Apple Releases Security Updates to Fix Almost 100 Vulnerabilities in OS X

Our Internet security solution provider WatchGuard has recently issued a high severity alert regarding over 90 security issues in all current versions of OS X. According to WatchGuard, attackers exploit these flaws by enticing users into visiting malicious websites or downloading and viewing various malicious media files, which could ultimately allow the attacker to gain full control of the user’s computer.

WatchGuard strongly recommends users apply the security updates released by Apple to fix these vulnerabilities as well as to install the Safari update that Apple released earlier this month (if users haven’t already done so). More information and instructions on how to apply these updates can be found in Apple’s OS X 10.5.x and 10.6.x alert.

To read more about security threats to Macs, please refer to our previous blog posts entitled Don't Be Lulled into a False Sense of Security, Apple Releases Security Update to Fix Critical Vulnerabilities in OS X, and Apple Releases Security Updates to Fix OS X Vulnerabilities.

If you would like additional information on WatchGuard and other security solutions provided by 3D, visit our website at http://www.3dcorp.us/, email us at info@3dcorp.us, or call us at (360) 671-4906.

References: WatchGuard’s LiveSecurity Service Update “Huge OS X Update Fixes Almost 100 Security Flaws,” Apple's OS X 10.5.x and 10.6.x alert

SSL Certificates: What They Are, Why They're Important and How They Benefit Your Business

Online security is paramount as users come to rely on the Internet for many of their business and/or personal functions and activities. Numerous consumers now utilize the Internet for their online banking, shopping and other tasks that require them to send out personal information over the web. Businesses, too, often transmit confidential information as they become increasingly mobile and require remote access to their networks. In doing so, consumers and businesses alike need to be assured that the site(s) they are visiting are secure and their transmitted information is protected with an SSL Certificate.

What is an SSL Certificate?

An SSL (Secure Sockets Layer) Certificate is a digital computer file that has two specific functions:

1. Authentication and Verification: The SSL Certificate has information about the authenticity of certain details regarding the identity of a person, business or website, which the certificate displays to site visitors when they click on the lock located on the top or bottom of the Internet Browser (depending which browser you are using).
2. Encryption: The SSL Certificate also enables encryption, which means that the information exchanged via the website cannot be intercepted or read by anyone other than the person for whom it is intended.

An SSL Certificate is most reliable when issued by a known Certificate Authority (CA). The CA has to follow very strict rules and policies about who may or may not receive a SSL Certificate. In other words, when a business has a valid SSL Certificate from a trusted CA, it implies a higher degree of trust.

Why is an SSL Certificate important?

An SSL Certificate is important because it provides a secure means of transmitting information. Some examples of its uses are:

• Securing communication between your website and your customer’s Internet browser.
  
• Securing internal communications on your Corporate Intranet.
  
• Securing email communications sent to and from your network (or private email address).
  
• Securing information between servers (both internal and external).
  
• Securing information sent and received via mobile devices.

Typically, a business would need an SSL Certificate if:

• You have an online store or accept online orders and credit cards
  
• You offer a login or sign-in function on your site.
  
• You process sensitive data such as addresses, birth dates, license numbers, ID numbers, etc.
  
• You need to comply with privacy and security requirements, such as the PCI security standards.
  
• You value privacy and want to ensure customers feel their personal information is safe when purchasing a product or receiving a service from your website.

A business should also obtain an SSL Certificate even if it does not perform online transactions in order to maintain secure internal and external network communications. For example, when accessing a web site via a service such as Outlook Web Access, confidential information including logon, password and private emails will be encrypted thus providing a more secure transmission. The SSL Certificate also removes warnings and error messages that may prove confusing or deter a user from accessing the site.

In fact, new Microsoft products such as Exchange Server 2007, Office Communications Server, etc. require a valid SSL certificate for internal access, as well as external services. Moreover, for the business on-the-go that requires mobile access, various SmartPhones will not sync with a server properly unless there is a valid public SSL certificate.

What are the benefits of an SSL Certificate?

Two key benefits of an SSL Certificate are consumer trust and confidence. Success on the internet depends on gaining the trust of online visitors/customers. When a Web site is secured with a SSL Certificate, you create a sense of confidence in your business and enhance the level of visitors’ trust by ensuring their private information is kept safe.

In addition, an SSL certificate benefits a business by guaranteeing its authenticity and removing any warnings that may arise when accessing services such as Outlook Web Access. The user is assured that they are on the right site and that their communications will be safe.

There are various types of SSL Certificates available on the market today. 3D has several options available for our clients and we can assist you in selecting the right one that meets your business needs.

For more information on SSL certificates or additional network security solutions that 3D can provide your business, please visit our website at http://www.3dcorp.us/, email us at info@3dcorp.us, or call us at (360) 671-4906.

References: “Beginners Guide to Digital SSL Certificates”, VeriSign; “Secure Sockets Layer (SSL): How It Works”, VeriSign; Comodo Positive SSL

Meet Team 3D: Gail Gromaski, Marketing Manager

Our Marketing Manager, Gail Gromaski, often brings you insight into our 3D world by introducing you to our team. Now it’s time to get to know Gail! We will turn the tables on her by asking her the same tough questions she uses when interviewing for this piece. Let’s sit down with Gail as she talks to Christina Brillowsky, the Marketing Assistant, about her life and experience at 3D Corporation.

1. [Christina] First of all, where are you originally from?
[Gail] I’m originally from Coopersville, Michigan, a small town about 20 minutes from the beautiful shores of Lake Michigan.

2. Where did you previously work and study, and for how long?
I graduated from Aquinas College in Grand Rapids, Michigan, with a Bachelor’s Degree in International Business coupled with a major in German for additional flair. I spent the year after graduation in Innsbruck, Austria, teaching English to high school students on a Fulbright Scholarship. However, my true entry into the real world began with a position as a Marketing Assistant at a company in Cincinnati that sells remote controls for industrial equipment like cranes, bulldozers, concrete pumps, etc. I worked there for 2 years before moving to the Pacific Northwest.

3. How did you come to work at 3D, and how long have you worked here?
Obtaining my position at 3D eight months ago was nothing less than a miracle. I had no intentions to move to this part of North America or anywhere else until I fell in love with a Canuck I met through work (his company is the Canadian partner of my former employer in Cincinnati). About a year ago, I moved across the continent to live with him in BC. Since we only live about 2 miles from the US-Canadian border and I was not yet eligible to work in Canada, I applied for jobs in Washington to try to find somewhere to work while going through the Canadian immigration process. I never really expected to obtain a job in Washington due to the poor US economy, the lack of jobs in my field, and the fact that I live in another country, but after a few months of sending out resumes, I got an email from 3D’s CFO, John Jaworski, inviting me for an interview, and the rest is history.

4. Why did you want to work at 3D?
Besides not wanting to sit at home with my cat all day while waiting for the Canadian government to decide whether or not they liked me, the position 3D was offering seemed like the perfect next step in my career as a marketing professional. While my previous position focused more on trade show exhibit management and marketing our products B2B nationwide, my position at 3D focuses on marketing our services to local companies, something that requires a whole new mindset when communicating to clients. This helps me enhance my skills and grow in my field.

5. What were your expectations in coming to work at 3D, and were they fulfilled?
I could tell from the interviews I had with Dave [3D’s CEO] and John [3D’s CFO] that these were people I could work for as they appeared to already greatly value the input I was giving them on how to move forward with their company’s marketing. They also seemed very open-minded, respectful and team-oriented, all qualities that I greatly value in the people I work for. My expectations were more than fulfilled as the rest of 3D’s employees exhibited these qualities as well, which was incredibly refreshing for me. Everyone here seems to support each other, no matter how different their jobs are or how busy they may already be.

6. What do you do as a Marketing Manager, and do you wear any other hats at 3D?
My job is to communicate the value of our services to potential clients in our target market, also known as “lead generation.” I use several methods to do this including website management, creating and placing ads in local publications, creating literature on our services, sending out press releases, maintaining our blog, etc. I also work to ensure our Business Analysts have the information and tools they need to communicate our services to new leads and current clients. In terms of other hats, I provide help coordinating projects in which our engineers install new network infrastructures, servers, firewalls, etc. Even though project coordination has been challenging, it’s also kind of fun as I feel as though I’m part of something big.

7. What is your favorite thing about working at 3D?
I apologize for the cliché, but if you look up the word “team” in the dictionary, you would see a picture of 3D’s employees right beside the definition. I was completely floored when I started getting extensive input on my marketing materials from not just Dave and the client services team, but also the network engineers and help desk administrators who typically have no involvement in what I do. After working here for awhile, some were even thanking me for what I was doing for the company. Supporting other members of our team, no matter who they are, shows that 3D’s employees care a great deal about each other, our clients, and the overall success of our company.

8. What do you think are your biggest strengths, and how do you think they contribute to your work at 3D?
I’ve been told that I’m a great innovator. At a previous job, after I had gone way far beyond what I needed to do when working on a task, and in doing so, vastly improving a particular process, my former supervisor said in bewilderment, “We’ve never had this before.” She was not referring to what I had just accomplished, but the amount of thought, hard work and innovation I put into my job in general in relation to what others had done in my position in the past. From that point on, I decided that this statement would become my mantra—that I would always try to create and build on things to hopefully make the company better. I want to work at 3D in the same way so that people here will hopefully also be able to say, “We’ve never had this before.”

9. What are your greatest achievements, either at 3D or elsewhere?
Now having lived in 3 foreign countries, I feel that being able to successfully adjust to living and working in those countries was a huge accomplishment for me. When you move to a foreign country, no matter which one, it’s always very challenging to adjust to a new way of life, but once you get through it, you feel as though you’ve just climbed Mt. Everest or something.

10. How big is your family, and what do you enjoy doing with them?
Since my husband and I are both only children and we don’t yet have any children, it is only him, me and our cat Tulip, although we have many wonderful people in our extended family, most of whom live very far away. My husband and I enjoy traveling, going to museums, eating out, seeing movies, etc., and since Tulip has an affinity for anything with feathers, we spend a lot of time waving around a feather toy for her to chase.

11. Finally, what do you like to do outside of work?
I am a travel junky (I’ve flown over 50,000 miles in the last 3 years!), so whenever we get a chance to travel somewhere and have the money for it, we go. I also love to blog, go to concerts, art museums (I highly recommend the Cincinnati Art Museum), speak German, eat cheese, etc.

3D is happy to have Gail as a member of our team and is always looking for talented individuals like her to join. To find out more about how to become part of the 3D team, visit our website at http://www.3dcorp.us/contactUs.html.

3D Business Analyst Brendan Kremian achieves Cisco SMB Specialization for Account Managers

Brendan Kremian, 3D Business Analyst, has earned Cisco SMB Certification for Account Managers, further enhancing the company’s range of professional certifications.

Cisco Systems, Inc., a corporation that designs and sells business electronics, networking and communications technologies, awards SMB Certification to Account Managers that exhibit the skills required to successfully recognize the technology needs of small and medium sized businesses (SMB) and articulate how Cisco SMB products can meet their needs. Kremian constantly employs these competencies when identifying the network technology needs of 3D’s clients and recommending products and services to fulfill those needs.

SMB Certification for Account Managers adds to Kremian’s existing array of certifications including CompTIA A+ certification and his Microsoft Certified Professional status. Other members of the 3D engineering team also hold certifications in Microsoft, Cisco, WatchGuard and other technologies that recognize their expertise in using these products to provide businesses with reliable network management and support.

“Brendan’s dedication to expanding his expertise in business and product knowledge is second to none, and we truly appreciate his efforts,” remarks Dave Koshinz, 3D Corporation’s CEO.

To learn more about how certifications like these provide value to our clients, call us at (360) 671-4906, email us at info@3dcorp.us, or visit our website at http://www.3dcorp.us/.

Beware of Malvertising on Social Networking Sites

The use of social networking sites, such as Facebook, MySpace, Twitter and blog sites, rose significantly in 2009 and will likely continue to do so this year. In fact, according to Rob Housman, Executive Director of the Cyber Secure Institute, over 300 million people actively use Facebook, and Twitter is growing at a staggering 1382% each year! That is a lot of exposure and hackers are taking full advantage of this opportunity by creating new ways to disseminate malware/spyware through these sites.

One such method that has become an increasing threat is the use of malicious advertising, now commonly referred to as “Malvertising.” Malvertising consists of placing publicity material on web sites or social networking sites that incorporates a direct or indirect link to the installation of malicious software. In this way, each person visiting the web site where the online advertisement was placed becomes a potential victim.

A great way to avoid malicious software being spread this way is for your company’s users not to visit these sites except for specific businesses purposes. Limiting use of social networking sites to business-related activity can help limit your exposure to these risks. At the very least, you should NEVER download any software program where you are not 100% sure it is from a trusted source.

The Google Online Security Blog provides some additional simple tips to help avoid becoming a victim of malvertising:

• Make sure your company’s browsers, operating systems, software and plug-ins are all updated regularly. 3D ProActive™ Managed and 3D ProActive™ Partner clients receive many of these updates on a regular basis as part of their automated maintenance.
• Be aware that malware can be disguised as antivirus/antispyware software in order to trick people into buying or downloading it. Fake (and harmful) software of this kind is known in the web security community as “rogue security software.” To avoid getting tricked, always research a company’s reputation before downloading its software or visiting its website, and be wary of unexpected warnings from products you haven’t installed yourself.
• Exercise caution whenever you’re prompted to download an email attachment, follow an instant message link, install a plug-in, or download an unfamiliar piece of software.
  3D provides a variety of security solutions to protect businesses from falling victim to malvertising and many other network threats.

For more information on how 3D Corporation can provide security solutions to protect your business from potential malware, spyware, and other threats to your network, visit our website at http://www.3dcorp.us/, email us at info@3dcorp.us, or call us at (360) 671-4906.

References: “2010: Cybercrime Coming of Age” white paper – January 2010; “Protecting Users and Ads from Malware”, Google Online Security Blog; “Cyber Secure Institute Statement on Malware Explosion and Social Networks”, Ad Ops Online