Secure IT Alert: Windows Critical Updates Address Wireless Bluetooth Attack & More

Secure IT Alert Header

Homeland Secure IT Alert

Homeland Secure IT Alert for Tuesday, July 12, 2011

If you are running any current version of Windows, then Microsoft has something you want, and need.

Today’s “Patch Tuesday” brings a correction to a Bluetooth vulnerability that would permit an attacker to gain complete control over your machine.

Here’s the rundown from the Watchguard Security Center:

Severity: High

12 July, 2011

Summary:

  • These vulnerabilities affect: All current versions of Windows and components that ship with it
  • How an attacker exploits them: Multiple vectors of attack, including sending specially crafted wireless Bluetooth traffic
  • Impact: An attacker can gain complete control of your Windows computer
  • What to do: Install the appropriate Microsoft patches immediately, or let Windows Automatic Update do it for you.

Exposure:

Today, Microsoft released three security bulletins describing 21 vulnerabilities that affect Windows and components that ship with it. Each vulnerability affects different versions of Windows to varying degrees. However, a remote attacker could wirelessly exploit the worst of these flaws to gain complete control of your Windows PC. The summary below lists the vulnerabilities, in order from highest to lowest severity (according to Microsoft’s summary).

  • MS11-053: Bluetooth Stack Code Execution Vulnerability

Bluetooth is an open wireless technology and standard for transmiting data over short distances.  The Bluetooth stack that ships with more recent versions of Windows suffers from a code execution vulnerability involving how it accesses memory that hasn’t been deleted or initialized. By wirelessly sending a series of specially crafted Bluetooth packets, an attacker could leverage this flaw to gain complete control of your vulnerable computers. However, an attacker would need to remain in Bluetooth range to carry out this attack. The average range of Bluetooth varies from 5 to 100 meters. However, using special gear, Bluetooth “Snipers” have extended the range up to a Kilometer. This flaw only affects Windows Vista and 7. 
Microsoft rating: Critical

  • MS11-054  15 Kernel-Mode Driver Elevation of Privilege Flaws

The kernel is the core component of any computer operating system. Windows also ships with a kernel-mode device driver (win32k.sys) which handles many kernel-level devices. This kernel-mode driver suffers from 15 elevation of privilege (EoP) vulnerabilities. The flaws all differ technically, but generally share the same scope and impact. By running a specially crafted program, a local attacker could leverage these flaws to gain complete control of your Windows computers. However, the attacker would first need to gain local access to your Windows computers using valid credentials. This factor significantly reduces the risk of this flaw.
Microsoft rating: Important

  • MS11-056: CSRSS Local Elevation of Privilege Vulnerability

The Client/Server Run-time SubSystem (CSRSS) is an essential Windows component responsible for console windows and creating and deleting threads. It suffers from five technically different, but functionally similar, Elevation of Privilege (EoP) vulnerabilities. Like the Kernel-Mode Driver flaw above, by running a specially crafted program, an authenticated attacker could leverage these flaws to gain complete, SYSTEM-level  control of your Windows computers. However, like before, the attacker would first need to gain local access to your Windows computers using valid credentials, which somewhat reduces the risk of these flaws.

  • Microsoft rating: Important

Solution Path:

Microsoft has released patches for Windows which correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately. If you choose, you can also let Windows Update automatically download and install these for you.

MS11-053:

* Note: Windows Vista SP1 is only affected if you install the optional Feature Pack for Wireless

MS11-054:

MS11-056:

For All WatchGuard Users:

Attackers exploit these flaws either locally, or via Bluetooth Wireless transmitions. WatchGuard’s wired and 802.11 wireless appliances do not protect these vectors. Therefore, installing Microsoft’s updates is your most secure course of action.

Status:

Microsoft has released patches correcting these issues.

References:

This alert was researched and written by Corey Nachreiner, CISSP.

 

Normally, Watchguard would have a way to protect at the firewall, but unfortunately in this situation, this is all computer level….  We suggestion apply these patches ASAP, or optionally, disable Bluetooth until it is resolved.

There is also a MS Visio issue that is resolved today which could result in opening a malicious Visio 2003 document and having code executed, or complete control of your machine given to a remote user!

If you require assistance with these or any other patches in the Greenville or Upstate, SC area, please call 864.990.4748 or email info@homelandsecureit.com

 

Homeland Secure IT Alert Footer

Homeland Secure IT Alert

Have you received a letter or email from the RIAA? Unsecured access points could cause this…

A friend of our was near tears recently when they received the following email:

From: abuse@charter.net <abuse@charter.net>
Subject: [xxxxxxxx xxxxxxx] Notice of Copyright Infringement
To: user@someaddy.com
Date: Saturday, July 22, 2011, 5:51 PM
Dear Charter Internet Subscriber:

Charter Communications (“Charter”) has been notified by a copyright owner, or its authorized agent, that your Internet account may have been involved in the exchange of unauthorized copies of copyrighted material (e.g., music, movies, or software).  We are enclosing a copy of the Digital Millennium Copyright Act (DMCA) notice that Charter received from the copyright holder which includes the specific allegation.

Under the DMCA, copyright owners have the right to notify Charter’s register agent if they believe that a Charter customer has infringed on their work(s).  When Charter receives a complaint notice from a copyright owner, Charter will notify the identifiable customer of the alleged infringement by providing them a copy of the submitted DMCA notice.  As required by law, Charter may determine that the customer is a repeat copyright infringer and reserves the right to suspend or terminate the accounts of repeat copyright infringers.

It is possible that this activity has occurred without your permission or knowledge by an unauthorized user, a minor who may not fully understand the copyright laws, or even as a result of a computer virus.  However, as the named subscriber on the account, you may be held responsible for any misuse of your account.  Please be aware that using Charter’s service to engage in any form of copyright infringement is expressly prohibited by Charter’s Acceptable Use Policy and that repeat copyright infringement, or violations of any other Charter policy, may result in the suspension or termination of your service.  You may view Charter’s rules and policies, including Charter’s Acceptable Use Policy, under the policies section of charter.com.

We ask that you take immediate action to stop the exchange of any infringing material. For additional information regarding copyright infringement and for a list of frequently asked questions, please visit charter.com/dmca.

If you have questions about this letter, you may contact us at 1-866-229-7286.  Representatives will be available to take your call Monday through Friday 8am – 8pm, Saturday and Sunday 8am – 5pm (CST).

Sincerely,

Charter Communications Security Resolution Team
http://www.charter.com/security

— The following material was provided to us as evidence —

Following that was a list of music that was downloaded…   And below that was the following attachment:

I am contacting you on behalf of the Recording Industry Association of America (RIAA) — the trade association whose member music companies create, manufacture, and distribute approximately 85% of all legitimate music sold in the United States.
If you are an Internet Service Provider (ISP), you have received this letter because we have identified a user on your network reproducing or distributing an unauthorized copy of a copyrighted sound recording.  This letter constitutes notice to you that this user may be liable for infringing activity occurring on your network.

If you are an Internet subscriber (user), you have received this letter because your Internet account was used to illegally copy and/or distribute copyrighted music over the Internet through a peer to peer application.

Distributing copyrighted works on a peer to peer system is a public activity visible by other users on that network, including the RIAA.  An historic 2005 U.S. Supreme Court decision affirmed that uploading and downloading copyrighted works without the copyright owner’s permission is clearly illegal.  You may be liable for the illegal activity occurring on your computer.

To avoid legal consequences, a user should immediately delete and disable access to the unauthorized music on your computer.  Learn how at the “About Music Copyright Notices” section of www.riaa.com.  That section also contains practical information about:

– How you were identified and why illegal downloading is not anonymous
– What next steps to take
– Where to get legal music online

We encourage Internet subscribers to visit the website www.musicunited.org, which contains valuable information about what is legal and what is not when it comes to copying music.  It also links to some of the more popular online music services where fans can go to listen to and/or purchase their favorite songs.

We have attached below the details of the illegal file-sharing, including the time, date, and a sampling of the music shared.  We assert that the information in this notice is accurate, based upon the data available to us.  We have a good faith belief that this activity is not authorized by the copyright owner, its agent, or the law.  Under penalty of perjury, we submit that the RIAA is authorized to act on behalf of its member companies in matters involving the infringement of their sound recordings, including enforcing their copyrights and common law rights on the Internet.  This letter does not constitute a waiver of any of our member’s rights, and all such rights are expressly reserved.

Thank you in advance for your cooperation.  If you have any questions, please visit the “About Music Copyright Notices” section of www.riaa.com.

Sincerely,
Jeremy Landis
Recording Industry Association of America
1025 F Street, NW, 10th Floor

 

This type of letter is not uncommon at all!

We have been contacted by friends and clients over the past several years who received similar letters and emails. They get much worse. One client was told that they owed thousands of dollars for a list of songs they had supposedly illegally downloaded (60 year olds normally don’t download boy band songs, but none-the-less)…

In just about ever case, a quick assessment of the situation revealed what was really going on. An unsecured access point in the home/business was being used by persons unknown to do this dirty deed.

If you get a letter or email that says similar to the above, here is what I would suggest:

  • Make sure you have no illegal / unlicensed music or movies on your systems. If particular works are noted as “evidence”, search your computers for those and make sure you OWN the original hard copy of that song or movie.
  • Check for any unsecured access points. Sometimes a person will buy an inexpensive router/access point, never intending on using the access point, however that AP may have come enabled and unprotected by default, which was the norm up until a couple years ago. Disable it, or secure it!
  • Check computers for any P2P software which could be installed, perhaps by rogue apps, intentionally by children, or if you happened to purchase a used computer, it may have come loaded on it. Uninstall it. Kazaa and Limewire were installed automatically with some software bundles and though they did not automatically start downloading songs, if ever your computers were searched, it may come off looking as if you at one time may have intended to or actually engaged in illegal file share.  Bit Torrent apps need to go away too.  Yes, I realize there are legitimate uses for them, but try explaining that to the media cops.
  • Check your machines to insure they are not exploited by various malware / root kits (it may be worth hiring a professional to do this)… We have seen machines exploited and then used as file sharing hubs, where the unknowing owner has 1000s of songs they never downloaded sitting on their computer.
  • Talk to your children and explain that saving $1.00 for a music download could end up costing much more!
  • If you are downloading or have been downloading music that you have not been paying for, then chances are, you know it is wrong. Nothing is free in this world. You don’t get the latest Gaga tunes for free, no matter what the magic application you downloaded says.

If your letter was the warning as you saw above, you likely need do anything other than what I have outlined. If you get a more threatening letter, then seeking legal advice may be the next step for you. You will need to look for someone who knows copyright law.

Should you find yourself in this situation and just want to talk to someone in the Upstate or Greenville area about what to do, or need help in securing your network or computers, please do not hesitate to call us at 864.990.4748 or email info@homelandsecureit.com

Hacking: The Good, the Bad and the Murky (From IEEE Spectrum)

IEEE Spectrum Hacking Graph

IEEE Spectrum Hacking Graph

Over on the IEEE Spectrum site is a neat article on “The Two Faces of Hacking” which was last updated on July 6, 2011 as of this writing and it shows a graph of hacks, which is interactive to allow you to select only the “Good”, “Bad” or “Murky” hacks or any combination.

The graph was created to outline the differences between different hacks and exploits, from StuxNet to RFID hacking, to LulzSec…   It shows the level of impact of each, and how simple or innovative they are.

Pretty interesting take on it… Go check it out and let them know your thoughts…

1

Toshiba Thrive Android 10.1″ Tablet – Another iPad stomping device…

Toshiba Thrive Android Tablet

Toshiba Thrive Android Tablet

If you are one of the many looking for an alternative to the iPad and can’t bring yourself to like Windows based tablets, Toshiba may have the device for you.

The Toshiba Thrive 16GB tablet is a brand new product featuring:

  • Android 3.1 Honeycomb (Yes, it has Flash!)
  • 16GB storage, 1GB DDR2 memory
  • 10.1″ Display with 1080p resolution (1280×800)
  • NVidia ULP GeForce graphics for fast graphics
  • Stereo speakers w/Toshiba sound enhancements SRS Premium Voice Suite
  • Dual cameras – 5megapixel on the back (720p capture) and 2megapixel front facing with microphone
  • Expansion ports! HDMI to allow connection to your big screen or a projector for presentations,  full size SD card slot, USB 2.0 (Both full sized and mini!), docking connector and a stereo headphone jack
  • 802.11b/g/n Wi-Fi and Bluetooth 3.0 + HS

It also has a rubberized finish that helps you keep your grip and a replaceable battery!

There are a growing number of Android based tablets, but this one could very well be the best of the bunch (so far)…

To purchase this tablet, call us at 864.990.4748 or email info@homelandsecureit.com – We are a Toshiba partner here in Greenville / Upstate, SC.

If you would like to discuss how this product or any other tablet may work within your business, please call us…

Homeland Secure IT Giveaway Coming Soon!

Yes, we’re going to do it again….

We’re going to give away something!  Watch here for more info.

To be eligible, you will have to subscribe to this blog, our mailing list or our FB page *AND* be able to pick up whatever trinket it is in person…   We’re not shipping it out =)   (So it would be best if you were in the Upstate or Greenville SC area…

 

Happy Birthday America!

Happy Birthday America!

Thank you to our servicemen and women, both present and past, and especially to those who made the ultimate sacrifice!

We hope everyone has had a fantastic holiday weekend!!!!  We took today (Monday) off to be with our families and to celebrate the freedoms we have this country!

Microsoft Office 365 Cloud Computing Arrives With Little Fanfare

As a Microsoft Partner, we keep abreast of all the offerings that MS has that may be of interest to our clients.  One area of interest has been The Cloud as momentum in Cloud Computing / Cloud Services has been building slowly but steadily as businesses search for ways to save money and reduce personnel & IT costs.

Google Apps and Microsoft BPOS (Business Productivity Online Services) have really taken off as a way to possibly avoid having a mail server onsite and to save money on the purchase of office suite software, since the mail client is web based (or you can combine it with your out client, such as Outlook).

Earlier this week, Microsoft unveiled their Office 365 product, which is designed to attract those who hate the idea of purchasing a product, and would prefer to license a service or product.

In theory it is good… You are renting the software and it is cloud based. In practice, it may not be realistic for your business if you have lousy internet connectivity.

A ZD Net article the other day also claims that lack of bandwidth will be the downfall to these types of services. Find it here:

http://www.zdnet.com/blog/networking/office-365-8217s-potential-fatal-flaw-not-enough-internet-bandwidth/1204

If you have a business in the Greenville / Upstate, SC area and would like to know whether a cloud solution such as Office 365 can work for you, please call us and let’s talk! 864.990.4748 or email info@homelandsecureit.com – We are Microsoft Specialists!

2

Cisco introduces the RV110W Wireless-N VPN Firewall

Take Basic Connectivity to a New Level

The Cisco® RV 120W Wireless-N VPN Firewall combines highly secure connectivity – to the Internet as well as from other locations and remote workers – with a high-speed, 802.11n wireless access point, a 4-port switch, an intuitive, browser-based device manager, and support for the Cisco FindIT Network Discovery Utility, all at a very affordable price. Its combination of high performance, business-class features and top-quality user experience takes basic connectivity to a new level.

 Cisco RV 120W Wireless-N VPN Firewall

Product Overview

The Cisco RV 120W Wireless-N VPN Firewall features:

• High-speed, standards-based 802.11n wireless connectivity to help employees stay productive while away from their desks

• Integrated 4-port 10/100 switch with quality of service (QoS) support for enhanced voice, video and data traffic

• Support for separate “virtual” networks enables you to control access to sensitive information and to set up highly secure wireless guest access

• IP Security (IPsec) VPN support with hardware acceleration to deliver highly secure, high-performance connections to multiple locations and traveling employees

• Support for static routing, Routing Information Protocol (RIP) versions 1 and 2, and inter-VLAN routing to enable flexible connection sharing

• Proven stateful packet inspection (SPI) firewall, plus advanced wireless security to help keep business assets safe

• Simplified configuration through an intuitive, browser-based device manager

• Support for the Cisco FindIT Network Discovery Utility

Figure 2 shows back panel of the Cisco RV 120W. Figure 3 shows a typical configuration using the firewall.

Figure 2. Back Panel of the Cisco RV 120W

Figure 3. Typical Configuration

Product Specifications

Table 1 gives the product specifications for the Cisco RV 120W.

Table 1. Product Specifications

Feature Description
Routing  

• Static routing

• RIP v1 and v2

• Inter-VLAN routing
Layer 2  

• 802.1q -based VLANs

• 4 active VLANs (1 to 4094 range)
Network  

• Dynamic Host Configuration Protocol (DHCP) server, DHCP relay agent

• Point-to-Point Protocol over Ethernet (PPPoE), Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP)

• DNS Proxy

• IGMP Proxy and multicast forwarding

• Dynamic Domain Name System (DynDNS, TZO)

• Network Address Translation (NAT), Port Address Translation (PAT), Network Address Port Translation (NAPT), Session Initiation Protocol Application Layer Gateway (SIP ALG), NAT traversal, one-to-one NAT

• Multiple DHCP pools

• Port Management
IPv6  

• Dual-stack IPv4 and IPv6

• Multicast Listener Discovery (MLD) for IPv6 (RFC2710)

• Stateless address auto-configuration

• DHCP v6

• Internet Control Message Protocol (ICMP) v6
Security Access control: 

• IP access control lists (ACLs)

• MAC-based wireless access control

Firewall:

• SPI firewall

• Port forwarding and triggering

• DoS prevention

• Software based DMZ

Content filtering:

• Static URL blocking or keyword blocking

Secure management:

• HTTPS

• Username/password

802.1X

• Port-based RADIUS authentication (Extensible Authentication Protocol [EAP], Protected EAP [PEAP])

Certificate management

• X.509 v3 certificates

• Certificate upload using PEM format
VPN  

• 10 QuickVPN tunnels for remote client access

• 10 IPsec site-to-site tunnels for branch office connectivity

• Triple Data Encryption Standard (3DES), Advanced Encryption Standard (AES) encryption

• Message Digest Algorithm 5 (MD5)/Secure Hash Algorithm (SHA1) authentication

• Dead Peer Detection (DPD)

• IPsec NAT traversal

• VPN pass-through of PPTP, L2TP, IPsec
Quality of Service  

• 802.1p port-based priority on LAN port, application-based priority on WAN port

• 4 queues

• DiffServ support

• Traffic Metering
Management  

• Simple Network Management Protocol (SNMP) versions 1, 2c and v3

• Event logging: local, syslog, email alerts

• Firmware upgradable through web browser; imported/exported configuration in text format

• Simple browser-based configuration (HTTP/HTTPS)

• UPnP, Bonjour

• Network diagnostics with packet captures
Performance  

• NAT throughput: 95 Mbps

• 1000 concurrent sessions

• VPN throughput: 25 Mbps

Wireless LAN Specifications

Table 2 gives the wireless specifications for the Cisco RV120W.

Table 2. Wireless LAN Specifications

Feature Description
WLAN hardware IEEE 802.11n standard-based access point with 802.11b/g compatibility Radio and modulation type:

• 802.11b: direct sequence spread spectrum (DSSS)

• 802.11g/n: orthogonal frequency division multiplexing (OFDM)

• 2 omnidirectional 1.8 dBi gain external antennas

Operating channels:

• 11 in North America

• 13 in most of Europe

• Automatic channel selection

Transmit power:

• 802.11b: 17 dBm +/- 1.5 dBm

• 802.11g: 15 dBm +/-1.5 dBm

• 802.11n: 12.5 dBm +/- 1.5 dBm

Receiver sensitivity:

• 802.11b: 11 Mbps@ -90 dBm

• 802.11g: 54 Mbps @ -74 dBm

• 802.11n: 270 Mbps @ -71 dBm

Wireless Domain Services (WDS):

• Allows wireless signals to be repeated by up to 2 compatible receivers

Wi-Fi Multimedia (WMM):

• WMM with QoS (802.11e)

• WMM Power Save (WMM-PS)
Active WLAN clients  

• Up to 64 clients
Service Set Identifiers (SSIDs)  

• Up to 4 separate virtual networks
Wireless VLAN  

• Support for SSID to VLAN mapping with wireless client isolation
WLAN security  

• Wi-Fi Protected Access (WPA2, 802.11i)

 

System Specifications

Table 3 gives the system specifications for the Cisco RV 120W.

Table 3. Table 3 System Specifications

Feature Description
WAN 10/100 Mbps Fast Ethernet WAN port
LAN 4-port 10/100 Mbps switch with support for VLAN and QoS
WLAN Built-in high-speed 802.11n wireless access point
Physical dimensions and weight  

• W x D x H = 5.91 in. x 5.91 in. x 1.34 in. (150 mm x 150 mm x 34 mm)

• Weight: 1.10 lb (0.5 kg)
Power 12V 1A
Certification  

• FCC Class B

• CE

• IC

• Wi-Fi
Environmental operating range  

• Operating temperature: 0° to 40°C (32° to 104°F)

• Storage temperature: -20° to 70°C (-4° to 158°F)

• Operating humidity: 10% to 85% noncondensing

• Storage humidity: 5% to 90% noncondensing

 

Configuration Requirements

Table 4 lists the configuration requirements for the Cisco RV 120W.

Table 4. Configuration Requirements

Feature Description
Network adapter PC with network adapter and Ethernet cable
Web-based configuration Web browser

 

Ordering Information

Table 5 gives ordering information for the Cisco RV 120W.

Table 5. Ordering Information

Part Number Product Name
RV120W-A-NA Cisco RV 120W Wireless-N VPN Firewall (USA)
RV120W-E-G5 Cisco RV 120W Wireless-N VPN Firewall (Europe)
RV120W-N-AU Cisco RV 120W Wireless-N VPN Firewall (Australia)
RV120W-A-CN Cisco RV 120W Wireless-N VPN Firewall (China)
RV120W-A-CA Cisco RV 120W Wireless-N VPN Firewall (Canadian French)
RV120W-A-AR Cisco RV 120W Wireless-N VPN Firewall (Argentina)
Interested in the Cisco RV110W Wireless-N VPN Firewall? Please call 864.990.4748 or email info@homelandsecureit.com – We can help with all your Cisco SMB needs in Greenville and Upstate SC!

Casinos have incredible video surveillance… You can too!

I’m away on vacation with my lovely wifey Pamela, and our first stop on the Gulf tour was the IP Casino and Resort in Biloxi, MS, where we met my older brother, his wife and their oldest daughter…

While roaming around, it was easy to see that the “eye in the sky” was ever present, and I do mean EVERYWHERE.  Heck, at check-in, there were 17 cameras that I spotted without even turning my head around! On the 2nd floor, where the big buffet and the non-smoking casino area is, there were at least 60 cameras clearly visible. (How many were not visible?).

There were cameras in hallways, elevators and parking garages. Who knows, maybe even some in the bathrooms. (Let’s hope not).

What it reminded me of was how grateful I am that we have surveillance at our places of business (Homeland Secure IT has at least a dozen that you can see inside and outside), and at our home.

When we are away from work or home, we get alerts in email, letting us know that something, or someone moved in view of our cameras. We can then use our Android smartphone, computer or iPad to watch the cameras in real-time. They record video and audio automatically. They see in the dark, and offer very high resolution.

While setting up a casino is not outside our realm of expertise, setting up your home or business is right in the middle of our sweet spot.

If you crave the peace of mind offered by high quality video surveillance, then give us a call and let’s talk about how we can put a system in place that will meet your needs and desires.

We offer IP Network cameras, both wired and wireless, as well as conventional CCTV solutions. We are dealers for quality products from Cisco, Panasonic and other manufactures and we serve the Greenville / Upstate SC area.

864.990.4748 or info@homelandsecureit.com for more information!

Was your personal information harvested from one of the major hacked websites?

If you are wondering if your information was exploited from one of the major hacked websites, there is a website that may tell you that.

https://shouldichangemypassword.com/

It checks several databases for the occurrence of your email address.  If your address is there, you may need to be concerned.  If not, carry on…

I checked most of my email addresses and those of my family without finding one, but I did check a few that belong to friends and clients and found one.