If you own a smartphone, you know what your cellular provider does to the phone before you get it. With Android based phones, each phone is subjected to a custom install of carrier specific “tools” laid on top of the beautiful Android OS.
Verizon thought you didn’t need the Google browser by default, so they sent you to Bing, and Sprint, they thought navigation would be better handled elsewhere, etc. So you really don’t get a Google Android phone the way Google intended it to be, and in turn, phones run slower, lack the ability to perform certain functions, and it sure makes it difficult to compare a Samsung Galaxy phone on Verizon to one on Sprint or another carrier because they don’t have the same exact install. Most consider them crippled.
You will find a growing number of people have opted to “root” their phones and bypass the garbage, or install a pure Google Android OS on it. Creating phones that run much faster than their stock counterparts.
What about computers? For years, manufacturers of computers have been bundling software with computers. This preinstalled software could add a specific function, allowing you to access features of a notebook that are not supported by the stock Microsoft Windows Operating System, or they could just be junk.
The “junk” ranges from demos of games and applications, to browser search bars and other tools.
It’s easy to see why a manufacturer would bundle a trial of Norton Anti-Virus, because if you register it, they likely get a kickback from Symantec, but, could manufacturers be loading something malicious?
In one article, a man has claimed that Samsung has loaded a keystroke logger on new notebooks… Samsung is denying this, and it is possibly that VIPRE is producing a false positive, but, none-the-less, a cause for concern. Time will tell in this matter.
All these things taken into consideration, it is easy to see why some people buy a new computer and immediately wipe and reload a pure Microsoft Windows operating system.
One reason we love offering computers from Seneca Data, such as the Nexlink series that we offer businesses, is that they do NOT come loaded down with junk. Though, they have in recent years begun to install a tool to allow for easy restore disk creation, a trial of Norton and a pre-load of the Microsoft Office trial, we believe these to actually be tools a new computer needs. We CAN order them with NO operating system, and we can provide them with our own build of the OS to preimage.
Should you be interested in computer for your business that you are SURE do not come pre-loaded with unwanted software, you might want to give our Seneca Data Nexlink computers a serious look! Call us at 864.990.4748 or email info@homelandsecureit.com for more information. We offer computer & server sales, service and support to Greenville / Upstate businesses and individuals.
Trend Micro released Critical Patch 1417 for Worry-Free Business Security last week which includes previous patches and corrects known issues.
Businesses running Trend Micro WFBS should update to insure reliable operation of their anti-virus solution. For a full list of issues addressed see the Trend Micro download site.
If you require assistance or wish to purchase Trend Micro products in Greenville or the Upstate of SC, please email info@homelandsecureit.com or call 864.990.4748
Being in the computer service business, every day we are seeing more and more computers that have been compromised, whether they are Microsoft Windows, Apple Mac OS X, Linux, it doesn’t matter. Even iPhones and Androids are falling victim to various malware found as a result of blindly following links.
What can you do to help protect yourself, your computer and your private data? Use a little common sense and don’t just randomly click on every link you see.
Sometimes, a link can come to you through email, a Facebook message, or a wall post on Facebook, and it will appear to be from your best friend, or a trusted co-worker, but it was really sent from a malicious source.
Here’s an example of a link posted on Facebook recently:
Typical social engineering attempt to lure you to a bad site...
This is a typical “social engineering” attempt to get you to visit a malicious site.
It works like this: The mark will see the link on their best friend’s wall and because it looks appealing and came from Bob, it has to be good, so they click on it. The link loads a site that LOOKS like YouTube or some other video site. When they try to play the video, what happens next is sheer genius. They are told that a codec or other piece of software needs to be updated. Of course, they have gone this far, so they will almost always agree to install the software.
And THAT is where the magic takes place. Even if you are running anti-virus, many times, this malicious software is allowed to install because the A/V sees it as a “user initiated action” and simply gets out of the way and lets you perform the install. After all, you know what you are doing, right?
Now there is malicious software running which may do many things, from disabling the anti-virus, to loading key loggers that send every key typed on that computer to some site in Tracrapistan, or full access to the machine may be granted to a remote user, allowing them to use the exploited machine to send spam, distribute more bad software etc. Whatever takes place is surely not good. They are not defragging the hard drive and doing your taxes.
Then there’s email “Phishing”… Here’s what that looks like… Can you spot what is wrong?
There are a number of things wrong with the above email example… Most banks do not send you email warnings that you have been locked out of your account, and in my case, I don’t even have a Chase bank account…. But those are not the one tell-tale sign that will prove beyond a shadow of a doubt it is a phishing message or an attempt to coax you to a malicious website…
To see that, you need only hover over the link itself:
When you place your mouse over the link, without even clicking on it, your email client will generally display the actual link. This one points to http://ciamedia.be…. not even close to a Chase server. The perpetrator of this attempted phishing attempt didn’t even try. Sometimes they will register a domain that LOOKS like the source, such as http://www.chasesecuresite.com.
Again, if you are using current mainstream anti-virus software, such as Trend Micro Worry-Free Business Security or Trend Micro Titanium, every URL that you visit will be checked before allowing you to continue… Attempting to visit a malicious site will result in a dire warning displayed in your browser….
Above is the warning you will see in your browser upon visiting a fraudulent site if you are using Trend Micro Worry-Free Business Security …
Then you will also see this warning pop up from your task bar:
Obviously, relying solely on your anti-virus software is not the wisest thing in the world… Safely browsing the web requires some common sense.
BUT, reliable and up to date anti-virus gives you an advantage that your unprotected brethren do not have. Especially for you Apple Mac OS X owners.
If you are looking for quality anti-virus, anti-malware, anti-spam software for your business or personal computer, we highly recommend Trend Micro… We are a Trend Micro partner and would love the opportunity to offer their fantastic products to you, whether you need only one install for yourself, or 1000 seats for your company. We not only sell it, but we support it, along with full computer, server & network service / repair in Greenville & Upstate SC!
Please email info@homelandsecureit.com or call 864.990.4748 for more information.
Cisco announced an update to their IOS operating system that was scheduled for March 23rd, unfortunately, due to the earthquake and tsunami in Japan, Cisco has stated that we will all have to wait until the next scheduled disclosure destined to take place in September.
Cisco revealed over 10 vulnerabilities since the last update back in September of 2010 that were to be addressed.
You can find the statement direct from Cisco here: Cisco Security Advisories and Notices
If your Cisco security appliances and firewalls are not up to date, you may find yourself vulnerable to various exploits. Homeland Secure IT can help if your business is in Greenville or the Upstate of SC. Please call 864.990.4748 or email info@homelandsecureit.com for further information. We are a Cisco Small Business Partner.
When you buy a new computer, what do you do with the old one? Donate it to charity? Give it to a friend? Leave it with the computer vendor who sold you the new computer? Sell it on Craigslist?
The real question here is, what happens to the data on the hard drive in your old system? Do you take the drive out and dispose of it? Do you format it and reinstall the operating system? Do you physically destroy the drive? Do you possibly use a “Secure Wipe” on the drive?
Did you know many people don’t give it a second thought? They hand their system over, with their data intact! Expecting the person on the other end to do the right thing.
I was recently talking with my good friend Brent over at Shred Disk and a group of other Greenville business owners about this topic, and we decided it would be interesting to find out for ourselves what becomes of data in old systems, consider it a science experiment if you will.
Brent went to an Upstate computer dealer and asked to purchase the smallest drive that they had. He was given a “repurposed” hard drive at a reasonable cost. An older Seagate 40gb IDE drive, which he dropped by the Homeland Secure IT office for us to examine.
We took the drive and connected it to our system, found it had been formatted, or possibly “wiped” and then set out to see if we could recover anything. Here’s a video of what we found:
As you can see, even I was surprised at the results!
The bottom line here is… PROTECT YOURSELF from this! A format is not the answer, a “secure wipe”, may NOT be as secure as you think.
The ONLY 100% reliable way to protect your data is the destroy the hard drive. Shred Disk is a company that can assist you with that! Whether you have one or one thousand hard drives, they can come to you, remove the drives and shred the drive into tiny pieces and provide you with a certificate of destruction that will free you from liability! Shred Disk even has a ship it in program that I hear is about to start, where you can pay online, an envelope will be sent to you and you can send the drive the drive to Shred Disk, they will document the opening of that envelope on video along with the shredding of the unit. You can even opt to have the crushed remains sent back to you with a certificate of destruction.
You may think you can destroy a drive by yourself, using a hammer or even a shotgun, however, we advise against these alternatives due to the potential for shrapnel. Use a professional. Contact Shred Disk Onsite Hard Drive Shredding. They also shred other media too, such as tapes and entire electronic devices!
All hard computer hard drives left at Homeland Secure IT will be eventually DESTROYED by Shred Disk, so if you upgrade a computer through us, your drive and your data will NEVER leave our doors. We do *not* sell used hard drives for any purpose.
Homeland Secure IT Alert
Homeland Secure IT Alert for Tuesday, March 22, 2011
Apple Mac OS X owners will be happy to know that they have not been forgotten and that 57 vulnerabilities that affect all current versions of OS X 10.5.x (Leopard) and OS X 10.6.x (Snow Leopard) are addressed in this major security update.
A total of 26 components that ship as a part of OS X and OS X Server, including five for Quicktime, ClamAV and Apache are affected. In short, there exists many code execution vulnerabilities, Denial of Service (DoS) & cross-site scripting flaws, as well as information disclosure issues which this update will help protect you from. Suggested action – install all necessary updates as soon as possible, keep current anti-virus on your computer and avoid opening links and documents sent in email that you are not expecting.
Here’s the post from the WatchGuard site:
WATCHGUARD SECURITY ANNOUNCEMENT:
Summary:
- These vulnerabilities affect: All current versions of OS X 10.5.x (Leopard) and OS X 10.6.x (Snow Leopard)
- How an attacker exploits them: Multiple vectors of attack, including enticing your users to visit a malicious web site, or into downloading and viewing various documents or images
- Impact: Various results; in the worst case, an attacker executes code on your user’s computer
- What to do: OS X administrators should download, test and install OS X 10.6.7 or Security Update 2011-001 as soon as possible, or let Apple’s Software updater do it for you.
Exposure:
Today, Apple released a security update to fix vulnerabilities in all current versions of OS X. The update fixes around 57 (number based on CVE-IDs) security issues in 26 components that ship as part of OS X or OS X Server, including Apache, Quicktime, and ClamAV. Some of the fixed vulnerabilities include:
- Multiple ImageIO Buffer Overflow Vulnerability. ImageIO is one of the components that helps OS X handle various image file types. Unfortunately, it also suffers from various security vulnerabilities involving the way it handles certain types of image files (such as a buffer overflow vulnerabilities). Though these vulnerabilities differ technically, they generally share the same scope and impact. If an attacker can get a victim to view a specially crafted image file (perhaps hosted on a malicious website), he could exploit any of these flaws to either crash an application or to execute attack code on the victim’s computer. By default, the attacker would only execute code with that user’s privileges. The affected image types include JEPG, TIFF, and XBM.
- Many ATS Vulnerabilities. The Apple Type Service (ATS) helps OS X machines handle fonts. ATS suffers from various memory related vulnerabilities having to do with the way it handles certain types of embedded fonts. By tricking one of your users into downloading and viewing a malicious document containing a specially crafted font, an attacker can exploit this flaw to execute code on that user’s computer. By default, the attacker would only execute code with that user’s privileges.
- Five Quicktime Vulnerabilities. Quicktime is the popular video and media player that ships with OS X (and iTunes). Quicktime suffers from five security issues (number based on CVE-IDs) involving how it handles certain image and video files. While the vulnerabilities differ technically, they share the same basic scope and impact. If an attacker can trick one of your users into viewing a maliciously crafted image or video in QuickTime, he could exploit any of these flaws to execute code on that user’s computer, with that user’s privileges.
Apple’s alert also describes many other code execution vulnerabilities, as well as some Denial of Service (DoS) flaws, cross-site scripting (XSS) vulnerabilities, and information disclosure flaws. Components patched by this security update include:
| AirPort | Apache |
| AppleScript | ATS |
| bzip2 | CarbonCore |
| ClamAV | CoreText |
| File Quarantine | HFS |
| ImageIO | Image RAW |
| Installer | Kerberos |
| Kernel | Libinfo |
| libxml | Mailman |
| PHP | QuickLook |
| QuickTime | Ruby |
| Samba | Subversion |
| Terminal | X11 |
Please refer to Apple’s OS X 10.5.x and 10.6.x alert for more details.
On a related note, Apple has released many security updates in the last few weeks. Besides the Java update we alerted about early this month, Apple has also posted the following security-related product updates:
- Apple TV 4.2
- Safari 5.0.4 forOS X and Windows
- iOS 4.3 for iPhone, iPad, and iPod
If you use any of those products, we recommend you update them as well, or let Apple’s automatic Software Updater do it for you.
Solution Path:
Apple has released OS X Security Update 2011-001 and OS X 10.6.7 to fix these security issues. OS X administrators should download, test, and deploy the corresponding update as soon as they can.
- Security Update 2011-001 (Leopard)
- Security Update 2011-001 (Leopard Server)
- OS X 10.6.7 Update
- OS X 10.6.7 Update for early 2011 Macbook Pro
- OSX Server 10.6.7 Update
- OS X 10.6.7 Update Combo
- OSX Server 10.6.7 Update Combo
Note: If you have trouble figuring out which of these patches corresponds to your version of OS X, we recommend that you let OS X’s Software Update utility pick the correct updates for you automatically.
For All Users:
These flaws enable many diverse exploitation methods. Some of the exploits are local, meaning that your perimeter firewall never encounters the attack (unless you use firewalls internally between departments). Installing these updates, therefore, is the most secure course of action.
Status:
Apple has released updates to fix these flaws.
References:
This alert was researched and written by Corey Nachreiner, CISSP. (@SecAdept)
—
If you require assistance with these updates or any others on your Apple Mac OS X system, Microsoft Windows workstation or server or have any other network computer security questions or issues in the Greenville, Upstate SC area, please call 864.990.4748 or email info@homelandsecureit.com
Homeland Secure IT Alert
Those of us who have been through a hard drive failure know what real pain is! As a computer technician, it is no less devastating for us, all the same things have to take place after a failure, the routine is something like this:
- Determine the drive is indeed dead, have last rites, it was a good drive.
- Replace the drive in the computer.
- Format and load our operating system. (We do have the install disks, right?)
- Configure all the networking, ownership, accounts, etc. (What? No net access? Of course not, you don’t have the right driver)
- Load drivers for network interface, audio, video and other hardware. (They are long out of date if you are using the original install media)
- Load all the updates, patches and driver updates. Windows XP systems may require 100 updates or more!
- Load your applications… Of course you know where the disks and license keys are.
- Find some applications online because they were downloaded. Guess what? Your key no longer works with the current version, your version is no longer available for download…
- Restore your files from the last backup you made. YOU DID MAKE A BACKUP, RIGHT?
- Spend the next week realizing you missed various things and fix those as you go.
Even for a seasoned techy type person, the time spent could literally be hours. New curse words will be invented. You may miss an important event like your son’s wedding, because this is far too important to put off.
There are many things that can shorten the time it takes to return your machine from a brick to a working system. You can ensure you have all your install media for the operating system and applications in one place, and that your product keys/licenses are tucked away safe and secure. Any hardware driver disks should be kept, and without question, you should always backup your system!
What if I told you that all of that can be avoided, and in the event of a hard drive crash or even a complete computer failure, that you could replace the drive, or failed system with another identical system, then have it running as if it never happened in about 20 minutes?
Through the magic of a “Bare-Metal Restore”, that is entirely possible! It is as if you went back in time, to happier days when the system was working correctly!
Many products are on the market that can accomplish this, but if you are using our Servosity Online On-Demand backup solution, you already have all the software you need! You will require an extra hard drive to make the image to, a few minutes to configure it, and then let it run!
Watch it in action here as Damien Stevens, CEO of Servosity talks with Jon Evans, and George Law performs an actual restore:
We are so sold on Servosity that we use it for our own servers, recommend it to our clients and have partnered with them to offer it to you!
Convinced this may be right for you? Call us at 864.990.4748 or email info@homelandsecureit.com. Want a free trial? Sure you do! Click this link:
FREE Servosity Online Backup Trial! Click Here...
Homeland Secure IT Alert
Homeland Secure IT Alert for Wednesday, March 16, 2011
Adobe has warned of a new zero day vulnerability the other day that is being used to exploit users of Adobe Flash Player, Adobe Reader and Acrobat across all platforms, including Microsoft Windows and Apple Mac OS X and Linux. It also covers Flash player for Chrome and Android users, as well as the Authplay.dll component from Adobe Reader and Acrobat X for Windows and Macintosh.
This is a critical vulnerability and at this moment in time, there is no fix for it.
Attackers are exploiting it by attaching malicious Excel (.xls) documents to emails. The Excel document will contain a specially crafted Flash (.swf) file, and if you open the malicious Excel attachment, the embedded .swf file executes and leverages the vulnerability to install persistent malware on your system, such as a bot client giving the attacker a stepping stone to install even more malware.
Since no patch exists, yet, it is advised that you use extreme caution when opening Excel documents attached in email unless you are expecting them.
If you feel you have done so in the last few days, please run a virus scan, or consult with your computer service or repair technicians. Those in Greenville / Upstate SC can call Homeland Secure IT at 864.990.4748 or email info@homelandsecureit.com for assistance.
Homeland Secure IT Alert
Something that many people don’t know is that there are actually expiration dates on hardware and software.
Let’s say you buy a Cisco ASA 5505 security appliance (firewall) for your business, and you keep it up to date. When do you expect to replace it? Chances are, you feel that the firewall should be left in place until it dies of old age or fails due to some other event like a power surge or lightning strike, etc.
That is exactly what an attacker hopes for, that you will “set it and forget it”. See, each security product receives many updates over the course of its life. The manufacturer finds security holes and produces patches to those vulnerabilities that must be installed, just like on your Microsoft Windows or Apple Mac OS. If you do not apply those patches, you run the risk of a security breach due to an attacker exploiting a known “hole” in a device.
So back to this “expiration date”. Each product actually has an “end of life”, and that is the date that the manufacturer will no longer support it. That comes in many flavors. It may be an end of sales cycle, or a complete end of support. Products that reach the end of life and are no longer updated are the prime targets of attackers.
Manufacturers have to leave behind old hardware because of changes in the firmware technology which could require additional processor or RAM capabilities, far beyond what your 5 year old firewall may have.
If you have an older piece of hardware, you may want to see if it is at its end of life, and at the very least ensure that the latest patches / updates from the manufacturer are installed.
Should you require assistance with this in Greenville or Upstate SC, please call us! We support all common brands of security firewall appliances and we are partners and dealers for Cisco, WatchGuard, SonicWALL and more!
864.990.4748 or email info@homelandsecureit.com
Homeland Secure IT Alert
Homeland Secure IT Alert for Thursday, March 10, 2011
It has been patch city this past week…
Let’s start off with the Mac stuff for a change… Apple Mac OS X 10.5.x (Leopard) and 10.6.x (Snow Leopard) are the subject of two Apple security advisories which warn of 16 vulnerabilities in OS X’s Java components. Apple simply states the worst case scenario, that by luring a person using a vulnerable computer to a website containing a malicious Java applet, an attacker can exploit some of these Java flaws to either execute code or even elevate privileges on your OS X computer. In MOST cases an attacker would gain privileges given to the currently logged on user, which doesn’t include root/administrator access in OS X. Still, the threat is real enough that you should not hesitate to update as quickly as possible…..
You can let the OS X automatic Software Update utility install the updates for you, or download direct from: Java for OS X 10.5 Update 9 [dmg file] and Java for OS X 10.6 Update 4 [dmg file]
Don’t worry Microsoft Windows users, there’s something for you too! Sure don’t want you feeling left out.
Patch Tuesday addressed code execution and “insecure library loading” vulnerabilities on ALL CURRENT versions of the Windows operating system.The critical update is MS11-015 an important update is available that addresses Remote Desktop: MS11-017 It is recommended that you apply these patches ASAP…
Groovy! Okay, not so groovy… If you are using Microsoft Groove 2007, there is a service update available for you that you should deploy. Not deploying said patch could expose you to nastiness if you are enticed to open a malicious document. Don’t know what Groove is? Don’t worry, many people don’t. Microsoft Groove 2007 (now called Microsoft SharePoint Workspace) is a document collaboration system that allows you to share a workspace with a team of online and offline members. When you make changes to documents, the changes synchronize over the shared workspace. Groove ships with Microsoft Office 2007 Enterprise and Ultimate editions. Install the update
As always, it is best to insure your anti-virus is current… Trend Micro is our favorite!
If you require assistance in the Greenville / Upstate area with your computer or network security, please call us at 864.990.4748 or email info@homelandsecureit.com
Homeland Secure IT Alert
