John Ellis CPA at the John Ellis Company: 2012

Monday, December 31, 2012

WEEKEND VULNERABILITY AND PATCH REPORT

December 30, 2012

The following software vulnerabilities and updates were announced last week. Citadel Information Group strongly recommends that readers update their computers and take other action as indicated. This is from an e-mail received from Stan Stahl, Ph.D. [www.citadel-information.com]

Important Security Updates

VLC Media Player: VideoLan has released version 2.0.5. The update is available from VideoLAN's website.

Current Software Versions

Adobe Flash 11.5.502.135 [Windows 7: IE9, Firefox, Mozilla, Netscape, Opera]

Adobe Flash 11.3.377.15 [Windows 8: IE]

Adobe Flash 11.5.502.136 [Macintosh OS X: Firefox, Opera, Safari]

Adobe Reader 11.0 [Warning; see below]

Dropbox 1.6.10 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]

Firefox 17.0.1 [Windows]

Google Chrome 23.0.1271.97

Internet Explorer 9.0.8112.16421

Java SE 7 Update 10 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have particular web sites that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser - such as Chrome, IE9, Safari, etc - with Java enabled to browse only the sites that require it.]

QuickTime 7.7.3 (1680.64)

Safari 5.1.7 [Windows, See warning below]

Safari 6.0.2 [Mac OS X]

Skype 6.0.0.126

Newly Announced Unpatched Vulnerabilities

Microsoft Internet Explorer: Secunia reports an extremely critical vulnerability in Internet Explorer's previous versions 6, 7, and 8. This vulnerability is currently being actively exploited in targeted attacks. Update to the latest version through the Control Panel.

For Your IT Department

Novell eDirectory: Secunia reports at least 4 moderately critical vulnerabilities in Novell's eDirectory; Windows platform only. Update to version 8.8.7.2 or 8.8.6.7.

Novell iPrint Client: Secunia reports a highly critical vulnerability in Novell's iPrint Client. Update to version 5.82.

Important Unpatched Vulnerabilities

Adobe Reader / Acrobat Multiple Vulnerabilities: Secunia reports highly critical vulnerabilities in Reader X and Acrobat X versions 10.1.4 and prior for Windows and Macintosh; Reader and Acrobat versions 9.5.2 and prior for Windows and Macintosh; and Reader for Linux versions 9.4.7 and prior. Secunia reports several additional highly critical vulnerabilities in versions 9 and X of Reader and Acrobat. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, August 19, 2012.

Android Browser: Secunia reports a less critical vulnerability in the Android browser that can be exploited to trick a user into believing he is connected to a trusted site by including the trusted site in an iframe. The vulnerability is confirmed in Browser version 2.3.3 included in Android version 2.3.3 and Browser version 3.2 included in Android version 3.2. Other versions may also be affected. Users are cautioned to not rely on displayed certificate information. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, December 25, 2011.

AOL downloadUpdater2 Firefox Plugin: Secunia reports a highly critical vulnerability in version 1.3.0.0. Other versions may also be affected. No solution is currently available. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, August 12, 2012.

Apple Safari for Windows: Secunia reports a moderately critical vulnerability in Apple's Safari version 5.1.2 (7534.52.7) on Windows using the RealPlayer and Adobe Flash plug-ins. Other versions may also be affected. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, March 11, 2012.

Apple Safari for Windows: Secunia reports a non-critical unpatched vulnerability in Safari 5.1.2. Other versions may also be affected. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, December 25, 2011.

CA ARCserve Backup: Secunia reports a less critical vulnerability in CA's ARCserver Backup in versions 12.0, 12.5, 15, and 16. CA provides a partial fix solution and advises updating to a fixed version. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, March 25, 2012.

HTC Mobile Devices: The security vulnerability in the default Twitter application (Peep) in HTC products remain unpatched. Readers should refrain from using the default Twitter application (Peep). We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, February 11, 2011.

HTC Touch2: The highly critical 0-day vulnerability in the HTC Touch2 VideoPlayer remains unpatched. Users are advised to not open files from untrusted sources. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, December 18, 2011.

McAfee SaaS: The highly critical vulnerability in McAfee SaaS Endpoint Protection remains unpatched. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, January 22, 2012.

Microsoft Windows XP: A less-critical security vulnerability has been found in Windows XP which can be exploited by malicious, local users to disclose potentially sensitive information or cause a DoS (Denial of Service). No patch is available at this time. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, August 7, 2011.

Microsoft Word: A highly critical vulnerability has been found in Microsoft Word XP and 2002. No patch is available at this time. Readers should refrain from opening untrusted files in these earlier versions of Word. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, June 19, 2011.

Microsoft Reader: The highly critical vulnerability in Microsoft Reader, versions 2.x, remains unpatched. Readers should refrain from opening untrusted files in Reader. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, April 15, 2011.

PDF-Pro: Several highly critical vulnerabilities in PDF-Pro, a popular alternative to Adobe Acrobat, remain unpatched. Readers should refrain from opening untrusted files in PDF-Pro. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, March 4, 2011.

Quick View Plus CorelDRAW: A highly critical vulnerability has been found in Quick View Plus which can be exploited by malicious people to compromise a user's system. Users should not view untrusted CDR files in Quick View Plus. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, July 31, 2011.

Samsung / Dell Printers: Secunia reports a moderately critical security issue in Samsung's ML-2580 and ML-4050 Monochrome Laser Printers and Dell's 2145cn and 2335dn Multifunction Printers. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, December 2, 2012.

Samsung Galaxy S III: Secunia reports two highly critical vulnerabilities in the Galaxy S3 device. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, October 14, 2012.

Symantec pcAnywhere: As we reported in our Cyber Security News of the Week, January 29, 2012, Symantec has confirmed that the hacker group Anonymous stole source code from the 2006 versions of several Norton security products and the pcAnywhere remote access tool. Symantec has advised users to disable pcAnywhere because of the theft of the pcAnywhere source code.

VLC Media Player: As we reported in our Cyber Security News of the Week, December 16, 2012, Secunia reports a highly critical vulnerability in the VLC Media Player. No patch is available at this time.

ACD Systems: Citadel recommends users remove all ACD Systems programs from their computers. ACD Systems has failed to patch significant critical vulnerabilities in their programs dating back more than a year. Consequently Citadel recommends users remove all ACD Systems programs from their computers until the company fixes these vulnerabilities and pays proper attention to the implications of their security vulnerabilities in opening doors to cyber criminals . The community cannot tolerate a head-in-the-sand attitude, whether by developers or the people who purchase and use their programs. The consequences of willful ignorance are too grave.

ACD Systems Canvas: Secunia reports at least 13 highly critical unpatched vulnerabilities in ACD Systems Canvas version 14. See Weekend Vulnerability and Patch Report, August 5, 2012.
ACDSee 14.x: Secunia reports a highly critical unpatched vulnerability in ACDSee. See Weekend Vulnerability and Patch Report, February 19, 2012.
ACDSee Photo: Several highly critical unpatched vulnerabilities have been identified in various ACDSee photo products. Vulnerabilities have been identified in FotoSlate, Photo Editor 2008, and Picture Frame Manager. See Weekend Vulnerability and Patch Report, June 12, 2011. See also Weekend Vulnerability and Patch Report, September 18, 2011 where we alerted readers to a second vulnerability in FotoSlate.
ACD Systems Canvas CorelDRAW: A highly critical unpatched vulnerability has been found in ACD Systems Canvas which can be exploited by malicious people to compromise a user's system.. See Weekend Vulnerability and Patch Report, July 31, 2011.

If you are responsible for the security of your computer, our weekly report is for you. We strongly urge you to take action to keep your workstation patched and updated.

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.

Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that "exploit" vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer's computers.

Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week's important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.

Wednesday, December 26, 2012

WHAT HAPPENS WHEN A CORPORATION DOES NOT PAY THEIR PAYROLL TAXES?

When a corporation has unpaid payroll taxes, those who are responsible for the payment of the tax will be held personally responsible for 100% of the employee share of the tax. This is called Trust Fund Recovery Penalty. A responsible person is defined as a person who (1) is aware of the payroll tax liability, (2) has the ability to pay the tax and (3) acted willfully not to pay, regardless of the reason. This “Penalty” will be assessed when it is determined the corporation is either unwilling or unable to pay the tax. The person could either be an officer, board member or even the bookkeeper.

In most cases the IRS will assume all officers and board member are responsible persons [regardless of the facts and circumstances] and will automatically assess 100% of the trust fund penalty against each officer and board member. Generally an officer or board member will need to go to court to show they are not a responsible person. Except in bankruptcy proceedings, before the individual is eligible to go to court they first need to pay the Trust Fund Penalty, and then sue in court for a refund.

An example of this is in the court case of Skoczylas v. the U.S. [Skoczylas v. USA, 09 Civ. 2035 (ILG) (RML), NYLJ 1202582026679, at *1 (EDNY, Decided December 3, 2012)]. The IRS automatically assessed the Trust Fund Penalty against a board member but in court was denied summary judgment and awarded the board member a refund. Even though the individual was a director of the corporation, material fact issues remained as to whether she was responsible person who acted willfully with regard to corporation’s tax debts. Although she was director, she didn't manage corporation’s day-to-day affairs and lacked decision making authority over paying debts even though she had some check-signing authority. In addition it was unclear as to whether creditors ran the corporation during bankruptcy and/or if she had actual control over the checkbook and bank accounts. It was also undisputed that the CEO was a responsible person who acted willfully.

Please contact this office if you have any questions or need assistance.

Monday, December 24, 2012

WEEKEND VULNERABILITY AND PATCH REPORT

December 23, 2012

important Security Updates

Foxit Reader: Foxit has released version 5.4.4.1128. The update is available from Foxit's website.

Java: Java SE 7 Update 10 is available from Java's website. Java is a major source of cyber criminal exploits. Citadel recommends removing or disabling Java from your browser. See below for more information.

Opera: Opera Software has released version 12.12 of its Opera browser to correct a highly critical security vulnerability. The update is available from Opera Software's website. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, December 9, 2012.

RealPlayer: RealPlayer has released version 16.0.0.282 to fix 2 highly critical vulnerabilities in previous versions. The update is available from Real Networks.

Current Software Versions

Adobe Flash 11.5.502.135 [Windows 7: IE9, Firefox, Mozilla, Netscape, Opera]

Adobe Flash 11.3.377.15 [Windows 8: IE]

Adobe Flash 11.5.502.136 [Macintosh OS X: Firefox, Opera, Safari]

Adobe Reader 11.0 [Warning; see below]

Firefox 17.0.1 [Windows]

Google Chrome 23.0.1271.97

Internet Explorer 9.0.8112.16421

QuickTime 7.7.3 (1680.64)

Safari 5.1.7 [Windows, See warning below]

Safari 6.0.2 [Mac OS X]

Skype 6.0.0.126

Newly Announced Unpatched Vulnerabilities

D-Link DCS-932L: Secunia reports a less critical vulnerability in D-Link's DCS-932L device in firmware version 1.02. Other versions may also be affected.

For Your IT Department

Oracle Java: Secunia reports at least 26 highly critical vulnerabilities in Oracle's version of Java. Apply 10/12 SRU 2.5.

SonicWALL SonicOS: Secunia reports a less critical vulnerability in SonicWALL's SonicOS in versions prior to 5.8.1.9. Update to version 5.8.1.9.

VMware ESXi: Secunia reports at least 10 moderately critical vulnerabilities in versions 5.1 and 5.0 of VMWare's ESXi . Apply patches.

VMware vCenter Server: Secunia reports at least 2 critical vulnerabilities in versions 5.1 and 5.0 of VMWare's vCenter Server. Apply patches.

Important Unpatched Vulnerabilities

ACD Systems Canvas: Secunia reports at least 13 highly critical unpatched vulnerabilities in ACD Systems Canvas version 14. See Weekend Vulnerability and Patch Report, August 5, 2012.
ACDSee 14.x: Secunia reports a highly critical unpatched vulnerability in ACDSee. See Weekend Vulnerability and Patch Report, February 19, 2012.
ACDSee Photo: Several highly critical unpatched vulnerabilities have been identified in various ACDSee photo products. Vulnerabilities have been identified in FotoSlate, Photo Editor 2008, and Picture Frame Manager. See Weekend Vulnerability and Patch Report, June 12, 2011. See also Weekend Vulnerability and Patch Report, September 18, 2011 where we alerted readers to a second vulnerability in FotoSlate.
ACD Systems Canvas CorelDRAW: A highly critical unpatched vulnerability has been found in ACD Systems Canvas which can be exploited by malicious people to compromise a user's system.. See Weekend Vulnerability and Patch Report, July 31, 2011.

If you are responsible for the security of your computer, our weekly report is for you. We strongly urge you to take action to keep your workstation patched and updated.

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.

Wednesday, December 19, 2012

Employee Miss-Classification Amnesty

For many years, many employers have miss-classified employees as independent contractors, which is in violation of Federal and State law. The IRS has an amnesty program called Voluntary Classification Settlement Program (VCSP). It is important to note that many states do not have a similar program and will levy heavy penalties for miss-classification of employees.

Employers are now allowed to voluntarily reclassify workers as employees and receive relief from payroll taxes otherwise owed and will not notify the state. Traditionally there is an exchange of information program between the IRS and many states, but in this case the IRS has promised to omit VCSP from information sharing. To qualify the employer must (1) consistently treated the workers as nonemployees, (2) filed all required Form 1099s for the workers in the previous three years, and (3) is not currently under audit by the IRS or the Department of Labor. The IRS is providing temporary relief through 6/30/13 to allow taxpayers, who have not filed all required Form 1099s for the previous three years and modified eligibility requirements to allow taxpayers under IRS audit, other than an employment tax audit, to participate in the VCSP program.

Because there might be unintentional employment legal issues one should consult with a labor attorney first.

Please contact our office if you need more information

Monday, December 17, 2012

Weekend Vulnerability and Patch Report

December 16, 2012

The following software vulnerabilities and updates were announced last week. Citadel Information Group strongly recommends that readers update their computers and take other action as indicated.

Important Security Updates

Adobe Flash and AIR: Adobe has released updates to its Flash Player and AIR software that address at least three highly critical vulnerabilities. The latest Flash versions can be downloaded from Adobe's Flash Player Distribution page. Updates for Adobe AIR are available from this link.

Apple iTunes: Apple has released iTunes 11.0.1. The update is available from iTunes

Dropbox: Dropbox has updated to version 1.6.5. The update is available from the Dropbox web site.

Google Chrome: Google has released Chrome 23.0.1271.97 to fix a highly critical vulnerability in Chrome. The update is available from About Google Chrome in the program.

Microsoft: Microsoft has issued seven update bundles to fix at least 10 vulnerabilities in Windows, Internet Explorer and other software. Updates are available through the Control Panel.

Current Software Versions

Adobe Flash 11.5.502.135 [Windows 7: IE9, Firefox, Mozilla, Netscape, Opera]

Adobe Flash 11.3.377.15 [Windows 8: IE]

Adobe Flash 11.5.502.135 [Macintosh OS X: Firefox, Opera, Safari]

Adobe Reader 11.0 [Warning; see below]

Apple QuickTime 7.7.3 (1680.64)

Apple Safari 5.1.7 [Windows, See warning below]

Apple Safari 6.0.2 [Mac OS X]

Dropbox 1.6.5 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]

Firefox 17.0.1 [Windows]

Google Chrome 23.0.1271.97

Internet Explorer 9.0.8112.16421

Java SE 7 Update 09 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have particular web sites that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser - such as Chrome, IE9, Safari, etc - with Java enabled to browse only the sites that requires it.]

Newly Announced Unpatched Vulnerabilities

VLC Media Player: Secunia reports a highly critical vulnerability in the VLC Media Player. No patch is available at this time.

For Your IT Department

Cisco Wireless LAN Controller: Secunia reports a vulnerability affecting versions 5.x, 6.x, and 7.0 through 7.4. No patch is available at this time.

Symantec Endpoint Protection Management Console: Secunia reports a vendor patch is available to fix a moderately critical vulnerability.

Important Unpatched Vulnerabilities

Opera: The highly critical vulnerability in Opera versions 12.x remains unpatched. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, December 9, 2012.

Symantec pcAnywhere:As we reported in our Cyber Security News of the Week, January 29, 2012, Symantec has confirmed that the hacker group Anonymous stole source code from the 2006 versions of several Norton security products and the pcAnywhere remote access tool. Symantec has advised users to disable pcAnywhere because of the theft of the pcAnywhere source code.

ACD Systems Canvas: Secunia reports at least 13 highly critical unpatched vulnerabilities in ACD Systems Canvas version 14. See Weekend Vulnerability and Patch Report, August 5, 2012.
ACDSee 14.x: Secunia reports a highly critical unpatched vulnerability in ACDSee. See Weekend Vulnerability and Patch Report, February 19, 2012.
ACDSee Photo: Several highly critical unpatched vulnerabilities have been identified in various ACDSee photo products. Vulnerabilities have been identified in FotoSlate, Photo Editor 2008, and Picture Frame Manager. See Weekend Vulnerability and Patch Report, June 12, 2011. See also Weekend Vulnerability and Patch Report, September 18, 2011 where we alerted readers to a second vulnerability in FotoSlate.
ACD Systems Canvas CorelDRAW: A highly critical unpatched vulnerability has been found in ACD Systems Canvas which can be exploited by malicious people to compromise a user's system.. See Weekend Vulnerability and Patch Report, July 31, 2011.

If you are responsible for the security of your computer, our weekly report is for you. We strongly urge you to take action to keep your workstation patched and updated.

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.

John Ellis CPA at the John Ellis Company

Monday, December 31, 2012

Important Security Updates

Current Software Versions

Newly Announced Unpatched Vulnerabilities

For Your IT Department

Important Unpatched Vulnerabilities

Wednesday, December 26, 2012

Monday, December 24, 2012

important Security Updates

Current Software Versions

Newly Announced Unpatched Vulnerabilities

For Your IT Department

Important Unpatched Vulnerabilities

Wednesday, December 19, 2012

Monday, December 17, 2012

Important Security Updates

Current Software Versions

Newly Announced Unpatched Vulnerabilities

For Your IT Department

Important Unpatched Vulnerabilities

8 hour New York Gold Chart [$US Dollar price per ounce]

Oil Price Dashboard

Blog Archive

About The John Ellis Company

Followers