RSS Feed
News
May
26
Apple to issue Mac update to halt malware attacks
Posted by Steve Moffat (Optimum IT Support) on 26 May 2011 11:56 AM
Apple says it will issue a software update in coming days for Macs to combat a recent surge of malware attacks.

When using a Web browser, the phishing scheme redirects users to fake websites and claims their computer has a virus, according to an update on Apple's support website.

The user is then offered fake anti-virus software -- falling under names such as Mac Defender, MacProtector or MacSecurity -- and eventually prompted to offer credit card information to complete the "purchase."

The support page offers detailed instructions on how to remove the malware if it's installed to a Mac. Users can avoid the attack by force quitting their browsers if these phony notifications pop up.

Apple says in some cases, a browser may automatically download and launch the malware installer. If that happens, Apple says cancel the installation immediately, go to the Downloads folder and delete the installer.

A software update for Mac OS X will arrive soon that will automatically find and remove Mac Defender or any related malware.

The support statement from Apple comes several days after reports of malware attacks targeting Mac computers began surfacing on the Web.

The scams also raise arguments -- including this one from PC World -- about whether Apple computers aren't as secure as some users might believe.


Read more »



May
20
Apple to support staff: Don't discuss Mac malware
Posted by Steve Moffat (Optimum IT Support) on 20 May 2011 10:29 AM

Is Apple telling staff not to talk about the Trojan that is plaguing Macs?

Apple's battle against the fast-spreading "MacDefender" Trojan just took a very interesting turn.

According to a May 16 internal memo obtained by ZDNet security researcher Ed Bott, Apple is instructing its AppleCare support representatives to essentially avoid the entire issue of MacDefender, a Trojan that has plagued Mac users for nearly three weeks by posing as legitimate antivirus software and urging users to download it.

"AppleCare does not provide support for removal of the malware. You should not confirm or deny whether the customer's Mac is infected or not," the memo reads. [Related: Mac Malware Infection Spreading Fast]

If callers say the MacDefender warning has shown up on their computer but they haven't installed it, Apple's policy, the memo outlines, is to direct callers to quit the installer and "delete the software immediately."

However, if a customer has already installed the fraudulent program, AppleCare reps are instructed to "not attempt to remove or uninstall any malware software," and instead direct callers to the Apple Online Store and the Mac App Store to purchase antivirus software.

The memo also instructs AppleCare staff to direct callers to the "What is Malware" document under the help button in the computer's Finder feature.

The memo explicitly orders support staff to, "Explain that Apple does not make recommendations for specific software to assist in removing malware."

This internal memo could frustrate Mac users, a growing number of whom are falling victim to MacDefender, which not only requests passwords and payments to eradicate a nonexisting problem, but also, in some cases, also takes users to porn sites until they comply.


Read more »



Apr
11
Hackers disclose SQL injection of Barracuda website
Posted by Steve Moffat (Optimum IT Support) on 11 April 2011 08:32 PM

Chalk up Barracuda Networks as the latest information security firm to fall victim to a cyberattack.

Hackers, apparently from Malaysia, revealed Monday that they exploited an SQL injection vulnerability on Barracuda's website to raid various databases and hijack the names and contact information of partners, customers and Barracuda employees.

In the post on HMSec Full Disclosure, the hackers published the details of some of the victims. They included partners such as Boston Computers & Peripherals, end-users such as Allied Fire & Safety and Barracuda employees who have access to the email and web security firm's content management system.

Also posted were the passwords, which, according to security experts, appeared to be encrypted by the oft-criticized MD5 hash algorithm, for some of the Barracuda employees and partners. It is not clear if the passwords were "salted," which makes them more difficult to crack.

Barracuda joins RSA, Comodo and HBGary as the fourth high-profile security firm that hackers successfully infiltrated this year. The HBGary compromise also was the result of an SQL injection hole.

"It looks like they [Barracuda] were targeted," Jeremiah Grossman, founder and CTO of WhiteHat Security, a website risk management vendor, told SCMagazineUS.com on Monday. "You don't by accident extract this kind of data and post it to a blog."

Grossman said SQL injection flaws, a known issue within the industry for nearly 15 years, is "for all intents and purposes, a solved problem."

But sometimes discovering the vulnerabilities can be complex given the scale of a web presence.

"Maybe they just slipped up," Grossman said. "It happens. It's happened to us. We'll see how they respond. That should be really telling."

He added that the hackers may have used their initial foothold to gain access to other, more sensitive parts, of the Barracuda network, similar to the tactic taken by the Heartland Payment Systems' attackers to reach credit card data.

A Barracuda spokeswoman declined comment on Monday afternoon as the company investigates.


Read more »



Apr
5
Hacker wipes out whole season of TV show
Posted by Steve Moffat (Optimum IT Support) on 05 April 2011 04:58 PM

A fired employee allegedly admits he erased syndicated children's series

The producer of the syndicated children's TV series "Zodiac Island" claims that an entire season of the show has been wiped out thanks to a fired employee at its data-hosting company who hacked into networked computers and destroyed its work.

"Zodiac Island" has run on more than 100 U.S. TV stations around the country, including ABC, NBC, Fox and CBS affiliates. The show is produced by Hawaii-based WER1 World Network, which signed up with Wisconsin-based ISP and data-hosting company CyberLynk.

According to a lawsuit that was filed last week in Hawaii District Court, a man named Michael Scott Jewson was terminated from CyberLynk. From his parents' residence, he allegedly accessed CyberLynk's data and intentionally wiped it out. Jewson is alleged to have been charged in February with a federal computer crime violation and admitted his guilt in a plea agreement.

The data breach allegedly knocked out 6,480 WER1 electronic files, or 300 gigabytes of data, comprising two years of work from hundreds of contributors globally, including animation artwork and live action video production.

The lost data is said to include fragments from 14 episodes of Zodiac Island, which WER1 says is impossible to reassemble or reproduce.

WER1 says it got some restitution as a result of Jewson's plea agreement, but is now suing CyberLynk and Jewson for breach of contract, negligence, conversion and computer fraud, saying that the company violated its contractual promises to provide secure data hosting.


Read more »



Apr
1
Exchange 2007/2010 Rollup 3 Status Update
Posted by Steve Moffat (Optimum IT Support) on 01 April 2011 12:35 PM

Exchange 2007 SP3 RU3 Status

The Exchange Servicing team expects to re-release the Exchange 2007 SP3 RU3 rollup in the next day or so. We are going through the final sign-off processes. As reported yesterday, a bug was introduced which had the potential to create database corruption. We consider any situation which could lead to data loss a significant risk, which is why we posted the unusual guidance to rollback to the previously installed version versus waiting for an update.

Still, we have been able to identify the issue, remove the fix which introduced the problem, complete our testing, and expect to re-release the Update Rollup shortly. We also understand what happened to allow this situation to occur and are taking corrective measures. Finally, for customers who have not uninstalled E2007 SP3 RU3, this will install seamlessly on top of the existing E2007 SP3 RU3 installations.

Update 3/31/2011: The updated Exchange 2007 SP3 RU3 has been released. See Announcing the Re-release of Exchange 2007 Service Pack 3 Update Rollup 3 (V2).

Exchange 2010 SP1 RU3 Status

For E2010 SP1 RU3 we are still one to two weeks away from re-release. While the previous post specifically mentioned only one issue related to duplicate messages in the Sent Items folder on Blackberry devices, we unfortunately uncovered one additional issue after my original post. There is no risk of to customer data as a result of this second problem. However, the underlying problem is complex and we are taking the necessary time to get a high quality solution.

Specific to this second issue we uncovered a problem which manifested as an email delivery delay for users of Microsoft Outlook 2007 or 2010. Our investigation of the problem exposed a rare situation in Exchange 2010 where notifications were not sent to these clients. What changed in E2010 SP1 RU3 is that this situation is more likely to occur because of code added to support coexistence in cross-premises environments, i.e., users within an enterprise both on-premises and in the cloud.

While I know many of you are waiting to deploy E2010 SP1 RU3, and we could have removed the code to more quickly turn around the re-release, in our analysis we felt this issue was significant enough that it needed to be addressed immediately. Additionally our testing uncovered the need to refine the notification experience with Microsoft Outlook 2003 clients. So we have taken the additional time to ensure resolution of the issues uncovered with notifications. The delay in re-releasing E2010 SP1 RU3 is a result of ensuring these issues are resolved satisfactorily

For those of you that currently have E2010 SP1 RU3 installed, you can either uninstall E2010 SP1 RU3 (which is recommended if you are experiencing any of the above issues), or wait for the re-release. The re-release build will install seamlessly on top of the existing E2010 SP1 RU3 installation.

Kevin Allison
General Manager
Exchange Customer Experience


Read more »



Mar
31
New Helpdesk Software
Posted by Steve Moffat (Optimum IT Support) on 31 March 2011 09:03 PM

This new software is a lot more powerful than the old and is live as of 1st April 2011.

Thanks

Steve


Read more »




Help Desk Software by Kayako Fusion