November 2011 Microsoft Patch Tuesday includes server update goodness…

It’s that time of the month again…  Update time that is for Microsoft machines.

Microsoft has not left servers out of the mix at all, so you system admin types will be able to justify reboots for sure.

These patches cover everything from code execution to elevation of privileges and even Denial of Service on just about every version of the Windows OS, including XP, Server 2003 , Vista, Windows 7  and Server 2008 R2.

Please find the full list below, or visit HERE for a much pretty version…  If you require assistance with these or any other security related issues, please call us at 864.990.4748 or email info@homelandsecureit.com in the Greenville / Upstate, SC area.

 

Critical Security Bulletins

============================

 

MS11-083

 

– Affected Software:

– Windows Vista Service Pack 2

– Windows Vista x64 Edition Service Pack 2

– Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

– Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

– Windows Server 2008 for Itanium-based Systems Service Pack 2

– Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

– Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

– Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

– Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

– Impact: Remote Code Execution

– Version Number: 1.0

 

 

Important Security Bulletins

============================

 

MS11-085

 

– Affected Software:

– Windows Vista Service Pack 2

– Windows Vista x64 Edition Service Pack 2

– Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

– Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

– Windows Server 2008 for Itanium-based Systems Service Pack 2

– Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

– Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

– Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation not affected)

– Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

– Impact: Remote Code Execution

– Version Number: 1.0

 

MS11-086

 

– Affected Software:

– Windows XP Service Pack 3

– Active Directory Application Mode (ADAM)

– Windows XP Professional x64 Edition Service Pack 2

– Active Directory Application Mode (ADAM)

– Windows Server 2003 Service Pack 2

– Active Directory

– Active Directory Application Mode (ADAM)

– Windows Server 2003 x64 Edition Service Pack 2

– Active Directory

– Active Directory Application Mode (ADAM)

– Windows Server 2003 with SP2 for Itanium-based Systems

– Active Directory

– Windows Vista Service Pack 2

– Active Directory Lightweight Directory Service (AD LDS)

– Windows Vista x64 Edition Service Pack 2

– Active Directory Lightweight Directory Service (AD LDS)

– Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

– Active Directory and

Active Directory Lightweight Directory Service (AD LDS)

– Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

– Active Directory and

Active Directory Lightweight Directory Service (AD LDS)

– Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

– Active Directory Lightweight Directory Service (AD LDS)

– Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

– Active Directory Lightweight Directory Service (AD LDS)

– Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

– Active Directory and

Active Directory Lightweight Directory Service (AD LDS)

– Impact: Elevation of Privilege

– Version Number: 1.0

 

 

Moderate Security Bulletins

============================

 

MS11-084

 

– Affected Software:

– Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

– Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

– Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation not affected)

– Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

– Impact: Denial of Service

– Version Number: 1.0

The first nationwide Emergency Alert System test is November 9, 2011 at 2:00 PM Eastern

What ever you do - don't panic!

Whatever you do - Don't panic...

You’ve been hearing about it for a while now, but the time is has finally come for the first nationwide Emergency Alert System (EAS) test.

It is scheduled for November 9th, 2011 at 2pm Eastern and will last a few minutes.

You can get the full scoop on this event on the FCC site.

Of course, many conspiracy theorists can give you other reasons for the test, my favorite of which is that the Government is testing their ability to control of all media outlets, even phone lines, cell phones, and the internet itself. (As has been done in other countries).

The following letter comes from Charter, and while their email distribution from them is normally marked with a non-disclosure, this one was specifically authorized FOR distribution:

INTERNAL NEWS ALERT

Re:         Charter to Participate in First Ever Nationwide EAS Test

This Wednesday, November 9, 2011 at 2:00pm EST, a nationwide test of the Emergency Alert System (EAS) will be conducted. Similar to local EAS tests conducted on a regular basis in our area, the national test will also include all broadcast TV stations, radio stations and video providers, including cable and satellite operators at the same time. As a result, all Charter systems nationwide will be participating in the test.

However…unlike the local EAS tests that usually last approximately 30 seconds, the nationwide test may last up to three and a half minutes.

This national EAS test will be conducted jointly by the Department of Homeland Security (DHS) through its Federal Emergency Management Agency (FEMA), the Federal Communications Commission (FCC), and the National Oceanic and Atmospheric Administration’s (NOAA) National Weather Service (NWS), the three federal agencies that have EAS management responsibilities.

Although the EAS has been in existence for over 15 years, there has never been an end-to-end, nationwide test of the system. The nationwide test is being conducted to verify the reliability of the EAS system and its effectiveness in alerting the public on a national scale.

The upcoming national test is critical to ensuring that the EAS works as designed. As recent disasters here at home and in Japan have reminded us, a reliable and effective emergency alert and warning system is key to ensuring the public’s safety during times of emergency.

Charter is currently in the process of preparing for the national test on November 9. We are providing a message to our customers in their bill statement (see below), and will utilize Weather Channel crawls, DCT messaging, .com and .net posts and cross channel TV commercials to provide our customers with awareness of the test. We will also be training our customer care team to effectively manage any increase in the number of calls we receive as a result of the test.

OCTOBER CUSTOMER STATEMENT MESSAGE:

The first nationwide test of the U.S. Emergency Alert System will occur at 2:00 p.m. Eastern Standard Time on November 9, 2011, and it will interrupt programming on all channels from all service providers for a few minutes. Visit www.fcc.gov/pshs for more information.

 

Microsoft is trying to tempt you to use Internet Explorer 9 with the offer of free stuff

Come to the dark side - We have cookies, and downloads.

Are you using something other than Microsoft Internet Explorer 9 (IE9) for your web browser? A growing number of you are, and Microsoft does not like it one bit. In fact, if you go visit their promo site, you can receive “Free stuff from sites you love” if you will just cross over to the dark side, so to speak.

Here’s the link to the “Beauty of the Web” site…  HERE

Sites represented are Slacker Radio, AOL Radio, Grooveshark, hulu, Flixter, Fandango, ticketmaster, vimeo, zynga and Pandora.

Of course, you have to be using IE to take advantage of the offers. The process is to drag the icon to your taskbar to pin it there, then share the information on Twitter or Facebook.

Mac OS X users will have to run IE 9 in a virtual machine in order to take advantage of this…

 

HP updates channel partners regarding flooding situation in Thailand #HDDShortage

We received the following notification from HP regarding the flooding situation in Thailand and the subsequent hard drive and component shortage:

Dear HP Channel Partners,

HP is deeply saddened by the recent flooding in Thailand. The extent of the damage is devastating and our hearts go out to each person in Thailand negatively impacted by this tragedy.

In light of this unfortunate turn of events and its potential impact on the technology industry, we would like to provide you with a brief update regarding the situation here at HP.

HP continues to maintain operations in Thailand and is in constant communication with our employees, customers and suppliers to optimize business continuity in this dynamic situation.  We have teams in place for each product category and are monitoring the situation closely.

HP has a small percentage of its Imaging and Printing Group (IPG) manufacturing in Thailand and we are mitigating any negative impacts through our business continuity planning. HP Enterprise Servers Storage and Networking (ESSN) and HP Personal Systems Group (PSG) do not have manufacturing facilities in Thailand.

From a component supply situation, Thailand is a major manufacturing source of Hard Disc Drives (HDD) and other sub-components used in HP products.

HP currently is reviewing potential supply constraints in an effort to optimize its manufacturing and meet your business needs.

As we work together through this industry wide constraint, we will implement business continuity plans to seek alternative sources of high quality components or raw materials. HP will notify you of any potential impacts if we are unable to locate other acceptable alternative sources. HP will provide this information through our existing business and planning processes in place with your sales representative.

Thank you for your business.  Please do not hesitate to reach out to any of us directly with any questions.

 

Yours sincerely,

The HP Channel Leadership Team

Scott Dunsire, vice president, U.S. Channel Sales, IPG

Steve Erdman, vice president, Americas Channel Sales, Software

Tracy Galloway, vice president, Americas Channel Sales, Services

Mike Parrottino, vice president, U.S. Channel Sales, PSG

Frank Rauch, vice president & GM, Americas Channel Sales, ESSN/TS

Matt Smith, director, Marketing, Americas Channel Sales

We’ve received notification from just about every manufacturer of systems that we partner with. I spent 30 minutes on the phone with one this morning as they gave me the total run-down on how this hard drive shortage will be affecting us.

The general concensus is: It is going to get worse before it gets better.   We have been advised to buy now, not to wait until it actually does get worse.

We’ll keep you updated!

 

Why can’t I just use the radio, iPod or other MP3 player for our office Music On Hold (MOH)?

Copyrights & Wrongs

You’ve got a great phone system (hopefully you have moved up to a Voice over IP phone system by now!) and you want to use all the great features of it.

One feature that is common to (most) all VoIP systems is that you can use Music On Hold (MOH) which gives the poor caller who gets placed on hold something to listen to other than dead air, or beep, or, God forbid, constant ringing like I got the other day for 2 minutes solid when calling a very large vendor for support.  RING RING RING AHHHHHHHHHHHHHHHHHHHHHHH!

The trend for the last few years has been to get voice talent to record promotional messages, combined with music that makes the time spent on hold for the client productive. A large number of sales have been made due to a promotional message telling a holding client about services or sales specials offered. I guess the impulse buyers hear, “Did you know we offer Microsoft Licensing?” and immediately place an order for 1000 seats of Microsoft Office 2010 or something. Hmmm, maybe we should do that here at Homeland?

The costs of having these messages produced vary from 5 dollars (if you want an Indian accent) to thousands of dollars, with the average falling at about 500 dollars for high quality, professional voice talent and music to be provided.

Some businesses have gone the extreme budget route and recorded their own messages, complete with lots of “uhhhs” and the like and plenty of background noise.

A smaller organization may just want to plug in a radio to the MOH port on the phone system and let that play, or maybe use their iPod or other MP3 player to put on their favorite tunes. I mean, let’s get real here, if you like Adele and Rhianna, your clients should love it to!

There’s a slight problem with that. Okay, not so slight; You are using unlicensed music which could result in law suits and fines…

The music that you own already, which you purchased off of iTunes or Amazon, or even own the vinyl record that you converted over to an MP3, is not your’s for public performance. Confused? Me too! Basically, there is a difference between owning the right to play that music for yourself, and the right to play it for others to hear.

So what’s a soul to do in order to provide entertainment on hold in the form of music?

  • You could find “royalty free” music, but be warned, it won’t keep a licensing organization from coming after you. You could STILL get a letter to cease the use of that music with the threat of lawsuit or fines if they believe it is owned by them. Make sure you can backup the fact that the music is in the public domain, the person/group performing it do not have a copyright on it and that it is not just released for listening or performance, that it has no “mechanical copyright” on it which would prohibit you from using it in the manner you wish to use it.
  • There are licensing entities such as ASCAP and BMI which you can pay in order to use the music which you want to play. You can license a single song in some cases, or get a blanket license to use anything from their repertoire.
  • There are “music on hold” providers, which take care of all the licensing for you (be careful here, there are some shady ones). These are the ones who will give you professional voice talent if you want that, along with a genre of music that is appealing to your callers, hopefully.
  • You could find a local musician who writes and produces their own original content and tell them you would like to showcase their talent on your on-hold system. Get it in writing that they are giving you permission to use their original music for a set time, and what the cost is. It may be free!

I am sure I have overlooked something as I am no expert in this field. But, this may be give you an idea of what you are up against regarding Music On Hold.

Myself, I am sad I can’t use a loop of Sugarloaf’s “Don’t Call us, We’ll Call you” to play to telemarketers….

If you do decide to hire a professional voice artist in the Greenville / Upstate area, please email me and I may be able to point you in the right direction.

 

9

Visualization of Hard Drive Price Inflation Due to Thailand’s Flood Induced Shortage

Thailand is under water and hard drive manufacturers are closed down. Prices for everyone across the board, from suppliers to end users shooting skyward.

EVERY device that uses a hard drive (HDD) will ultimately go up in price, if it has not already. DVR manufacturers have contacted us telling of surcharges for hard drives, in addition to the “market price”. Computer manufacturers have told us there may be delays in getting computers out the door, and system builders have limited their quotes to only 7 days before they must be requoted due to the volatility of the market.

Below are a few typical drives and how much they cost currently, with a historical look back…   This information comes courtesy of www.camelcamelcamel.com.

Western Digital Caviar Black 2 TB Bulk/OEM

Amazon price history chart for Western Digital Caviar Black 2 TB SATA III 7200 RPM 64 MB Cache Bulk/OEM Internal Desktop Hard Drive - WD2002FAEX

 

Western Digital Caviar Black 1 TB Bulk/OEM

Amazon price history chart for Western Digital Caviar Black 1 TB SATA III 7200 RPM 64 MB Cache Internal Desktop Hard Drive Bulk/OEM - WD1002FAEX

 

Western Digital Caviar Blue 500 GB Bulk/OEM

Amazon price history chart for Western Digital Caviar Blue 500 GB SATA III 7200 RPM 16 MB Cache Bulk/OEM Desktop Hard Drive - WD5000AAKX

 

Press Release: Homeland Secure IT Achieves Select Certification from Cisco

Homeland Secure IT, LLC 104 Mauldin Rd, STE EGreenville, SC 29605Phone (864) 990-4748www.HomelandSecureIT.com

Press Release

Contact: John M. HoytPhone: (864)990-4748 x 201Email: johnh@homelandsecureit.com FOR IMMEDIATE RELEASE12 PM EDT November 1, 2011

Homeland SECURE IT Achieves Select Certification from Cisco

Greenville, SC, November 1, 2011:  Homeland Secure IT announced today that it has achieved Select Certification from Cisco. The Select Certification recognizes Cisco® resale channel partners that focus on meeting the technology and service needs of small businesses.

Cisco’s portfolio of both Small Business and Small Business Professional Series products directly complement and enhance Homeland Secure IT’s Systems Design, Sales, Installation and Support of end-to-end communications and physical networks.

Cisco Select Certified

“The Cisco Select Certification was created in response to customer demand for channel partners capable of designing and implementing Cisco solutions purpose-built for small businesses,” said Andrew Sage, vice president of Worldwide Small Business Sales at Cisco. “With the Select Certification, Homeland Secure IT has made an investment in obtaining the training, skills and knowledge necessary to play a pivotal role in meeting this growing demand.”

To earn Select Certification, Homeland Secure IT fulfilled the training and exam requirements for the Cisco Small Business Specialization.  Homeland Secure IT also met the personnel, training and post-sales support requirements set forth by Cisco.

The Cisco Resale Channel Program provides a framework for channel partners to build the sales, technical and Cisco Lifecycle Services skills required to deliver Cisco solutions to end customers. Through the program’s specializations and certifications, Cisco recognizes a channel partner’s expertise in deploying solutions based on Cisco advanced technologies and services. Using a third-party audit process, the program validates channel partner qualifications such as technology skills, business best practices, customer satisfaction, and presales and post-sales support capabilities — critical factors for customers choosing a trusted channel partner.

About Homeland Secure IT

Homeland Secure IT is headquartered in Greenville, SC, and serves Greenville and the Upstate of South Carolina.  Our goal is to deliver seamless design, implementation, and support to customers requiring both simple and sophisticated communications solutions.

  • Unified Communications (VoIP)
  • Wireless (WLAN)
  • Video Surveillance
  • Storage Solutions (NAS, SAN)
  • Backup and Disaster Recovery
  • Security (Firewall, A/V)
  • Switching

For more information about this topic or to schedule meeting with our design and engineering team, please call 864-990-4748 or visit our website at http://www.HomelandSecureIT.com

 

Windows XP End of Support Countdown Gadget Available from Microsoft Download Center

The End is Near (The End Of Support for XP)

The end is near!!!!

The End of Support (EOS) for Microsoft Windows XP, that is…

Microsoft wants you to be aware of this, so they have a gadget you can download and install on your Windows 7 or even Windows Vista machine. (Sorry, if you are running XP, that’s not one of the supported systems for this Countdown Timer.

Get your gadget here.

Get your upgrade to Microsoft Windows 7 HERE!  Homeland Secure IT is your Upstate / Greenville Microsoft partner…

What is your objection to cloud based data backup? Here are some points to consider… #Symantec #Cloud #DisasterReadiness

Offsite, online, cloud backup for your business

Homeland Secure IT encourages the use of backup solutions to complete your disaster readiness plan. One of our recommendations is to implement remote, cloud based backup. Even if you have existing onsite backup, it gives you an extra layer of protection.

We partner with some of the biggest and most trusted names in offsite, cloud based backup providers such as (locally owned) Servosity, Mozy Pro and of course, Symantec.

Below, Symantec.cloud counters some of the most common objections to backing up your data offsite:

“My data won’t be secure”

  • With Symantec Backup Exec.cloud, your data is secured during transit using 128 bit SSL encryption and stored using 256 bit AES encryption when at rest in Symantec’s highly secure, enterprise-class facilities.

“Online Backup will drain my bandwidth”

  • After your initial backup, Symantec Backup Exec.cloud uses block level, incremental backup and performs backup of file changes only.
  • Symantec Backup Exec.cloud uses bandwidth throttling to minimize impacts to your business productivity.

“It will be too difficult to manage”

  • Automate backups to run on a schedule, or to backup when file modifications occur.
  • Let us manage your backups for you!
  • It’s easy to administer yourself – hassle free set up in just three steps.

“Backup is too expensive”

  • BE.cloud offers usage-based pricing with no per-user licensing fees
  • Subscription fee includes support, maintenance, and enhancements.
  • With this solution there is no need to pay for resources to manage and maintain the backup system or for off-site tape storage.

“We don’t really need backup, we use removable drives and discs”

  • What happens if the drive/disc is damaged, fails, is lost or stolen?
  • How often are you performing backup? – Using removable drives and discs is a manual process that requires time – your time – to manage them. What could you be doing if this process was automated? Would your backup happen more regularly than it does now?
  • Are there PCs or laptops that aren’t protected by using this method?
  • What would happen to your productivity if one of these machines suffered a disaster/hardware failure? Would your workers lose data they need to do their jobs effectively? Would you lose any customer records, business or financial information?

“We want to manage our backup onsite”

  • On-premise backup solutions can be expensive and require someone (perhaps you) to maintain them.
  • On-premise backup solutions place the burden of security, storage and tape/disc vaulting on you. They also expose you to the risk of losing equipment and data in the event of a local natural disaster. – Use online backup with your existing on-premise solution to address off-site protection!
  • Online backup replaces large upfront investments with predictable subscription based pricing. Managed virtually onsite using a web browser, you can not only manage and monitor the backup of machines at your location, but also at remote offices and on the machines of your mobile workers.

If you would like to know more about backing up to the cloud, or would like to discuss your backup / disaster recovery plan, please call 864.990.4748 or email info@homelandsecureit.com today.  We provide complete service and sales of physical, onsite backup systems, from tape to disk in addition to cloud solutions.

The Global Hard Drive Shortage is Becoming an Issue for Computer Repair / Service Businesses

What ever you do - don't panic!

Whatever you do - Don't panic... Okay, maybe just a little!

Yesterday I wrote about the hard drive shortage due to the flooding in Thailand (here)…

At the time, we were not actually feeling the affects, however, 24hrs later, we sure are!

The same terabyte SATA drives which sold for 60 dollars back on October 3rd, are approaching 140 dollars each today, and many vendors have sold out of them. Those who have not sold out have begun to limit the quantity you can purchase. Hard drive rationing!

What’s a computer repair house to do when they need one? Pay the jacked up price, and unfortunately, pass it on to our customers…

An individual can still purchase from places such as Staples, Office Depot, Best Buy, etc, until the stock is depleted, then it’s anybody’s guess what the next step is.

This morning, one vendor was sold out entirely of 1TB bare drives, but, they did have a few external drives that one could purchase, then scavenge the drive contained within for their install.

A word of warning to anyone who does that: The drives contained in external enclosures are generally slower drives, not designed for the sustained transfer rates or rapid access that a typical workstation may require.

If you find a reliable and affordable source for hard drives at this point in the game… You might want to keep it to yourself, or maybe share with me!

OH, and don’t think that this hard drive situation only affects computers and servers.  LOTS of devices these days require hard drives, from copiers, to digital video recorders, to Voice over IP phone systems.

Another computer technician on Facebook mentioned to me that this could be a good time to make the switch to solid state drives, and I think they may be right!

Thoughts?