March 2013 Patch Tuesday and News

Uncategorized
It's hard to believe, but it's update time again already.  This is the monthly update and news letter with the details of what's going on and I'm going to try something a little different this month.  After talking with a lot of the folks that get this monthly newsletter though, I'm going to try making a few changes to make it more user friendly and readable and I'd love to get your feedback on how we can make it easier to read and / or more usable for you.   What's New Cyber Tech Cafe - As many of you already know, we are in the proces of suspending our hosting operation.  Website and email hosting was one of the first services that we offered when we started the company…
Read More

The End of an Era : Cyber Tech Cafe is suspending Web Hosting Operations

Uncategorized
When we first opened Cyber Tech Café ten years ago, our goal was simple; to be a complete technology resource for residential and small to medium business customers. Our plan for achieving that goal was to provide exceptional quality products and services where we could and develop strategic partnerships with complimentary companies for those products and services that we were not equipped to provide directly. We would then continuously re-evaluate our client’s needs, our abilities and the market to make certain that we were providing the best solutions to our clients and not just the best that we could provide directly. A number of years ago, it became clear that our clients low-voltage needs exceeded our low-voltage capabilities and we began looking for local low-voltage companies that shared our commitment…
Read More

Additional detail on the latest Java Exploit, including (one of) the IP address(es) of the C&C server(s)

Uncategorized
Symantec has done a very good job of putting together a very quick and easy to follow write-up on this latest Java vulnerability including disclosing the IP of at least one of the C&C servers (below).  For the impatient, the IP listed is 110.173.55.187.  I did a quick whois on it (details below) and it's part of the 110.173.48.0/12 network and is registered to CHINADEDICATED-HK (a Chinese company, big surprise there).  At this time, unless you have a specific need to communicate with hosts in this network range, we are recommending users block all traffic to / from the entire netblock (I suspect that the C&C is not limited or will not stay limited to this single IP, but that may be me being paranoid). Article -> http://www.symantec.com/connect/blogs/latest-java-zero-day-shares-connections-bit9-security-incident Whois info:% Whois data copyright terms…
Read More

Adobe confirms zero day exploit in Adobe Reader

Uncategorized
Still reading over the details but Packet Storm is reporting that Adobe has confirmed a zero day exploit in Adobe Reader.  I don't see an update available yet on the Adobe site but I've included the link below to the Adobe site for the updates.  I've also included a link to the article: Article Adobe Updates
Read More

Stuck with Windows 8 but miss the ‘look and feel’ of Windows 7?

Uncategorized
Probably the biggest complaint that I've heard (from end users) about Windows 8 is that it's trying to turn their computer into a phone (a legitimate complaint, by the way).  The interface is dramatically different from what's been the 'standard' Windows interface since Windows 95.  The bad news is that it's probably not going to change.  The good news though is that there's an easy-to-install option that's free to download.  It's an open source project called Classic Shell.  To use it, download it (link below) and install.  There are tons of tweaks but the defaults are close enough to Windows 7 for most users.   http://www.classicshell.net/
Read More

iPhone bug that allows *anyone* access to your contacts, photos, SMS and voicemails resurfaces in latest iOS update

Uncategorized
If you have an iPhone and have been prompted to or have recently updated to iOS 6.1 (the latest update to the iPhone), be forewarned that an old bug has resurfaced that can allow anyone to access your voicemails, contacts and photos even if the phone is locked and password protected.  Ars Technica has a really good write up so I won't belabor it here but it's worth noting especially if your phone gets stolen (don't get me started).  If you haven't updated yet and this is a concern for you, I wouldn't update until Apple fixes the issue (or at least acknowledges it and provides a work-around).  If you have updated and this is a concern, if you haven't already installed Prey on your phone, now would be a…
Read More

February 2013 Patch Tuesday and News (albiet a little late)

Uncategorized
Microsoft Microsoft has released 12 bulletins for February 2013 with 5 listed as critical (see the note below about MS13-010) and the remaining 7 listed as important.  It's important to note that ALL of the ones listed as critical can allow remote code execution (an attacker can install programs on your computer without your knowledge or permission).  Additional details are available from Microsoft here. MS13-010 is getting it's own special mention here.  If you're running Windows, you're affected.  This vulnerability affects IE6, IE7, IE8, IE9 and IE10 on all supported platforms.  I'll forego the normal warnings about using IE (don't use IE, I just can't help myself) but this vulnerability is reportedly being actively exploited in the wild.   Adobe As of the time of this article, Adobe has released 3 updates affecting Shockwave…
Read More

Kaspersky antivirus takes thousands of Windows XP computers offline (oops)

Uncategorized
OK, so it's no secret that I'm really not a big fan of Kaspersky (if given the option between Norton / Symantec, McAfee, Trend Micro or Kaspersky, I honestly don't know which one I would choose but I would not like any of my options) and this is really a good example of why.  It appears that a recent update from Kaspersky antivirus took thousands of XP (which is still supported through April of 2014) offline.  The fix was to disable the antivirus and roll back the update.  A fix was available in about 2 hours (which is awesome, I have to give credit where credit is due) but this is something that should have *never* happened if proper QC was being done. Full Story Here
Read More