For your convenience and to learn more on how to protect yourself you can also check out this video:

Video not displaying? You can also view it on Youtube.

Here is the entire text of the message (added to properly index this article with the search engines):

Attn: Financial Department

By this message we would like to inform you about the recent alterations in the FDIC insurance coverage for transaction accounts.

During the period from December 31, 2010 to December 31, 2012 all the money in a “noninterest-bearing transaction account” are insured in full by the Federal Deposit Insurance Corporation. Please note, that this measure is temporary and separate from the FDIC’s common deposit insurance regulations.

The term “noninterest-bearing transaction account” includes a traditional checking account or demand deposit account on which no interest is paid by the insured depository institution.

For detailed information about temporary FDIC insurance coverage of transaction accounts, please view the official site link.

Yours sincerely,
Tad Melendez.

Federal Deposit Insurance Corporation

It’s time to add a new acronym

For some time now we’ve all learned that windows/operating system updates are pretty important but there are emerging threat vectors that also need to be addressed. Back in early 2009 a huge ramp up in volume of Adobe PDF and Java updates occurred. Since that time those two have become two very popular sources of computer exploitation. Add that to some recent nasty Flash exploits and you have the makings of a new acronym:

Always update JAFO:

Java
Acrobat
Flash
Operating System (Critical Updates Windows, etc)

Extra credit for the techie types, remember when Microsoft had their own Java Virtual Machine?

Duqu not Dooku, Image Credit Tracheotomy Bob

The Duqu Remote Access Trojan (RAT) that hit the wild in Europe this week is not a character in the latest Star Wars movie. While it sounds like a George Lucas inspired character duqu comes from the ~DQ prefix that researchers noticed this previously unknown malware was adding to files it creates when it was discovered. I am sure Dairy Queen is happy with their choice. Joking aside this virus is no laughing matter. It seems to have been written by the authors of or with the benefit of the Stuxnet source code. Stuxnet is the virus that was believed to have setback the Iranian nuclear program last year. It’s smaller and appears to be designed to spy on infected computers with a combination of a key stroke logger, a data siphon and remove itself after eluding detection for 36 days.

A new breed of threat

One disconcerting aspect of this particular Trojan is that one of the drivers in a variant used a signed certificate of a known organization in Taiwan. That means that a windows machine will treat that driver as a legitimate driver, just like one you’d download to access a new hardware device on your Windows PC. Luckily the certificate has been revoked. This particular malware mask’s it’s presence on the infected machine quite well providing a challenge to detect.

What can you do to protect yourself?

All of the best practices that apply to information security will help you avoid Duqu. This includes:

1. Keeping your critical components up to date.
2. Cautious web surfing and Email habits.
3. Avoid public charging kiosks.
4. Avoid flash drives from unknown sources.

Can we prevent this?

Seeing as the machines that were infected with this Trojan were hit when it was “Zero-Day” it is prudent to consider what other means may have prevented the infection. If it ends up that this virus communicates with hosts in remote countries that a security solution I recently proposed would prevent the infection from transferring or downloading any information rendering it useless.

More information

• Symantec White Paper
• Wired Article

If you found this article helpful or interesting please share it with your friends.

Image compliments of Sandia Labs (Creative Commons)

Last week the SEC released a Disclosure Guidance Document on Cyber Security. The document was a direct response to the dependence on digital technologies and the increased risks associated with Cyber Security. While the SEC guidance was aimed at publicly traded companies, the information in and the existence of the document should raise eyebrows at any business.

An ounce of prevention truly is worth a pound of cure

The document contained extensive guidance for organizations including before, during and after a cyber security incident. Perhaps the most interesting suggestion in this particular document is the call to disclose risk:

Registrants should disclose the risk of cyber incidents if these issues are among the most significant factors that make an investment in the company speculative or risky.

This is something all businesses should be asking themselves, not based on guidance from the SEC or specific directives such as HIPAA but rather because it is the right thing to do. We as businesses are stewards of our clients critical information. In many cases prevention is less expensive than we might think and much less expensive than the liability associated with a failure to prevent a cyber security event.

In response to the extraordinary role that Cyber Security has played in our modern connected world Managed Solutions introduced a program called Secure Enterprise in 2002 to assist businesses with protecting critical enterprises of any size. You can join the conversation about Cyber Security on our Facebook page.

August 7-13th, 2011 is International Patch Everything Week

Microsoft Advisories

It started early this week when we were informed by the US-CERT that all of these products had vulnerabilities that would be addressed in updates from Microsoft:

• Microsoft Windows
• Microsoft Office
• Internet Explorer
• .NET Framework
• Microsoft Developer Tools

That for the record is pretty much everything in the Microsoft world at least for the typical desktop user (except the developer tools of course). That was not the end of the notices for the week.

Adobe Advisories

Today we were informed of a plethora of Adobe product security updates:

• Shockwave Player 11.6.0.626 and earlier versions for Windows and Macintosh
• Flash Media Server 4.0.2 and earlier versions for Windows and Linux
• Flash Media Server 3.5.6 and earlier versions for Windows and Linux
• Adobe Flash Player 10.3.181.36 and earlier versions for Windows, Macintosh, Linux, and Solaris operating systems
• Adobe Flash Player 10.3.185.25 and earlier versions for Android
• Adobe AIR 2.7 and earlier versions for Windows, Macintosh, and Android
• Adobe Photoshop CS5 and CS5.1 and earlier versions for Windows and Macintosh
• RoboHelp 9 (versions 9.0.1.232 and earlier), RoboHelp 8, RoboHelp Server 9, and RoboHelp Server 8 for Windows

This array of products covers pretty much any PC based client computer and Android to boot. So don’t delay when you are notified of new updates available this week, just run them all.

Need help finding updates?

You can refer to the original bulletins for details on your device/pc:

For Adobe Products:

Security update available for Adobe Shockwave Player

Security update available for Adobe Flash Media Server

Security update available for Adobe Flash Player

Security update available for Adobe Photoshop CS5

Security updates available for RoboHelp

For Microsoft Products:

• Security updates are available from Microsoft Download Center. You can find them most easily by doing a keyword search for “security update”.
• Updates for consumer platforms are available from Microsoft Update

Warning: As always consult your IT department before applying software fixes. Also be aware that some software patches can cause problems.

What are we looking for?

We’re looking for WordPress developers that are familiar with creating custom child themes who can quickly, cleanly and effectively customize WordPress templates to meet our customers needs to look their best online. Most of our work right now is centered around custom child themes for the Genesis framework and we have a desire to continue to pursue that. We have several active projects right now that we have opportunity to share with the right developer(s).

If this is you and you’d like to be considered fill out this simple form to be considered:

If your computer recently got infected and you paid to get it cleaned up or restored from a backup, this article was written just for you!

Fixing avoidable problems is not “fun”

Contrary to what many might believe, we don’t enjoy or look forward to fixing broken computers. What we really love to do is prevent them from needing to be repaired or otherwise enhancing your business using technology like WordPress. Since we don’t live in that perfect utopia and things do break on occasion and systems get compromised, the intention of this article is to help you avoid some of these issues in the future.

Information Security is Challenge

There are so many threats that face you as a user (Factoid: There are 43 posts on this site that use the Security category and that is practically all we share on our Facebook page these days!). In spite of what often appears to be a swell (Tsunami?) of threats, there are certainly things that you can do to protect yourself.

Step 1 – Admit that you have a problem Opportunity.

If your computer got infected it was due to a problem. The most likely three scenarios are:

1. Critical security updates were not installed.
2. You believe your Antivirus software will protect you.
3. You were careless gave the bad guys the opportunity.

Step 2 – Don’t beat yourself up

Many users find themselves in your shoes. None of us are perfect and the fact that you are still reading this you can pat yourself on the back for working to improve the situation. An opportunity has presented itself, you now have added motivation to take some important precautions and raise your awareness.

Step 3 – Make sure you are installing security updates

In April of 2010 we shared with our readers why it is important to install Security updates. In that post we recommended that you should always install the following updates as soon as you can whenever prompted:

1. Windows Critical Updates
2. Adobe Acrobat
3. Flash Viewer
4. Oracle/Sun Java

It takes a while to learn what all these updates look like, but generally speaking they remain fairly consistent so once you do learn what to look out for you only need to validate it when it changes. Don’t let the fear of the updates being part of the problem stop you. It is greatly beneficial to take the time to learn to recognize the “normal” updates and apply them when prompted. It could save you from getting your computer infected.

Step 4 – Know your Antivirus Software Limits

Have you ever heard the term Zero Day? Zero day is something brand new and you often hear it combined with exploits: “Zero Day Exploits”. Since Antivirus and Anti-Malware software work off definitions (there is also heuristics or virus like characteristics but it is not perfect) it is only good if the virus or malware that you happen to get exposed to is well defined in your Antivirus/Malware Software.  In other words, there are plenty of things that will infect your computer if you click them, particularly “new” viruses and malware. Remember Viruses are written to try to avoid being detected.

Your antivirus software won’t always protect you.

Learn how to protect yourself from Zero Day Exploits.

Step 5 – Understand the importance of your role in your security

It is not a security that without users computer viruses as we know them today would not exist. It is important to recognize that you can make a difference and to take an active role in avoiding infection by the choices you make. We covered this thoroughly in our post about the role of personal choices in information security. In that article we shared 5 areas where choices had a substantial impact on your security including:

1. Competency/Learning
2. Hardware and Networking Devices
3. Security Software
4. Participation
5. Gullibility and Greed

It’s no secret that virus and malware authors exploit us, our weaknesses, events, and a myriad of other things to compromise us. Make sure your personal choices aren’t giving them extra opportunities.

Step 6 – Subscribe to Our Updates

A lot of the content for this article was already on our site. Let us educate you and prevent you from harm and expense whenever possible. A simple way to stay plugged in is to to sign up for updates to this site so you never miss the latest news. You can Subscribe to Managed Solutions by Email and get our Facebook exclusive updates on our Facebook page.

Opportunity Center Image credit: Jason Tester, Guerilla Futures

Either one of those articles by themselves would have huge implications in the security of mobile devices, but the startling thing is that there are others popping up in the last 24 hours as well, and that is what compelled me to write this article for the Managed Solutions blog.

HongTouTou Android Trojan

A Chinese localized (targeting Chinese language users) Trojan emerged for the Android platform this week. The Trojan rode onto unsuspecting users via Android App marketplaces and forums.

$2,000 worth of equipment can extract Crypto Keys from Mobile Device Signals

Threatpost did an amazing job of describing a problem with how Cryptography is implemented on mobile devices. The problem results in the ability to actually capture and mimic the cryptographic key that could be for say your mobile phones payment system. This is particularly important because a lot of people see mobile as having a bright future in the payment arena.

iPhone Hacked and Passwords Stolen in Six Minutes

Fraunhofer has a video and press release demonstrating the ability to hack an iPhone and recover passwords in just 6 minutes. You don’t have to be an information security professional to realize that this is not good news for iPhone or iPad users that store anything of sensitive nature on their devices. Here is the video if you’re interested:

Thanks for the Wakeup calls today and kudos to Threatpost, Ben Jun, Cryptography Research and Fraunhofer.

How do you test to see if you need updates? Follow these instructions:

For Shockwave Player Make sure you have version 11.5.9.620 or above (Update)

For Flash Player make sure you have version 10.2.152.26 or above (Update)

For Adobe Acrobat and Adobe Reader you will need to run the program and choose “About Adobe Reader # or About Adobe Acrobat” from the Help Menu at the upper right portion of the menu:

Make sure the resulting version of Adobe Reader and Acrobat 10.x is 10.0.1 or above, 9.x is 9.4.2 or above, and 8.x is 8.2.6 or above. (Update Windows or Mac)

Who should care?

Do you use the Chrome Browser or Chrome OS? If you do then you should take action to confirm that you will not be vulnerable.

How to tell

With your Chrome Browser open click the small tool icon in the top right of the browser window pictured below:

Once the above drop-down menu appears click the “About Google Chrome” menu item. This will result in a screen that will tell you if your browser is up to date and what version it is running:

The critical piece of information is the green check mark at the bottom of the page. If Chrome is not update or in this case is a version older than 8.0.552 your browser is vulnerable and needs to be updated. In most cases Chrome will be up to date as it is configured to update automatically. This is actually one of the strengths of this browser platform.