If you're looking at a hosted email solution for a small business, Google Apps can be a great alternative to hosted Exchange.
Check out this article for a great quick pros & cons comparison between Google Apps & Exchange
Posted on Wednesday November 24, 2010
no comments
by BT on Friday September 24, 2010
no comments
We're now offering our Email Hosting solution to new clients as well as existing clients. Our Exchange hosted platform is a fantastic way to move to Exchange Server 2010 without a massive upfront cost.We've had a lot of success migrating clients from old Exchange or Small Business Server 2003 systems who've hit the 75gb limitation of mailbox storage across to the new platform and they're loving it.
The main benefits of moving to a hosted email platform like ours are:
- no big upfront Microsoft licensing costs or hardware costs: typically Exchange 2010 licenses with appropriate backup software could set you back $5,000 or $10,000, for a small business particularly in a post GFC world, thats a lot of money
- reduced ongoing support costs: for many businesses, hosting Exchange means they no longer have to look after it themselves and in some cases, means once less server to manage
- access to powerful features of Exchange 2010: new Exchange server features like the new more powerful webmail client and full support for iPad, iPhone & Android phone and access to email remotely without needing unreliable VPN connections means more mobility and flexibility for you and your team
If you are interested in learning more about the solution or looking at an upgrade to Exchange 2010 I'd encourage you to get in touch. Call us on (08) 6102 1400 or fill out the form on our Contact Us page to find out more info.
Posted on Sunday April 04, 2010
no comments
Severity: High
30 March, 2010
Summary:
30 March, 2010
Summary:
- These vulnerabilities affect: All current versions of OS X 10.5.x (Leopard) and OS X 10.6.x (Snow Leopard)
- How an attacker exploits them: Multiple vectors of attack, including visiting malicious websites or enticing one of your users into downloading and viewing various malicious media files
- Impact: Various results; in the worst case, an attacker executes code on your user's computer, potentially gaining full control of it
- What to do: OS X administrators should download, test and install Security Update 2010-002 or the 10.6.3 update.
Exposure:
Today, Apple released a security update to fix vulnerabilities in all current versions of OS X. The update fixes well over 90 (number based on CVE-IDs) security issues in around 43 components that ship as part of OS X, including Quicktime, CoreMedia, and Mail. Some of these vulnerabilities allow attackers to gain full control of your OS X machines, so we rate this update Critical. Apply it as soon as you can. Some of the fixed vulnerabilities include:
* Various QuickTime Code Execution Vulnerabilities.
Quicktime is the multimedia (video and audio) player that ships with OS X. According to Apple, QuickTime suffers from nine code execution vulnerabilities involving its inability to properly handle maliciously crafted movie files. Though the flaws differ technically, they share the exact same scope and impact. If an attacker can lure one of your users into playing a malicious movie (perhaps hosted on a malicious website), he could exploit this flaw to either crash QuickTime or to execute attack code on that user's computer. By default, the attacker would only execute code with that user's privileges. However, the attacker could also leverage other privilege elevation flaws described in Apple's alert to gain complete control of your user's Mac.
* Multiple Image-related Memory Corruption Vulnerabilities.
ImageIO and Image RAW are both OS X components that help the operating system handle various types of image files. Both components suffer from memory-related vulnerabilities involving the way they handle certain types of image files. Though the vulnerabilities differ technically, they share a very similar scope and impact. If an attacker can get a victim to view a specially crafted picture (perhaps hosted on a malicious website), he could exploit any of these flaws to either crash the viewing application or to execute attack code on the victim's computer. By default, the attacker would only execute code with that user's privileges. However, the attacker could also leverage other flaws in Apple's alert to gain complete control of your user's Mac.
* Disk Images Code Execution Vulnerabilities.
Disk Images is the OS X component that mounts the DMG disk image files commonly used to install software on Mac computers. Apple's OS X update fixes two code execution vulnerabilities in Disk Images. Though they differ technically, an attacker could leverage both in the same way. By enticing you to mount a malicious DMG file, an attacker could exploit either of these flaws to execute code on your computer, with your privileges. Like the previous flaws, the attacker could then leverage other vulnerabilities to gain complete control of your Mac.
Apple's alert also describes many other vulnerabilities, including some Denial of Service (DoS)
flaws, information disclosure issues, and Cross Site Scripting (XSS) vulnerabilities. Components patched by this security update include:
Please refer to Apple's OS X 10.5.x and 10.6.x alert for more details
As an aside, if you haven't installed the Safari update Apple released earlier this month, we recommend you install it as well.
Today, Apple released a security update to fix vulnerabilities in all current versions of OS X. The update fixes well over 90 (number based on CVE-IDs) security issues in around 43 components that ship as part of OS X, including Quicktime, CoreMedia, and Mail. Some of these vulnerabilities allow attackers to gain full control of your OS X machines, so we rate this update Critical. Apply it as soon as you can. Some of the fixed vulnerabilities include:
* Various QuickTime Code Execution Vulnerabilities.
Quicktime is the multimedia (video and audio) player that ships with OS X. According to Apple, QuickTime suffers from nine code execution vulnerabilities involving its inability to properly handle maliciously crafted movie files. Though the flaws differ technically, they share the exact same scope and impact. If an attacker can lure one of your users into playing a malicious movie (perhaps hosted on a malicious website), he could exploit this flaw to either crash QuickTime or to execute attack code on that user's computer. By default, the attacker would only execute code with that user's privileges. However, the attacker could also leverage other privilege elevation flaws described in Apple's alert to gain complete control of your user's Mac.
* Multiple Image-related Memory Corruption Vulnerabilities.
ImageIO and Image RAW are both OS X components that help the operating system handle various types of image files. Both components suffer from memory-related vulnerabilities involving the way they handle certain types of image files. Though the vulnerabilities differ technically, they share a very similar scope and impact. If an attacker can get a victim to view a specially crafted picture (perhaps hosted on a malicious website), he could exploit any of these flaws to either crash the viewing application or to execute attack code on the victim's computer. By default, the attacker would only execute code with that user's privileges. However, the attacker could also leverage other flaws in Apple's alert to gain complete control of your user's Mac.
* Disk Images Code Execution Vulnerabilities.
Disk Images is the OS X component that mounts the DMG disk image files commonly used to install software on Mac computers. Apple's OS X update fixes two code execution vulnerabilities in Disk Images. Though they differ technically, an attacker could leverage both in the same way. By enticing you to mount a malicious DMG file, an attacker could exploit either of these flaws to execute code on your computer, with your privileges. Like the previous flaws, the attacker could then leverage other vulnerabilities to gain complete control of your Mac.
Apple's alert also describes many other vulnerabilities, including some Denial of Service (DoS)
flaws, information disclosure issues, and Cross Site Scripting (XSS) vulnerabilities. Components patched by this security update include:
- AppKit
- Application Firewall
- AFP Server
- Apache
- ClamAV
- CoreAudio
- CoreMedia
- CoreTypes
- CUPS
- curl
- Cyrus IMAP
- Cyrus SASL
- Desktop Services
- Disk Images
- Directory Services
- Dovecot
- Event Monitor
- FreeRADIUS
- FTP Server
- iChat Server
- ImageIO
- Image RAW
- Libsystem
- Mailman
- MySQL
- OS Services
- Password Server
- perl
- PHP
- Podcast Producer
- Preferences
- PS Normalizer
- Quicktime
- Ruby
- Server Admin
- SMB
- Tomcat
- unzip
- vim
- Wiki Server
- X11
- xar
Please refer to Apple's OS X 10.5.x and 10.6.x alert for more details
As an aside, if you haven't installed the Safari update Apple released earlier this month, we recommend you install it as well.
Solution Path:
Apple has released OS X Security Update 2010-002 and 10.6.3 to fix these security issues. OS X administrators should download, test, and deploy the corresponding update as soon as they can.
Note: If you have trouble figuring out which of these patches corresponds to your version of OS X, we recommend that you let OS X's Software Update utility pick the correct updates for you automatically.
Apple has released OS X Security Update 2010-002 and 10.6.3 to fix these security issues. OS X administrators should download, test, and deploy the corresponding update as soon as they can.
- Security Update 2010-001 (Leopard)
- Security Update 2010-001 (Leopard Server)
- Mac OS X v10.6.3 Update (Snow Leopard)
- Mac OS X v10.6.3 Update (Snow Leopard Combo)
- Mac OS X Server v10.6.3 Update (Snow Leopard Server)
- Mac OS X Server v10.6.3 Update (Snow Leopard Server Combo)
Note: If you have trouble figuring out which of these patches corresponds to your version of OS X, we recommend that you let OS X's Software Update utility pick the correct updates for you automatically.
For All Users:
These flaws enable many diverse exploitation methods. Some of the exploits are local, meaning that your perimeter firewall never encounters the attack (unless you use firewalls internally between departments). Installing these updates, therefore, is the most secure course of action.
Status:
Apple has released updates to fix these issues.
References:
This alert was researched and written by Corey Nachreiner, CISSP.
These flaws enable many diverse exploitation methods. Some of the exploits are local, meaning that your perimeter firewall never encounters the attack (unless you use firewalls internally between departments). Installing these updates, therefore, is the most secure course of action.
Status:
Apple has released updates to fix these issues.
References:
This alert was researched and written by Corey Nachreiner, CISSP.
Posted on Sunday April 04, 2010
no comments
Severity: High
30 March, 2010
Summary:
30 March, 2010
Summary:
- This vulnerability affects: Internet Explorer 8 and all earlier versions, running on all current versions of Windows
- How an attacker exploits it: By enticing one of your users to visit a malicious web page
- Impact: In the worst case, an attacker can execute code on your user's computer, gaining complete control of it
- What to do: Deploy the appropriate Internet Explorer patches immediately
Exposure:
In an out-of-cycle security bulletin released today, Microsoft describes nine new vulnerabilities in Internet Explorer (IE) 8.0 and earlier versions, running on all current versions of Windows (including Windows 7 and Windows Server 2008). One of the corrected vulnerabilities includes a critical zero day flaw that attackers have exploited in the wild since at least early March. For more information about this previously reported zero day IE flaw, see our Wire post on the subject.
The nine vulnerabilities differ technically, but seven of them share the same general scope and impact. These seven flaws involve various memory corruption issues having to do with how IE handles certain HTML objects and memory constructs. If an attacker can lure one of your users to a web page containing malicious web code, he could exploit any one of these vulnerabilities to execute code on that user's computer, inheriting that user's privileges. Typically, Windows users have local administrative privileges. In that case, the attacker could exploit these flaws to gain complete control of the victim's computer. The remaining two vulnerabilities are less risky information disclosure flaws.
If you'd like to know more about the technical differences between these flaws, see the "Vulnerability Information" section of Microsoft's bulletin. Technical differences aside, all of these IE flaws pose significant risk - especially, the zero day vulnerability that attackers have been exploiting in the wild. You should download and install this emergency IE patch immediately.
Keep in mind, today's attackers commonly hijack legitimate web pages and booby-trap them with malicious code. They do this via hosted web ads or through SQL injection attacks. Even recognizable and authentic websites could pose a risk to your users if hijacked in this way.
In an out-of-cycle security bulletin released today, Microsoft describes nine new vulnerabilities in Internet Explorer (IE) 8.0 and earlier versions, running on all current versions of Windows (including Windows 7 and Windows Server 2008). One of the corrected vulnerabilities includes a critical zero day flaw that attackers have exploited in the wild since at least early March. For more information about this previously reported zero day IE flaw, see our Wire post on the subject.
The nine vulnerabilities differ technically, but seven of them share the same general scope and impact. These seven flaws involve various memory corruption issues having to do with how IE handles certain HTML objects and memory constructs. If an attacker can lure one of your users to a web page containing malicious web code, he could exploit any one of these vulnerabilities to execute code on that user's computer, inheriting that user's privileges. Typically, Windows users have local administrative privileges. In that case, the attacker could exploit these flaws to gain complete control of the victim's computer. The remaining two vulnerabilities are less risky information disclosure flaws.
If you'd like to know more about the technical differences between these flaws, see the "Vulnerability Information" section of Microsoft's bulletin. Technical differences aside, all of these IE flaws pose significant risk - especially, the zero day vulnerability that attackers have been exploiting in the wild. You should download and install this emergency IE patch immediately.
Keep in mind, today's attackers commonly hijack legitimate web pages and booby-trap them with malicious code. They do this via hosted web ads or through SQL injection attacks. Even recognizable and authentic websites could pose a risk to your users if hijacked in this way.
Solution Path:
These patches fix serious issues. You should download, test, and deploy the appropriate IE patches immediately, or let Windows Automatic Update do it for you.
Internet Explorer 5.01
Internet Explorer 6.0
Internet Explorer 7.0
Internet Explorer 8.0
* Note: These flaws do not affect Windows Server 2008 administrators who installed using the Server Core installation option.
These patches fix serious issues. You should download, test, and deploy the appropriate IE patches immediately, or let Windows Automatic Update do it for you.
Internet Explorer 5.01
Internet Explorer 6.0
- For Windows 2000
- For Windows XP
- For Windows XP x64
- For Windows Server 2003
- For Windows Server 2003 x64
- For Windows Server 2003 Itanium
Internet Explorer 7.0
- For Windows XP
- For Windows XP x64
- For Windows Server 2003
- For Windows Server 2003 x64
- For Windows Server 2003 Itanium
- For Windows Vista
- For Windows Vista x64
- For Windows Server 2008 *
- For Windows Server 2008 x64 *
- For Windows Server 2008 Itanium
Internet Explorer 8.0
- For Windows XP
- For Windows XP x64
- For Windows Server 2003
- For Windows Server 2003 x64
- For Windows Vista
- For Windows Vista x64
- For Windows Server 2008 *
- For Windows Server 2008 x64 *
- For Windows 7
- For Windows 7 x64
- For Windows Server 2008
- For Windows Server 2008 x64
* Note: These flaws do not affect Windows Server 2008 administrators who installed using the Server Core installation option.
For All WatchGuard Users:
These attacks travel as normal-looking HTTP traffic, which you must allow if your network users need to access the World Wide Web. Therefore, the patches above are your best solution.
Status:
Microsoft has released patches to fix these vulnerabilities.
References:
This alert was researched and written by Corey Nachreiner, CISSP.
These attacks travel as normal-looking HTTP traffic, which you must allow if your network users need to access the World Wide Web. Therefore, the patches above are your best solution.
Status:
Microsoft has released patches to fix these vulnerabilities.
References:
This alert was researched and written by Corey Nachreiner, CISSP.
Posted on Sunday April 04, 2010
no comments
Malicious Media Files Usurp QuickTime and iTunes
Severity: Medium
30 March, 2009
Severity: Medium
30 March, 2009
Summary:
- These vulnerabilities affect: QuickTime 7.6.x and iTunes 9.x running on any platform
- How an attacker exploits them: Multiple vectors of attack, including enticing your user to view maliciously crafted images or videos, or to visit a malicious website
- Impact: In the worst case, an attacker could execute code on your user's computer, potentially gaining complete control of it
- What to do: Install QuickTime 7.6.6 and iTunes 9.1 for Windows or OS X
Exposure:
Today, Apple released two security updates [ Quick Time / iTunes ] to fix several vulnerabilities in QuickTime 7.6.x and iTunes 9.x running on Windows or OS X computers.
The QuickTime update fixes sixteen security issues (number based on CVE-IDs) involving how QuickTime handles certain image and video files. While the vulnerabilities differ technically, they share the same basic scope and impact. If an attacker can trick one of your users into viewing a maliciously crafted image or video in QuickTime, he could exploit any of these flaws to execute code on that user's computer, with that user's privileges. In Windows environments, users typically have local administrator access on their computers, meaning the attacker could leverage these vulnerabilities to gain complete control of their machines. However, OS X separates user accounts from the root account. So attackers can only exploit these flaws to gain user-level privileges on OS X machines.
Apple's iTunes update corrects seven security issues (number based on CVE-IDs), the worst of which have to do with how iTunes handles certain image and media files. Like the QuickTime flaws above, if an attacker can trick one of your users into viewing a maliciously crafted image or media file in iTunes, the worst of these flaws could be exploited to execute code on that user's computer, with that user's privileges. In Windows, this often means the attacker gains control of your user's computer. On a Mac, the attacker only gains user-level privileges. However, another of the iTunes vulnerabilities can allow local users to gain system privileges, so an attacker could leverage a combination of these vulnerabilities to gain complete control of a Mac as well.
If you allow the use of QuickTime or iTunes in your network, we recommend you download and install the latest versions as soon as possible. Keep in mind, iTunes now ships with QuickTime. If you have iTunes, you'll likely need both updates.
Today, Apple released two security updates [ Quick Time / iTunes ] to fix several vulnerabilities in QuickTime 7.6.x and iTunes 9.x running on Windows or OS X computers.
The QuickTime update fixes sixteen security issues (number based on CVE-IDs) involving how QuickTime handles certain image and video files. While the vulnerabilities differ technically, they share the same basic scope and impact. If an attacker can trick one of your users into viewing a maliciously crafted image or video in QuickTime, he could exploit any of these flaws to execute code on that user's computer, with that user's privileges. In Windows environments, users typically have local administrator access on their computers, meaning the attacker could leverage these vulnerabilities to gain complete control of their machines. However, OS X separates user accounts from the root account. So attackers can only exploit these flaws to gain user-level privileges on OS X machines.
Apple's iTunes update corrects seven security issues (number based on CVE-IDs), the worst of which have to do with how iTunes handles certain image and media files. Like the QuickTime flaws above, if an attacker can trick one of your users into viewing a maliciously crafted image or media file in iTunes, the worst of these flaws could be exploited to execute code on that user's computer, with that user's privileges. In Windows, this often means the attacker gains control of your user's computer. On a Mac, the attacker only gains user-level privileges. However, another of the iTunes vulnerabilities can allow local users to gain system privileges, so an attacker could leverage a combination of these vulnerabilities to gain complete control of a Mac as well.
If you allow the use of QuickTime or iTunes in your network, we recommend you download and install the latest versions as soon as possible. Keep in mind, iTunes now ships with QuickTime. If you have iTunes, you'll likely need both updates.
Solution Path:
Apple has released QuickTime 7.6.6 and iTunes 9.1 to fix these security issues. Windows and OS X administrators should download, test, and deploy the appropriate updates as soon as possible.
Apple has released QuickTime 7.6.6 and iTunes 9.1 to fix these security issues. Windows and OS X administrators should download, test, and deploy the appropriate updates as soon as possible.
For All Users:
Because these QuickTime flaws involve so many different media types (many of which are essential for doing business), trying to block exploitable file types using your firewall may not be the best way to support your organization's mission. Instead, your best solution is to download and install Apple's fixes.
Because these QuickTime flaws involve so many different media types (many of which are essential for doing business), trying to block exploitable file types using your firewall may not be the best way to support your organization's mission. Instead, your best solution is to download and install Apple's fixes.
Status:
Apple has released updates to fix these issues.
Apple has released updates to fix these issues.
References:
This alert was researched and written by Corey Nachreiner, CISSP.
This alert was researched and written by Corey Nachreiner, CISSP.
Search
Recent Posts