The document outlines that on May 16th US-CERT was informed that two websites www.federalnewsradio-dot-com and www.wtop-dot-com had been compromised and that redirects had been put in place that would send Internet Explorer users to a package that would install malicious software (an exploit kit). It also highlights the fact that as of May 17th, it was confirmed that this redirect and payload were both removed from those sites.

People who visited those sites while the redirect was in place could be potentially compromised themselves.

In order for the exploit to work to correctly, you would need multiples of the following:

• A computer running Microsoft Windows, presumably without OS updates in place
• Be using Microsoft Internet Explorer as your browser
• Have an older, unpatched version of Adobe Reader or Acrobat installed
• Have an older, unpatched version of Oracle Java installed
• Have inadequate or un-updated anti-virus in place

The more of those criteria that you meet, the higher the likelihood of your machine becoming exploited and in this particular case, having the ZeroAccess Trojan installed and potentially the FakeAV/Kazy malware piggybacked with that. ZeroAccess gets busy once in place, joining a command and control system, and downloading additional malicious applications such as a fake Flash installer.

Protecting yourself is easy to do. Install updates, use quality anti-virus, and a dash of common sense helps too!

Protecting an entire network with several computers and servers may be a more demanding task. You probably want to get a qualified service provider to assist in that endeavor.

If your business is in the Greenville, Spartanburg or Anderson SC, we would love to discuss security issues with you. Homeland Secure IT provides computer, server and network security, support and sales to the Upstate. We are partners with some of the biggest names in the business, such as Cisco, WatchGuard, Microsoft, Symantec, Trend Micro and more!  Please call us at 864-990-4748 or use our contact form on our website!

One other thing – if you feel for some reason that you may be infected, most of the time, you are. Don’t take a chance. We can help scan your machines or networks and clean them up should that be the case.

Once you get past that totally different interface, and the login if you are on a domain, one annoying trait that may tweak your shorts is the forced automatic restart after updates are applied. You would notice that where Windows keeps saying that your machine is going to reboot and actually starts to count down. How annoying, right?

Even though this behavior is annoying, it has a purpose! When “Patch Tuesday” comes around, and these updates are pushed to your computer and installed, it needs to reboot in order to close out the vulnerable components and patch them so you are protected from nasty exploits.

Failure to apply and activate updates can (and does) lead to machines which are in a vulnerable state, and visiting malicious websites, or opening malicious documents, even though the updates have been installed, but the machine is not rebooted, may result in viruses, trojans, worms and other malware being installed.

I think that was redundant, but I really want you to understand just how important these updates are!

That being said… Should you get too annoyed by the forced reboots, there’s a potential way around this by using the Group Policy Editor.   That setting is found under Local Computer Policy, Computer Configuration, Administrative Templates, Windows Components, Windows Update…    Just set “No auto-restart with logged on users for scheduled automatic updates installation” to “Enabled”.

But don’t do it, unless you have another means for maintaining your patch management.  Really, don’t do it.

If you would like to talk with someone about patch management, windows security, network security or anything computer support related for you or your business in the Upstate SC area, please call us at 864-990-4748 or use our contact form on our website.

We’re happy to announce that Homeland Secure IT has renewed our Microsoft Education Reseller status and are good for another year.

What does that mean?  Besides having to demonstrate that we know what we are doing through taking an exam, we have to actually have a clue about the sales of Microsoft products specifically available to the academic organizations we serve.

By maintaining our relationship as an AER (Authorized Education Reseller), we can offer Academic Volume Licensing which is not only convenient, but more affordable than retail, or standard open licensing.

It is available in as subscription model or even perpetual licenses.

If you are interested in this type of product, give us a call at 864-990-4748 in the Upstate / Greenville SC area.  We not only offer the sales, but also consultation, installation and maintenance of Microsoft software!

Yesterday, Apple Inc announced that computers within their own network have been exploited.  Mac computers in other companies have also been exploited.

It’s always a heated subject whenever I mention that more and more Apple Macs are becoming compromised. Very passionate people will argue with me until they are blue in the face about how Microsoft Windows machines are more vulnerable, and that their Mac never gets infected. However, I must add this in – as a provider of business computer service and support. We have seen a steady decline in malware on Windows 7 computers, and no infections as of this date on Windows 8. While, Mac issues are increasing.

Here’s a link to the Reuters story.

As always, regardless of whether you own a Windows based computer or a Mac, please take these simple steps at the very least to help insure the security of your computer:

• Keep your machine’s operating system up to date with patches!
• Keep all applications, such as Microsoft Office, Adobe Reader up to date with patches
• Support applications such as JAVA should be kept up to date (and some feel disabled or uninstalled
• Use current COMMERCIAL anti-virus which permits the scanning of websites in real time (We suggest Trend Micro)
• Avoid sketchy websites, don’t open emails (You didn’t win the Microsoft Lotto, trust me)
• If you feel you have been exposed, seek a professional immediately
• Watch those public hot spots if using a notebook (man-in-the-middle)
• Do not give permission for anything to install that you didn’t initiate
• Go straight to Adobe or other software provider for your updates
• Don’t initiate a scan for malware if prompted while visiting a website

Should you need assistance with any computer or network security issue for your home or business in the Greenville or Upstate SC area, please do not hesitate to call upon us at 864-990-4748 or use our contact form.

Strap in….  Patches are ‘a comin’ to your Microsoft Windows based computer or Server on February 12, 2013, just in time for Valentine’s Day.

See, Microsoft DOES love you.  Never doubt.

That’s right! For the low, low price of only zero dollars, you will be receiving a number of feature loaded patches, the Microsoft Advance Notification for February 2013 says that you will be eligible for up to a dozen fun-packed bulletins worth of heart-felt updates.

There are five CRITICAL bulletins that affect Microsoft Windows, Internet Explorer and Microsoft Server Software. One absolutely requires a reboot, and it is suggested that you apply it and reboot afterwards. The penalties for avoiding these? Remote Code Execution! In layman’s terms, it means, your machine could be owned by the bad guys and they could have their way with it, scouring it for content, watching for you to log into your bank, or enter a credit card online.

The other bulletins are just as important, hence the label of “Important”, allowing remote code execution, denial of service and elevation of privilege to potentially ruin your day. The affected products are Windows Server Software, Microsoft Windows, Microsoft Office and the Microsoft .NET Framework.

Don’t delay, update today. Errrrrrm, well, after Patch Tuesday anyway!

While you are at it, you need to get the JAVA and Adobe Flash/Reader/Acrobat updates installed too, even if you are using an Apple Mac!

If you have questions, or need assistance with these or any other updates or security concerns in the Greenville or Upstate SC area, please call upon us at 864-990-4748 or use our contact links.

If you are using Java on your system… Please make sure it is up to date, or consider disabling it all together if you can live without it to decrease the likelihood you could become exploited.

A large number of the machines that we are aware of being infected with malicious software recently, have been as a direct result of Java and Adobe products, not the operating systems themselves.

This goes for Microsoft Windows XP and 7, and Apple Mac.

Should you need help with any virus or malware related issue, for your business or your personal computer in the Upstate SC area, please do not hesitate to call upon us at 864-990-4748.

Every once in a while, something comes along that can make your life easier, while being affordable. The Jabra SPEAK 510 series bluetooth wireless conferencing system is exactly that.

Not so long ago, a business would have a conference take place in an actual conference room. However, these days, people might crowd around a computer in an office, or a speakerphone in the break room, and some might even be using Skype on an iPad on a business retreat. Usually with poor audio quality on both ends.

Jabra has taken notice and created the new SPEAK 510 and 510+ conferencing systems for use in just about any scenario!

These are portable devices that can wander up to 300 feet away and turn any room into a conference room!

You can use it wirelessly with ANY bluetooth phone, tablet or PC, or optionally tether it.

Using one could not be more simple thanks to very easy to understand controls.

If a Jabra conferencing system could be of use to your business, please contact us as we are your Greenville and Upstate SC Jabra dealer!  864-990-4748 for more information.

Eaton Power Products

As an Eaton partner, Homeland Secure IT offers Greenville and the Upstate of SC the full line of Eaton power protection products, from surge protectors to full UPS or Uninterruptable Power Supplies to keep your computers, servers, network and phone systems online even when the power is off.

Safely shut down during a power outage and never lose the document you are working on by using an UPS.

There is an Eaton product that is right for every installation senario you may have. From home, home office, to small business and even data centers.

For more information or a sales quote, please call us at 864.990.4748 or use our handy CONTACT form!

Homeland Secure IT Alert

Microsoft didn’t forget you, in fact, they already have your Christmas present, which will be delivered in the form of patches on the infamous “Patch Tuesday”…

So, whether you have been naughty or nice… Please update your computers!

If you require assistance with managing updates for your personal computer, your server, or your entire business network in the Greenville and Upstate SC area, please call us at 864-990-4748.

Here’s the Microsoft Bulletin for your reading enjoyment:

********************************************************************

Microsoft Security Bulletin Advance Notification for December 2012

Issued: December 6, 2012

********************************************************************

This is an advance notification of security bulletins that Microsoft is intending to release on December 11, 2012.

The full version of the Microsoft Security Bulletin Advance Notification for December 2012 can be found at http://technet.microsoft.com/security/bulletin/ms12-dec.

This bulletin advance notification will be replaced with the December bulletin summary on December 11, 2012. For more information about the bulletin advance notification service, see http://technet.microsoft.com/security/bulletin/advance.

To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications on http://technet.microsoft.com/security/dd252948.

Microsoft will host a webcast to address customer questions on these bulletins on December 12, 2012, at 11:00 AM Pacific Time (US & Canada). Register for the Security Bulletin Webcast at http://technet.microsoft.com/security/bulletin.

Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.

This advance notification provides a number as the bulletin identifier, because the official Microsoft Security Bulletin numbers are not issued until release. The bulletin summary that replaces this advance notification will have the proper Microsoft Security Bulletin numbers (in the MSyy-xxx format) as the bulletin identifier. The security bulletins for this month are as follows, in order of severity:

Critical Security Bulletins

============================

Bulletin 1

- Affected Software:

- Windows XP Service Pack 3

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows XP Professional x64 Edition Service Pack 2

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows Server 2003 Service Pack 2

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows Server 2003 x64 Edition Service Pack 2

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows Server 2003 with SP2 for Itanium-based Systems

- Internet Explorer 6

- Internet Explorer 7

- Windows Vista Service Pack 2:

- Internet Explorer 7

- Internet Explorer 8

- Internet Explorer 9

- Windows Vista x64 Edition Service Pack 2:

- Internet Explorer 7

- Internet Explorer 8

- Internet Explorer 9

- Windows Server 2008 for 32-bit Systems Service Pack 2:

- Internet Explorer 7

- Internet Explorer 8

- Internet Explorer 9

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for x64-based Systems Service Pack 2:

- Internet Explorer 7

- Internet Explorer 8

- Internet Explorer 9

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for Itanium-based Systems Service Pack 2

- Internet Explorer 7

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1:

- Internet Explorer 8

- Internet Explorer 9

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1:

- Internet Explorer 8

- Internet Explorer 9

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

- Internet Explorer 8

- Internet Explorer 9

(Windows Server 2008 R2 Server Core installation

not affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems Service

Pack 1

- Internet Explorer 8

- Windows 8 for 32-bit Systems

- Internet Explorer 10

- Windows 8 for 64-bit Systems

- Internet Explorer 10

- Windows Server 2012

- Internet Explorer 10

(Windows Server 2012 Server Core installation not affected)

Windows RT

- Internet Explorer 10

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 2

- Affected Software:

- Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems Service

Pack 1

- Windows 8 for 32-bit Systems

- Windows 8 for 64-bit Systems

- Windows Server 2012

(Windows Server 2012 Server Core installation affected)

Windows RT

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 3

- Affected Software:

- Microsoft Word 2003 Service Pack 3

- Microsoft Word 2007 Service Pack 2 and

Microsoft Word 2007 Service Pack 3

- Microsoft Word 2010 Service Pack 1 (32-bit editions)

- Microsoft Word 2010 Service Pack 1 (64-bit editions)

- Microsoft Word Viewer

- Microsoft Office Compatibility Pack Service Pack 2 and

Microsoft Office Compatibility Pack Service Pack 3

- Microsoft SharePoint Server 2010 Service Pack 1

- Word Automation Services

- Microsoft Office Web Apps 2010 Service Pack 1

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 4

- Affected Software:

- Microsoft Exchange Server 2007 Service Pack 3

- Microsoft Exchange Server 2010 Service Pack 1

- Microsoft Exchange Server 2010 Service Pack 2

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 5

- Affected Software:

- Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems Service

Pack 1

- Impact: Remote Code Execution

- Version Number: 1.0

Important Security Bulletins

============================

Bulletin 6

- Affected Software:

- Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation not affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems Service

Pack 1

- Windows 8 for 32-bit Systems

- Windows 8 for 64-bit Systems

- Windows Server 2012

(Windows Server 2012 Server Core installation not affected)

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 7

- Affected Software:

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems Service

Pack 1

- Windows Server 2012

(Windows Server 2012 Server Core installation affected)

- Impact: Security Feature Bypass

- Version Number: 1.0

Other Information

=================

Follow us on Twitter for the latest information and updates:

http://twitter.com/msftsecresponse

Microsoft Windows Malicious Software Removal Tool:

==================================================

Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Non-Security Updates on MU, WU, and WSUS:

========================================================

For information about non-security releases on Windows Update and Microsoft update, please see:

* http://support.microsoft.com/kb/894199: Microsoft Knowledge Base

Article 894199, Description of Software Update Services and

Windows Server Update Services changes in content.

Includes all Windows content.

* http://technet.microsoft.com/wsus/bb456965: Updates

from Past Months for Windows Server Update Services. Displays all

new, revised, and rereleased updates for Microsoft products other

than Microsoft Windows.

Microsoft Active Protections Program (MAPP) ===========================================

To improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems. To determine whether active protections are available from security software providers, please visit the active protections websites provided by program partners, listed at http://www.microsoft.com/security/msrc/collaboration/mapp.aspx.

Recognize and avoid fraudulent email to Microsoft customers:

=============================================================

If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email.

The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. You can obtain the MSRC public PGP key at https://technet.microsoft.com/security/bulletin/pgp.

To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications on http://technet.microsoft.com/security/dd252948.

********************************************************************

THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

********************************************************************

To manage or cancel your subscription to this newsletter, visit the Microsoft.com Profile Center at <http://go.microsoft.com/fwlink/?LinkId=245953> and then click Manage Communications under My Subscriptions in the Quicklinks section.

For more information, see the Communications Preferences section of the Microsoft Online Privacy Statement at:

<http://go.microsoft.com/fwlink/?LinkId=92781>.

For the complete Microsoft Online Privacy Statement, see:

<http://go.microsoft.com/fwlink/?LinkId=81184>.

For legal Information, see:

<http://www.microsoft.com/info/legalinfo/default.mspx>.

This newsletter was sent by:

Microsoft Corporation

1 Microsoft Way

Redmond, Washington, USA

98052

But regarding support of those services, Charter has had an edge by offering a social media component to their technical support. A Charter user could post to Twitter that something was not working, that their internet was flaky for instance, and if they tagged in Charter, or sometimes just mentioned “Charter”, within minutes a Charter rep was usually in contact offering some words of wisdom.

Our company, Homeland Secure IT, helps businesses in the Upstate of South Carolina keep their networks up and running, and one aspect has been to evaluate the internet service providers that are available to each business. Sometimes we have recommended Charter to a client only to be met with statements that the customer service was horrible. Thanks to having Twitter at my fingertips, I have been able to demonstrate through showing exchanges of my own, or between others who were having issues, how Charter had another avenue for customer service besides the everlasting phone call. Doing so has resulted in converting businesses over to Charter from something like DSL.

In our own experiences, in the event a client has actually had a problem, I have suggested they just mention it on Twitter, and they have received near immediate assistance!  In fact, a number of months back I was complaining to someone on Twitter about an issue I was having, and without hesitation I had a Charter SM rep offering to help. That’s customer service worth bragging over!

However, today I was sad to learn that Charter has decided to stop providing the one thing they do different than everyone else, and more importantly, the one thing they do better than any other internet service provider I am aware of.  Yes, they are no longer going to offer their social media support.

Here’s a statement made by Eric Ketzer @Umatter2Charter on Thursday December 6th, 2012:

—

Hello All!

As you may have heard, Charter will no longer have a customer care team tasked, specifically, with resolving matters raised on Social Media. The good news is there are other jobs available within Charter for all of the Social Media team members.

As is our nature, we wanted to provide you with a timeline of how we will execute this transition.

Monday, December 10, 2012: We will no longer respond to posts that we discover while conducting Charter searches. We will, however, continue to respond to @Charter and @CharterCom mentions until Saturday, December 15th.

Friday, December 14, 2012 (5pm): All the Umatter2Charter accounts (which includes: @Charter, all our individual accounts, as well as the Umatter2Charter Facebook page, Forum accounts, and accounts on Consumer Advocate Sites) will be removed. Charter will continue to have a presence in Social Media spaces via @CharterCom, Facebook.com/CharterCom, and Youtube.com/CharterCom.

Monday, December 31, 2012: We will transition to our new roles. If there are any outstanding issues on the 31st, we will refer them to the appropriate departments for follow-up and resolution.

It has been our pleasure to work with all of you.

—

The Powers That Be at Charter should not make this mistake, as there will be no recovering from it… In addition to offering slower and more inconvenient support, you will be losing the ongoing marketing campaign SM support has provided! You can’t just “turn it off” for a while and then decide to come back to it after it blows up in your face. By then, another company will pick up that ball and run with it, and the customers will have lost faith in you.

Either way, I would like to personally thank the members of the Charter Social Media team that have made such a positive impact on how their company has been viewed. They have done a fantastic job! Best wishes to you guys!

Here’s the breakdown of pricing changes:

Enterprise USER CAL will increase by 15%.

Enterprise DEVICE CAL will remain the same.

There are many changes to the Microsoft pricing structure besides these, so if you have any questions regarding a Microsoft product or licensing in general, please let us know. We offer complete sales and licensing services as a Microsoft partner in Greenville and the Upstate of SC!   864-990-4748 for more information.

Please note: We will be closed Thursday and Friday and return to normal hours on Monday, November 26th.

If you have an emergency and need help, please email or leave a voice mail message, which goes to all techs and someone will call you back ASAP!

May you have a blessed Thanksgiving, we sincerely hope you get to spend it with family and loved ones!  Safe travels to those of you who are leaving the Greenville / Upstate SC area!

You can find the original post at this link HERE….

—

Our security predictions for 2012 forecasted that the class of targeted attacks known at APTs – advanced persistent threats – would trickle down, and begin to affect smaller organizations.

And while it might not make the headlines like the recent story about the data breach at Coca-Cola in 2009 that is still affecting the company three years later, a successful attack can be devastating regardless of the size of the organization or the motive for the attack.

Historically, APT attacks have been created by sophisticated hackers using advanced attack techniques and blended threat malware, but it is only a matter of time before “normal” malware criminals learn from these sophisticated hacks and the evolution of the APT speeds up, making organizations of every size a target.

So let’s revisit this prediction and figure out how to make your organization the smallest target possible with the tools you already have at your disposal.

What’s in an Acronym: APT?

• Advanced - APTs use the most advanced malware and attack techniques available. By the nature of the name, they often leverage techniques such as encrypted communication channels, kernel-level rootkits, and sophisticated evasion capabilities to get past a network’s defenses. More importantly, they often leverage zero-day vulnerabilities – flaws which software vendors haven’t yet discovered or fixed – to gain access to our systems. In short, APTs are Q-level, James Bond malware.
• Persistent – This malware is designed to stick around. It carefully hides its communications, using techniques like stenography. It “lives” in a victim’s network for as long as possible, often cleaning up after itself (deleting logs, using strong encryption, and only reporting back to its controller in small, obfuscated bursts of communication).
• Threat- APTs are extremely blended threats, much like botnets, and very targeted. APT attackers are groups of highly skilled, motivated, and financially-backed attackers with very specific targets and goals in mind. Typically, the often nation-state sponsored attackers have targeted Fortune 500 companies, government-related infrastructure, or the industrial sector – and we anticipate this broadening to organizations of all sizes.

No network security provider can block every APT attack, no matter what they claim. According to Gartner, an estimated $60 billion is invested by corporations and governments in network security systems, yet hackers are still finding ways to sneak past them. By definition, APTs often leverage new techniques, which may not even have a defense yet. However, there are defense strategies that can significantly mitigate the chance of an advanced and persistent infection. WatchGuard supports a variety of reporting and monitoring functions that provide smart and strategic defense against these blended threats.

We’ve outlined a variety of best practices for mitigating risk and monitoring unusual activity across a network that may better detect or stop the next APT, including:

• Multiple layers of security controls – WatchGuard “defense-in-depth”

A multi-layered approach to network security is the best protection. When combined together, firewalls, intrusion prevention services, proactive anti-virus (AV) solutions, anti-spam and anti-phishing protection, and cloud-based reputation defenses maximize the chance that one or more security controls will catch part of an APT attack.

• Signature-less malware protection – WatchGuard Proactive Malware Detection

Similar to zero-day attacks, APTs often use malware that has not already been found by AV protection and therefore no signature exists. The only way to catch this kind of APT is to use proactive, non-signature techniques. WatchGuard partners with best-in-class anti-malware and anti-virus service providers such as Kaspersky and AVG Technologies, which both have the capability to detect malware without signatures. Our partners specialize in code emulation, behavior analysis, and sandboxing to determine what a file does and if it may be malware. These techniques can often catch malicious files without actually having reactive signatures for them.

• An evolving defense framework – WatchGuard XTM (eXtensible Threat Management)

APTs are just further proof that hackers and attacks on the Internet are constantly evolving, so naturally, the only way to really protect against evolving threats is to have a defensive platform that can change along with them. WatchGuard’s strategic XTM hardware and platform design lend to a modular framework that is easily adaptable to adding new security layers to WatchGuard appliances – as new technologies are released, we can better protect against APTs as we integrate them into the platform. This allows WatchGuard to incorporate new defense technologies, such as cloud reputation and the use of heuristics to detect malware, much more quickly than other network security providers.

• Better manageability through visibility – WatchGuard Firebox System Manager (FSM) and HostWatch

Often, security practitioners focus on prevention and forget about discovery and response. Tools that help quickly identify anomalies or problems in a network and real-time visibility tools such as HostWatch and FSM help find malware through unique monitors, network traffic reports and administrator access to approved or denied external sites. Some network security companies require the purchase of additional reporting tools or appliances in order to have this important insight into a network. WatchGuard believes that customers should not have to pay for the proof (reporting) that indicates a system is providing internal network protection. Visibility tools like FSM and HostWatch are key for APT defense and these WatchGuard tools come free with the WatchGuard XTM appliance.

• Enforcing Standards – Protocol Anomaly Detection (PAD)

For the most common and important Internet services, such as Web traffic (HTTP), e-mail traffic (SMTP), domain name traffic (DNS), and file transfers (FTP), WatchGuard deploys proxies, or deep application-layer content inspection services. Among other things, these proxy services include our Protocol Anomaly Detection (PAD) feature, which can tell the difference between bad and good traffic by enforcing RFC (request for comment) standards for that particular service. For instance, if the SMTP RFC states that the maximum line length for an email is 1000 bytes; our proxies enforce that standard, and by extension protect you from any attacks (like buffer overflows) that try to leverage overly-long email lines… and that’s just one example. These are “signature-less” protections that can even block zero-day attacks, if they break protocol standards.

• Reputation Services – WatchGuard Reputation Enabled Defense (RED)

WatchGuard RED is a cloud-based reputation authority that aggregates many sources of security intelligence to provide our appliances with a dynamic, real-time view of the internet threat landscape. It proactively monitors and stores the IPs and URLs of known sources of malware, drive-by download sites, and phishing and spam email. It gets its intelligence from aggregating many known lists of malware distributors and mixing that with real-time feedback from the thousands of appliances we have protecting customers’ sites. This real-time feedback gives RED a very accurate and dynamic view of the quickly changing threat landscape

Because APTs are continually evolving and getting more elusive by the day, no network security solution will be able to anticipate or block every attack. Our advice: Always assume that a network is already breached and then build a security vault using the tools and services noted here. We strongly suggest the utilization of more than just preventative tools – strong visibility tools will help recognize threats and ensure that IT administrators are talking all necessary action to help mitigate them. — Corey Nachreiner, CISSP (@SecAdept)

—

For those of you not already in the know…. WatchGuard is a leading manufacturer of network security Firewall appliances. While a home user can use their products, and we have sold a number of them for home and small home office use, you mostly find them in small, medium and enterprise businesses. We are happy to sell and support WatchGuard firewalls in Greenville, Spartanburg and Anderson (The Upstate) as an authorized partner. Our prices are reasonable and our service is unparalleled, so please, consider a quality WatchGuard product to protect your business network, and consider Homeland Secure IT as your dealer!

Call 864-990-4748 or use the contact link for more information!

Finally, something to be thankful for… A lightweight powerhouse notebook that will not break the bank!

This 4lb Ultrabook features:

• Intel i3-3217U processor
• 14 inch LED display
• 4 GB DDR RAM
• 30GB mSATA drive for cache
• 320GB 7200RPM 16MB SATA3 HD
• Intel WiFI Link 6230 802.11/a/b/g/n & Bluetooth
• Ports: 2 x USB 3.0, 2 x USB 2.0, HDMI, Audio, RJ45
• Web cam, 4-in-1 card reader
• 1 year depot warranty
• Genuine Microsoft Windows 7 Professional SP1 x64
• 13.5 x .7 x 9.25 – 4lbs with battery

We are your Nexlink dealer in Upstate / Greenville, SC with years of satisfied clients - Call us at 864-990-4748 to order one today or inquire about quantity discounts!

When we visit a client location, we generally find one of the following configurations.

• Absolutely NO firewall – just the router provided by the ISP
• A Linksys, TrendNet, Netgear, D-Link wireless router designed for home use
• An actual firewall such as a Cisco, WatchGuard, SonicWALL, but out of date – old, discontinued hardware, not up to date firmware
• A quality firewall that is up to date hardware-wise but out of date with their firmware
• A quality firewall that is both up to date and supported, and has the latest software

Unfortunately, these are listed above in the order of popularity…

That’s right, the majority of businesses have no firewall in place at all, or potentially a router designed for home use is pressed into service, and then of course, a few places purchased a firewall from a reputable business manufacturer, such as Cisco, but have either failed to keep it up to date, or that was 6 years ago and the unit is no longer supported and cannot even handle the latest security software loads.

Only a small number of businesses have done everything they can to insure their network is protected with a reputable business class firewall that is currently supported and up to date. A VERY SMALL percentage in fact.

Why the emphasis on your firewall situation? Because hackers know how to circumvent home routers and many ISP provided routers without much difficulty at all. And old, outdated firewalls are just as bad. There are kits available that hackers can download and simply run through options in an attempt to exploit known holes in inadequate and insecure firewalls. They don’t even have to flex their muscles to do this, just start the script / program and wait for the results.

If you are in the Upstate / Greenville South Carolina area and you would like to discuss firewalls for your business, please give us a call at 864-990-4748 and we will arrange a free consultation.

We are your Upstate dealer for Cisco, WatchGuard, SonicWALL and a host of other quality firewall appliances. We partner with these companies to offer sales and support for businesses just like yours!

You can read about the attack timeline and response here and the WSPA news article here.

If the State’s server can be exploited, what about you?

Do you host data on your company server and feel it is totally safe?

For instance, you have a Microsoft Exchange Server, which resides behind a firewall, and it does not host anything but email, so you feel it is safe?

Not so fast – An Exchange Server might be behind a firewall, but is that firewall up to date? It might be so old that the latest firmware and software cannot even be applied to it. More importantly, if your Exchange Server does not have all the latest patches to it, it might be vulnerable to attack, even though a firewall is present.

A large number of servers at businesses go unpatched, and unprotected, yet are exposed to the internet. It might be an FTP server, a web server, SQL database server, or Remote Desktop server.  They all require updates, patches and evaluation, to assure their continued security.

Should you have a question about the status of your Greenville or Upstate network’s security, please call us at 864-990-4748 and arrange for a consultation. We specialize in small and medium business networks, servers and computers and would be happy to work with you to discover what can be done to protect your business.  We’re also partners with some of the most respected security industry leaders, such as Cisco, Symantec, Trend Micro, WatchGuard, SonicWALL, and more!

Relying on Jesus for computer and network security will not protect you

I bet that title got your attention!

But according to a list of passwords examined, “Jesus” will not protect you, as it is on SplashData’s list of password’s that are considered unsafe due to the sheer usage of them. Obviously, “password” is the worst, followed by “123456″ and “12345678″.

I stole the following list of passwords from SplashData from the original article on cnet:

1. password (unchanged)
2. 123456 (unchanged)
3. 12345678 (unchanged)
4. abc123 (up 1)
5. qwerty (down 1)
6. monkey (unchanged)
7. letmein (up 1)
8. dragon (up 2)
9. 111111 (up 3)
10. bassball (up 1)
11. iloveyou (up 2)
12. trustno1 (down 3)
13. 1234567 (down 6)
14. sunshine (up 1)
15. master (down 1)
16. 123123 (up 4)
17. welcome (new)
18. shadow (up 1)
19. ashley (down 3)
20. football (up 5)
21. Jesus (new)
22. michael (up 2)
23. ninja (new)
24. mustang (new)
25. password1 (new)

If you are using any variation of these, we need to talk!  Honestly, if you are using simple passwords of this nature at all, then please call us at 864-990-4748 or use our contact form on the www.HomelandSecureIT.com website.

Business owners and those in IT departments of businesses in the Upstate / Greenville area of South Carolina can call us to schedule an evaluation of their computer and network security. We can help you secure your network, enforce user password strength and much more.  Please call us today and let’s take care of IT!

The release of Microsoft Windows 8 is now just a few days away!

When you buy a desktop or notebook computer from us with Windows 8 on it, why not add Microsoft Office 2010?

Not only will you have the latest and greatest software and operating system, customers who purchase any qualifying version of Microsoft Office product between now and April 30, 2013 can download the next version of Office as soon as it is available!

Want more information about the new Windows 8 and the upcoming Microsoft Office release? Call us at 864-990-4748 or use our contact form on the website.

We are your Microsoft Small Business Specialist in Greenville / Upstate SC, offering sales and support of computers & servers from most manufacturers, powered by Microsoft!

Not a pumpkin patch, but a Microsoft Patch!

Here we are, another Patch Tuesday, where Microsoft makes updates available to their products.

The Microsoft Security Bulletin Advance Notification for October 2012 indicates there are seven bulletins that will be addressed today.  They include:

1. Critical – Remote code execution – Affecting Microsoft Office and Microsoft Server
2. Important – Remote code execution – Affecting Microsoft Office
3. Important – Elevation of privilege – Affecting Microsoft Office, Microsoft Server Software, Microsoft Lync
4. Important – Remote code execution – Affecting Microsoft Office, Microsoft Server Software
5. Important – Elevation of privilege – Affecting Microsoft Windows
6. Important – Denial of Service – Affecting Microsoft Windows
7. Important – Elevation of privilege – Affecting Microsoft SQL Server

As always, we highly recommend these and *every* Microsoft related update be applied to your servers and workstations, without delay.

Please remember that failure to do so, leaves unpatched “holes” that can be leveraged to gain control of or access to your desktops and servers.

A network security evaluation should be performed frequently on your business network, and Homeland Secure IT will be happy to undertake this duty in the Greenville / Upstate SC area. Please give us a call at 864-990-4748 or use our contact form. We are Microsoft Small Business Specialists!

If you are like most people, when everything is running well, you get comfortable and begin to do the job you were hired to do, so if you are the accounts manager and pull double duty as company IT administrator, chances are, you get back to doing what you do best – taking care of the accounts.  That is, until something comes along and throws a wrench in the works and your networking is not working.

But what about all those updates? Do you back-burner those until there is a good time to reboot the server? After all, rebooting the server takes everyone down, and causes your phone to light up with questions like, “When will I be able to access the X drive again?”.

During the time between updates, your server and other systems are vulnerable. It honestly may not be a matter of IF your network is compromised, but rather, WHEN.

Many non-dedicated IT admins will apply the updates but not reboot the server, or will wait until there are so many updates it may take 2 or three reboots to get everything applied. This is a very bad practice. Especially for servers facing the internet (Mail, SQL, Web).

What about backups?  You ARE backing up, and it does work properly, right?

Don’t get caught with your pants down.  Bring in an IT support company who can help you determine where you stand. Are you overworked and just unable to do it all? Consider an IT company who will provide you with a statement to that affect which you can provide to your manager or superior to document that there is additional work to be done.  Sure, you’ve told them time and time again, but maybe, just maybe, they might listen to an outside source.

Let Homeland Secure IT be that source of information. We’ll come in and take a look at the state of your network, provide suggested course of action, and can even quote the labor or upgrade of components (if required). Simply don’t have time to maintain all this gear and want to source it to someone who will be on top of it?  Then we’re on IT! Give us a call at 864-990-4748 or use the contact link above.

We provide complete IT service, sales and consultation to the entire Upstate of South Carolina. We’re your Microsoft, Cisco, Symantec, Trend Micro, Lenovo, HP partner, specializing in small and medium businesses (SMBs) just like yours!

“My computer is locked and a screen is displaying a message from the FBI saying I have to pay a fine in order to use it again”

“A window says I am in violation of the law for downloading media or port and says it is from the FBI”

One user in the know says, “I am infected with the Reveton FBI virus, can you remove it?”

Without question, this has been one of the more popular exploits we have seen so far this year.  It is called the Reveton virus, and is part of a Citadel malware payload that distributes a number of malicious software.

This is so popular that the FBI has had a “new internet scam” page up since August and this is an excerpt from that page that goes back to May 2012. (This is not new by any means):

The IC3 suggests the following if you become a victim of the Reveton virus:

• Do not pay any money or provide any personal information.
• Contact a computer professional to remove Reveton and Citadel from your computer.
• Be aware that even if you are able to unfreeze your computer on your own, the malware may still operate in the background. Certain types of malware have been known to capture personal information such as user names, passwords, and credit card numbers through embedded keystroke logging programs.
• File a complaint and look for updates about the Reveton virus on the IC3 website.

In addition to patching your systems, we recommend a bit of common sense, such as not visiting links which are sent to you in email that look suspicious. If it looks strange, it probably is.

—

National Cyber Awareness System
US-CERT Alert TA12-265A
Microsoft Releases Patch for Internet Explorer Exploit

Original release date: September 21, 2012 Last revised: –

Systems Affected 

* Microsoft Internet Explorer 6
* Microsoft Internet Explorer 7
* Microsoft Internet Explorer 8
* Microsoft Internet Explorer 9

Overview

Microsoft has released Security Bulletin MS12-063 to address the  use-after-free vulnerability that has been actively exploited this  past week.

Description

Microsoft Internet Explorer versions 6, 7, 8, and 9 are susceptible  to a use-after-free vulnerability. This vulnerability is being  actively exploited in the wild. Microsoft has released Security Bulletin MS12-063 to patch this vulnerability and four others.

This vulnerability was previously mentioned in US-CERT Alert  TA12-262A. Additional information is available in US-CERT  Vulnerability Note VU#480095.

Impact

A remote, unauthenticated attacker could execute arbitrary code,  cause a denial of service, or gain unauthorized access to your files or system.

Solution

US-CERT recommends that Internet Explorer users run Windows Update  as soon as possible to apply the MS12-063 patch.

References

* Microsoft Security Bulletin MS12-063
<http://technet.microsoft.com/en-us/security/Bulletin/MS12-063>

* US-CERT Alert: Microsoft Security Advisory for Internet Explorer Exploit
<http://www.us-cert.gov/cas/techalerts/TA12-262A.html>

* Microsoft Windows Update
<http://go.microsoft.com/fwlink/?LinkID=40747>

* US-CERT Vulnerability Note VU#480095
<http://www.kb.cert.org/vuls/id/480095>

Revision History

September 21, 2012: Initial release

—

As always, if you require assistance applying these security patches or have questions about your Greenville / Upstate, SC business computer and network security, please call us at 864.990.4748 or use the contact link in the menu above.

Megan and Jess before Rocky Horror at the Warehouse Theatre

We agreed that this year the audience participation was better and made for added unexpected entertainment.  The actors that returned for this production seemed even better as their skills were honed and witty.  Having Tim March in the audience was particularly hilarious as he heckled the actors with all of the anticipated lines from the days of the big screen production.  Tim taught Will Ragland (Frank ‘N’ Furter) how to crack a whip for one scene with Rocky (Graham Zielinski).  The whip failed to “crack” and Will Ragland was quick to point out that he “forgot to put batteries in it” for an impromptu jab at how difficult using a prop can be on demand.

“Working with Will Ragland must be incredible!” my daughter (Megan Hoyt, a music education major at Converse College) commented.  He adds such quick and unexpected twists in every production.  In one scene Will switches to a southern drawl when commenting on a RC Cola and Moon-Pie and also channels William Shatner as James T. Kirk in another.  I loved when he addressed the audience (Tim in particular) in his vocal performance of “I’m Going Home”!

Will Ragland with Megan and Jess at Rocky Horror

Janet, played by Chelsea Atkins, was fantastic in her performance.  Her vocals were spot-on and her ability to stay in character was amazing.  I just don’t think I could stay so focused with the audience yelling “Slut”!  I do hope we will see more of Chelsea at the Warehouse Theatre as she has a great future ahead.  Several of the actors returned this year from 2010′s production of Rocky Horror.Chelsea and Brady Smith (Brad) had big shoes to fill and they did an excellent job with their roles vocals and acting.  Graham Zielinski was quite pleasing to watch in his role as Rocky  as he definitely had the build to display himself quite well!

Matthew Merritt’s portrayal of Riff Raff could not have been better.  He was quite captivating as the audience was drawn to his voice and interesting actions. You didn’t want to miss a moment!  We even loved his bump-up towards the end of the production when he addressed everyone, “I’m supposed to have a line here!” Always remaining in character. Jess Conneely (Theatre Major at Converse College) stated, “I like how incredible the actors were despite how late it was and how many times they’ve done it.  Also, how professional they were while still making it fun for the audience.”

I want to mention the bands performance was also a tremendous contribution to the production.  Megan, a music major, was quick to point out that the musicians were very much a part of the cast through their interaction with characters.  ”The band members were extremely talented and worked their skills to a T,”  John noted as we were leaving the theater.  Some people come to see this play for the music.  Dancing in the audience to “Time Warp” and singing along to “Touch-A,Touch-A, Touch-A Touch Me” are experiences we’ll never forget!

Having grown up in the 80′s when Rocky Horror was still playing on the screen, it’s great to be able to share this with my children today.  A big “Thank You” is due to Brian Haimbach for once again directing his rendition of the show at the Warehouse Theatre.  And “Thank You” to Will Ragland for taking the time out of his busy schedule to display his talents in such a creative and captivating way.  This year he displays several wigs and “lets his hair down” even more for us to enjoy!  Greenville County’s Current Teacher of the Year is certainly well deserved.

You better get a ticket now because you don’t want to miss this performance of Rocky Horror.  They have a great online ticket purchase site at their website www.warehousetheatre.com  The 2010 performance was sold out and as it looks, this run certainly will too!   If you do miss it, you might find some other performances elsewhere… Here’s a list: http://www.rockyshows.net/

Pamela McAbee Hoyt – www.McAbeesCarpet.com

We’re pretty sure you already know, but John M. Hoyt’s other job is with a band…

So, we would appreciate it much if you would consider HOT AS A PEPPER for your next corporate event in Greenville, Anderson, Spartanburg, Simpsonville (anywhere around the Upstate of SC).

In fact, it would be outstanding if every time you thought of live music entertainment, you thought of HOT AS A PEPPER!

The next public opportunity to see us is at the Sippin’ in Simpsonville event on September 29th.  Please let us know if you need more information!

We do fun and funky music that puts a smile on your face.  Many are dance tunes.

More information is over at the HOT AS A PEPPER website, or if you are into the facebook thing, you can go to our page there: HOT AS A PEPPER - Please be sure to LIKE us!

Thank you for your support!

D-Link DCS-942L IP Surveillance Camera

Here’s a fun one we offer for sale…   The D-Link DCS-942L IP camera.

This puppy is compact, and loaded with great features.

• Resolution of 640×480
• Infrared (see in the dark) with automatic cut filter
• Ethernet connected
• Wireless Wi-Fi connected!
• Wall / desk mount included
• Built-in microphone (listen in to the room it is mounted in)
• Audio out – yes, that means you can talk to the people in the room!
• Included software for recording to your computer (DVR / NVR)
• Can record from web interface
• Micro SD card slot for recording images to storage on camera
• Email notifications, motion detection
• Access anywhere from web browser, smartphone (android, iphone, etc)

This camera has all the features of the higher dollar professional series cameras, without the price. Perfectly suited for a small office, or your home.

Have a vacation home with internet access? How about a garage or outbuilding you want to protect?

With the purchase of an enclosure, it could potentially be used outdoors as the infrared emitters do not blind the video sensor when pushed against the glass of an enclosure.

If you would like one, or ten, give us a call. We are your Upstate D-Link partner and offer this and the entire D-Link product line here in the Greenville, Spartanburg, Anderson, Simpsonville SC. 864-990-4748