Computer and Internet access is common place. It’s rare to find a spot in any city or business where there isn’t Internet.

It’s even more common place to not just have a website, but to have social network presence, such as Twitter and Facebook. Our expertise brings both together for interactive websites. Capture your customers attention in the social streams and direct them into your website. With a strong call to action your visitors can turn into customers.

Please click here and read about what patches will be released.

We do Google Apps so much, we don’t even have Microsoft Office installed on our computers anymore. Its very possible to work off the cloud with a device that just uses a browser. Life is good.

Contact us when you are ready to make the switch!

Phishing and Wardriving are coming back around. Please read this article and familiarize yourselves.

http://www.informationarmor.com/2010/05/27/the-internet/

The Google Apps Marketplace has been open for several months now and some of the offerings truly are mind blowing. Google Apps by itself, an amazing alternative to Microsoft Office, to us, screams security, mobility, and cost effectiveness. SocialWok, is a tie-in to Google Apps that brings the social interactiveness of Facebook into a secure slice of Internet solely for your company, group or family.

Watch the SocialWok Video

BENEFITS
* Manage distributed teams and projects where members post status updates
* Cloud based file and knowledge sharing from web & mobile
* Build internal communities and external forums for customer support
* Share Google Docs and Google Calendars

FEATURES
* Login with your Google Apps or Gmail account
* Post status updates by attaching files, Google Docs, Google Calendar
* Share and preview all your files and organization information from mobile and web
* Access all features of Socialwok from Gmail using Gmail Gadget
* Search across posts, feeds, people and Google Apps
* Realtime notification by email or Google Talk IM messages
* Share, collaborate and archive all your communications with external parties in one single location

The best part is that you can do this yourself with a little tech savvy. If you need some help, let us know!

Widespread Web Site Attacks Reported
Following the reports of high profile web sites like syfy.com and php-nuke.org being compromised, another widespread attack on web servers has been reported. The attacks compromise sites running WordPress and other popular blog software. The attack mechanism is not yet known, but clients should ensure that the latest WordPress version is installed. Sites using shared hosting are especially susceptible as compromise of a neighboring site often spreads to the remaining virtual hosts. We also encourage clients to review their sites for signs of infection and take appropriate remediation steps. In particular, clients should look for modifications made to html source pages as well as database table changes.
http://www.h-online.com/security/news/item/Large-scale-attack-on-WordPress-996628.html
http://www.psychcomp.com/syfycom-hosts-malware/
http://twitter.com/lordparody/status/13600067003
http://www.sophos.com/blogs/sophoslabs/?p=9585

Microsoft Outlook Express Exploit
Exploit code has been made publicly available that triggers a vulnerability in Microsoft Outlook Express and Windows Mail. The integer overflow vulnerability could allow a remote attacker to execute arbitrary code, although the attacker would need to control the mail server being used by the victim. At this time, there is no known vendor patch available.
http://www.exploit-db.com/exploits/12564
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0816

Microsoft’s May Security Patches
As a reminder, Microsoft will be issuing their May security release later today. The two scheduled bulletins will address remote code execution vulnerabilities in Windows and Office. We will update the assessment when more details are available.
http://www.microsoft.com/technet/security/Bulletin/MS10-may.mspx

Web Services for the Month of May!

$1,000 $600 Full blown WordPress Website

• 1 year of hosting plus domain name
• Home page
• Fully interactive company blog
• Up to 10 pages of static content

$500 $300 Interactive Facebook Page

$1500 $800 for both!

• Tie both your website and Facebook page together with the Like Button, Facebook Badge, and have your website update your Facebook page with new posts!

Contact us!

I just read http://lifehacker.com/5516188/shift-your-fingers-one-key-to-the-right-for-easy+to+remember-but-awesome-passwords and it makes sense to help create complex passwords.

I’ve read One Man’s blog, where John talks about guessing or brute force attacking to hack your password. The introduction of special characters dramatically increases the time it takes for an automated program to try and guess your password.

John writes about these following great tips.

1. Randomly substitute numbers for letters that look similar. The letter ‘o’ becomes the number ‘0′, or even better an ‘@’ or ‘*’. (i.e. – m0d3ltf0rd… like modelTford)
2. Randomly throw in capital letters (i.e. – Mod3lTF0rd)
3. Think of something you were attached to when you were younger, but DON’T CHOOSE A PERSON’S NAME! Every name plus every word in the dictionary will fail under a simple brute force attack.
4. Maybe a place you loved, or a specific car, an attraction from a vacation, or a favorite restaurant?
5. You really need to have different username / password combinations for everything. Remember, the technique is to break into anything you access just to figure out your standard password, then compromise everything else. This doesn’t work if you don’t use the same password everywhere.
6. Since it can be difficult to remember a ton of passwords, I recommend using Roboform for Windows users. It will store all of your passwords in an encrypted format and allow you to use just one master password to access all of them. It will also automatically fill in forms on Web pages, and you can even get versions that allow you to take your password list with you on your PDA, phone or a USB key. If you’d like to download it without having to navigate their web site here is the direct download link.
7. Mac users can use 1Password. It is essentially the same thing as Roboform, except for Mac, and they even have an iPhone application so you can take them with you too.
8. Once you’ve thought of a password, try Microsoft’s password strength tester to find out how secure it is.

1. Denial of Service Conditions in Microsoft Exchange and Microsoft SMTP Service (MS10-024 CVE-2010-0024)
Microsoft Windows SMTP Service and Microsoft Exchange are vulnerable to a denial of service, caused by the improper handling of DNS Mail Exchanger (MX) resource records by the Simple Mail Transfer Protocol component. As SMTP services are often exposed to the Internet and email is usually considered a business critical function, the business impact of this vulnerability is more significant than for typical Denial of Service issues.

http://www.microsoft.com/technet/security/bulletin/MS10-024.mspx

2. Microsoft DirectShow Remote Code Execution (MS10-026 CVE-2010-0480)
Microsoft Windows is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the MPEG Layer-3 audio codecs when handling malicious files. The vulnerable MPEG Layer-3 audio codecs are the MPEG Layer-3 Audio Codec for Microsoft DirectShow. Successful exploitation of this issue would provide an attacker with complete control over the endpoint target. The use of malicious media files like images and movies has been prevalent in the past years.

http://www.microsoft.com/technet/security/bulletin/MS10-026.mspx

Adobe Reader and Acrobat Security Update
Adobe has addressed multiple critical vulnerabilities affecting Adobe Reader 9.3.1 (and earlier versions) for Windows, Macintosh, and UNIX, Adobe Acrobat 9.3.1 (and earlier versions) for Windows and Macintosh, and Adobe Reader 8.2.1 (and earlier versions) and Adobe Acrobat 8.2.1 (and earlier versions) for Windows and Macintosh. The most severe of these issues could allow a remote attacker to execute arbitrary code on a vulnerable system. Refer to the “Solution” section of the Adobe Security Bulletin for information on remediating these issues.
http://www.adobe.com/support/security/bulletins/apsb10-09.html

Microsoft April 2010 Security Release
Microsoft released eleven security bulletins today. There are five rated Critical, five rated Important and one rated Moderate. We encourage our customers to apply the patches and IBM product coverage where applicable. Please, review the break-down below.
http://www.microsoft.com/technet/security/bulletin/ms10-apr.mspx

Microsoft Maximum Severity Rating: Critical
Microsoft Security Bulletin MS10-019: Vulnerabilities in Windows Could Allow Remote Code Execution (981210)
Vulnerabilities in Windows Authenticode Verification could allow a remote attacker execute arbitrary code on a vulnerable system.
CVE-2010-0486
CVE-2010-0487
http://www.microsoft.com/technet/security/bulletin/ms10-019.mspx

Microsoft Security Bulletin MS10-020: Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232)
Multiple vulnerabilities affecting Microsoft Windows could allow remote code execution. Successful exploitation can occur if an attacker can convince a user to initiate an SMB connection to a specially crafted SMB server.
CVE-2009-3676
CVE-2010-0269
CVE-2010-0270
CVE-2010-0476
CVE-2010-0477
http://www.microsoft.com/technet/security/bulletin/ms10-020.mspx

Microsoft Security Bulletin MS10-025: Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858)
A remote code execution vulnerability affects Windows Media Services running on Microsoft Windows 2000 Server. The Windows Media Unicast Service fails to properly handle specially crafted transport information packets. On Microsoft Windows 2000 Server Service Pack 4, Windows Media Services is an optional component and is not installed by default.
CVE-2010-0478
http://www.microsoft.com/technet/security/bulletin/ms10-025.mspx

Microsoft Security Bulletin MS10-026: Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (977816)
2. Microsoft DirectShow Remote Code Execution (MS10-026 CVE-2010-0480)
http://www.microsoft.com/technet/security/bulletin/ms10-026.mspx

Microsoft Security Bulletin MS10-027: Vulnerability in Windows Media Player Could Allow Remote Code Execution (979402)
The Windows Media Player ActiveX control is affected by a remote code execution vulnerability.
CVE-2010-0268
http://www.microsoft.com/technet/security/bulletin/ms10-027.mspx

Microsoft Maximum Severity Rating: Important
Microsoft Security Bulletin MS10-021: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683)
This bulletin addresses two vulnerabilities in Microsoft Windows, the most severe of which could allow elevation of privilege. In order to exploit these vulnerabilities, an attacker must have valid logon credentials and be able to log on locally.
CVE-2010-0236
CVE-2010-0237
http://www.microsoft.com/technet/security/bulletin/ms10-021.mspx

Microsoft Security Bulletin MS10-022: Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (981169)
A vulnerability affecting VBScript on Microsoft Windows could allow remote code execution. This vulnerability requires user interaction and cannot be exploited on Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2.
CVE-2010-0483
http://www.microsoft.com/technet/security/bulletin/ms10-022.mspx

Microsoft Security Bulletin MS10-023: Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (981160)
Microsoft Office Publisher is vulnerable to a remote code execution issue. An attacker could exploit this issue by creating a specially crafted Publisher file and sending it in an email or hosting it on a Web site.
CVE-2010-0479; IBM Product Coverage: CompoundFile_Shellcode_Detected
http://www.microsoft.com/technet/security/bulletin/ms10-023.mspx

Microsoft Security Bulletin MS10-024: Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832)
1. Denial of Service Conditions in Microsoft Exchange and Microsoft SMTP Service
http://www.microsoft.com/technet/security/bulletin/ms10-024.mspx

Microsoft Security Bulletin MS10-028: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094)
Vulnerabilities in Microsoft Office Visio could allow remote code execution if a user opens a specially crafted Visio file.
CVE-2010-0254; IBM Product Coverage: CompoundFile_Shellcode_Detected
CVE-2010-0256; IBM Product Coverage: CompoundFile_Shellcode_Detected
http://www.microsoft.com/technet/security/bulletin/ms10-028.mspx

Microsoft Maximum Severity Rating: Moderate
Microsoft Security Bulletin MS10-029: Vulnerability in Windows ISATAP Component Could Allow Spoofing (978338)
A spoofing vulnerability exists in the Microsoft Windows IPv6 stack which could allow an attacker to impersonate an address to bypass edge or host firewalls. CVE-2010-0812
http://www.microsoft.com/technet/security/bulletin/ms10-029.mspx

There are so many tools available for driving and measuring traffic to your website. It’s amazing how having a Facebook page brings people to see what’s going on with your company and announcements. Last week, I had 363 people check out my Facebook page, yet only 30 people came to my website.

What does that mean?

Simple, without reading too much into it, people are on Facebook. Customers are on Facebook. They don’t care about your website, unless you can tie your website into Facebook and use Facebook to your advantage. Go where your customers are until you are large enough for them to come to you. But even big name brand companies have Facebook pages. Facebook is what MySpace was 6 years ago. But it’s even more.

I feel the success of Facebook is because it’s uniform. You don’t have to hunt and search for information that you would on a website.  Individual websites have email addresses either under a contact us page, a legal page, a privacy page, or an about us page. On Facebook, if there is an email address, it would be under the Info tab. If there isn’t an email address, there is a Send this person a message button under their picture. The uniformity allows for quick navigation.

Get your Facebook page now. We can code it for you.