Microsoft Patch Tuesday for June offers updates for Windows XP, Vista, 7, Server 2003 & 2008, Office and more!

Microsoft’s June Patch Tuesday bring the individual and IT professional a number of updates to keep your day from being boring.

You will find fixes for Critical issues in Microsoft Windows XP, Vista, 7, Server 2003 and Server 2008, protecting you from Remote Code Execution, and for Microsoft Explorer 6-9 Remote Code Execution & Elevation of Privileges vulnerabilities.

But wait, that’s not all! You will also receive updates to Microsoft Office 2003, 2007, 2010 and Visual Basic for Applications to protect you from Remote Code Execution.

And, if you act immediately, you can install updates to Microsoft Dynamics AX 2012 Enterprise Portal that will fix an Elevation of Privilege issue!!!!!

That’s right! For the low low price of zero dollars, you get all these updates and more.  Please install them immediately to insure your computers are secured from the “bad guys”.

If you require assistance with these or any other security or update issues in the Greenville South Carolina area, please call upon us at 864.990.4748 or use our CONTACT link above.

 

For your reading pleasure, please find the entire MS Bulletin Advance Notification for June 2012 below:

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

 

********************************************************************

Microsoft Security Bulletin Advance Notification for June 2012

Issued: June 7, 2012

********************************************************************

 

This is an advance notification of security bulletins that Microsoft is intending to release on June 12, 2012.

 

The full version of the Microsoft Security Bulletin Advance Notification for June 2012 can be found at http://technet.microsoft.com/security/bulletin/ms12-jun.

 

This bulletin advance notification will be replaced with the June bulletin summary on June 12, 2012. For more information about the bulletin advance notification service, see http://technet.microsoft.com/security/bulletin/advance.

 

To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications on http://technet.microsoft.com/security/dd252948.aspx.

 

Microsoft will host a webcast to address customer questions on these bulletins on June 13, 2012, at 11:00 AM Pacific Time (US & Canada). Register for the Security Bulletin Webcast at http://technet.microsoft.com/security/bulletin.

 

Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.

 

This advance notification provides a number as the bulletin identifier, because the official Microsoft Security Bulletin numbers are not issued until release. The bulletin summary that replaces this advance notification will have the proper Microsoft Security Bulletin numbers (in the MSyy-xxx format) as the bulletin identifier. The security bulletins for this month are as follows, in order of severity:

 

 

Critical Security Bulletins

============================

 

Bulletin 1

 

– Affected Software:

– Windows XP Service Pack 3

– Windows XP Professional x64 Edition Service Pack 2

– Windows Server 2003 Service Pack 2

– Windows Server 2003 x64 Edition Service Pack 2

– Windows Server 2003 with SP2 for Itanium-based Systems

– Windows Vista Service Pack 2

– Windows Vista x64 Edition Service Pack 2

– Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

– Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

– Windows Server 2008 for Itanium-based Systems Service Pack 2

– Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

– Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

– Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

– Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

– Impact: Remote Code Execution

– Version Number: 1.0

 

Bulletin 2

 

– Affected Software:

– Windows XP Service Pack 3:

– Internet Explorer 6

– Internet Explorer 7

– Internet Explorer 8

– Windows XP Professional x64 Edition Service Pack 2:

– Internet Explorer 6

– Internet Explorer 7

– Internet Explorer 8

– Windows Server 2003 Service Pack 2:

– Internet Explorer 6

– Internet Explorer 7

– Internet Explorer 8

– Windows Server 2003 x64 Edition Service Pack 2:

– Internet Explorer 6

– Internet Explorer 7

– Internet Explorer 8

– Windows Server 2003 with SP2 for Itanium-based Systems:

– Internet Explorer 6

– Internet Explorer 7

– Windows Vista Service Pack 2:

– Internet Explorer 7

– Internet Explorer 8

– Internet Explorer 9

– Windows Vista x64 Edition Service Pack 2:

– Internet Explorer 7

– Internet Explorer 8

– Internet Explorer 9

– Windows Server 2008 for 32-bit Systems Service Pack 2:

– Internet Explorer 7

(Windows Server 2008 Server Core installation not affected)

– Internet Explorer 8

(Windows Server 2008 Server Core installation not affected)

– Internet Explorer 9

(Windows Server 2008 Server Core installation not affected)

– Windows Server 2008 for x64-based Systems Service Pack 2:

– Internet Explorer 7

(Windows Server 2008 Server Core installation not affected)

– Internet Explorer 8

(Windows Server 2008 Server Core installation not affected)

– Internet Explorer 9

(Windows Server 2008 Server Core installation not affected)

– Windows Server 2008 for Itanium-based Systems Service Pack 2:

– Internet Explorer 7

– Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1:

– Internet Explorer 8

– Internet Explorer 9

– Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1:

– Internet Explorer 8

– Internet Explorer 9

– Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

– Internet Explorer 8

(Windows Server 2008 R2 Server Core installation

not affected)

– Internet Explorer 9

(Windows Server 2008 R2 Server Core installation

not affected)

– Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1:

– Internet Explorer 8

– Impact: Remote Code Execution

– Version Number: 1.0

 

Bulletin 3

 

– Affected Software:

– Windows XP Service Pack 3

– Windows XP Professional x64 Edition Service Pack 2

– Windows Server 2003 Service Pack 2

– Windows Server 2003 x64 Edition Service Pack 2

– Windows Server 2003 with SP2 for Itanium-based Systems

– Windows Vista Service Pack 2

– Windows Vista x64 Edition Service Pack 2

– Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

– Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

– Windows Server 2008 for Itanium-based Systems Service Pack 2

– Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

– Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

– Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

– Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

– Impact: Remote Code Execution

– Version Number: 1.0

 

 

Important Security Bulletins

============================

 

Bulletin 4

 

– Affected Software:

– Microsoft Office 2003 Service Pack 3

– Microsoft Office 2007 Service Pack 2

– Microsoft Office 2007 Service Pack 3

– Microsoft Office 2010 and Microsoft Office 2010

Service Pack 1 (32-bit editions)

– Microsoft Office 2010 and Microsoft Office 2010

Service Pack 1 (64-bit editions)

– Microsoft Visual Basic for Applications

– Microsoft Visual Basic for Applications SDK

– Impact: Remote Code Execution

– Version Number: 1.0

 

Bulletin 5

 

– Affected Software:

– Microsoft Dynamics AX 2012 Enterprise Portal

– Impact: Elevation of Privilege

– Version Number: 1.0

 

Bulletin 6

 

– Affected Software:

– Windows XP Service Pack 3

– Windows XP Professional x64 Edition Service Pack 2

– Windows Server 2003 Service Pack 2

– Windows Server 2003 x64 Edition Service Pack 2

– Windows Server 2003 with SP2 for Itanium-based Systems

– Windows Vista Service Pack 2

– Windows Vista x64 Edition Service Pack 2

– Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 R2 Server Core installation affected)

– Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 R2 Server Core installation affected)

– Windows Server 2008 for Itanium-based Systems Service Pack 2

– Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

– Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

– Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

– Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

– Impact: Elevation of Privilege

– Version Number: 1.0

 

Bulletin 7

 

– Affected Software:

– Windows XP Service Pack 3

– Windows Server 2003 Service Pack 2

– Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

– Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

– Impact: Elevation of Privilege

– Version Number: 1.0

 

 

Other Information

=================

 

Follow us on Twitter for the latest information and updates:

http://twitter.com/msftsecresponse

 

Microsoft Windows Malicious Software Removal Tool:

==================================================

Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

 

Non-Security Updates on MU, WU, and WSUS:

========================================================

For information about non-security releases on Windows Update and Microsoft update, please see:

* http://support.microsoft.com/kb/894199: Microsoft Knowledge Base

Article 894199, Description of Software Update Services and

Windows Server Update Services changes in content.

Includes all Windows content.

* http://technet.microsoft.com/en-us/wsus/bb456965.aspx: Updates

from Past Months for Windows Server Update Services. Displays all

new, revised, and rereleased updates for Microsoft products other

than Microsoft Windows.

 

Microsoft Active Protections Program (MAPP) ===========================================

To improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems. To determine whether active protections are available from security software providers, please visit the active protections websites provided by program partners, listed at http://www.microsoft.com/security/msrc/collaboration/mapp.aspx.

 

Recognize and avoid fraudulent email to Microsoft customers:

=============================================================

If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email.

 

The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. You can obtain the MSRC public PGP key at https://technet.microsoft.com/security/bulletin/pgp.

 

To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications on http://technet.microsoft.com/security/dd252948.aspx.

 

********************************************************************

THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

********************************************************************

To manage or cancel your subscription to this newsletter, visit the Microsoft.com Profile Center at <http://go.microsoft.com/fwlink/?LinkId=245953> and then click Manage Communications under My Subscriptions in the Quicklinks section.

 

For more information, see the Communications Preferences section of the Microsoft Online Privacy Statement at:

<http://go.microsoft.com/fwlink/?LinkId=92781>.

 

For the complete Microsoft Online Privacy Statement, see:

<http://go.microsoft.com/fwlink/?LinkId=81184>.

 

For legal Information, see:

<http://www.microsoft.com/info/legalinfo/default.mspx>.

 

This newsletter was sent by:

Microsoft Corporation

1 Microsoft Way

Redmond, Washington, USA

98052

 

—–BEGIN PGP SIGNATURE—–

Version: PGP Desktop 10.2.0 (Build 1950)

Charset: utf-8

 

wsFVAwUBT9DhN/qHR30eX+zgAQitBg/+OWJqR8h2ck1OUEvflV2EWSKuJgY5JT05

Z0F4hFQTKbf05RynxCuNmOAfFbqPjx3/Dty31VuMnc3zvdf6wYXJFXk2oqCoV1zv

vP3i8sx6VVY7/EBL6mFfbgXkikAPpnztKr8OKKMczfSuW4OkwkTogds512WLdsVs

1D0bXKWZ65Qx8/RTgGllSiLWKW1csHNsf8VsIV751TjVayHGvIj4q7C0DxTKJx0q

mHwQ/MCifET/EBrQcTtebVDc+M0NLaOh/fA5T0lZcv2Qd/jZpNovLk66VnljIZPH

fvZFuOzGXLV8pbMNuOpUfaheqweG776xHpJ5x4lnqoaVj1gjgfGFNQaoOwyasbbX

CrD/pDA4meMtodf9gv7W1w0w/7XFw+JRXcwtjz1E2eSD9+cMkDeKbtefx8gX6ANZ

wF8wXs0FBRfMKtDogVnWZUIsy4cR5F+qTM3Hho8P9kuOSU46VNz264vcDIWpDcQ7

AToyad0rzalcff2B6yGLQVC8Gw7mmpD7gAuniv66VOOP/9VyNUO6KPgDvi9Ed3se

wqqM7SaLETNL8K2sCVZ0y/teQLyvEILB0XqgKgGfwSM6Zu64LU5ajattocMArWb9

vIELeRBqAPctR/wKXdva+RBPgc4e4UJPabEQcOP4lKSwQ3FubjJPKW9tRiQZhfKV

C1q4t+vA0Aw=

=M6KK

—–END PGP SIGNATURE—–

 

Immediate opening for computer service technician in Greenville

Job Title: Computer Service Technician
Location: Greenville, SC
Full/Part Time: Full-time
Regular/Temporary: Temp to hire

About Homeland Secure IT

Homeland Secure IT is a Greenville, SC based company providing service and support to Upstate based small, medium and enterprise businesses. We offer sales, service and support of computers, servers, network equipment, VOIP, security camera systems and more.  Services provided are consultation, installation, break/fix repair, remote support and scheduled and preventative maintenance.

Description of basic duties

Respond to technical service requests at our office and client locations in the Upstate, SC area. Candidate must have hardware experience to support a variety of vendor computer, server, storage and networking devices. The candidate should also be knowledgeable on various Microsoft operating systems and desktop applications as found in a business environment. Majority of assigned daily tasks are service events handled via remote support (including phone and email).

Key Responsibilities

Responsible for installing, maintaining and repairing multi-vendor systems which include hardware, software and networking products as well as operating systems. Installs and optimizes hardware/software/networking product and configurations at customer sites and our facility. May diagnose and resolve product performance problems. Ensures customer satisfaction by advising customers on preventative maintenance and configurations which may impact product performance. Takes responsibility for potential or desired follow-up services or problem escalations.

Technical and Behavioral Skills

· Must have GED or High School Diploma
· 2 or more years of experience in a field service support role or recent graduate from tech school.
· Background investigation and drug screen required
· Must have valid driver license and reliable vehicle with appropriate insurance (required)
· Proficiency in Windows operating systems, Microsoft Office software
· Knowledge of Windows Server, Active Directory management desirable
· Ability to troubleshoot and repair software and hardware issues
· Ability to thoroughly document work performed
· Experience communicating with business clients – excellent communication skills required
· Must be well presented in a business environment such as legal and medical firms
· A+, Cisco and Microsoft certifications are highly desired
· Must be available for after-hours calls and installations
· Some sales/marketing experience is a plus

Candidate should send resume to:   jobopening@homelandsecureit.com

No phone calls or drop-in visits

 

Remote server room temperature monitor saves the day for our client!

AVTECH TemPageR remote temperature monitor for server room and data cente3rI’ve touted the benefits of having “eyes” on your server and other network components when they are in remote locations, such as a server room, or closet as the case may be at your business, and I have even discussed our partner’s products such AVTECH’s remote temperature and environmental monitors.  However, this week underscored the importance of these devices for one of our clients.

Greg received an email from a temperature sensor installed at a client’s location, exclaiming that it had hit the upper threshold that was set. It was over 80 degrees, very hot for a server room.

Greg logged into the monitoring system and determined that two sensors were both reading high, one indicated 82 degrees at the top of a rack, and one in the rack was still in the 70s, but climbing.

Without leaving his seat, he contacted the business, alerted them to the spike in temperature, which resulted in them quickly locating the cause and bringing the temp in the room back down.

The culprit was boxes stacked in front of the rack by another vendor, blocking the flow of air. Had we not been alerted, this situation would have quickly escalated beyond a simple inconvenience and into a full blown emergency. High temperatures can lead to component or even complete server failure, and costly downtime.

In essence, an temperature monitoring system that cost the client only a few hundred dollars, may have saved many thousands of dollars!

If you would like to be proactive and protect your network gear from disaster, please call us at 864.990.4748 or use our contact link above.  We can provide a full line of server and data room monitor products here in the Upstate and Greenville area of SC, along with installation and configuration. Temperature, humidity, air flow, intrusion, smoke, co2, water, video cameras and more are available!

No need to wait, buy a Microsoft Windows 7 PC now and get Windows 8 Pro for only $14.99

Some of you are thinking you might hold out on a new computer until Microsoft releases the new Windows 8 operating system, however, there’s really no need to wait!

If you buy a computer that comes with Windows 7 Home Basic, Windows 7 Home Premium, Windows 7 Professional or Windows 7 Ultimate loaded on it now (between June 2, 2012 and January 31, 2013), then you will be eligible to upgrade to Microsoft Windows 8 Professional for only $14.99!

This includes all Windows based computers that we offer, including the awesome Nexlink line, HP, Toshiba, Lenovo, Acer, Asus, Samsung, Dell and any other brands. For more information, call us at 864.990.4748 or use the CONTACT form. We can provide you with one computer, or if you have a business, we can offer discounts on purchases of three or more!

ATTN: LinkedIn users – change your password. 6.5 million of you could be affected by a breach!

Password input windowIt’s all over the web today… Something like 6.5 million LinkedIn passwords “may be” in the hands of Russian attackers.

Their advice is to change your password, and our’s is, if you are using the same login/password on multiple sites, then change all of those passwords too.

Corey Nachreiner over at our firewall security partner, WatchGuard, suggests the following actions:

  • Change your password(s) after a security breach – If a site you use ever has a security breach where attackers gain access to passwords (hashed or not), change your password immediately.
  • Use strong passwords – I believe passwords should be greater than 10 characters. One easy way you can create long passwords, with enough entropy, is by using passphrases, or more specifically something I call pass-sentences. WatchGuard’s Bud Logs In video talks about these concepts in more detail (and is good for basic end users).
  • Use different passphrases on different web sites – This is crucial aspect of password security, especially when considering these types of web breaches. If you, like most people, use the same password for many different web sites, attacker could be able to gain access to all those accounts. If you have been using the same password everywhere, you should change it to a different password on every site. That said, many people find this advice hard to implement in practice; which brings me to the next tip…
  • Leverage password vault software – Password vaults make it easier for you to manage multiple passwords securely. They are not perfect. If you use multiple machines and OSs, you may have trouble finding password management software that meets all your needs. Plus, password vaults become a single point of potential failure, as they almost literally store all the keys to your kingdom. It’s extremely important to use secure password vaults, and protect them. That said, they offer the only practical solution to managing multiple passwords today. This article suggests a few good ones to use (I have used 1password myself).

— Corey Nachreiner, CISSP (@SecAdept)

If you need assistance with password policies, password vault software or any other computer or network security related matter in the Greenville or Upstate, SC area, please call us at 864.990.4748 or use the CONTACT form above.

Hang onto your hats, IPv6 is going live! World IPv6 Launch Day is upon us!

We’ve waited with baited breath, through speculation and testing, and finally, the day has come for IPv6 to be enabled globally. That’s right, in just a few hours, the World IPv6 Launch will take place!

There will be lots of fanfare, fireworks and world-wide celebration, and the internet will suddenly run better than it ever has!!!! Okay, so maybe you won’t even notice it takes place…

Also, don’t worry, the sky isn’t falling (yet) your IPv4 address won’t suddenly cease to work, you’re good for a long time yet, but, if you have an ISP that is ready, and a router / firewall appliance that supports it, the time has come where you might want to hop on the IPv6 bandwagon.

Are you ready for to give this a whirl and get your business up and running on IPv6? Chances are good that your network equipment is already compatible if it is newer gear, so you may only require some planning and configuration to make it happen.

If you are in the Greenville, Spartanburg, Anderson, Simpsonville area (anywhere in the Upstate of SC) and would like to incorporate this into your business network, please give us a call at 864.990.4748 or use the CONTACT form link above.

2

Computer Crime & Intellectual Property Section “fine” for viewing child porn? Nope, it’s a virus!

Some people have been reporting that their computers have been locked and that they are presented with a screen that reads something like:

Computer Crime & Intellectual Property Section
United States Department of Justice
Attention!


This operating system is locked due to the violation of the federal laws of the United States of America! Following violations were detected:
Your IP address is “xx.xx.xx.xx“. This IP address was used to visit websites containing pornography, child pornography, zoophilia and child abuse. Your computer also contains video files with pornographic content, elements of violence and child pornography! Spam-messages with terrorist motives were also sent from your computer.
This computer lock is aimed to stop your illegal activity.

To unlock the computer you are obliged to pay a fine of $ 100.
You must pay the forfeit through Paysafecard:
To do this, you should enter the 16 digits resulting code (if necessary with a password) in the payment form and press OK (if you have several codes, enter them one after the other and press OK).
If an error occurs, send the codes to address surcharge@cyber-usa-police.gov.

This pop-up will haunt you forever, even if you pay the “fine”.  Just don’t do it.

This type of ransom-ware can be removed with tools such as Malwarebytes generally, but you should examine WHY you have it in the first place.

Visiting sketchy websites is always a bad idea, so is running your computer without the latest updates to the Operating System, Java, Adobe, Office and other applications, and of course not having proper anti-virus in place.

If you have difficulties removing this type of malware and you are in the Greenville or Upstate SC area, please call us at 864.990.4748 or use the contact info tab above. We provide virus removal, virus cleanup and more importantly, virus and malware protection!

Security breach at University of Nebraska may have exposed financial records

Last week, a security breach at the University of Nebraska resulted in hackers having gained potential access to the (financial and personal) records of 650,000 students, alumni, parents and university employees.

The security breach was discovered by a staff member and quickly remedied, however, at this point in time it is not known exactly what information, if any, was actually transferred outside the network.

The FBI is investigating, and they have apparently narrowed their search according to this article.

Are you doing everything to protect your organization from exploits of this nature? Many businesses do absolutely nothing regarding security, other than pray it never happens to them.

Let’s start with the basics…  Does your company have:

  • Anti-Virus on your server or servers, workstations and laptop computers? Is this current and from a trusted provider such as Trend Micro, Symantec, etc?
  • Business class (or better) firewall appliance (hardware from companies such as Cisco, WatchGuard, SonicWall)? Is it up to date and configured properly?
  • EMail anti-spam, anti-virus, anti-malware control for your Microsoft Exchange server (either in hardware appliance or software such as Trend Micro Worry-Free Advanced) that is up to date?
  • Server, Workstation and Mobile workforce operating system and application updates kept current?
  • Strong passwords in place network-wide (hopefully in a password policy)?
  • Web browser filtering, scanning, protection, either through firewall appliance, web scrubber or software such as Trend Micro Worry-Free to protect from malicious websites and lock down inappropriate for work sites?
  • Backups of server, workstation and notebook or tablet computers? This could be cloud based such as Servosity or MozyPro or physical media like tape, RDX or network storage or a combination of technologies.
  • Physical security on computers (mobile computers tethered to stationary objects, doors locked to server rooms or data centers)?
  • IT service provider who double-checks your security, even if you have your own in-house technicians and/or engineers?

This list is not meant to serve as a complete checklist, only as a means to help you determine if you have the most basic security in place for your business. If you read over it and don’t have the answers, or if the answers were anything but a confident, “YES”, then you should immediately contact your favorite computer service provider and discuss with them how you can improve upon what you are doing.

Many IT support companies will perform a basic security evaluation for just a few hundred dollars, a wise investment!  Most competent network security houses can provide in-depth security and compliance evaluations and ongoing security compliance evaluations at nominal rates as well.

Homeland Secure IT is available for these tasks in the Greenville and Upstate South Carolina area.

Please call 864.990.4748 for more information regarding computer and network security.

 

Google is attempting to notify DNSChanger malware victims before they lose internet connectivity

Posted over on the Google Blog, you will find an article titled, “Notifying users affected by the DNSChanger malware“.

They tried this last year with limited success, but this time, they are more serious about it and the chances are good that you are, in fact, infected if you receive the message, “Your computer appears to be infected. We believe that your computer is infected with malicious software. If you don’t take action, you might not be able to connect to the Internet in the future.”

What is this malware anyway?  DNSChanger affects DNS only, as the name applies, and redirects queries to other websites. Some of the affected DNS servers have been replaced with temporary servers, however, on July 9th a court order will expire and those DNS servers will be shutdown, causing potentially hundreds of thousands of computer users to be without internet connectivity.

For more information about DNSChanger, malware in general or any other computer security related issues that may affect your business, please call 864.990.4748 or use our handy CONTACT FORM.

 

76

Physical Security: Cracking a MEILINK safe with a lost combination is actually possible! #SafeCracker

MEILINK Fire Safe

A similar MEILINK fire safe

Do you need to get in a locked safe? Are you wanting a new career as a safecracker? Boy do I have news for you – It’s easier than you might think.

My wifey has a MEILINK fire safe that holds important documents like birth certificates, and the millions of dollars in spare change we have (bah!) which is rarely accessed, and never locked. It’s just for fire purposes, not really security.

Wellllll, long story short, somehow this safe got locked. I blame the cats. But either way, it was locked, and Pamela McAbee Hoyt could not remember the combination. She thought she knew it, but wasn’t sure. She came up with 5 or 6 numbers that she was pretty sure it could be, but questioned the order.

She wrote them down as she tried them. She spent HOURS trying to get into the thing, all the while getting more frustrated. Then she tore the house apart (literally, not figuratively), searching for the card that had the combination on it. Newp, nowhere to be found.

I called a locksmith and safe technician friend of mine, he said he would have to drill this safe that has been in her family for 30-40 years, which would leave it in an inoperable state without costly repairs, so that was not appealing.

I then tried to make contact with a man who claims he could “manipulate” the safe (crack it), but no response.

We called the manufacturer who could actually give you the default factory combination (for a fee) if you provide the serial number. There was no serial number anywhere on it (There is one INSIDE, but what good is that?!?!).

Sooooo, I googled for “how to open a meilink safe” and came upon several links, the most interesting of which was a fella with a very similar safe that he has lost the combination to. And in that article, he has further links to “How Mechanical Safes Work”, and one that was far more interesting to me, being a geek, entitled,  “Safecracking for the computer scientist” (updated link below).

I followed that last link and read it, not once, but a couple parts a few times.  From the article, I knew that I could go buy myself a massive drill and a diamond bit, and be in that puppy, but I was really drawn to the “manipulation” part, and after I had absorbed what I could, I pulled this safe out of its cubby hole into the living room, where I had light and wasn’t cramped and started working the dial. This was around 2:00 or 2:15 this morning.

Luck was on my side! The first number was easy to determine, obviously, that wheel was where the fence was making contact first, unlike in the article. And when I looked at the attempted combinations that Pamela had tried, guess what? It was one of the ones she had guessed at, in fact, it was her 3rd guess.

I found the 2nd and 3rd numbers were also the numbers she knew them to be, and actually in the right order.  But why was I able to open it when she could not?

She had used the correct pattern for that safe, which is:

  • Turn the dial to the right several times to “clear it”, stop on “0”
  • Turn the dial to the left (ccw) 3 times past the first number and stop on that number on the 4th go-round
  • Turn the dial to the right 2 times past the second number and stop on that number on the 3rd time around
  • Turn the dial to the left 1 time past the third number and stop on the 2nd time around
  • Turn the dial to the right until the dial stops
  • Twist the handle and pull the door open

Easy, right?

Yeah, kinda.  You see, when a safe ages, and especially if the people opening it for years have been kinda quick with the dial, it becomes worn and what may have been 55, could “drift” and be several numbers off.  There are lots of articles on the web about that, and my locksmith friend had told me that from the start.

That is apparently the case with this safe…  It has probably never been serviced and my wife admits to twirling that dial back in the day as fast as she could, so we’ll go with that.

Bottom line – the safe is open, and I have verified the combination works, multiple times now, and before it ever gets locked again, we’ll probably verify it a few more times.

Lessons learned include:

  • Put the combination in more than one location
  • Make sure someone else knows how to operate the safe besides you
  • Verify the combination works before locking the door closed
  • If you want to use it as a fire box, and not actually lock it, remove or disable the combination lock components
  • If the combination has never been changed, knowing the serial number could help – write it down
  • The internet is not just for porn. You can find some great articles that will help you become a safecracker =)

Need help getting in your own safe? Read those articles, you might surprise yourself.

Now if only I could remember the password to the file where I stored the safe combination.

UPDATE: 2019-06-03

It’s been 7 years since I posted this blog post, and I get emails, replies and phone calls all the time asking me to help.  I’m sorry, I cannot help you with your 40 year old safe located in Indiana.

Your options are:

  1. Contact a reputable locksmith that specializes in safes and have them either try to manipulate it, or drill it.
  2. Contact Meilink, who is now owned by Fireking.com it would appear, and if you are lucky and the combination has not been changed, and you have the serial number – pay them a small fee and they will send you the original combination.
  3. Attempt to manipulate it, or drill it yourself.

Here’s an updated link to the one above “Safecracking for the computer scientist”

If you managed to get into your safe using any of these methods, feel free to respond. I don’t approve all responses – but I will do so for any relevant information you send me.

Good luck!

John

UPDATE – 2021-03-07:

This article was originally published in 2012, and to this day, the author receives multiple inquiries per week about how to get into a safe, or change a combination.

While we try to answer all phone calls, emails, chat requests and even replies to this post, we typically end up passing along the same information.

We can’t give you a combination.  Your only hope is to contact the manufacturer and give them the serial number and see if they have the default combo.  Optionally, you can call a locksmith.

You can get more information from Meilink’s parent company here:

https://www.fireking.com/brands/meilink

UPDATE – 2022-03-01:

Another year has passed, and still phone calls, emails and responses come in asking if we can open a safe, give a default combination, change a combination, and the like. While I am sure we COULD – that is not what we do. We are a Business IT provider. We would LOVE to help you with your computer, server or network, business related issues. We offer sales, service, support, consultation for anything connected to your network in the Greenville and Upstate South Carolina area.

Let us help you with your business computer needs, and let’s leave the locksmithing to the professionals.

If you need assistance with a lock or safe, go to Google or your favorite search engine and put in “local locksmith near me” and you will be in business!

Good luck!

-John