‘Twas The Night Before Christmas – Computer Version

I first read this story on a University of Arkansas computer system sometime before 1985 and promptly typed it up and put it on my BBS (Non-Prophet BBS) for people to read. I have sent it in email, and “snail mail” for the last 25 years or so…  I still get a kick out of it.   If anyone knows the author, please contact me so I can give credit and thank them. – John M. Hoyt

‘Twas The Night Before Christmas – Computer Version

‘Twas the night before Christmas, and all through the shop,
The computers were whirring; they never do stop.
The power was on and the temperature right,
In hopes that the input would feed back that night.

The system was ready, the program was coded,
And memory drums had been carefully loaded;
While adding a Christmasy glow to the scene,
The lights on the console, flashed red, white and green.

When out in the hall there arose such a clatter,
The programmer ran to see what was the matter.
Away to the hallway he flew like a flash,
Forgetting his key in his curious dash.
He stood in the hallway and looked all about,
When the door slammed behind him, and he was locked out.

Then, in the computer room what should appear,
But a miniature sleigh and eight tiny reindeer;
And a little old man, who with scarcely a pause,
Chuckled: “My name is Santa…the last name is Claus.”

The computer was startled, confused by the name,
Then it buzzed as it heard the old fellow exclaim:
“This is Dasher and Dancer and Prancer and Vixen,
And Comet and Cupid and Donner and Blitzen.”

With all these odd names, it was puzzled anew;
It hummed and it clanked, and a main circuit blew.
It searched in its memory core, trying to “think”;
Then the multi-line printer went out on the blink.

Unable to do its electronic job,
It said in a voice that was almost a sob:
“Your eyes – how they twinkle – your dimples so merry,
Your cheeks so like roses, your nose like a cherry,

Your smile – all these things, I’ve been programmed to know,
And at data-recall, I am more than so-so;
But your name and your address (computers can’t lie),
Are things that I just cannot identify.

You’ve a jolly old face and a little round belly,
That shakes when you laugh like a bowl full of jelly;
My scanners can see you, but still I insist,
Since you’re not in my program, you cannot exist!”

Old Santa just chuckled a merry “ho, ho”,
And sat down to type out a quick word or so.
The keyboard clack-clattered, its sound sharp and clean,
As Santa fed this “data” into the machine:

“Kids everywhere know me; I come every year;
The presents I bring add to everyone’s cheer;
But you won’t get anything – that’s plain to see;
Too bad your programmers forgot about me.”

Then he faced the machine and said with a shrug,
“Merry Christmas to All,” as he pulled out its plug,
“And to all, a good night!”

 Merry Christmas everyone!!!!

A little something to keep you busy…   Adobe vulnerabilities that affect Microsoft Windows, Mac and Unix machines.

Patch ‘em up!

 

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA11-350A

Adobe Updates for Multiple Vulnerabilities

Original release date: December 16, 2011

Last revised: –

Source: US-CERT

Systems Affected

* Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and Macintosh

* Adobe Reader 9.4.6 and earlier 9.x versions for Windows, Macintosh, and UNIX

* Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh

* Adobe Acrobat 9.4.6 and earlier 9.x versions for Windows and Macintosh

 

Overview

Adobe has released Security Bulletin APSB11-30, which describes

multiple vulnerabilities affecting Adobe Reader and Acrobat.

 

I. Description

Adobe Security Bulletin APSB11-30 and Adobe Security Advisory

APSA11-04 describe a number of vulnerabilities affecting Adobe

Reader and Acrobat. These vulnerabilities affect Reader and Acrobat

9.4.6 and earlier 9.x versions. These vulnerabilities also affect

Reader X and Acrobat X 10.1.1 and earlier 10.x versions.

 

An attacker could exploit these vulnerabilities by convincing a

user to open a specially crafted PDF file. The Adobe Reader browser

plug-in, which can automatically open PDF documents hosted on a

website, is available for multiple web browsers and operating

systems.

 

Adobe Reader X and Adobe Acrobat X will be patched in the next

quarterly update scheduled for January 10, 2012.

 

Additional details for the U3D memory corruption vulnerability can

be found in US-CERT Vulnerability Note VU#759307.

II. Impact

These vulnerabilities could allow a remote attacker to execute

arbitrary code, write arbitrary files or folders to the file

system, escalate local privileges, or cause a denial of service on

an affected system as the result of a user opening a malicious PDF

file.

 

III. Solution

Update Reader

Adobe has released updates to address this issue. Users are

encouraged to read Adobe Security Bulletin APSB11-30 and update

vulnerable versions of Adobe Reader and Acrobat.

 

In addition to updating, please consider the following mitigations.

 

Disable Flash in Adobe Reader and Acrobat

 

Disabling Flash in Adobe Reader will mitigate attacks that rely on

Flash content embedded in a PDF file. Disabling 3D & Multimedia

support does not directly address the vulnerability, but it does

provide additional mitigation and results in a more user-friendly

error message instead of a crash. To disable Flash and 3D &

Multimedia support in Adobe Reader 9, delete, rename, or remove

access to these files:

 

Microsoft Windows

“%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll”

“%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll”

 

Apple Mac OS X

“/Applications/Adobe Reader 9/Adobe

Reader.app/Contents/Frameworks/AuthPlayLib.bundle”

“/Applications/Adobe Reader 9/Adobe

Reader.app/Contents/Frameworks/Adobe3D.framework”

 

GNU/Linux (locations may vary among distributions)

“/opt/Adobe/Reader9/Reader/intellinux/lib/libauthplay.so”

“/opt/Adobe/Reader9/Reader/intellinux/lib/librt3d.so”

 

File locations may be different for Adobe Acrobat or other Adobe

products that include Flash and 3D & Multimedia support. Disabling

these plugins will reduce functionality and will not protect

against Flash content that is hosted on websites. Depending on the

update schedule for products other than Flash Player, consider

leaving Flash and 3D & Multimedia support disabled unless they are

absolutely required.

 

Disable JavaScript in Adobe Reader and Acrobat

 

Disabling JavaScript may prevent some exploits from resulting in

code execution. Acrobat JavaScript can be disabled using the

Preferences menu (Edit -> Preferences -> JavaScript; uncheck Enable

Acrobat JavaScript).

 

Adobe provides a framework to blacklist specific JavaScipt APIs. If

JavaScript must be enabled, this framework may be useful when

specific APIs are known to be vulnerable or used in attacks.

 

Prevent Internet Explorer from automatically opening PDF files

 

The installer for Adobe Reader and Acrobat configures Internet

Explorer to automatically open PDF files without any user

interaction. This behavior can be reverted to a safer option that

prompts the user by importing the following as a .REG file:

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\AcroExch.Document.7]

“EditFlags”=hex:00,00,00,00

 

Disable the display of PDF files in the web browser

 

Preventing PDF files from opening inside a web browser will

partially mitigate this vulnerability. If this workaround is

applied, it may also mitigate future vulnerabilities.

 

To prevent PDF files from automatically being opened in a web

browser, do the following:

 

1. Open Adobe Acrobat Reader.

2. Open the Edit menu.

3. Choose the Preferences option.

4. Choose the Internet section.

5. Uncheck the “Display PDF in browser” checkbox.

 

Remove or restrict access to 3difr.x3d

 

By removing or restricting access to the 3difr.x3d file, Adobe

Reader and Acrobat will fail to render U3D content, which helps to

mitigate this vulnerability. PDF documents that use the PRC format

for 3D content will continue to function on Windows and Linux

platforms.

 

To disable U3D support in Adobe Reader 9 on Microsoft Windows,

delete or rename this file:

 

“%ProgramFiles%\Adobe\Reader 9.0\Reader\plug_ins3d\3difr.x3d”

 

For Apple Mac OS X, delete or rename this directory:

 

“/Applications/Adobe Reader 9/Adobe

Reader.app/Contents/Frameworks/Adobe3D.framework”

 

For GNU/Linux, delete or rename this file (locations may vary among

distributions):

 

“/opt/Adobe/Reader9/Reader/intellinux/plug_ins3d/3difr.x3d”

 

File locations may be different for Adobe Acrobat or other Adobe

products or versions.

 

Do not access PDF files from untrusted sources

 

Do not open unfamiliar or unexpected PDF files, particularly those

hosted on websites or delivered as email attachments. Please see

Cyber Security Tip ST04-010.

 

 

IV. References

 

* Security update available for Adobe Reader and Acrobat -

<https://www.adobe.com/support/security/bulletins/apsb11-30.html>

 

* Adobe Reader and Acrobat JavaScript Blacklist Framework -

<http://kb2.adobe.com/cps/504/cpsid_50431.html>

 

* Adobe Acrobat and Reader U3D memory corruption vulnerability -

<http://www.kb.cert.org/vuls/id/759307>

 

* Security Advisory for Adobe Reader and Acrobat -

<https://www.adobe.com/support/security/advisories/apsa11-04.html>

 

____________________________________________________________________

 

The most recent version of this document can be found at:

 

<http://www.us-cert.gov/cas/techalerts/TA11-350A.html>

____________________________________________________________________

 

Feedback can be directed to US-CERT Technical Staff. Please send

email to <cert@cert.org> with “TA11-350A Feedback VU#759307″ in

the subject.

____________________________________________________________________

 

For instructions on subscribing to or unsubscribing from this

mailing list, visit <http://www.us-cert.gov/cas/signup.html>.

____________________________________________________________________

 

Produced 2011 by US-CERT, a government organization.

 

Terms of use:

 

<http://www.us-cert.gov/legal.html>

____________________________________________________________________

 

Revision History

 

December 16, 2011: Initial release

 

 

—–BEGIN PGP SIGNATURE—–

Version: GnuPG v1.4.5 (GNU/Linux)

 

iQEVAwUBTuuZnz/GkGVXE7GMAQIN8ggAjjQO8LOasl98uasGZW2J5SHfkKr675Mf

ymRzBagFqO9QuId2RvFG2b9nuq5zdqETsrcG1t668wtYLUhBaoLmFXPe/KsDQ9n+

/p9PctVJFmJpV92S3kAHw+u4t1n/Aa/4IdK0oXNBDhkyXrp41F27LY+aQ8FWWuxZ

lL4jXSUQ/gLgb6hOhLjRCsQtEhAcPbX/mPNxl6bACXZaOVZT88fz9M7JXryDiJWO

uuFi3O2GT0Bd3fEsL57U/TSbq8SynadObMSj4/+Q1HmOHcD0L5gzd9/N4M3D1Emg

y7aeUpgycY5eFefY3LVVkb7JkTUbEZHbuNHydFKIJDRlaXBAo+D0QQ==

=rKM4

—–END PGP SIGNATURE—–

Christmas is almost upon us!

Hope you have your shopping done by now, and if not, well, it’s not too late to order a notebook, netbook, desktop or tablet computer from Homeland Secure IT!

We offer sales of all major brands of computers and components such as HP, Dell, Lenovo, Toshiba, Acer, NexLink, Asus, Samsung and more. Whether it is a business computer or one for your personal uses, we have something for you or the person on your list you have forgotten about not found the perfect gift for!

Orders placed are generally here at our Greenville office the next business day before lunch at no additional charge!!!!

We will be closing on Friday, December 23rd so our staff can spend time with their families, and we will be in the field on a server deployment on Monday, December 26th, however, we *WILL* be available for emergency calls should you need us!

As promised, Microsoft released SP2 for Exchange Server 2010 on 2011-12-12, and the SP brings with it a number of features and fixes:

• Incorporates all the changes from Update Rollup 1 through 6 for SP1
• Adds Hybrid Configuration Wizard for ease of managing a deployment between your on site Exchange and your Office 365 Exchange
• Introduces Address Book Policies, which determine the GAL, OAB, room list and address lists that are visible to the mailbox user that is assigned that policy
• New Cross-Site Silent Redirection for Outlook Web App can pass off requests to another server in another Active Directory site, and also permit a single sign-on
• Adds Mini Version of Outlook Web App suited for mobile users (tablets, pads, smart phones, basically anything with a browser)
• Mailbox Replication Service changes permit you to move mailboxes from on-premises to another forest or Outlook.com
• Mailbox Auto-Mapping changes allow you to disable Auto-Mapping to save on resources
• Added five Multi-Valued Custom Attributes which allow you to store additional information for your mail recipient objects
• Litigation Hold prohibits you from disabling or deleting a mailbox that has been placed on “litigation hold”

If you are running an Exchange Server 2010 without the current rollups applied to SP1, updating to SP2 today is a great idea as you can kill multiple birds with one stone!

Should you require assistance in the Greenville or Upstate, SC area please call 864.990.4748 or email info@homelandsecureit.com

National Cyber Alert System
Technical Cyber Security Alert TA11-347A

Last updated December 13, 2011

Visit this site http://www.youhavedownloaded.com/ and hopefully you will see something like this:

Wow!!

Are you sure you and your friends don’t work for the RIAA? Maybe Sony or Universal? Maybe you’re both just really good at covering your tracks. Either way, congratulations, neither you or your friends and family returned any results from our crawlers. Tonight, you can jump into bed, open up Netflix or iTunes and sleep comfortably knowing that you’ve been a well-behaved, law-abiding internet user. But remember, there’s always tomorrow.
There’s… always… tomorrow…

—

You Have Downloaded keeps tabs on who downloads what from torent sites. If I had a large company using one IP address, I would be checking that site regularly, in spite of having firewalls, filters, policies in place, just to make sure someone didn’t come knocking at my door because of one bad person on the network, or maybe because of a wireless access point that was not secured.

 

This came in email from our Charter rep and may be of interest to you if you have not already seen this:

Charter Ups Broadband Speeds Again, Bumps Top Tier to 100 Mbps –

DiGeronimo says DSL is Basically Archaic

Original Publication Date: 12/1/2011

Original News Source: Multichannel News

By Todd Spangler — Multichannel News, 12/1/2011 3:00:00 PM

Looking to kick more sand in the face of DSL, Charter Communications is increasing connection speeds of its three top broadband tiers — Express, Plus and Ultra, which will now provide downloads of up to 100 Megabits per second — at no additional cost for subscribers.

The speed boosts are the MSO’s fourth in the last three years. The faster speeds will take effect in markets with DOCSIS 3.0 technology deployed, which represents approximately 95% of Charter’s service area.

“As customers share multiple devices on a single connection, we want to send a very strong message: DSL is basically archaic,” said Rich DiGeronimo, Charter’s senior vice president of product and strategy.

Charter is increasing Internet Express downstream speeds from 12 Mbps to up to 15 Mbps, and increasing upstream speeds from 1 Mbps to up to 3 Mbps. Internet Plus downstream speeds are being increased from 18 Mbps to up to 30 Mbps, and upstream speeds are being increased from 2 Mbps to up to 4 Mbps.

In addition, Charter’s fastest residential offering is increasing from 60 Mbps to 100 Mbps — with Ultra100 providing 100 Mbps downstream and 5 Mbps upstream. Charter’s Internet Lite tier will remain 3 Mbps down.

The midlevel Plus tier, at 30/4, is now faster than the fastest AT&T U-verse Internet service available. Charter’s footprint overlap with AT&T is 60%, although U-verse is not available in all of those areas.

“We believe we have an advantage in this space,” DiGeronimo said. “The thirst for speed is only growing.”

Charter is offering Express for $19.99 per month for 12 months to new customers, Plus for $29.99 per month. Ultra100 is $40 more per month than the Express tier.

“We’re not asking for more money. It’s really about differentiation,” DiGeronimo said. About 90% of Charter’s broadband customers take either Express and Plus service.

Charter’s broadband services are subject to different usage thresholds. Customers with Lite and Express tiers are allotted at 100 Gigabytes of bandwidth usage per month, while those on the Plus and Max services have a threshold of 250 GB per month. The Ultra100 tier will be capped at 500 GB per month; previously, the Ultra60 tier did not have a maximum usage limit. Charter currently does not charge overage fees for those who exceed the thresholds; however, users’ accounts may be suspended for repeated violations.

Charter also is increasing speeds for business customers, bumping up commercial Internet speeds at no cost for two of its most popular services, Charter Business Internet Essentials16 and 25. The speed increase will take place in approximately 95% of Charter’s service areas nationwide.

Specifically, the speed increases are: Internet Essetials16, with download speeds of 16 megabits per second (Mbps) and upload speeds of 2 Mbps, will increase to up to 20 Mbps download and up to 3 Mbps upload; and Internet Essentials25, with download speeds of 25 Mbps and upload speeds of 3 Mbps, will increase to up to 30 Mbps download and up to 4 Mbps upload — which the MSO notes is at least 6 times faster than 5 Mbps DSL service and 20 times faster than T1 lines. Charter’s fastest commercial offerings, Pro50 and Pro100, remain the same, providing up to 50 Mbps download/5 Mbps upload and up to 100 Mbps download/5 Mbps upload, respectively.

—

Homeland Secure IT loves Charter! We help Greenville & Upstate South Carolina individuals & businesses get connected with high speed internet all the time and Charter, especially Charter Business, has the highest customer satisfaction of any of the ISPs we work with. If you are feeling the need for speed, email us at info@homelandsecureit.com or call 864.990.4748 and we can assist you in the search for the best service and the best price!

If you follow me on twitter or are a friend on facebook, then you probably know I am in an Upstate SC band called The Dockside Band…

We are hoping to book more gigs in the area and need your help!  If you would, please mention us to anyone who matters at bars, clubs, restaurants, and if you know any event coordinators, let them know we are available for bookings too!

We’ll play just about anything, from street fairs and festivals, to weddings, anniversaries, graduations, you name it!  Having a big family reunion? We’re in. Barn raising? Yep, sounds great!

More information can be found by going to http://www.facebook.com/DocksideBand (please LIKE us!) or visit our website at http://www.TheDocksideBand.com

The Dockside Band performs what we consider to be “Fun, Summertime” music spanning many genres such as country, rock, beach, blues and folk and many generations, from the 60s to current.  Artists we cover include Jimmy Buffet, Zac Brown, Journey, Bad Company, Matchbox Twenty, Van Morrison, Otis Redding, The Drifters, Kenny Chesney, The Commodores, Toby Keith, Jimi Hendrix, Tom Petty, Garth Brooks, etc…

We have played at restaurants and events that require low volume levels, so that is never an issue!

If you would like to check us out, we are playing New Year’s Eve at The Hide-Out in Easley, and then January 28th at Rendezvous in Greenville!

For more information, give me a call at 864-979-1224 and thank you for your support!!!!

Microsoft didn’t forget your Christmas gift….  And it’s coming early!

That’s right, Microsoft Patch Tuesday is upon us again, and this December 13th you can expect a slew of updates covering the entire line of current Microsoft Windows operating systems.

Operating Systems: Windows XP 64 & 32 bit, Server 2003 64 & 32 bit and Itanium based servers, Vista 32 & 64 bit, Windows Server 2008 and the Server Core, Server 2008 R2 Windows 7 32 / 64

Other Software: Microsoft Internet Explorer 6, 7, 8 and 9, Microsoft Office for Windows 2010 & Office 2004 2008 for Mac and individual applications Publisher 2003 & 2007,  Excel 2003 PowerPoint 2007 & 2010,  PowerPoint Viewer 2007, Office compatibility pack for Word, Excel and PowerPoint File Formats.

Chances are good that if you own a Microsoft Windows machine, or a Mac with Office, then you need to be letting your system update.

The complete bulletin can be found here: http://technet.microsoft.com/security/bulletin/ms11-dec

If you need assistance applying these updates or with any other computer service issue, please let us know!  864.990.4748 or info@homelandsecureit.com

 

 

In the last 24hrs, I have spoken with or assisted at least 3 people who have become infected due to opening a malicious email.

One of them was my wifey, Pamela, who received an email from the US Postal Service stating that her package had been refused and to open the attached file for details. Due to her old Microsoft Windows Vista system which without question should be updated, the payload from the trojan was dropped and she was without her computer for 3 hours while over 300,000 items were scanned again and again and her icons restored so she could use her desktop.

What is happening is a bit of social engineering.  The emails appear to come from someone you trust, in this case the Post Office, and they appear to have important information, just too good to pass up. A busy worker may be momentarily fooled, and likely, at the very moment they click on the item, they think, “Ohhh I bet I shouldn’t have done that”, but it is too late.

• How can you keep from becoming a victim of this type of exploit?
• Avoid using unpatched Microsoft Windows systems!  When updates are released, install them.
• Install all updates to important applications, such as Microsoft Office.
• Install all updates to Adobe Reader, Flash, Acrobat, and to JAVA.
• Keep current and trustworthy anti-virus such as Trend Micro Titanium 2012 on all your computers.
• Use caution when opening attachments. Ask yourself why the USPS would be sending you and email and why would the information be in an attachment before clicking on it.

Before I get responses such as “Macs do not have that problem”, yes, Apple Mac OS X does have that problem. We have dealt with almost as many Mac security issues this year as we have Windows 7.  Regardless of the Operating System, a little common sense and preventative maintenance goes a long way!

Should you need help with a virus cleanup or virus removal for your personal computer or your business, we can help. We also partner with Trend Micro to offer Worry-Free, Trend Micro Titanium, and the entire outstanding line of Trend Micro anti-virus, anti-spyware, anti-spam and anti-everything software, just give us a call at 864.990.4748 or email info@homelandsecureit.com.