LATEST NEWS

Forget Hotmail.com and go to Outlook.com

Posted on August 5, 2012 by Mark Pace

Microsoft yesterday showed off its new cloud-based personal email application Outlook.com, its first personal email client since it launched Hotmail in 1996.

Outlook.com runs alongside the new Outlook desktop application and it uses Exchange ActiveSync to power email across various devices.

Microsoft has included free Office Web Apps – Word, Powerpoint, Excel and OneNote – within the email client. Emails are automatically sorted depending on the sender, while SkyDrive is integrated into Outlook.com for extra file size.

The service offers social media integration with Facebook, Twitter, LinkedIn and Google. Personal email comes with photos of friends, recent status updates and Tweets as well as the ability to chat and video call. Skype is in line for future integration.

Microsoft was keen to tout its security credentials to assuage any fears about privacy with the new social media integration.

“We don’t scan your email content or attachments and sell this information to advertisers or any other company, and we don’t show ads in personal conversations,” it said in a blog post.

“We let you decide whether to connect your account to social networks, and which ones you want to use – and you’re in control of who you friend or follow.”

The release marks the first step in the phasing out of the Hotmail service. Hotmail users, and others, can upgrade to Outlook.com, and the accompanying @outlook.com email address, from today.

OSX AND WINDOWS : DNS Changer to impact on 9 July 2012-Alert Services (Advisory)

Posted on June 25, 2012 by Mark Pace

Approximately 10,000 Australian internet users are currently infected with DNS Changer (malware).
If your computer is infected you need to remove it. If you don’t remove it by 9 July 2012, you won’t be able to connect to the internet.
DNSChanger is malicious software (malware) that may have been installed on your computer without your knowledge.

How to check you’re safe?

The Australian Communications and Media Authority, CERTAustralia and the Department of Broadband, Communications and the Digital Economy have collaborated to develop a diagnostic website that, in most cases, shows you whether or not you are infected with DNSChanger. This website is dns-ok.gov.au. It only takes a second to check.

If you are infected, dns-ok.gov.au provides links to tools and detailed documentation that may help you remove the infection.

Warranty provider expected to go bust.

Posted on June 19, 2012 by Mark Pace

(Dont worry as Sterling IT do NOT use these people)

Australian hardware resellers are lashing out at warranty provider United Warranties as concerns over the company’s future mount.

The warranty provider has in recent weeks lost several large accounts including department stores Myer and Big W due in part to confusion surrounding the company’s financial situation.

Reseller partners report United has gone to ground in the last two weeks, with attempts to contact the warranty provider met with silence. Multiple efforts by CRN to contact the company have also failed.

With widespread industry speculation the company is on the brink of collapse, partners are growing increasingly concerned over unpaid debt owed to them by the warranty provider.

Mobile computer reseller Portacom is one of many aggrieved United Warranties partners. The company held a long-term relationship with the warranty provider for extended warranties and repairs until a year ago.

General manager Andrew Van Leen told CRN Portacom ended the partnership because United Warranties had become too difficult to deal with.

The warranty provider still owes Portacom $7000, a sum Van Leen had been chasing until UW stopped returning his calls last week.

“I’ve made multiple calls to their generally listed numbers, direct calls to sales reps, we’ve left multiple messages, and we’ve gotten no answers at all,” he said.

Van Leen did have one phone call answered, from Teyghan Stadelbauer, who is listed as the company’s national sales director. Stadelbauer told Van Leen “everything is fine and the company is still going strong”.

“But in the second half of the conversation, she said she didn’t work there anymore, didn’t know what was going on and couldn’t help us,” Van Leen said.

Stadelbauer’s mobile voicemail and LinkedIn profile identifies her as an employee of United Warranties. She did not respond to multiple attempts at contact by CRN.

Victoria-based PC reseller Standard Computers Australia will be out of pocket around $10,000 should United Warranties go under.

Store manager Chris Sambell has been attempting to recoup his losses from the company but said situations such as this are part and parcel of the business.

“Unfortunately it’s not unusual for warranty companies to go out of business,” he said. “The fact that we can’t get hold of them tells us they’re going into administration.”

Sambell estimates his company has 30 – 40 new warranty orders waiting to be filled, and 150 out in the marketplace, with lifespans of up to five years.

In addtion to being concerned about the debt owed to him, Sambell expressed apprehension about the massive flow-on effect United Warranties’ expected liquidation would have on the industry.

“The ideal thing about these guys was they weren’t as expensive as a manufacturer’s warranty,” he said. “We’ll probably have to convince customers to go down that route and pay more for a manufacturers’ warranty.”

“We’ll honour the repair and the cost to get the device back to the customer, but it’s hard enough in the industry as it is to then have to explain to the customer they have to fork out money to get their faulty product back to us.”

It’s not just bricks and mortar resellers affected by the fallout. Online PC retailer Tech4U was heavily embedded with United Warranties until recently, when the company began to suspect something wasn’t right and stopped ordering its products.

“We spend a fair bit of money with them,” sales supervisor Fred Porter toldCRN. “They even came out and visited us recently and said not to worry should they go under, because they are constantly sitting on a pile of millions should something happen.”

That was six months ago. United Warranties has been less enthusiastic about reassuring its partner in recent weeks.

“Usually we go through a dedicated account manager, and they’ve stopped replying,” Porter said. “We got a reply from head office two weeks ago that redirected us through to no-one, the regional manager’s mobile has been off for two weeks and we’ve sent emails everywhere and haven’t heard back.”

Tech4U has stopped recommending the company to its customers and has taken references to United Warranties and its products off its website.

United Warranties’ ABN is still listed as active, and has a ‘registered’ status with the Australian Securities and Investments Commission. ASIC did not respond to request for information by the time of publication.

United Warranties commenced local trading in 1996 and later established a presence in New Zealand.

Gary Kovacs: Tracking the trackers

Posted on May 29, 2012 by Mark Pace

As you surf the Web, information is being collected about you. Web tracking is not 100% evil — personal data can make your browsing more efficient; cookies can help your favorite websites stay in business. But, says Gary Kovacs, it’s your right to know what data is being collected about you and how it affects your online life. He unveils a Firefox add-on to do just that.

Gary Kovacs is the CEO of the Mozilla Corporation, where he directs the development of Firefox.

Take a look at his video :

https://www.ted.com/talks/gary_kovacs_tracking_the_trackers.html

Recommended Urgent Updates 11th May 2012

Posted on May 12, 2012 by Mark Pace

PLEASE NOTE THAT ALL STERLING IT MANAGED CLIENTS WILL BE AUTOMATICALLY PATCHED.

IF YOU REQUIRE ASSISTANCE WITH THIS, PLEASE CONTACT STERLING IT.

Alert Services Advisory

Microsoft Recommends Important Updates

11 May 2012

Microsoft has updated its May 3 security bulletin with an additional May 8 bulletin featuring a significant number of updates. This includes critical fixes affecting MS Office and Windows XP, Vista and 2007. It is recommended that you update your system.

Software and platforms affected

Microsoft Office 2003 Service Pack 3

Microsoft Office 2007 Service Pack 2

Microsoft Office 2007 Service Pack 3

Microsoft Office 2010 (32-bit editions)

Microsoft Office 2010 Service Pack 1 (32-bit editions)

Microsoft Office 2008 for Mac

Microsoft Office for Mac 2011

Microsoft Excel Viewer

Microsoft Visio Viewer 2010

Microsoft Office Compatibility Pack Service Pack 2

Microsoft Office Compatibility Pack Service Pack 3

Windows XP Service Pack 3

Windows XP Professional x64 Edition Service Pack 2

Windows Server 2003 Service Pack 2

Windows Server 2003 x64 Edition Service Pack 2

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista Service Pack 2

Windows Vista x64 Edition Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for Itanium-based Systems Service Pack 2

Windows 7 for 32-bit Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems

Windows Server 2008 R2 for x64-based Systems

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for Itanium-based Systems

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 R2 for x64-based Systems

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Microsoft Silverlight 4

Microsoft Silverlight 5

What is the problem?

Microsoft identifies some of these vulnerabilities as critical, including those for Office and Office for Mac, and Windows XP, Visa and Windows 7 operating systems.

An attacker who successfully exploits these vulnerabilities could gain access to your system.

What we recommend you do

Ensure these platforms and applications are up to date. Download and install updates.

Setting up automatic updates will save you time and reduce the risk to you and your files.

For PC:

Use your Start Menu to check for updates. Windows Update is included in Control Panel.

Or click the Start button, click All Programs, and then click Windows Update.

For Mac:

Open an Office application. Click Help, click Check for Updates.

Secure browsing for social networks, uninstalling old programs, and more

Posted on April 27, 2012 by Mark Pace

Newsletter – Secure browsing for social networks, uninstalling old programs, and more – SSO-NL2012-001
16 January 2012
Newsletter January 2012 (File size: 1574Kb)
Overview
The purpose of the Newsletter is to provide general advice about online security issues and help you learn to better manage the security of your computer and information when online.
This month’s newsletter will cover how to enable secure web browsing on social networks Facebook and Twitter, how to uninstall old, unused or out of date programs from your computer, a tool which makes it easier to keep windows based computer’s software up to date, and a warning regarding unsolicited technical support phone calls often purporting to be from Microsoft.
Feedback
Thank you to those subscribers who have provided feedback to our Alerts, Advisories and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
SSL Secure web browsing for Facebook and Twitter
SSL/HTTPS provides the following security features to your web session when implemented correctly.
* The ability to check the web site digital certificate to verify the identity of the web site. The purpose of this is to help provide assurance that you are connected to the correct web site and not a fake impersonation.
* The use of encryption to conceal the content of the traffic sent between your computer and the web server (including passwords and other sensitive information).
* The ability to protect the integrity of the traffic to make sure it is not modified en route.
Facebook
In this Newsletter, we provide instructions for how to enable the use of SSL/HTTPS in Facebook. There are however a number of caveats:
* Firstly, you need to be logged in before you can turn this feature on. In some circumstances (described in the December 2010 newsletter) your personal information could already be exposed. We believe it should be on by default.
* Secondly, it can be deactivated without your knowledge, if you wish to connect to a Facebook page which does not support HTTPS.
In brief the feature, allows you to opt-in to use SSL “whenever possible”. To turn on this feature, follow these steps:
1. Log into Facebook.
2. Click on the ‘Down Arrow’ in the top right corner of the Facebook page, and then select ‘Account Settings’ from the top right menu, as shown in figure 1 below.

Figure 1 – Facebook ‘Account Settings’
3. Select ‘Security’ from the menu on the left and then click ‘Edit’ on the right side of ‘Secure Browsing’, as shown in figure 2 below.

Figure 2 – Facebook ‘Security settings’
4. Tick the box next to “Browse Facebook on a secure connection (https) when possible”, and the click the ‘Save Changes’ button, as shown in Figure 3 below.

Figure 3 – Facebook ‘Secure browsing’
We recommend you activate this feature, but be aware that if you use any number of the hundreds of Facebook applications, you may find your HTTPS settings are turned off and not automatically reactivated when HTTPS becomes possible again. The result is that you your personal identifying information could be captured in some circumstances when you think it is being protected.
Remember – if you don’t see https in the web address (only http), then the traffic is being sent without encryption and potentially can be captured by third parties.
Twitter
Similarly to Facebook, Twitter also allows the use of SSL/HTTPS, but unlike Facebook it is enabled by default for Twitter. If you browse to “https://twitter.com”, the website will automatically redirect you to “https://twitter.com”, ensuring that the login process takes place using SSL/HTTPS. However, it is still possible to deactivate secure browsing from within the Twitter ‘Settings’ page, so it is a good idea to ensure that this setting is activated at all times.
To check that this feature is enabled within Twitter, follow these steps:
1. Log into Twitter
2. Click on the ‘Head and Shoulders with Down Arrow’ in the top right corner of the Twitter page, and then select ‘Settings’, as shown in Figure 4 below.

Figure 4 – Twitter ‘Settings’
3. At the bottom of the ‘Settings’ page, ensure that the box next to ‘HTTPS Only’ is ticked to ‘Always Use HTTPS’, and then click ‘Save’, as shown in Figure 5 below.

Figure 5 – Twitter ‘HTTPS Only’ Setting
Remember, just as with Facebook – if you don’t see https in the web address (only http), then the traffic is being sent without encryption and potentially can be captured by third parties.
You can read more about SSL in the SSO Factsheet – What is a web site digital certificate and why is it important to check?
Removing old, unused or out of date programs from your computer
We have often discussed the importance of updating software that is installed on your computer to the latest version to ensure that you are protected from any potential vulnerabilities which may exist in older versions. But what about those old programs you don’t use any more, and what about old versions of software that you’ve updated but the old version hasn’t been removed automatically during the update process? For example, often Java will leave previous versions on your computer even after you upgrade. These too could contain vulnerabilities that may be exploited by criminals to attack your computer, even if you are not actively using the programs themselves.
The following instructions will help you remove old, out-of-date, unwanted or unused programs from Microsoft Windows 7, Microsoft Windows Vista, Microsoft Windows XP, Apple Mac OS X, Apple Mac OS X Lion and Ubuntu.
Microsoft Windows 7
1. Click on the Windows 7 ‘Start Menu’, and then select ‘Control Panel’, as shown in Figure 6 below.

Figure 6 – Microsoft Windows 7 ‘Start Menu’
2. Below ‘Programs’, click on ‘Uninstall a program’, as shown in Figure 7 below.

Figure 7 – Microsoft Windows 7 ‘Control Panel’
3. Select a program from the list of installed programs, and then click on ‘Uninstall’, as shown in Figure 8 below.

Figure 8 – Microsoft Windows 7 ‘Programs and Features’
Microsoft Windows Vista
1. Click on the Windows Vista ‘Start Menu’, and then select ‘Control Panel’, as shown in Figure 9 below.

Figure 9 – Microsoft Windows Vista ‘Start Menu’
2. Below ‘Programs’, click on ‘Uninstall a program’, as shown in Figure 10 below.

Figure 10 – Microsoft Windows Vista ‘Control Panel’
3. Select a program from the list of installed programs, and then click on ‘Uninstall’, as shown in Figure 11 below.

Figure 11 – Microsoft Windows Vista ‘Programs and Features’
Microsoft Windows XP
1. Click on the Windows XP ‘Start Menu’, and then select ‘Control Panel’, as shown in Figure 12 below.

Figure 12 – Microsoft Windows XP ‘Start Menu’
2. Click on ‘Add or Remove Programs’ within the Control Panel, as shown in Figure 13 below.

Figure 13 – Microsoft Windows XP ‘Control Panel’
3. Select the program you would like to uninstall and click the ‘Remove’ button, as shown in Figure 14 below.

Figure 14 – Microsoft Windows XP ‘Add or Remove Programs’
Apple Mac OS X
1. Navigate to “Applications”
2. Select the program you’d like to uninstall, and either drag the application icon to the “Trash”, or right-click and select “Move to Trash”, as shown in Figure 15 below.

Figure 15 – Apple Mac OS X ‘Applications’
While these simple instructions should cover removal of most programs under Apple Mac OS X, in some rare cases, such as some software from Adobe or Microsoft, some programs include their own uninstall applications. In these cases the specific uninstall applications for the program must be used to remove the software, and depending on the program itself, these can often be found in the original DMG file or on an original installation CD or DVD.
Apple Mac OS X Lion
1. Open the “Launchpad”
2. Click on and hold the mouse button on the icon of the application you would like to uninstall.
3. When the application icon begins to move, click on the black cross icon that appears, as shown in Figure 16 below.

Figure 16 – Apple Mac OS X Lion
As with Apple Mac OS X, in rare cases some programs installed on Apple Mac OS X Lion may include their own uninstall applications.
Ubuntu
For users of Ubuntu, the “Advanced Packaging Tool” provides functionality to check for updates to installed packages, and also to clean up unused packages from the operating system.
To check for updates to already installed software, simply type ‘apt-get check’ at the console.
To perform a clean-up of unused packages from the operating system, simply type ‘apt-get autoclean’ at the console.

Figure 17 – Ubuntu ‘Terminal Window’
Additionally, certain versions of Ubuntu also include graphical tools which can perform these actions without requiring the use of the console, however the functionality of these may vary from version to version. Most other distributions of Linux also come with similar package management solutions, either text based or graphical – users of other Linux distributions should check the appropriate documentation that accompanies their distribution.
Secunia’s Personal Software Inspector 2.0
A free tool which checks to ensure that you have the latest version of plug-ins and a wide range of other software for Microsoft Windows, is Secunia’s Personal Software Inspector (PSI) 2.0 for home users only, available from:
https://secunia.com/vulnerability_scanning/personal/
Secunia has other products for businesses. To use this tool you will need to install software on your computer, but it checks for a wide range of vulnerable software – for the operating system, applications and plug-ins. It will report changes in the vulnerability of your software over time. According to the user instructions:
It constantly monitors your system for insecure software installations, notifies you when an
insecure application is installed, and even provides you with detailed instructions for
updating the application when available.
Additionally, it will report on software, which is the latest version, but is known to contain security bugs for which the vendor has not yet released a newer version which fix the security bugs. The following screenshot provides a sample of the output which would appear as the “Scan Results” after performing a scan of your PC.

Figure 18 – PSI Results displaying a number of out of date programs and offering solutions to update
This tool covers a wide range of software and can be a useful aid to checking and keeping your software up to date. Remember that if you have plug-ins or application software installed that is less common, then these may not be routinely included in the Secunia PSI check.
Criminals contacting potential victims by telephone to “repair” their computers
We have received reports that Australian Internet users are continuing to be contacted by telephone as part of scams involving their computers.
The scammer calls people at their home by telephone and claims to have information that their computer has a problem – that it is infected with a virus, that it is running slow, or that the computer software is corrupted. In many cases, the scammer often claims to work Microsoft or for a company that can fix the problem and seeks to persuade potential victim to pay for a remote repair service via credit card and also seeks to install remote access software on the victim’s computer. Sometimes the criminals involved in these scams establish web sites to give the appearance they are a legitimate business but the web site is established to facilitate the scam.
If you agree to install such software (even on a trial basis), you will give the criminal remote access and control over your computer and all data on it and may provide them continuing access for
malicious purposes, even after the software is uninstalled. Remote access software should only be installed when you know and have good reason to trust the party concerned.
For further information about how to detect such scams refer to the information in the June 2009 Stay Smart Online Newsletter.
If you believe your computer has problems that you are unable to fix, then look up the yellow pages to find a reputable local business to investigate and fix the problem for you, or if the problem affects software or hardware that is under warranty, contact the appropriate vendor. This way, if you experience any problems, such as fraud, then knowing the physical location and identity of the business involved will give you greater rights and recourse for law enforcement action under Australian law than if you do “business” with an entity that has its presence only ‘online’.
In August 2010 Microsoft published a warning to Australians regarding scams of this nature on their website which is still very relevant:
https://www.microsoft.com/australia/presspass/post/Microsoft-issues-warning-on-phone-scam