Trade Winds Consulting, LLC

10/05/2017

via ripl.com

03/12/2015

I was recently made aware of a problem with the Panda Antivirus program. Based on the reports I heard it appeared that, once again,there was a Trojan masquerading as Panda. The last time I'm aware of this happening was in 2012 when a copy of the DarkAngel Trojan was spreading by pretending to be a Panda install. Fortunately, this does not appear to be the case this time.

I'm sure you all remember a time when a cartoon character sawed off the limb they were sitting on. The obvious expectation was that the character would fall to the ground. Of course, in the cartoon, more often than not, the tree would fall and the limb would remain hanging in mid-air. Panda was not so lucky. They basically sawed off the limb they were sitting on but gravity took over and they came crashing down.

The signature file they released yesterday flagged Panda itself as malware so it moved critical portions of itself to quarantine. In many cases this also broke (in varying degrees) the computer the system was running on.

The good news is that Panda has published a fix for the problem. Assuming you can still get your computer to run, the fix appears to correct the error.

You will find it here:

http://www.pandasecurity.com/uk/homeusers/support/card?id=100045

If you have any problems following the URL above you just go to www.pandasecurity.com. For now, they have a link in the upper right corner to the fix mentioned above.

As always, if you have any questions or need further help, I'm always available.

By the way. As I'm writing this entry I see that Facebook, it its infinite wisdom, has decided to attach an ad for Panda. This should not be construed as an endorsement for Panda any more than this post should be seen as an indictment. I don't find them to be any better or worse than any other antivirus vendor.

Panda Security Knowledge Base. We help you resolve all your queries about the functioning of your product. Panda Security, the Cloud Security Company

02/11/2015

Microsoft has issued a rare out of band critical security bulletin (MS15-011). This vulnerability could allow an attacker to take complete control of an affected system.

If you using any version of Windows since XP and your computers are part of a domain you are vulnerable.

In order to exploit this vulnerability, an attacker would have to convince you to connect your computer to a network which was controlled by the attacker. This would allow the attacker to take complete control of your computer allowing him to install programs, view, change or delete data or create new accounts with full user rights.

There is no patch and no work-around for any version of XP or Server 2003.

Home users should not be vulnerable. This vulnerability is related to communication between a computer and a server in a domain environment. Home users generally do not have domain controllers. If you have any concerns a about your environment, contact me. I will be glad to check whether your computer is part of a domain or not.

Corporate users, particularly ones who travel and connect their computer to public networks such as airports or restaurants would be most at risk. Contact your local support staff as soon as possible. If you do not have local support staff, feel free to contact me.

11/01/2014

If you use Drupal to manage your website, you should probably check this out. Bill

http://www.bbc.com/news/technology-29846539

Software firm Drupal warns millions to "assume" they have been hacked if they have not applied a patch for a recently discovered bug.

01/14/2013

Oracle has patched the security risk in version 7.10, and is releasing version 11 today. Bill

Download at
http://www.java.com/en/download/chrome.jsp?locale=en

Java software for your computer, or the Java Runtime Environment, is also referred to as the Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, or Java download.

01/13/2013

Java Warning January 2013:

You may have heard that there is a serious problem with the latest version of Java. Even if you don't know what Java is, there is a high probability that your computer is running it on some of the websites you visit. It is a useful and (usually) safe tool that has been used on computers since 1995

There is a particularly bad security problem with the current version that is being actively exploited. Until this problem is corrected it is important to tell Java it cannot run on your computer so you will not be vulnerable to attack.

Please note: I have removed the ability to click on the links in this email. You should always copy and paste website addresses into your favorite browser. Clicking on links in emails is dangerous; clicking on links in emails telling you about terrible problems that could happen to your computer if you don't click is particularly dangerous. You never know where that click is actually going to take you.

The first step is to find out if you have Java installed on your computer. It is very likely that you do because it is used in so many places. There are two ways to tell if you have Java. The first is to go into your control panel and check the list of installed programs. You will be able to see Java (perhaps multiple versions) in the list of installed programs if it is on your computer. Access to the control panel varies from one version of Windows to another so I'm not going to try to cover every version that may be in use.

If you know how to check the program list, by all means do so. If you don't, the second method is to go to the Java website and ask them to check.

To determine if you are affected by this problem go to http://www.java.com/en/download/installed.jsp. Click on "Verify Java Version".

If the screen says "No working Java was detected on your system. Install Java by clicking the button below" then you do not have Java installed and you are not vulnerable. Nothing more needs to be done.

If the screen says you are running version 7.10 or higher then you are vulnerable to this attack. If you are running version 7.9 or lower (including all version 5 or 6 releases) then you are not vulnerable to this attack (but you may be vulnerable to other problems). Unless you have a specific need to run an outdated version of Java it is best to stay on the most current release. You can come back to this site after the problem is fixed and download a current version.

Everything from here on only applies if you are running version 7.10 or higher (technically it is version 1.7.10 but it is usually just called 7.10. It's weird, but Java has always been that way.)

It can be difficult to find the Java control panel. Sometimes it is on the start menu (all programs, Java); sometimes you can find it on the Windows control panel (usually a link somewhere on the start
menu), sometimes you have to search for it. On Vista, Windows 7 and Windows 8 you can type javacpl.exe into the search window and it should find it somewhere in the "program files" directory. Other
versions you can find it by searching but the search features are a little harder to use. Email or call if you need help finding it.

Once you find the Java control panel you can click on the Security tab and de-select "Enable Java content in the browser". This will prevent any browser from accessing Java. You can reverse the process if you need to turn Java on temporarily for a specific (trusted) web site.

For those of you who would like to see the technical details (or you are just having trouble sleeping), you can go to http://www.us-cert.gov/cas/techalerts/TA13-010A.html for all of the
"good stuff".

Bill

Bill Freeman
Trade Winds Consulting, LLC
25467 SW 1st Ave
Newberry, FL 32669

Office:(352) 316-6011
Fax: (352) 472-2367
www.TradeWinds-Consulting.com

01/13/2013

Java Warning January 2013:

You may have heard that there is a serious problem with the latest version of Java. Even if you don't know what Java is, there is a high probability that your computer is running it on some of the websites you visit. It is a useful and (usually) safe tool that has been used on computers since 1995

There is a particularly bad security problem with the current version that is being actively exploited. Until this problem is corrected it is important to tell Java it cannot run on your computer so you will not be vulnerable to attack.

Please note: I have removed the ability to click on the links in this email. You should always copy and paste website addresses into your favorite browser. Clicking on links in emails is dangerous; clicking on links in emails telling you about terrible problems that could happen to your computer if you don't click is particularly dangerous. You never know where that click is actually going to take you.

The first step is to find out if you have Java installed on your computer. It is very likely that you do because it is used in so many places. There are two ways to tell if you have Java. The first is to go into your control panel and check the list of installed programs. You will be able to see Java (perhaps multiple versions) in the list of installed programs if it is on your computer. Access to the control panel varies from one version of Windows to another so I'm not going to try to cover every version that may be in use.

If you know how to check the program list, by all means do so. If you don't, the second method is to go to the Java website and ask them to check.

To determine if you are affected by this problem go to http://www.java.com/en/download/installed.jsp. Click on "Verify Java Version".

If the screen says "No working Java was detected on your system. Install Java by clicking the button below" then you do not have Java installed and you are not vulnerable. Nothing more needs to be done.

If the screen says you are running version 7.10 or higher then you are vulnerable to this attack. If you are running version 7.9 or lower (including all version 5 or 6 releases) then you are not vulnerable to this attack (but you may be vulnerable to other problems). Unless you have a specific need to run an outdated version of Java it is best to stay on the most current release. You can come back to this site after the problem is fixed and download a current version.

Everything from here on only applies if you are running version 7.10 or higher (technically it is version 1.7.10 but it is usually just called 7.10. It's weird, but Java has always been that way.)

It can be difficult to find the Java control panel. Sometimes it is on the start menu (all programs, Java); sometimes you can find it on the Windows control panel (usually a link somewhere on the start
menu), sometimes you have to search for it. On Vista, Windows 7 and Windows 8 you can type javacpl.exe into the search window and it should find it somewhere in the "program files" directory. Other
versions you can find it by searching but the search features are a little harder to use. Email or call if you need help finding it.

Once you find the Java control panel you can click on the Security tab and de-select "Enable Java content in the browser". This will prevent any browser from accessing Java. You can reverse the process if you need to turn Java on temporarily for a specific (trusted) web site.

For those of you who would like to see the technical details (or you are just having trouble sleeping), you can go to http://www.us-cert.gov/cas/techalerts/TA13-010A.html for all of the
"good stuff".

Bill

Bill Freeman
Trade Winds Consulting, LLC
25467 SW 1st Ave
Newberry, FL 32669

Office:(352) 316-6011
Fax: (352) 472-2367
www.TradeWinds-Consulting.com

Verify your Java software installation and Java software version