Software update locations
- - Patches and Updates
Windows & PC Office: http://update.microsoft.com and http://www.microsoft.com/security/updates/bulletins/200911.aspx
OS X: http://support.apple.com/kb/HT1338
Mac Office:
http://www.microsoft.com/mac/help.mspx?CTT=PageView&clr=99-0-0&ep=7&target=ffe35357-8f25-4df8-a0a3-c258526c64ea1033
iPhone/iPod: http://support.apple.com/kb/HT1414
iPod: http://support.apple.com/kb/HT1483
Windows Acrobat Reader:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
OS X Acrobat Reader:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh
Flash Player: http://get.adobe.com/flashplayer/
Firefox: http://www.mozilla.com/en-US/firefox/update/
Safari:
http://www.apple.com/downloads/macosx/apple/application_updates/safari.html
Opera: http://www.opera.com/
Chrome: http://googlechromeupdate.com/updates.html
Java: http://www.java.com/en/download/manual.jsp
iTunes:
http://www.tuaw.com/2009/09/22/itunes-9-0-1-now-in-software-update/
Symantec:
http://service1.symantec.com/SUPPORT/sharedtech.nsf/docid/2002021908382713
Norton:
http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=n95
McAfee: http://www.mcafee.com/apps/downloads/security_updates/dat.asp
Kaspersky: http://www.kaspersky.com/avupdates
Sophos: https://secure.sophos.com/support/updates/
Panda: http://www.pandasecurity.com/homeusers/downloads/clients/
BitDefender:
http://www.bitdefender.com/site/view/Desktop-Products-Updates.html
Microsoft Security Essentials:
http://www.microsoft.com/security/portal/Definitions/HowToMSE.aspx
Thursday, December 10, 2009
Wednesday, December 9, 2009
Computer "Tip of the Day" 12-09-09
BAD GUYS
HACKERS AND CRACKERS: Individuals who break into systems with malicious intent, destroy data, steal copyrighted software or confidential information, and perform other destructive or illegal acts with computers and networks.
VULNERABILITIES AND EXPLOITS: Your computer is vulnerable when a hardware or software flaw makes it possible to compromise its security and smooth operation. An exploit is a software application or program that takes advantage of a vulnerability to attack your system.
SNIFFING: Listening in on a network in order to capture and steal sensitive information.
SPOOFING: An attack in which a person or program you shouldn't trust masquerades as a person or program you do trust. For example, an attacker forges an email address in order to make you believe it's from someone you know and trust.
PHISHING: A widespread form of Internet fraud that aims to steal valuable information such as credit card and social security numbers and usernames and passwords, by sending you misleading emails designed to lure you into visiting phony or rigged websites.
IDENTITY THEFT: Cybercriminals steal identities by overhearing conversations on cellphones, intercepting faxes and emails, hacking into computers, employing telephone and email scams, and phishing the users of online services.
SOCIAL ENGINEERING: Deceptions by criminals posing as someone you trust in order to get you to divulge sensitive information.
HACKERS AND CRACKERS: Individuals who break into systems with malicious intent, destroy data, steal copyrighted software or confidential information, and perform other destructive or illegal acts with computers and networks.
VULNERABILITIES AND EXPLOITS: Your computer is vulnerable when a hardware or software flaw makes it possible to compromise its security and smooth operation. An exploit is a software application or program that takes advantage of a vulnerability to attack your system.
SNIFFING: Listening in on a network in order to capture and steal sensitive information.
SPOOFING: An attack in which a person or program you shouldn't trust masquerades as a person or program you do trust. For example, an attacker forges an email address in order to make you believe it's from someone you know and trust.
PHISHING: A widespread form of Internet fraud that aims to steal valuable information such as credit card and social security numbers and usernames and passwords, by sending you misleading emails designed to lure you into visiting phony or rigged websites.
IDENTITY THEFT: Cybercriminals steal identities by overhearing conversations on cellphones, intercepting faxes and emails, hacking into computers, employing telephone and email scams, and phishing the users of online services.
SOCIAL ENGINEERING: Deceptions by criminals posing as someone you trust in order to get you to divulge sensitive information.
Tuesday, December 8, 2009
Computer "Tip of the Day" 12-08-09
Information: - - Getting Connected
BROADBAND: Broad bandwidth networking. High-speed Internet connections, like DSL (Digital Subscriber Line), Cable Internet, and 3G (Third
Generation) cellular services.
DSL: Digital Subscriber Line. One of the most common ways to bring Internet to homes and small businesses over a telephone line at up to
12 Megabits/second.
CABLE OR CABLE INTERNET: The other most common way to bring Internet to homes over cable TV lines at speeds ranging from 1.5 to 50 Megabits/second.
FiOS: Fiber-Optic Service. An emerging technology that provides Internet to homes and offices over fiber-optic cables at speeds from 15 to 50 Megabits/second.
WI-FI: Wireless Fidelity. The most common kind of short-range wireless networking--about 300 feet--at speeds of up to 108 Megabits/second.
EDGE or EVDO: An older kind of wide-area wireless networking-like a whole city--based on first and second generation cellphone technology with speeds ranging from 300 to 400 kilobits/second.
3G: Third Generation cellular service. Enhanced wide-area wireless networking at speeds of up to 14 Megabits/second.
4G: Fourth Generation cellular service or WIMAX. An emerging wide-area networking technology that promises a range of 10 miles and speeds of up to 100 Megabits/second.
ETHERNET: A way of connecting computers to networks using a cable at speeds ranging from 10 to 10,000 Megabits/second.
FIREWALL: Software or hardware that prevents outsiders from accessing a computer or network.
ROUTER: A device that finds the best route for sending information between networks.
IP ADDRESS: Internet Protocol Address. Every computer on the Internet is identified by a unique set of numbers known as an Internet Protocol address--usually four numbers separated by dots, for example:
74.125.53.100. These numerical addresses are normally invisible to users and are translated into familiar Web addresses, like http://www.google.com.
BROADBAND: Broad bandwidth networking. High-speed Internet connections, like DSL (Digital Subscriber Line), Cable Internet, and 3G (Third
Generation) cellular services.
DSL: Digital Subscriber Line. One of the most common ways to bring Internet to homes and small businesses over a telephone line at up to
12 Megabits/second.
CABLE OR CABLE INTERNET: The other most common way to bring Internet to homes over cable TV lines at speeds ranging from 1.5 to 50 Megabits/second.
FiOS: Fiber-Optic Service. An emerging technology that provides Internet to homes and offices over fiber-optic cables at speeds from 15 to 50 Megabits/second.
WI-FI: Wireless Fidelity. The most common kind of short-range wireless networking--about 300 feet--at speeds of up to 108 Megabits/second.
EDGE or EVDO: An older kind of wide-area wireless networking-like a whole city--based on first and second generation cellphone technology with speeds ranging from 300 to 400 kilobits/second.
3G: Third Generation cellular service. Enhanced wide-area wireless networking at speeds of up to 14 Megabits/second.
4G: Fourth Generation cellular service or WIMAX. An emerging wide-area networking technology that promises a range of 10 miles and speeds of up to 100 Megabits/second.
ETHERNET: A way of connecting computers to networks using a cable at speeds ranging from 10 to 10,000 Megabits/second.
FIREWALL: Software or hardware that prevents outsiders from accessing a computer or network.
ROUTER: A device that finds the best route for sending information between networks.
IP ADDRESS: Internet Protocol Address. Every computer on the Internet is identified by a unique set of numbers known as an Internet Protocol address--usually four numbers separated by dots, for example:
74.125.53.100. These numerical addresses are normally invisible to users and are translated into familiar Web addresses, like http://www.google.com.
Monday, November 30, 2009
Safety "Tip of the Day" 11-30-09
Avoiding Lead in Toys!
(Phoenix, Ariz. - Nov. 25, 2009) Arizona Attorney General Terry Goddard today urged parents and anyone buying toys for children this holiday season to take steps to avoid toys contaminated with potentially dangerous levels of lead.
Last year, the Arizona Attorney General’s Office reached a multi-state settlement with Mattel, Inc. and its subsidiary Fisher-Price, Inc., to protect children from lead in popular toys.
The agreement required Mattel to implement strict new limits on the amount of lead allowed in children’s toys, to notify the state Attorneys General if it finds that lead levels in any of its products exceed state or federal law, and to work with the Attorneys General to remedy any such violations.
Recently, the California Attorney General announced that the following products were found to have excessive lead in violation of California’s Safe Drinking Water and Toxic Enforcement Act of 1986:
- Kids Poncho sold by Walmart, 677 ppm.
- MSY Faded Glory Rebecca Shoes sold by Walmart, 1,331 ppm.
- Reversible Croco Belt sold by Target, 4,270 ppm.
- Dora the Explorer Activity Tote sold by TJ Maxx, 2,348 ppm.
- Paula Fuschia Open-Toed Shoes sold by Sears, 3,957 ppm.
- Disney Fairies Silvermist's Water Lily Necklace sold by Walgreens, 22,000 ppm.
- Barbie Bike Flair Accessory Kit sold by Tuesday Morning, 6,196 ppm.
Following Monday’s recall of more than one million cribs, Goddard also warns consumers to remain cautious when purchasing products for children and offered the following tips to anyone shopping for a children’s product or toy:
o Visit www.recalls.gov <http://www.recalls.gov/> before purchasing children’s products to ensure the item has not been recalled.
o Check the manufacturer’s suggested age restrictions.
o Visit the Consumer Product Safety Commission’s Web site, www.cpsc.gov <http://www.cpsc.gov/> , to sign up for regular recall notice emails.
If you believe you have been a victim of fraud, please contact the Attorney General's Office in Phoenix at 602.542.5763; in Tucson at 520.628.6504; or outside the Phoenix and Tucson metro areas at 1.800.352.8431. To file a complaint in person, the Attorney General’s Office has satellite offices throughout the state with volunteers available to help. Locations and hours of operation are posted on the Attorney General’s Web site at www.azag.gov <http://www.azag.gov/> . Consumers can also file complaints online by visiting the Attorney General's Web site.
Recall 2009.mp3
(Phoenix, Ariz. - Nov. 25, 2009) Arizona Attorney General Terry Goddard today urged parents and anyone buying toys for children this holiday season to take steps to avoid toys contaminated with potentially dangerous levels of lead.
Last year, the Arizona Attorney General’s Office reached a multi-state settlement with Mattel, Inc. and its subsidiary Fisher-Price, Inc., to protect children from lead in popular toys.
The agreement required Mattel to implement strict new limits on the amount of lead allowed in children’s toys, to notify the state Attorneys General if it finds that lead levels in any of its products exceed state or federal law, and to work with the Attorneys General to remedy any such violations.
Recently, the California Attorney General announced that the following products were found to have excessive lead in violation of California’s Safe Drinking Water and Toxic Enforcement Act of 1986:
- Kids Poncho sold by Walmart, 677 ppm.
- MSY Faded Glory Rebecca Shoes sold by Walmart, 1,331 ppm.
- Reversible Croco Belt sold by Target, 4,270 ppm.
- Dora the Explorer Activity Tote sold by TJ Maxx, 2,348 ppm.
- Paula Fuschia Open-Toed Shoes sold by Sears, 3,957 ppm.
- Disney Fairies Silvermist's Water Lily Necklace sold by Walgreens, 22,000 ppm.
- Barbie Bike Flair Accessory Kit sold by Tuesday Morning, 6,196 ppm.
Following Monday’s recall of more than one million cribs, Goddard also warns consumers to remain cautious when purchasing products for children and offered the following tips to anyone shopping for a children’s product or toy:
o Visit www.recalls.gov <http://www.recalls.gov/> before purchasing children’s products to ensure the item has not been recalled.
o Check the manufacturer’s suggested age restrictions.
o Visit the Consumer Product Safety Commission’s Web site, www.cpsc.gov <http://www.cpsc.gov/> , to sign up for regular recall notice emails.
If you believe you have been a victim of fraud, please contact the Attorney General's Office in Phoenix at 602.542.5763; in Tucson at 520.628.6504; or outside the Phoenix and Tucson metro areas at 1.800.352.8431. To file a complaint in person, the Attorney General’s Office has satellite offices throughout the state with volunteers available to help. Locations and hours of operation are posted on the Attorney General’s Web site at www.azag.gov <http://www.azag.gov/> . Consumers can also file complaints online by visiting the Attorney General's Web site.
Recall 2009.mp3
Tuesday, November 24, 2009
Security "Tip of the Day" 11-24-09
Microsoft Security Update
Microsoft is investigating new public reports of a vulnerability in Internet Explorer. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue.
Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4 and Internet Explorer 8 on all supported versions of Microsoft Windows are not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6 and Internet Explorer 7 on supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 are affected.
The vulnerability exists as an invalid pointer reference of Internet Explorer. It is possible under certain conditions for a CSS/Style object to be accessed after the object is deleted. In a specially-crafted attack, Internet Explorer attempting to access a freed object can lead to running attacker-supplied code.
At this time, we are aware of no attacks attempting to use this vulnerability against Internet Explorer 6 Service Pack 1 and Internet Explorer 7. We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.
We are actively working with partners in our Microsoft Active Protections Program (MAPP) and our Microsoft Security Response Alliance (MSRA) programs to provide information that they can use to provide broader protections to customers. In addition, we’re actively working with partners to monitor the threat landscape and take action against malicious sites that attempt to exploit this vulnerability.
Microsoft continues to encourage customers to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at Security at home.
Mitigating Factors:
•
Internet Explorer 8 is not affected.
•
Protected Mode in Internet Explorer 7 in Windows Vista limits the impact of the vulnerability.
•
By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone.
•
An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
•
By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML e-mail messages in the Restricted sites zone. The Restricted sites zone helps mitigate attacks that could try to exploit this vulnerability by preventing Active Scripting and ActiveX controls from being used when reading HTML e-mail messages. However, if a user clicks a link in an e-mail message, the user could still be vulnerable to exploitation of this vulnerability through the Web-based attack scenario.
Microsoft is investigating new public reports of a vulnerability in Internet Explorer. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue.
Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4 and Internet Explorer 8 on all supported versions of Microsoft Windows are not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6 and Internet Explorer 7 on supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 are affected.
The vulnerability exists as an invalid pointer reference of Internet Explorer. It is possible under certain conditions for a CSS/Style object to be accessed after the object is deleted. In a specially-crafted attack, Internet Explorer attempting to access a freed object can lead to running attacker-supplied code.
At this time, we are aware of no attacks attempting to use this vulnerability against Internet Explorer 6 Service Pack 1 and Internet Explorer 7. We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.
We are actively working with partners in our Microsoft Active Protections Program (MAPP) and our Microsoft Security Response Alliance (MSRA) programs to provide information that they can use to provide broader protections to customers. In addition, we’re actively working with partners to monitor the threat landscape and take action against malicious sites that attempt to exploit this vulnerability.
Microsoft continues to encourage customers to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at Security at home.
Mitigating Factors:
•
Internet Explorer 8 is not affected.
•
Protected Mode in Internet Explorer 7 in Windows Vista limits the impact of the vulnerability.
•
By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone.
•
An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
•
By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML e-mail messages in the Restricted sites zone. The Restricted sites zone helps mitigate attacks that could try to exploit this vulnerability by preventing Active Scripting and ActiveX controls from being used when reading HTML e-mail messages. However, if a user clicks a link in an e-mail message, the user could still be vulnerable to exploitation of this vulnerability through the Web-based attack scenario.
Monday, November 23, 2009
Security "Tip of the Day" 11-23-09
Terry Goddard Offers Tips to Avoid Fraudulent Holiday Charitable Appeals
(Phoenix, Ariz. - Nov. 12, 2009) The holiday season is fast approaching, a time of year when many Arizonans give back to their communities. To help ensure a rewarding experience, Attorney General Terry Goddard recommends consumers take the following precautions when making charitable donations:
o Do not pay bills or invoices you have received from charities unless you know you have already made a commitment to support them.
o Be skeptical of anyone asking for a donation by requesting your credit card number or bank account information over the phone unless you already donate to that charity.
o Don’t be shy about asking what percentage of your donation will go directly to the charity versus what percentage will go toward administrative costs.
o Remember to ask for a receipt and a statement that the contribution is tax deductible.
o Call the Secretary of State's Office at (602) 542-4285 or visit their Web site, www.azsos.gov <http://www.azsos.gov/> , to make sure the charity is registered with the Secretary of State.
A charity that operates without such registration is violating the law and should be a red flag for consumers. Be aware, however, that registration with the Secretary of State does not ensure that all of the charity’s activities are legitimate.
Several Web sites, including www.charitynavigator.org <http://www.charitynavigator.org/>
, www.give.org <http://www.give.org/>
and www.guidestar.org <http://www.guidestar.org/> , provide information on the financial histories of numerous charities. These can be a useful starting point for consumers looking to research companies to which they are thinking of making donations.
The Attorney General’s Office offers numerous resources to help consumers stay safe this holiday season, including red flags for common holiday consumer scams and resources to make sure the gifts you give are safe and age appropriate. New information will be released each week throughout the holiday season and is available at Attorney General’s Web site, www.azag.gov <http://www.azag.gov/> .
If you believe you have been a victim of fraud, please contact the Attorney General's Office in Phoenix at 602.542.5763; in Tucson at 520.628.6504; or outside the Phoenix and Tucson metro areas at 1.800.352.8431. To file a complaint in person, the Attorney General’s Office has satellite offices throughout the State with volunteers available to help. Locations and hours of operation are posted on the Attorney General’s Web site at www.azag.gov <http://www.azag.gov/> . Consumers can also file complaints online through the Web site.
(Phoenix, Ariz. - Nov. 12, 2009) The holiday season is fast approaching, a time of year when many Arizonans give back to their communities. To help ensure a rewarding experience, Attorney General Terry Goddard recommends consumers take the following precautions when making charitable donations:
o Do not pay bills or invoices you have received from charities unless you know you have already made a commitment to support them.
o Be skeptical of anyone asking for a donation by requesting your credit card number or bank account information over the phone unless you already donate to that charity.
o Don’t be shy about asking what percentage of your donation will go directly to the charity versus what percentage will go toward administrative costs.
o Remember to ask for a receipt and a statement that the contribution is tax deductible.
o Call the Secretary of State's Office at (602) 542-4285 or visit their Web site, www.azsos.gov <http://www.azsos.gov/> , to make sure the charity is registered with the Secretary of State.
A charity that operates without such registration is violating the law and should be a red flag for consumers. Be aware, however, that registration with the Secretary of State does not ensure that all of the charity’s activities are legitimate.
Several Web sites, including www.charitynavigator.org <http://www.charitynavigator.org/>
, www.give.org <http://www.give.org/>
and www.guidestar.org <http://www.guidestar.org/> , provide information on the financial histories of numerous charities. These can be a useful starting point for consumers looking to research companies to which they are thinking of making donations.
The Attorney General’s Office offers numerous resources to help consumers stay safe this holiday season, including red flags for common holiday consumer scams and resources to make sure the gifts you give are safe and age appropriate. New information will be released each week throughout the holiday season and is available at Attorney General’s Web site, www.azag.gov <http://www.azag.gov/> .
If you believe you have been a victim of fraud, please contact the Attorney General's Office in Phoenix at 602.542.5763; in Tucson at 520.628.6504; or outside the Phoenix and Tucson metro areas at 1.800.352.8431. To file a complaint in person, the Attorney General’s Office has satellite offices throughout the State with volunteers available to help. Locations and hours of operation are posted on the Attorney General’s Web site at www.azag.gov <http://www.azag.gov/> . Consumers can also file complaints online through the Web site.
Friday, November 20, 2009
Computer "Tip of the Day" 11-20-09
Anyone in Health Net?
--Lost Hard Drive Holds Seven Years of Health Net Patient Data (November 19, 2009) A hard drive containing personal and medical information of 1.5 million Health Net customers was lost in May, but the loss was not disclosed
until earlier this week. The drive contains unencrypted Social
Security numbers and medical information dating back to 2002; the breach affects customers in Arizona, Connecticut, New Jersey, and New York.
Connecticut Attorney general Richard Blumenthal is investigating why the company waited six months to disclose the device's loss. Health Net, which is based in California, is also investigating the incident. The company will send out breach notification letters to affected customers the week of November 30.
http://www.wired.com/threatlevel/2009/11/healthnet
http://www.courant.com/health/hc-healthbreach1119.artnov19,0,1798384.story
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1374839,00.html
http://www.computerworld.com/s/article/9141172/Health_Net_says_1.5M_medical_records_lost_in_data_breach?source=rss_security
http://healthnet.tekgroup.com/press_kits.cfm?presskit_id=13
--Lost Hard Drive Holds Seven Years of Health Net Patient Data (November 19, 2009) A hard drive containing personal and medical information of 1.5 million Health Net customers was lost in May, but the loss was not disclosed
until earlier this week. The drive contains unencrypted Social
Security numbers and medical information dating back to 2002; the breach affects customers in Arizona, Connecticut, New Jersey, and New York.
Connecticut Attorney general Richard Blumenthal is investigating why the company waited six months to disclose the device's loss. Health Net, which is based in California, is also investigating the incident. The company will send out breach notification letters to affected customers the week of November 30.
http://www.wired.com/threatlevel/2009/11/healthnet
http://www.courant.com/health/hc-healthbreach1119.artnov19,0,1798384.story
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1374839,00.html
http://www.computerworld.com/s/article/9141172/Health_Net_says_1.5M_medical_records_lost_in_data_breach?source=rss_security
http://healthnet.tekgroup.com/press_kits.cfm?presskit_id=13
Subscribe to:
Posts (Atom)