Happy New Year from Homeland Secure IT!

Everyone here at Homeland Secure IT would like to thank you for another year of friendship and support…   2011 was awesome and 2012 is going to be even better!

We’re working on new and exciting things that will help us to provide even better computer service & support to Greenville and Upstate area individuals and businesses, as well as bringing on new products as requested by our clients.

Our office will be closed tomorrow, Friday the 30th, and will not reopen until Monday the 3rd of January, 2012. If you need emergency assistance, please call our office or send an email, we will be monitoring voice mail and email and will get back with you ASAP! Most clients have our cell phone numbers and shouldn’t hesitate to call if a need arises.

We wish you, your family and your business many blessings in the coming year!

Also, if you are looking for a great party, come to The Hide-Out in Easley and catch The Dockside Band on New Year’s Eve! We’ll be playing all your favorite tunes.

http://facebook.com/DocksideBand or http://www.TheDocksideBand.com for more info!

Microsoft security advisory 2659883 announces DoS vulnerability in ASP.NET

Microsoft released Security Advisory 2659883 today which outlines a vulnerability in ASP.NET which could permit a Denial of Service.

More information is available here: http://technet.microsoft.com/security/advisory/2659883

Two notes from that page listed as “Mitigating Factors”:

  • By default, IIS is not enabled on any supported Windows operating system
  • Sites that disallow application/x-www-form-urlencoded or multipart/form-data HTTP content types are not vulnerable

Please visit the URL above to find out if your OS and version/s of the .NET Framework are affected. Basically it affects every OS, from Windows XP, Vista, 7, Server 2003, and Server 2008 R2, in 64 and 32 bit flavors, and just about every version of the .NET Framework.

Scroll down to the “Suggested Actions” section and read about “Workarounds” if you are using IIS.

If you are in the Greenville or Upstate, SC area and need assistance with this or any other computer service / support issue, please call us at 864.990.4748 or email info@homelandsecureit.com

’twas the night before Christmas… Annual computer version post

 

Twas The Night Before Christmas – Computer Version

I first read this story on a University of Arkansas computer system sometime before 1985 and promptly typed it up and put it on my BBS (Non-Prophet BBS) for people to read. I have sent it in email, and “snail mail” for the last 25 years or so…  I still get a kick out of it.   If anyone knows the author, please contact me so I can give credit and thank them. – John M. Hoyt

‘Twas The Night Before Christmas – Computer Version

‘Twas the night before Christmas, and all through the shop,
The computers were whirring; they never do stop.
The power was on and the temperature right,
In hopes that the input would feed back that night.

The system was ready, the program was coded,
And memory drums had been carefully loaded;
While adding a Christmasy glow to the scene,
The lights on the console, flashed red, white and green.

When out in the hall there arose such a clatter,
The programmer ran to see what was the matter.
Away to the hallway he flew like a flash,
Forgetting his key in his curious dash.
He stood in the hallway and looked all about,
When the door slammed behind him, and he was locked out.

Then, in the computer room what should appear,
But a miniature sleigh and eight tiny reindeer;
And a little old man, who with scarcely a pause,
Chuckled: “My name is Santa…the last name is Claus.”

The computer was startled, confused by the name,
Then it buzzed as it heard the old fellow exclaim:
“This is Dasher and Dancer and Prancer and Vixen,
And Comet and Cupid and Donner and Blitzen.”

With all these odd names, it was puzzled anew;
It hummed and it clanked, and a main circuit blew.
It searched in its memory core, trying to “think”;
Then the multi-line printer went out on the blink.

Unable to do its electronic job,
It said in a voice that was almost a sob:
“Your eyes – how they twinkle – your dimples so merry,
Your cheeks so like roses, your nose like a cherry,

Your smile – all these things, I’ve been programmed to know,
And at data-recall, I am more than so-so;
But your name and your address (computers can’t lie),
Are things that I just cannot identify.

You’ve a jolly old face and a little round belly,
That shakes when you laugh like a bowl full of jelly;
My scanners can see you, but still I insist,
Since you’re not in my program, you cannot exist!”

Old Santa just chuckled a merry “ho, ho”,
And sat down to type out a quick word or so.
The keyboard clack-clattered, its sound sharp and clean,
As Santa fed this “data” into the machine:

“Kids everywhere know me; I come every year;
The presents I bring add to everyone’s cheer;
But you won’t get anything – that’s plain to see;
Too bad your programmers forgot about me.”

Then he faced the machine and said with a shrug,
“Merry Christmas to All,” as he pulled out its plug,
“And to all, a good night!”

 Merry Christmas everyone!!!!

Who sends a letter to the RIAA informing them of their pirating activities?

I’ve written a number of blog posts about the RIAA, and how people have been wrongfully accused of stealing (pirating) by the RIAA, and law suits threatened.

Well, it appears, that someone at the RIAA has been doing a little illegal downloading of their own, though the RIAA claims it was not them.

Here’s more information:

http://torrentfreak.com/riaa-someone-else-is-pirating-through-out-ip-addresses-111221/

So secure those access points, and disable unused network jacks in public locations to keep from receiving a nasty-gram because someone else is using your internet connection to download.

If you need help securing your business or home, we can help in the Greenville / Upstate, SC area. We can even help the RIAA.  Call us at 864.990.4748 or email info@homelandsecureit.com

 

CERT Technical Cyber Security Alert TA11-350A – Adobe Vulnerabilities – Windows, Mac, Unix

A little something to keep you busy…   Adobe vulnerabilities that affect Microsoft Windows, Mac and Unix machines.

Patch ’em up!

 

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA11-350A

Adobe Updates for Multiple Vulnerabilities

Original release date: December 16, 2011

Last revised: —

Source: US-CERT

Systems Affected

* Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and Macintosh

* Adobe Reader 9.4.6 and earlier 9.x versions for Windows, Macintosh, and UNIX

* Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh

* Adobe Acrobat 9.4.6 and earlier 9.x versions for Windows and Macintosh

 

Overview

Adobe has released Security Bulletin APSB11-30, which describes

multiple vulnerabilities affecting Adobe Reader and Acrobat.

 

I. Description

Adobe Security Bulletin APSB11-30 and Adobe Security Advisory

APSA11-04 describe a number of vulnerabilities affecting Adobe

Reader and Acrobat. These vulnerabilities affect Reader and Acrobat

9.4.6 and earlier 9.x versions. These vulnerabilities also affect

Reader X and Acrobat X 10.1.1 and earlier 10.x versions.

 

An attacker could exploit these vulnerabilities by convincing a

user to open a specially crafted PDF file. The Adobe Reader browser

plug-in, which can automatically open PDF documents hosted on a

website, is available for multiple web browsers and operating

systems.

 

Adobe Reader X and Adobe Acrobat X will be patched in the next

quarterly update scheduled for January 10, 2012.

 

Additional details for the U3D memory corruption vulnerability can

be found in US-CERT Vulnerability Note VU#759307.

II. Impact

These vulnerabilities could allow a remote attacker to execute

arbitrary code, write arbitrary files or folders to the file

system, escalate local privileges, or cause a denial of service on

an affected system as the result of a user opening a malicious PDF

file.

 

III. Solution

Update Reader

Adobe has released updates to address this issue. Users are

encouraged to read Adobe Security Bulletin APSB11-30 and update

vulnerable versions of Adobe Reader and Acrobat.

 

In addition to updating, please consider the following mitigations.

 

Disable Flash in Adobe Reader and Acrobat

 

Disabling Flash in Adobe Reader will mitigate attacks that rely on

Flash content embedded in a PDF file. Disabling 3D & Multimedia

support does not directly address the vulnerability, but it does

provide additional mitigation and results in a more user-friendly

error message instead of a crash. To disable Flash and 3D &

Multimedia support in Adobe Reader 9, delete, rename, or remove

access to these files:

 

Microsoft Windows

“%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll”

“%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll”

 

Apple Mac OS X

“/Applications/Adobe Reader 9/Adobe

Reader.app/Contents/Frameworks/AuthPlayLib.bundle”

“/Applications/Adobe Reader 9/Adobe

Reader.app/Contents/Frameworks/Adobe3D.framework”

 

GNU/Linux (locations may vary among distributions)

“/opt/Adobe/Reader9/Reader/intellinux/lib/libauthplay.so”

“/opt/Adobe/Reader9/Reader/intellinux/lib/librt3d.so”

 

File locations may be different for Adobe Acrobat or other Adobe

products that include Flash and 3D & Multimedia support. Disabling

these plugins will reduce functionality and will not protect

against Flash content that is hosted on websites. Depending on the

update schedule for products other than Flash Player, consider

leaving Flash and 3D & Multimedia support disabled unless they are

absolutely required.

 

Disable JavaScript in Adobe Reader and Acrobat

 

Disabling JavaScript may prevent some exploits from resulting in

code execution. Acrobat JavaScript can be disabled using the

Preferences menu (Edit -> Preferences -> JavaScript; uncheck Enable

Acrobat JavaScript).

 

Adobe provides a framework to blacklist specific JavaScipt APIs. If

JavaScript must be enabled, this framework may be useful when

specific APIs are known to be vulnerable or used in attacks.

 

Prevent Internet Explorer from automatically opening PDF files

 

The installer for Adobe Reader and Acrobat configures Internet

Explorer to automatically open PDF files without any user

interaction. This behavior can be reverted to a safer option that

prompts the user by importing the following as a .REG file:

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\AcroExch.Document.7]

“EditFlags”=hex:00,00,00,00

 

Disable the display of PDF files in the web browser

 

Preventing PDF files from opening inside a web browser will

partially mitigate this vulnerability. If this workaround is

applied, it may also mitigate future vulnerabilities.

 

To prevent PDF files from automatically being opened in a web

browser, do the following:

 

1. Open Adobe Acrobat Reader.

2. Open the Edit menu.

3. Choose the Preferences option.

4. Choose the Internet section.

5. Uncheck the “Display PDF in browser” checkbox.

 

Remove or restrict access to 3difr.x3d

 

By removing or restricting access to the 3difr.x3d file, Adobe

Reader and Acrobat will fail to render U3D content, which helps to

mitigate this vulnerability. PDF documents that use the PRC format

for 3D content will continue to function on Windows and Linux

platforms.

 

To disable U3D support in Adobe Reader 9 on Microsoft Windows,

delete or rename this file:

 

“%ProgramFiles%\Adobe\Reader 9.0\Reader\plug_ins3d\3difr.x3d”

 

For Apple Mac OS X, delete or rename this directory:

 

“/Applications/Adobe Reader 9/Adobe

Reader.app/Contents/Frameworks/Adobe3D.framework”

 

For GNU/Linux, delete or rename this file (locations may vary among

distributions):

 

“/opt/Adobe/Reader9/Reader/intellinux/plug_ins3d/3difr.x3d”

 

File locations may be different for Adobe Acrobat or other Adobe

products or versions.

 

Do not access PDF files from untrusted sources

 

Do not open unfamiliar or unexpected PDF files, particularly those

hosted on websites or delivered as email attachments. Please see

Cyber Security Tip ST04-010.

 

 

IV. References

 

* Security update available for Adobe Reader and Acrobat –

<https://www.adobe.com/support/security/bulletins/apsb11-30.html>

 

* Adobe Reader and Acrobat JavaScript Blacklist Framework –

<http://kb2.adobe.com/cps/504/cpsid_50431.html>

 

* Adobe Acrobat and Reader U3D memory corruption vulnerability –

<http://www.kb.cert.org/vuls/id/759307>

 

* Security Advisory for Adobe Reader and Acrobat –

<https://www.adobe.com/support/security/advisories/apsa11-04.html>

 

____________________________________________________________________

 

The most recent version of this document can be found at:

 

<http://www.us-cert.gov/cas/techalerts/TA11-350A.html>

____________________________________________________________________

 

Feedback can be directed to US-CERT Technical Staff. Please send

email to <cert@cert.org> with “TA11-350A Feedback VU#759307” in

the subject.

____________________________________________________________________

 

For instructions on subscribing to or unsubscribing from this

mailing list, visit <http://www.us-cert.gov/cas/signup.html>.

____________________________________________________________________

 

Produced 2011 by US-CERT, a government organization.

 

Terms of use:

 

<http://www.us-cert.gov/legal.html>

____________________________________________________________________

 

Revision History

 

December 16, 2011: Initial release

 

 

—–BEGIN PGP SIGNATURE—–

Version: GnuPG v1.4.5 (GNU/Linux)

 

iQEVAwUBTuuZnz/GkGVXE7GMAQIN8ggAjjQO8LOasl98uasGZW2J5SHfkKr675Mf

ymRzBagFqO9QuId2RvFG2b9nuq5zdqETsrcG1t668wtYLUhBaoLmFXPe/KsDQ9n+

/p9PctVJFmJpV92S3kAHw+u4t1n/Aa/4IdK0oXNBDhkyXrp41F27LY+aQ8FWWuxZ

lL4jXSUQ/gLgb6hOhLjRCsQtEhAcPbX/mPNxl6bACXZaOVZT88fz9M7JXryDiJWO

uuFi3O2GT0Bd3fEsL57U/TSbq8SynadObMSj4/+Q1HmOHcD0L5gzd9/N4M3D1Emg

y7aeUpgycY5eFefY3LVVkb7JkTUbEZHbuNHydFKIJDRlaXBAo+D0QQ==

=rKM4

—–END PGP SIGNATURE—–

Christmas Holiday 2011 Hours for Homeland Secure IT Computer Service & Sales

Merry Christmas from Homeland Secure IT

Christmas is almost upon us!

Hope you have your shopping done by now, and if not, well, it’s not too late to order a notebook, netbook, desktop or tablet computer from Homeland Secure IT!

We offer sales of all major brands of computers and components such as HP, Dell, Lenovo, Toshiba, Acer, NexLink, Asus, Samsung and more. Whether it is a business computer or one for your personal uses, we have something for you or the person on your list you have forgotten about not found the perfect gift for!

Orders placed are generally here at our Greenville office the next business day before lunch at no additional charge!!!!

We will be closing on Friday, December 23rd so our staff can spend time with their families, and we will be in the field on a server deployment on Monday, December 26th, however, we *WILL* be available for emergency calls should you need us!

Merry Christmas! Microsoft releases Exchange 2010 SP2 featuring new mini version of OWA, multi-valued custom attributes and more!

Microsoft Exchange Server 2010 SP2

As promised, Microsoft released SP2 for Exchange Server 2010 on 2011-12-12, and the SP brings with it a number of features and fixes:

  • Incorporates all the changes from Update Rollup 1 through 6 for SP1
  • Adds Hybrid Configuration Wizard for ease of managing a deployment between your on site Exchange and your Office 365 Exchange
  • Introduces Address Book Policies, which determine the GAL, OAB, room list and address lists that are visible to the mailbox user that is assigned that policy
  • New Cross-Site Silent Redirection for Outlook Web App can pass off requests to another server in another Active Directory site, and also permit a single sign-on
  • Adds Mini Version of Outlook Web App suited for mobile users (tablets, pads, smart phones, basically anything with a browser)
  • Mailbox Replication Service changes permit you to move mailboxes from on-premises to another forest or Outlook.com
  • Mailbox Auto-Mapping changes allow you to disable Auto-Mapping to save on resources
  • Added five Multi-Valued Custom Attributes which allow you to store additional information for your mail recipient objects
  • Litigation Hold prohibits you from disabling or deleting a mailbox that has been placed on “litigation hold”

If you are running an Exchange Server 2010 without the current rollups applied to SP1, updating to SP2 today is a great idea as you can kill multiple birds with one stone!

Should you require assistance in the Greenville or Upstate, SC area please call 864.990.4748 or email info@homelandsecureit.com

1

CERT releases Cyber Security Alert TA11-347A for Microsoft Updates…

National Cyber Alert System
Technical Cyber Security Alert TA11-347A

Microsoft Updates for Multiple Vulnerabilities

Original release date: December 13, 2011
Last revised: —
Source: US-CERT

Systems Affected

  • Microsoft Windows
  • Microsoft Office
  • Internet Explorer

Overview

There are multiple vulnerabilities in Microsoft Windows, Office, and Internet Explorer. Microsoft has released updates to address these vulnerabilities.

I. Description

The Microsoft Security Bulletin Summary for December 2011 describes multiple vulnerabilities in Microsoft Windows. Microsoft has released updates to address the vulnerabilities. Additional details for MS11-091 can be found in US-CERT vulnerability note VU#361441.

II. Impact

A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.

III. Solution

Apply updates

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for December 2011. That bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).

IV. References

Feedback can be directed to US-CERT.

Produced 2011 by US-CERT, a government organization. Terms of use


Revision HistoryDecember 13, 2011: Initial release

Last updated December 13, 2011

Check out YouHaveDownloaded.com to see what may have been downloaded using your IP address

Visit this site http://www.youhavedownloaded.com/ and hopefully you will see something like this:

Wow!!

Are you sure you and your friends don’t work for the RIAA? Maybe Sony or Universal? Maybe you’re both just really good at covering your tracks. Either way, congratulations, neither you or your friends and family returned any results from our crawlers. Tonight, you can jump into bed, open up Netflix or iTunes and sleep comfortably knowing that you’ve been a well-behaved, law-abiding internet user. But remember, there’s always tomorrow.
There’s… always… tomorrow…

You Have Downloaded keeps tabs on who downloads what from torent sites. If I had a large company using one IP address, I would be checking that site regularly, in spite of having firewalls, filters, policies in place, just to make sure someone didn’t come knocking at my door because of one bad person on the network, or maybe because of a wireless access point that was not secured.