Trey Pennington (@TreyPennington) has created the “Social Story Conference” which is going to be in Greenville, SC on September 24th. Trey, along with some other awesome people will be speaking on the subject of social media and social stories.  In short, how businesses can, and do, connect with people and form relationships, rather than force-feeding marketing down a one-way pipeline.

If you want to learn more about how to connect with your customer base, how to share in their lives, and how your products or services are part of their lives then you should consider going. If you are just wanting to continue to “broadcast” your information in the hopes that someone is going to listen, then avoid this conference by all means. Let’s face it, if you are constantly blathering on twitter about the $29.99 special your company offers without ever taking the time to follow your followers or listen to what they have to say, you are going to be unfollowed or filtered, just like the annoying car dealership commercials are muted by TV viewers.

The line up of speakers for Greenville is exciting! In addition to Trey Pennington, we’ll get to hear from and connect with Amber Osborne (@MissDestructo), Tim TV, Sean Buvala (@StoryTeller), Olivier Blanchard (@TheBrandBuilder), and Rick Murray… The emcee will be Phil Yanov (@ThinkHammer).

This is not about the social media platform, it is independent of the transport mechanism. It’s not about Twitter, or Facebook, it’s about connections.

More information is on the Social Story Conference website at http://socialstoryconference.com/ and you can also follow the hash tag of #SocialStory on Twitter.

Homeland Secure IT is proud to help sponsor this event and we can’t wait to see you there!

Here’s the scenario… Assume you are an executive and you are lucky enough to have a personal assistant. Now, let’s also assume you are sick of getting email from just any Tom, Dick or Harry. What do you do? You make your PA your “Gatekeeper”.

There are lots of ways to handle this, but let’s throw some other items into the mix just to make the possible solution below the best one…   You want to get your “filtered” mail on your desktop, your iPad, Outlook Web Access, your Android phone, and still have your contacts and calendars shared where your PA can drop those items right into your box.

My suggestion would be to create three accounts:

Mary Jane (maryj@yourcompany.com) for your PA

Joe Blow (joeb@yourcompany.com) for your external email, that the world mails to.

Joe Blow Personal (joeblowpersonal@yourcompany.com)

Associate your Outlook account, iPhone, iPad, Android and other devices with Joe Blow Personal. If you use Outlook Web Access, you will login to OWA using Joe Blow Personal’s credentials.

Share the Joe Blow Personal account’s Calendar and Contacts (If you want the PA to make direct entries to those folders).

Set Mary Jane as a full owner of the Joe Blow account.

Now, on Mary Jane’s computer, set her Outlook to open the Mary Jane email account and an additional email account of Joe Blow (joeb@yourcompany.com).   Also, go to File/Open and open Joe Blow Personal’s Calendar and Contacts.

Mary Jane now can open the inbox of Joe Blow, where all the junk comes from, and sort it as they see fit, then forward the mail to you for reading (Or if you allow her to open your inbox, she could drag and drop the good stuff to your mailbox). Mary Jane can also directly enter calendar entries and contacts for your account.

You can set your reply-to address to be joeb@yourcompany.com if you do not want people replying directly to you, so any emails you send out will be replied to and go direct to your gatekeeper.

Outlook and Exchange allow many wonderful configuration options… If you desire more information about this or anything related to Microsoft Exchange / Outlook, please call us at 864.990.4748 or email info@homelandsecureit.com – we offer free consultations in the Greenville / Upstate, SC area!

HP StorageWorks RDX Technology

When selecting a backup solution, you may be considering one of the following:

LTO, DLT, DAT Tape – The de facto standard in backup media for business and enterprise. Though it is growing a little long in the tooth, the format has proven itself to be reliable and affordable when you consider the lifetime of the drive and the media. These are available in a variety of flavors, from SCSI, to SATA, internal and external. And for those needing massive storage and speed, there are enormous auto-loaders such as 96 slot HP LTO 5 fiber channel systems.

Iomega REV removable cartridge systems – Outdated, no longer sold or supported by Iomega. (You can still buy media)

Portable hard drives – While these seem attractive because they are cheap and available at every office supply house in town, the reliability of these devices is not idea for mission critical solutions. The constant plugging and unplugging of USB cables can wear connectors out prematurely and there is the slight possibility that a server can be damaged by static when plugging in a drive. Most IT people feel this is a better solution than no solution at all.

Remote Backup or In-The-Cloud backup – We offer Servosity Online Backup and feel it is a great addition to any existing hardware backup system you may have, and could serve as your primary backup if so desired. These are affordable solutions that require very little hands-on time.

Network based disk storage – These are awesome for speed, and convenience, but they generally remain on site and in the event of a catastrophic disaster such as fire, flood, or even theft, you could be left with no backup. This falls under the “much better than nothing” category.

Flash drives and other non-volatile storage media, including CD & DVD – Again, this better than nothing and surely works for small amounts of data, but longevity may be in question. CDs and DVDs have a lifespan after written to, usually of only a few years, making long term archival use impossible. Flash drives are great to make a quick backup, but there are occurrences of people losing data on one from high powered RF devices erasing them. Probably not a solution for most businesses.

A plethora of other technologies exist, but one that has been gaining momentum in the business and enterprise market is RDX.

RDX, or Removable Disk Technology is based around a docking station that accepts an RDX cartridge. The cartridge encases and protects a hard drive. RDX cartridges come in many sizes, whether you need 160GB or 1.5TB, there is bound to be one that fits your data needs.

What makes RDX different from a typical portable or removable drives? It is a “hardened” solution that encloses the hard drive and enables it to take a drop of up to 1 meter. These systems also offer protection from static discharge. A typical RDX can move upwards of a 100GB an hour. If you outgrow the the original size cartridge, you can begin replacing them with larger capacity as the dock is backwards and forwards compatible with any other RDX cartridge.

RDX is a standard that allows you to purchase cartridges from any manufacture to use in your system. It also offers a shelf life of up to 30 years, allowing you to archive your data and know that if the IRS audits you, you can access it.

No need to upgrade your current backup software in most cases when switching to RDX as the technology is already supported in most backup applications such as Symantec Backup Exec!

If you are looking for a backup solution, whether it is your first, or an upgrade of a current system, then you may wish to give RDX a close look. Call us at 864.990.4748 or email info@homelandsecureit.com. We offer RDX products from HP, Imation, Lenovo, and Quantum to name a few. We offer a free evaluation in Greenville and the Upstate of South Carolina.

I told him not to worry because somehow, some way, we will recover his data and get him back online. Of course, he didn’t mention that no backup existed until near the end of the conversation… Hopefully this story will have a happy ending…

What are you doing for a disaster recovery plan? Sure you are backing up your desktops and servers, but what about those notebooks? We offer a free trial of Servosity Online Backup…

Free Servosity Online Backup Trial! Click Here...

With Servosity Online Backup you will be able to sleep at night knowing your data is protected, even on mobile computers which may never see the main office. Your data is encrypted and uploaded to the Servosity secure remote storage server. In the event of a disaster, individual files, folders, or an entire system drive can be restored.

Have important files that change throughout the day? Servosity also offers CONTINUOUS backup protection – important files are backed up as they are changed on your system. All of this takes place automatically.

Servosity works with Microsoft Windows, Apple Mac OSX, Linux and other *nix based operating systems. Don’t take a chance, try out Servosity TODAY! For FREE!

Homeland Secure IT offers many backup solutions and one is just right for your application! Tape, Backup-2-Disk, NAS/SANs, Autoloaders and Jukeboxes… Email info@homelandsecureit.com or call 864.990.4748 for more information.

Snoop Dogg has is now joining forces to fight cyber crime: HACK IS WACK 

If you upload your own video, please let me know! I want to see it!

Hope everyone is enjoying their Labor Day off!

Dirt Cheap Computers - are they worth what you pay for them?

I’m sure you have heard the old adage “If it sounds too good to be true, it probably is…”

In the case of computers, servers, firewalls, VoIP equipment, Microsoft, Adobe and other hardware / software, that has always been true.

For example: We have one client who purchased Microsoft Office Professional 2003 a number of years ago on the cheap. I believe they purchased about 20 seats and were presented with an authentic looking disk and the product key from the dealer. They saved a significant amount over purchasing from CDW, Homeland Secure IT, or some other reputable Microsoft dealer. However, flash forward to present day and they are unable to receive support from Microsoft, they are being told the software is counterfeit, and will have to purchase new licensing at a very hefty price.

This is a common story these days. In fact, a quick Google search turned up Microsoft Windows 7 Professional for ~50 dollars. Come on, the cost to any reputable dealer is more than that, how can they SELL it for that? hrmmmmm

To make matters worse, this is happening with hardware all too often. A few months ago, Cisco was experiencing a shortage of ASA 5505 and other products. It was a horrible time for companies who relied on that hardware, so they began looking outside their regular suppliers. What they found were some deals on ASA 5500 products that were not really a “deal”, but they WERE in stock, so they ordered them. These were actually grey market dealers. They had no association with Cisco, and they were not selling new product. Some of the items sold were “new – old” stock (where it had been sitting on the shelves for a while, with older software loaded), some had been obtained from legitimate dealers who went under (at actual dirt cheap prices) by a company that bought all their stock, but the worst of them were actually STOLEN devices and then there were some reports of used or refurbished devices being sold as new.

All of these scenarios had one thing in common – the customer was paying for something they were not getting. Whether it was an actual new product, or a product that could be supported by Cisco SMARTnet support contract. Some customers received “bricks”, ASA firewalls that simply did not work, and the dealer was nowhere to be found when they sought support, and of course, Cisco will not support items which are not legit.

The inspiration for this blog post is that I read an article in a trade journal recently that warned of this type of unscrupulous behavior, and today at a lunch meeting, I was told of something similar happening to someone I know so I thought I would share that with you and maybe save one person from a bad experience.

The moral to the story is – buy quality product from quality vendors. Homeland Secure IT is such a vendor. We offer many products, including Cisco, WatchGuard, SonicWall, Microsoft, Trend Micro, Symantec and others through our partnerships with those manufacturers and though the cost is going to be higher than the “discount” internet price, you can find us, and we stand behind that product and sale 100%! You will never get a black market, gray market, used or refurbished item in place of what you pay for!

Call us today for more information at 864.990.4748 or email info@homelandsecureit.com – We offer computer service, support and sales in the Greenville  / Upstate SC area, and national sales.

Chances are also good you are buying your licensing from a vendor who may have originally installed the equipment and they could be charging you for the licensing plus a fee to administer those licenses for you. The licensing is generally sold at the manufacturer’s suggested retail price.

If you would like another quote on your license renewals and sales, please contact us at 864.990.4748 x 201, or email info@homelandsecureit.com

We offer sales of products and licensing, as well as licensing renewals for Trend Micro, Cisco, Symantec, Microsoft and more! We never charge an administration fee.

One word of warning regarding “deep discount” licensing providers – if it sounds too good to be true, it probably is. The markup on licensing is not very much, so if you find Microsoft Office Professional for 20% less than the retail, odds are, it is counterfeit product and will allow you no ability to upgrade or receive support.

Congratulations to both of them, as they have won Trend Micro Internet Security 2010 anti-virus in our little giveaway…

Trend Micro Internet Security 2010 is designed for home and small business users and offers protection against viruses, spyware, unauthorized changes to applications, as well as offering outstanding email protection from spam and malicious emails and Web monitoring too!

The $49.99 retail package will cover up to 3 computers.

If you would like to purchase Trend Micro products, including Internet Security 2010, Internet Security Pro, Worry-Free Business Security or Enterprise packages like the Enterprise Security Suite, etc, or would like additional information, please email info@homelandsecureit.com or call 864.990.4748 – We offer computer security service and support in Greenville / Upstate SC and national sales!

Protect your data - by destroying it!

Protect your data – by destroying it!

Boy that sounds interesting doesn’t it? But what does that mean?

As computers age and are replaced, they might find their way to a dumpster, or given to a non-profit organization who refurbishes them and resells them, or they may be given to a computer recycler who is supposed to dispose of the computer in an environmentally friendly manner.

The problem with all of these scenarios is that you don’t actually know what will become of your data.

Let’s assume for a moment that you are an attorney and you replace your computer. You toss the old computer, but you took measures to protect the data on your hard drive first, such as, maybe reinstalling a fresh OS on it, ore deleting all your personal files, or even performing a format operation on the hard drive. Someone who targets people in your line of work may be watching the dumpsters and upon finding the discarded PC, could pull the drive out and use recovery software that is available to restore some, if not all of your previous data! That’s right, even if you DELETE IT, reinstall the operating system, or format it, the chances are very good that data can be retrieved off of your drive. EVEN IF THE DRIVE HAS CRASHED, chances are, some data can be recovered by a professional or anyone serious enough to attempt it.

The same holds true for PC recyclers…  See a previous blog entry here with a video that outlines what becomes of many computers.

So what is a person or business to do in order to protect themselves, their data and the data of their customers that may be on an old PC? Your options are to trust your computer service / network support technicians to do the job for you, which we will often do here at Homeland Secure IT, where we take your old PC and perform a “DOD wipe” that writes zeros and ones to every sector on the drive multiple times over, rendering it virtually unrecoverable, or sometimes we damage a hard drive beyond recovery using physical means.  Another option is to simply remove the hard drive and shelve it, while discarding the rest of the computer.

There is an alternative though. There are professional data destruction service providers who will go to your location, remove your hard drive for you, and SHRED the drive, turning it into data confetti! This is the widely accepted standard for protecting data on old drives. You cannot recover bits of data from bits of shredded metal.

A benefit of using data destruction professionals is that they can provide you with the proper documentation that relieves you from all liability, as you have done everything in your power to protect important data. You can also witness the destruction first-hand if you do desire.

ShredDesk Inc. of Greenville is one such business that can provide this service and I highly recommend them!  Brent offers fast response and reasonable rates! He will personally visit your location, remove the hard drive for you, grind it to shreds and provide you with a Certificate of Destruction! Brent covers the entire Upstate and even has clients outside this area that he travels to.

If you are an IT worker, you can stockpile drives as you upgrade machines and call Brent when you have a stack of them to make it very cost affective and simple!

For more information about data destruction, data protection using hard drive backups, and network protection / security using firewalls, anti-virus and more, please call 864.990.4748 or email info@homelandsecureit.com

Microsoft Office 2011

Microsoft’s latest version of Office 2011 is due out in October of 2011. It features many improvements over previous versions and comes in the following flavors:

Microsoft Office for Mac Home and Student 2011 includes Word for Mac, PowerPoint for Mac, Excel for Mac and Messenger for Mac. It will retail for $119  for a single install and $149 for the “Family Pack” giving you up to 3 installs. The Home and Student edition includes the core productivity applications that Mac users want and need.

Microsoft Office for Mac Home and Business 2011 includes Word for Mac, PowerPoint for Mac, Excel for Mac, Outlook for Mac and Messenger for Mac. It will retail for $199 for a single install and $249 for the “Multi-Pack” which allows two installs. This version sports all features of the Home and Student version with the addition of Microsoft Outlook for Mac.

Microsoft Office for Mac Academic 2010 includes Word for Mac, PowerPoint for Mac, Excel for Mac, Outlook for Mac and Messenger for Mac. It will retail for $99 and be available direct from Microsoft and authorized academic stores.

Buy  Microsoft Office 2008 for Mac today and upgrade to Office 2011 at no additional cost!

If you require additional information about Microsoft Office for Mac or Windows, please email info@homelandsecureit.com or call 864.990-4748. Homeland Secure IT offers computer and network support in the Greenville / Upstate area, as well as national sales of Microsoft products!

The Clean House - Sarah Ruhl

Let me preface this post with the fact that I had never heard of The Warehouse Theatre until my family participated in the “Google on Main” event earlier this year. After that event, there was a follow-up which took place at The Warehouse and that was the first time I set foot in the facility.

Since then, we have been seeing lots of discussions on various social media sources about plays and events at that venue and decided we just had to check it out, so I purchased tickets on the phone last week for “The Clean House”… To make this even more interesting, I scored a “Social Media Press Pass” which let me in for free…  What on earth was The Warehouse Theatre thinking when they gave MEa press pass? haha  I think it must be because I quickly jumped on the band wagon when Aaron Von Frank (@AaronVonFrank) said he and Paul would dress up as French Maids and clean the home of one lucky attendee if all the shows sold out!  

All that aside, I took my wife Pamela, 17 year old daughter Megan and 15 year old son Brett this afternoon’s performance of “The Clean House”.

Having little exposure to community theatre, I must admit that when I walked in the doors today I was not exactly sure what to expect. I’ve been to many plays and musical productions, paying lots of money for great seats in world reknown theatres, and to be honest, I had braced myself for disappointment. I assumed that I would be watching a production similar to a high school play, with lousy lighting, poor audio, a spartan set and worse, actors straight out of the high school drama department.

Boy was I wrong! The audio was perfect, excellent sound quality, not a missed cue. The lighting was outstanding, including a video backdrop with colored background and text/graphics that were perfectly synchronized with the actors – if there was a mistake made, I sure didn’t witness it!

The set itself was a work of art and fit perfectly with the lifestyle of Lane (Stark white, sterile, with modern furnishings), however, the biggest thing I was wrong about was the quality of these actors!

I am not familiar with the work of the playwright, Sarah Ruhl, but these actors managed to portray characters that I believe we all can relate to and managed to capture our hearts in doing so. Many Broadway productions I’ve seen could have benefited from the expertise of this cast! I saw nothing but true seasoned professionals!

Without giving away too much, this play is funny…  And the timing of the cast was impeccable.  The lead character, Matilda (played by Lynne Junker) is a hired on by Lane (Debra Capps) as a house keeper, but she hates cleaning… Matilda has us laughing from the start. Virginia (played by Elizabeth Finley) the OCD sister of Lane feels moved to help the “depressed” Matilda by cleaning for her.

While cleaning, Virginia discovers the undergarments of someone other than Lane and that leads to the assumption that Lane’s husband Charles is having an affair. As it turns out, it is more than an affair, and we are taken on an interesting ride through what could be considered unbelievable if you have never been involved in something so ludacris in real life. My wife says she can totally relate with every character as the twist and turns unfold.

The play takes you full circle through relationships and the drama that goes with them sometimes. As I mentioned, it is very lighthearted, so do go prepared to laugh at the tragic story. (It is really a love story, but I’ll let you discover this for yourself)…

I feel I must appologize to these wonderful actors and The Warehouse Theatre for being so cynical about what Greenville had to offer in The Arts. I have been missing out on a lot and I am glad to have discovered this source of entertainment and enlightenment for our family.  For a fraction of the cost of an evening at The Peace Center, you can rest assured we will be visiting this venue frequently! 

The next show at The Warehouse Theatre is “The Rocky Horror Show”, a personal favorite that is coming up in October!!!! Hope to see you there!

Homeland Secure IT Alert

Homeland Secure IT Alert #3 for Thursday, August 26, 2010

Not to be outdone by the Apple Mac OS X security issues, Microsoft has a few new issues as well. This time regarding DLL handling.

What follows is the original posting from US-CERT:

—

National Cyber Alert System

Technical Cyber Security Alert TA10-238A

Microsoft Windows Insecurely Loads Dynamic Libraries

Original release date: August 26, 2010
Last revised: –
Source: US-CERT

Systems Affected

Any application running on the Microsoft Windows platform that
uses dynamically linked libraries (DLLs) may be affected. Whether
or not an application is vulnerable depends on how it
specifically loads a DLL. Please see the Vendor Information
section of Vulnerability Note VU#707943 for information about
specific vendors.

Overview

Due to the way Microsoft Windows loads dynamically linked libraries
(DLLs), an application may load an attacker-supplied DLL instead of
the legitimate one, resulting in the execution of arbitrary code.

I. Description

Microsoft Windows supports dynamically linked libraries (DLLs) that
are loaded when needed by an application. DLLs are typically loaded
when the application is first started; however DLLs may be loaded
and unloaded while the application is running. An application can
request a DLL file in a variety of ways, and Windows uses several
different search algorithms to find DLL files. The interaction
between the application and Windows can result in a DLL file being
loaded from the current working directory of the application,
instead of the Windows system directory or the directory where the
application is installed.

The current working directory could be the desktop, a removable
storage device such as a USB key, a Windows file share, or a WebDAV
location. When a file associated with an application is opened, a
DLL in the same directory as the file may be loaded. Although an
attacker may not have permission to write to the Windows system or
application directories, the attacker may be able to write a DLL to
a directory used to store files, or the attacker could provide
their own directory.

Attacks against this type of vulnerability have been referred to as
“binary planting.” Please see Vulnerability Note VU#707943 and
Microsoft Security Advisory 2269637 for more information.

II. Impact

By placing a DLL with the correct name (and possibly the relative
directory path) in the current working directory, an attacker could
execute arbitrary code with the privileges of the application that
loads the DLL.

III. Solution

Individual applications that run on the Windows platform may
require patches or updates. Microsoft Knowledge Base article
KB2264107 describes an update that provides a registry key that can
prevent Windows from searching the current working directory for
DLL files.

Information about specific solutions for different vendors, general
mitigation techniques, and secure ways for applications to load
DLLs can be found in the Vendor Information and Solution sections
of Vulnerability Note VU#707943.

IV. References

* Vulnerability Note VU#707943 -

* Microsoft Security Advisory (2269637) -

* A new CWDIllegalInDllSearch registry entry is available to control
the DLL search path algorithm -

____________________________________________________________________

The most recent version of this document can be found at:
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to with “TA10-238A Feedback VU#707943″ in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit .
____________________________________________________________________

Produced 2010 by US-CERT, a government organization.

Terms of use:
____________________________________________________________________

Revision History

August 26, 2010: Initial release

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTHbPuj6pPKYJORa3AQI0Rwf+JjLbBdWxKa+8pzCefxhs+maIjzihg/vN
ZNF90uuFgMAdIrTD7+Qlv6TUc3ep/O28Dg11K8rXaOfxeyPsItMwpbz7vrpoUC5W
qvu6pYQnmhW/egryPPC8cwFecuDaTNNWDShwQ8oULXnp2mfj9q3LUvVOvLXaiwXs
rivmLthvhCjWBYpYFBb9yHjHOcQd4JQ0LS4A4BRzXGKTTgMnRvawPeHFQvsMlR0M
plrIJ4Lht3eOis97Rot9BIIcYytM74ctz6TwCwOz5JPTA1ncikEzoLhaKCQ2egpq
GmyjcQLo83JWRxDkBE9EkBhkpOjyhsvpVLZoJrqpkwKtJMUVeLcBBw==
=M/vJ
—–END PGP SIGNATURE—–

—

If you have questions or need assistance with this issue, please call 864.990.4748 or email info@homelandsecureit.com

Homeland Secure IT Alert

Homeland Secure IT Alert

Secure IT Alert #2 for Thursday, August 26 2010

More bad news for Mac owners. PLEASE update your systems. We are seeing the number of Mac and *nix exploits ramp up at an alarming rate. Many people have found rootkits were installed on their systems for no telling how long before they were discovered.

The following information was provided courtesy of WatchGuard. Fantastic firewall devices at reasonable prices! If you should be interested, we are a partner with WatchGuard and offer their full line-up.

Malicious Documents and Images Threaten OS X

Severity: Medium

24 August, 2010

Summary:

• These vulnerabilities affect: All current versions of OS X 10.5.x (Leopard) and OS X 10.6.x (Snow Leopard)
• How an attacker exploits them: Multiple vectors of attack, including enticing your users into downloading and viewing various documents or images
• Impact: Various results; in the worst case, an attacker executes code on your user’s computer
• What to do: OS X administrators should download, test and install Security Update 2010-005 as soon as possible, or let Apple’s Software updater do it for you.

Exposure:

Today, Apple released a security update to fix vulnerabilities in all current versions of OS X. The update fixes thirteen (number based on CVE-IDs) security issues in seven components that ship as part of OS X, including PHP, CoreGraphics, and ClamAV. Some of the fixed vulnerabilities include:

• CoreGraphics Buffer Overflow Vulnerability. CoreGraphics is an OS X component that helps output graphics to your display (or printer). CoreGraphics suffers from a heap buffer overflow vulnerability involving the way it handles PDF files. If an attacker can get a victim to view a specially crafted PDF document (perhaps hosted on a malicious web site), he could exploit this flaw to either crash an application or to execute attack code on the victim’s computer. By default, the attacker would only execute code with that user’s privileges.
• ATF Buffer Overflow Vulnerability. The Apple Type Service (ATS) helps OS X machines handle fonts. ATS suffers from a buffer overflow vulnerability having to do with the way it handles embedded fonts. By tricking one of your users into downloading and viewing a malicious document containing a specially crafted font, an attacker can exploit this flaw to execute code on that user’s computer. By default, the attacker would only execute code with that user’s privileges. 
• Multiple PHP Vulnerabilities. PHP is a general-purpose scripting language primarily used to create dynamic web applications, which ships with OS X. Apple’s update fixes several vulnerabilities found in PHP 5.3.1. However, Apple only describes one of the PHP vulnerabilities in any detail. The vulnerability involves a buffer overflow flaw within one of PHP’s image handling function libraries. By enticing one of your OS X users into viewing a specially crafted PNG image (perhaps hosted on a malicious web site), an attacker could exploit this flaw to execute code on that user’s computer, with that user’s privileges.

Apple’s alert also describes other vulnerabilities, including some Denial of Service (DoS) flaws, information disclosure issues, and a few more code executions flaws. Components patched by this security update include:

Please refer to Apple’s OS X 10.5.x and 10.6.x alert for more details.

Solution Path:

Apple has released OS X Security Update 2010-004 and OS X 10.6.4 to fix these security issues. OS X administrators should download, test, and deploy the corresponding update as soon as they can.

• Security Update 2010-005 (Leopard)
• Security Update 2010-005 (Leopard Server)
• Security Update 2010-005 (Snow Leopard)
• Security Update 2010-005 (Snow Leopard Server)

Note: If you have trouble figuring out which of these patches corresponds to your version of OS X, we recommend that you let OS X’s Software Update utility pick the correct updates for you automatically.

For All Users:

These flaws enable many diverse exploitation methods. Some of the exploits are local, meaning that your perimeter firewall never encounters the attack (unless you use firewalls internally between departments). Installing these updates, therefore, is the most secure course of action.

Status:

Apple has released updates to fix this flaw.

References:

• August 2010 OS X 10.5x and 10.6.x Security Update

This alert was researched and written by Corey Nachreiner, CISSP.

For past alerts, log into the LiveSecurity Archive.

Jargon defined in the LiveSecurity Online Glossary.

—

If you require assistance please call us at 864.990.4748 or email info@homelandsecureit.com - we offer computer & network support to Greenville / Upstate, SC

Homeland Secure IT Alert

Homeland Secure IT Alert

Homeland Secure IT Alert for Thursday, August 26th 2010

I know it seems like it never ends… Adobe Reader, Adobe Acrobat, Adobe Flash, Adobe Air, Java, Windows, Mac, one update and patch after another following these security announcements….  

The vulnerability de jour is brought to you by Adobe, and it affects Shockwave player on Macintosh OSX and Windows platforms. The short and skinny is – update today, don’t delay….  What follows is information sent out courtesy of WatchGuard who makes a fantastic line of Firewalls, Network Security and Unified Threat Management Appliances for every application. We are proud to partner with WatchGuard and offer their products.

Adobe Shockwave Update Corrects 20 Security Flaws

Severity: Medium

25 August, 2010

Summary:

• This vulnerability affects: Adobe Shockwave Player 11.5.7.609 and earlier, running on Windows and Macintosh computers
• How an attacker exploits it: By enticing your users into visiting a website containing malicious Shockwave content
• Impact: An attacker can execute code on your computer, potentially gaining control of it
• What to do: If you allow the use of Shockwave in your network, you should download and deploy the latest version (11.5.8.612) of Adobe Shockwave Player as soon as possible.

Exposure:

Adobe Shockwave Player displays interactive, animated web content and movies called Shockwave. According to Adobe, the Shockwave Player is installed on some 450 million PCs.

In a security bulletin released late Tuesday, Adobe warned of twenty critical vulnerabilities that affect Adobe Shockwave Player 11.5.7.609 for Windows and Macintosh (as well as all earlier versions). Adobe’s bulletin doesn’t describe the flaws in much technical detail. It only describes the nature and basic impact of each flaw. For the most part, the flaws consist of unspecified memory corruption vulnerabilities. Though these flaws differ technically, most of them share the same general scope and impact. If an attacker can entice one of your users into visiting a website containing some sort of malicious Shockwave content, he could exploit many of these vulnerabilities to execute code on that user’s computer, with that user’s privileges. If your Windows users have local administrator privileges, an attacker could exploit this flaw to gain full control of their PC. Adobe’s alert doesn’t describe what type of Shockwave content triggers these various flaws. However, other researchers’ alerts have disclosed that malicious Shockwave (.SWF) and Director (.DCR and .DIR) files can trigger these vulnerabilities.

If you use Adobe Shockwave in your network, we recommend you download and deploy the latest version as soon as you can.

Solution Path:

Adobe has released a new version of Shockwave Player, version 11.5.8.612. If you use Adobe Flash in your network, we recommend you download and deploy this updated player as soon as possible.

For All WatchGuard Users:

Some of WatchGuard’s Firebox models allow you to prevent your users from accessing Shockwave content (.SWF, .DIR, and .DCR) via the web (HTTP) or email (SMTP, POP3). If you like, you can temporarily mitigate the risk of this vulnerability by blocking .SWF, .DIR, and .DCR files using your Firebox’s proxy services. That said, many websites rely on Shockwave for interactive content, and blocking it could prevent these sites from working properly.

—

If you require assistance in in updating the Shockwave player, or specific instructions for applying the WatchGuard content blocks above, please call us at 864.990-4748 or email info@homelandsecureit.com – We provide network and computer support to Greenville / Upstate businesses and individuals! We offer sales of WatchGuard Firewalls and UTMs nationwide.

Homeland Secure IT Alert

Trend Micro Browser Guard can protect you from "Zero Day" Exploits

Our friends at Trend Micro Labs are watching out for you, even if you opt to not purchase their incredible anti-virus software!

If you are using Internet Explorer 6, 7, or 8 you could fall victim to what is known as  ”zero day exploit”, which is simply a hole that is found by the bad guys and a means for taking advantage of that security flaw is devised and deployed before the good guys can prepare for it.

The easiest application to exploit is Microsoft IE, because it is the most popular browser currently, and we just can’t stop clicking on links. We are addicted to clicking every link we find, and should one of those be a malicious site, we run the risk of becoming a victim if we do not have the latest patches, and sometimes with these zero day exploits, there IS NO PATCH.

Browser Guard 2010 from Trend Micro may help prevent your IE from leading you into trouble. As mentioned, it is a free download and works with IE 6, 7 and 8. If you are using an x64 (64 bit) system, you are out of luck though.

The following is extracted from their site:

Trend Micro Browser Guard is an easy to use browser plug-in, which prevents known and unknown web threats. Zero-day attacks such as Aurora and Hydraq can be proactively blocked by Browser Guard, which detects and prevents behavior associated with these types of threats.

Cybercriminals often use malicious JavaScript inserted into web pages, where attacks can take place silently, without any visible effect. Browser Guard also protects you from such attacks by analyzing and subsequently blocking malicious JavaScript. For the most advanced and efficient detection, Browser Guard communicates with the Trend Micro Smart Protection Network, bringing you the latest protection when you surf the web.

Key Benefits

• Protects against zero day exploits
• Detects buffer-overflow and heap-spray attacks
• Protects against execution of shell code
• Analyzes and protects against malicious JavaScript
• Connects with Trend Micro Smart Protection Network to maximize detections

CLICK HERE to go to the Trend Micro Browser Guard page.

If you are using Chrome, Firefox or another alternative browser, you can still become a victim, just not as easily due to the fact that these browsers are not being targeted as frequently.

If you have questions or require assistance, please call 864-990-4748 or email info@homelandsecureit.com – We offer affordable and fast virus removal and cleanup in Greenville / Upstate SC (If you suspect you have a virus, click here, then select the free online scan)

I explained that the “IT” in our case is an all encompassing catch-all term that covers just about anything you plug into the wall. We sell, service, repair, support a wide range of technologies, not just a computer, server or network, but VoIP systems, CCTV and network security camera systems, firewall appliances, anti-virus software and software in general.

So basically, whatever IT is, we can help you with IT!

I am unsure of a way to indicate everything we work with, but suffice it to say, it is not limited to just a notebook computer fix, or a simple virus cleanup. While we DO those things, we also deploy Blackberry Enterprise Server so your mobile users can stay connected. We help integrate wireless devices like Androids, iPads and more into your Microsoft Exchange. We configure VPNs that allow a mobile workforce or a branch office to connect to your data as if they were physically in your office. We design and deploy Voice over IP phone systems. We offer biometric and card swipe time clocks.

Again, if it plugs into your network, or connects wirelessly, or you WANT it to, we can help. Give us a call at 864.990.4748 or email info@homelandsecureit.com to discuss your unique needs! We serve the Greenville & Upstate SC area!

Ecobee Smart Thermostat

Web Enabled Thermostats: A not-so-new technology is becoming mainstream due to the desire to save money and be “green”.

If you have been looking to purchase a new HVAC system for your home or business, you may have been given the option to include a thermostat that enables you to view statistics & make changes to the settings using a web browser or an app on your phone. The price ranges from a round $100.oo to as much as $500.oo at the time you purchase a new system, and you promised that it will pay for itself by allowing you to set schedules to reduce the costs of operating your system during times you are away from the home/business.

Some utility companies, such as UTX in Texas have plans you can sign up for that will enable you to get a FREE web enabled thermostat, and I believe you only pay around $75.oo for the installation. Ultra good deal in my opinion.

X-300 Web Enabled Thermostat

But what about those of us with older systems? Fortunately, the majority of web enabled thermostat manufacturers have designed their units with us in mind. Instead of targeting the new HVAC market, they have built devices that can be used with any system, whether it is a heat pump, or an oil fired unit, there is a model for you.

The benefits are as mentioned before… Ability to control your system from a web browser, ability to control your system from a phone with either a web browser or an app loaded on it for that thermostat. Some thermostats feature the ability to control other devices, such as lighting, and some have the ability to sense a contact closure. You can see a graph of system usage and override scheduled events, as well as easily SEE the schedules, rather than paging through one day at a time as you do on older programmable thermostats. Some units feature alerts, should your system not cool or heat properly, which would be perfect for those who have unattended / vacation properties.

X-300 Thermostat Control via iPhone App

What about security? Can someone “hack” my home? Sure! Anything that is accessible via the internet could potentially be exploited by attackers, however, these devices are currently low-profile making them an unlikely target. Most of the manufacturers claim security through encryption of the data stream.

Where do you get one of these? Online vendors have a large selection of web thermostats, and your HVAC vendor probably has their favorite. Some quality brands are Ecobee, Control By Web, Schlage / Trane, Proliphix, BAYweb, among others. Which model is right for you should be based upon exactly what features you require. For instance, some have a Wi-Fi option to eliminate the CAT-V cable run.

Can I really recoup my investment? That remains to be seen. I am sure a $150.oo unit could pay for itself in a year or more if you are replacing a non-programmable thermostat, but for some of the higher end products, I’m thinking that realistically you are looking at a couple years… Your mileage may vary.

If you have any question about these, please email info@homelandsecureit.com, call 864-990-4748×201 or respond here! If you have one, tell us what you like best about them.

Typical Cisco 802.11n Certified Access Point

Late in 2009 the 802.11n wireless LAN standard was finally ratified by the IEEE, making way for a host of manufacturers to produce products that are certified with this standard.

What is 802.11n exactly? It is an upgrade to the 802.11b/g standard that has been in use for years in homes and businesses around the world. It’s the same, but different! Think of it as Wi-Fi on steroids.

Just how fast is it? Five times faster throughput than 802.11g and even faster throughput possible through the use of different formats of this new standard. Imagine a wireless LAN having throughput greater than your wired network!

“But I’ve already got 802.11n” you might say. While that is true, depending upon when you obtained it, you probably have the 802.11n Draft product that may not have all the bells and whistles of the post ratification standard and certified devices that are coming on the market.

The real secret sauce will be what is known as “three-spacial” and “four-spacial” systems… These will will make it a toss-up between a wired 10/100 LAN and wireless, even in heavy use environments.

When purchasing 802.11n equipment, you may wish to insure it is on the Wi-Fi Alliance’s list of certified devices which can be found HERE. Every major manufacturer is offering a line of products with the new standard, including our favorite, Cisco.

Need another reason to consider upgrading current 802.11b/g systems to the new standard? How about range? 802.11n has a more consistent coverage area!

If you would like additional information or to purchase new WLAN equipment, please call 864.990.4748 or email info@homelandsecureit.com

All of our computer vendors have been alerting us to the fact that after October 22, 2010 they will no longer be able to provide us with machines that include the downgraded Microsoft Windows XP professional and that Microsoft Windows 7 will be the only option. There are some exceptions, such as storing an image with the PC vendor and providing them with a product key, which they will store and apply to custom ordered machines after 10/22/2010.

I highly recommend you make the move to the new Microsoft Windows 7! Our clients are never disappointed with the performance and reliability of this operating system. Some people have abandoned their alternative OSes (linux and Mac) for the compatibility and features!

If you are still unsure if Windows 7 Pro is for you, please give us a call or email. We offer free computer / server consultation to Greenville & the Upstate of SC. We can also install your software on a Windows 7 machine and insure compatibility without the need for you to switch your infrastructure only to find out it was the wrong thing to do!

Homeland Secure IT Alert

Homeland Secure IT Alert for August 18, 2010

Adobe has announced that August 19th will bring out-of-cycle updates to Adobe Reader 9.3.3 across the Microsoft Windows, Apple Mac and UNIX platforms, as well as Acrobat 8.2.3 on Apple Macintosh to address critical vulnerabilities. An update to Adobe Flash player is also anticipated.

More info can be found here but the bottom line is – please insure your products are updated as soon as the release is made. We are seeing clients already exploited through these vulnerabilities.

If you require assistance, contact your computer service professional, or if you are in the Greenville / Upstate SC area, please call 864-990-4748 or email info@homelandsecureit.com

Homeland Secure IT Alert

The computer did not have updates on it for the Microsoft Windows Operating System, Microsoft Office, or Adobe Reader / Flash / Air.  Nor did it have the latest Java on it. Anti-Virus was handled by AVG (Free).

Vulnerabilities in the operating system and applications were the likely culprit that allowed the malware in, but either way, the computer was badly infected, and data possibly compromised.

Please, use Microsoft Update on your PCs and make sure your Adobe products and Java are up to date! That, combined with quality anti-virus like Trend Micro Internet Security, Trend Micro Worry-Free Business Security, etc, may protect you from a costly infection and provide much greater security for your personal and/or company data.

If you think for a moment that your computer may be compromised, be sure to contact your computer service professional! Don’t take a chance with your security.

Homeland Secure IT offers complete computer, server & network support, repair, security & sales in Greenville and the Upstate of SC. Please call 864-990-4748 or email info@homelandsecureit.com for more information or a free evaluation! Our typical virus cleanup / removal rates are very competitive with rapid turnaround!

Microsoft Office Outlook 2010 With BPOS Goodness

So you are setup with a FREE trial of Microsoft’s Business Productivity Online Suite and are enjoying all the online apps but something is missing, you don’t want to use web apps, you want to use all the features of Microsoft Office Outlook 2007 or 2010 that you have already paid for and know your way around.

Well it is possible to have your cake and eat it too! *IF* you signed up for the BPOS Standard trial instead of the “Deskless Worker” trial, then you can configure your Outlook to view the same Exchange data you see with Outlook Web Access. You will see the same emails, the same contacts, the same tasks, folders, public folders, calendars etc!

Wait, you didn’t get the Standard version of the BPOS demo? That’s okay, you can log back into the portal and activate the Standard version, then deactivate the Deskless Worker product and not even lose your configuration. YOU MAY lose your emails though and have to start over, but hey, it’s just a demo, you didn’t have that much anyway!

Okay, so back to task at hand, getting Outlook configured. It’s EASY, relatively speaking to accomplish this. First you log into your online mail app (OWA) at http://mail.microsoft.com and once in there, click on OPTIONS at the upper right hand corner, then, select ABOUT from the left hand menu. You will see something that looks like this:

Data to gather from OWA to setup Outlook

The important information for you to gather will be the “Outlook Web Access host name”, and the “Mailbox server name”.

Now, close out Outlook on your desktop and go to START/Control Panel and select Mail (If using Win 7 64 bit, once you open Control Panel, type “mail” in the Search Control Panel input at the top right hand side and select “Mail (32-Bit)”).

Select “Show Profiles” and add a new one… Let’s call it “BPOS”.  Next, select the checkbox for “Manually configure server settings or additional server types” then hit “Next >”. Select “Microsoft Exchange or compatible service” and hit “Next >”.

In the “Server:” field, put the information you gathered from Outlook Web Access for the Mailbox Server Name… (Ex: A3DIAXVS251.RED001.local). For “User Name:” enter your email address, then select “More Settings”. Don’t bother hitting “Check Name” as it will not function (yet)…

Select the “Connection” tab, at the bottom, select “Connect to Microsoft Exchange using HTTP” and then hit the button “Exchange Proxy Settings…”, for “Use this URL to connect to my proxy server for Exchange:”, you need to enter the Outlook Web Access hostname from OWA (Ex: red001.mail.microsoftonline.com) and do not include the “https://” or the “/owa” here, just the hostname.

You can select to “Only connect to proxy servers that have this principal name in their certificate” if you wish, but not necessary.

DO select both of the checkboxes at the bottom for “On xxxx networks, connect using HTTP first, then connect using TCP/IP”, and set the proxy authentication settings to “NTLM Authentication”.

Click OKAY and apply those settings and now try to open Outlook… You should be prompted with a login.

Sounds complicated? Kinda-sorta, but it works well, and you only have to do it once. You can also use the Microsoft single signon client if you wish, which will remember your login and password and allow you to open Outlook without any issue, but some company policies may not allow you to install additional software, or automatic login applications so the above should work for you.

If you get stuck, please reply here or shoot me an email at info@homelandsecureit.com and I will try to give you a hand.

Homeland Secure IT offers many backup solutions that can protect you from this scenario, but our favorite is Servosity Online Backup, which runs on your computer, regardless of the operating system of that computer (Server, Workstation, Notebook, etc) and quietly backs up your data to a secure server located “in the cloud”.

It is affordable, it is reliable, and the president of Servosity is an Upstate SC native. What more could you ask for?

If you would like to try this awesome online backup service, we offer a FREE trial, just call 864.990.4748 or email info@homelandsecureit.com for additional details or get setup for a trial.

Please do it before it is too late. Losing your pictures, music, documents, etc is a painful experience, and potentially devastating. The cost of recovering hard drives can be in the thousands!

Thanks Russell… I didn’t even know about the Code Search until today. I can promise you I will be using this

10 Google Services That Don’t Get the Limelight They Deserve  posted on MakeUseOf.com