Arizona IT Management

A vulnerability was recently reported in Microsoft IIS. Microsoft has since completed its investigation and “found that there is no vulnerability in IIS.” However, “there is an inconsistency in IIS 6 only in how it handles semicolons in URLs. It’s this inconsistency that the claims have focused on, saying this enables an attacker to bypass content filtering software to upload and execute code on an IIS server.” The issue only impacts IIS servers that are set up to allow both “write” and “execute” privileges on the same directory, which is not the default configuration for IIS. This issue can be mitigated through proper Web server configuration and Web application development best practices, including proper validation of user submitted file names, and by configuring Web server software so that it will not execute scripts or applications in directories where user uploaded files are stored. We would also like to note that an exploit targeting Microsoft IIS has been made publicly available. We encourage our customers to refer to the Microsoft Security Response Center (MSRC) blog post for additional information.
http://blogs.technet.com/msrc/archive/2009/12/29/results-of-investigation-into-holiday-iis-claim.aspx
http://www.exploit-db.com/

We would also like to inform our customers that a report has surfaced indicating there has been “an increase in probes to port 12174.” Our analysts have also observed an increase in activity on this port. Reportedly, these probes are targeting a vulnerability in the Intel LANDesk Common Base Agent (CBA) which is used by the Symantec Alert Management System. An attacker could exploit this issue by sending a specially-crafted packet to TCP Port 12174 and execute arbitrary code on the vulnerable system. The Alert Management System 2 (AMS2) is a component of the Symantec System Center console, Symantec AntiVirus Server, and of the Symantec AntiVirus Central Quarantine Server. To mitigate against this threat, ensure the Symantec Alert Management Systems running in your environment are up-to-date.
http://isc.sans.org/diary.html?storyid=7834
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02

Most businesses have a website online already, but there are quite a few small businesses and even some medium sized businesses that don’t. With the year 2010 around the corner, I’m going to take a gamble and predict a few things.

• I predict more Internet integration with everyday items. I predict more and more Internet phones, especially with Google’s Nexus One phone which will break the consumer away from having to have contracts with cell phone giants for voice. I’m rant more on this later.
• I predict more appliances that are user friendly and connected wirelessly to the Internet.
• I predict Internet connected billboards.
• I predict Internet and GPS to be more integrated.

How does this all tie together? What does this mean for your business? It means more potential customers. It means more opportunity. With everything Internet enabled, a customer can be made aware of your name and the products and services you offer.

Google Voice debuted not that long ago, early 2009. The abilities were pretty cool. You get free phone calls that can travel through VoIP (Voice over Internet Protocol) and have the ability to record your calls and have Google transcribe them. Once a call is transcribed, keywords can be picked out, and advertising is then associated and shown through Google’s other programs.

Appliances that are user friendly already exist. Fridges that can scan and create a list of the contents and their expiration dates, or when the start to fail to call notify you and a service company. A new item, probably not heard about much yet, is the Microwave that can play YouTube videos. Most items put into a microwave are set between 1-10 minutes. Most videos on YouTube last 2-8 minutes.

Digital billboards are out there on the road, it’s a matter of time before they all get replaced with video, connected to the Internet, with advertising changed on the fly. Global market businesses can centralize management and overhead, relocating products to other stores and advertise to local markets.

As GPS gets more integrated with Internet, location aware phones and GPS devices will be able to place ads based on where you frequently travel, be it down the street, or across the world.

So what’s our point? The point is, this is a huge potential market that needs to lead to information, centrally contained, with your business name on it. It starts with a website. Webhosting is not only very affordable, but the right hosting package can give your business unlimited space, unlimited domain names, databases, email addresses, the works! Tie that in with free services, such as Twitter, Facebook, Plaxo, Picasa, Youtube, Yelp, Google local business center, Google Apps (docs, spreadsheets, presentations and forms), and LinkedIn, you have a complete online solution. Anybody can enlist these services and anyone can purchase hosting. We can tie it all together for you. We can even connect your business to the Internet, and backup all your data into the cloud.

Contact us today and let’s talk.

Anti-malware testing group AV-Comparatives.org not only gave Microsoft Security Essentials a top rating for malware removal, but now they’ve given it their best ranking in their performance test as well.

AV-Comparatives.org ran a series of real-world tests running through common scenarios like downloading, extracting, copying, and encoding files, installing and launching applications, and they also ran through an automated testing suite as well. Once the dust had settled, it became clear that not only is MSE one of only three products that both blocks and removes malware well, but it’s also very light on system resources.

Out of all the products tested, Microsoft Security Essentials was the best-performing free antivirus solution, and one of only two that received “very fast” on each of the real-world tests, earning it their top award: an “advanced+” ranking.  you don’t need to pay for Windows security, and now with MSE ranked alongside the top paid apps in both malware removal and performance, you might want to consider making the switch.

According to this article on ZDNet, you can get Free Backup of your cloud data. Not free as in Free Trial, but free forever.

“If you sign up during this time period, you get unlimited storage, for free. You get an account that is not a free trial, not free for a limited time, free forever,” stated May.

You’ll have to do so before January 31, 2010 before their pricing plan goes into effect. Arizona IT Management uses Backupify for all our cloud computing backups.

Arizona IT Management understands the construction industry and the impact the economy has taken on them. Many competitors have been estimating very low, near impossible estimates. Forcing many to rely on savings and having to cut the overhead costs of a fully staffed office.

Arizona IT Management can help. We know the costs of running and supporting an office, with finance, accounting, superintendents, foremen, project managers, project coordinators, estimators, virtual construction, fab, warehouse, hr, payroll, and the most about information technology!

With new advances in technology along with proven old school methods with a new twist, we can assist in cutting down the costs and keeping you worrying on the business and not the technology that supports it. New advances in products and technology can completely wow your customers with items such as netbooks running Windows 7, Google OS, or Ubuntu Linux, and using Google Apps. Google Apps helps the workforce become mobile without all the hardware costs and Microsoft licensing.

Contracting with Arizona IT Management brings you and your company peace of mind with full solutions development, contract support, top level security and information technology management.

Whether you are starting your construction business, having to realign your business focus, or just need some help, contact Arizona IT Management.

Adobe is indicating they have received reports of active exploitation of a 0day vulnerability affecting Adobe Reader and Acrobat 9.2 and earlier versions (CVE-2009-4324). We encourage our clients to use caution when opening PDF files. Links to malicious documents can easily be sent through spam or through links on seemingly non-malicious Web sites. We also recommend referring to the Adobe PSIRT blog for the latest information on this threat.
http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html
http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214

Some of the common predictions are: increased attacks targeting Microsoft 7 platforms and smartphones, more tailored and targeted attacks and continued targeting of social networking sites to distribute malware and obtain information. We have seen attackers become increasingly sophisticated over the years and their attacks harder to detect. And if you’re not technically savy? Script kiddies have professionally produced products readily available to them on the Internet. In other words, be prepared for another cyber threat filled environment in 2010.
http://www.f-secure.com/weblog/archives/00001835.html

http://blog.trendmicro.com/trend-micro-2010-future-threat-report/

Electronic holiday cards are a great way for high-tech fraudsters to spread viruses, Trojans, and other malware and the holiday season is the perfect time to receive them. Keep on your toes regardless of the sentiments. A safe practice when getting an eCard from a family member or friend is to call or email them to verify whether they sent you the eCard. A safer practice is to let friends know that you don’t accept eCards and that a simple email will suffice.

Twitter is a great networking tool, but … things to be aware of the URL (web address) shortening programs such as http://tinyurl.com/ among others. Some tweeters may find sweet deals online and tweet that there is, for example, an amazing product at Amazon for 60 percent off but to click a shortened URL that may redirect one to a user name and password harvesting site. After entering credentials the Web site stores the information in its database and then forwards the victim to the real site’s bad password page. Figuring a typo, the victim actually authenticates none-the-wiser.

Web applications designed to get money from you are out there as well. Social networking sites, such as MySpace and Facebook among many others, are a great way to stay in contact with family and friends and how better to interact with each other than to play games or answer quizzes to see who is smarter, better looking, or which zodiac signs are compatible. The quizzes are normally very easy, but when it comes time for the results, the application will ask for a cell phone number to text the answer to. This also puts the victim into a one-year contract for a notification service, billable at $9.99 a month.

Rogue security software is advertised on many Internet sites, claiming that a person may have a virus and to install their product to keep their computers safe. Truthfully, they do scan and remove one virus (whether the computer has the one virus or not), but they inject many others and open a backdoor. Purchase only reputable antivirus products. Most new computers come with a trial version that can be upgraded.

Microsoft has released a few new patches. Please update your systems.

Critical Level

Microsoft Security Bulletin MS09-071 (Critical): Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318)
This security update resolves two privately reported vulnerabilities in Microsoft Windows. These vulnerabilities could allow remote code execution if messages received by the Internet Authentication Service server are copied incorrectly into memory when handling PEAP authentication attempts. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system. Servers using Internet Authentication Service are only affected when using PEAP with MS-CHAP v2 authentication.
http://www.microsoft.com/technet/security/bulletin/MS09-071.mspx

Microsoft Security Bulletin MS09-072 (Critical): Cumulative Security Update for Internet Explorer (976325)
This security update resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. An ActiveX control built with Microsoft Active Template Library (ATL) headers could also allow remote code execution. At this time, the public exploits against vulnerabilities in this update are believed to be unreliable.
http://www.microsoft.com/technet/security/bulletin/ms09-072.mspx

Microsoft Security Bulletin MS09-074 (Critical): Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183)
This security update resolves a privately reported vulnerability in Microsoft Office Project. The vulnerability could allow remote code execution if a user opens a specially crafted Project file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
http://www.microsoft.com/technet/security/bulletin/ms09-074.mspx

Important Level

Microsoft Security Bulletin MS09-069 (Important): Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392)
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow a denial of service if a remote, authenticated attacker, while communicating through Internet Protocol security (IPsec), sends a specially crafted ISAKMP message to the Local Security Authority Subsystem Service (LSASS) on an affected system.
http://www.microsoft.com/technet/security/Bulletin/MS09-069.mspx

Microsoft Security Bulletin MS09-070 (Important): Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726)
This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if an attacker sent a specially crafted HTTP request to an ADFS-enabled Web server. An attacker would need to be an authenticated user in order to exploit either of these vulnerabilities.
http://www.microsoft.com/technet/security/bulletin/MS09-070.mspx

Microsoft Security Bulletin MS09-073 (Important): Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539)
This security update resolves a privately reported vulnerability in Microsoft WordPad and Microsoft Office text converters. The vulnerability could allow remote code execution if a specially crafted Word 97 file is opened in WordPad or Microsoft Office Word. An attacker who successfully exploited this vulnerability could gain the same privileges as the user. Users whose accounts are configured to have fewer privileges on the system could be less impacted than users who operate with administrative privileges.
http://www.microsoft.com/technet/security/bulletin/MS09-073.mspx

According to statistics compiled by http://www.identitytheft911.com/, two to four identity theft crimes are reported every hour of the winter holiday shopping season.

“The annual holiday shopping season is a peak time for identity theft, so it’s critical that consumers be on high alert and educate themselves in order to help reduce the risk of becoming victims,” said Adam Levin, chairman, Identity Theft 911, which offers ID theft resolution services.

His company offered these tips for safer holiday shopping:

• When shopping online, look for a small “padlock” icon in the browser, which means the site has been verified to be secure.
• Use credit cards instead of debit cards.
• Keep credit card numbers secret. Don’t store credit card and personal information in any online accounts.
• Check bank and credit card statements and accounts every day to make sure each transaction is legitimate.
• Remember that shopping Web sites have no reason to ask for Social Security numbers or passwords, so never provide them.
• Never send payment information via e-mail.
• Don’t use automated teller machines that are in secluded areas. They are more likely to be equipped with card readers than an ATM in or near a bank.

The identification of risk seems like an easy task and truly, it is. This is a method taught to me, which is my understanding is how the CIA calculates risk. This method can be used to calculate risk within any business domain.

The first step in Analyzing Risk is to define it. Risk is defined as “The probable frequency and probable magnitude of future loss.”

Risk is not a thing. We can’t see it, touch it, or measure it directly.

Understanding Factor Analysis

We are exploding the formula to arrive to risk. Just as in Speed = a distance divided by a measure of time (e.g. miles per hour), we are breaking down risk into its proportions. Risk is a derived value. It’s derived from threat event frequency, vulnerability, and asset value and liability characteristics.

 Understand Who Needs the Answers

The decision makers are the ones who need the best possible information about loss probabilities. Consequently, it’s crucial that the decision makers accept the risk analysis methodology being used, and that the information resulting from the analysis is in a form that’s useful to them. In this regard, the limitations of our traditional information security “risk analysis” methods will become clear as we progress through this document.

Factoring Risk

Risk is composed of a Loss Event Frequency and Probable Loss Magnitude. When you factor down Loss Event Frequency, it breaks down into Threat Event Frequency and Vulnerability.

Threat Event Frequency is defined as “The probable frequency, within a given timeframe, that a threat will act against an asset”. A threat may act against an asset but could be unsuccessful at affecting that asset. Like a hacker unsuccessfully attacking a web server. It’s still a threat but not considered a loss event.

Contact and Action are what a Threat Event Frequency is comprised of.

Contact is defined as “The probable frequency, within a given timeframe, that a threat agent will come into contact with an asset.”

Contact can be physical or logical, and can take place as random, regular, and intentional.

• Random: the threat “stumbles upon” the asset during the course of unfocused or undirected activity
• Regular: contact occurs because of the regular actions of the threat (cleaning crew always comes by at 5:30pm.
• Intentional: the threat seeks out a specific target

Action is defined as “The probability that a threat agent will act against an asset once contact occurs.”

What will the threat do when in contact with the asset?

Vulnerability is defined as “The probability that an asset will be unable to resist the actions of a threat agent.” Would a completely un-patched Windows 2000 server be vulnerable to someone such as my mother? (She has very little computer skill) It would be impervious to her hack attempts! To the experienced hacker, oh yeah, they’d have their way with that server. Most assets have control strength and are determined by an attacker’s threat capability.

Probable Loss Magnitude

Loss is one of the toughest calculations to derive while analyzing risk, thus, many professionals resort to “worst case scenario” and other fear, uncertainty and doubt horror stories.

Forms of Loss

6 forms of loss are defined: productivity, response, replacement, fines/judgments, competitive advantage, and reputation.

• Productivity: the reduction in an organization’s ability to generate its primary value proposition (income, goods, services)
• Response: expenses associated with managing a loss event (internal person hours, logistical expenses, contractors)
• Replacement: the intrinsic value of an asset. Typically represented as the capital expense associated with replacing lost or damaged assets. (rebuilding a facility, replacing a laptop, etc)
• Fines and Judgments: legal or regulatory actions levied against an organization.
• Competitive Advantage: losses associated with diminished competitive advantage. Within this framework, competitive advantage is specifically associated with assets that provide competitive differentiation between the organization and its competition. (merger and acquisition plans, etc)
• Reputation: losses associated with an external perception that an organization’s leadership is incompetent, criminal or unethical

More information can be gained going to this website. We can teach this to you and your staff, contact us.