Homeland Secure IT Alert
Homeland Secure IT Alert for Wednesday, June 09, 2010
Greetings and salutations!
A number of vulnerabilities have been announced this week which may affect your network and computer systems. In most cases the solution is provided in the form of a link.
MICROSOFT WINDOWS, INTERNET EXPLORER, OFFICE, SHAREPOINT SERVICES & .NET FRAMEWORK:
-CRITICAL-
Microsoft has released updates for Windows OS, Internet Explorer, Office, SharePoint Services and the .NET Framework. These vulnerabilities may allow an attacker to execute arbitrary code.
The solution – Update, update, update.
Microsoft instructions for applying the patches to prevent this are located here:
http://www.microsoft.com/technet/security/bulletin/ms10-jun.mspx
ADOBE FLASH PLAYER, READER & ACROBAT: -CRITICAL-
Adobe announced that critical vulnerabilities have been identified in Adobe Flash Player 10.0.45.2 and earlier 10.x versions, Flash Player 9.0.262 and earlier 9.x versions, Adobe Reader 9.3.2 and earlier 9.x versions and Adobe Acrobat 9.3.2 and earlier 9.x versions Other products that support Flash may also be vulnerable, including Photoshop, Photoshop Lightroom, Freehand MX and Fireworks.
These vulnerabilities could allow an attacker to run malicious code on the affected systems.
Adobe recommends users to update to the latest versions of their products and apply the latest update patches. Primarily upgrading to the release candidate of Flash Player 10.1 or optionally uninstall Flash or restrict which sites are allowed to run Flash.
This affects the Microsoft Windows and Mac OS X platforms, as well as GNU/Linux distributions.
Adobe instructions can be located here:
http://www.adobe.com/support/security/advisories/apsa10-01.html
APPLE SAFARI VULNERABILITIES PATCHED: -CRITICAL-
Apple has plugged 48 security holes in the Safari browser. Some of these vulnerabilities could allow an attacker to execute arbitrary code by convincing a user to open a specially crafted web page. Exploit code is publicly available, so please do not hesitate in updating.
Apple Safari update information is available here:
http://support.apple.com/kb/HT4196
As always, keep your operating systems, applications and Anti-Virus up to date, and you will avoid most problems.
If we can be of any assistance at all, please do not hesitate to contact us…
Enjoy your hump day!
Homeland Secure IT Alert - Contact Info
Apple's Safari browser offers MS IE some stiff competition for security vulnerabilities!
The headline says it all – Apple just patched 48 vulnerabilities in their Safari internet browser, making it appear that the highly revered browser is now more of a threat to society than Microsoft’s Internet Explorer! Imagine that!?!?
Apple considers the updates to be “highly critical” and they are available for both v4.1 and v5.0, on both the Mac and the Windows operating system platforms..
What kind of vulnerabilities you ask? A number of them involve what is known as “remote code execution”, where a person browsing with a vulnerable version of the Safari browser could happen upon a malicious website, and code on that site could take ownership of the browsing computer by exploiting the security holes. The list is available HERE.
The solution is to get your browser updated ASAP, either to the latest version of the browser, which will get the latest updates, or, to update your current version. Should you require help with that, reply and I will try to give a step-by-step. Of course, there are alternate browsers you can use too, such as Mozilla Firefox, Google’s Chrome and Microsoft Internet Explorer to name a few.
Homeland Secure IT offers computer, server and network support, service and repair to Greenville and Upstate SC based businesses and individuals, so should you question your computer’s security, please don’t hesitate to give us a call at 864-990-4748, respond here or email johnh@homelandsecureit.com
Trend Micro is offering 3 years for the price of two on Worry Free Business Security products!
Surely you have read about it, or maybe even been infected by it… Scareware, or software which is installed when visiting a malicious website, opening an email or installed as part of a payload of another piece of malware can look quite realistic. You are presented with a window that says, “You computer is infected with XXX viruses – clean now?”, and should you opt to clean it, you are told for only 49.00 dollars, the software that found the viruses will clean up your computer. What a deal!
Here’s where the average user will pony up the money by entering their billing information, account information, credit card number, etc… Then the software cleans up their computer. Or so it appears, for a while. What is actually going on is multi-faceted. In many cases, the malicious software that prompted the user for their information has just sent private and financial information to some centralized collection point (often controlled by organized crime in foreign countries), where people may work to steal their identity, or possibly make additional purchases on the credit card provided. Sometimes the software will give remote users full control of the infected computer, or join the computer to a botnet where it is used to attack others and/or send tons of SPAM… Most of the time, the software will wait a while, then say it has found more infections and prompt them to pay for removal again. And the user will do so. We had one man tell us he had done it twice, and wondered why it never cleaned his computer.
Cleaning this type of mess up is sometimes an easy fix, which any competent computer technician should be able to repair in a reasonable amount of time, and tech savvy users can do themselves. Other times, the computer is so badly infected by the mal-ware the user is seeing, and the other pieces of software that were delivered and installed that it may be better to simply backup the data, then wipe and reload the PC to insure ALL the malicious software is removed. Of course, we can assist with this should you find yourself in this unfortunate situation… Just call us or drop the PC by if you need a virus clean up and are in the Greenville or Upstate SC area.
I think it goes without saying that the best way to avoid this type of inconvenience is to always use the latest anti-virus software, and make sure it is enabled and downloading the most current virus definitions. Here at Homeland Secure IT, we recommend as well as offer sales and installation of Trend Micro Anti-Virus products. Our clients report that Trend Micro AV does not slow down their computers like other Anti-Virus packages they have used, and we see fewer compromised PCs as well! If you would like more information about what Trend Micro can do for you or your business, please give us a call at 864-990-4748 or email johnh@homelandsecureit.com.
There is currently a special on Trend Micro Worry Free Business Security anti-virus products that can save you money on a 3 year purchase! You get three years of coverage for your business for the price of two!
We offer clean-up of viruses, trojans, worms, spyware, grayware, scareware and all forms of malware at reasonable rates and with quick response to Greenville and surrounding areas. Let us know what we can do for you. If you are unsure what your company is doing to protect against malicious software, call us for a free evaluation.
This is just too slick…. This weekend brings IPSC 2010, the Internet Problem Solving Contest 2010. What is it? Teams of up to 3 people will compete on the 6th of June to win cash prizes by working together to solve a series of problems. Go here for the information http://ipsc.ksp.sk/
If you are competing, let me know how you do!
Backup your Mac using our online backup solution!
Not a week goes by that I am not reminded of how devastating it can be for someone to lose their data. Yesterday a nice guy called about his Macbook that had a drive failure and he took it all the way to Charlotte to have the Mac Store look at it. They are replacing the drive under warranty, however, the data was lost. The fella had a backup – from February – on an external USB drive, but unfortunately, he had run out of space on the drive during the backup and it had corrupted the data that was on there. I had him leave the USB drive with us and we ran our data recovery software on it and was able to recover ~104k files (about 100gb) but probably not nearly all of his data because the original backup did not complete.
This story repeats itself all too frequently. Then we hear the inevitable comment, “If only I had…” just about every single time it happens…. You know, “If only I had backed up”, “If only the drive didn’t fail”, “If only the external USB drive worked” and “If only I had 1000 dollars to recover my data from the shredded hard drive”….
As sad as it is, there are ways to avoid this and far too many of us are aware of them and STILL don’t do anything about it. WHY? Because it is too much trouble, too complicated, too costly, too time consuming, etc.
We have the answer to all those excuses! We offer an awesome online backup solution that can help you protect your data with absolutely no interaction at all. You set it, and forget it (I bet that is a trademarked term and some lawyer will now call me)…. Yes, you install it, configure it, and stop worrying about your data because it is stored “in the cloud”. Not on a fragile USB drive. Or heck, you can double-up and backup to USB drives and this great online backup both. You simply can not have too much insurance against data loss!
This online backup solution is called Servosity, and we provide a free trial to let you see if you like it, and if so, we will bill you monthly for only the data you are backing up. It is not just for Microsoft Windows, as Servosity is designed for multiple operating systems, including Apple Mac OS X! Other operating systems are: RedHat Linux, Novell Netware, Sun Solaris, IBM AIX, most every Linux and Unix distribution and platforms that support Java2 SDK standard edition v1.3.1 or later. Of course it works with Microsoft Windows (Just about every flavor) and can backup Microsoft Exchange, Microsoft SQL, MySQL, Oracle, etc, etc, etc!
It runs unattended, in the background, without consuming all your resources, and the only requirement is that your machine be online during the backup window… The backup window can be set to any time of day you wish… The Pro version of this offering can also provide a continuous backup if so configured and desired.
My wife and our clients love getting an email every day that says their data has been backed up successfully. It gives them peace of mind, and in some cases, it can save a job, because if you are in charge of important data and it becomes lost or damaged, your employer may find a way to help you become lost, or damaged…
If you want to experience peace of mind with your data, give us a call at 990-4748 or email johnh@homelandsecureit.com and I’ll be glad to tell you all about the benefits of Servosity and set you up for a free trial! If you are in the Greenville / Upstate, SC area and would like a free evaluation of your computer network service and backup needs, just let us know!
The FCC wants you to signup to shape the future of broadband in America
The FCC is looking for about 10,000 good men and women to help test their broadband connections in certain markets and from certain providers by installing a piece of equipment to meter the throughput at their home.
If you are interested in participating, you can go to https://www.testmyisp.com/ and fill out the application. You must meet certain requirements, such as having a high speed / broadband connection like cable or DSL from prividers such as Charter, AT&T, Cable One, Cablevision, CenturyLink, Cincinnati Bell, Clearwire, Comcast, Cox, Fairpoint, Frontier, Hughes, Insight, Mediacom, Qwest, RCN, Time Warner Cable (Roadrunner), Verizon, WildBlue/ViaSat, Windstream, or “other”, which will allow you to write in your broadband provider.
Apparently, they will place a simple device onto your LAN, and you must agree to the terms of usage, such as leaving it on 24/7, not trying to reverse engineer the device, etc.
Conspiracy theories are already out there that this device will be doing more than watching your throughput, such as watching your browsing habits. Possible, but unlikely. The company that has partnered with the FCC would probably not want to get that kind of bad press if this were found to be true.
I signed up our home and will let you know if we are selected…
Microsoft Internet Explorer 6 finally going to die!
Internet Explorer 6 has served us well. So well that people are still using it instead of the updated versions or the alternative browsers that are available. Estimates are that IE6 has a share of the browser market of around 20-25%, but a review of our own web logs which keep tabs on which browsers are used to view our site indicate that of the Explorer users only 6.69% viewing our site are using IE6. ( 18.4% are using IE 7 and 74.91 are using IE 8 )
That said, IE6 is also full of holes that cannot be easily fixed, nor is it worth it to MS to try to maintain IE6 when IE8 addresses these issues. So upgrade your browser… Upgrade to IE8, or try an alternative browser like Mozilla Firefox, Google Chrome, etc… Just dump IE6! Need more incentive? Many websites have planned for the demise of IE6. They will no longer offer support for it soon. And Microsoft has pledged to kill off IE6 themselves just this week.
Here is an entertaining link from Microsoft Australia about IE6, which says “You wouldn’t drink milk that was past its expiration date” – Gotta admit, that’s a great point!
If you require help in installing a new browser or want to discuss this further, email me at johnh@homelandsecureit.com or call us at 864-990-4748 – Or optionally, reply to this post.
Have a great Memorial Day Weekend with your family. Please remember that if you are an American, many people have fought and died for your freedom!
Automated attendants can be annoying or useful - In most cases they are both!
Let’s talk about the dreaded Automated Attendant for a minute. Every time you call a larger business you get the “Thank you for calling xxxx, please press 1 for sales, 2 for……” message and curse under your breath waiting to finally get to the option you want.
Honestly, I used to hate them, until I participated in a networking event and overheard some people talking about the pesky automated attendant, multi-message, digital receptionist, or whatever your favorite term may be. The conversation was about how much time was wasted talking to the wrong people, and everyone agreed with the point the person made after he explained his case, which went something like this:
You call company XYZ, simply wanting to inquire about a problem you are having, and a receptionist or switchboard operator answers the phone with their sing-song, cheerful greeting and asks who you need. You explain that you have a widget that is not working and she mistakenly sends you to the wrong department, where you describe your issue again, and they say, “oh, you need the doohickey support person, I’m the widget guy, let me transfer you”… So you just told your story twice to people who don’t matter. Then they went on to discuss smaller businesses who only have a handful of people working there, and the phone rings, and whoever is handy gets it, where you tell the person you were talking to someone earlier about an issue but can’t remember their name. So they go through the names one at a time and finally you recognize the right one and are connected.
Sure, you got the “human touch”, but you also were delayed.
So, should *your* business use an automated attendant? I’ve stuck to my guns that if you have only a handful of employees, you don’t need it, it will only cause you to be out of touch with your customers and potential clients, until now. Now I am seeing that a well structured, easy to maneuver automated attendant could serve your customer’s better. I’m considering using it at our office right now.
Most VoIP (Voice over IP) phone systems support interactive automated attendants which allow you to program them fairly easily, you don’t even pay for this feature in most cases, it is built right in!
The first thing you have to do is to determine if the AA is for you, and if it is, then draw up a flow chart of how it would work, for instance, you have two main departments, sales & service… You could simply have it answer with a greeting, followed by “Press 1 for sales, 2 for service”. Then it would ring the appropriate department, totally bypassing the inexperienced receptionist and causing the caller to only hit one additional button to go exactly where they want. You can, of course, expand upon that and add key persons to the menu, “3 for John Hoyt, 4 for Greg Varner”… Then what to do if they don’t press a button or give them the option to find someone to answer a different question… “Press 0 or stay on the line for assistance”.
All these things are possible, and I believe a small business needs to evaluate what will serve them and their customer’s best. If you are using an automated attendant to save manpower, then be considerate of the caller… If I think a better approach is to look at it from the start as a way to better serve your client base, instead of what it can do for you.
Want information on purchasing or installing a VoIP phone systems? Need help finding professional voice talent to record your company prompts? Want to bounce a phone system automated attendant question off of someone? Give us a call at 864-990-4748 or email us at info@homelandsecureit.com – We are resellers of Cisco, Digium, and other VoIP products!
Any flash drive can auto-load a virus onto your system if you have not taken precautions
Last week, IBM became the latest large corporation to receive major press over unknowingly distributing malware on USB drives. Unfortunately for them, they passed out these infected thumb drives at a security conference in Australia! A full link to one of the stories is HERE.
As the story states, it is best to disable AutoRun in Windows, or if you are using Trend Micro Worry Free Business Security Standard or Advanced you can enable that anti-virus package to disable auto-run across your organization. In environments where a Microsoft Windows Server controls access on your domain, a security policy may be set that will disable AutoRun on all computers.
How to disable AutoRun:
For those using Microsoft Windows XP w/SP2 or SP3, Windows 2000, Windows Server 2003 w/SP1 or SP2, Microsoft provides the following information for insuring AutoRun can be disabled: Link to HOW TO DISABLE AUTORUN
Running Windows 7? (Good for you!) – By default, AutoRun is disabled for USB drives.
Save yourself and your company the horror of getting infected with viruses, worms, trojans and other malware via the USB flash drive by disabling the AutoRun. We remove viruses and fix computers all the time because of this type of situation here in Greenville / Upstate, SC…
If you get lost and need help for disabling AutoRun on your system, please shoot me an email and I will give you some pointers. Should you not feel secure in making changes, we can assist with that as well.
Cisco offers a full line of Gigabit and switches, routers and firewalls
Have you noticed retrieving files from your server is feeling slower? Accessing a database on your network is sluggish? Moving large files takes a long time? Chances are good that you are using a 10/100 Megabit infrastructure, and that by simply replacing a few components, you could move to Gigabit speeds, possibly a 10x increase in speed, or more if you are using really old hubs and not switches! It’s like steroids for your business network!
As more and more data is stored, and multi-media files become larger due to better resolution and sampling rates, and reliance on server or network based storage increases, the network that you have used reliably for years may be showing its age.
Did you know that gigabit ethernet technology has been around for many years? In fact, your computers and servers, if purchases in the last few years probably already feature Gigabit NICs (Network Interface Cards), and all that may be holding you back from greater speeds on your LAN may be a change in hubs/switches and possibly some wiring & cabling upgrades?
Most business owners are not aware of that fact, nor has it been brought to their attention by their network support specialists. There’s good news too! Gigabit components have dropped in price considerably and it is not that much more to upgrade a piece of hardware to Gigabit than it is to replace a failing piece with a 10/100 component!
But be warned, there are some gotchas… You might be purchasing a Gigabit switch and think that will be all you need and the wiring may not support the throughput, or you might find if you maintain a mixed mode, that some 10/100/1000 switches may not work with certain 10/100 cards, and the most popular is purchasing a cheap component and actually seeing a reduction in speed because it doesn’t support “jumbo frames”. So if you have any questions, consult your computer service professional or network support professional. Also, if you planning on a VoIP (Voice over IP) phone system, you may want to take that into consideration so you do not have to upgrade switches again to PoE (Power over Ethernet).
Homeland Secure IT offers a free evaluation, so feel free to call us if your business is in Greenville or the Upstate and let us look over what you have and see what it takes to get you up to speed! With Google high speed fiber internet possibly coming to the Upstate, wouldn’t it be nice if your computers/servers could actually use that speed?
We offer Cisco, Linksys, TRENDnet, NetGear, SMC, D-Link, SonicWALL, WatchGuard, HP ProCurve, Dell, ZyXEL, Intel, Sun, Belkin, 3Com and many other Gigabit network products!
