Homeland Secure IT Alert

Secure IT Alert for Thursday, February 2, 2012

If you are running a current version of Apple Mac OS X, 10.6.x or OS X 10.7.x  (Snow Leopard & Lion respectively), then you are vulnerable to exploits that these patches correct.

These security flaws could potentially allow an attacker to execute code on your computer after you visit a malicious web site or download/view affected documents or files, or allow Denial of Service (DoS) or even elevation of privileges.

How do you fix this? Apple has released OS X Security Update 2012-001 and OS X 10.7.3 to fix these security problems – UPDATE ASAP.

The 52 security vulnerabilities affect 27 components that are part of OS X and OS X server.  Some of the affected software includes: Apache, OpenGL, PHP, QuickTime and Time Machine.

A few examples:

Buffer overflow vulnerability in ImageIO – View a malicious image and it could result in a crash of an application, or code to be executed on your computer. The upside is, it would only execute with your privileges.

Buffer overflow vulnerability in CoreAudio – Play a malicious audio file and experience a crash of your system, or execute code with your privileges.

QuickTime vulnerabilities – Six of these babies could mean that if you open a malicious image or video in QT, code could be executed with your privileges.

The full update information can be found at http://support.apple.com/kb/HT5130

Should you require assistance in applying these updates, do not hesitate to call us in the Greenville or Upstate SC area at 864.990.4748 or email info@homelandsecureit.com

Homeland Secure IT Alert

Homeland Secure IT Alert

Homeland Secure IT Alert for Wednesday, January 11, 2012

Yesterday was Adobe’s first patch day of the new year and the security bulletin describes a total of six vulnerabilities in Adobe Reader and Acrobat X 10.1.1 and older, on both Microsoft Windows and Apple Mac.

The issues that are addressed are considered “critical” in nature and the solution is to download and deploy updates or to allow the Adobe Software Updater to perform the updates for you.

Adobe Reader X 10.1.2

• For Windows
• For Mac

Adobe Acrobat X 10.1.2

• Standard and Pro for Windows
• Pro Extended for Windows
• Pro for Mac

Homeland Secure IT Alert

A little something to keep you busy…   Adobe vulnerabilities that affect Microsoft Windows, Mac and Unix machines.

Patch ‘em up!

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA11-350A

Adobe Updates for Multiple Vulnerabilities

Original release date: December 16, 2011

Last revised: –

Source: US-CERT

Systems Affected

* Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and Macintosh

* Adobe Reader 9.4.6 and earlier 9.x versions for Windows, Macintosh, and UNIX

* Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh

* Adobe Acrobat 9.4.6 and earlier 9.x versions for Windows and Macintosh

Overview

Adobe has released Security Bulletin APSB11-30, which describes

multiple vulnerabilities affecting Adobe Reader and Acrobat.

I. Description

Adobe Security Bulletin APSB11-30 and Adobe Security Advisory

APSA11-04 describe a number of vulnerabilities affecting Adobe

Reader and Acrobat. These vulnerabilities affect Reader and Acrobat

9.4.6 and earlier 9.x versions. These vulnerabilities also affect

Reader X and Acrobat X 10.1.1 and earlier 10.x versions.

An attacker could exploit these vulnerabilities by convincing a

user to open a specially crafted PDF file. The Adobe Reader browser

plug-in, which can automatically open PDF documents hosted on a

website, is available for multiple web browsers and operating

systems.

Adobe Reader X and Adobe Acrobat X will be patched in the next

quarterly update scheduled for January 10, 2012.

Additional details for the U3D memory corruption vulnerability can

be found in US-CERT Vulnerability Note VU#759307.

II. Impact

These vulnerabilities could allow a remote attacker to execute

arbitrary code, write arbitrary files or folders to the file

system, escalate local privileges, or cause a denial of service on

an affected system as the result of a user opening a malicious PDF

file.

III. Solution

Update Reader

Adobe has released updates to address this issue. Users are

encouraged to read Adobe Security Bulletin APSB11-30 and update

vulnerable versions of Adobe Reader and Acrobat.

In addition to updating, please consider the following mitigations.

Disable Flash in Adobe Reader and Acrobat

Disabling Flash in Adobe Reader will mitigate attacks that rely on

Flash content embedded in a PDF file. Disabling 3D & Multimedia

support does not directly address the vulnerability, but it does

provide additional mitigation and results in a more user-friendly

error message instead of a crash. To disable Flash and 3D &

Multimedia support in Adobe Reader 9, delete, rename, or remove

access to these files:

Microsoft Windows

“%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll”

“%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll”

Apple Mac OS X

“/Applications/Adobe Reader 9/Adobe

Reader.app/Contents/Frameworks/AuthPlayLib.bundle”

“/Applications/Adobe Reader 9/Adobe

Reader.app/Contents/Frameworks/Adobe3D.framework”

GNU/Linux (locations may vary among distributions)

“/opt/Adobe/Reader9/Reader/intellinux/lib/libauthplay.so”

“/opt/Adobe/Reader9/Reader/intellinux/lib/librt3d.so”

File locations may be different for Adobe Acrobat or other Adobe

products that include Flash and 3D & Multimedia support. Disabling

these plugins will reduce functionality and will not protect

against Flash content that is hosted on websites. Depending on the

update schedule for products other than Flash Player, consider

leaving Flash and 3D & Multimedia support disabled unless they are

absolutely required.

Disable JavaScript in Adobe Reader and Acrobat

Disabling JavaScript may prevent some exploits from resulting in

code execution. Acrobat JavaScript can be disabled using the

Preferences menu (Edit -> Preferences -> JavaScript; uncheck Enable

Acrobat JavaScript).

Adobe provides a framework to blacklist specific JavaScipt APIs. If

JavaScript must be enabled, this framework may be useful when

specific APIs are known to be vulnerable or used in attacks.

Prevent Internet Explorer from automatically opening PDF files

The installer for Adobe Reader and Acrobat configures Internet

Explorer to automatically open PDF files without any user

interaction. This behavior can be reverted to a safer option that

prompts the user by importing the following as a .REG file:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\AcroExch.Document.7]

“EditFlags”=hex:00,00,00,00

Disable the display of PDF files in the web browser

Preventing PDF files from opening inside a web browser will

partially mitigate this vulnerability. If this workaround is

applied, it may also mitigate future vulnerabilities.

To prevent PDF files from automatically being opened in a web

browser, do the following:

1. Open Adobe Acrobat Reader.

2. Open the Edit menu.

3. Choose the Preferences option.

4. Choose the Internet section.

5. Uncheck the “Display PDF in browser” checkbox.

Remove or restrict access to 3difr.x3d

By removing or restricting access to the 3difr.x3d file, Adobe

Reader and Acrobat will fail to render U3D content, which helps to

mitigate this vulnerability. PDF documents that use the PRC format

for 3D content will continue to function on Windows and Linux

platforms.

To disable U3D support in Adobe Reader 9 on Microsoft Windows,

delete or rename this file:

“%ProgramFiles%\Adobe\Reader 9.0\Reader\plug_ins3d\3difr.x3d”

For Apple Mac OS X, delete or rename this directory:

“/Applications/Adobe Reader 9/Adobe

Reader.app/Contents/Frameworks/Adobe3D.framework”

For GNU/Linux, delete or rename this file (locations may vary among

distributions):

“/opt/Adobe/Reader9/Reader/intellinux/plug_ins3d/3difr.x3d”

File locations may be different for Adobe Acrobat or other Adobe

products or versions.

Do not access PDF files from untrusted sources

Do not open unfamiliar or unexpected PDF files, particularly those

hosted on websites or delivered as email attachments. Please see

Cyber Security Tip ST04-010.

IV. References

* Security update available for Adobe Reader and Acrobat -

<https://www.adobe.com/support/security/bulletins/apsb11-30.html>

* Adobe Reader and Acrobat JavaScript Blacklist Framework -

<http://kb2.adobe.com/cps/504/cpsid_50431.html>

* Adobe Acrobat and Reader U3D memory corruption vulnerability -

<http://www.kb.cert.org/vuls/id/759307>

* Security Advisory for Adobe Reader and Acrobat -

<https://www.adobe.com/support/security/advisories/apsa11-04.html>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA11-350A.html>

____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send

email to <cert@cert.org> with “TA11-350A Feedback VU#759307″ in

the subject.

____________________________________________________________________

For instructions on subscribing to or unsubscribing from this

mailing list, visit <http://www.us-cert.gov/cas/signup.html>.

____________________________________________________________________

Produced 2011 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>

____________________________________________________________________

Revision History

December 16, 2011: Initial release

—–BEGIN PGP SIGNATURE—–

Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTuuZnz/GkGVXE7GMAQIN8ggAjjQO8LOasl98uasGZW2J5SHfkKr675Mf

ymRzBagFqO9QuId2RvFG2b9nuq5zdqETsrcG1t668wtYLUhBaoLmFXPe/KsDQ9n+

/p9PctVJFmJpV92S3kAHw+u4t1n/Aa/4IdK0oXNBDhkyXrp41F27LY+aQ8FWWuxZ

lL4jXSUQ/gLgb6hOhLjRCsQtEhAcPbX/mPNxl6bACXZaOVZT88fz9M7JXryDiJWO

uuFi3O2GT0Bd3fEsL57U/TSbq8SynadObMSj4/+Q1HmOHcD0L5gzd9/N4M3D1Emg

y7aeUpgycY5eFefY3LVVkb7JkTUbEZHbuNHydFKIJDRlaXBAo+D0QQ==

=rKM4

—–END PGP SIGNATURE—–

Secure IT

Microsoft didn’t forget your Christmas gift….  And it’s coming early!

That’s right, Microsoft Patch Tuesday is upon us again, and this December 13th you can expect a slew of updates covering the entire line of current Microsoft Windows operating systems.

Operating Systems: Windows XP 64 & 32 bit, Server 2003 64 & 32 bit and Itanium based servers, Vista 32 & 64 bit, Windows Server 2008 and the Server Core, Server 2008 R2 Windows 7 32 / 64

Other Software: Microsoft Internet Explorer 6, 7, 8 and 9, Microsoft Office for Windows 2010 & Office 2004 2008 for Mac and individual applications Publisher 2003 & 2007,  Excel 2003 PowerPoint 2007 & 2010,  PowerPoint Viewer 2007, Office compatibility pack for Word, Excel and PowerPoint File Formats.

Chances are good that if you own a Microsoft Windows machine, or a Mac with Office, then you need to be letting your system update.

The complete bulletin can be found here: http://technet.microsoft.com/security/bulletin/ms11-dec

If you need assistance applying these updates or with any other computer service issue, please let us know!  864.990.4748 or info@homelandsecureit.com

In the last 24hrs, I have spoken with or assisted at least 3 people who have become infected due to opening a malicious email.

One of them was my wifey, Pamela, who received an email from the US Postal Service stating that her package had been refused and to open the attached file for details. Due to her old Microsoft Windows Vista system which without question should be updated, the payload from the trojan was dropped and she was without her computer for 3 hours while over 300,000 items were scanned again and again and her icons restored so she could use her desktop.

What is happening is a bit of social engineering.  The emails appear to come from someone you trust, in this case the Post Office, and they appear to have important information, just too good to pass up. A busy worker may be momentarily fooled, and likely, at the very moment they click on the item, they think, “Ohhh I bet I shouldn’t have done that”, but it is too late.

• How can you keep from becoming a victim of this type of exploit?
• Avoid using unpatched Microsoft Windows systems!  When updates are released, install them.
• Install all updates to important applications, such as Microsoft Office.
• Install all updates to Adobe Reader, Flash, Acrobat, and to JAVA.
• Keep current and trustworthy anti-virus such as Trend Micro Titanium 2012 on all your computers.
• Use caution when opening attachments. Ask yourself why the USPS would be sending you and email and why would the information be in an attachment before clicking on it.

Before I get responses such as “Macs do not have that problem”, yes, Apple Mac OS X does have that problem. We have dealt with almost as many Mac security issues this year as we have Windows 7.  Regardless of the Operating System, a little common sense and preventative maintenance goes a long way!

Should you need help with a virus cleanup or virus removal for your personal computer or your business, we can help. We also partner with Trend Micro to offer Worry-Free, Trend Micro Titanium, and the entire outstanding line of Trend Micro anti-virus, anti-spyware, anti-spam and anti-everything software, just give us a call at 864.990.4748 or email info@homelandsecureit.com.

Come to the dark side - We have cookies, and downloads.

Are you using something other than Microsoft Internet Explorer 9 (IE9) for your web browser? A growing number of you are, and Microsoft does not like it one bit. In fact, if you go visit their promo site, you can receive “Free stuff from sites you love” if you will just cross over to the dark side, so to speak.

Here’s the link to the “Beauty of the Web” site…  HERE

Sites represented are Slacker Radio, AOL Radio, Grooveshark, hulu, Flixter, Fandango, ticketmaster, vimeo, zynga and Pandora.

Of course, you have to be using IE to take advantage of the offers. The process is to drag the icon to your taskbar to pin it there, then share the information on Twitter or Facebook.

Mac OS X users will have to run IE 9 in a virtual machine in order to take advantage of this…

Apple released a slew of updates to address major security vulnerabilities this week…

Be sure get your devices up to date…

• OS X Lion v10.7.2 and Security Update 2011-006
• iTunes 10.5
• Safari 5.1.1
• iOS 5 Software Update
• Numbers for iOS v1.5
• Pages for iOS v1.5
• Apple TV 4.4

In what is becoming way too common, the popular site, mysql.com was exploited, and used to distribute malware by redirecting visitors to another site this week.

Anyone browsing to mysql.com yesterday would have been redirected, and without even being prompted, then likely been exploited themselves by the software running on the rogue website which apparently looked for vulnerable browser plugins to use for an injection point.

Trend Micro’s smart web filtering may have caught this and stopped it, but one thing is for sure… Doing everything you can to protect yourself from this type of exploit is more important than ever.

You should always insure you are running up-to-date and mainstream/quality anti-virus software (Such as Trend Micro), and also keep your operating system (whether Microsoft Windows, Apple Mac OS X or even linux), browser, and all support software such as Adobe Flash Player, Adobe Reader and JAVA, as well as Microsoft Office fully updated!

Another thing you should consider is backups! With the cost of USB hard drives at an all time low, and online backup (Like our Servosity offering) being an easy install, configuration and affordable, there is no excuse to not have backups.

Should you need assistance in the Greenville / Upstate SC area determining what you or your business needs, please contact us at 864.990.4748 or email info@homelandsecureit.com. We provide sales of Trend Micro, Symantect & McAfee anti-virus protection, virus cleanup & removal, and can handle your computer service & computer repair tasks!

Using Mac’s in your enterprise?

You will want to read this article http://www.theregister.co.uk/2011/08/26/mac_osx_lion_security_hole/…

This is kind of a big deal, as it underscores that Mac OS X Lion machines simply fail at LDAP, a basic part of enterprise network integration.

In short, if you bring these Macs into your environment, once authenticated, they simply don’t care which password is entered, they simply say “yer in!”…

Those of you who believe Macs are super secure need to rethink that philosophy and accept that there are problems with all OSes that pose a threat.  About a week ago, I posted about a threat that involves a pure Mac server network, without any Microsoft involvement, just as bad as this current LDAP issue, no, actually worse.

If you would like to discuss integration of Macs into your Greenville / Upstate, SC Microsoft Windows environment, please give us a call at 864.990.4748 or email info@homelandsecureit.com…

I’ve posted this before…  External, portable, USB hard drives are convenient to store some data on, but dang it, don’t put everything on one and trust that it is forever and always going to be there for you.

These devices use 2.5″ hard drives like you would find in a notebook computer, and while there is nothing wrong with those drives, they do tend to be a little more fragile and have a shorter life-span than their 3.5″ brethren.

Case in point….  Today, I was going to copy some data from my daughter’s old computer to an external usb drive…   While the data made it over there, it was the straw that broke the camel’s back and other things started happening. The huge collection of music that resided on the drive became unstable. It was taking long periods of time to open the files, some were damaged and thousands were missing.

Running recovery software only resulted in finding parts of files, because when I started copying my daughter’s files to that drive, they overwrote sectors where parts of the other files had been…    There’s no recovering that.

Thankfully, I had a backup, but what if I did not?

The moral of this story is – backup, backup, backup…   Use something like an online cloud backup system or multiple hardware devices, and do it often.   DO NOT put all your eggs in one basket and trust some >100 dollar usb drive. Doesn’t matter if you are using a Microsoft Windows PC, Mac OS X, Linux, or an Commodore 64, back it up!

Should you need help determining which backup solution is right for you or your business, please give us a call at 864.990.4748 or email info@homelandsecureit.com. We are one of Greenville / Upstate South Carolina’s premier computer & server backup specialists and we have a disk, tape, cloud or NAS solution to suit your application!