Category Archives: Alert

Domain Name Registration Fraud

Posted on February 27, 2009 by John Kisha

A client of mine sent me a copy of a letter she received and asked if she needed to pay this ‘invoice’. As we are the domain registrar for my client’s domain name, I knew immediately it was some sort of scam. Though determining exactly what they were trying to do, besides fraudulently extract money, is still not clear in my mind and I have read the letter over several times.

You may recall when the telephone companies deregulated, the flurry of calls you received to ‘upgrade’ your service; when in reality, those calls were from other companies trying to switch your service from your chosen carrier to their service. This practice was labeled ‘slamming’. It didn’t take long for this practice to find its way into the domain name market. If you had a domain name registered, you might have noticed a flurry of calls or letters or even faxes explaining that your domain name was about to expire, or that another variant of your domain needed to be registered to protect your company name. (for example, if you owned the name ‘yourcompany.com’ the letter might say you had to order ‘yourcompany.net’). These letters were from companies that were trying to switch your domain name registration from your chosen provider over to their company, usually at a much higher price.  Read more... (556 words, 5 images, estimated 2:13 mins reading time)

This is a preview of Domain Name Registration Fraud. Read the full post (556 words, 5 images, estimated 2:13 mins reading time)
Posted in Alert | Tagged , , , | Leave a comment

SQL Server Updates

Posted on February 25, 2009 by John Kisha

We will be applying Service Pack updates on both SQL 2000 and SQL 2005 servers this evening (February 25, 2009). There will be several server reboots required which will effect both the SQL servers and any web sites that are using one of these servers for back-end data storage. SQL 2008 servers and sites using SQL 2008 will not be effected by this update.

Permanent link to this post (65 words, estimated 16 secs reading time)
Posted in Alert | Tagged , | Leave a comment

Tax Refund via Email–NOT!

Posted on February 5, 2009 by John Kisha

Don’t get taken by this one. This email recently appeared in my inbox looking rather official and appearing to be from the Internal Revenue Service. DO NOT CLICK ON ANY LINKS IN THIS EMAIL. It is a Phishing scam. The IRS does not contact you for information via email.

As a general rule, it is not a good idea to click on any links or respond to email you receive unless it is from someone you know. Even if an email looks like it is from someone you know, it is possible to forge the sender’s email address; so regardless of who an email appears to be sent from, if the request in the email is suspicious or unusual, it could also be a Phishing email and a telephone call to the sender might be a good precaution before replying.

————————————————–

From: Internal Revenue Service [mailto:service@irs.gov]
Sent: Thursday, February 05, 2009 1:10 AM
Subject: Get Your Tax Refund ( $869 )
Importance: High


After the last annual calculations of your fiscal activity we have
determined that you are eligible to receive a tax refund of $869.
Please submit the tax refund request and allow us 3-9 days in order to
process it.

A refund can be delayed for a variety of reasons.
For example submitting invalid records or applying after the deadline.

To access your tax refund, please click here
Best Regards,
Tax Refund Deparment
Internal Revenue Service

© Copyright 2009, Internal Revenue Service U.S.A. All rights reserved.

Permanent link to this post (249 words, 1 image, estimated 1:0 mins reading time)
Posted in Alert | Tagged , , | Leave a comment

FaceBook Users Beware

Posted on February 3, 2009 by John Kisha

BBB Warns: Your Facebook Friends Could Actually be Hackers, Scam Artists, and ID Thieves

FaceBook, one of the most popular social networking sites on the Internet, has become the target for several different phishing scams. Here is brief list of some of the scams you should be on the look-out for:

Friend in Distress:

Scam: Facebook users may receive a message in their inbox from a friend claiming to be in a dire situation — such as stranded in a foreign country — and needing money wired to them. The recipient doesn’t realize that their friend’s account has been hacked and that the message was sent by scammers. The Facebook user has no way of recovering the wired money after they learn that their friend is safe and sound.  Read more... (545 words, 6 images, estimated 2:11 mins reading time)

This is a preview of FaceBook Users Beware. Read the full post (545 words, 6 images, estimated 2:11 mins reading time)
Posted in Alert, Technical | Tagged , , | Leave a comment

Network Status Update

Posted on January 31, 2009 by John Kisha

We migrated our servers today (Saturday, January 31, 2009) from our offices on Vine St in Hollywood to our new data center in downtown Los Angeles. The new location will provide additional bandwidth, increased security, additional network redundancy and improved fire and disaster protection. The move was scheduled to take approximately three hours, however I was overly optimistic and consequently underestimated the amount of time in would actually take to move our entire rack of servers  and re-rack them in the new location. The entire move ended up taking approximately seven hours from start to finish, counting almost an hour on the freeway, causing some or all parts of the network to not be accessible during this time.  We apologize for the inconvenience this may have caused, but are pleased to be able to provide the additional benefits this move will afford our clients.

Permanent link to this post (146 words, estimated 35 secs reading time)
Posted in Alert | Leave a comment

Apple Updates for Multiple Vulnerabilities

Posted on May 30, 2008 by John Kisha

Can’t remember hearing about MAC needing "security updates", but it appears as they are becoming more popular they are starting to enjoy some of the attention of hackers previously reserved for Microsoft Operating Systems.

Original release date: May 29, 2008

Source: US-CERT

Systems Affected

* Mac OS X prior to v10.5.3

* Mac OS X Server prior to v10.4.11

Overview

Apple has released Security Update 2008-003 and OS X version 10.5.3 to correct multiple vulnerabilities affecting Apple Mac OS X and Mac OS X Server. Attackers could exploit these vulnerabilities to execute arbitrary code, gain access to sensitive information, or cause a denial of service.

I. Description

Apple Security Update 2008-003 and Apple Mac OS X version 10.5.3 address a number of vulnerabilities affecting Apple Mac OS X and OS X Server versions prior to and including 10.4.11 and 10.5.2. Further details are available in the US-CERT Vulnerability Notes Database. The update also addresses vulnerabilities in other vendors’ products that ship with Apple OS X or OS X Server.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary code.

III. Solution

Upgrade

Install Apple Security Update 2008-003 or Apple Mac OS X version 10.5.3. These and other updates are available via Software Update or via Apple Downloads.

Technorati Tags: ,

del.icio.us Tags: ,

LiveJournal Tags: ,
Permanent link to this post (220 words, estimated 53 secs reading time)
Posted in Alert | Leave a comment

Linux Operating System Security Flaws May Have Compromised Your Certificates.

Posted on May 24, 2008 by John Kisha

WHO IS IMPACTED AND WHY?

For customers who host their sites on a Debian OS (or its derivatives) to generate a key pair used to request a certificate, that key pair (and the corresponding certificate) is vulnerable.

This is due to a flaw in the Debian-specific random number generation that results in relatively predictable key pair values, making them highly exploitable.

WHAT CAN YOU DO?

If you or your customers are running Debian operating systems and derivatives (such as Ubuntu) released between September 17, 2006 and May 12, 2008 you should deploy a recently released Debian patch and revoke and replace all SSL and Code Signing certificates for which keys were created on these operating systems. Debian has released a testing tool to confirm whether your certificates are affected. This tool and other useful information can be found here:

http://lists.debian.org/debian-security-announce/2008/msg00152.html

NOTE: Inland Pacific Consulting does not host any accounts on Debian Operating Systems. We host strictly on the new Microsoft Windows 2008 64 bit operating system. Consequently none of our clients are effected by the above security flaw.

Technorati Tags: ,,
Permanent link to this post (184 words, estimated 44 secs reading time)
Posted in Alert, Technical | Leave a comment

Windows Vista, Java, ieSpell and IE Browser Crashes–Mystery Solved

Posted on May 1, 2008 by John Kisha

Here's yet another story about strange and quirky things happening for supposedly no reason. (It turns out there is a reason, but why Microsoft would think that a user would know this intuitively is beyond me.) So many things that seemingly 'go wrong' in Vista that are actually caused by the 'enhanced security features' Microsoft incorporated into Vista to protect users from viruses and other attacks while connected to the Internet.

As a preface to the story, let me briefly explain one of these 'protection enhancements' called "Data Execution Prevention" or "DEP". Data Execution Prevention (DEP) is a security feature  that is intended to prevent a program from running in a place in your computer's memory that is not usually intended to run programs. This helps prevent certain exploits of your system. However, there are some programs that need to use this 'protected' area legitimately, and this is where the problems begin.

And now back to the story–when browsing to some web sites, I noticed that Internet Explorer would crash and I would sometimes get a warning something to the effect of 'DEP or Data Execution Protection had to close the program to protect me'. I was already somewhat familiar with DEP because of some other problems I experienced previously, so I decided to use the same fix–add Internet Explorer to the list of programs that would not be protected by DEP. (DEP protects programs from executing in certain memory areas that are considered off-limits for safety reasons.)

So, I proceeded to unprotect Internet Explorer and try navigating to the site that was giving me all the problems. CRASH! I was stumped, but since it was only this one website that I really wasn't that concerned if I got to or not, I just ignored the problem.  Read more... (828 words, 2 images, estimated 3:19 mins reading time)

This is a preview of Windows Vista, Java, ieSpell and IE Browser Crashes–Mystery Solved. Read the full post (828 words, 2 images, estimated 3:19 mins reading time)
Posted in Alert, Technical | Leave a comment

Is your website in compliance?

Posted on April 18, 2008 by John Kisha
Blind Americans demand Web access; Target fights back.

Retailer Target is being sued under the Americans with Disabilities Act because their website is not accessable to the blind. You can read the full article here and it should be an eye-opener.

In light of this lawsuit many other online retailers are quietly upgrading their sites to be compliant with the Act and avoid problems themselves.

Is your website in compliance? If you would like to know, contact Inland Pacific Consulting and we can give you an assement of your site and let you know what you need to do in order to prevent any potential problems with non-compliance with the Americans with Disabilities Act and make sure your site is accessible to all people that want to view it.
Permanent link to this post (130 words, estimated 31 secs reading time)
Posted in Alert, General | Leave a comment

Windows VISTA Warning!

Posted on April 17, 2008 by John Kisha

The last few weeks have found me in Vista hell with the fires being extinguished just yesterday…what a relief.

Vista has a new security 'feature' called User Account Control (UAC), which is designed to prevent novice computer users from accidentally doing anything on their computer that might compromise security. UAC causes several pop-up warnings to appear when a user opens certain programs which advise the user that a potential security risk could be incurred if they continue with this action and requires them to either click "I know what I'm doing–Allow" or "Oops–I'm not sure I should be doing this–Deny". (You might have seen these annoying pop-ups featured in a recent TV ad for Apple computers.)

You have the ability to turn this 'feature' off, if you feel you know what you are doing, which fortunately is a good thing, because it seems Vista thinks almost everything you do on your computer is a potential security threat, and it is REALLY aggravating to continually get these pop-ups.

Here is where the problem arises. I use QuickBooks for my accounting. QuickBooks has the ability to download automatically billed credit card charges from your bank–however this feature will not work if UAC is turned off. This is just one of the many compatibility issues between QuickBooks and Vista–even though they market their product as being totally Vista compatible.

So, normally during the week, I would keep UAC turned off to avoid the pop-ups and turn it on at the end of the week to download the payments that were received during the week; and immediately turn it off again after the payments downloaded. (Turning UAC on and off requires a reboot–just to make the whole process of turning it on and off even more annoying.)  Read more... (766 words, estimated 3:04 mins reading time)

This is a preview of Windows VISTA Warning!. Read the full post (766 words, estimated 3:04 mins reading time)
Posted in Alert | Leave a comment