Homeland Secure IT Alert

Secure IT Alert for Thursday, February 2, 2012

If you are running a current version of Apple Mac OS X, 10.6.x or OS X 10.7.x  (Snow Leopard & Lion respectively), then you are vulnerable to exploits that these patches correct.

These security flaws could potentially allow an attacker to execute code on your computer after you visit a malicious web site or download/view affected documents or files, or allow Denial of Service (DoS) or even elevation of privileges.

How do you fix this? Apple has released OS X Security Update 2012-001 and OS X 10.7.3 to fix these security problems – UPDATE ASAP.

The 52 security vulnerabilities affect 27 components that are part of OS X and OS X server.  Some of the affected software includes: Apache, OpenGL, PHP, QuickTime and Time Machine.

A few examples:

Buffer overflow vulnerability in ImageIO – View a malicious image and it could result in a crash of an application, or code to be executed on your computer. The upside is, it would only execute with your privileges.

Buffer overflow vulnerability in CoreAudio – Play a malicious audio file and experience a crash of your system, or execute code with your privileges.

QuickTime vulnerabilities – Six of these babies could mean that if you open a malicious image or video in QT, code could be executed with your privileges.

The full update information can be found at http://support.apple.com/kb/HT5130

Should you require assistance in applying these updates, do not hesitate to call us in the Greenville or Upstate SC area at 864.990.4748 or email info@homelandsecureit.com

Homeland Secure IT Alert

Homeland Secure IT Alert

Homeland Secure IT Alert for Wednesday, January 11, 2012

Yesterday was Adobe’s first patch day of the new year and the security bulletin describes a total of six vulnerabilities in Adobe Reader and Acrobat X 10.1.1 and older, on both Microsoft Windows and Apple Mac.

The issues that are addressed are considered “critical” in nature and the solution is to download and deploy updates or to allow the Adobe Software Updater to perform the updates for you.

Adobe Reader X 10.1.2

• For Windows
• For Mac

Adobe Acrobat X 10.1.2

• Standard and Pro for Windows
• Pro Extended for Windows
• Pro for Mac

Homeland Secure IT Alert

Apple Safari web browser can be used as an avenue that would allow malicious code on a web site to be run with whatever privileges you have on that computer.

Here’s an actual security bulletin you can read about this:

https://secunia.com/advisories/47237/

Until this is patched for sure, I believe I would not be using the Apple Safari browser on a Windows 7 machine.  Just my two cents.

Secure IT

Microsoft didn’t forget your Christmas gift….  And it’s coming early!

That’s right, Microsoft Patch Tuesday is upon us again, and this December 13th you can expect a slew of updates covering the entire line of current Microsoft Windows operating systems.

Operating Systems: Windows XP 64 & 32 bit, Server 2003 64 & 32 bit and Itanium based servers, Vista 32 & 64 bit, Windows Server 2008 and the Server Core, Server 2008 R2 Windows 7 32 / 64

Other Software: Microsoft Internet Explorer 6, 7, 8 and 9, Microsoft Office for Windows 2010 & Office 2004 2008 for Mac and individual applications Publisher 2003 & 2007,  Excel 2003 PowerPoint 2007 & 2010,  PowerPoint Viewer 2007, Office compatibility pack for Word, Excel and PowerPoint File Formats.

Chances are good that if you own a Microsoft Windows machine, or a Mac with Office, then you need to be letting your system update.

The complete bulletin can be found here: http://technet.microsoft.com/security/bulletin/ms11-dec

If you need assistance applying these updates or with any other computer service issue, please let us know!  864.990.4748 or info@homelandsecureit.com

This is obviously not good for those using the iPad for financial, medical or legal purposes.

The work around until this is fixed correctly is to lock the iPad while on the home screen or a screen which does not display anything of importance (Like “Please Stay Calm” or maybe “Angry Birds”).

A quick search turned up people talking about this on forums and a number of news articles such as this one from cnet.com.

There is mention of a security flaw with Siri that allows people to send text messages, emails and even make phone calls from a password-protected iPhone 4s lock screen.

Be sure get your devices up to date…

• OS X Lion v10.7.2 and Security Update 2011-006
• iTunes 10.5
• Safari 5.1.1
• iOS 5 Software Update
• Numbers for iOS v1.5
• Pages for iOS v1.5
• Apple TV 4.4

Anyone browsing to mysql.com yesterday would have been redirected, and without even being prompted, then likely been exploited themselves by the software running on the rogue website which apparently looked for vulnerable browser plugins to use for an injection point.

Trend Micro’s smart web filtering may have caught this and stopped it, but one thing is for sure… Doing everything you can to protect yourself from this type of exploit is more important than ever.

You should always insure you are running up-to-date and mainstream/quality anti-virus software (Such as Trend Micro), and also keep your operating system (whether Microsoft Windows, Apple Mac OS X or even linux), browser, and all support software such as Adobe Flash Player, Adobe Reader and JAVA, as well as Microsoft Office fully updated!

Another thing you should consider is backups! With the cost of USB hard drives at an all time low, and online backup (Like our Servosity offering) being an easy install, configuration and affordable, there is no excuse to not have backups.

Should you need assistance in the Greenville / Upstate SC area determining what you or your business needs, please contact us at 864.990.4748 or email info@homelandsecureit.com. We provide sales of Trend Micro, Symantect & McAfee anti-virus protection, virus cleanup & removal, and can handle your computer service & computer repair tasks!

You will want to read this article http://www.theregister.co.uk/2011/08/26/mac_osx_lion_security_hole/…

This is kind of a big deal, as it underscores that Mac OS X Lion machines simply fail at LDAP, a basic part of enterprise network integration.

In short, if you bring these Macs into your environment, once authenticated, they simply don’t care which password is entered, they simply say “yer in!”…

Those of you who believe Macs are super secure need to rethink that philosophy and accept that there are problems with all OSes that pose a threat.  About a week ago, I posted about a threat that involves a pure Mac server network, without any Microsoft involvement, just as bad as this current LDAP issue, no, actually worse.

If you would like to discuss integration of Macs into your Greenville / Upstate, SC Microsoft Windows environment, please give us a call at 864.990.4748 or email info@homelandsecureit.com…

These affect Apple Mac as well as Microsoft Windows…

Here’s the actual US-CERT Technical Cyber Security Alert:

National Cyber Alert System

Technical Cyber Security Alert TA11-222A

Adobe Updates for Multiple Vulnerabilities

Original release date: August 10, 2011

Last revised: –

Source: US-CERT

Systems Affected

* Shockwave Player 11.6.0.626 and earlier versions for Windows and Macintosh

* Flash Media Server 4.0.2 and earlier versions for Windows and Linux

* Flash Media Server 3.5.6 and earlier versions for Windows and Linux

* Adobe Flash Player 10.3.181.36 and earlier versions for Windows, Macintosh, Linux, and Solaris operating systems

* Adobe Flash Player 10.3.185.25 and earlier versions for Android

* Adobe AIR 2.7 and earlier versions for Windows, Macintosh, and Android

* Adobe Photoshop CS5 and CS5.1 and earlier versions for Windows and Macintosh

* RoboHelp 9 (versions 9.0.1.232 and earlier), RoboHelp 8, RoboHelp Server 9, and RoboHelp Server 8 for Windows

Overview

There are multiple vulnerabilities in Adobe Shockwave Player, Flash

Media Server, Flash Player, Photoshop CS5, and RoboHelp. Adobe has

released updates to address these vulnerabilities.

I. Description

Adobe security bulletins APSB11-19, APSB11-20, APSB11-21,

APSB11-22, and APSB11-23 describe multiple vulnerabilities in Adobe

Shockwave Player, Flash Media Server, Flash Player, Photoshop CS5,

and RoboHelp. An attacker may use these vulnerabilities to run

malicious code or cause a denial of service on an affected system.

Adobe has released updates to address these vulnerabilities.

II. Impact

These vulnerabilities could allow an attacker to run malicious code

on the affected system or cause a denial of service.

III. Solution

Users of these Adobe products should review the relevant Adobe

security bulletins and follow the recommendations in the “Solution”

section.

APSB11-19: Security update available for Adobe Shockwave Player

APSB11-20: Security update available for Adobe Flash Media Server

APSB11-21: Security update available for Adobe Flash Player

APSB11-22: Security update available for Adobe Photoshop CS5

APSB11-23: Security updates available for RoboHelp

IV. References

* Security update available for Adobe Shockwave Player -

<http://www.adobe.com/support/security/bulletins/apsb11-19.html>

* Security update available for Adobe Flash Media Server -

<http://www.adobe.com/support/security/bulletins/apsb11-20.html>

* Security update available for Adobe Flash Player -

<http://www.adobe.com/support/security/bulletins/apsb11-21.html>

* Security update available for Adobe Photoshop CS5 -

<http://www.adobe.com/support/security/bulletins/apsb11-22.html>

* Security updates available for RoboHelp -

<http://www.adobe.com/support/security/bulletins/apsb11-23.html>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA11-222A.html>

—

If you require help, please call us at 864.990.4748 or email info@homelandsecureit.com

The vulnerability they specifically mention is the DHX authentication scheme which is easy to compromise and apparently “trivial to force OS X server to resort back to” from the more secure Kerberos.

A proof-of-concept has been demonstrated by the group that works as such:  A test Mac connected to a LAN waits to be contacted by a machine running OS X server, and then it quickly copies all its authentication credentials. It then contacts other Macs on the network and pretends to be the administrator machine and when they respond it is able to access and download data from them.

More information can be found in the article above, but a rep from iSec sums it up by saying, “If we go into an enterprise with a Mac and run this tool we will have dozens or hundreds of passwords in minutes” and also that “Macs are fine as long as you run them as little islands, but once you hook them up to each other, they become much less secure.”

While we have not seen the tool used to demonstrate the threat, the theory is sound.

Apple has done little to protect their owners in regard to this, and all it would take is exploits such as this to be released into the wild and then one careless individual to cause a total compromise of networks comprised primarily of Macs.

Here’s a look at our site for July 1st until August 1st broken down by browser and platform:

Homeland Secure IT Browser Stats

Other than the super-high bounce rate, we see some important information…

Internet Explorer running Microsoft Windows is just darn popular! Followed by Firefox and then Chrome, also on Windows…   In fact, they account for about 80 percent of all traffic…

Up next is Safari & Firefox on the Mac…  And then down a bit is Chrome on the Mac.  Mac is the apparent source of 9.38% of traffic to our site (And less than 5% of our business).

The iPad viewers and the Android viewers accounted for 2% and 1.2% respectively… So a number of people were sitting on the toilet while surfing our site.

Here’s a further break down of mobile user specs:

Homeland Secure IT mobile browser info

iPad, iPhone & iPod dominates this category for sure, with Android 2nd, and Blackberry 3rd…   Windows made a horrible showing… And what’s up with Palm? Someone is using that? hehe

I compared these stats to July 2010 and found Android usage has come up considerably, but iPad maintained a steady lead even then.

Looking at the percentage of Windows versus other platforms, Windows has lost only a two percentage points in a year, and those were taken up by mobile devices.

It will be interesting to see what this looks like in another year. I’m guessing mobile device usage will continue to grow, maybe even at an accelerated rate due to the large numbers of new tablets being introduced, and smartphones replacing older cell phones…

What are your experiences with your own website/s?

Kabloooieeeeeeee! Mac battery meltdown...

Could your Apple Mac Macbook, Macbook Pro or Macbook Air be a ticking timebomb? According to one researcher, yes.

An interesting article over on PHYSORG.com states that a researcher with Accuvant Labs will be demonstrating an exploit on current Mac models that could result in a battery pack actually exploding if the vulnerability is leveraged by hackers.

It seems that the issue at the heart of this matter is a firmware password that, if known, could be used by someone with malicious intent to change parameters inside the Mac fairly easily.

This will be an interesting one to watch develop over time due to the nature of firmware updates. A large majority of electronics from your A/V system remote control to the computer in your car can receive updates in various ways. Smartphones can get updates OTA (Over The Air), automatically, and so do many internet attached appliances like VoIP, IP Surveillance and Security systems.

At the time I write this, I am unaware of an actual exploit in the wild for the Apple Mac products, however, after the upcoming demonstration to a group of  ”black hat” hackers, if un-addressed by Apple, we could see something out there in the next few weeks.

Why is the apparent rate of hardware failure higher with Apple Mac products than with Microsoft Windows based products?

Homeland Secure IT’s typical client is a Windows based small or medium business, and a little less than 5% of those businesses and individuals have Apple Mac products that we support as well. A larger number have iPads and iPhones, but I won’t touch on those in this blog, I’ll focus on the Apple Mac desktops and notebooks.

So far this year, we have seen a higher rate of component failure in Mac products than we have in all the hundreds of PCs and Servers we support that are from various manufacturers such as Dell, HP, Lenovo, Toshiba, NexLink, etc.

We have had a slew of Macs with total hard drive failures.  Western Digital (WD) seems to comprise the majority of those drives as I recall.  Not just one model in particular, but notebooks and desktops.

We also have had Mac power supply and video card issues.

All these problems totally cripple the computer in all but a few cases, and labor is much more intensive on many of these products than they are on a typical Windows based PC.

For instance, you should try removing the power supply from a big G5 Mac. This is not a 15 minute procedure like it is on those Windows based computers. And have you priced one of these power supplies? We can get some outstanding power supplies for a typical PC for less than 60 dollars. Not the case with the Apple power supply at all.

A hard drive replacement in an HP desktop is physically accomplished in 10 minutes, and to reload Windows 7, patch it all up with updates, apply all support software like Adobe and Java products will take another 30-40 minutes.

On an Apple iMac 20″ with the black plastic back, you have to pull the front screen cover off with appropriate suction cups, take the LCD panel out, transfer mounting components and temp sensors to the new drive, load the OS and updates… We’re talking about nearly twice as long, and those who rush this job or attempt it at home end up scratching the screen covers, breaking LCD panels or damaging cables that go to them.

But I digress…  Let’s get back to the original question. Why are Apple Mac products failing at a higher rate than inexpensive Windows based PCs?  If only 5% of our business is comprised of Apple products, why are those 5% of machines exceeding the failure rate of the less expensive Windows alternative machines?

Scouring the forums and blogs results in finding people with the same experiences…

This has me curious enough to track it carefully going forward, so maybe I will post a follow-up, but until then, I would love to hear your input.

If you happen to be in the Greenville or Upstate SC area and require Apple Mac service, please give us a call at 864.990.4748 or email info@homelandsecureit.com. We are less expensive than many alternatives and provide fast and reliable service!

How about operating your computer without a backup?

Not a week goes by that we don’t hear some horror story about computer owners losing data. It could be from a virus, a failed hard drive, a dropped notebook, even a misplaced or stolen notebook, but either way, the data is gone and one of the following generally takes place next:

• An IT service professional may be able to recover the data if you have the device, and it has not been physically destroyed.
• You recover from a backup that you have made (hopefully recently) but it may require the re-installation of the OS and/or applications by an IT support professional if your backup is not an image of the running system.
• You write it off and start from scratch – losing all your data…

Either way, not a pretty picture if this happens to you.

All this can be avoided by obtaining quality backup software or cloud services to accomplish this. If you need assistance determining methods of disaster recovery for your home or business computer, or an entire network of computers and servers, please contact us here at Homeland Secure IT… We are partners with Servosity, Symantec, Quantum, Mozy and other backup solution providers. We have solutions for Apple Mac OS X, Linux, Microsoft Windows, Microsoft Server, Microsoft Exchange, Microsoft SQL and more!

864.990.4748 or info@homelandsecureit.com for more information in the Greenville / Upstate SC area.

The Samsung Galaxy Tab 10.1 is shipping on the 17th of June, and pre-orders are being accepted at major retailers now, so dads, be sure to let your family know!

The Galaxy Tab 10.1 comes in two flavors, a $499.99 version which sports 16GB and a $599.99 version which has 32GB.

Anyone want to buy a slightly used, and personalized Apple iPad 2 64GB w/Verizon 3G?  I would gladly let it go for slightly less than I have in it in order to get the Android Honeycomb 3.1 operating system, Adobe Flash, dual core processor, yada yada yada…  But alas, Verizon has not released their 4G LTE version yet. When that happens, you may be seeing me dump an iPad 2 for just enough to replace it with the Tab 10.1!

If you plan on getting one, or maybe plan on NOT getting one, I’d love to hear what you have to say…

Case in point – people using Google for Gmail, Calendars, Talk, Docs and Sites will lose functionality according to Google starting August 1st of 2011 as they are making a switch to supporting only “modern browsers”, and all future code releases will be focused on the newer browser versions.

You can read more about this on the Google Docs Blog http://googledocs.blogspot.com/2011/06/our-plans-to-support-modern-browsers.html

The majority of people should be able to upgrade to newer browsers, however, there will be a handful who are locked into an older browser due to a particular website they use ONLY supporting IE7 for instance. If you are one of those who must use an older browser for a corporate website, but want to run a newer browser, that’s possible! Just download and install Google Chrome for instance and use IE7 only for your corporate site.

Should you need help upgrading your browser, or have questions, please call upon us at 864.990.4748 or email info@homelandsecureit.com – we offer business computer support in the Greenville / Upstate, SC area….

In an article titled “How to avoid or remove Mac Defender malware“,  posted yesterday on the http://support.apple.com site, you can find out how to avoid this inconvenience and remove it.

The following quote gives hope that Apple has had a change of heart and will indeed address the issue:

“In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants.  The update will also help protect users by providing an explicit warning if they download this malware.”

If you are ever prompted for your administrator password, give great consideration to WHY you would need to provide those privileges. Doing so gives whatever requested it full ownership of your Mac.

Should you feel more may be going on with your Apple Mac OSX system than meets the eye, see a computer service professional immediately. Symptoms of an infected machine include, but are not limited to: Computer seems slow, your sent email is being rejected, windows appear or programs open (or close) that you did not initiate, unexpected shutdowns, etc.

If you have fallen for the Mac Defender scam and input your credit card, call your credit card company immediately and inform them.

http://gizmodo.com/5803498/apple-to-customer-service-dont-help-our-customers-with-malware

There is a further link from that page: http://www.zdnet.com/blog/bott/apple-to-support-reps-do-not-attempt-to-remove-malware/3362

If you happen to feel your Mac is infected – seek a professional computer service provider’s input.

Motion CL90 Windows 7 Tablet

Effective today, the Motion CL900, the latest addition to Motion’s suite of enterprise-built tablet PCs, is now available for shipping with the standard  4 week lead time from Authorized Motion Reseller Partners.

The CL900 is a rugged, lightweight and powerfully equipped tablet PC purposefully designed, developed and built for business. At a starting price of only $899, the latest Tablet PC from Motion packs performance, power and integrated features into an ultra-mobile and lightweight design.

The Motion CL900 comes standard with:

• Bluetooth
• WLAN
• Integrated Front and Rear-Facing Cameras
• Corning Gorilla Glass Display Protection

Additional options include:

• Up to 2GB of RAM
• Up to 62GB Solid State Drive (SSD)
• Gobi Connectivity (WWAN)

There are also some supporting accessories available, including a unique desktop docking station and protective display film, as well as extended warranties.

Homeland Secure is happy to be able to offer these tablets to our Greenville / Upstate business clients! For more information, please contact us at 864.990.4748 or email info@homelandsecureit.com

He claims that the iPad is too expensive to win in the enterprise market and that other devices may very well beat it out… Of course Dell would like to think that their own will be the “winner” in the tablet wars.

We’re seeing tons of tablets hit the streets, from the beloved Apple iPad and iPad II, to the more cutting edge Android based tablets like the Motorola Xoom and Samsung Galaxy series, but still, the businesses we work with are hesitant to embrace the technology, especially the Apple iPad, due to the expense primarily.

Some Microsoft Windows 7 based tablets are actually gaining the interest of our clients, such as those from Motion. These are hardened tablets which charge quickly, offer complete compatibility with existing infrastructure and a proven user interface.

What are your thoughts for tablets for your business? What are you using? What gets you excited?

What can you do to help protect yourself, your computer and your private data? Use a little common sense and don’t just randomly click on every link you see.

Sometimes, a link can come to you through email, a Facebook message, or a wall post on Facebook, and it will appear to be from your best friend, or a trusted co-worker, but it was really sent from a malicious source.

Here’s an example of a link posted on Facebook recently:

Typical social engineering attempt to lure you to a bad site...

This is a typical “social engineering” attempt to get you to visit a malicious site.

It works like this: The mark will see the link on their best friend’s wall and because it looks appealing and came from Bob, it has to be good, so they click on it.  The link loads a site that LOOKS like YouTube or some other video site. When they try to play the video, what happens next is sheer genius. They are told that a codec or other piece of software needs to be updated. Of course, they have gone this far, so they will almost always agree to install the software.

And THAT is where the magic takes place. Even if you are running anti-virus, many times, this malicious software is allowed to install because the A/V sees it as a “user initiated action” and simply gets out of the way and lets you perform the install. After all, you know what you are doing, right?

Now there is malicious software running which may do many things, from disabling the anti-virus, to loading key loggers that send every key typed on that computer to some site in Tracrapistan, or full access to the machine may be granted to a remote user, allowing them to use the exploited machine to send spam, distribute more bad software etc.  Whatever takes place is surely not good. They are not defragging the hard drive and doing your taxes.

Then there’s email “Phishing”…  Here’s what that looks like…   Can you spot what is wrong?

There are a number of things wrong with the above email example… Most banks do not send you email warnings that you have been locked out of your account, and in my case, I don’t even have a Chase bank account…. But those are not the one tell-tale sign that will prove beyond a shadow of a doubt it is a phishing message or an attempt to coax you to a malicious website…

To see that, you need only hover over the link itself:

When you place your mouse over the link, without even clicking on it, your email client will generally display the actual link.  This one points to http://ciamedia.be…. not even close to a Chase server.  The perpetrator of this attempted phishing attempt didn’t even try. Sometimes they will register a domain that LOOKS like the source, such as http://www.chasesecuresite.com.

Again, if you are using current mainstream anti-virus software, such as Trend Micro Worry-Free Business Security or Trend Micro Titanium, every URL that you visit will be checked before allowing you to continue… Attempting to visit a malicious site will result in a dire warning displayed in your browser….

Above is the warning you will see in your browser upon visiting a fraudulent site if you are using Trend Micro Worry-Free Business Security …

Then you will also see this warning pop up from your task bar:

Obviously, relying solely on your anti-virus software is not the wisest thing in the world…   Safely browsing the web requires some common sense.

BUT, reliable and up to date anti-virus gives you an advantage that your unprotected brethren do not have. Especially for you Apple Mac OS X owners.

If you are looking for quality anti-virus, anti-malware, anti-spam software for your business or personal computer, we highly recommend Trend Micro… We are a Trend Micro partner and would love the opportunity to offer their fantastic products to you, whether you need only one install for yourself, or 1000 seats for your company.  We not only sell it, but we support it, along with full computer, server & network service / repair in Greenville & Upstate SC!

Please email info@homelandsecureit.com or call 864.990.4748 for more information.

Homeland Secure IT Alert

Homeland Secure IT Alert for Wednesday, March 23, 2011

Adobe has released out-of-cycle updates earlier this week that affect Flash Player, Reader and Acrobat across many platforms such as Apple Mac OS X, Microsoft Windows, Android and Chrome… Here is the summary from the WatchGuard Security Center:

Severity: High

21 March, 2011

Summary:

• These vulnerabilities affects: Recent versions of Adobe Reader, Acrobat,  and Flash Player
• How an attacker exploits it: In various ways, but most commonly by enticing your users into visiting a website containing malicious Flash or Reader content
• Impact: In the worst case, an attacker can execute code on your computer, potentially gaining control of it
• What to do: If you use these popular Adobe products, you should download and install their various updates as soon as possible.

Exposure:

Typically, Adobe’s quarterly Patch Day falls on the same Tuesday as Microsoft Patch Day (the second Tuesday of the month). However, a recent zero day Flash exploit circulating in the wild has encouraged Adobe to release a few out-of-cycle patches early. Today, Adobe released two security bulletins that fix a  zero day Flash vulnerability in Reader, Acrobat, and Flash Player, running on all platforms (including Android).

Though the two bulletins affect different software, they both fix the same core Flash related vulnerability that we described in our earlier WatchGuard Security Center post. As usual, Adobe doesn’t describe this zero day flaw in any technical detail. However, they do mention that the flaw lies within the authplay.dll component, which all three vulnerable products use. By enticing one of your users to visit a web site or download a PDF file containing malicious flash content, an attacker could leverage this flaw to execute code with that users privileges. If your users have administrative or root privileges on the victim platform, the attacker would gain complete control.

As was the case during our first post, attackers have been exploiting this flaw in the wild (even before Adobe knew it existed). If you use the affected software (as most users do), we highly recommend you install Adobe’s updates immediately.

For more details about these update, see Adobe’s bulletins below:

• APSB11-05: March 2011 Flash Player Update
• APSB11-06 : March 2011 Reader and Acrobat Update

Solution Path:

Adobe has released Reader, Acrobat, and Flash Player updates to fix this flaw. If you use any of the software below, we recommend you download and deploy the corresponding updates as soon as possible, or let Adobe’s automatic updater do it for you. Note: Adobe has not yet released a Reader X update for this vulnerability, since Reader X’s default sand-boxing technology should protect you from this flaw by default.That said, we do expect a Reader X update at a later date.

• APSB11-05:
  • Flash Player 10.2.153.1
  • Flash Player 10.2.156.12 for Android <= (link only works from Android phone)
  • Google Chrome (w/Flash 10.2.154.25)
  • AIR 2.6
• APSB11-06:
  • Adobe Reader
  • For Windows
  • For Mac
    • Adobe Acrobat
    • Standard and Pro for Windows
    • Pro Extended for Windows
    • Pro for Mac

For All WatchGuard Users:

Some of WatchGuard’s Firebox models allow you to prevent your users from downloading certain types of files via the web (HTTP) or email (SMTP, POP3). If you like, you can temporarily mitigate the risk of some of these vulnerabilities by blocking various Adobe-related files using your Firebox’s proxy services. Such files include, .PDF, .SWF, .DIR, .DCR, and .FLV. That said, many websites rely on these files to display interactive content. Blocking them could prevent some sites from working properly. Furthermore, many businesses rely on PDF files to share documents. Blocking them would affect legitimate files as well. For that reason, we recommend the updates above instead.

Nonetheless, if you choose to block some Adobe files, follow the links below for video instructions on using your Firebox proxy’s content blocking features to block files by their file extensions:

• Firebox X Edge running 10.x
  • How do I block files with the FTP proxy?
  • How do I block files with the HTTP proxy?
  • How do I block files with the POP3 proxy?
  • How do I block files with the SMTP proxy
• Firebox X Core and X Peak running Fireware 10.x
  • How do I block files with the FTP proxy?
  • How do I block files with the HTTP proxy?
  • How do I block files with the POP3 proxy?
  • How do I block files with the SMTP proxy?

Status:

Adobe has released updates to fix these vulnerabilities.

References:

• Adobe Flash Player Security Bulletin
• Adobe Reader Security Bulletin

This alert was researched and written by Corey Nachreiner, CISSP. (@SecAdept)

—

If you require assistance with these or any other computer service related issues in Greenville or Upstate SC, please call 864.990.4748 or email info@homelandsecureit.com – We are WatchGuard partners and offer sales and support of their fine line of security appliances to help protect your network!

Homeland Secure IT Alert

Homeland Secure IT Alert

Homeland Secure IT Alert for Tuesday, March 22, 2011

Apple Mac OS X owners will be happy to know that they have not been forgotten and that 57 vulnerabilities that affect all current versions of OS X 10.5.x (Leopard) and OS X 10.6.x (Snow Leopard) are addressed in this major security update.

A total of 26 components that ship as a part of OS X and OS X Server, including five for Quicktime, ClamAV and Apache are affected.  In short, there exists many code execution vulnerabilities, Denial of Service (DoS) & cross-site scripting flaws, as well as information disclosure issues which this update will help protect you from. Suggested action – install all necessary updates as soon as possible, keep current anti-virus on your computer and avoid opening links and documents sent in email that you are not expecting.

Here’s the post from the WatchGuard site:

WATCHGUARD SECURITY ANNOUNCEMENT:

Summary:

• These vulnerabilities affect: All current versions of OS X 10.5.x (Leopard) and OS X 10.6.x (Snow Leopard)
• How an attacker exploits them: Multiple vectors of attack, including enticing your users to visit a malicious web site, or into downloading and viewing various documents or images
• Impact: Various results; in the worst case, an attacker executes code on your user’s computer
• What to do: OS X administrators should download, test and install OS X 10.6.7 or Security Update 2011-001 as soon as possible, or let Apple’s Software updater do it for you.

Exposure:

Today, Apple released a security update to fix vulnerabilities in all current versions of OS X. The update fixes around 57 (number based on CVE-IDs) security issues in 26 components that ship as part of OS X or OS X Server, including Apache, Quicktime, and ClamAV. Some of the fixed vulnerabilities include:

• Multiple ImageIO Buffer Overflow Vulnerability. ImageIO is one of the components that helps OS X handle various image file types. Unfortunately, it also suffers from various security vulnerabilities involving the way it handles certain types of image files (such as a buffer overflow vulnerabilities). Though these vulnerabilities differ technically, they generally share the same scope and impact. If an attacker can get a victim to view a specially crafted image file (perhaps hosted on a malicious website), he could exploit any of these flaws to either crash an application or to execute attack code on the victim’s computer. By default, the attacker would only execute code with that user’s privileges. The affected image types include JEPG, TIFF, and XBM.
• Many ATS Vulnerabilities. The Apple Type Service (ATS) helps OS X machines handle fonts. ATS suffers from various memory related vulnerabilities having to do with the way it handles certain types of embedded fonts. By tricking one of your users into downloading and viewing a malicious document containing a specially crafted font, an attacker can exploit this flaw to execute code on that user’s computer. By default, the attacker would only execute code with that user’s privileges.
• Five Quicktime Vulnerabilities. Quicktime is the popular video and media player that ships with OS X (and iTunes). Quicktime suffers from five security issues (number based on CVE-IDs) involving how it handles certain image and video files. While the vulnerabilities differ technically, they share the same basic scope and impact. If an attacker can trick one of your users into viewing a maliciously crafted image or video in QuickTime, he could exploit any of these flaws to execute code on that user’s computer, with that user’s privileges.

Apple’s alert also describes many other code execution vulnerabilities, as well as some Denial of Service (DoS) flaws, cross-site scripting (XSS) vulnerabilities, and information disclosure flaws. Components patched by this security update include:

Please refer to Apple’s OS X 10.5.x and 10.6.x alert for more details.

On a related note, Apple has released many security updates in the last few weeks. Besides the Java update we alerted about early this month, Apple has also posted the following security-related product updates:

• Apple TV 4.2
• Safari 5.0.4 forOS X and Windows
• iOS 4.3 for iPhone, iPad, and iPod

If you use any of those products, we recommend you update them as well, or let Apple’s automatic Software Updater do it for you.

Solution Path:

Apple has released OS X Security Update 2011-001 and OS X 10.6.7 to fix these security issues. OS X administrators should download, test, and deploy the corresponding update as soon as they can.

• Security Update 2011-001 (Leopard)
• Security Update 2011-001 (Leopard Server)
• OS X 10.6.7 Update
• OS X 10.6.7 Update for early 2011 Macbook Pro
• OSX Server 10.6.7 Update
• OS X 10.6.7 Update Combo
• OSX Server 10.6.7 Update Combo

Note: If you have trouble figuring out which of these patches corresponds to your version of OS X, we recommend that you let OS X’s Software Update utility pick the correct updates for you automatically.

For All Users:

These flaws enable many diverse exploitation methods. Some of the exploits are local, meaning that your perimeter firewall never encounters the attack (unless you use firewalls internally between departments). Installing these updates, therefore, is the most secure course of action.

Status:

Apple has released updates to fix these flaws.

References:

• March 2011 OS X 10.5x and 10.6.x Security Update

This alert was researched and written by Corey Nachreiner, CISSP. (@SecAdept)

—

If you require assistance with these updates or any others on your Apple Mac OS X system, Microsoft Windows workstation or server or have any other network computer security questions or issues in the Greenville, Upstate SC area, please call 864.990.4748 or email info@homelandsecureit.com

Homeland Secure IT Alert

• Determine the drive is indeed dead, have last rites, it was a good drive.
• Replace the drive in the computer.
• Format and load our operating system. (We do have the install disks, right?)
• Configure all the networking, ownership, accounts, etc. (What? No net access? Of course not, you don’t have the right driver)
• Load drivers for network interface,  audio, video and other hardware. (They are long out of date if you are using the original install media)
• Load all the updates, patches and driver updates. Windows XP systems may require 100 updates or more!
• Load your applications… Of course you know where the disks and license keys are.
• Find some applications online because they were downloaded. Guess what? Your key no longer works with the current version, your version is no longer available for download…
• Restore your files from the last backup you made. YOU DID MAKE A BACKUP, RIGHT?
• Spend the next week realizing you missed various things and fix those as you go.

Even for a seasoned techy type person, the time spent could literally be hours. New curse words will be invented. You may miss an important event like your son’s wedding, because this is far too important to put off.

There are many things that can shorten the time it takes to return your machine from a brick to a working system. You can ensure you have all your install media for the operating system and applications in one place, and that your product keys/licenses are tucked away safe and secure. Any hardware driver disks should be kept, and without question, you should always backup your system!

What if I told you that all of that can be avoided, and in the event of a hard drive crash or even a complete computer failure, that you could replace the drive, or failed system with another identical system, then have it running as if it never happened in about 20 minutes?

Through the magic of a “Bare-Metal Restore”, that is entirely possible! It is as if you went back in time, to happier days when the system was working correctly!

Many products are on the market that can accomplish this, but if you are using our Servosity Online On-Demand backup solution, you already have all the software you need!  You will require an extra hard drive to make the image to, a few minutes to configure it, and then let it run!

Watch it in action here as Damien Stevens, CEO of Servosity talks with Jon Evans, and George Law performs an actual restore:

We are so sold on Servosity that we use it for our own servers, recommend it to our clients and have partnered with them to offer it to you!

Convinced this may be right for you? Call us at 864.990.4748 or email info@homelandsecureit.com. Want a free trial? Sure you do! Click this link:

FREE Servosity Online Backup Trial! Click Here...

Homeland Secure IT Alert

Homeland Secure IT Alert for Wednesday, March 16, 2011

Adobe has warned of a new zero day vulnerability the other day that is being used to exploit users of Adobe Flash Player, Adobe Reader and Acrobat across all platforms, including Microsoft Windows and Apple Mac OS X and Linux. It also covers Flash player for Chrome and Android users, as well as the Authplay.dll component from Adobe Reader and Acrobat X for Windows and Macintosh.

This is a critical vulnerability and at this moment in time, there is no fix for it.

Attackers are exploiting it by attaching malicious Excel (.xls) documents to emails. The Excel document will contain a specially crafted Flash (.swf) file, and if you open the malicious Excel attachment, the embedded .swf file executes and leverages the vulnerability to install persistent malware on your system, such as a bot client giving the attacker a stepping stone to install even more malware.

Since no patch exists, yet, it is advised that you use extreme caution when opening Excel documents attached in email unless you are expecting them.

If you feel you have done so in the last few days, please run a virus scan, or consult with your computer service or repair technicians. Those in Greenville / Upstate SC can call Homeland Secure IT at 864.990.4748 or email info@homelandsecureit.com for assistance.

Homeland Secure IT Alert