Blog - Homeland Secure IT - Business Computers, Servers and Networks

SECURE IT ALERT: Usama Bin Laden Death Email Scam Warning Issued by the FBI

May 13, 2011

: Homeland Secure IT Alert

Homeland Secure IT Alert for Friday, May 13 2011

On May 04, the FBI issued a warning about links related to the death of Usama bin Laden.

The text from the FBI site follows:

Malicious Software Features Usama bin Laden Links to Ensnare Unsuspecting Computer Users

The Internet Crime Complaint Center (IC3) urges computer users to not open unsolicited (spam) e-mails, including clicking links contained within those messages. Even if the sender is familiar, the public should exercise due diligence. Computer owners must ensure they have up-to-date firewall and anti-virus software running on their machines to detect and deflect malicious software.

The IC3 recommends the public do the following:

Adjust the privacy settings on social networking sites you frequent to make it more difficult for people you know and do not know to post content to your page. Even a “friend” can unknowingly pass on multimedia that’s actually malicious software.
Do not agree to download software to view videos. These applications can infect your computer.
Read e-mails you receive carefully. Fraudulent messages often feature misspellings, poor grammar, and nonstandard English.
Report e-mails you receive that purport to be from the FBI. Criminals often use the FBI’s name and seal to add legitimacy to their fraudulent schemes. In fact, the FBI does not send unsolicited e-mails to the public. Should you receive unsolicited messages that feature the FBI’s name, seal, or that reference a division or unit within the FBI or an individual employee, report it to the Internet Crime Complaint Center at www.ic3.gov.

For more information, head on over to the www.fbi.gov/scams-safety/e-scams page…

Homeland Secure IT Alert

This brings a tear to my eye! #awesome #CustomerSatisfaction #ComputerService

May 12, 2011

The following voice mail was left on my phone the other night:

Hey John, this is Mark C. over at <an Upstate clinic>, I just wanted to call you to tell you personally that Scott Chitwood is awesome! He is just awesome! He just spent a lot of time with me after work, helping me at work. I just wanted to tell you I appreciate you guys and, you guys are awesome and Scott is awesome! I brag about you guys all the time and I just wanted to tell you that. Thanks for doing what you do!

While I tend to agree that Scott is indeed awesome, it sure feels great when someone else takes time out of their life to share their thoughts with us!

We appreciate you too Mark! Thank you!

If you are looking for computer service or repair in Upstate / Greenville, SC – don’t settle for less than awesome! Give us a call at 864.990.4748 o or email info@homelandsecureit.com

Business focused Motion CL900 tablet is now available for order

May 11, 2011

Does your business need something other than the Apple iPad and Android based tablets? The Motion CL900 is now available for order!

Motion CL90 Windows 7 Tablet

Effective today, the Motion CL900, the latest addition to Motion’s suite of enterprise-built tablet PCs, is now available for shipping with the standard 4 week lead time from Authorized Motion Reseller Partners.

The CL900 is a rugged, lightweight and powerfully equipped tablet PC purposefully designed, developed and built for business. At a starting price of only $899, the latest Tablet PC from Motion packs performance, power and integrated features into an ultra-mobile and lightweight design.

The Motion CL900 comes standard with:

Bluetooth
WLAN
Integrated Front and Rear-Facing Cameras
Corning Gorilla Glass Display Protection

Additional options include:

Up to 2GB of RAM
Up to 62GB Solid State Drive (SSD)
Gobi Connectivity (WWAN)

There are also some supporting accessories available, including a unique desktop docking station and protective display film, as well as extended warranties.

Homeland Secure is happy to be able to offer these tablets to our Greenville / Upstate business clients! For more information, please contact us at 864.990.4748 or email info@homelandsecureit.com

Bovinova 2011 made it into the Wall Street Journal!

May 10, 2011

A group of creative and daring Greenville / Upstate, SC individuals spent thousands of dollars and hundreds of hours of time to bring us Bovinova 2011…

What was it? It was BIG! Here’s a Wall Street Journal video that details it: (Vegetarians and Vegans may want to skip this. hahah)

Alas, no mention of The Dockside Band playing, but hey, there’s a shot of me helping man-handle a cow! Mooooooooo!

On Friday night, while the cooking was going on, TimTV performed his act with fire eating, and then the rain came & the wind blew… Allll night long! Dozens watched on a webcam to see what was going on and to watch those crazy cooks like Jeff Bannister do their thing, while battling the weather… The next day, it cleared up just in time for hundreds of people to attend and enjoy some tasty beef!

Some of the sponsors of the event were www.WeServePapers.com, Swagclub, Network Controls, Whipp and Ken’s Plumbing.

One thing is for certain… Bovinova 2012 will be even more spectacular!

Cisco Small Business UC 300 VoIP system looks like a winner

May 9, 2011

The time has come to replace that old analog phone system in your small business and upgrade to VoIP (Voice over IP) technology! The prices have never been better.

One interesting option is the Cisco Small Business Unified Communications 300 series. A few features include:

Lower communication expenses

Business-class calling and messaging

Full key system and small private branch exchange (PBX) features

Integrated wireless access point

A wide choice of phones for any business environment

Web-based management for easy phone changes

A return on your investment as your business grows and evolves

Peace of mind with the reliability you expect from Cisco

The UC320 system’s specific features:

Integrated voicemail and automated attendant and voicemail to email notification

IP-based telephony supporting Cisco SPA300 and SPA500 Series IP phones

SIP trunking support for clear, high-quality voice services and telecommunications cost savings

Interoperable with up to 12 public switched telephone network (PSTN) lines (FXO)

Built-in 802.11b/g/n wireless access point lets employees stay connected to voice or data

4-port Gigabit Ethernet (1000 Mbps) switch with VLAN support, to connect devices or expand

Gigabit Ethernet WAN port to connect your office to the Intern

Support for up to 24 employees

If this sounds of interest to your Greenville / Upcountry business, please give Homeland Secure IT a call at 864.990.4748 or email info@homelandsecureit.com. We are a Cisco Small Business Select Partner offering sales, support and consultation!

Cisco IOS potentially susceptible to two zero day vulnerabilities

May 6, 2011

SecurityFocus has two posts indicating that Cisco IOS 15.0 is vulnerable to attackers.

Both are DoS (Denial of Service) issues and at this time there is no solution being offered from Cisco to correct the problem.

Should your network be non-responsive, you could attempt to reboot your Cisco device to restore connectivity.

The original posts are as follows:

Cisco IOS UDP Denial of Service Vulnerability

Cisco IOS SNMP Message Processing Denial Of Service Vulnerability

Homeland Secure IT is a Cisco partner and can apply the IOS updates when they become available. We are also partners with and offer sales & support of SonicWall, WatchGuard and other firewall/router manufacturers. If this issue becomes of concern for you or your business, we can provide alternative products which are not vulnerable. In Greenville / Upstate SC, call 864.990.4748 or email info@homelandsecureit.com

Aaron’s rent-to-own computers may have come complete with value-added spyware

May 4, 2011

It seems that not a day goes by that we don’t hear stories of how this person or that company had a data breach and information was leaked outside their walls, but in the news the last couple days is something far more sinister than someone losing data because of a hacker or accidentally installing malicious software.

ABC Action News has a story entitled, “Suit against PC renter raises privacy questions” which tells the story of a couple from Wyoming who have filed a suit against Aaron’s Inc., a company which offers computers on a rent-to-own basis.

The couple got one of those rent-to-own computers and late last year the manager of their local Aaron’s arrived to repossess said computer due to a mixup. While in the process of trying to sort everything out, the manager showed a picture of the husband using the computer to the couple. The picture was presumably taken by software installed on the computer which allows Aaron’s to activate the webcam, disable the computer, etc.

It will come as no surprise that this has resulted in a lawsuit.

If Aaron’s has done this, it makes you wonder how many other retailers, maybe even manufacturers have done the same. In security circles, a topic of conversation is the potential for a manufacturer to distribute large numbers of computers with built-in spyware, laying dormant until activated.

It’s easy to see why many businesses and individuals will wipe a brand new computer and load their own install on it before putting it to use… Of course, this assumes that the install distributions and applications are free from spyware from their developers. Here we go with the “But I use Open Source and know what my software contains” comments, but, honestly, how many people actually pour over tens of thousands of lines of code?

Deleting system files before you leave a job is not a nice thing to do, and likely illegal!

May 3, 2011

I’ve said this before, but I think I will say it again. Should you leave a job and have personal files on your system, sure, by all means, delete your PERSONAL files, that’s okay, right?

Maybe… In fact, laws on the books that state that everything you do at work is property of the employer, however, I am not a lawyer, so I won’t get into that. What I WILL harp on is that if you do decide to delete a folder containing *your* personal files, not files belonging to the soon-to-be-ex-employer, then everything should be okay, but when you cross the line and either delete *everything* you can, including important system files, or possibly use a “secure wipe” application to write 1s and 0s to the drive, or even attempt to format a drive, then you have moved from protecting your privacy to destruction of property, malicious mischief, and a whole plethora of laws that cover this.

There is an entire field dedicated to recovering data intentionally deleted or destroyed. These “forensic” technicians are very good at it and also come with a hefty price tag. So, if you should happen to delete files, and it causes your former employer to enlist the assistance of an expert in recovery, then you can expect the associated costs to be passed on to you.

My advice is as follows:

If you are at work, why not work? Try to keep your personal files and emails totally off the business network. Use your Android or iPhone to read emails, or optionally web based email (gmail) if your company policy allows accessing external email accounts via the web on work computers.

Failing that, keep all your non-work email in a folder named something like “John’s Personal Email”, and personal files in a similarly named folder. Upon leaving, delete those and ONLY those folders.

What about your browser cache, all those cookies, auto-logged on sites, etc? Well, if your personal life did not intertwine with work, then you wouldn’t have this problem, but now you do, so what to do? You COULD empty the cache, or you could use a tool like “CCleaner”, but those will remove legit work-related data too. Of course you could have enabled privacy mode and attempted to browse without leaving a trace, but you didn’t.

Okay, so just what CAN be recovered should you decide to delete your files and email before you leave?

Depending on how the Exchange server is configured, your mail may be backed up, possibly archived, forever, so even if you delete your mail today, last night’s backup got it all up until it ran.

Your desktop may be backed up as well, and it is possible that you do not even know it is happening. More and more businesses are opting for nightly, weekly or monthly imaging of all PCs. Some computers are set to sync the documents folders to a centralized server.

And there’s always the chance that an employee will FEEL you did something bad, even if you had no intent to defraud them of their data and they will hire someone like me and my company, Homeland Secure IT to retrieve data from the hard drive. As I write this post, I am doing that for a new client in a similar situation.

Just what can we recover? Most everything. A “DELETE” doesn’t get it. Actually, we have successfully recovered files from a hard drive that had a “secure wipe” performed on it.

If your business needs data recovery services, please contact us in the Greenville / Upstate, SC area at 864.990.4748 or email info@homelandsecureit.com – If it’s there, we’ll get it.

Bin Laden death results in malware spreading via social media, email and web

May 2, 2011

It will come as no surprise that anything newsworthy results in the creators of malware intensifying their efforts to spread their malicious code. The demise of Usama Bin Laden in no exception as various attempts to entice people to follow links through are being reported all over the place. I have seen 3 people I follow on social media who were posting malicious links already.

As always, if you see a link such as “See Bin Ladens last moments” on someone’s Facebook profile, don’t click it, it is likely not something you want.

Using a reliable and trusted anti-virus with web filtering capabilities, keeping your computer operating system up to date, as well as all supporting applications such as Java, Microsoft Office, Adobe products, etc is always a great idea. We recommend and offer Trend Micro for anti-virus for either your personal desktops or for your entire business network security! We also offer complete computer security, repair, support and sales in the Greenville & Upstate SC Area.

If you would like additional information, please contact us at 864.990.4748 or email info@homelandsecureit.com

While we are on the subject of Bin Laden, let me take a moment to thank our military and everyone involved in the events of the last 24hrs. I think we may all sleep a little better at night….

Huge Sony PSN Data Breach: What Should I Do? (From the WatchGuard Security Blog)

April 29, 2011

I am reposting this from WatchGuard Security Center blog in its entirety below. I have kept fairly silent on this subject as everyone has said everything that needs to be covered. Corey did a fine job of outlining the situation though, so for your reading enjoyment:

Huge Sony PSN Data Breach; What Should I Do?

Corey Nachreiner | April 28, 2011 at 11:53 am | Tags: credit card, Data breach, PCI, PSN, Sony | Categories: Editorial Articles | URL: http://wp.me/pVP8E-aq

On Tuesday, Sony officially disclosed a humongous data breach against the Playstation Network or PSN (recently renamed to Qriocity), which allowed external attackers to get their hands on the Personally Identifiable Information (PII) of around 77 million gamers. Worse yet, they may have even stolen their credit card information, too.

If you read security news, or follow me (@SecAdept) on Twitter, you’ll know this incident has been brewing for around a week now. It first started last Wednesday, when PSN went down for all Playstation 3 users. At the time, I’d imagine that most customers assumed the outage was some sort of routine maintenance. However, with Sony recently coming out of a DDoS battle with “Anonymous” over the Geohot Playstation hacking lawsuit, paranoid security professionals like me suspected this outage might be related to more “Anonymous” hijinks. Unfortunately, we have since learned that that wasn’t the case (I wish it was).

Over the next few days, the story continued to slowly unfolded, mostly on security and gaming sites. Sony blog posts (some which were later removed) eventually admitted that the issue may be related to an “external intrusion.” However, Sony was not quick to confirm the details, or share what the attackers got. If you are interested in how the story slowly unfolded, PCWorld has a great timeline of the incident. In any case, Sony finally sent an email to all its PSN subscribers Tuesday night, sharing exactly what the bad guys stole — and unfortunately the cretins hit pay dirt.

If you’d like to read Sony’s email in full, check out this forum post, but I’ll quickly highlight what it claims the attackers stole from all PSN subscribers:

Your name,
address (city, state, zip),
country,
email address,
birthdate,
PSN password and login
PSN online ID and handle
purchase history,
billing address (may be different than normal one),
security answers,
and possibly even your credit card information (excluding security code)

Unfortunately, this is a huge repository of valuable information for identity thieves and attackers wishing to target your other online accounts. On the surface, the biggest concern is whether or not attackers gained access to credit card (CC) numbers. Sony is not very clear on this count. They claim they have no evidence to suggest so. However, they immediately backpedal, saying they cannot rule out the possibility. A more recent Sony Blog update has at least shared that the CC date was encrypted, and that they didn’t store any security code info for CCs. Well, at least that’s semi-good news.

So what’s a PSN subscriber to do?

Being one myself, I immediately asked myself that very question. Here’s what I’ve come up with:

Do you follow best password handling practices? If not, change your passwords. One well known, but often ignored, password security practice is that you should NOT use the same password everywhere. Unfortunately, many people, including security professionals, don’t follow this practice. If you are one of those people, the first thing you need to do is go to all the important sites you visit and change your password. If someone has your email address and a password, that will get them into many popular sites you may frequent.
Cancel/change your credit card. This one really sucks. It can be a pain to get new credit cards, mostly when you don’t know for sure whether it is entirely necessary. Unfortunately, I have to lean towards being safe and not sorry. If you shared your CC with PSN (it’s possible you may not have), you should probably get new cards. Granted, Sony does say the CC data was encrypted. So ultimately, it is up to you if you want to take the chance.
Watch your credit information. There’s really nothing you can do about that fact that a lot of your PII data is out there. This is the same data bad guys use to setup fraudulent accounts in your name. Luckily, attackers didn’t get one crucial (at least in the US) piece of data; your social security number. Without this, they probably can’t setup financial accounts in your name. Nonetheless, you should still monitor your credit via your country’s credit agencies. You may even considering submitting a fraud alert or credit freeze, which will make it harder for attackers to create new accounts in your name.
Remain vigilant for follow-up attacks. Since the attackers didn’t get Social Security numbers, they don’t have all they need to totally steal your identity. However, they often follow up there sorts of attacks with other attacks (email phishing), trying to gather any additional info they need. Furthermore, they can often leverage the information they’ve already stolen to help trick you into trusting them. So remain vigilant against phishing and social engineering attacks, asking you for private info.

The last question that I’m sure is one everyone’s mind, is how did Sony actually get hacked. The short answer is, we don’t know yet. Sony’s not sharing. There has been a number of rumors, though:

Geohot did it. This is the guy that hacked the Playstation 3’s DRM and copy protection. Sony sued him for it, and he settled the case (saying he’d leave Sony stuff alone). This guy’s smart enough to breach networks, but I’m pretty sure he didn’t go after PSN, mostly after settling with Sony. So I doubt this is the case.
“Anonymous” did it. Anonymous is that random group of hackers that went after HBGary. They also sided with Geohot during the PS3 hacking case, and likely launched DDoS attacks against Sony in early April. However, they claim they had nothing to do with this breach. I tend to believe it as Anonymous tends to stick more with headline grabbing stunts, than these highly illegal, malicious breaches. That said, some solo-Anonymous hackers may have acted alone.
The attack is the result of a custom PS3 firmware (called Rebirth). When Geohot hacked the PS3 DRM, he made it possible for homebrew coders (and pirates) to load their own modified firmware onto the PS3. These modification could allow playstation users to do all sorts of cool things that Sony didn’t originally intend the PS3 to do. However, some of the latest custom firmwares coming out of the PS3 “scene” included modifications that would allow hacked PS3 to regain access to PSN, or worse, the PSN developer network. One of those firmwares was called Rebirth. Due to the timing of Rebirth’s release, and some of it’s features, some people suspect it has something to do with how the PSN attackers were able to breach Sony’s PSN network. In fact, it seems very likely that the modified firmware was at least used to fraudulently download PSN games without valid CCs. Of the rumors presented, this one seems most possible to me. That said, the creators of Rebirth have claimed they weren’t responsible either. However, they admit users have found interesting ways to use their firmware.

Besides those rumors, other experts have shared their own guesses about how this breach might have happened. For instance, one mentioned that it could have been a spear-phishing email, that got malware on an administrator’s computer. That guess is as good as any. After all, that’s basically how the Aurora attackers got into Google — it’s certainly possible. Yet, it’s still just a guess. Until Sony, or someone else, shares the real story, all we can do is wonder.

Not knowing exactly how the breach happened, makes it harder to give you a specific defense that can help prevent this from happening to you, but that’s where good ‘ole “Best Practices” come ins (something we also learned during the HBGary incident). Two things come to mind for me:

Defense-in-Depth. Security guys hear this so often that it stops feeling relevant. It still is. It’s simple math. The more defensive layers you build up — things like Firewalls, IPS, AV, application control, cloud reputation, etc. — the better statistical chance you have of detecting and blocking an attack. That is why WatchGuard created our XTM appliance. We want to make it as easy as possible to incorporate as many defenses as possible, in one easy to manage appliance, and to have a platform that allows you to evolve your defenses in the future. That said, when most people think “Defense-in-Depth,” they only think about the hard, preventive technology measures, such as the ones I’ve mentioned above. They don’t think as much about the softer security measures, such as visibility tools that may also help you recognize unusual incidents, like security breaches. When you are building your layers of defense, don’t forget to include products that offer visibility tools as well (we have great visibility tools, and plan to make them even better).
Focus your perimeter on your data center! One of my predictions for this year was that your perimeter will not go away. It will just shrink, harden, and focus on your data center. The huge increase in mobile workforce and technologies, has caused the security industry to largely focus on mobile security technologies — for good reason. However, just because you need mobile defenses, doesn’t mean you can tear down the walls around your castle. Instead, the huge increase in big data breaches, like this PSN incident, has shown that we need strong, evolving perimeter defenses around our data centers, today more than ever. Your perimeter shouldn’t only protect your data center from the world, but also from your own workforce. Based on what Sony’s doing to improve their PSN security, it sounds like they now agree with my prediction.

This PSN data breach will surely have resounding affects on network security for years to come. I wouldn’t be surprised to see it cause PCI changes, trigger politicians to suggest new laws, and result in new business regulations. I will continue to follow the story and post any interesting new details I find. — Corey Nachreiner, CISSP. (@SecAdept)

—

Find more on the Watchguard Security Center blog…

Homeland Secure IT is a WatchGuard partner offering sales, service, support and consultation in Greenville & Upstate, SC. If you would like more information about WatchGuard products, please call 864.990.4748 or email info@homelandsecureit.com

Page 49 of 85
←
1
...
48
49
50
...
85
→