Thanksgiving 2013 – Hours

We would like to wish you a very happy and safe Thanksgiving….

May you get to spend it with family and/or loved ones!

In order that we may spend time with our families, the office will be closed on Thanksgiving Day and on Friday, November 29th.

We will resume normal hours on Monday, November 2nd, 2013.

Should you need us for an emergency, please call our office at 864-990-4748 and hit 0 – leave a message and we will all receive it and the first available person will respond!

We hope you know that we are thankful for so many things, including our ability to serve you…

Zero Day Vulnerabilities addressed by Adobe and Microsoft – Get it while it’s hot!

It’s time for updates to come out from from your favorite software vendors, and whether you are using a Windows based PC or a Mac, there’s something for you this month!

Applying these updates is VERY IMPORTANT – your machines are vulnerable unless you take steps to secure them.

Up for your patching pleasure are the following (as listed by our partner, WatchGuard on their security blog):

 

Adobe Patch Day: Zero Day ColdFusion Patch & Flash Update

by Corey Nachreiner

Severity: High

Summary:

  • These vulnerabilities affect: Adobe Flash Player and ColdFusion
  • How an attacker exploits them: Multiple vectors of attack, including enticing your users to open malicious files or into visiting specially crafted web sites
  • Impact: Various results; in the worst case, an attacker can gain complete control of your computer
  • What to do: Install the appropriate Adobe patches immediately, or let Adobe’s updater do it for you.

Exposure:

Today, Adobe released two security bulletins describing vulnerabilities in Flash Player and ColdFusion. A remote attacker could exploit the worst of these flaws to gain complete control of your computer. The summary below details some of the vulnerabilities in these popular software packages.

 

  • APSB13-26: Four Flash Player Memory Corruption Flaws

Adobe Flash Player displays interactive, animated web content called Flash. Many users install Flash, so it’s likely present on many of your Windows and Mac computers.

Adobe’s bulletin describes two unspecified memory corruption vulnerabilities in Flash Player running on all platforms. Though the flaws presumably differ technically, they share the same scope and impact. If an attacker can lure you to a web site, or get you to open a document containing specially crafted Flash content, he could exploit these flaws to execute code on your computer, with your privileges. If you have administrative or root privileges, the attacker could gain full control of your computer.

Adobe assigned these flaws their highest severity rating for Windows and Mac computers, but a lesser severity for Linux machines.

Adobe Priority Rating: 1 for Windows and Mac (Patch within 72 hours)

Adobe ColdFusion is an application server that allows you to develop and deploy web applications. It suffers from two security vulnerabilities, which Adobe does not describe in much technical detail; a reflected cross site scripting (XSS) vulnerability (CVE-2013-5326), and an unauthorized remote read access flaw  (CVE-2013-5328).  Other than that, the bulletin shares very little about the scope or impact of these flaws, so we’re unsure how easy or hard it is for attackers to leverage them. Presumably, if an attacker could trick someone in clicking a specially crafted link, he could leverage the XSS flaw to do anything on your web site that the user could. We also assume an attacker could exploit the remote read flaw to potentially gain access to files on your server, such as its web application source code. In any case, they rate the vulnerabilities as Priority 1 issues for version 10, which is their high severity rating.

As an aside, Adobe’s own network was recently breached via a zero day flaw in ColdFusion. Adobe claims these ColdFusion issues are not associated with their network breach. However, the discoverer of one of the issues, Alex Holden, was actually one of the researchers who uncovered Adobe’s data breach, and he claims one of the flaws has been used by attackers this year to break into other companies. In other words, you should apply these updates immediately if you use ColdFusion

Adobe Priority Rating: 1 for version 10 (Patch within 72 hours)

Solution Path:

Adobe has released updates for all their affected software. If you use any of the software below, we recommend you download and deploy the corresponding updates as soon as possible, or let Adobe’s automatic updater do it for you:

APSB13-26: Upgrade to the latest Flash Player (11.9.900.152 for Windows)

 

Office Updates Mend Word and Outlook Vulnerabilities

by Corey Nachreiner

Severity: High

Summary:

  • These vulnerabilities affect: Microsoft Office related products, including Word and Outlook
  • How an attacker exploits them: Typically by enticing users to open or interact with maliciously crafted Office documents or email
  • Impact: In the worst case, an attacker can gain complete control of your Windows computer
  • What to do: Install the appropriate Microsoft patches as soon as possible, or let Windows Automatic Update do it for you.

Exposure:

Today, Microsoft released two security bulletins that fix four vulnerabilities in Word and Outlook. We summarize the bulletins below, in order from highest to lowest severity.

  • MS13-091: Multiple Word Memory Corruption Vulnerabilities

Word is the popular word processor that ships with Office.  It suffers from three memory corruption vulnerabilities having to do with how it handles malformed Word and WordPerfect files. They all differ technically, but share the same scope and impact. By luring one of your users into downloading and opening a malicious Word or WordPerfect document, an attacker can exploit any of these flaws to execute code on that user’s computer, with that user’s privileges. If your users have local administrator privileges, the attacker gains complete control of their PCs. These flaws affect all versions of Word except for Word for Mac.

Microsoft rating: Important

  • MS13-094:  Outlook S/MIME Information Disclosure Flaw

Outlook is the popular Windows email client that ships with Office. Secure/Multipurpose Internet Mail Extensions (S/MIME) is a standard for encrypting MIME data, or put more simply, it allows you to encrypt email. Outlook suffers from an information disclosure vulnerability involving the way it handles specially crafted S/MIME certificates. By convincing one of your users to open or preview a malicious email with a specially crafted S/MIME certification, an attacker could exploit this flaw to learn a bit about the victim system, including its IP address and the ports it listens on. However, the attacker could not leverage the flaw to compromise the victim system.

Microsoft rating: Important

Solution Path:

Microsoft has released Office-related patches that correct all of these vulnerabilities. You should download, test, and deploy the appropriate updates throughout your network as soon as possible. If you choose, you can also let Windows Update automatically download and install these updates for you.

The links below point directly to the “Affected and Non-Affected Software” section of each bulletin, where you can find all of Microsoft’s update links:

MS13-094

 

One of Windows’ Five Updates Fixes a Zero Day Flaw

by Corey Nachreiner

Severity: High

Summary:

  • These vulnerabilities affect: All current versions of Windows
  • How an attacker exploits them: Multiple vectors of attack, including luring users to malicious web sites or into opening malicious files
  • Impact: In the worst case, an attacker can gain complete control of your Windows computer
  • What to do: Install the appropriate Microsoft patches as soon as possible, or let Windows Automatic Update do it for you

Exposure:

Today, Microsoft released five security bulletins describing a like number of vulnerabilities in Windows and its components. A remote attacker could exploit the worst of these flaws to potentially gain complete control of your Windows PC. We recommend you download, test, and deploy these critical updates as quickly as possible.

The summary below lists the vulnerabilities, in order from highest to lowest severity.

  • MS13-090: ActivX Control Code Execution Vulnerability

ActiveX controls are essentially small programs, often shared between applications, that work behind the scenes performing minor tasks on Windows-based computers. They are kind of like Microsoft-only Java applets. Many Microsoft products, including Windows, ship with many different ActiveX controls for performing various tasks.

Unfortunately, a particular Windows ActiveX control (InformationCardSigninHelper) that Internet Explorer (IE) uses suffers from a remote code execution vulnerability. If an attacker can entice one of your users into visiting a maliciously crafted web page, he can exploit this flaw to execute code on that user’s computer, inheriting that user’s level of privileges. If your user has local administrative privileges, the attacker gains full control of the user’s machine.

Researchers first discovered attackers exploiting this flaw in the wild. They’re currently exploiting it in advanced, targeted attacks. For that reason, we recommend you apply this patch as quickly as you can.

Microsoft rating: Critical

  • MS13-089:  GDI Integer Overflow Vulnerability

The Graphics Device Interface (GDI) is one of the Windows components that helps applications output graphics to your display or printer. GDI suffers from an integer overflow vulnerability involving its inability to properly handle specially malformed Windows Write (.wri) files. By luring one of your users into opening a Write file in WordPad, an attacker could leverage this flaw to execute code on that user’s computer, with that user’s privileges. If your users have local administrative privileges, the attacker gains full control of their computer.

Microsoft rating: Critical

  • MS13-092: Hyper-V Elevation of Privilege Vulnerability

Hyper-V is Microsoft’s virtualization platform, which ships with the latest versions of Windows Server. It suffers from an elevation of privilege vulnerability having to do with how it handles specially crafted hypercalls. If an attacker has administrative privileges on a guest virtual machine (VM) running on your Windows Hyper-V server, she can exploit this flaw to either crash the Hyper-V host and all your VMs, or to execute arbitrary code on one of the other guest VMs running on the same physical server. This flaw only affects Windows 8 x64 Edition and Windows Server 2012.

Microsoft rating: Important

  • MS13-093:  AFD Information Disclosure Flaw

The Ancillary Function Driver (AFD) is a Windows component that helps manage Winsock TCP/IP communications. It suffers from a vulnerability involving the data it copies from kernel memory to user memory. In a nutshell, if a local attacker can log into one of your Windows computers and run a custom program, he could leverage this flaw to gain access to information in kernel space that he shouldn’t have access to. However, the attacker would need valid credentials on the target system, and could not leverage the flaw to elevate his privileges. This flaw only poses a minor risk.

Microsoft rating: Important

  • MS13-095:  Digital Signature Handling DoS Flaw

Windows ships with various components that allow it to handle the digital certificates and signatures used to establish secure communications. Unfortunately, Windows does not properly handle malformed X.509 certificates. By sending a specially crafted X.509 certificate to a Windows web server, an attacker could can a denial of service (DoS) condition, preventing the web server from responding future requests.

Microsoft rating: Important

Solution Path:

Microsoft has released various updates that correct all of these vulnerabilities. You should download, test, and deploy the appropriate updates throughout your network immediately. If you choose, you can also let Windows Update automatically download and install them for you. As always, you should test your updates before deploying them. Especially, server related updates.

The links below point directly to the “Affected and Non-Affected Software” section of each bulletin, where you can find links to the various updates:

These alerts were researched and written by Corey Nachreiner, CISSP (@SecAdept).

 

As always, should you have issues applying these patches / updates, or questions, please do not hesitate to reach out to us if you are in the Greenville / Upstate SC area.  864-990-4748

Windows users being exploited due to a TIFF issue

You need to be aware of this… Reposting from one of our partner’s blogs…  WatchGuard:

 

Attackers Exploiting a Zero Day in Windows, Office, and Lync

by Corey Nachreiner

Today, Microsoft released a critical security advisory warning customers of a serious new zero day vulnerability that affects Windows, Office, and Lync.

In a nutshell, the vulnerability has to do with how certain versions of Windows, Office, and Lync handle specially crafted TIFF images. If an attacker can trick you into viewing a malicious image, including ones embedded in Office documents, he can exploit this flaw to execute code on your computer, with your privileges. If you have local administrative permissions, as most Windows users do, they attacker gains complete control of your computer.

McAfee researchers first discovered this flaw being exploited in the wild, and they share some interesting details about the issue on their blog (Microsoft also shares some extra technical detail here). While the flaw lies in Microsoft’s image handling components (GDI+), the public attack actually arrives as a malicious Word document with an embedded TIFF, which the attackers send via email. Microsoft claims attackers are only exploiting the flaw in limited, targeted cases.

Since they just learned about the flaw recently, Microsoft hasn’t had time to patch it yet. However, they have released a FixIt which mitigates the issue. FixIts are not considered full patches, but they can protect you until Microsoft releases their final update. If you use any of the affected versions of Windows, Office, or Lync, I highly recommend you apply the FixIt as soon as you can. Microsoft does also offers a few other workarounds, such as disabling the TIFF codec, or using the EMET tool (something I suggest you do in general), but I think the FixIt is the quickest and most reliable solution.

I’ll continue to follow this issue as it evolves, and will post here as soon as Microsoft releases a patch. — Corey Nachreiner, CISSP (@SecAdept)

Corey Nachreiner | November 5, 2013 at 6:31 pm | Tags: 0day, exploit, Lync, memory corruption, office, remote code execution, TIFF, windows, zeroday | Categories: Security Updates | URL: http://wp.me/pVP8E-1cn

Support for Windows XP and Office 2003 is coming to an end

Support for Windows XP and Office 2003 is coming to an end

On April 8, 2014, Microsoft will end support for the decade-old Windows XP. This means you will no longer receive updates, including security updates, for Windows XP from Microsoft. Support of Microsoft Office 2003 will also be ending on the same date.

Security Risk
Without critical Windows XP security updates, your PC may become vulnerable to harmful viruses, spyware, and other malicious software which can steal or damage your business data and information. Anti-virus software will also not be able to fully protect you once Windows XP itself is unsupported.

Software Issues
Many software and hardware vendors will no longer support their products that are running on Windows XP as they are unable to get the Windows XP and Office 2003 updates. For example, the new Office leverages the modern Windows and will not run on Windows XP.

No One to Call
When problems arise, online and phone-based technical support will unfortunately no longer be available to assist you or your IT partner, leaving you on your own to deal with the problem.

Down Time
The risks of system failure and business disruption could increase because of the end of support, lack of supported software, and the increasing age of hardware running Windows XP.

If that has not convinced you to upgrade, then we should talk further! Give us a call at 864-990-4748 and let us convince you to switch your business over to a modern and supported operating system.

We can upgrade one computer or one thousand. We offer Microsoft licensing sales and consultation, as well as new computers from Lenovo, Samsung, Toshiba, Asus, Acer and our favorite vendor, Nexlink with either Windows 7 or Windows 8, and we offer installation and migration here in the Greenville SC area!

Slow computer – we can fix that! Viruses, spyware, adware, malware clean up in Greenville, SC

Though it is only a small fraction of what we do, when we help a client with a computer that is running slow, it may have the biggest impact on their day-to-day user experience over just about any other service or product we offer.

I was reminded of that earlier today when I received this in email from Jan at one of the local non-profit organizations we serve, Pleasant Valley Connection:

I can’t even believe how much better my computer is working.  I no longer have to wait 30 minutes for an email to go or come.  It’s a MIRACLE – thanks to Mr. H.

It struck me that we probably don’t make a big deal of it and tell everyone that we actually DO clean up computers and remove the malware, viruses, trojans, spyware, ad trackers and bogus search bars, and other things which can have a dramatic impact on the speed of your computer, not to mention the security of your data.

If you didn’t know, then that’s my fault. I am too busy trying to tell you all the big, amazing, high-tech things we do, like IP security cameras that allow you to watch your business from anywhere in the world, or the uber cool Voice over IP phone systems we sell, or access control, etc.

If I have failed you by not telling you that we can make your life better, increase your productivity and the productivity of your users on your business network, thus saving you money, then I apologize. Give us a call or use our contact form and let us know how we can help you.  We work with one single computer you might bring to our office, or we can go to your location and work there on one or one hundred computers.

 

RDX Removable Hard Drive System Test Center approved by CRN

Tandberg Data RDX removable hard drive solutions have been Test Center approved by CRN

Our partner, Tandberg Data has recently had the honor of having their RDX removable hard drive system Test Center approved by CRN.

Click above to link through to the CRN review.

Congratulations to Tandberg for their continued excellence in the field of backup solutions.

If you would like more information about RDX removable hard drive solutions from Tandberg, please use our contact form, or call us at 864-990-4748. We offer sales and support for backup systems in the Greenville SC area.

How To Disable Ad Tracking in iOS7

David Haskins with Haskins PR here in Greenville, SC made the following video which you might find useful. In it, he explains how to disable the Ad Tracking functionality which sends targeted ads to your IOS7 device, a privacy concern for many.

More info about Haskins PR is at www.haskinspr.com or you can reach them at 864-502-8899

iOS 7 is more than just a bunch of pretty changes and features

By now you surely have iOS 7 installed on your Apple iPhone, iPad, or whatever iThing you own. If you are like me, you are happy with the new features, for the most part, and missing some old functionality. If you are really picky, you might have found a dozen little bugs by now, but then again, you could have found the work-arounds either on your own or by googling for them too.

Whether you have updated or not, one thing is for sure, iOS 7 does offer a number of security enhancements.  Without counting them, let’s just say, there are a LOT.  Dozens in fact.

http://support.apple.com/kb/HT5934 is where you will find the list.

So, for those of you who are holding out to update your device because you like what you have, or you don’t care about new features – you may wish to consider it simply as a security enhancement.

One word of warning – the update may take a while…  Start it and go get a bite to eat. I’ve heard some people say it took them several hours, though in my experience it was less than an hour, it just seemed longer.

What ever you do – do NOT hold the power button and force the device down during the update installation. There have been many bricked phones and tablets due to that.  Also, you really should plug it into a power source and have reliable internet access during the update.

Should you have any issues, let us know, we will be happy to assist here in the Greenville, SC area…   864-990-4748

Is your video surveillance system being used to watch you?

Typical video baby monitor

Typical video baby monitor

An article caught my eye the other day, where a hacker had gained access to the video baby monitor a family had deployed. In doing so, they harassed the family a bit by saying their child’s name and moving the camera.

If your video surveillance system is configured to where you have remote access, you could be allowing someone to view what you view, to hear what you hear.

Should you want to secure your camera system, you can do so in several ways:

  • Disable default logins and passwords.
  • Use strong passwords.
  • Place your camera system on non-standard ports.
  • Employ a VPN to connect security to your home or business network.

Need help in the Upstate (Greenville area) of South Carolina? Homeland Secure IT can assist you. We offer sales, installation and support of video surveillance systems, including IP and CCTV.  Call us at 864-990-4748 or use our contact form for more information!

Are you afraid of social media?

I have a hard time trusting people who are not active and open on social media. My perception is that they are hiding something…

What are some reasons for NOT using social media to connect with people and share either your personal or business life (or in my case, both)???

Reasons people might abstain from being social on the internet:

– Owe money – don’t want to be found
– In the witness protection program
– Have multiple personalities (gets too confusing to be logged into the right profile)
– Running from the mob or a drug lord because you ripped them off
– Have multiple girl/boyfriends/husbands/wives and don’t want them to find out about the others
– Do illegal things and don’t want to be discovered by authorities
– Do stupid things (party, etc) and don’t want to be discovered by friends or family
– A “devout Christian” who doesn’t want to let their church know they are in a same-sex relationship, or go out drinking on Saturday
– Avoiding the IRS – Don’t want them to know you are buying new boats and planes
– Paranoid about “them” – because “they” are probably watching you right now. (NSA anyone?)
– Paranoid about identity theft – because there’s absolutely no other way for people to get information about you ;)|
– Don’t want their insurance provider to know they do extreme sports
– Afraid an employer will find out they living beyond their means (stealing from the company, or don’t NEED a raise)
– Job hunting – don’t want potential employers to know they drink every night and sleep late every day
– Really dislike their family and friends and don’t WANT a relationship
– Afraid of connections, commitments, etc.
– Court order forbids them from having a public social media page (or contact with children)
– Lack of technology – No internet access or device with a browser
– A strong commitment to family where they don’t want to miss a moment with their wife or children
– Too darn busy to use Social Media, even when in the bathroom like most people do and had rather spend that “downtime” playing Temple Run or Candy Crush
– Fear of the unknown – just fear in general

Any other reasons come to mind?  Just reply with your comments and let me know.

What about work?

What about at work?   Do you have a business network where you forbid the use of social media sites? Some work places have put in a total block of all social media sites, the firewall stops that activity dead in its tracks on devices connected to that network, however, that does not prohibit employees from using their own personal devices.   This has prompted some businesses to put a strict written policy in place as well which states that an employee can be dismissed just for checking their personal phone, tablet or laptop during business hours.

Homeland Secure IT can help with the hardware and software end of this, should your company want to block usage of social media. We can provide firewalls and/or software to block and/or monitor this type of activity.

We offer tried and true solutions from the brands you know best, such as Cisco, WatchGuard and Trend Micro.

Have a need or wish to discuss this?  Reach out to us at 864-990-4748 or use our CONTACT form.