SECURE IT ALERT: Out-of-Band Bulletin Fixes Serious Microsoft .NET Framework Vulnerability

Secure IT Alert Header

Homeland Secure IT Alert

Homeland Secure IT Alert for Thursday, September 30, 2010

Microsoft has addressed an important vulnerability in another “out of band” security update this week…   This one is for the Microsoft .NET Framework and it affects every Microsoft operating system across the board from Windows XP, Vista and 7 desktop, to Windows Server 2003, 2008, 2008 R2, regardless of service pack or patch level, and processor (32bit, 64bit, Itanium).

Left unpatched, an attacker could gain information from your system to read or even manipulate encrypted data from your web server.

The long and short of this – Update your systems. Run Microsoft Updates if they are not set to automatically install. System administrators should insure their servers are up to date.

The Microsoft Bulletin can be found HERE.

If you require assistance with this update or any others, please contact your computer service professional as a vulnerable network can cost more than downtime. If you are in the Greenville or Upstate SC area, Homeland Secure IT can provide your business with network and computer support. Please call 864.990.4748 or email info@homelandsecureit.com for more information!

Homeland Secure IT Alert Footer

Homeland Secure IT Alert

Be careful when adding content filters to MDaemon or Trend Micro

Hyperactive filters can be cause for a headache!

Hyperactive filters can be cause for a headache!

About a week ago, a network administrator that our company provides assistance to contacted us with an oddball issue…

All mail seemed to be working well, both in and out, except for mail coming into her domain from one company. The obvious was checked, such as the other company’s IP against all known block lists (RBLS), logs for blocked spam from the origin, and then it got even more odd. SOME mail from that domain was making it in, such as from their generic “info@somecompany.com”: address, then another address was able to send mail, but it was narrowed down to 3 addresses that could not send mail. Such as lisa@somecompany.com and art@somecompany.com.

At this point, the network administrator was at her wits end and we checked it out for her, having the company try to send a few mails, and sure enough, some were coming in, and others were not, but it was dependent upon the email address. We checked filters for those email addresses and none existed.

Everything was checked at the Exchange server, full logging was enabled, to watch for mail as it came in, and sure enough, nothing came in to the Exchange server from those email addies. Not even a connection. After ruling out the Exchange server, we went back to the Alt-N MDaemon server, which is a gateway that handles all incoming email, checks it against RBLs, content, viruses, whitelists, blacklists, attachments, etc, then if it thinks the mail is good, it sends it on to Exchange. We watched the logs as mail came in from lisa@somecompany.com and MDaemon reported it was totally happy.

Just to make sure, we added lisa@somecompany.com to the whitelists, and then *@somecompany.com was added. Still MDaemon reported it was happy and nothing was being filtered.

Still, the issue remained.  Info@somecompany.com could send email, lisa@somecompany.com could not. The logs in MDaemon read the same, kind of placing the blame back on Exchange, however, Exchange was never seeing a connection.

Long story short, after several emails being sent back and forth with the wonderfully patient people at somecompany.com, MDaemon’s support was enlisted to find the issue. Which took many emails back and forth between our network administrator friend and them, and several days…   In the end, the problem was a content filter inside MDaemon. A filter for certain phrases had been added, such as “Breast Enhancement”, “Penis Enlargement”, “Viagra” and “Cialis”…  This filter was to blame, even though no logs indicated this was the case.

Just what was triggering the content filter? It was the word “Cialis”…   Each individual at Somecompany.com who could not email in, had content in their email that contained the word “Specialist”, and MDaemon was most interested in “Specialist…

The lesson to be learned from this is that careful selection of your content filtering keywords is crucial to a smooth flowing mail system. We have seen content filters block mail in Trend Micro’s CSM (now Worry Free Business Security Advanced) and Scan Mail, but usually there is a log filled with the results that you can use to find an issue quickly.

In this case, “Cialis” was found in the word “Specialist”, but others have been as simple as filtering profanity such as the word “dick”, which happens to be some people’s first name… Even the word “Fanny” was someone’s given name.

More about MDaemon:

In MDaemon, this is what the logs look like when it encounters content:

Wed 2010-09-22 10:47:31: Start Content Filter results

Wed 2010-09-22 10:47:31: * Message matched rule: Penis <- this was the name of the rule

Wed 2010-09-22 10:47:31: * Matched 1 of 14 active rules <- this shows that there are 14 rules and 1 matched

Wed 2010-09-22 10:47:31: End of Content Filter results

Keep in mind this does NOT show up in the MDaemon GUI, you have to find the log on the machine and examine it….

Use protection! Power Protection that is… and save your computers and electronics! #Greenville

Last night’s storms in Greenville played havoc with the sensitive computers, servers, network equipment, CCTV systems, VoIP systems and even alarm systems!

At 10pm we received a call from the alarm monitoring company saying that we had multiple zones activated at my wife’s business, including a door, and several interior motion sensors! Police were dispatched, and Pamela and I rushed out the door headed towards her office with flashlight and firearm at the ready. We actually beat the police to that location due to the large number of calls they were receiving due to power outages and lightning strikes in that area.

It was immediately apparent that we had a false alarm… Thankfully, nobody was arrested or shot, and in fact, the only casualty was the alarm system sensors that were damaged by the strike. The power had been off all around that location, and computers, servers, and more were offline.

After the storm died down and morning came we were greeted with calls from our clients. As you can imagine, computers were down and would not come up, servers were down, a lot of network connectivity issues such as no internet access, no access to application servers, etc. Most of these were solved over the phone, but a couple required visits to the sites.

Thought I would just take a moment to remind everyone that a large number of service calls and computer repairs can be avoided by simply investing in adequate UPS (Uninterruptable Power Supply) devices. These affordable products can be used to protect almost everything you plug into AC power. Those switches, routers, firewalls? Protect them! What about your time clock? Yes, that too. How about that expensive CCTV or VoIP system? Yewbetcha!

Small surges that come in on the power line can cause big damage to sensitive electronics!

Homeland Secure IT is happy to partner with some great power protection companies such as Eaton and APC and we can provide you with a quote for the proper product for your application! Please email info@homelandsecureit.com or call 864.990.4748 for more information…

We had a blast in the Susan G. Komen Race for the Cure #Greenville

Help fight breast cancer!

Help fight breast cancer!

Earlier in the year, we saw one of our friends asking for contributions to their Susan G. Komen Race for the Cure team (Plus Inc.) and two of us here at Homeland Secure IT supported them with small contributions.

After discussing it further, we decided to form our own team and participate in the 5K walk ourselves. It made total sense, as we all have people in our lives that have been affected by this horrible thing (Breast Cancer)! We had never done anything like this before so we really didn’t know where to start other than reading the “Team Handbook”…  We named our team for the Google On Main (We are Feeling Lucky) movement, hoping we would get a few contributions from those who participated in that uber cool event. We didn’t print T-Shirts because there were only a few of us, and we opted to give the money instead as a contribution.

We emailed our friends, family and clients, posted it to Facebook, posted it to Twitter, to the point of being annoying. I personally sent out 90 individually addressed emails a few days before the race. We blogged about it. Yet we still couldn’t get the results was hoped for. We had set our goal at $5000, thinking that would be “easy”.  We were wrong. Though we did manage to get over $1300 dollars in contributions!

Multiple issues were working against us reaching that goal. A bad economy was probably the largest problem. And close behind that was the fact we started late in the game. Most of the other teams had already been formed, and THOUSANDS of people were hitting up everyone they knew. I was told “We already gave” by many people, and “We are walking too” by dozens! I believe there were 6000 people or so participating in this walk! An awesome show of support for this cause!

I would like to thank one person by name, Michelle Varner, Greg’s wife, who managed to get the majority of our contributions! She is awesome and her hard work is appreciated. Our team consisted of me (John M. Hoyt), Pamela Hoyt, Greg Varner and Michelle Varner. (Our son and daughter were signed up, but slept in!)

From the bottom of our hearts, I would like to thank every single person who contributed to our team, or to this cause in general! Together, we can help find a cure!!!!

We will likely do this again for 2011, as the majority of the clients we provide computer and IT service to here in Greenville / Upstate are female and I can think of no better way to show them how much they mean to us than to support the Race for the Cure!

John, Pamela & Greg at the Start

Greg & John

The start of the 5k walk

6000 of our closest friends

A new world record! HAH!

Greg & Michelle crossing the finish line!

4

Social Story Conference was a blast here in #Greenville today! #socialstory

If you have been paying attention, you know about the Social Story Conference put on by Trey Pennington here in Greenville today at the Warehouse Theatre (@WarehouseGVL). Pamela and I played hooky from work and attended it, feeling a bit naughty, like a kid skipping school!

The speakers were Tim TV, Sean Buvala, Amber Osborne (@MissDestructo), Rick Murray, Olivier Blanchard (@TheBrandBuilder), Trey Pennington (@TreyPennington), and moderated by Phil Yanov (@ThinkHammer).

The topic was “Building your social story”, and while social media was discussed a good bit, it was not the focus of the conference.

It was a total blast! Let’s do it again!  If you missed it you can travel to the next venue!  www.SocialStoryConference.com for more information about it.

I would like to thank the speakers for traveling to see us, especially @MissDestructo who is responsible for getting me into Four Square and has brightened many days with some words of wisdom! Also, to the staff at Bit Tyrant (Aaron Von Frank, Susan Sebotnick and Kat Hardaway), you guys did a bang up job, and your volunteers were awesome too.

Intuit QuickBooks 2011 available on September 28th!

It’s that time again! Intuit is releasing their fiscal year 2011 products on Monday, September 28th.

Products that have been updated include:

QuickBooks Simple Start 2011 is the easiest way to track sales and expenses. All your finance information is organized in one place, so you can easily stay on top of your business and be ready for tax time.

QuickBooks Pro 2011 makes accounting easy with tools to organize your finances all in one place. Complete tasks like paying employees1, invoicing, bill tracking and check-writing. Track sales and expenses, and easily share this data in Word and Excel2. With QuickBooks Pro, you’ll spend less time on routine tasks and more time on your business.

QuickBooks Premier 2011 has all of the great features you know and love in QuickBooks Pro, plus industry-specific, timesaving, ready-to-use reports and business planning tools tailored to help your company grow. Along with saving you time on routine accounting tasks, Premier makes it simple to monitor business performance, build forecasts and manage payables and receivables. Premier also includes tools for tracking inventory, creating purchase orders and setting pricing levels.

QuickBooks 2011 for Mac – Organize your business finances quickly and easily with QuickBooks 2011 for Mac. Get quick access to everyday tasks like invoicing, bill tracking, check-writing and payroll.

  • Track sales and expenses.
  • Share your data with Microsoft® Excel and your accountant.
  • Save time completing routine tasks and paperwork and spend more time on your business.

QuickBooks Premier Contractor 2011 gives you standard accounting features, plus easy, timesaving tools designed for contractors:

  • Create estimates, track change orders
  • Manage job costs
  • View job profitability reports

QuickBooks Point of Sale 2011 makes it easy to track and manage your inventory, sales and customer information––so you can concentrate on running your business.

Other products include QuickBooks Payroll, Enterprise QuickBooks, Online additions and multi-user versions of QuickBooks.

Removed from the Intuit line-up for 2011 are the Simple Start CD version, QB Online Basic, Getting started with POS, End User Certification, Setup and training, Cash Register Plus and Point of Sale Multi Store.

Intuit Quickbooks & Quicken Authorized Affiliate Purchase at 20% off retail

Click This Link & Save Up To 20%!

Homeland Secure IT is proud to be an Authorized Affiliate for Intuit… If you are considering an upgrade to QB 2011 or other Intuit products, you can click on the Intuit banner and receive a discount of up to 20% off the retail price!

We also offer installation and upgrade services as well as full computer & server support, service & repair in the Greenville and Upstate SC area!

Should you need to locate a QuickBooks Expert, we can refer you to one of several…

Consumers are happier than ever with their computers!

Satisfaction

Shiny Happy People

According to a story published in the Washington Post, computer users are happier with their PCs than at any time since the first year (1994) that this was tracked! This was based around a poll run by ACSI LLC.

It was not surprising that Apple had the highest user satisfaction with their “cult-like” Mac following, though it may catch some off guard that Microsoft held its own. The article cites improvements in Microsoft customer satisfaction since the release of Windows 7, which we have seen ourselves. In fact, since the release of Microsoft Windows 7, we have been seeing people dump their aging Macs and opt for less expensive Windows machines as replacements.

Some factors that appear to be contributing to the migration from Mac to the Windows platform are the consistently lower prices for Microsoft Windows based machines, security holes being exploited in the Mac rapidly narrowing the “Mac is more secure” gap, the overall user friendliness and reliability of Windows 7 and of course the larger software selection.

Either way, across the board people are as happy as ever with their computers!

If you find your experience is less than satisfactory, I would like to hear from you. Reply here, shoot me an email, give me a call, etc. We can likely help improve your satisfaction!

SECURE IT ALERT: Security Update for Adobe Flash Player on Windows, Mac, Linux, Android, etc.

Secure IT Alert Header
Homeland Secure IT Alert

Secure IT Alert for Tuesday, September 21, 2010

This is not a repeat… I repeat, this is not a repeat. Sorry, that was redundant…

Adobe announced yesterday, September 20th, the release of additional patches to Adobe Flash Player to address vulnerabilities. These affect Microsoft Windows, as well as Mac, Linux, Solaris and even Android.

It’s the same old song and dance with this one…  Update your Flash Player or risk being exploited. This *may* affect Adobe Reader as well, but Adobe’s announcement indicates that they will not address the potential threat to Adobe Reader in October updates. Presumably because it is not being actively exploited (yet).

As always, avoid random browsing to unknown / untrusted /shady sites, and don’t follow unexpected links in email… Keep your operating system up to date with patches. Insure you have the best Anti-Virus protection you can possibly afford, such as Trend Micro Internet Security or Trend Micro Worry-Free Business Security and that it is function and up-to-date. If your computer is acting differently than normal, including slow response, unusual pop-ups, random shutdowns, etc, contact a computer service or support professional, especially if that computer is used for business or financial purposes.

Included below is the original Adobe Security Bulletin.  If you require assistance with this or any other computer or network security issue in the Greenville or Upstate SC area, please call us at 864.990.4748 or email info@homelandsecureit.com

Security update available for Adobe Flash Player

Release date: September 20, 2010

Vulnerability identifier: APSB10-22

CVE number: CVE-2010-2884

Platform: All Platforms

SUMMARY

critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.92.10 for Android. This vulnerability also affects Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2884) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows. Adobe is not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date.

Adobe recommends users of Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.1.85.3, and users of Adobe Flash Player 10.1.92.10 for Android update to Adobe Flash Player 10.1.95.1.

AFFECTED SOFTWARE VERSIONS

Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.92.10 for Android.

To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select “About Adobe (or Macromedia) Flash Player” from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.

SOLUTION

Adobe recommends all users of Adobe Flash Player 10.1.82.76 and earlier versions upgrade to the newest version 10.1.85.3 by downloading it from the Adobe Flash Player Download Center or by installing it via the auto-update mechanism within the product when prompted.

Users of Flash Player for Android version 10.1.92.10 and earlier can update to Flash Player version 10.1.95.1 by browsing to the Android Marketplace on an Android phone.

For users who cannot update to Flash Player 10.1.85.3, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.283, which can be downloaded here.

SEVERITY RATING

Adobe categorizes this as a critical update and recommends affected users update their installations to the newest versions.

DETAILS

critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.92.10 for Android. This vulnerability also affects Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2884) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows. Adobe is not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date.

Adobe recommends users of Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.1.85.3, and users of Adobe Flash Player 10.1.92.10 for Android update to Adobe Flash Player 10.1.95.1.

We expect to provide updates for Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 for Windows and Macintosh during the week of October 4, 2010.

Google Chrome users can update to Chrome 6.0.472.62. To verify your current Chrome version number and update if necessary, follow the instructions here: http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95414.

Homeland Secure IT Alert Footer

Homeland Secure IT Alert

Komen Race for the Cure – Please support me!

Let’s face it, breast cancer sucks. Not that one form of cancer is worse than another mind you…

My family and co-workers are going to be participating in the Susan G. Komen Race for the Cure, though we are not racing, we are walking. It takes place this coming Saturday.

I would like to ask that everyone please consider contributing to this cause by supporting me at this link: PLEASE SUPPORT ME! I have a modest goal, but I would love nothing more than to far exceed it!

If you want to participate, I strongly encourage you to do so! Start your own team, join our team, etc. You can even SLEEP IN FOR THE CURE if getting up at 6 on a Saturday morning is not your thing.

My family and I will be walking for my wife’s mother who is a double mastectomy survivor, and for our good friend (and supporter) Kay from Massachusetts, who is a 7 year survivor herself!

Thank you for your support.

Are you so busy looking for success that you just walk past opportunity?

Are you the type of person who is totally engrossed in finding success? Are you rushing through life trying to succeed at your endeavor? I’m talking about the type of person who wants to make a name for yourself,  push your new business to the top, obtain great wealth, or maybe even become  a superstar athlete or the best guitarist in the world…

We all know these people, and we hope we aren’t one, but they they are the types who are so focused on the prize that they let opportunities slip past them constantly. They turn down the smaller deals because they want that one big one.

I saw this video and thought I would share it… It illustrates just how many people walk past opportunity on the way to their goal. It is also a neat study in human nature in general.