John Ellis CPA at the John Ellis Company: January 2013

Monday, January 28, 2013

WEEKEND SOFTWARE VULNERABILITY AND PATCH REPORT

January 27, 2013

The following software vulnerabilities and updates were announced by Citadel Information Group. They strongly recommend that readers update their computers and take other action as indicated. This is from an e-mail received from Stan Stahl, Ph.D. [www.citadel-information.com] and posted with his approval.

Imporant Security Updates

Google Chrome: Google has released Chrome, version 24.0.1312.56. to fix at least 5 highly critical vulnerabilities. Updates are available through the program or from Chrome's website.

Linksys WRT54GL Wireless Router: Linksys has released and update to its WRT54GL Wireless Router. Update to firmware version 4.30.16 by downloading from the Linksys website.

Current Software Versions

Adobe Flash 11.5.502.146 [Windows 7: IE9, Firefox, Mozilla, Netscape, Opera]

Adobe Flash 11.3.378.5 [Windows 8: IE]

Adobe Flash 11.5.502.146 [Macintosh OS X: Firefox, Opera, Safari]

Adobe Reader 11.0.01

Dropbox 1.6.11 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]

Firefox 18.0.1 [Windows]

Google Chrome 24.0.1312.56

Internet Explorer 9.0.8112.16421 [Windows 7: IE], [See warning below]

Internet Explorer 10.0.9200.16466 [Windows 8: IE]

Java SE 7 Update 11 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have particular web sites that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser - such as Chrome, IE9, Safari, etc - with Java enabled to browse only the sites that require it.]

QuickTime 7.7.3 (1680.64)

Safari 5.1.7 [Windows, See warning below]

Safari 6.0.2 [Mac OS X]

Skype 6.1.0.129

For Your IT Department

Cisco Wireless LAN Controllers: Secunia reports vulnerabilities in multiple Cisco Wireless LAN Controllers. Apply applicable updates.

Google Web Toolkit: Secunia reports a vulnerability in Google's Web Toolkit. Update to version 2.5 GA.

PDF-XChange Viewer: Secunia reports a highly critical vulnerability in PDF-XChange Viewer. Update to version 2.5 Build 208.0.

Sourcefire Snort: Secunia reports a moderately critical vulnerability in Sourcefire's Snort. Update Snort rules to a version released on 2013-01-17 or later.

WordPress: Secunia reports at least 37 moderately critical vulnerabilities in WordPress. Update to version 3.5.1. There are also plugin vulnerabilities for updates.

Important Unpatched Vulnerabilities

Android Browser: Secunia reports a less critical vulnerability in the Android browser that can be exploited to trick a user into believing he is connected to a trusted site by including the trusted site in an iframe. The vulnerability is confirmed in Browser version 2.3.3 included in Android version 2.3.3 and Browser version 3.2 included in Android version 3.2. Other versions may also be affected. Users are cautioned to not rely on displayed certificate information. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, December 25, 2011.

AOL downloadUpdater2 Firefox Plugin: Secunia reports a highly critical vulnerability in version 1.3.0.0. Other versions may also be affected. No solution is currently available. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, August 12, 2012.

Apple Safari for Windows: Secunia reports a moderately critical vulnerability in Apple's Safari version 5.1.2 (7534.52.7) on Windows using the RealPlayer and Adobe Flash plug-ins. Other versions may also be affected. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, March 11, 2012.

Apple Safari for Windows: Secunia reports a non-critical unpatched vulnerability in Safari 5.1.2. Other versions may also be affected. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, December 25, 2011.

CA ARCserve Backup: Secunia reports a less critical vulnerability in CA's ARCserver Backup in versions 12.0, 12.5, 15, and 16. CA provides a partial fix solution and advises updating to a fixed version. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, March 25, 2012.

HTC Mobile Devices: The security vulnerability in the default Twitter application (Peep) in HTC products remain unpatched. Readers should refrain from using the default Twitter application (Peep). We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, February 11, 2011.

HTC Touch2: The highly critical 0-day vulnerability in the HTC Touch2 VideoPlayer remains unpatched. Users are advised to not open files from untrusted sources. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, December 18, 2011.

McAfee SaaS: The highly critical vulnerability in McAfee SaaS Endpoint Protection remains unpatched. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, January 22, 2012.

Microsoft Windows XP: A less-critical security vulnerability has been found in Windows XP which can be exploited by malicious, local users to disclose potentially sensitive information or cause a DoS (Denial of Service). No patch is available at this time. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, August 7, 2011.

Microsoft Word: A highly critical vulnerability has been found in Microsoft Word XP and 2002. No patch is available at this time. Readers should refrain from opening untrusted files in these earlier versions of Word. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, June 19, 2011.

Microsoft Reader: The highly critical vulnerability in Microsoft Reader, versions 2.x, remains unpatched. Readers should refrain from opening untrusted files in Reader. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, April 15, 2011.

PDF-Pro: Several highly critical vulnerabilities in PDF-Pro, a popular alternative to Adobe Acrobat, remain unpatched. Readers should refrain from opening untrusted files in PDF-Pro. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, March 4, 2011.

Quick View Plus CorelDRAW: A highly critical vulnerability has been found in Quick View Plus which can be exploited by malicious people to compromise a user's system. Users should not view untrusted CDR files in Quick View Plus. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, July 31, 2011.

Samsung / Dell Printers: Secunia reports a moderately critical security issue in Samsung's ML-2580 and ML-4050 Monochrome Laser Printers and Dell's 2145cn and 2335dn Multifunction Printers. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, December 2, 2012.

Samsung Galaxy S III: Secunia reports two highly critical vulnerabilities in the Galaxy S3 device. We first alerted readers tothis vulnerability in Weekend Vulnerability and Patch Report, October 14, 2012.

Symantec pcAnywhere: As we reported in our Cyber Security News of the Week, January 29, 2012, Symantec has confirmed that the hacker group Anonymous stole source code from the 2006 versions of several Norton security products and the pcAnywhere remote access tool. Symantec has advised users to disable pcAnywhere because of the theft of the pcAnywhere source code.

VLC Media Player: As we reported in our Cyber Security News of the Week, December 16, 2012, Secunia reports a highly critical vulnerability in the VLC Media Player. No patch is available at this time.

ACD Systems: Citadel recommends users remove all ACD Systems programs from their computers. ACD Systems has failed to patch significant critical vulnerabilities in their programs dating back more than a year. Consequently Citadel recommends users remove all ACD Systems programs from their computers until the company fixes these vulnerabilities and pays proper attention to the implications of their security vulnerabilities in opening doors to cyber criminals . The community cannot tolerate a head-in-the-sand attitude, whether by developers or the people who purchase and use their programs. The consequences of willful ignorance are too grave.

ACD Systems Canvas: Secunia reports at least 13 highly critical unpatched vulnerabilities in ACD Systems Canvas version 14. See Weekend Vulnerability and Patch Report, August 5, 2012.
ACDSee 14.x: Secunia reports a highly critical unpatched vulnerability in ACDSee. See Weekend Vulnerability and Patch Report, February 19, 2012.
ACDSee Photo: Several highly critical unpatched vulnerabilities have been identified in various ACDSee photo products. Vulnerabilities have been identified in FotoSlate, Photo Editor 2008, and Picture Frame Manager. See Weekend Vulnerability and Patch Report, June 12, 2011. See also Weekend Vulnerability and Patch Report, September 18, 2011 where we alerted readers to a second vulnerability in FotoSlate.
ACD Systems Canvas CorelDRAW: A highly critical unpatched vulnerability has been found in ACD Systems Canvas which can be exploited by malicious people to compromise a user's system.. See Weekend Vulnerability and Patch Report, July 31, 2011.

If you are responsible for the security of your computer, our weekly report is for you. We strongly urge you to take action to keep your workstation patched and updated.

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.

Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that "exploit" vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer's computers.

Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week's important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.

Thursday, January 24, 2013

Prepared for the New Surtax?

As part of Obama Care, we have a new tax beginning in 2013. The official name of this tax is the “Unearned Income Medicare Contribution Tax,” and even though the name implies it is a contribution, don't get the idea you deduct it as a charitable contribution. It is, in actuality, a surtax levied on the net investment income of higher-income taxpayers.

The surtax is 3.8% on the lesser of your net investment income or the excess of your modified adjusted gross income (MAGI) over a threshold based on your filing status. MAGI is your regular AGI increased by income excluded for working out of the country; net investment income is your investment income reduced by investment expenses.

The filing status threshold amounts are:

· $250,000 for married taxpayers filing jointly and surviving spouses.

· $125,000 for married taxpayers filing separately.

· $200,000 for single and head of household filers.

Example - A single taxpayer has net investment income of $100,000 and MAGI of $220,000. The taxpayer would pay a Medicare contribution tax only on the $20,000 amount by which his MAGI exceeds his threshold amount of $200,000, because that is less than his net investment income of $100,000. Thus, the taxpayer's Medicare contribution tax would be $760 ($20,000 × 3.8%).

Investment income includes:

· Interest, dividends, annuities (but not distributions from IRAs or qualified retirement plans), and royalties,

· Rents (other than derived from a trade or business),

· Capital gains (other than derived from a trade or business),

· Home sale gain in excess of the allowable home gain exclusion,

· Your child's investment income in excess of the excludable threshold if, when eligible, you elect to include your child's investment income on your return,

· Trade or business income that is a Sec. 469 passive activity with respect to the taxpayer, and

· Trade or business income with respect to trading financial instruments or commodities.

Planning Note: for surtax purposes, gross income doesn't include interest on tax-exempt bonds. Thus, one can avoid the net investment income surtax by investing in tax-exempt bonds.

Investment expenses include:

· Investment interest expense,

· Investment advisory and brokerage fees,

· Expenses related to rental and royalty income, and

· State and local income taxes properly allocable to items included in Net Investment Income.

Do you think you will never get hit with this tax because your income is way under the threshold amounts? Don't be so sure. When you sell your home, the gain is a capital gain, and to the extent that the gain is not excludable using the home gain exclusion, it will add to your income, and possibly push you above the taxation thresholds. And, since capital gains are investment income, you might be in for a surprise. The same holds true for gains from selling stock and a second home. So when planning to sell a capital asset, be sure to consider the impact of this new surtax.

The surtax also applies to undistributed net investment income of trusts and estates, and there are special rules applying to the sale of partnership and Sub-S Corporation interests.

If this surtax will apply to you in 2013, you may need to increase your income tax withholding or estimated tax payments to cover the additional tax so you can avoid or minimize an underpayment of estimated tax penalty when you file your 2013 return.

If you have questions about this new tax or wish to do some related tax planning, please give this office a call.

Monday, January 21, 2013

WEEKEND VULNERABILITY AND PATCH REPORT

January 20, 2013

Important Security Updates

Blackberry Tablet OS: Blackberry has released version 2.1.0.1088 of its OS to correct at least 8 highly critical vulnerabilities. The update is available through Blackberry's website.

Foxit PDF-Reader Plugin For Browsers: Foxit has released version 5.4.5 to fix a highly critical vulnerability in the Foxit Reader plugin. The update is available from within Reader; go to "Check for Updates Now" from Reader "Help" menu.

Microsoft Internet Explorer: Microsoft has released a patch for Internet Explorer versions 6 - 8 to fix the highly critical 0-day vulnerability reported by Krebsonsecurity and others. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, January 6, 2013.

Mozilla Firefox: Mozilla has released an update to its Firefox browser. Update to version 18.0.1 from within the program.

Java SE 7 Update 11: Oracle has updated Java to correct a highly critical vulnerability. However, cybercriminals are already actively exploiting a newly identified vulnerability in update 11. US-CERT, Citadel, KrebsOnSecurity.com, and several other sites are warning users about Java, recommending they disable it. Citadel has long recommended users disable Java.

Current Software Versions

Adobe Flash 11.5.502.146 [Windows 7: IE9, Firefox, Mozilla, Netscape, Opera]

Adobe Flash 11.3.378.5 [Windows 8: IE]

Adobe Flash 11.5.502.146 [Macintosh OS X: Firefox, Opera, Safari]

Adobe Reader 11.0.01

Firefox 18.0.1 [Windows]

Google Chrome 24.0.1312.52

Internet Explorer 9.0.8112.16421 [Windows 7: IE], [See warning below]

Internet Explorer 10.0.9200.16466 [Windows 8: IE]

QuickTime 7.7.3 (1680.64)

Safari 5.1.7 [Windows, See warning below]

Safari 6.0.2 [Mac OS X]

Skype 6.1.0.129

For Your IT Department

Barracuda Web Application Firewall: Secunia reports a vulnerability in Barracuda's Web Application Firewall. Update to version 7.7.

Cisco ASA 1000V Cloud Firewall: Secunia reports a moderately critical vulnerability in Cisco's ASA 1000V Cloud Firewall. Update to version 8.7.1.3.

Novell eDirectory: Threatpost reports that Novell has fixed a vulnerability in Novell's eDirectory.

Oracle: US-CERT reports that Oracle has released its critical patch update for January 2013 to fix 86 vulnerabilities, some of which are highly critical, across multiple products.

SonicWall Multiple Products: Secunia reports moderately critical vulnerabilities in several SonicWall products. Apply hotfixes where applicable.

Important Unpatched Vulnerabilities

Samsung Galaxy S III: Secunia reports two highly critical vulnerabilities in the Galaxy S3 device. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, October 14, 2012.

ACD Systems Canvas: Secunia reports at least 13 highly critical unpatched vulnerabilities in ACD Systems Canvas version 14. See Weekend Vulnerability and Patch Report, August 5, 2012.
ACDSee 14.x: Secunia reports a highly critical unpatched vulnerability in ACDSee. See Weekend Vulnerability and Patch Report, February 19, 2012.
ACDSee Photo: Several highly critical unpatched vulnerabilities have been identified in various ACDSee photo products. Vulnerabilities have been identified in FotoSlate, Photo Editor 2008, and Picture Frame Manager. See Weekend Vulnerability and Patch Report, June 12, 2011. See also Weekend Vulnerability and Patch Report, September 18, 2011 where we alerted readers to a second vulnerability in FotoSlate.
ACD Systems Canvas CorelDRAW: A highly critical unpatched vulnerability has been found in ACD Systems Canvas which can be exploited by malicious people to compromise a user's system.. See Weekend Vulnerability and Patch Report, July 31, 2011.

If you are responsible for the security of your computer, our weekly report is for you. We strongly urge you to take action to keep your workstation patched and updated.

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.

Monday, January 14, 2013

WEEKEND VULNERABILITY AND PATCH REPORT

January 13, 2013

Imprtant Security Updates

Adobe AIR: Adobe has released AIR version 3.5.0.1060 to correct multiple vulnerabilities, several of which are highly critical. The most recent update is available from Adobe's website.

Adobe Flash: Adobe has released versions for Flash for both Windows 7 and 8 to correct multiple vulnerabilities, several of which are highly critical. Current versions for various platforms are listed below. The updates are available through Adobe's website.

Adobe Acrobat and Reader: Adobe has released version 11.0.01 for Reader and Acrobat to fix at least 27 highly critical vulnerabilities. The update fixes several previously unpatched vulnerabilities that we first alerted readers to in Weekend Vulnerability and Patch Report, August 19, 2012. The update is available through Adobe's website.

Google Chrome: Google has released Chrome, version 24.0.1312.52. to fix more than 20 vulnerabilities in earlier versions. Many of these vulnerabilities are highly critical. Updates are available through the program or from Chrome's website.

Microsoft Patch Tuesday: Microsoft released seven patches addressing at least a dozen security vulnerabilities, many of them highly critical. Unfortunately it failed to patch the critical 0-day vulnerability in Internet Explorer. Updates are available through the Windows Control Panel.

Mozilla Firefox / Thunderbird / Sea Monkey: Mozilla has updated these programs to fix more than 25 vulnerabilities, many of them highly critical. Updates are available from within the program.

Skype: Skype has released version 6.1.0.129. No other information is available. The update is available from Skype's website.

Current Software Versions

Adobe Flash 11.5.502.146 [Windows 7: IE9, Firefox, Mozilla, Netscape, Opera]

Adobe Flash 11.3.378.5 [Windows 8: IE]

Adobe Flash 11.5.502.146 [Macintosh OS X: Firefox, Opera, Safari]

Adobe Reader 11.0.01

Firefox 18.0 [Windows]

Google Chrome 24.0.1312.52

Internet Explorer 9.0.8112.16421 [See warning below]

Java SE 7 Update 10 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have particular web sites that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser - such as Chrome, IE9, Safari, etc - with Java enabled to browse only the sites that require it.]

QuickTime 7.7.3 (1680.64)

Safari 5.1.7 [Windows, See warning below]

Safari 6.0.2 [Mac OS X]

Skype 6.1.0.129

Newly Announced Unpatched Vulnerabilities

Foxit PDF-Reader Plugin For Browsers: Secunia reports a highly critical vulnerability in the Foxit Reader plugin. The vulnerability is confirmed in version 5.4.4.1128. Other versions may also be affected.No patch is available at this time.

Java: US-CERT and several other sites are warning users about a newly discovered highly critical 0-day vulnerability in Java 7 Update 10 and earlier versions that is being actively exploited by cyber criminals. US-CERT recommends users disable Java. Citadel tweeted this story on January 11. We have long recommended users uninstall or disable Java.

For Your IT Department

Symantec PGP Whole Disk Encryption: Secunia reports an unpatched vulnerability in Symantec's PGP full disk encryption product. No patch is available at this time. The vulnerability is reported in version 10.2.0 Build 2599 running on Windows XP and Windows Server 2003. Other versions may also be affected.

Web Content Management Systems: In light of recent increases in the exploitation of known vulnerabilities in web content management systems (CMSs) such as WordPress and Joomla, US-Cert has updated its bulletin of September 1, 2012. The current update emphasizes post-exploitation clean-up.

Important Unpatched Vulnerabilities

Microsoft Internet Explorer: The highly critical o-day vulnerability reported by Krebsonsecurity and others remains unpatched. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, January 6, 2013.

Samsung Galaxy S III: Secunia reports two highly critical vulnerabilities in the Galaxy S3 device. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, October 14, 2012.

ACD Systems Canvas: Secunia reports at least 13 highly critical unpatched vulnerabilities in ACD Systems Canvas version 14. See Weekend Vulnerability and Patch Report, August 5, 2012.
ACDSee 14.x: Secunia reports a highly critical unpatched vulnerability in ACDSee. See Weekend Vulnerability and Patch Report, February 19, 2012.
ACDSee Photo: Several highly critical unpatched vulnerabilities have been identified in various ACDSee photo products. Vulnerabilities have been identified in FotoSlate, Photo Editor 2008, and Picture Frame Manager. See Weekend Vulnerability and Patch Report, June 12, 2011. See also Weekend Vulnerability and Patch Report, September 18, 2011 where we alerted readers to a second vulnerability in FotoSlate.
ACD Systems Canvas CorelDRAW: A highly critical unpatched vulnerability has been found in ACD Systems Canvas which can be exploited by malicious people to compromise a user's system.. See Weekend Vulnerability and Patch Report, July 31, 2011.

If you are responsible for the security of your computer, our weekly report is for you. We strongly urge you to take action to keep your workstation patched and updated.

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.

John Ellis CPA at the John Ellis Company

Monday, January 28, 2013

Imporant Security Updates

Current Software Versions

For Your IT Department

Important Unpatched Vulnerabilities

Thursday, January 24, 2013

Monday, January 21, 2013

Important Security Updates

Current Software Versions

For Your IT Department

Important Unpatched Vulnerabilities

Monday, January 14, 2013

Imprtant Security Updates

Current Software Versions

Newly Announced Unpatched Vulnerabilities

For Your IT Department

Important Unpatched Vulnerabilities

8 hour New York Gold Chart [$US Dollar price per ounce]

Oil Price Dashboard

Blog Archive

About The John Ellis Company

Followers