|
 Homeland Secure IT Alert Homeland Secure IT Alert for Tuesday, December 14, 2010 In an effort to keep the Firefox browser secure, updates have been released that address multiple vulnerabilities. If you are using the 3.5.x or 3.6.x versions of the popular browser on Microsoft Windows, Linux or Apple Mac, you should insure your browser is up to date immediately to 3.5.16 or 3.6.13 respectively. Failure to do so could allow an attacker to execute code on your computer, regardless of the operating system. I have attached the announcement from the WatchGuard security ML below: — December Firefox Update Corrects a Bunch of Critical VulnerabilitiesSeverity: Medium13 December, 2010 Summary:
Exposure:Last week, Mozilla released a Firefox update fixing 13 (count based on CVE number) vulnerabilities in their popular multi-platform web browser. Mozilla rates most of these vulnerabilities as critical; meaning an attacker can leverage them to execute code and install software without user interaction beyond normal browsing. We summarize three of the most critical Firefox 3.6.12 vulnerabilities below:
Mozilla’s alert describes many more critical vulnerabilities, most of which allow attackers to execute code simply by enticing you to a malicious web page. Visit Mozilla’s Known Vulnerabilities page for a complete list of the vulnerabilities that Firefox 3.6.13 fixes. On a related note, some of these vulnerabilities also affect Firefox 3.5.x. If you use 3.5.x, we recommend you move to 3.6.13. However, if you must stay with 3.5.x, Mozilla has also released an update for that legacy version as well. Solution Path:Mozilla has released Firefox 3.6.13 and 3.5.16, to correct these security vulnerabilities. If you use Firefox in your network, we recommend that you download and deploy version 3.6.13 as soon as possible. If, for some reason, you must remain with Firefox 3.5.x, make sure to upgrade to 3.5.16. Note: The latest version of Firefox 3.6.x automatically informs you when a Firefox update is available. We highly recommend you keep this feature enabled so that Firefox receives its updates as soon as Mozilla releases them. To verify that you have Firefox configured to automatically check for updates, click Tools => Options => Advanced tab => Update tab. Make sure that “Firefox” is checked under “Automatically check for updates.” In this menu, you can configure Firefox to always download and install any update, or if you prefer, only to inform the user that an update exists. As an aside, attackers cannot leverage many of these vulnerabilities without JavaScript. Disabling JavaScript by default is a good way to prevent many web-based vulnerabilities. If you use Firefox, we recommend you also install the NoScript extension, which will disable JavaScript (and other active scripts) by default. For All Users:This attack arrives as normal-looking HTTP traffic, which you must allow through your firewall if your network users need to access the World Wide Web. Therefore, the patches above are your best solution. Status:The Mozilla Foundation has released Firefox 3.6.13 to fix these vulnerabilities. References:This alert was researched and written by Corey Nachreiner, CISSP. What did you think of this alert? Let us know at your.opinion.matters@watchguard.com. More alerts and articles: log into the LiveSecurity Archive. — WatchGuard manufactures a wide range of network security appliances / firewalls that can help protect your business from malicious attacks, reduce spam, keep you within compliance and give you peace of mind. We offer the full WatchGuard line of products for sale and provide support. For more information, email info@homelandsecureit.com or call 864.990.4748. If you would like a free consultation, please contact us today! |
 Homeland Secure IT Alert |
Say "no" to stacks of CDs
If you are using CDs, DVDs, flash drives, external hard drives, or other physical media to backup your notebook computer, you are doing 100% more to protect your data than the majority of all PC owners!
However, you are also spending time connecting devices or inserting backup media and likely are manually starting the backup, leaving lots of room for missed backups. If you are using an external USB hard drive, you may be using the included software to automatically backup to that media when you have it plugged in, which could make for gaps of days, weeks, months, or who knows, even longer between backups.
Those of you who want to insure your data is backed up, automatically, without interaction from you at all, should consider an online or remote backup solution. These are ideal for a mobile computer, whether it is an Apple Mac OS X, Microsoft Windows or even a Linux based system! All you do is establish an account, install the software, configure the software for a time frame for running and you are done. “Set it and forget it” as they say.
When you have your computer turned on and connected to the internet, the data is uploaded to the remote server automatically and you get an email that lets you know that it completed correctly or that a backup was missed. You can see the backup details, you can set the backup to be “continuous” where your files are synced as they change, etc.
Your data is stored remotely on encrypted and secure servers. You can access a single file or restore an entire folder via the application or a handy web interface!
Here at Homeland Secure IT, we use, recommend and offer a free trial of Servosity Online Backup. Servosity is a locally owned and operated business here in Greenville, SC whom we are proud to partner with to bring our clients a rock solid, dependable and affordable backup solution. Servosity works with desktops, laptops, server (including Microsoft Exchange, SQL, and more!) and as mentioned previously, multiple operating systems from Windows to Apple Mac, to Linux, etc.
Free Servosity Online Backup Trial! Click Here...
If you would like more information about how Servosity Online Backup can help you or your business, or you would like a FREE TRIAL of the service, please email info@homelandsecureit.com or call 864.990.4748. We offer a full range of backup solutions, both physical onsite and remote. Don’t go another day without KNOWING your data is protected!
- Homeland Secure IT Alert
Homeland Secure IT Alert for Thursday, October 28, 2010
In the news today you will find that a new variant of the infamous Koobface is making the rounds via social media sites such as Facebook, Twitter and Myspace.
Unsuspecting users are enticed to click a video link in a direct message which links to a bogus YouTube page where they are presented with a thumbnail of the video, which when clicked runs a JAVA applet, and the user will then accept it, thinking they are going to see the greatest video ever. Instead, they get a blank screen more times than not, and have just given access to their computer to the bad guys.
According to various sites, the applet affects Linux and Mac in a different manner than the Windows based systems because it remains running longer, giving attackers a long time to exploit the machine for evil purposes. (So all that wonderful uptime you get from a *nix machine works against you as a Microsoft Windows machine gets rebooted more frequently).
It is suggested that you keep your operating systems updated, your JAVA updated, and keep current and quality anti-virus products on your computer such as Trend Micro. Even an anti-virus package like clamAV is advised over nothing at all. Mac and Linux users need to be very aware that the good old days of running “bareback” are over.
As always, avoid sketchy sites, don’t run JAVA apps unless you trust them. If you are on social media, use some common sense and don’t click on odd looking links, even if they come from your friends.
If you feel you may have been compromised, contact a computer service professional immediately. If you need assistance in Greenville or Upstate SC, we provide complete computer service, virus removal and cleanup and sales of Trend Micro and Symantec security and anti-virus software. 864.990.4748
Homeland Secure IT Alert
Shiny Happy People
According to a story published in the Washington Post, computer users are happier with their PCs than at any time since the first year (1994) that this was tracked! This was based around a poll run by ACSI LLC.
It was not surprising that Apple had the highest user satisfaction with their “cult-like” Mac following, though it may catch some off guard that Microsoft held its own. The article cites improvements in Microsoft customer satisfaction since the release of Windows 7, which we have seen ourselves. In fact, since the release of Microsoft Windows 7, we have been seeing people dump their aging Macs and opt for less expensive Windows machines as replacements.
Some factors that appear to be contributing to the migration from Mac to the Windows platform are the consistently lower prices for Microsoft Windows based machines, security holes being exploited in the Mac rapidly narrowing the “Mac is more secure” gap, the overall user friendliness and reliability of Windows 7 and of course the larger software selection.
Either way, across the board people are as happy as ever with their computers!
If you find your experience is less than satisfactory, I would like to hear from you. Reply here, shoot me an email, give me a call, etc. We can likely help improve your satisfaction!
- Homeland Secure IT Alert
Secure IT Alert for Tuesday, September 21, 2010
This is not a repeat… I repeat, this is not a repeat. Sorry, that was redundant…
Adobe announced yesterday, September 20th, the release of additional patches to Adobe Flash Player to address vulnerabilities. These affect Microsoft Windows, as well as Mac, Linux, Solaris and even Android.
It’s the same old song and dance with this one… Update your Flash Player or risk being exploited. This *may* affect Adobe Reader as well, but Adobe’s announcement indicates that they will not address the potential threat to Adobe Reader in October updates. Presumably because it is not being actively exploited (yet).
As always, avoid random browsing to unknown / untrusted /shady sites, and don’t follow unexpected links in email… Keep your operating system up to date with patches. Insure you have the best Anti-Virus protection you can possibly afford, such as Trend Micro Internet Security or Trend Micro Worry-Free Business Security and that it is function and up-to-date. If your computer is acting differently than normal, including slow response, unusual pop-ups, random shutdowns, etc, contact a computer service or support professional, especially if that computer is used for business or financial purposes.
Included below is the original Adobe Security Bulletin. If you require assistance with this or any other computer or network security issue in the Greenville or Upstate SC area, please call us at 864.990.4748 or email info@homelandsecureit.com
—
Security update available for Adobe Flash Player
Release date: September 20, 2010
Vulnerability identifier: APSB10-22
CVE number: CVE-2010-2884
Platform: All Platforms
SUMMARY
A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.92.10 for Android. This vulnerability also affects Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2884) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows. Adobe is not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date.
Adobe recommends users of Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.1.85.3, and users of Adobe Flash Player 10.1.92.10 for Android update to Adobe Flash Player 10.1.95.1.
AFFECTED SOFTWARE VERSIONS
Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.92.10 for Android.
To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select “About Adobe (or Macromedia) Flash Player” from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.
SOLUTION
Adobe recommends all users of Adobe Flash Player 10.1.82.76 and earlier versions upgrade to the newest version 10.1.85.3 by downloading it from the Adobe Flash Player Download Center or by installing it via the auto-update mechanism within the product when prompted.
Users of Flash Player for Android version 10.1.92.10 and earlier can update to Flash Player version 10.1.95.1 by browsing to the Android Marketplace on an Android phone.
For users who cannot update to Flash Player 10.1.85.3, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.283, which can be downloaded here.
SEVERITY RATING
Adobe categorizes this as a critical update and recommends affected users update their installations to the newest versions.
DETAILS
A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.92.10 for Android. This vulnerability also affects Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2884) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows. Adobe is not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date.
Adobe recommends users of Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.1.85.3, and users of Adobe Flash Player 10.1.92.10 for Android update to Adobe Flash Player 10.1.95.1.
We expect to provide updates for Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 for Windows and Macintosh during the week of October 4, 2010.
Google Chrome users can update to Chrome 6.0.472.62. To verify your current Chrome version number and update if necessary, follow the instructions here: http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95414.
—
Homeland Secure IT Alert
Sure Homeland Secure IT is based in Greenville, SC, but we service the entire UPSTATE of SC.
Our service area includes: Greenville, Easley, Anderson, Simpsonville, Duncan, Greer, Taylors, Travelers Rest, Spartanburg, Piedmont, Pendleton, Clemson, Pelzer, Six Mile, The Cliffs area, Fountain Inn, Welcome community, Seneca, and the entire Upstate of South Carolina.
If you require computer repair, service or support and live in any of these great cities, call us! Services performed in our office, your office or your home. Everything from simple virus removal and cleanup, to system installations, software / application installations, Microsoft Windows & Server updates.
864-990-4748 or info@homelandsecureit.com – http://www.HomelandSecureIT.com/
Servosity - Now with continuous data protection goodness!
I’ve heard every excuse in the book for not backing up data. Too much trouble, too expensive, too time consuming, slows the computer down while the backup is running, etc. Until today.
I actually had a discussion in which the individual told me that backups were useless because they were not real-time, and that using a backup program like Symantec’s Backup Exec or even an online backup solution like Servosity was a scheduled backup and data had potential to be lost between the time you saved it, and the time it was backed up to the media or remote server.
Then, I dropped the bombshell… There is such a thing as “Continuous Backup Protection”. Symantec offers it of course, but this person was totally against a hardware solution that was on premise, so I told him about Servosity’s offering. Where you can have a regular backup taking place after hours, but for critical data, you could have that backup immediately when you save it! And, if you wanted, you could set it up to backup the entire system in near real-time! Kind of a mirror of your data, on a remote, secure server where each file that is saved or modified is synced with the remote system.
This is where cloud computing, or Software as a Service (SaaS) really shines! If you backup instantly, to a remote location, and a horrific incident occurs, say a tornado, fire, flood, or even theft of your equipment, you have access to it over the internet! A perfect solution for business continuity plans.
Servosity can protect a single workstation or a thousand, a fleet of mobile computers, your Mac OS X, Windows Servers, Exchange, SQL, Linux, and so much more!
If you would like more information about Servosity or other Continuous Backup solutions, please call us at 864-990-4748 or email info@homelandsecureit.com
Time to replace that old computer? Wanting the latest and greatest? Bigger (or smaller), faster, cooler? Are you just looking for a good excuse to treat yourself? I know I am! Late Father’s Day gift to yourself? Early Christmas? How about an Independence Day gift? That sounds good!
In any case, if you are planning on buying a new notebook or desktop computer, don’t forget to protect that investment with the purchase of these items:
Anti-Virus / Anti-Malware:There is no way you can survive these days without proper anti-virus on your computer! Regardless of your platform, you need this protection. Our favorite is Trend Micro Anti-Virus, which we sell and install. However, if you are truly replacing your computer and not just adding another one, you may already own current anti-virus software. If you do, then you can download and install on the new computer, using the same activation code. Getting a Mac and think you can run “bareback” because they are immune to viruses, trojans, etc… Think again. More and more malicious software is targeting Apple Mac OS X.
Uninterruptable Power Supply / UPS: You are buying an expensive piece of hardware, and then trusting that the power company is going to deliver a good clean source of power to your system. A surge protector can help, but an UPS will not only protect the hardware, it will keep you from losing documents you are working on should the power go out. Our favorite brands of power protection products are APC and Eaton. They make an UPS for every situation, whether you need to protect a single computer, a complete system with monitor, modem, printer, etc or you have to protect a server or a data center.
Backup Solution: You now have an awesome system, with lots of room to download music and store thousands or tens of thousands of photos, movies, etc… What happens in the event of a hard drive failure? These days, you can use online backup solutions such as our Servosity service which will automatically backup your data to the cloud (the internet) in a safe and secure (encrypted) data center. You can then restore your data in the event of a loss. We also offer physical backup solutions, such as USB drives, tape backup systems, Symantec Backup Exec, and we do work with other backup providers as well.
Insurance Rider: Your insurance policy may not cover an expensive computer system. Check with your insurance carrier to make sure you are properly covered in the event of a loss to fire, flood, theft, lightning strike, etc. Many times a rider can be added to your policy for only a few dollars a month that will protect your hardware, and even software.
If you have any questions about these solutions and what may be right for you, please do not hesitate to call us, we can provide computer repair, consultation and sales. We are authorized resellers for APC & Eaton power protection products, Trend Micro anti-virus / anti-malware, Servosity, Mozy & Symantec backup solutions and more! Call us at 864-990-4748 or email info@homelandsecureit.com to find out how we can help you in the Greenville / Upstate SC area…
Homeland Secure IT Alert
Macintosh users are getting their own patches for Mal-Ware lately. Released last week with absolutely no fanfare was OS X 10.6.4 which addresses a Trojan vulnerability among other things. It seems that Apple intentionally has not made a big deal about this security issue, partly to help keep up the appearance that Mac computers are impervious to malicious software. A thought that is echoed by countless owners and proponents of the platform.
Regarding the Trojan and the patch, security firm Sophos has more information here – basically, the vulnerability can give full control of your Mac PC to an attacker…
As with any operating system, whether it is Microsoft Windows, various versions of Linux, Unix, *BSD, or even the beloved Mac OS X, it is important that your computer have proper anti-virus / anti-malware installed, and that you keep the operating system itself up to date with patches as well as any supporting software you may use. Adobe recently announced multiple vulnerabilities in their Flash and Air that are vulnerable on Mac OS X as well as every other platform.
Should you require assistance installing updates or patches, or would like to purchase Anti-Virus / Anti-Malware such as our favorite, Trend Micro Worry Free Business Security and the entire product line from Trend Micro, please call us at 864-990-4748 or email info@homelandsecureit.com for more information.
Homeland Secure IT Alert - Contact Info
Homeland Secure IT Alert
Homeland Secure IT Alert for Friday, June 18, 2010
Greetings and salutations,
Last week we warned of Critical Vulnerabilities which affect Adobe products and this week we are hearing of many people being exploited by these security holes.
There are patches and updates available that will secure your system, however, they are not applied automatically and must be performed by someone on each workstation. These updates are NOT handled by Microsoft Windows Update, WSUS, and many patch management systems.
Note that this affects ALL platforms, Microsoft Windows, Windows Server, Mac OS X, Linux, Solaris, VMWare systems with VMWare Tools.
This is an excerpt from the Adobe site:
AFFECTED SOFTWARE VERSIONS
Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris
Adobe AIR 1.5.3.9130 and earlier versions for Windows, Macintosh and Linux
To verify the Adobe Flash Player version number installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select “About Adobe (or Macromedia) Flash Player” from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.
To verify the Adobe AIR version number installed on your system, access the Adobe AIR TechNote for instructions.
SOLUTION
Adobe Flash Player
Adobe recommends all users of Adobe Flash Player 10.0.45.2 and earlier versions upgrade to the newest version 10.1.53.64 by downloading it from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted.
To address the vulnerabilities described in this Security Bulletin, a prerelease version of Flash Player 10.1 for Solaris platforms is available from Adobe Labs.
For users who cannot update to Flash Player 10.1.53.64, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.277.0, which can be downloaded from the following link.
Adobe AIR
Adobe recommends all users of Adobe AIR 1.5.3.9130 and earlier versions update to the newest version 2.0.2.12610 by downloading it from the Adobe AIR Download Center.
SEVERITY RATING
Adobe categorizes this as a critical update and recommends affected users update their installations to the newest versions.
More information about the security updates is available from Adobe at this URL:
http://www.adobe.com/support/security/bulletins/apsb10-14.html
If we can be of any assistance at all, please do not hesitate to contact us… We perform complete computer, server and network support, service and repair in Greenville and Upstate SC, as well as offer best-in-class Anti-Virus from Trend Micro!
Be safe and have a great weekend!
Homeland Secure IT Alert - Contact Info
