SwiftecIT: Corporate Quality IT for growing businesses SwiftecIT: Corporate Quality IT for growing businesses SwiftecIT: Corporate Quality IT for growing businesses

Archive for the ‘Alerts’ Category

« Older Entries

‘Fully Patched’ Microsoft Windows XP, 2000 Still Vulnerable To Attack

Wednesday, July 7th, 2010

Source

By Stefanie Hoffman, CRN 8:04 PM EDT Tue. Jul. 06, 2010

There’s yet another critical Microsoft (NSDQ:MSFT) Windows vulnerability out there, this time in fully patched Windows 2000 and Windows XP versions, which can be exploited by hackers to launch malicious attacks, security firm Secunia reported.The Windows vulnerability, which Secunia rates as “moderately critical” is the result of a boundary error in the “UpdateFrameTitleForDocument()” function of the CFrameWnd class in mfc42.dll. The vulnerability can be exploited to cause a stack-based buffer overflow error, which occurs by passing an overly long title string argument to the vulnerable function.

If exploited, the vulnerability can open the door for hackers to launch remote code execution attacks, aimed at taking control of a user’s computer and stealing sensitive data, typically through social engineering schemes. Specifically, the vulnerability is confirmed in fully patched versions of Windows 2000 Professional SP4 and Windows XP SP2/SP3, although other versions may also be affected. In addition, the PowerZip version 7.2 Build 4010 was also found to be an attack vector exploiting the flaw, the Secunia advisory states.

Thus far, Microsoft has yet to release a patch fixing the error, and has not yet issued an advisory warning users about the flaw. Until then, Secunia recommends that users restrict access to applications that allow user-controlled input to be passed to the vulnerability.

Tags: ,
Posted in Alerts, IT in the Workplace | No Comments »

Security: Copier machines – huge security risk

Monday, May 10th, 2010

This is not for the faint of heart.  Copiers digitally store all your confidential and personal information – and when you trade in your copier you are handing all of this information to someone you don’t know!  Never mind the security implications for MA Regulation 201 CMR 17.00 – but what about confidentiality.  Oy vey!

http://www.cbsnews.com/video/watch/?id=6412572n

What to do?  Get a letter from the company taking the copier that they have wiped the hard drive in the copier, or find a company that will do this before you trade the unit in.

Tags: , ,
Posted in Alerts, IT in the Workplace | No Comments »

Spector 360® 2010 Product Upgrade Release Notice

Tuesday, January 26th, 2010

FYI – for clients running SpectorSoft for web filtering.  If this affects you and you would like the upgrade installed, please let us know.

Tags:
Posted in Alerts, IT in the Workplace | No Comments »

Microsoft Critical Product Vulnerability, January 21 (Out-of-Band)

Sunday, January 24th, 2010

Cumulative Security Update for Internet Explorer (978207) MS10-002

Affected Software
All supported versions of Internet Explorer on Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008*, Windows 7, and Windows Server 2008 R2*.

Tags: ,
Posted in Alerts, IT in the Workplace | No Comments »

Symantec claiming to be out of date!

Wednesday, January 6th, 2010

Current certified definitions are December 31, 2009 rev 117 and contain updates through January 5, 2010.

—————————————————————————————————————————————————–

An issue has been identified in the Symantec Endpoint Protection Manager (SEPM) server whereby all types of SEP definition content [AV/AS, IPS] with a date greater than December 31, 2009 11:59pm are considered to be “out of date”.

Customers running SEP are still protected, and we are continuing to release updated definitions as normal.  However, for the time being, SEP definitions will display a date of December 31, 2009, with increasing revision numbers.

Tags: ,
Posted in Alerts, IT in the Workplace | 1 Comment »

Swiftec merges with TrekMicro!

Friday, January 1st, 2010

We want to share with you some exciting news at Swiftec IT, Inc (Swiftec). Effective January 1, 2010 Swiftec and TrekMicro have merged to jointly provide IT services to their combined client base under the Swiftec IT, Inc name. The technical support you have been receiving from Swiftec and TrekMicro will continue as before, but will be enhanced by additional staff.

Read full press release here

Posted in Alerts, IT in the Workplace | No Comments »

Data Encryption Info Sessions

Friday, January 1st, 2010

Hello all,

Happy NEW YEAR!

One of the great things this new year brings is the deadline for data encryption <grin> on March 1st 2010.  We are holding several information sessions if you are interested in a short intro to why you need to be aware of this and what you have to do.

Please note: this only affects companies with employees, or customer data.  If you are a sole proprietor or you do not keep data on anyone, then there is nothing you must do.

Also – if you are a member of NCMAR we are presenting to 100+ on January 14th.

We have posted additional dates of our info sessions.  Space is limited so please let us know your preference. Please click on the link below to indicate which session you would like to attend.

http://swiftecit.com/html/Swiftec-CMR17-signup.shtml

Tags: , , ,
Posted in Alerts, IT in the Workplace | No Comments »

Data encryption info sessions

Thursday, December 31st, 2009

Swiftec posted additional dates for upcoming information sessions about the new Massachusetts encryption Bill 201 CMR 17.00.  To sign up for a session please goto http://swiftecit.com/html/Swiftec-CMR17-signup.shtml.

We will simplify the bill and explain what you need to protect, vs. what most people think they have to protect.

Tags: , , , ,
Posted in Alerts, How To Articles, IT in the Workplace | No Comments »

Gmail and Google Apps Account Hacked But Restored Soon After

Monday, December 28th, 2009

Gmail and Google Apps Account Hacked But Restored Soon After.

My Gmail and Google Apps accounts were hacked recently but I could establish my identity, Google restored access in the next three hours. Here are lessons learned and tips that might prevent your Gmail and other Google Accounts from getting hacked.

Google Account HackedI frequently get “password assistance” emails in my Gmail inbox that have a link to reset the password of my Google Account (see screenshot). Since I don’t initiate such password change requests myself, it’s clear that someone else is trying to hack into my Google account.

I generally ignore such emails as they also say:

If you’ve received this mail in error, it’s likely that another user entered your email address by mistake while trying to reset a password. If you didn’t initiate the request, you don’t need to take any further action and can safely disregard this email.

I got a similar email yesterday night and ignored it as usual. In the next five minutes, there was a message on my BlackBerry saying that the device is having trouble fetching emails from my Gmail and Google Apps account. Microsoft Outlook too had stopped working by then.

Things were now no longer in my control. Someone had successfully managed to change the password of my Gmail account, my Google Account and the most terrifying part was that the hacker also gained control over my Google Apps Account which is linked to labnol.org and other web domains.

When something like this happens, you tend to get that ’sinking feeling’ because now all your private information (email correspondence, documents, bank statements, photographs, etc.), your identity on the social web (Twitter, Facebook, Blogger, etc.) and, most important, your online business is not in your hands anymore.

I make a living from this blog but if someone else takes control of the site (by changing a couple of passwords and DNS records), the going can get really tough.

How the Google Accounts were hacked and recovered?

I use a fairly strong password so it can be tough for someone to guess that string. And since I got a password reset email request in the first place, the possibility that the password was cracked can be safely ruled out.

I don’t use Gmail from any public terminal (therefore safe from password stealing keyloggers) and have never clicked on links that may point to a fake Google login page (so no phishing attack either). You cannot associate a “security question” with non-Gmail Google accounts so the possibility that the “security question was weak” is also ruled out.

My assumption is that since my Gmail account is was set as the secondary email address of my Google Apps account, he (or she?) somehow hacked into the Gmail account and from there he gained control of my other Google Accounts. This seems probable but I am not sure.

As soon as I discovered that the accounts were hacked, I posted a message on Twitter, contacted a couple of people at Google and filled up some recovery forms in order to verify ownership. I consider myself lucky because several people went out of their way to help me and access to all the accounts was finally restored in the next 3 hours. The nightmare was over.

Things to do before the hackers strike again!

I won’t ever know who that hacker was except that he left a brief message in my Inbox saying that he didn’t hack my Google account with bad intentions and that he “enjoys exploring the web for vulnerabilities”. The note also says that he is in need of urgent money and asks for a specific amount.

Anyway, here a few important things that I have learned in the process that you might want to implement at your end as well though it’s hard to tell if one can really prevent a determined hacker from stealing your Google accounts.

How to Protect your Gmail & Google Accounts

#1. Log-in to your Gmail / Google Account and associate a phone number. This is useful because you’ll then receive an SMS text message whenever someone tries to recover your Google password.

#2. Create a new email address (on say Yahoo! Mail or Gmail itself) and set this as the secondary email address for your existing Gmail and Google Accounts. Check for emails on this new account manually or through a desktop client via POP3 / IMAP but do not enable auto-forward for the new email address as the original purpose will be defeated.

#3. Take a paper and write down the following information about your Google Account. You will need this to verify your identify to Google in case someone else takes over your Google Account and the secondary email address associated with your account.

  • The month and year when your created your Gmail / Google Account. You can look at the last page of your Gmail Inbox (or go to Sent Items) to get an approximate idea of the date when you created the account.
  • If you created a Gmail account by invitation, write the email address of the person who first sent you that invite for Gmail. Use a search query like “in:all has invited you to open a free Gmail account” to find that invitation email.
  • The email addresses of your most frequently emailed contacts (the top 5).
  • The names of any custom labels that you may have created in your Gmail account.
  • The day/month/year when you started using various other Google services (like AdSense, Orkut, Blogger, etc.) that are associated with the Google account that you are trying to recover. If you’re not certain about some of the dates, provide your closest estimate*.

[*] For Analytics, look at the first date when it started collecting stats for your website(s). For Orkut, look at the last page of your scrapbook. For AdSense, you may take the help of your AdSense account manager.

#4. It goes without saying but do not use the same password for your main Google / Gmail account and your secondary email address.

#5. If you access Gmail and other Google services over a Wi-Fi network, make sure that you always use the secure URLs like https://gmail.com. Go to Gmail settings and set ‘Browser Connection’ to ‘Always use https.’ This might make your Gmail access a bit slower but your account will be more secure.

#6. Once in a while, do refer to that little line in the footer section of your Gmail Inbox that shows the different IP addresses from where your account is being accessed. If you find an unknown IP address, change your Google password immediately. The person who hacked my Gmail accounts configured them with his Hotmail account so he could effectively read all my email communication remotely from his Hotmail inbox without ever logging into my Google account again. I could figure that out only after I saw an IP address from a Microsoft server in my Gmail activity log.

#7. You should also consider copying emails from Gmail to another service (like Yahoo! Mail or Hotmail – it is effortless) so when your Gmail account is compromised, you at least have access to all your previous emails. Or you can configure a desktop email client like Outlook or Thunderbird with your Gmail account (via POP3 or IMAP) and thus you’ll have an automatic offline backup of your Gmail Inbox.

#8. Do a test run. Log-out of all your Gmail / Google Accounts and initiate the password recovery process for each one of them using this form. This will help you make sure that your SMS settings and secondary email addresses are configured correctly.

For Google Apps users

#9. You should always have a public email address on your website that others can use to contact you directly. This public email address will also help people find and connect with your on social networks like Facebook, LinkedIn, etc. However, you should make sure that you don’t provide administrative privileges to this email address in Google Apps because if someone hijacks this account, he will effectively take over your Google Apps domain. Create a new user in Google Apps as an administrator and never share this username with anyone else.

#10. If you have lost access to your Google Apps dashboard, you’ll have to create a new CNAME record pointing to google.com to verify that you are actual owner of that web domain. To reset the password for the administrator of your Google Apps domain via your domain hosting company, the URL is:

https://google.com/a/cpanel/xyx.com/VerifyAdminAccountPasswordReset

[*] Replace xyz.com with your own domain address.

Posted in Alerts | 1 Comment »

Exploit Code Available For Zero-Day IE Flaw – Security – IT Channel News by CRN

Tuesday, November 24th, 2009
By Stefanie Hoffman, ChannelWeb
4:43 PM EST Mon. Nov. 23, 2009

Microsoft warned of a critical, zero-day vulnerability affecting Internet Explorer 6 and 7 Web browsers on Windows XP and Vista, which paves the way for hackers to download malicious code onto users’ PCs.Symantec security researchers published proof-of-concept code detailing the exploit on the BugTraq security mailing list over the weekend. To launch a successful attack, hackers could install malicious code on users’ PCs by enticing potential victims to either click on a malicious link leading to a specially crafted Web page or by visiting an existing site infected with the exploit. Hackers typically lure victims to infected sites through some social engineering scheme conducted over e-mail.

Security researchers say that the exploit thus far appears to only affect IE 6 and 7 on Windows XP and Vista but could possibly affect other versions of both IE and Windows. Microsoft’s latest IE 8 browser does not appear to be affected by the flaw.

Specifically, the IE bug occurs in the way IE uses cascading style sheet (CSS) information, which ultimately enables hackers to inject the exploit into otherwise legitimate Web sites, according to reports from Symantec. CSS is a function used in Web sites to define the presentation of the site’s content.

So far, the exploit has exhibited signs of poor reliability, but Symantec researchers said in a blog that they expect hackers to develop a fully functional version of the attack in the near future.

Meanwhile, Symantec researchers advise users to disable JavaScript until Microsoft releases a fix for the bug. Symantec experts also recommend that in general users should keep their antivirus software up-to-date and only visit known and trusted Web sites to stay protected from future attacks.

Tags: ,
Posted in Alerts, IT in the Workplace | 1 Comment »

« Older Entries