Microsoft is bringing you patchy goodness this coming “Patch Tuesday”, October 11th.

Please update your machines to insure your network is secure. There is a little something for everyone!  Desktops and servers will receive Microsoft’s love.

This is from the Microsoft Security Bulletin Advance Notification for October 2011:

 

Critical Security Bulletins

============================

 

Bulletin 1

 

- Affected Software:

- Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

- Microsoft Silverlight 4

- Impact: Remote Code Execution

- Version Number: 1.0

 

Bulletin 2

 

- Affected Software:

- Windows XP Service Pack 3:

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows XP Professional x64 Edition Service Pack 2:

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows Server 2003 Service Pack 2:

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows Server 2003 x64 Edition Service Pack 2:

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows Server 2003 with SP2 for Itanium-based Systems:

- Internet Explorer 6

- Internet Explorer 7

- Windows Vista Service Pack 2:

- Internet Explorer 7

- Internet Explorer 8

- Internet Explorer 9

- Windows Vista x64 Edition Service Pack 2:

- Internet Explorer 7

- Internet Explorer 8

- Internet Explorer 9

- Windows Server 2008 for 32-bit Systems Service Pack 2:

- Internet Explorer 7

(Windows Server 2008 Server Core installation not affected)

- Internet Explorer 8

(Windows Server 2008 Server Core installation not affected)

- Internet Explorer 9

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for x64-based Systems Service Pack 2:

- Internet Explorer 7

(Windows Server 2008 Server Core installation not affected)

- Internet Explorer 8

(Windows Server 2008 Server Core installation not affected)

- Internet Explorer 9

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for Itanium-based Systems Service Pack 2:

- Internet Explorer 7

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1:

- Internet Explorer 8

- Internet Explorer 9

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1:

- Internet Explorer 8

- Internet Explorer 9

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

- Internet Explorer 8

(Windows Server 2008 R2 Server Core installation

not affected)

- Internet Explorer 9

(Windows Server 2008 R2 Server Core installation

not affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1:

- Internet Explorer 8

- Impact: Remote Code Execution

- Version Number: 1.0

 

 

Important Security Bulletins

============================

 

Bulletin 3

 

- Affected Software:

- Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

- Impact: Remote Code Execution

- Version Number: 1.0

 

Bulletin 4

 

- Affected Software:

- Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 2

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Impact: Remote Code Execution

- Version Number: 1.0

 

Bulletin 5

 

- Affected Software:

- Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

- Impact: Remote Code Execution

- Version Number: 1.0

 

Bulletin 6

 

- Affected Software:

- Microsoft Forefront Unified Access Gateway 2010

- Microsoft Forefront Unified Access Gateway 2010 Update 1

- Microsoft Forefront Unified Access Gateway 2010 Update 2

- Microsoft Forefront Unified Access Gateway 2010

Service Pack 1

- Impact: Remote Code Execution

- Version Number: 1.0

 

Bulletin 7

 

- Affected Software:

- Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Impact: Elevation of Privilege

- Version Number: 1.0

 

Bulletin 8

 

- Affected Software:

- Microsoft Host Integration Server 2004 Service Pack 1

- Microsoft Host Integration Server 2006 Service Pack 1

- Microsoft Host Integration Server 2009

- Microsoft Host Integration Server 2010

- Impact: Denial of Service

- Version Number: 1.0

 

If you require assistance with these or any other Microsoft related security updates, please contact us at 864.990.4748 or email info@homelandsecureit.com – We provide service and support for Microsoft products throughout the Upstate of South Carolina!

One conversation new or potential business owners may want to have with their IT professionals is about what technologies exist that can improve their life. Below you will find some that are must haves…

Smartphones: Whether it is an Android, iPhone or even a Windows based phone, you cannot survive without one. These devices provide instant communication with your clients through email, text message and phone, along with the ability to browse the web and select from tens of thousands of applications to assist in your business. Your clients will not wait for you to get to your office to respond to an email. Even a quick, “I’m driving, will respond as soon as it is safe” auto-response is better than no response. The cost of a typical phone can range from 100 to 300 dollars per phone depending on features and term of contract from the carrier of your choice.

Credit Card Processing: If you expect to get paid, then you need to accept every form of payment possible, including plastic. Yes, you will lose a little bit on the sale, but you will gain an instant payment. If you are just getting started, without purchasing a machine or paying a monthly charge, you can accept credit cards anywhere you have a cell signal using the Square credit card application with your smart phone and the free reader device that they provide to you. No per-swipe fee, and less than 3.0% charge. Fast, secure, and in your account the next business day. Find it in your phones’s marketplace.

Reliable & Fast Internet: There are a lot of choices these days for fast internet, from DSL to cable to fiber, and the old tried and true T1 standard, but some businesses may find that a wireless broadband internet plan may be enough for them. We recommend Charter Business in most situations, but that varies depending upon what is available at the business location. One advantage to using a cellular based broadband internet connection is that you can take it with you, which is great for businesses that are not tied to one specific location. Typical 4G plans will provide over 5 meg down and up to 2 meg up. Verizon Wireless offers the MiFi devices for around 50 dollars with 5GB plans for 50 dollars per month.

IP surveillance: Sure it sounds like the CIA, but IP security cameras at your business will decrease loss of inventory, increase productivity, and may provide an insurance savings. You can even keep tabs on your employees using a smartphone or any web browser to view these camera. Recordings can be reviewed after events occur, and most systems can email you when there is movement in a particular location. Prices range from $150 for a single entry level camera into the $2000 range to cover an entire business. You can install yourself, or get an IT provider to handle this for you for the most professional results.

Email: This is a no-brainer, but many small businesses will cut corners here. A Hotmail account will work for sure, but who wants AcmeWidgetCo@hotmail.com on their business cards. At the very least, your business should use a service that allows for linking a domain to your mail, such as Google Apps (Gmail) or Microsoft Office 365. This gives you a professional appearance, and provides for important features such as linking of your smartphones, sharing of calendars between users and so much more. Microsoft Office 365 costs about 5 dollars per person per month and gives you up to 20GB of storage.

Anti-Virus & Security: Far too often this is overlooked, or taken for granted. A business that is vulnerable to viruses or malware is a business that could experience costly downtime and repairs, not to mention, open yourself up for compliance violations and potential fines or legal issues depending upon the field you are in. The components of a secure network are as simple as a quality firewall like those offered from Cisco, Watchguard or SonicWall, an anti-virus software package from Trend Micro or Symantec, and taking the time to apply updates to the Operating System (Windows, Mac, etc) and support software (Microsoft Office, Adobe Reader, Adobe Flash, JAVA).

Backup: When disaster strikes, you need to be prepared for it. Having backups of your important files will insure you are not out of business when a computer or server fails. Backups technology can be as simple as an external USB drive or remote backup solution, or on the other end of the spectrum, as complicated as auto-loader tape drives. One thing is for sure, ANY attempt to backup your data is better than none. For automated cloud backup solutions, consider Servosity or Mozy Pro.

Here at Homeland Secure IT, we utilize a vast array of technology and we also help many small and medium businesses and even home offices stay up to date. If we can help you with decisions regarding your Greenville or Upstate technology infrastructure, please call us at 864.990.4748 or email info@homelandsecureit.com. We offer sales, service, repair and consultation of everything from computers to VoIP.

What is your “must have” business technology? I would love to hear about it.  VoIP phone systems? iPad, Android or Windows based tablet computers? A favorite app (We love TiKL & Waze)?

If you own a smartphone, you know what your cellular provider does to the phone before you get it. With Android based phones, each phone is subjected to a custom install of carrier specific “tools” laid on top of the beautiful Android OS.

Verizon thought you didn’t need the Google browser by default, so they sent you to Bing, and Sprint, they thought navigation would be better handled elsewhere, etc. So you really don’t get a Google Android phone the way Google intended it to be, and in turn, phones run slower, lack the ability to perform certain functions, and it sure makes it difficult to compare a Samsung Galaxy phone on Verizon to one on Sprint or another carrier because they don’t have the same exact install. Most consider them crippled.

You will find a growing number of people have opted to “root” their phones and bypass the garbage, or install a pure Google Android OS on it. Creating phones that run much faster than their stock counterparts.

What about computers? For years, manufacturers of computers have been bundling software with computers. This preinstalled software could add a specific function, allowing you to access features of a notebook that are not supported by the stock Microsoft Windows Operating System, or they could just be junk.

The “junk” ranges from demos of games and applications, to browser search bars and other tools.

It’s easy to see why a manufacturer would bundle a trial of Norton Anti-Virus, because if you register it, they likely get a kickback from Symantec, but, could manufacturers be loading something malicious?

In one article, a man has claimed that Samsung has loaded a keystroke logger on new notebooks… Samsung is denying this, and it is possibly that VIPRE is producing a false positive, but, none-the-less, a cause for concern. Time will tell in this matter.

All these things taken into consideration, it is easy to see why some people buy a new computer and immediately wipe and reload a pure Microsoft Windows operating system.

One reason we love offering computers from Seneca Data, such as the Nexlink series that we offer businesses, is that they do NOT come loaded down with junk. Though, they have in recent years begun to install a tool to allow for easy restore disk creation, a trial of Norton and a pre-load of the Microsoft Office trial, we believe these to actually be tools a new computer needs.  We CAN order them with NO operating system, and we can provide them with our own build of the OS to preimage.

Should you be interested in computer for your business that you are SURE do not come pre-loaded with unwanted software, you might want to give our Seneca Data Nexlink computers a serious look!  Call us at 864.990.4748 or email info@homelandsecureit.com for more information. We offer computer & server sales, service and support to Greenville / Upstate businesses and individuals.

Homeland Secure IT Alert for Thursday, February 23, 2011

Microsoft has released Security Advisory 967940, titled “Update for Windows Autorun”, and it covers an issue that has long plagued Microsoft Windows Operating Systems. When you insert a USB flash drive, or USB hard drive, Windows has attempted to treat them like CD/DVD material and perform an autorun on it. While most IT professionals and tech savvy individuals have disabled that feature, and anti-virus developers such as Trend Micro have provided an option to disable that function, as gaping hole has been there for everyone else.

How has it affected people? Many ways, from a person inserting their USB flash drive from home into a business computer and the autorun functionality automatically installing the malware that was on the home system directly onto a network computer, creating a huge network security issue, down to malicious people dropping a flash drive containing malicious software on it in the parking lot of a large company they wanted access to. This resulted in workers at said company picking up the flash drive and inserting it into a computer on the corporate network in an attempt to see what was on it or find the owner to return it, and unknowingly permit software that would allow remote access to the network.

So, finally, after years of this, Microsoft has addressed it!

Microsoft has also published MS10-077, a revision to a bulletin posted in 2010 for a change to the Microsoft .NET Framework 4.0 update package. And MS10-070, which is yet another revision to .NET Framework 4.0. These are labeled “Critical” and “Important”, respectively.

Keep your systems up to date, and be sure you have current anti-virus… We recommend and sell Trend Micro Worry-Free Business Security and Titanium. In Greenville / Upstate, SC please call 864.990.4748 or email info@homelandsecureit.com for more information…

Everyone else has been making their predictions for the coming year, so I thought I might do the same…

These predictions are based upon industry news, social media and blog rambling as well as some personal wishes.

Will any of it come to fruition? I guess at the end of 2011 you can remind me how wrong I was.

A few IT Predictions for 2011:

• Google Android based devices will continue to dominate the market in smartphones, pads, and everything else from alarm clocks and personal weather stations to set top boxes.

• Wireless carriers will discover that loading their own “value added” bundled software on top of the phones they sell is really a turn off and that keeping the smartphone just as the manufacturer and OS provider intended it to be will enable a faster rollout of updates and make for happier customers.

• Dish, DirecTV & cable TV providers have a fight on their hands… Services like Netflix and a whole slew of streaming providers will fight to bring first run movies, and streaming of networks via the internet. We will see many new set top boxes, TVs with built-in streaming capability. The most exciting thing will be an the legal battles around this, not really the technology itself.

• Tablet and pad wars will continue. Apple’s iPad II will provide some stiff competition for the Android pads, but be prepared for Android based pads to spring up everywhere as more are cleared for import to the USA.

• Internet Tax? Yep, 2011 is the year. So much revenue is being lost that I predict we will see taxes placed on our online purchases. I believe it will be both good and bad. Some online retailers may no longer be able to beat out the local brick and mortar prices, so that could be good for us smaller guys, but it may slow down the injection of money into the economy. Either way, it’s coming.

• Cloud Computing: Over half of all businesses will look into using cloud based services, whether it is online storage, online backup, online applications like Microsoft BPOS or Google Apps, hosted anti-virus, hosted anti-spam or even hosted VoIP solutions. Of these, 10% will actually make the switch, and half who do make the switch will be totally happy, with the other dissatisfied due to bandwidth or network reliabilty. The number of fully satisfied people will go up as the technology matures.

• Malicious software will affect more Macs and Linux based machines in 2011. We’ve already seen a sharp increase in the number of exploited machines, expect this trend to continue. Add to this smartphones as a target.

• Network Connectivity: Charter Business has just come out with a 75×5 meg Pro75 package. This is great, but I expect this to reach 100×10 by the end of 2011, possibly as a free upgrade like they upgraded the 20meg to 30meg…

What do you think the very near future has in store for us? More solid state storage devices? Hard Drives reaching 5TB?

Either way, we hope you have a very Happy New Year!

Yesterday was Thanksgiving here in the USA, in case you missed it… Everyone here at Homeland Secure IT and our families have so much to be thankful for that I would have to dedicate an entire blog post to just that…  One thing worth mentioning other than the most obvious like the ability to live in the greatest country on the planet, having a roof over our head, a gracious God and healthy families, would be YOU, our friends, family and clients. You make it a joy to open our eyes in the morning and greet another beautiful day!

Today is “Black Friday” and by now you are probably home, safe and dry…  I hope everyone enjoyed their shopping experience and found everything they had on their Christmas list at deep discounts too good to be true!

From reading advertisements & news articles, retailers continued the trend of luring people in with the promise of a Sony Notebook Computer bundle for $199, a ViewSonic 24″ monitor for $99, an HP all-in-one wireless printer for $49.99, best selling video games for $9.99, 2TB hard drives for $49, 16GB flash drive for $4.99, Microsoft Office Home and Student for $79 with 3 user license, etc.

However, only a few lucky people serious shoppers received those deals… In the fine print of those ads, there is generally written “1 available”, and everyone was rushing in at the store’s opening and staking out their territory to be the one person to get the deal of the year. Sometimes there are a dozen available, but when we are talking about a popular item, chances are slim, unless you are a pro at shopping, that you will be the one in the front of the line.

I read sad tweets this morning from people saying they got up early to get the gadget they wanted and it wasn’t there. Many bought something similar that was on sale at a discounted price, which is exactly what the merchant was counting on!

Don’t get me wrong, I am sure there were some outstanding sale items and prices! I’m sure many of you did get something at a greatly reduced cost and only spent an hour or two doing it. Still, the crowds, the unlikely chance that I will personally be the one to get my hands on the brass ring and the fact I have to get up at 3AM or earlier (or stay up) keeps me out of the stores on Black Friday here in Greenville / Upstate, SC.

Which brings us to “Cyber Monday”. This is more my speed. I can shop from the comfort of my home (or office, but shhhhh, don’t tell anyone), and the only inconvenience I have to suffer is laggy internet due to everyone else doing the same thing.

I’m seeing spectacular deals that await us this coming Monday, and many Etailers are offering their discounts all weekend long.

Sure, there are those certain products that big online retailers will be selling with limited quantities, or “50 at this price”, but I think I can live with that, easier than seeing my neighbor climb over someone with murder in their eyes to grab the last widget on the shelf.

When scouring the web for these great deals, be careful if you are Googling for a product, say a “Nikon d7000 dSLR camera”, and find it at a price too good to be true from a place you have never heard of. Chances are, it IS too good to be true. Also, be aware that scammers have been waiting for this moment, and they have created sponsored (Ad Word) ads and even got their own websites up in the rankings for specific keywords. These sites look legit when you are searching, they may even have a URL that looks like it “bestbuy.com”, but it is not, and takes you to a malicious site, promising 100 dollar notebook computers, just install this driver or player.   Don’t fall for it.

Now get out there and buy something! Help our economy by spending a lot and have a happy & safe holiday shopping season!

As the end of 2010 draws near, some businesses are planning to refresh and renew tired old hardware such as desktop and notebook computers, as well as servers. Driving the updates are security requirements, new versions of operating systems, company rotation policy, depreciation schedules and more often than not, a need to overcome bottlenecks in performance and insure trouble free operation in the coming year.

Many times a company needs to purchase a new server but liquid capital prohibits them from doing so, and other times, it just makes more sense to purchase based on a lease.

Some benefits to leasing include:

• Fair Market Value or 10% option – This option allows for a customer to have the choice to purchase or return the equipment at the end of the original term AND deduct the payments as a monthly operating expense. Upgrade equipment anytime during the lease with a “Wrap Lease” product or upgrade at the end of the term.
• $1.00 Purchase Option – This option allows a customer to own the equipment at the end of the term for $1.00 and deduct payments over five years on a depreciation schedule or deduct all in one year under IRS Section 179. Upgrade options are still available with this program.
• Equipment Finance Agreement (EFA) – This allows the customer to retain full ownership of the equipment from the inception of the contract. It is tax deductible under a five year depreciation schedule or under IRS Section 179. This product has unique advantages for the customer who will most likely want to exercise and early buyout option.

We are happy to be able to offer leasing terms for larger purchases, so if you have a server refresh in your future, a larger scale deployment of desktop or notebook computers, etc, call us at 864.990.4748 or email info@homelandsecureit.com for more information.

Homeland Secure IT Alert for Wednesday, October 6, 2010

I realize I am sounding like a broken record (remember those?), however, Adobe has addressed vulnerabilities in their Adobe Reader, Adobe Acrobat, and also Adobe Air products which you should be aware of.

Skipping to the chase, please, for the love of God, update your Adobe products when prompted, or if NOT prompted, open each Adobe product and go to the Update option and do so… If you are running really old versions, you could just visit the Adobe.com website and download the latest versions, but be sure you update those too!

These vulnerabilities affect Apple Macintosh OS X, Microsoft Windows and even UNIX operating systems. Nobody is left out here.

Should you require assistance with this or any other computer / network security or support issue in the Greenville / Upstate SC area, feel free to call upon us at 864.990.4748 or email info@homelandsecureit.com

Original CERT alert follows…

—

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA10-279A

Adobe Reader and Acrobat Affected by Multiple Vulnerabilities

Original release date: October 06, 2010
Last revised: –
Source: US-CERT

Systems Affected

* Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh, and UNIX
* Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh
* Adobe Reader 8.2.4 and earlier versions for Windows, Macintosh, and UNIX
* Adobe Acrobat 8.2.4 and earlier versions for Windows and Macintosh

Overview

Adobe has released Security Bulletin APSB10-21, which describes
multiple vulnerabilities affecting Adobe Reader and Acrobat.

I. Description

Adobe Security Bulletin APSB10-21 describes a number of
vulnerabilities affecting Adobe Reader and Acrobat. These
vulnerabilities affect Reader and Acrobat 9.3.4, earlier 9.x
versions, 8.2.4, and earlier 8.x versions.

An attacker could exploit these vulnerabilities by convincing a
user to open a specially crafted PDF file. The Adobe Reader browser
plug-in, which can automatically open PDF documents hosted on a
website, is available for multiple web browsers and operating
systems.

Additional information is available in US-CERT Vulnerability Note
VU#491991.

II. Impact

These vulnerabilities could allow a remote attacker to execute
arbitrary code, write arbitrary files or folders to the file
system, escalate local privileges, or cause a denial of service on
an affected system as the result of a user opening a malicious PDF
file.

III. Solution

Update

Adobe has released updates to address this issue. Users are
encouraged to read Adobe Security Bulletin APSB10-21 and update
vulnerable versions of Adobe Reader and Acrobat.

Disable JavaScript in Adobe Reader and Acrobat

Disabling JavaScript may prevent some exploits from resulting in
code execution. Acrobat JavaScript can be disabled using the
Preferences menu (Edit -> Preferences -> JavaScript; uncheck Enable
Acrobat JavaScript).

Adobe provides a framework to blacklist specific JavaScipt APIs. If
JavaScript must be enabled, this feature may be useful when
specific APIs are known to be vulnerable or used in attacks.

Prevent Internet Explorer from automatically opening PDF files

The installer for Adobe Reader and Acrobat configures Internet
Explorer to automatically open PDF files without any user
interaction. This behavior can be reverted to a safer option that
prompts the user by importing the following as a .REG file:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\AcroExch.Document.7]
“EditFlags”=hex:00,00,00,00

Disable the display of PDF files in the web browser

Preventing PDF files from opening inside a web browser will
partially mitigate this vulnerability. If this workaround is
applied, it may also mitigate future vulnerabilities.

To prevent PDF files from automatically being opened in a web
browser, do the following:

1. Open Adobe Acrobat Reader.
2. Open the Edit menu.
3. Choose the Preferences option.
4. Choose the Internet section.
5. Uncheck the “Display PDF in browser” checkbox.

Do not access PDF files from untrusted sources

Do not open unfamiliar or unexpected PDF files, particularly those
hosted on websites or delivered as email attachments. Please see
Cyber Security Tip ST04-010.

IV. References

* Security update available for Adobe Reader and Acrobat -
<http://www.adobe.com/support/security/bulletins/apsb10-21.html>

* US-CERT Vulnerability Note VU#491991 -
<http://www.kb.cert.org/vuls/id/491991>

* Adobe Reader and Acrobat JavaScript Blacklist Framework -
<http://kb2.adobe.com/cps/504/cpsid_50431.html>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA10-279A.html>

—

Earlier in the year, we saw one of our friends asking for contributions to their Susan G. Komen Race for the Cure team (Plus Inc.) and two of us here at Homeland Secure IT supported them with small contributions.

After discussing it further, we decided to form our own team and participate in the 5K walk ourselves. It made total sense, as we all have people in our lives that have been affected by this horrible thing (Breast Cancer)! We had never done anything like this before so we really didn’t know where to start other than reading the “Team Handbook”…  We named our team for the Google On Main (We are Feeling Lucky) movement, hoping we would get a few contributions from those who participated in that uber cool event. We didn’t print T-Shirts because there were only a few of us, and we opted to give the money instead as a contribution.

We emailed our friends, family and clients, posted it to Facebook, posted it to Twitter, to the point of being annoying. I personally sent out 90 individually addressed emails a few days before the race. We blogged about it. Yet we still couldn’t get the results was hoped for. We had set our goal at $5000, thinking that would be “easy”.  We were wrong. Though we did manage to get over $1300 dollars in contributions!

Multiple issues were working against us reaching that goal. A bad economy was probably the largest problem. And close behind that was the fact we started late in the game. Most of the other teams had already been formed, and THOUSANDS of people were hitting up everyone they knew. I was told “We already gave” by many people, and “We are walking too” by dozens! I believe there were 6000 people or so participating in this walk! An awesome show of support for this cause!

I would like to thank one person by name, Michelle Varner, Greg’s wife, who managed to get the majority of our contributions! She is awesome and her hard work is appreciated. Our team consisted of me (John M. Hoyt), Pamela Hoyt, Greg Varner and Michelle Varner. (Our son and daughter were signed up, but slept in!)

From the bottom of our hearts, I would like to thank every single person who contributed to our team, or to this cause in general! Together, we can help find a cure!!!!

We will likely do this again for 2011, as the majority of the clients we provide computer and IT service to here in Greenville / Upstate are female and I can think of no better way to show them how much they mean to us than to support the Race for the Cure!

According to a story published in the Washington Post, computer users are happier with their PCs than at any time since the first year (1994) that this was tracked! This was based around a poll run by ACSI LLC.

It was not surprising that Apple had the highest user satisfaction with their “cult-like” Mac following, though it may catch some off guard that Microsoft held its own. The article cites improvements in Microsoft customer satisfaction since the release of Windows 7, which we have seen ourselves. In fact, since the release of Microsoft Windows 7, we have been seeing people dump their aging Macs and opt for less expensive Windows machines as replacements.

Some factors that appear to be contributing to the migration from Mac to the Windows platform are the consistently lower prices for Microsoft Windows based machines, security holes being exploited in the Mac rapidly narrowing the “Mac is more secure” gap, the overall user friendliness and reliability of Windows 7 and of course the larger software selection.

Either way, across the board people are as happy as ever with their computers!

If you find your experience is less than satisfactory, I would like to hear from you. Reply here, shoot me an email, give me a call, etc. We can likely help improve your satisfaction!