|
Microsoft Office is often bundled with new computers, with the option to “Activate” it by buying a product key card. Microsoft has changed their download package for Office 2010. It comes by default with Click-To-Run which has multiple problems. Follow the instructions in KB 982431 to download the full version without the click-to-run feature (it’s on the lower part of the page).
Epsilon data breach leaked the names and email addresses of clients. You may get an apology letter and phishing warning if you have accounts with Chase, Capital One, US Bank, Citi, or LL Bean (Barclay’s). Also compromised were Verizon, Ritz-Carleton, Marriot Rewards customers, Home Shopping Network, Kroger, Target, Ameritrade, Ameriprise, and Walgreens. Full list here. Tips on detecting a Phishing email.
AT&T plans to buy T-Mobile. A brief history of Telecom mergers:
YouTube debuts Live streaming site. YouTube also has a growing selection of online movies.
Rustock Botnet Shut down - Botnets are networks of up to millions of hacked computers used for criminal computing or sending spam.
“Even the leading security suite providers admit that anti-virus solutions are no match for the advanced nature of today's criminal malware.” - Damballa
Malware “Kits”- available for sale – make it easy to get into the Botnet business for about $100. The better ones now dynamically encrypt the malicious file, making it look different every time it is downloaded, and impossible to recognize by traditional scanning.
Current Microsoft Security Intelligence Report.
As we mentioned last month, it’s time to update XP to Windows 7, which is more secure. Regular maintenance can also help prevent vulnerabilities.
Microsoft’s guide to repairing an infected PC. Download the document here, and then unzip to view.
A new Netgear Powerline AV kit for home networking is fast enough to stream video, and can take the place of wireless in some situations. It uses the power lines, at higher speed than previously available. About $150 for 2 adapters, connecting up to 500 Mbps.
Legal action against mobile apps: “An examination of 101 popular smartphone "apps" games and other software applications for iPhone and Android phones—showed that 56 transmitted the phone's unique device ID to other companies without users' awareness or consent…”
Make sure you have a policy in place if you reimburse personal cell phone costs for company email on personal smart phones. Is the email and other data yours or theirs when they leave?
SECURITY
IOS Update for iPhone and iPad 4.3.1 fixes some glitches. Not available yet for Verizon (CDMA) iPhone.
More updates for Acrobat APSB11-06 and Flash APSB11-05.
Microsoft released a bunch of critical Windows updates on April 12th. Several are being actively exploited and should be installed right away.
|
Patch (KB) |
Released |
Description |
Status |
|
2497640 |
|
Internet Explorer — attacks in the wild |
Install |
|
2503658 |
|
MHTML — public exploits seen |
Install |
|
2511455 |
|
SMB client — likely to see exploits |
Install |
|
2446708 |
|
.NET 4 — historic patching issues |
Hold |
|
2446709 |
|
.NET 2/3.5 — historic patching issues; KB 2446710 for Win7 SP1, KB 2446704 for XP |
Hold |
|
2509470 |
|
Extended Protection for Outlook — past issues |
Hold |
|
2464588 |
|
PowerPoint 2003; KB 2464617 for 2002, 2464594 - 2007, 2519975 - 2010 |
Wait |
|
2467174 |
|
MS11-024, Visual C++ — check line-of-business impact |
Wait |
|
2467175 |
|
MS11-025, Visual C++ 2005 — check LOB impact |
Wait |
|
2506014 |
|
Hardening the system for prevention of root kits |
Wait |
|
2506223 |
|
Windows Kernel patch |
Wait |
|
2508272 |
|
ActiveX Kill bit — wait for further testing |
Wait |
|
2509503 |
|
Office 2003; KB 2509461 for XP, 2509488 – 2007 |
Wait |
|
2509553 |
|
DNS flaw — unlikely threat for home/small-biz users |
Wait |
|
2511250 |
|
Printing fix for IE9 — hold back on IE9 for now Wait Install if you have IE9 |
Wait |
|
2393802 |
|
Kernel patch triggered BSOD; use Symantec solution |
Install |
|
2412687 |
|
GDI+ — exploits unlikely |
Install |
|
2464623 |
|
PowerPoint viewer 2007 |
Install |
|
2466156 |
|
Office Compatibility Pack security update |
Install |
|
2485663 |
|
WordPad — more critical on XP |
Install |
|
2491683 |
|
Windows Fax cover-page flax; KB 2506212 for XP |
Install |
|
2507618 |
|
OTF Font — attacks unlikely |
Install |
|
2508429 |
|
SMB Server — not at high risk |
Install |
|
2508958 |
|
Fixes issues with Office updates |
Install |
|
2510531 |
|
JScript and VBScript — exploit unlikely |
Install |
Status recommendations: Skip — patch not needed; Hold — do not install until its problems are resolved; Wait — hold off temporarily while the patch is tested; Optional — not critical, use if wanted; Install — OK to apply.
Remote Server administration tools for Windows 7 updated to work with SP1.
NEWS
Lunch Bytes Thursday, April 21st, 12 - 1 pm
at the Visalia Chamber of Commerce
Knowledge Work - Using the Web Well
-
Cloud and internet apps and tools you can use
-
Identifying opportunities – Where can your effectiveness improve?
-
Web / Cloud tools for common tasks – Many free or low cost.
-
Getting close to your customers or clients
-
Tools to have the right information come to you
-
Solve any problem by getting the right help
-
Keeping up with change
-
Time and task management
Tim will be presenting a short lunch talk on security April 28th for Visalia Community Bank customers. Ask your loan officer about an invitation.
Tim will be speaking at the Workplace violence seminar on May 3rd at the Agri-Center. Contact us for more information.
Right Click to download this month's cartoon.
|