Our Stuff

Note the 'off-the-shelf' comment below. Also, we've demonstrated a man-in-the-middle attack a couple of times that can allow an attacker to 'sniff' the traffic between your mobile phone an your mail server (even encrypted).


New Forensics Tool Can Slurp a Phone's Data via the Cloud
gizmodo.com
The police don't even need to touch your phone anymore to know how you've been using it. A new off-the-shelf forensics tool lets cops retrieve all the data they want from your iPhone by accessing its contents through iCloud.

"...Against these modern attacks, we have other defenses. Some may work against the older versions of these attacks as well. In short, these defenses can be summarized as "end point protection" (whitelisting, anti-virus, host based firewall, hardening of the system...). Hardening a large number of end points is however a lot more difficult then configuring a few firewalls well placed at the right choke points..."


ISC Diary | Do Firewalls make sense?
isc.sans.edu
SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events.

Ummmm, yeah :)


Best Buy: Write down your e-mail password (and give it to us)
news.cnet.com
As part of its 'New Computer Set-Up' service, Best Buy's Geek Squad asks customers to write down their e-mail password in a box. Which some might find a little odd. Read this blog post by Chris Matyszczyk on Technically Incorrect.

This is going to be a little more 'geeky' than many of our posts on here (and for that, I apologize), but I think that it's worth pointing out. An IP address is the 'unique identifier' for your computer on the Internet (please, no flames on that, trying to be general) and there are several sets of IP addresses that are set aside / reserved as non-routable on the Internet (e.g., you should *never* see traffic coming from one of these addresses on the 'outside' of your firewall). Unfortunately, you do see traffic from these address with surprising regularity and even some large companies (think bigfish.com) send traffic reporting to come from these addresses. My long standing stance here is to drop any traffic coming into my networks reporting to come from a private IP and I've taken a good bit of heat from some folks (and recently lost a client because our email server was blocking such traffic) but I stand by my convictions that this is a) bad practice and b) ripe for attack. The details on this are still sketchy, but I suspect that there may be just such an attack looming (somewhere) here.


ISC Diary | Got Packets? Odd duplicate DNS replies from 10.x IP Addresses
isc.sans.edu
SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events.

Huge goof at Avira Antivirus leaves users (who installed the update like they are supposed to) with non-functioning computers. A unique way to prevent viruses (if the computer doesn't work, you don't get a virus) but not one that I suspect will gain a lot of traction or support. They've since released a fix and a big ole apology.


'Catastrophic' Avira antivirus update bricks Windows PCs • The Register
www.theregister.co.uk
Security software biz Avira has apologised after its antivirus suites went haywire and disabled customers' Windows machines.

I love my Andriod based phone (not so fond of the hardware, but that will soon change) and it pains me to say this, but the malware threat (I believe) is on it's way up. Mobile phones represent an incredible opportunity for malware writers / purveyors in that they are available on unprotected (mobile) networks *and* a lot of people also connect them to their protected (LAN) networks. Basically, even if your company does have some big, fancy firewall in place to guard it's network, with an infected mobile phone, the bad guys can just cruise right past it. Don't think that I won't be saying 'I told you so' in the very near future on this :)


Android malware levels quadrupled over past two years
www.v3.co.uk
Mobile Trojans are cyber criminals' new tool of choice

Adobe users beware (and this isn't just Flash and Reader)..


ISC Diary | Adobe Update to Vulnerabilities
isc.sans.edu
SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events.

Would you pay for a security update?


Adobe Introduces the Paid Security Fix - Slashdot
it.slashdot.org
Nimey writes "Adobe has posted a security bulletin for Photoshop CS5 for Windows and OSX. It seems there is a critical security hole that will allow attackers to execute arbitrary code in the context of the user running the affected application. Adobe's fix? You need to pay to upgrade to Photosho...

Adobe has released a security bulletin noting that they have found a vulnerability in Adobe CS5 and earlier programs (Acrobat, Photoshop, Illustrator, etc.). This vulnerability can allow attackers to gain access and take full control of your system. Have no fear though, Adobe has found a fix!! PAY THEM FOR THE NEW VERSION OF THE PROGRAM!!!! Wow, that is a cheap shot adobe... BTW, cheapest version of CS6, which will fix the problem... $1,299.00. Hope you adobe users have your pennies saved up.

https://www.adobe.com/support/security/bulletins/apsb12-11.html

Ransomware, yet another [not so] cool way to make a quick dollar on the Interweb :)


New malware strain locks up computers unless ransom is paid
news.cnet.com
A type of 'ransomware' hitting users across Europe demands payment for alleged copyright violations, according to a Swiss security blog. Read this blog post by Lance Whitney on Security & Privacy.

Adobe has announced that it's getting in on the action as well and released an update addressing several critical vulnerabilities in Adobe Flash Player affecting *ALL* platforms (Windows, Mac and Linux). Users are encouraged to update as soon as possible.


http://www.adobe.com/support/security/bulletins/apsb12-09.html
www.adobe.com

Next Tuesday (8 April) is Patch Tuesday and Microsoft has just released the advanced bulletin for the issues to be addressed. There are a total of 7 bulletins with 3 listed as critical and 4 listed as important. Microsoft Windows (all supported versions) and Microsoft Office (all supported versions) are affected by the vulnerabilities and users are encouraged to install the updates promptly after release and testing.


Microsoft Security Bulletin Advance Notification for May 2012
technet.microsoft.com
This is an advance notification of security bulletins that Microsoft is intending to release on May 8, 2012.

My apologies again for anyone that tried to contact us earlier this morning. It appears that our Comcast Business Class service was down for at least 20 minutes. Comcast has assured us that they are working to resolve the issue and, as of right now, our service appears to be restored.

Portable storage devices (thumb drives, iPods, etc.) have long been a concern for network and systems admin types but this really ups the ante. Previously, the concern was that users would bring thumb drives and the likes into the office that had been infected from their home computers or bring larger storage devices (like iPods) in to steal company data. Now though, mobile devices can easily become infected and connected to sensitive internal networks, bypassing the need to 'move' a virus from a users infected home computer to their (typically more protected and secure) office computer.


Android malware now spreading through hacked Web sites
news.cnet.com
Malware is now being targeted to Android devices via compromised Web sites, a first in the mobile world, says security firm Lookout. Read this blog post by Lance Whitney on Security & Privacy.

A lot of people ask us why people create viruses for computers.... If you will remember, we have been posting articles about the Flashback virus for Mac computers that has been making its rounds. Well, it appears that the makers of that virus have been making $10,000 a day because of it. Here is an article explaining how they did it:

http://gizmodo.com/5906560/the-flashback-trojan-made-its-makers-10000-a-day

Ok, Windows Product keys. Some time ago, Microsoft started requiring that OEM's (Dell, IBM, Toshiba, etc.) 'stick' the Certificate of Authenticity (COA) label onto computers that have Windows installed. This is the sticker that has your Product Key on it, which is required if you ever have to reinstall. Sounds like a great idea, but the stickers are of exceptionally poor quality and the writing wears off pretty easily. On a side note, it also makes it easy for a dirtbag to just wander through your office with a smartphone and grab all of your product keys so the he or she won't have to buy legitimate copies of the software (or for fly-by-night computer shops to re-sell to unsuspecting customers). If you ever have to reinstall Windows and your COA label is unreadable, you will often be in a bit of a pickle. To avoid this pickle, take a moment to look at your product key and either take a quick picture of it or write it down and tuck it away for safe keeping. I have intentionally avoided mentioning the various ways to get the product keys from the registry because many OEM's use an enterprise key in their image that doesn't match the key on the COA label.

A HUGE thank you to everyone that came out for the ribbon cutting!!


Cartersville-Bartow County Chamber of Commerce -
www.cartersvillechamber.com

To anyone with Internet Explorer v6, 7, 8 or 9 installed on their computer (if you use Windows 98 or later, this applies to you), take a look at the linked article for information and update instructions. The vulnerability can allow an attacker to run programs on your computer as your user (if your user has administrative rights on your computer, the attacker will have administrative rights as well). It's also worth noting that exploits for these vulnerabilities are already included in Metasploit.


Microsoft Security Bulletin MS12-023 - Critical : Cumulative Security Update for Internet Explorer (
technet.microsoft.com
This security update resolves five privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could...

Not sure if any of you have taken a look at it but the Samsung Galaxy Note has really been getting my attention lately. I don't want / need a tablet but my phone is a little small to effectively manage our helpdesk software from and my laptop just doesn't fit on my belt that well. The Note, although massive for a phone, seems like it may be a decent device to suit my needs. Anyone have one or know someone that has one? Anyone thinking about getting one?



TechCrunch | A Galaxy Note In T-Mobile Trim Spotted In The Wild
techcrunch.com
It seems the Samsung Galaxy Note really is headed to T-Mobile. A pic showing a T-Mobile-branded Note was just posted on TmoNews somewhat confirm a report from earlier this week. The phone here had the standard assortment of T-Mobile apps including T-Mobile Name ID, T-Mobile Mall, T-Mobile TV and My ...

Huge thank you to everyone that came to the Grand Opening / Ribbon Cutting. Had a great turnout!