Lenovo, Toshiba, Nexlink and more!  Call 864.990.4748 or email info@homelandsecureit.com for more information.

 

My next phone? Possibly Samsung Galaxy S II Epic 4G Touch on Sprint….

One of our phones has a contract that is up and I could upgrade to the Samsung Galaxy S II Epic 4G Touch that was released just today on Sprint.

Only one problem…  Nobody that I called in the Greenville area has one!  One person told me only 200 of the top stores got them today and those 200 stores only received 2 each.

So I will wait a while, or I could buy it online at sprint.com.

Why do I want it? Last year about this time, we replaced our aging Blackberry phones with Samsung Galaxy S Epic 4G phones and have loved them! BUT, that was this, this is now. The new phone does not have a keyboard built-in, so it is much thinner, and it also has a much larger display. The battery life is improved to boot.

As far as speed, the new phone has a 1.2Ghz DUAL CORE processor, compared to the 1Ghz single core we currently have.

The OS is upgraded, the camera is 8 megapixels.  What’s not to like?

Apparently the size. Some people don’t like that bigger 4.5″ screen, compared to the 4.3″ screen in our current phones.

We’ll see… Maybe by next week I can find one?

Thoughts?     OH, and don’t make it about carriers.  Sprint has done a great job of keeping us happy.  Verizon would be our 1st choice, but we’re locked in for a little while longer with 3 of our phones.

Have a great weekend!

1

Can you increase your processor’s performance without replacing it? With some Intel CPUs you can!

Our preferred vendor Nexlink, has an “Upgrade Ready” line of computers that makes perfect sense for businesses who may want to save some money when they initially purchase, but down the road, increase the “horsepower” of their computer without replacing the entire system, or changing out the processor.

For example, if you purchased a business computer system from us with the Intel Core i3 2102 processor, you can later purchase a “Processor Performance Upgrade” from us too, and it does not involve even opening the machine.

We would visit your business, or you could optionally bring the computer to us, and we would apply a product key from Intel that would accomplish the following:

  • Increase frequency by 500 Mhz
  • Improves performance when downloading, editing and viewing photos, videos and music so you can multitask more effectively
  • Works more efficiently while running complex applications

Even the Intel Pentium C6x2 processor family can be upgraded with an increase of 600 Mhz!

The update is affordable and fast!

If you would like more information about the Intel Processor Performance Upgrade, please call us at 864.990.4748 or email info@homelandsecureit.com

Old and busted – MBR viruses… New hotness – BIOS viruses (again)

This may come as no surprise to those who have been around computer security for a while, but the BIOS viruses are making a comeback!

One of the first made its debut back in 1999 and was known as “CIH”.  But Symantec is reporting a new killer on the block called “Trojan.Mebromi” that affects the Award BIOS and seizes control of a system even before you get to the MBR (Master Boot Record).

Expect this trend to continue….

Read more about it here:

http://www.symantec.com/connect/blogs/bios-threat-showing-again

 

As always, please insure your systems are using the latest anti-virus (We suggest and sell Trend Micro products such as the amazing Trend Micro Worry Free Business Security), that all updates are applied to your Microsoft Windows operating systems, all applications and support programs from Microsoft Office, to Adobe Reader, Flash and JAVA are at the latest patch levels. Obtain a quality firewall, and use common sense! And don’t forget to BACKUP!

If you suspect your system may be infected, or want to know how to better protect your computer or an entire business full of computers and servers, please call us at 864.990.4748 or email info@homelandsecureit.com.  We offer virus removal and cleanup in the Greenville / Upstate, SC area.

We provide sales, licensing, installation and support for Trend Micro and Symantec products. We can sell you one seat, or protect your business with 1000 users!

Microsoft updates for Windows, Windows Server and Microsoft Office for Sept 13, 2011

Multiple vulnerabilities in MS Windows, MS Windows Server and Microsoft Office have been identified and addressed.  These should not be taken lightly as they are of a critical nature, allowing a “remote, unauthenticated attacker” the ability to gain access to your system, as well as DoS.

If you require assistance applying updates to your business computers in the Greenville / Upstate, SC area, please call us at 864.990.4748 or email info@homelandsecureit.com….

 

This is from US-CERT, for your reading enjoyment:

 

National Cyber Alert System

Technical Cyber Security Alert TA11-256A

Microsoft Updates for Multiple Vulnerabilities

Original release date: September 13, 2011

Last revised: —

Source: US-CERT

 

 

Systems Affected

 

* Microsoft Windows

* Microsoft Office

* Microsoft Server Software

 

 

Overview

 

There are multiple vulnerabilities in Microsoft Windows, Microsoft

Server Software, and Microsoft Office. Microsoft has released

updates to address these vulnerabilities.

 

 

I. Description

 

The Microsoft Security Bulletin Summary for September 2011

describes multiple vulnerabilities in Microsoft Windows, Microsoft

Server Software, and Microsoft Office. Microsoft has released

updates to address the vulnerabilities.

 

 

II. Impact

 

A remote, unauthenticated attacker could execute arbitrary code,

cause a denial of service, or gain unauthorized access to your

files or system.

 

 

III. Solution

 

Apply updates

 

Microsoft has provided updates for these vulnerabilities in the

Microsoft Security Bulletin Summary for September 2011. That

bulletin describes any known issues related to the updates.

Administrators are encouraged to note these issues and test for any

potentially adverse effects. In addition, administrators should

consider using an automated update distribution system such as

Windows Server Update Services (WSUS).

 

 

IV. References

 

* Microsoft Security Bulletin Summary for September 2011 –

<http://technet.microsoft.com/en-us/security/bulletin/ms11-sep>

 

* Microsoft Windows Server Update Services –

<http://technet.microsoft.com/en-us/wsus/default.aspx>

 

____________________________________________________________________

 

The most recent version of this document can be found at:

 

<http://www.us-cert.gov/cas/techalerts/TA11-256A.html>

2

Dinner at Saskatoon & Metomorphoses at Warehouse Theatre made for a great evening! @WarehouseGVL @THE_Saskatoon

Narcissus loves himself all through the intermission

Wow, what a busy weekend!  We managed to pack so much into 48 hours this past weekend and had a great time doing so.  Our daughter that is a freshman at Converse College called this past Wednesday to ask if we could go see the production of Metamorphoses at the Warehouse Theatre.  We were fortunate to attend all of last season’s plays and so enjoyed every one of them.  I think she needed a family time event to look forward to while encountering her busy schedule at school.  I immediately called our friend, Paul Savas, and purchased four of the last remaining tickets for the final show! Yay!

Later in the week, Brett informed me that I had forgotten he would be going to the Clemson game on Saturday.  Geesh, it is difficult being the family entertainment coordinator and keeping everyone happy!  I told him not to worry and have a good time, we would find someone else to gladly take his ticket… and we did!

Our evening started with a delicious dinner at Saskatoon’s with Jay Handler, John, Megan, and me.  Megan and I were able to try new dishes that we otherwise would not dream of tasting… very good!  We shared many laughs and deep discussion and lost track of time before we dashed off to try to make the curtain call.  Megan and I dashed through the front door as John and Jay filled the parking meters and Shannon Robert (the plays director) ushered us to “the best seats in the house but a little difficult to get to!”  I envisioned a dark narrow stairway, but quickly knew what she was referring to when Shannon whispered, “Give me your shoes!”  We climbed a ladder in the dark to the balcony where the audio and lighting technicians work their magic, and indeed found “the best seats in the house”!  I was tickled but felt slightly guilty since WE were the people that we always scorned running in at the last second.

What a great performance to have balcony seats for “Metamorphoses”.  Shannon Robert did such an excellent job of directing Ovid’s classic that was created by Mary Zimmerman in 2002.  She even created the ominous feel of the Greek Mythological past in the poolside setting complete with over 3,400 gallons of water!  The play is actually a culmination of stories from Greek mythology which I love.  Several of the skits were interpreted in modern day with a twist of comedy or a glimpse of shock to leave us wanting more in the next story.

Although “Metamorphoses” was a fabulous opening show for the Warehouse Theatre’s new season, this makes me even more excited about what’s yet to come!  I would be amiss not to encourage my friends and colleagues to consider making time for each and every one of these productions.  We have always enjoyed and looked forward to our family fun nights of visiting the Warehouse Theatre!  Please take a look for yourself and mark your calendar now for these wonderful upcoming events so you don’t miss out.  I will certainly make a point of being early for the seating for the “The Elephant Man”, I hear the lead actor is wonderful! http://www.warehousetheatre.com/season

Pamela Hoyt – Homeland Secure IT

@PamelaHoyt   –   http://www.facebook.com/PamelaMHoyt

Cloud Computing Allows for Millions of People to be Down at Once #Office365 #CloudComputing

The Microsoft issue today that prevented millions and millions (over 300 million) of people from getting to their email for several hours serves as a reminder that “The Cloud” is not perfect yet.

While most businesses who have a typical Microsoft Exchange Server might experience an outage that affects their users, when a cloud provider has a glitch, it affects a massive number of individuals and businesses. Keep in mind that it is not limited to just Microsoft, large providers such as Amazon and Google have both had similar issues recently.

The Microsoft outage was blamed on a DNS problem and affected the users of Hotmail, Office 365, SkyDrive and many other “Live” systems.

If you manage a business and are thinking about a switch to the cloud, this type of issue should be taken into consideration.

Should you want to discuss how to, or if you should move your business from a localized mail solution to a cloud based solution, a cloud solution to a localized solution, or how blending the two technologies can work for you, please give us a call at 864.990.4748 or email info@homelandsecureit.com. We offer Microsoft, Google and other cloud solutions in the Greenville / Upstate, SC area!