As the end of 2010 draws near, some businesses are planning to refresh and renew tired old hardware such as desktop and notebook computers, as well as servers. Driving the updates are security requirements, new versions of operating systems, company rotation policy, depreciation schedules and more often than not, a need to overcome bottlenecks in performance and insure trouble free operation in the coming year.

Many times a company needs to purchase a new server but liquid capital prohibits them from doing so, and other times, it just makes more sense to purchase based on a lease.

Some benefits to leasing include:

• Fair Market Value or 10% option – This option allows for a customer to have the choice to purchase or return the equipment at the end of the original term AND deduct the payments as a monthly operating expense. Upgrade equipment anytime during the lease with a “Wrap Lease” product or upgrade at the end of the term.
• $1.00 Purchase Option – This option allows a customer to own the equipment at the end of the term for $1.00 and deduct payments over five years on a depreciation schedule or deduct all in one year under IRS Section 179. Upgrade options are still available with this program.
• Equipment Finance Agreement (EFA) – This allows the customer to retain full ownership of the equipment from the inception of the contract. It is tax deductible under a five year depreciation schedule or under IRS Section 179. This product has unique advantages for the customer who will most likely want to exercise and early buyout option.

We are happy to be able to offer leasing terms for larger purchases, so if you have a server refresh in your future, a larger scale deployment of desktop or notebook computers, etc, call us at 864.990.4748 or email info@homelandsecureit.com for more information.

Homeland Secure IT Alert

Homeland Secure IT Alert for Saturday, October 30, 2010

 

FireSheep add-on for Firefox browser is proof-of-concept why you should NOT use public / unencrypted Wi-Fi to access without extreme caution.

Last week, a tool was released that makes it possible for anyone to easily hijack your web sessions from within a browser view. When I say anyone, that means anyone. It has always been possible to do this, but this tool is so easy to use, a child could do it, or is that a caveman could do it?  Either way, once the browser extension is installed, the hacker can see a list of everyone using the public unencrypted Wi-Fi network he/she is on and what sites they are on.

The person can see in a browser sidebar WHO is logged into Facebook, Google, Twiter, Dropbox, WordPress, Evernote, Amazon, Flickr, etc, and then they simply click on your session to be logged in as you. Yes, they become YOU…  It works because it hijacks your cookie which is sent in the clear.

So think twice before you log into some site via public enencrypted Wi-Fi!!!

What can you do about this?  Good quesiton.

Option 1: Avoid public unencrypted Wi-Fi, defeating the purpose of having easy access, but offering you the highest level of protection.

Option 2: Only use sites that offer SSL/Secure logons – Actually this is sketchy because to sign into the “secure” section of most sites, the session info is still sent in the clear, so be careful.

Option 3: Use a VPN back to a gateway at your office. This insures all your traffic is encrypted.

Option 4: Try information that is available here: Force TLS

It doesn’t matter whether you are using Microsoft Windows, Apple Mac OS X, Linux, etc, this is not a *bug*, it is the nature of the beast.

Be careful out there….    If you have any questions or need assistance, please call us at 864.990.4748 or email info@homelandsecureit.com.

Homeland Secure IT Alert

Posted on FastCompany.com today was a flowchart to help you explain the internet….   Keep this handy if you will be time traveling over the holidays….

Homeland Secure IT Alert for Thursday, October 28, 2010

In the news today you will find that a new variant of the infamous Koobface is making the rounds via social media sites such as Facebook, Twitter and Myspace.

Unsuspecting users are enticed to click a video link in a direct message which links to a bogus YouTube page where they are presented with a thumbnail of the video, which when clicked runs a JAVA applet, and the user will then accept it, thinking they are going to see the greatest video ever. Instead, they get a blank screen more times than not, and have just given access to their computer to the bad guys.

According to various sites, the applet affects Linux and Mac in a different manner than the Windows based systems because it remains running longer, giving attackers a long time to exploit the machine for evil purposes. (So all that wonderful uptime you get from a *nix machine works against you as a Microsoft Windows machine gets rebooted more frequently).

It is suggested that you keep your operating systems updated, your JAVA updated, and keep current and quality anti-virus products on your computer such as Trend Micro. Even an anti-virus package like clamAV is advised over nothing at all. Mac and Linux users need to be very aware that the good old days of running “bareback” are over.

As always, avoid sketchy sites, don’t run JAVA apps unless you trust them. If you are on social media, use some common sense and don’t click on odd looking links, even if they come from your friends.

If you feel you may have been compromised, contact a computer service professional immediately. If you need assistance in Greenville or Upstate SC, we provide complete computer service, virus removal and cleanup and sales of Trend Micro and Symantec security and anti-virus software. 864.990.4748

Homeland Secure IT Alert

Is your company looking to buy new network gear, such as a firewall, switch, etc, and being held back by the cost?

Maybe you really want to use a Cisco product, but have determined that it may be more cost effective to purchase another brand such as WatchGuard or maybe SonicWALL.

Well hold on a minute, before we go much further… (To quote Rod Stewart)  There is a solution that is available to you that can save a good deal of money! Consider Cisco Certified Refurbished Equipment, which is equipment that may have been pulled from shelves, returns, etc, but has gone through a vigorous refurbishment process, and comes complete with a full Cisco warranty.

This is NOT used or counterfeit Cisco product you can buy via eBay or elsewhere on the web, this is genuine Cisco Certified Refurbished Equipment!  Don’t take a chance by purchasing equipment from an unknown source!

Green and environmentally friendly. Low price and budget friendly. And that’s just the beginning of the benefits you get with Cisco Certified Refurbished Equipment. Remanufactured to exacting standards in Cisco’s state-of-the-art manufacturing facility, Cisco Certified Refurbished Equipment carries the same warranty as new equipment and offers all the financial strength of Cisco Capital. You get Cisco Certified protection for a fraction of the cost of new equipment, reducing your total cost of ownership.

Learn More about the Cisco Certified Difference

Cisco Certified Refurbished Equipment

Cisco Certified Refurbished Equipment helps you Save Money:

• Save up to 90% off the list price of equivalent new equipment
• Extend your IT budget and implement Cisco advanced technologies
• Avoid hidden costs, such as relicensing fees

Need it now? In-stock inventory ships within 24 to 48 hours.

• Quickly and reliably locate older generation or end-of-sale products
• Immediate alternative to new product lead times
• Minimize downtime and project disruptions, respond quickly to unexpected needs

Same as New Warranty and Service Support Options

Cisco Certified Refurbished Equipment is backed by the same maintenance and service support options that equivalent new Cisco products are. Support is available through the Cisco Technical Assistance Center.

Homeland Secure IT, LLC is an authorized Cisco Partner and can offer you or your company new or Cisco Certified Refurbished Equipment at affordable rates. We also offer SMARTnet Licensing for every device you already own. Service, sales, consulting, repair, we do it all in Greenville and the Upstate of SC!  864.990.4748 or info@homelandsecureit.com

Windows 8

Don’t get all excited, yet, but a couple days ago, bloggers found a post on a Dutch Microsoft blog which discussed the upcoming release of Windows 8.

While the post was quickly removed, it has created a lot of stir in the IT community. Some of it good, and a LOT of it bad. Some believe after the “failed” unleashing of Microsoft Windows Vista on the unsuspecting public, that the update to Windows 7 should have been free for anyone with Vista! Of course, these same people think that EVERY update from MS should be free.

One blog post I read had the poster claiming that the (possible) 2012 release of Windows 8 would coincide with the end of the world as predicted by the Mayan calendar.

Most seem to feel that another update to Windows is just another way to get money. Now this I agree with. Microsoft is not a charity, they have to bring in money, and they do so with new innovations that they can sell and hopefully profit on. Do we really want a software company that doesn’t create new and exciting things, as well as just fixing the bugs?

Regardless of what people post on these random blogs, the general sentiment is that Microsoft Windows 7 is likely the best product that MS has ever offered, and is certainly the best Operating System. So, if Windows 8 follows that trend and brings us another stable platform with decent security, then 2012 is not soon enough. Though I just love living on the edge.

If you would like to purchase the CURRENT Windows 7 Operating System, either a single copy, or hundreds of licenses for your business or non-profit organization, Homeland Secure IT would like to assist you. Please call us at 864.990.4748 or email info@homelandsecureit.com.

Will Ragland as Dr. Frank-N-Furter

I’m sure most people who are of a certain age (say, in their 40s?) have seen The Rocky Horror Picture Show, staring Tim Curry as Dr. Frank-N-Furter… And maybe more than a few have been to a midnight showing of that movie at a movie theater. However, how many people have experienced a live performance of it?

A live performance may come in many flavors. When I lived in Los Angeles, we saw it where people dressed up and participated in the theater, and more interesting is where actors will be on the stage, and perform along with the audio playing and the actual movie on the screen behind them, and yet another way has been for the video to play, while actors and a band perform along with it (all while the audience participates)…

If you have NEVER seen the RHPS, you can catch it on the FOX Movie Channel on Halloween… All night long…. You will need an open mind, and maybe an adult beverage. More information can be obtained at http://www.rockyhorror.com/. This movie has nothing to do with “horror”, it is a rock-n-roll tribute to Sci-Fi movies of the past, with a naughty / risque flare. I don’t recommend it for immature people, or those who are easily offended.

This past Saturday, Oct-22-2010, at midnight, my wife Pamela, daughter Megan and her friend Nick went with me to the Warehouse Theatre’s production of The Rocky Horror Show. Prior to this, I had only seen it performed in the stage show manner once, and to be quite honest, it wasn’t fantastic. It was as good as amateurs could do, and everyone had a great time, but it wasn’t a “production”, it was a party.

Pamela, Megan and Nick had never seen any form of RHPS other than the movie, and didn’t know what to expect. I was not certain how it was going to be performed either since as I mentioned previously, I have seen it in various formats.

The Warehouse Theatre production is a full stage show, there is absolutely no tie to the movie itself. All scenes are performed by the actors themselves, all music is from a live band.

For those who love the movie, your first thought may be, “This is going to stink”, because as everyone knows, it is very hard to pull off a well known number such as “Sweet Transvestite” and not be compared (unfavorably) with Tim Curry’s version. Likewise, the other characters from the motion picture are very dynamic and difficult to reproduce. Admittedly, I went in expecting somewhat of a lackluster show. In the words of Magenta, “I ask for nothing”. Then Frank’s reply: “And you shall receive it… In abundance!!!!”

Rocky Horror Show Cast

That was not the case at all. The actors that portrayed the main characters were unbelievable! Will Ragland brought a new twist to Frank, without trying to duplicate his every nuance, and Rocky… Ohhhh Rocky, he was far better than the original Rocky in the movie! Better in every way… He sang his own parts (as did all the actors), and he looked the part. (My wife and daughter, and just about everyone were fixated on this guy’s genuinely beautiful physique… Uhmm, okay, that sounded weird for ME to say that, but it’s true).

These actors had to do something that Tim Curry and his movie cast never had to worry with, they had to perform while the audience shouted out all kinds of off the wall comments, as is the tradition with RHPS. The actors managed to keep straight faces, and use a good bit of improv to interact with the audience, which made the show all the more fun! Audience participation is a major part of this, and there are guides on the internet that will show you what to do, what to say, when to say it, etc.

We purchased the “audience participation pack”, which included light sticks (since flames are dangerous), confetti, newspaper etc.  No rubber gloves or noisemakers as some scenes from the movie are not present, such as the dinner/birthday party scene, where you get to say “Meatloaf again????”. But, not missed, and I’m sure were not part of the original stage production.

I’m a technical kind of guy, and very critical when it comes to audio and lighting, so I will add this in for those of you who are like me and love to pick things apart. The audio was absolutely perfect. Good levels, and great control, especially when you take into consideration the number of open mics involved. The lighting could not have been improved upon.

Every number performed by the band was well orchestrated, the mix was low, but necessary in order to have legible vocals. I only wish I could have played guitar or bass (I even emailed the Warehouse Theatre and asked if they needed a guitarist or bass player, but they had already put their band together by that time).

The remaining shows are probably sold out by now, even though they added some extra performances in November, so if you want to attend and see what all this is about, call TODAY – The box office number is 864.235.6948 or you can visit their website for more information.

My hat is off to the cast and the crew for a superb job! We had a marvelous evening out (early morning rather) and as always, with the Warehouse Theatre, it didn’t break the bank like it would have at other venues in Greenville.

Yeah, I know, this has absolutely nothing to do with Computer Service, Computer Repair or even Business, but even hard working people have to take a break and enjoy themselves every once in a while. I highly recommend it.

Homeland Secure IT Alert

Homeland Secure IT Alert for Friday, October 22, 2010

Apple has issued two advisories which outline Java security updates for OS X 10.5.x and OS X 10.6.x (Tiger and Leopard). These advisories warn of several vulnerabilities in the OS X Java components (a total of 10). There are updates out to address a few of the flaws, however, many still pose a serious risk according to WatchGuard’s security bulletin.

Not to be outdone, Mozilla released a Firefox update fixing close to 13 vulnerabilities in their browser and that is across all platforms, including Mac OS X, Microsoft Windows and Linux…

In both cases, these updates attempt to correct vulnerabilities which exist that could allow your computer to become exploited by visiting a malicious website, or following a link to a malicious website. The solution is to apply updates from Apple to your OS as well as update the Firefox browser. By “exploited”, it means, your computer could have malicious software loaded on it that would give the attacker anything from read access, to absolute, total control, as in a “rootkit” which may be difficult to detect. Some rootkits and keygrabbers have been running undetected on computers for months, even years.

It is always a good idea to avoid unknown sites, and not open random links sent to you by unknown/untrusted sources.

Another must-have is quality anti-virus / anti-malware such as Trend Micro. Their Titantium Security for Microsoft Windows machines and Total Online Protection for Apple Mac systems are affordable and will help you avoid a costly and inconvenient virus cleanup or removal, as well as prevent your valuable data from falling into the wrong hands. We can provide you with these fine products!

If you need assistance with any computer or network security issue, anti-virus, anti-spam, or even a virus removed from your system, please call us at 864.990.4748 or email info@homelandsecureit.com

—

More information about these updates are here:

Apple Java 10.5 Update 8: http://support.apple.com/kb/HT4418

Apple Java 10.6 Update 3: http://support.apple.com/kb/HT4417

Mozilla Security Advisory 2010-67: http://www.mozilla.org/security/announce/2010/mfsa2010-67.html

Homeland Secure IT Alert

Word travels fast on Twitter!  And word was that there were outages affecting some Microsoft Business Productivity Online Suite customers over the past few weeks…  In light of that, Microsoft has stepped up to the plate with their Online Services Health Dashboard and made it available to all customers and partners in all regions.

This is direct from their newsletter:

Introducing the Microsoft Online Services Health Dashboard
Microsoft Online Services is pleased to make the new Microsoft Online Services Health Dashboard available to all customers and partners in all regions.

The Health Dashboard is a step forward in our efforts to continuously improve our ability to provide customers and partners with up-to-date, accurate, and complete information about our dynamic services. It provides a greater level of transparency into the status of all Microsoft Online services and tools with detailed current and historical information for our three regions: Americas, serving customers in North America and Latin America (NOAM); Europe, the Middle East, and Africa (EMEA); and Asia Pacific (APAC).

For more information on the Health Dashboard, please refer to the Public Announcement on the Microsoft Online Services Team Blog.

If you would like to see what all the hubbub is about regarding Software As A Service (SaaS), In-The-Cloud, or Cloud Computing, you can try Microsoft BPOS for free with a no obligation trial.

You get a virtual Microsoft Exchange server which you can use with Outlook Web Access, or your own Outlook, shared calendars, Microsoft SharePoint, and more!

Homeland Secure IT offers both Google Apps and Microsoft BPOS and can help you decide which is best for your application. Please email info@homelandsecureit.com, call 864.990.4748 or visit HERE for more information….

Homeland Secure IT Alert

Homeland Secure IT Alert for Thursday, October 14, 2010

It seems like only yesterday I was telling our friends and clients about security issues that were announced this week. Believe me, this isn’t Deja Vu all over again…  It’s just another day in the life of a system administrator….

If you are running Microsoft SharePoint, especially if it has been made available to the outside world via HTTP or HTTPS (not just internally to your users), then this update affects you and the patch should be applied immediately. It also affects Microsoft Groove Server 2010 and Microsoft Office Web Apps.

I have included the security bulletin from Watchguard below which better outlines this vulnerability.

As always, should you require additional assistance or have questions, please email info@homelandsecureit.com or call 864.990.4748. We offer complete computer / network service, support & consultation in the Greenville / Upstate SC area, and national sales of Watchguard Security Products.

—

XSS Vulnerabilities in SharePoint Server Web Security Feature

Severity: Medium
12 October , 2010

Summary:
This vulnerability affects: The SharePoint family of products and Office Web Apps

How an attacker exploits it: By sending specially crafted HTTP requests, or enticing users into clicking malicious links

Impact: An attacker can execute scripts on your web site with another user’s privileges

What to do: Install Microsoft’s various server updates as soon as possible, or let Windows Update do it for you

Exposure:
Microsoft SharePoint is a family of products (including Groove Server) that offers web-based collaboration, file sharing, and web publishing. Office Web Apps are free, web-based versions of Microsoft Office productivity suite.

In a security bulletin released as part of Patch Day, Microsoft describes two Cross-Site Scripting (XSS) vulnerabilities that affect the SharePoint family of products, and Office Web Apps. Ironically, the XSS vulnerabilities lie within a component called SafeHTML, which is supposed to improve web security by sanitizing HTML from malicious scripts. Though the two XSS vulnerabilities differ technically, they share the same scope and impact. By sending specially crafted HTTP requests to a server with SafeHTML enabled, or by enticing a victim into clicking a link that generates such a request, an attacker can exploit either of these XSS flaws to execute script on your server on behalf of another user. Attackers can leverage these sorts of XSS flaws to read or steal your users’ cookie files, potentially hijack their web sessions, or, in some cases, even execute code on those users’ computers with an increased level of trust.

If you use the SharePoint family of products, you should download, and install the appropriate updates as soon as possible.

Solution Path:
Microsoft has released updates to fix these vulnerabilities. SharePoint product administrators should download, test and deploy the corresponding updates as soon as possible, or let Windows Update do it for you:

SharePoint Services 3.0 w/SP2 (KB2345304)
SharePoint Services 3.0 w/SP2 64-bit (KB2345304)
SharePoint Foundation 2010 (KB2345322)
SharePoint Server 2007 w/SP2 (KB2345212)
SharePoint Server 2007 w/SP2 64-bit (KB2345212)
Groove Server 2010 (KB2346298)
Office Web Apps (KB2346411)

For All WatchGuard Users:
Most people do not allow Internet-based users to access their SharePoint servers. Unless you’ve created an HTTP or HTTPS policy allowing external users to access your SharePoint server, your Firebox or XTM appliance will prevent Internet-based attackers from leveraging these flaws. That said, your server are still at risk of internal attack. Therefore, the patches above are your best solution.

Status:
Microsoft has released updates to correct these vulnerabilities.

References:
Microsoft Security Bulletin MS10-72
This alert was researched and written by Corey Nachreiner, CISSP.

Homeland Secure IT Alert