By Steve on October 11, 2010
Did you catch the story on NPR?
It’s in your airports, your coffee shops and your libraries: “Free Public WiFi.”
Despite its enticing name, the network, available in thousands of locations across the United States, does not actually provide access to the Internet. But like a virus, it has spread — and may even be lurking on your computer right now.
While not necessarily an immediate danger, it’s another message about being current with your operating system and applications for security purposes. The other consideration is providing for your users wifi needs when traveling. One option is the proliferation of choices available to cable subscribers as described in this article – Comcast Cuts The Wire. Locally AT&T offers this type of package for U-Verse or DSL/Wireless customers. This type of proactive effort will help limit the type of behavior leading to the scenario described in the NPR report.
Posted in Microsoft, Security
By Steve on October 6, 2010
If your small business has 10 or fewer PC’s, I recommend you look into adding Microsoft Security Essentials to your list of installed software. Security is a critical element in ensuring a stable working environment and I use Microsoft Security Essentials for it’s real-time protection against viruses, spyware, and other malicious software. The new licensing goes into effect on Thursday October 7th. The product is also free for home PC’s and is my product of choice for the many family PC’s I support across several states.
As with all Microsoft software, there are some requirements: Operating System: Genuine Windows XP (Service Pack 2 or Service Pack 3); Windows Vista (Gold, Service Pack 1, or Service Pack 2); Windows 7
From the Microsoft Partner website that alerted me to this new model, the question of what to use for larger firms is addressed with the following:
Question: “If you are making this change to allow small businesses to utilize Microsoft Security Essentials on up to 10 PCs, what do you recommend companies with more than 10 PCs use?” Answer: If you operate a small business with more than 10 PCs, we recommend that you consider using the Forefront line products to address your security needs.
I don’t have experience with Forefront, many of my clients are already using other commercial options.
Posted in Microsoft, Security
By Steve on March 18, 2009
While it’s easy to target Microsoft for security issues, an organization must look at its entire infrastructure in order to maintain security. eWeek recently looked at Adobe Reader and came away unimpressed, to the point of inside an organization.
It began when due to an advertisers use of an unpatched version of Adobe. That was in February and patches were promised in March.
Have you ? If not, now is the time to ensure that and are up-to-date and you, and your clients, are protected.
You can also update from within the applications themselves. For Reader, you can find Update under Help. If you are running Reader v8, I don’t recommend moving to Reader v9 until you’ve tested other applications for support of v9. While eWeek points to a couple of option, including (for Firefox) I’ve been happy with for several years now.
Posted in Security | Tagged Acrobat, Adobe, eWeek, Firefox, Foxit, PrimoPDF, Reader
By Steve on February 16, 2009
Four available in , two rated Critical and tied to Internet Explorer v7 (current) or Microsoft Exchange:
Cumulative Security Update for Internet Explorer (961260)
This security update resolves two privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)
This security update resolves two privately reported vulnerabilities in Microsoft Exchange Server. The first vulnerability could allow remote code execution if a specially crafted TNEF message is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could take complete control of the affected system with Exchange Server service account privileges. The second vulnerability could allow denial of service if a specially crafted MAPI command is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could cause the Microsoft Exchange System Attendant service and other services that use the EMSMDB32 provider to stop responding.
Extreme Tech :
A few months ago Microsoft started including an “Exploitability Index” value to show how easy it should be to construct a successful attack using the vulnerability they were disclosing. In many cases, a vulnerability may be critical because the consequences of it being exploited are serious, but in fact it is not so easy to exploit.
Monday’s Internet Explorer vulnerabilities were give an Exploitability Index value of 1, which translates to “Consistent exploit code likely.” Microsoft adds the note “Consistent exploit code can be crafted easily.” See the summary and click on Exploitability Index for all this. For some reason, Microsoft does not include these Exploitability Index values in the individual security bulletins, such as the one for Internet Explorer yesterday.
What this means is that you can expect, or at least you should assume, that attack code to exploit this vulnerability will be on the Internet very soon. It will be pushed through all the usual channels, some of which are hard to avoid, such as ad banners.
Posted in Security | Tagged Microsoft, Security Bulletins
Recent Comments