Microsoft Releases Updates to Correct over 19 Windows Vulnerabilities

Microsoft has released security updates to correct over 19 vulnerabilities that affect all current versions of Windows. When exploited, the vulnerabilities affect different versions of Windows in various ways, the worst being enabling an attacker to gain complete control of a user’s machine.

Two days after the updates were originally released, it was reported that some Windows users could not completely boot their computers after applying one of the updates and instead would get a “Blue Screen of Death” (BSOD), an error screen that comes up for diagnostic purposes after the machine experiences a critical system error and also shuts down the machine to prevent damage. Since then, Microsoft has researched the issue and verified that only machines infected with malware called Alureon Rootkit were encountering the BSOD, and that the updates successfully install on machines uninfected by this malware.

3D Corporation is testing and deploying patches on the networks of 3DProActive™ Managed and Partner clients to eliminate risks posed by these vulnerabilities. These clients should not encounter the BSOD as their networks are constantly monitored, audited and kept up-to-date to quickly detect and prevent potential infection. Other Windows users should be able to install these patches safely as long as their machines are not infected with this malware. More information on this issue can be found at the Microsoft Security Response Center website as well as in Microsoft Security Bulletin MS10-015 - Important.

3D provides businesses with solutions that detect and remedy Alureon Rootkit and countless other types of malware to keep networks safe and secure. To find out how 3D can make your network worry-free, visit our website at http://www.3dcorp.us/, email us at info@3dcorp.us, or call our office at (360) 671-4906.

References: WatchGuard's LiveSecurity Service Update "Update 2: 11 Windows Patches, 5 Rated Critical," Microsoft Security Bulletin MS10-015 - Important, Microsoft Security Center Update “Restart Issues After Installing MS10-015 and the Alureon Rootkit”

Why Comply with PCI?

Attack strategies of hackers are always evolving. Consequently, the frequency and severity of data security breaches steadily increase, often leading to brutal and even fatal consequences for businesses. Credit card data is a popular target, shown in the growing number of merchants that have experienced a breach in client cardholder data in recent history. Even the data security systems of large, well-known enterprises do not seem to daunt credit card-hungry hackers as Walmart, DSW, Polo Ralph Lauren and many others have experienced breaches. Luckily, these large businesses often have the expertise and resources available to recover from the long list of costs a breach could incur—legal counsel, negative publicity, identity theft protection for customers, reduced customer loyalty, and the list goes on. For some businesses, however, even one instance of cardholder data theft could be so debilitating that they may never recover.

Due to the seriousness of the consequences associated with credit card data theft and the increasing deftness of data thieves, the Payment Card Industry Data Security Standard (PCI DSS) was formed to implement a set of requirements designed to ensure businesses are processing and storing credit card information in a secure manner. Although often misconceived as government regulations, the PCI DSS mandates were created by the major payment card brands (VISA, MasterCard, American Express, Discover and JCB) and apply to all businesses and organizations that process and store credit card data, regardless of business size, type or number of transactions. Businesses deemed non-compliant after an audit may be charged hefty fines and, in some cases, eventually lose card processing privileges altogether.

Consider a few shocking statistics on the potential consequences for businesses associated with credit card data theft:

• A 2008 study by the Ponemon Institute, an organization that researches information security policy and data protection, found that businesses lose 31% of their customers after a breach of credit card data.
  
• The same 2008 study by the Ponemon Institute reports the total cost of a data breach currently averages at $202 per record. Based upon this statistic, if a business has 100 credit card records on file, for example, a single data breach could cost a business over $20,000.


• A study conducted the following year found that 71% of the companies surveyed do not put PCI compliance as part of their corporate strategy and 79% had experienced at least one data breach.

The costs involved in creating a secure environment for credit card data or client data in general often dissuade businesses from taking the necessary steps to become PCI DSS compliant, but be assured that the costs of non-compliance and potential security breaches are radically greater. 3D offers affordable technologies and expertise that, when implemented, not only enable businesses to meet PCI DSS requirements, but also improve the security of their entire network. Network monitoring, SafetyNet Alerting™, firewall and content filtering appliances, patch management and event reporting are some of the services 3D provides to create the secure environment that PCI requires and clients deserve. These security solutions also create a best practices operating environment that provides businesses with ongoing benefits during normal business operations in addition to mitigating the risk of a data breach. The potential for downtime and service costs for businesses decrease as security threats in general are prevented and quickly resolved as a result of implementing ongoing network security services.

If you are unsure whether your business is meeting PCI DSS requirements, contact your Merchant Services Provider, who can help you determine if your business is compliant or if you need to make technology enhancements to increase the security of your data. 3D can assist your business in making these security enhancements, which will also improve the overall security of your network. For more information on the security solutions 3D can provide your business, visit our website at http://www.3dcorp.us/, email us at info@3dcorp.us, or call us at (360) 671-4906. Additional useful tools and information regarding PCI compliance can be found at the websites of our references below.

References: PCI Security Standards Council™; WatchGuard PCI Compliance Tools; PCI Compliance Guide; Ponemon Institute PCI DSS Compliance Study 2009

Network Engineer Mike McGlothern achieves Cisco SMB Specialization for Engineers

3D Corporation announces Mike McGlothern, 3D Network Engineer & Help Desk Lead, has earned Cisco SMB Specialization for Engineers, further enhancing the company’s range of professional certifications.

Cisco Systems, Inc., a corporation that designs and sells business electronics, networking and communications technologies, awards SMB Specialization to network engineers that exhibit the skills required to successfully design and deploy Cisco solutions for small and medium-sized businesses (SMB). McGlothern constantly employs these competencies when identifying the technology needs of 3D’s clients and recommending products and services to fulfill those needs.

SMB Specialization for Engineers adds to McGlothern’s impressive array of existing certifications including Cisco Certified Network Associate, Design Associate, and Information Security Specialist; Microsoft Certified Systems Administrator; several CompTIA certifications, and many others. Other members of the 3D engineering team also hold certifications in Microsoft, Cisco, WatchGuard and other technologies that recognize their expertise in using these products to provide businesses with reliable network management and support.

“This certification adds to our wide range of skill sets that help us serve our diverse client base more effectively,” remarks Chris McCoy, 3D’s Technical Manager. “By maintaining experts with a wide array of technology skills, we're able to select and apply appropriate technology solutions where they are most needed.”

To learn more about how certifications like these provide value to our clients, call us at (360) 671-4906, email us at info@3dcorp.us, or visit our website at http://www.3dcorp.us/.