The United States Computer Readiness Team (CERT) is reporting today that multiple vulnerabilities exist for IOS. We recommend you review the bulletin if you use any Cisco networking products.
Popularity: 1% [?]
Beware of Predatory Domain Name Registrars
January 22, 2007 By Leave a Comment
This may sound familiar to you, you’re going through your business mail and setting aside the bills for your payables department. Oh, here is one for our website, Liberty Names of America. I guess our domain is expiring we better renew …. uh wait a minute, we don’t use Liberty Names of America. Why are they sending me a bill? It seems that some companies are founded with at the least ill advised business policies or perhaps far worse. Over the years as the operator of a small business I have seen a number of these predatory notices. The first one years ago was for some yellow page listing. It looked just like a bill you might get from the publisher of the yellow pages you run your advertisements in, only it was for some company you’ve never heard of and some book that no-one will see. Evidently people with similar scruples decided to get into the domain name business. There was even a allegation at one time that Verisign, Inc. (formerly Network Solutions) had sent similar notices to GoDaddy.com customers. We were unable to find evidence that these allegations were proven one way or the other.
Basically what these companies do is determine when your domain names are going to expire. They then send you a notice in the present example a “Domain Expiration Notice” and they encourage you to “renew today”. They will even bundle multiple domains you might have expiring at the same time in these notices. To make matters worse the prices in these letters is likely to be much higher than what you are already paying with your current registrar. If you receive one of these notices or worse yet are the victim of these predatory practices by mistaking them as legitimate, you can report a problem to InterNIC using their Registrar Problem Report form.
Popularity: 1% [?]
Education: the Answer to Zero Day Exploits
January 18, 2007 By 6 Comments
A Zero Day Exploit is an exploit that is circulating before the software vendor has learned of it. They can linger around as un-patched vulnerabilities if the vendor is slow or unable to respond to them.
Security software with lots of bells and whistles tends to encourage end users to feel more secure. They have firewalls, Antivirus protection, all sorts of resident programs and pretty icons. Something pops up now and then asking for their input; again insuring them it is working hard to protect them. They pay good money for this software, so it must give them some reason to rest easier at night. The sad fact is that even the best network protection scheme short of not having a network, is never safe. Let’s take a look at the situation today, and let’s talk about what we know. As of the writing of this article there are 3 un-patched vulnerabilities affecting Microsoft Word that have been known for over one month. That means that in spite of your efforts to protect yourself it is possible that a user at your company could receive an email containing an attached word document with an exploit designed to compromise your systems and your user would be the only line of defense. You’ve done everything you can do to layer your defenses, keep your systems up to date, and protect them pro-actively with other security software but there still is a chance that it could come down to the actions of that end user. That is why you should not overlook the human element in your security apparatus. Building a security aware culture is an important step in any IT security strategy. Teaching end users to get confirmation from third parties when they receive a message containing a suspicious attachment for example; can go a long way in preventing exploitation of your valuable resources. Scheduling regular training sessions where current issues are addressed can pay large dividends if even one compromise of your security apparatus is avoided. Educated users are safer users.
At Managed Solutions we advocate quarterly training sessions for existing employees and orientation for new users of our clients systems. By keeping the humans up to date with the latest information, our customers can substantially lower the chances of experiencing costly cleanup operations, loss of reputation and most importantly lost customers. What does your company do to educate its users? Perhaps it is time for you to consider a shift towards a more educated end user base. A security aware culture is the main protection we have against zero day exploits.
Popularity: 1% [?]
3 Critical Updates for Microsoft Products
January 9, 2007 By Leave a Comment
There are some critical patches available today to address bugs in Internet Explorer (nearly all versions), Outlook (numerous versions) and Excel (numerous version). We recommend you take these precautions for the coming few days even if you are able to install the update.
- Exercise caution with your web access habits.
- Do not open any attachments in Outlook that you are not expecting.
- Delete any suspicious emails you receive.
These updates will be available immediately from microsoft, to download them manually:
We will also push these updates out to customers machines that have requested in advanced that we do so. If you would like to see to it that this is done for your systems please contact us. Otherwise advise your users that when prompted by windows update to install critical updates to do so. These issues are significant and could cause extensive problems if they were to be exploited on one or more of your systems.
It is likely that you will not actually be prompted to install these updates until Wednesday January 9th as most windows update servers synchronize early in the morning. Running a manually synchronization is not adding the updates as of the authoring of this notice.
If you’d like to read more about this:
Or:
Advisories for Week of January 8th @ Cert
Popularity: 1% [?]
Antivirus That Works
January 5, 2007 By 1 Comment
Managed Solutions has a long history working with security products. Very early on in our business cycle it became apparent that the Internet and Email were going to really push the envelope as far as security for personal computers was concerned. Over the years we have worked with a number of specialized vendors providing Antivirus, Anti Malware and Anti Spyware solutions. Up until the summer of 2006 we viewed the products as a cumbersome necessary evil. That changed when we starting looking at ESET’s NOD32 product line. ESET has done a number of very positive things to vastly improve the ease of use, management and performance of their product and in the process made it cheaper for us to own and operate as businesses and individuals. Most security products these days are slow and inefficient, not NOD32. NOD32 is truly a wonder in that it achieves the following:
- Provides a very high level of performance
- Is easy to install and maintain
- Is effective at detecting known and unknown viruses
- Is easy to upgrade
- Is competitively priced
- Uses very little system resources
- Is very easy to manage
- Offers very flexible configurations
At Managed Solutions we pride ourselves in being a business that is prepared to change and make moves swiftly when it makes sense. ESET has made it quite easy for us to migrate our internal security mechanisms and customers to their NOD32 product. Our customers that have made the switch have had nothing but good things to say about NOD32. A recent response we received was “My computer is faster” and of course this is achieved while upgrading the quality of the solution. A typical problem in the past we encountered was re-licensing and upgrading the products was difficult and cumbersome. This is a huge burden that is lifted with NOD32 being a breeze to upgrade and acquire licenses. If you’d like to learn more about NOD32 feel free to contact us for more information.
Popularity: 2% [?]
Ten Years in Business 1997-2007
January 2, 2007 By Leave a Comment
We are proud to announce that we have achieved a milestone in our business, we are celebrating our 10 year anniversary in 2007. We would like to thank our customers, vendors, friends and family for making this possible.
Popularity: 1% [?]
Recent Comments