An advisory from Microsoft (http://www.microsoft.com/technet/security/advisory/2488013.mspx) released today that reveals a new potentially dangerous vulnerability in Internet Explorer….
Here is an excerpt from that site:
Microsoft Security Advisory (2488013)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
Version: 1.1
General Information
Executive Summary
Microsoft is investigating new, public reports of targeted attacks attempting to exploit a vulnerability in all supported versions of Internet Explorer. The main impact of the vulnerability is remote code execution. This advisory contains workarounds and mitigations for this issue.
The vulnerability exists due to the creation of uninitialized memory during a CSS function within Internet Explorer. It is possible under certain conditions for the memory to be leveraged by an attacker using a specially crafted Web page to gain remote code execution.
On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.
We are actively working with partners in our Microsoft Active Protections Program (MAPP) and our Microsoft Security Response Alliance (MSRA) programs to provide information that they can use to provide broader protections to customers. In addition, we are actively working with partners to monitor the threat landscape and take action against malicious sites that attempt to exploit this vulnerability.
Microsoft continues to encourage customers to follow the “Protect Your Computer” guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at Security at home.
Mitigating Factors:
| • | Protected Mode in Internet Explorer on Windows Vista and later Windows operating systems helps to limit the impact of currently known exploits. An attacker who successfully exploits this vulnerability would have very limited rights on the system. |
| • | By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone. See also Managing Internet Explorer Enhanced Security Configuration. |
| • | By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML e-mail messages in the Restricted sites zone, which disables script and ActiveX controls, reducing the risk of an attacker being able to use this vulnerability to execute malicious code. If a user clicks a link in an e-mail message, the user could still be vulnerable to exploitation of this vulnerability through the Web-based attack scenario. |
| • | An attacker who successfully exploits this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights. |
| • | In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker’s Web site. |
This SHOULD be the last security advisory for the rest of the year!!! Happy New Year!
Homeland Secure IT Alert
Homeland Secure IT Alert
Everyone else has been making their predictions for the coming year, so I thought I might do the same…
These predictions are based upon industry news, social media and blog rambling as well as some personal wishes.
Will any of it come to fruition? I guess at the end of 2011 you can remind me how wrong I was.
A few IT Predictions for 2011:
- Google Android based devices will continue to dominate the market in smartphones, pads, and everything else from alarm clocks and personal weather stations to set top boxes.
- Wireless carriers will discover that loading their own “value added” bundled software on top of the phones they sell is really a turn off and that keeping the smartphone just as the manufacturer and OS provider intended it to be will enable a faster rollout of updates and make for happier customers.
- Dish, DirecTV & cable TV providers have a fight on their hands… Services like Netflix and a whole slew of streaming providers will fight to bring first run movies, and streaming of networks via the internet. We will see many new set top boxes, TVs with built-in streaming capability. The most exciting thing will be an the legal battles around this, not really the technology itself.
- Tablet and pad wars will continue. Apple’s iPad II will provide some stiff competition for the Android pads, but be prepared for Android based pads to spring up everywhere as more are cleared for import to the USA.
- Internet Tax? Yep, 2011 is the year. So much revenue is being lost that I predict we will see taxes placed on our online purchases. I believe it will be both good and bad. Some online retailers may no longer be able to beat out the local brick and mortar prices, so that could be good for us smaller guys, but it may slow down the injection of money into the economy. Either way, it’s coming.
- Cloud Computing: Over half of all businesses will look into using cloud based services, whether it is online storage, online backup, online applications like Microsoft BPOS or Google Apps, hosted anti-virus, hosted anti-spam or even hosted VoIP solutions. Of these, 10% will actually make the switch, and half who do make the switch will be totally happy, with the other dissatisfied due to bandwidth or network reliabilty. The number of fully satisfied people will go up as the technology matures.
- Malicious software will affect more Macs and Linux based machines in 2011. We’ve already seen a sharp increase in the number of exploited machines, expect this trend to continue. Add to this smartphones as a target.
- Network Connectivity: Charter Business has just come out with a 75×5 meg Pro75 package. This is great, but I expect this to reach 100×10 by the end of 2011, possibly as a free upgrade like they upgraded the 20meg to 30meg…
What do you think the very near future has in store for us? More solid state storage devices? Hard Drives reaching 5TB?
Either way, we hope you have a very Happy New Year!
Today you can hardly have a conversation with IT professionals without the buzz words, “cloud computing”, “in the cloud”, “cloud solutions”, etc popping up.
What do these terms mean? To over-simplify the definition, it means that something is not stored at your location. It is stored “in the cloud”, or on a remote server, and accessed via the internet. The “it” could be data, as in your databases, email, files, or it could be programs / applications, such as web based suites of software like Microsoft Office suite, including Microsoft Outlook, Microsoft Word or custom applications.
All this talk about moving to “the cloud”, a term which is generically used for the internet, has people thinking about how it can be used for their business. Let’s take our own small business and use it as an example.
Currently, we use a large server which has Microsoft Server 2008 loaded on it and functions as our domain controller, DNS, DHCP, and other standard server tasks… It also serves as our file server, and it hosts Microsoft Exchange for our in-house email. Other tasks this one piece of hardware is responsible for are: TFTPd for management of our VoIP phone system’s configuration files, backup of data (Using multiple backup systems such as Servosity Online Backup Solution, an “in the cloud” product, and MozyPro) and Trend Micro Worry Free Business Security Advanced for anti-virus and anti-spam.
We have a second server which hosts additional files, Blackberry Enterprise Server (not currently in use due to the switch to Android phones), and is a test bed for us. Then we have two other servers, a Voice over IP server based on Linux OS which is in control of our phone system & voice mail, and a DVR (Digital Video Recorder) for storage of video from our CCTV cameras.
In order to reduce some overhead, we could potentially maintain a smaller main server with only Windows 2008 R2 running on it as a domain controller, then utilize Microsoft Aurora, or even Microsoft BPOS (Business Productivity Online Suite), allowing mail storage and transport to take place outside our building.
We could then switch from Trend Micro Worry Free Business Security Advanced to the Trend Hosted solution, relieving our server from those duties.
Since we are already using a remote backup solution, we would not have to worry about that, and our backup requirements would actually drop since we would no longer need to backup the Microsoft Exchange Store (Microsoft would handle that for us with the BPOS solution).
As you can see, eliminating the main server entirely from the equation here is not going to be possible, however a considerable amount of storage, backup, and resources could be moved elsewhere.
One thing to take into consideration before moving to these hosted solutions is, what if our internet is down? That is a good question which still has many people concerned about these technologies. In the case of online file storage, if you do not have cached storage at your location, you simply have no access to it. In the case of mail, if you are caching the information locally, you CAN see your old/existing email, but you cannot send or receive new mail until the connection is reestablished. It is important to note that cloud based email will still RECEIVE email when your business is without an internet connection and you will get it as soon as the connection is reestablished, something that doesn’t happen now if you use an onsite Exchange Server, unless you are using a mail hold & forward (spool) system at your ISP or other provider.
Should you desire to discuss your needs and how products like Microsoft Aurora, BPOS, Google Apps, Servosity and other cloud services can fit into your infrastructure, please call us at 864.990.4748 or email info@homelandsecureit.com for a free consultation! We are partners with Microsoft, Google, Servosity, MozyPro and other cloud providers. We also offer a full line of computer, server & network service, support, sales and consultation here in Greenville & Upstate SC!
Microsoft is offering a free 30 day trial of their Business Productivity Online Suite if you would like to see it in action.
One lightning strike can ruin your whole day...
Last night was scary for some people here in the Upstate of SC. Easley was hit hard in the business area of Main Street and Pendleton Street and residences along 135 by the passing storms.
As I watched the news and saw the video footage of damage, I felt horrible for the business and home owners affected. We turned on the scanner radio and listened as emergency crews went street by street, clearing each house they came to. We heard that business owners would not be allowed back into their business until 8 AM today, and an entire condo was evacuated and they were not allowed in until after power was restored.
Those who did not suffer structural damage from the wind, or trees falling on their building and the water that poured in, may have suffered in other ways. Servers and workstations that were not on an UPS (Un-Interruptable Power Supply) went down when the power went out, losing any data that was not saved, and potentially corrupting hard drives or data that was being written at the time.
Then there is the damage to electronics, especially computers & servers, when the power attempts to come on, spikes, surges, brownouts. These power events have the potential for destroying sensitive components.
A simple and relatively inexpensive device such as an APC or Eaton UPS could help prevent costly damage, lost productivity and save your data by automatically shutting down the computer after a power failure, saving data properly, and during the continual power up/power down cycles, provide the filtering necessary to protect your systems. Your insurance company may offer discounts for coverage of equipment covered by UPS due to the reduced chance of costly computer server repair or service, or even replacement.
Another nice feature of an UPS would be to supply power to internet routers / switches, CCTV system and VoIP systems to allow you to view your security cameras to assess possible damage before you can even enter your building (If the internet connection is not severed), and your phone systems can continue to function if you have a large enough UPS so that Voice Mail and FAX can still come in. An UPS can serve to power your systems until your generator comes online if you have one, so your Microsoft Exchange system may never go offline assuming your building is not one of the ones affected by structural damage.
The obvious next layer of protection is a backup solution, such as an onsite backup, whether it is an LTO, DLT or other tape drive, external hard drives, NAS / SAN etc, which could help if the need to restore data comes up… Taking that idea one step further would offer an offsite, or online backup solution, placing your data “in the cloud” safely away from your geographic location, so if a fire, tornado, flood or even a theft occurs, your data is located elsewhere and can be downloaded to a new computer or server.
If you would like to discuss how power protection and backup solutions can safeguard your systems or if you require assistance with a business continuity plan, please email info@homelandsecureit.com or call 864.990.4748. We are partners with APC, Eaton, Symantec, Quantum and Servosity. We also offer a FREE trial of the Servosity Online Backup Solution….
Free Servosity Online Backup Trial
Posted on FastCompany.com today was a flowchart to help you explain the internet…. Keep this handy if you will be time traveling over the holidays….
Tip Of The Day – Gatekeeper Email Setup:
Here’s the scenario… Assume you are an executive and you are lucky enough to have a personal assistant. Now, let’s also assume you are sick of getting email from just any Tom, Dick or Harry. What do you do? You make your PA your “Gatekeeper”.
There are lots of ways to handle this, but let’s throw some other items into the mix just to make the possible solution below the best one… You want to get your “filtered” mail on your desktop, your iPad, Outlook Web Access, your Android phone, and still have your contacts and calendars shared where your PA can drop those items right into your box.
My suggestion would be to create three accounts:
Mary Jane (maryj@yourcompany.com) for your PA
Joe Blow (joeb@yourcompany.com) for your external email, that the world mails to.
Joe Blow Personal (joeblowpersonal@yourcompany.com)
Associate your Outlook account, iPhone, iPad, Android and other devices with Joe Blow Personal. If you use Outlook Web Access, you will login to OWA using Joe Blow Personal’s credentials.
Share the Joe Blow Personal account’s Calendar and Contacts (If you want the PA to make direct entries to those folders).
Set Mary Jane as a full owner of the Joe Blow account.
Now, on Mary Jane’s computer, set her Outlook to open the Mary Jane email account and an additional email account of Joe Blow (joeb@yourcompany.com). Also, go to File/Open and open Joe Blow Personal’s Calendar and Contacts.
Mary Jane now can open the inbox of Joe Blow, where all the junk comes from, and sort it as they see fit, then forward the mail to you for reading (Or if you allow her to open your inbox, she could drag and drop the good stuff to your mailbox). Mary Jane can also directly enter calendar entries and contacts for your account.
You can set your reply-to address to be joeb@yourcompany.com if you do not want people replying directly to you, so any emails you send out will be replied to and go direct to your gatekeeper.
Outlook and Exchange allow many wonderful configuration options… If you desire more information about this or anything related to Microsoft Exchange / Outlook, please call us at 864.990.4748 or email info@homelandsecureit.com – we offer free consultations in the Greenville / Upstate, SC area!
Microsoft Office Outlook 2010 With BPOS Goodness
So you are setup with a FREE trial of Microsoft’s Business Productivity Online Suite and are enjoying all the online apps but something is missing, you don’t want to use web apps, you want to use all the features of Microsoft Office Outlook 2007 or 2010 that you have already paid for and know your way around.
Well it is possible to have your cake and eat it too! *IF* you signed up for the BPOS Standard trial instead of the “Deskless Worker” trial, then you can configure your Outlook to view the same Exchange data you see with Outlook Web Access. You will see the same emails, the same contacts, the same tasks, folders, public folders, calendars etc!
Wait, you didn’t get the Standard version of the BPOS demo? That’s okay, you can log back into the portal and activate the Standard version, then deactivate the Deskless Worker product and not even lose your configuration. YOU MAY lose your emails though and have to start over, but hey, it’s just a demo, you didn’t have that much anyway!
Okay, so back to task at hand, getting Outlook configured. It’s EASY, relatively speaking to accomplish this. First you log into your online mail app (OWA) at http://mail.microsoft.com and once in there, click on OPTIONS at the upper right hand corner, then, select ABOUT from the left hand menu. You will see something that looks like this:
Data to gather from OWA to setup Outlook
The important information for you to gather will be the “Outlook Web Access host name”, and the “Mailbox server name”.
Now, close out Outlook on your desktop and go to START/Control Panel and select Mail (If using Win 7 64 bit, once you open Control Panel, type “mail” in the Search Control Panel input at the top right hand side and select “Mail (32-Bit)”).
Select “Show Profiles” and add a new one… Let’s call it “BPOS”. Next, select the checkbox for “Manually configure server settings or additional server types” then hit “Next >”. Select “Microsoft Exchange or compatible service” and hit “Next >”.
In the “Server:” field, put the information you gathered from Outlook Web Access for the Mailbox Server Name… (Ex: A3DIAXVS251.RED001.local). For “User Name:” enter your email address, then select “More Settings”. Don’t bother hitting “Check Name” as it will not function (yet)…
Select the “Connection” tab, at the bottom, select “Connect to Microsoft Exchange using HTTP” and then hit the button “Exchange Proxy Settings…”, for “Use this URL to connect to my proxy server for Exchange:”, you need to enter the Outlook Web Access hostname from OWA (Ex: red001.mail.microsoftonline.com) and do not include the “https://” or the “/owa” here, just the hostname.
You can select to “Only connect to proxy servers that have this principal name in their certificate” if you wish, but not necessary.
DO select both of the checkboxes at the bottom for “On xxxx networks, connect using HTTP first, then connect using TCP/IP”, and set the proxy authentication settings to “NTLM Authentication”.
Click OKAY and apply those settings and now try to open Outlook… You should be prompted with a login.
Sounds complicated? Kinda-sorta, but it works well, and you only have to do it once. You can also use the Microsoft single signon client if you wish, which will remember your login and password and allow you to open Outlook without any issue, but some company policies may not allow you to install additional software, or automatic login applications so the above should work for you.
If you get stuck, please reply here or shoot me an email at info@homelandsecureit.com and I will try to give you a hand.
@RussellTripp posted this to Twitter and I had to save it, thus it got posted to the blog so I don’t forget about it myself…
Thanks Russell… I didn’t even know about the Code Search until today. I can promise you I will be using this
10 Google Services That Don’t Get the Limelight They Deserve posted on MakeUseOf.com
Microsoft BPOS
Are you tired of dealing with POP3 or IMAP mail from your ISP? Tired of SLOW email? Do you want to share calendars between coworkers? Do you want to see the same contacts, calendar entries and emails on your phone as you do in your Outlook on your desktop and also via a web interface? Do you want your mobile workforce to have access to the same resources you do, including public / shared calendars & contacts? Want support for your Mac, Apple iPhone, iPad, Android, Blackberry?
Then Microsoft Exchange is the way to go, however, there are costs associated with hosting your own Exchange server that are unattractive to many smaller businesses.
Fortunately there are Hosted / In-The-Cloud alternatives, such as Microsoft’s Own BPOS, the Microsoft Business Productivity Online Suite which features a Hosted Exchange server, SharePoint, Office Live Meeting and Office Communications Online. Using BPOS can eliminate the need to purchase, deploy, maintain, backup and eventually upgrade a Microsoft Windows Server with Microsoft Exchange Server. The services are hosted “in the cloud”, in a data center, where all maintenance and upgrades are maintained FOR you. No need to worry with backups either.
This solution isn’t right for everybody, but it could be the answer to your problems if you have a smaller office, a large mobile workforce, a small budget or possibly no central location to place a server at. Would you like more information? Please call us at 864-990-4748 ext 201 or email info@homelandsecureit.com to arrange for a free, no obligation consultation.
Free 30 Day BPOS Trial
Optionally, you can sign up for a FREE 30 day trial of BPOS - Business Productivity Online Standard Suite - This trial includes 20 user licenses for Exchange Online, SharePoint Online, Office Live Meeting, and Office Communications Online.
Homeland Secure IT offers Hosted Microsoft Online Services including the full BPOS / Business Productivity Online Standard Suite (Exchange Online, SharePoint Online, Office Live Meeting & Office Communications Online) as well as the Business Productivity Online Deskless Worker Suite (Exchange Online & SharePoint Online), and each service individually.
If you are in the Upstate / Greenville SC area, we can assist you with configuring your Outlook to work with the Hosted Exchange Online service at your location or ours.
We also offer full remote support and phone support to clients anywhere in the United States.
If you are reading this blog post, you probably know that I am pretty involved in Social Media. Some may say I am addicted to it!
I am active on Facebook, Twitter, LinkedIn, FourSquare, Plaxo, and still have a MySpace account, though I don’t really use it that much. I haved tried out Google Buzz, FriendFeed, and several business only SM sites. (Heck, I have even checked out Chat Roulette and Omegle – but that is an entirely different story)
Out of all of these, one that I fail to see the value in for a computer service, repair and sales business like Homeland Secure IT is FourSquare. Don’t get me wrong, I love it. I use it constantly, and get very frustrated when it isn’t working like I think it should. But I use it for personal purposes. If you have not played with FourSquare, it is a geolocation based social media “tool” that lets you “check-in” to a venue or location when you get there using your GPS equiped smartphone. Assume you go to Starbucks for a quick Dark Cherry Mocha Frapp – you “check-in” and now the whole world can see what you are doing. You can brag to Twitter & Facebook that you have disposable income you can spend on yummy coffee.
Same thing goes for attractions like amusement parks, ball games, and stores like say, “Target”. If you check-in enough times, you become the “Mayor” of that venue!
Here is where the value of FourSquare comes in… Assume you check-in and become mayor of XYZ Sandwich Shop. You have been announcing this for a while, everytime you visit there. The whole world has seen you were there, giving free advertisement to XYZ! But, if XYZ is smart, they will reward you for your loyalty and offer a free sandwich when someone becomes Mayor, and maybe a free drink every time the Mayor visits after that. A very cheap price to pay for this type of advertising.
Many places, especially restaurants, will offer specials that popup when you check-in near their venue. These will show up as a “SPECIAL NEARBY – Check out the great ribs at ABC BBQ”, which can help bring new business into these places. And still other places will offer you a free entree when you visit several of their location. FourSquare itself offers “Badges” for accomplishing certain feats, such as checking into three Starbucks locations.
All that said, our business does not have foot traffic nor visitors, so offering a “Free Virus Cleanup” to a mayor would be silly. I believe I am the only person to check-in to our location in the months that I have been using it. But it does bring up a pet peeve of mine. Today I was ousted as Mayor of a local coffee shop – BY THE OWNER OF THE PLACE. Wow, that doesn’t do anything to help with loyalty. My suggestion to places that want to check-in themselves, create a second venue, call it XYZ Sandwich Shop STAFF, and let the staff go crazy checking in!
I would further suggest that business owners who can benefit from FourSquare’s power of (free) advertising, take advantage of it the way it was meant to be used. Offer Mayors a treat, some recognition, and encourage them to remain the mayor and others to try and oust the current mayor. 4sq is both a FUN, and a very useful business tool, when used properly.
BTW: If you can think of a way 4sq can be used to promote our computer repair business here in Greenville, and increase loyalty, well I’m all ears, but until that happens, I will be trying to take my place as mayor of every great business in the Upstate! Watch out Mayors, I’m coming for you…
BTW: Have fun, it is only a game! (But seriously, I’m coming for you)… Also check out other geolocational based SM tools / toys like Gowalla, Gypsii, BrightKite, Loopt, etc…
