John Ellis CPA at the John Ellis Company: October 2012

Monday, October 29, 2012

WEEKEND VULNERABILITY AND PATCH REPORT

October 28, 2012

The following software vulnerabilities and updates were announced last week. Citadel Information Group strongly recommends that readers update their computers and take other action as indicated. This is from an e-mail received from Stan Stahl, Ph.D. [www.citadel-information.com].

IMPORTANT SECUROITY UPDATES

Adobe Shockwave Player: Adobe has released an update to its Shockwave Player to fix multiple vulnerabilities in version 11.6.7.637 and earlier versions for Windows and Macintosh. Download the latest release from Adobe's website.

Mozilla Firefox: Mozilla has released an update to Firefox. Update to version 16.0.2 through the browser.

CURRENT SOFTWARE VERSIONS

Adobe Flash 11.4.402.287 [Windows: Internet Explorer, Firefox, Mozilla, Netscape, Opera, and Safari]

Adobe Flash 11.4.402.287 [Mac OS X: Firefox, Opera, Safari]

Adobe Reader 11.0 [Warning; see below]

Apple QuickTime 7.7.2

Apple Safari 5.1.7 [Warning; see below]

Google Chrome 22.0.1229.94

Internet Explorer 9.0.8112.16421

Java SE 7 Update 09 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have particular web sites that require Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plug-in in Firefox and use an alternative browser - such as Chrome, IE9, Safari, etc - with Java enabled to browse only the sites that requires it.]

Mozilla Firefox 16.0.2

FOR YOUR IT DEPARTMENT

IBM Websphere: IBM has released updates to fix at least 6 moderately critical vulnerabilities in some of its WebSphere MQ product. Apply Fix Pack 7.0.1.10 (when it becomes available) or Interim Fix APAR IC87301.

IMPORTANT UNPATCHED VULNERABILITIES

Adobe Reader / Acrobat Multiple Vulnerabilities: Secunia reports highly critical vulnerabilities in Reader X and Acrobat X versions 10.1.4 and prior for Windows and Macintosh; Reader and Acrobat versions 9.5.2 and prior for Windows and Macintosh; and Reader for Linux versions 9.4.7 and prior. Secunia reports several additional highly critical vulnerabilities in versions 9 and X of Reader and Acrobat. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, August 19, 2012.

Android Browser: Secunia reports a less critical vulnerability in the Android browser that can be exploited to trick a user into believing he is connected to a trusted site by including the trusted site in an frame. The vulnerability is confirmed in Browser version 2.3.3 included in Android version 2.3.3 and Browser version 3.2 included in Android version 3.2. Other versions may also be affected. Users are cautioned to not rely on displayed certificate information. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, December 25, 2011.

AOL downloadUpdater2 Firefox Plugin: Secunia reports a highly critical vulnerability in version 1.3.0.0. Other versions may also be affected. No solution is currently available. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, August 12, 2012.

Apple Safari for Windows: Secunia reports a moderately critical vulnerability in Apple's Safari version 5.1.2 (7534.52.7) on Windows using the RealPlayer and Adobe Flash plug-ins. Other versions may also be affected. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, March 11, 2012.

Apple Safari for Windows: Secunia reports a non-critical unpatched vulnerability in Safari 5.1.2. Other versions may also be affected. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, December 25, 2011.

CA ARCserve Backup: Secunia reports a less critical vulnerability in CA's ARCserver Backup in versions 12.0, 12.5, 15, and 16. CA provides a partial fix solution and advises updating to a fixed version. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, March 25, 2012.

HTC Mobile Devices: The security vulnerability in the default Twitter application (Peep) in HTC products remain unpatched. Readers should refrain from using the default Twitter application (Peep). We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, February 11, 2011.

HTC Touch2: The highly critical 0-day vulnerability in the HTC Touch2 VideoPlayer remains unpatched. Users are advised to not open files from untrusted sources. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, December 18, 2011.

McAfee SaaS: The highly critical vulnerability in McAfee SaaS Endpoint Protection remains unpatched. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, January 22, 2012.

Microsoft Windows XP: A less-critical security vulnerability has been found in Windows XP which can be exploited by malicious, local users to disclose potentially sensitive information or cause a DoS (Denial of Service). No patch is available at this time. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, August 7, 2011.

Microsoft Word: A highly critical vulnerability has been found in Microsoft Word XP and 2002. No patch is available at this time. Readers should refrain from opening untrusted files in these earlier versions of Word. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, June 19, 2011.

Microsoft Reader: The highly critical vulnerability in Microsoft Reader, versions 2.x, remains unpatched. Readers should refrain from opening untrusted files in Reader. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, April 15, 2011.

PDF-Pro: Several highly critical vulnerabilities in PDF-Pro, a popular alternative to Adobe Acrobat, remain unpatched. Readers should refrain from opening untrusted files in PDF-Pro. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, March 4, 2011.

Quick View Plus CorelDRAW: A highly critical vulnerability has been found in Quick View Plus which can be exploited by malicious people to compromise a user's system. Users should not view untrusted CDR files in Quick View Plus. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, July 31, 2011.

Samsung Galaxy S III: Secunia reports two highly critical vulnerabilities in the Galaxy S3 device. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, October 14, 2012.

Symantec pcAnywhere:As we reported in our Cyber Security News of the Week, January 29, 2012, Symantec has confirmed that the hacker group Anonymous stole source code from the 2006 versions of several Norton security products and the pcAnywhere remote access tool. Symantec has advised users to disable pcAnywhere because of the theft of the pcAnywhere source code.

ACD Systems: Citadel recommends users remove all ACD Systems programs from their computers. ACD Systems has failed to patch significant critical vulnerabilities in their programs dating back more than a year. Consequently Citadel recommends users remove all ACD Systems programs from their computers until the company fixes these vulnerabilities and pays proper attention to the implications of their security vulnerabilities in opening doors to cyber criminals . The community cannot tolerate a head-in-the-sand attitude, whether by developers or the people who purchase and use their programs. The consequences of willful ignorance are too grave.

ACD Systems Canvas: Secunia reports at least 13 highly critical unpatched vulnerabilities in ACD Systems Canvas version 14. See Weekend Vulnerability and Patch Report, August 5, 2012.
ACDSee 14.x: Secunia reports a highly critical unpatched vulnerability in ACDSee. See Weekend Vulnerability and Patch Report, February 19, 2012.
ACDSee Photo: Several highly critical unpatched vulnerabilities have been identified in various ACDSee photo products. Vulnerabilities have been identified in FotoSlate, Photo Editor 2008, and Picture Frame Manager. See Weekend Vulnerability and Patch Report, June 12, 2011. See also Weekend Vulnerability and Patch Report, September 18, 2011 where we alerted readers to a second vulnerability in FotoSlate.
ACD Systems Canvas CorelDRAW: A highly critical unpatched vulnerability has been found in ACD Systems Canvas which can be exploited by malicious people to compromise a user's system.. See Weekend Vulnerability and Patch Report, July 31, 2011.

If you are responsible for the security of your computer, our weekly report is for you. We strongly urge you to take action to keep your workstation patched and updated.

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.

Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that "exploit" vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find vulnerability, they usually issue an update patch to fix the code running in their customer's computers.

Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week's important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.

Thursday, October 25, 2012

Gifting Consequences to Think About

Frequently, taxpayers think that gifts of cash, securities, or other assets they give to other individuals are tax-deductible and, in turn, the gift recipient sometimes thinks income tax must be paid on the gift received. Nothing is further from the truth. To fully understand the ramifications of gifting, one needs to realize that gift tax laws are interrelated with estate tax laws.

When a taxpayer dies, his or her gross estate (to the extent it exceeds the excludable amount for the year) is subject to estate taxes. The exclusion for taxpayers dying in 2012 is $5.12 million. In addition, there is an unlimited spousal deduction for married couples. The amounts in excess of these exclusions are subject to inheritance taxes as high as 35%. Naturally, individuals want to do whatever they can to maximize the inheritance to their beneficiaries and limit the amount of inheritance tax on the estate. Since giving away one's assets before he/she dies reduces the individual's gross estate, the government has placed limits on gifts, and if those gifts exceed the limit, they are subject to gift tax that must be paid by the giver.

Gift Tax Exclusions – Certain gifts are excluded from the gift tax.

· Annual Exclusion – This is the annual amount that an individual can give to any number of recipients. This amount is adjusted for inflation, and for 2012, it is $13,000 (increases to $14,000 in 2013). For example, a taxpayer with five children can give $13,000 to each child in 2012 without any gift tax consequences or the need to file a gift tax return. This amount includes all gifts made to the individual during the year, including birthday, holiday, and special occasion presents, as well as one-time gifts of money or property. The taxpayer cannot deduct the gifts, and the gifts are not taxable to the recipients. Generally, for a gift to qualify for the annual exclusion, it must be a gift of a “present interest.” That is, the recipient's enjoyment of the gift can't be postponed into the future. There is an exception to the present interest rule where the recipient is a minor and the terms of a trust provide that the income and property may be spent by or for the minor before the minor reaches the age of 21, with the balance going to the child at age 21. This allows parents to set assets aside for future distribution to their children while taking advantage of the annual exclusion in the year the trust is set up.

· Lifetime Limit - In addition to the annual amounts, taxpayers can use a portion of the federal estate tax exemption (it is actually in the form of a credit) to offset an additional $5.12 million during their lifetime without gift tax consequences. Note that the $5.12 million is for 2012 and is expected to be substantially lower once Congress decides upon the 2013 rates. However, to the extent this credit is used against a gift tax liability, it reduces the credit available for use against the federal estate tax at the taxpayer's death.

· Education & Medical Exclusion - In addition to the two dollar limitation amounts listed above, there are two other types of gifts that can be excluded from the gift tax, regardless of the amount given:

(1) Amounts paid by one individual on behalf of another individual directly to a qualifying educational organization as tuition for that other individual.

(2) Amounts paid by one individual on behalf of another individual directly to a provider of medical care as payment for that medical care. Payments for medical insurance qualify for this exclusion.

Gifts of Capital Assets – Sometimes a gift might be in the form of securities, real estate, or other items that have appreciated in value. In these situations, the gift value is the item's fair market value at the time of the gift. However, when the recipient of the gift sells that asset, he or she will measure his or her gain from the giver's tax basis. For example, a parent gifts 100 shares of XYZ, Inc., worth $9,000 to his or her child. If the parent originally paid $5,000 for the shares and if the child sold the shares for $9,000, the child (the recipient) would be liable for the tax on the $4,000 gain. In effect, the parent (giver) transferred the taxable gain in the stock to the child. This can be beneficial from a tax standpoint if the child is in a lower tax bracket than the parent and isn't subject to the “kiddie tax” rules that tax the child's income at the parent's tax rate.

Gift-Splitting by Married Taxpayers - If the gift-giver is married and both spouses are in agreement, gifts to recipients made during a year can be treated as split between the husband and wife, even if the cash or property gift was made by only one of them. Thus, by using this technique, a married couple can give $26,000 in 2012 to each recipient under the annual limitation discussed previously.

If you have additional questions or would like this office to assist you in planning an appropriate gifting strategy, please give us a call.

Monday, October 22, 2012

WEEKEND VULNERABILITY AND PATCH REPORT

October 21, 2012

The following software vulnerabilities and updates were announced last week. Citadel Information Group strongly recommends that readers update their computers and take other action as indicated. This is from a e-mail received from Stan Stahl, Ph.D. [www.citadel-information.com].

Important Security Updates

Adobe Reader: Adobe has released version 11.0, which can be downloaded from Adobe's website.

Apple Mac OS X for Java: Apple has released an update to Java for Mac OS X to fix at least 20 vulnerabilities, some of which are highly critical. Update to Java Mac OS X 10.6 Update 11, which can be downloaded from Apple's website.

Oracle Java: Oracle has released an update to Java to fix at least 30 vulnerabilities, some of which are highly critical. Update to Java SE 7 Update 09, which can be downloaded from Oracle's website.See Citadel recommendation below.

Current Software Versions

Adobe Flash 11.4.402.287 [Windows: Internet Explorer, Firefox, Mozilla, Netscape, Opera, Safari]

Adobe Flash 11.4.402.287 [Mac OS X: Firefox, Opera, Safari]

Adobe Reader 11.0 [Warning; see below]

Apple QuickTime 7.7.2

Apple Safari 5.1.7 [Warning; see below]

Google Chrome 22.0.1229.94

Internet Explorer 9.0.8112.16421

Java SE 7 Update 09 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have particular web sites that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser - such as Chrome, IE9, Safari, etc - with Java enabled to browse only the sites that requires it.]

Mozilla Firefox 16.0.1

Newly Announced Unpatched Vulnerabilities

None

For Your IT Department

McAfee Firewall Enterprise: Secunia reports an unpatched moderately critical vulnerability in McAfee's Firewall Enterprise. Update to version 8.2.1P06 or 8.3.0P02 when available.

McAfee Firewall Enterprise: McAfee has released an update to its Firewall Enterprise to fix a moderately critical vulnerability. Update to version 7.0.1.03H06.

Oracle: Oracle has released many patches and updates to fix various vulnerabilities, many of which are highly critical, within its products. Check your devices and update as necessary.

Important Unpatched Vulnerabilities

Android Browser: Secunia reports a less critical vulnerability in the Android browser that can be exploited to trick a user into believing he is connected to a trusted site by including the trusted site in an iframe. The vulnerability is confirmed in Browser version 2.3.3 included in Android version 2.3.3 and Browser version 3.2 included in Android version 3.2. Other versions may also be affected. Users are cautioned to not rely on displayed certificate information. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, December 25, 2011.

ACD Systems Canvas: Secunia reports at least 13 highly critical unpatched vulnerabilities in ACD Systems Canvas version 14. See Weekend Vulnerability and Patch Report, August 5, 2012.

ACDSee 14.x: Secunia reports a highly critical unpatched vulnerability in ACDSee. See Weekend Vulnerability and Patch Report, February 19, 2012.

ACDSee Photo: Several highly critical unpatched vulnerabilities have been identified in various ACDSee photo products. Vulnerabilities have been identified in FotoSlate, Photo Editor 2008, and Picture Frame Manager. See Weekend Vulnerability and Patch Report, June 12, 2011. See also Weekend Vulnerability and Patch Report, September 18, 2011 where we alerted readers to a second vulnerability in FotoSlate.

ACD Systems Canvas CorelDRAW: A highly critical unpatched vulnerability has been found in ACD Systems Canvas which can be exploited by malicious people to compromise a user's system.. See Weekend Vulnerability and Patch Report, July 31, 2011.

If you are responsible for the security of your computer, our weekly report is for you. We strongly urge you to take action to keep your workstation patched and updated.

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.

Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that "exploit" vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer's computers.

John Ellis CPA at the John Ellis Company