F-Secure Patches multiple vulnerabilities in Products.

Finnish security vendor F-Secure has patched multiple vulnerabilities in its software, including a buffer overflow vulnerability affecting a number of its products.

The buffer overflow vulnerability lies in the processing of LHA archives and may allow an attacker to execute arbitrary code or create a denial-of-service condition. This flaw is related to a similar problem discovered last fall involving the way the Gzip decompression utility handles LZH-compressed archives, F-Secure officials said in an advisory.

"An attacker may create a specially crafted LHA archive, which then in its decompression phase exploits the described buffer overflow vulnerability, allowing arbitrary code to be executed or the exploit to create a denial-of-service condition," said officials at the Helsinki, Finland-based company.

The bug affects F-Secure's Anti-Virus, Internet Gatekeeper and Internet Security product suites.

Two other vulnerabilities were patched Wednesday as well. One is an IOCTL (Input/Output Control) vulnerability in the Real-time Scanning component of F-Secure workstation and file server products for Windows. An attacker with local access to the system can escalate their privileges to the system with a specially crafted IRP (I/O request packet) due to improper access validation of the address space used by Real-time Scanning, company officials said.

The final flaw patched Wednesday is a bug in F-Secure's Policy Manager Server that could be used by attackers to launch a denial-of-service attack. A DoS condition can be triggered by using NTFS-reserved words as URL filenames, company officials warned. France-based security research organization FrSIRT rates this particular flaw, which is remotely exploitable, as low risk.

By Brian Prince www.eweek.com

Corporate Security for Your Home Business.

The words Corporate Security may conjure up images of a group of techies working in a wire-filled basement room of Microsoft or HP, combating hackers and terrorists online using words like algorithm and encryption. If you own your own business, do not allow yourself to think that security is only for big corporations. Every company, big or small, technological or traditional, has two major security concerns: protecting information, and protecting hardware.

Corporate Security: Information

Information is the commodity that makes companies unique. That information could be a process your company does better than others; or it could be how to make the unique product you sell; or it could be a collection of information that you have that others want access to. In any case, protecting the information that makes your company viable could mean financial life or death for your venture. There are three simple corporate security solutions you can implement to decrease the likelihood that your information will be leaked or lost.

Make back ups often. If you are like 90% of computer users out there who use Windows, pressing [ctrl] + S is a habit well worth forming. Besides information, time is one of your most valuable resources, so you can't afford to lose hours of work every time the system crashes. Save your work as often as you stop typing. Making additional copies of master files in other places beside your hard drive will mean you won't lose everything if your hard drive becomes corrupted. Keep these discs in a safe place where you can easily access them if you need to.

Keep secret passwords secret. This may seem like a no-brainer, but too often we think of passwords as annoyances slowing us down. Systems are password-protected to ensure that only those persons who should be allowed access are granted access. If you are working out of a home office and have little face-to-face interaction with clients or customers, you may be tempted to leave your system unlocked or pin a list of your user names and passwords near the computer. Remember that children are both curious and smart, and in only a few clicks of the mouse they can accidentally erase important files. Do yourself the favor of memorizing your passwords and changing them on occasion.

Maintain an up-to-date computer system. Computers that run slower also have the terrible tendency of getting overloaded and shutting down. The internet is one of the biggest culprits of bogging down your processing speed, but running several programs at the same time will also do it. Keeping your processor and memory up-to-date will help ensure that you are able to perform all the tasks that are required of you without having to spend a lot of time waiting for your computer to catch up.

Corporate Security: Hardware

Chances are good that IBM's annual technology budget is quite a bit larger than your home business's budget. Between putting food on the table and covering the operating costs of your business, purchasing new equipment might seem like a luxury you'll never have. Protecting your computer system from viruses, spy ware, and malicious software is one of the most cost-effective ways to ensure your computer will last as long as you need it to.

Know what is on your computer. Viruses can come through email, discs, or the internet, and are typically well-hidden on your hard drive. Perform systematic checks of the temporary internet files, cookies folder, and the rest of your hard drive to ensure that you have not accidentally picked up a virus. Software can be purchased that filters spam and helps you manage the internet files and cookies that are downloaded automatically on your computer. A proactive approach in combating viruses and spy ware is usually the most effective way to make sure your hardware stays protected.

Though corporate security solutions may seem like a luxury your home business can not afford, protecting information and hardware are priorities that all companies should have. Following these simple, inexpensive solutions to common security concerns your company may have will go a long way in helping you succeed.

Nick Smith is a client account specialist with 10x Marketing - More Visitors. More Buyers. More Revenue. For more information about cost-effective corporate security solutions, visit ContentWatch.com.

Benefits of BCC (blind carbon copy).

What is BCC?

BCC, which stands for blind carbon copy, allows you to hide recipients in email messages. Unlike addresses in the To: field or the CC: (carbon copy) field, addresses in the BCC: field cannot be seen by other users.

Why would you want to use BCC?

There are a few main reasons for using BCC:

• Privacy - Sometimes it's beneficial, even necessary, for you to let recipients know who else is receiving your email message. However, there may be instances when you want to send the same message to multiple recipients without letting them know who else is receiving the message. If you are sending email on behalf of a business or organization, it may be especially important to keep lists of clients, members, or associates confidential. You may also want to avoid listing an internal email address on a message being sent to external recipients.
  
  
  

  Another point to remember is that if you use the To: or CC: fields to list all of your recipients, these same recipients will also receive any replies to your message unless the sender removes them. If there is potential for a response that is not appropriate for all recipients, consider using BCC.

  
  
  
  
• Tracking - Maybe you want to access or archive the email message you are sending at another email account. Or maybe you want to make someone, such as a supervisor or team member, aware of the email without actually involving them in the exchange. BCC allows you to accomplish these goals without advertising that you are doing it.
  
  
  
  
  
• Respect for your recipients - Forwarded email messages frequently contain long lists of email addresses that were CC'd by previous senders. These addresses are highly likely to be active and valid, so they are very valuable to spammers. Furthermore, many email-borne viruses harvest email addresses contained in messages you've already received (not just the To: and From: fields, but from the body, too), so those long lists in forwarded messages pose a risk to all the accounts they point to if you get infected.
  
  
  

  Many people frequently forward messages to their entire address books using CC. Encourage people who forward messages to you to use BCC so that your email address is less likely to appear in other people's inboxes and be susceptible to being harvested. To avoid becoming part of the problem, in addition to using BCC if you forward messages, take time to remove all existing email addresses within the message. The additional benefit is that the people you're sending the message to will appreciate not having to scroll through large sections of irrelevant information to get to the actual message.

How do you BCC an email message?

Most email clients have the option to BCC listed a few lines below the To: field. However, sometimes it is a separate option that is not listed by default. If you cannot locate it, check the help menu or the software's documentation.

If you want to BCC all recipients and your email client will not send a message without something in the To: field, consider using your own email address in that field. In addition to hiding the identity of other recipients, this option will enable you to confirm that the message was sent successfully.

Authors: Mindi McDowell, Allen Householder

How can you reduce the amount of spam?.

What is spam?

Spam is the electronic version of "junk mail." The term spam refers to unsolicited, often unwanted, email messages. Spam does not necessarily contain viruses—valid messages from legitimate sources could fall into this category.

How can you reduce the amount of spam?

There are some steps you can take to significantly reduce the amount of spam you receive:

• Don't give your email address out arbitrarily - Email addresses have become so common that a space for them is often included on any form that asks for your address—even comment cards at restaurants. It seems harmless, so many people write them in the space provided without realizing what could happen to that information. For example, companies often enter the addresses into a database so that they can keep track of their customers and the customers' preferences. Sometimes these lists are sold to or shared with other companies, and suddenly you are receiving email that you didn't request.
  
  
  
• Check privacy policies - Before submitting your email address online, look for a privacy policy. Most reputable sites will have a link to their privacy policy from any form where you're asked to submit personal data. You should read this policy before submitting your email address or any other personal information so that you know what the owners of the site plan to do with the information.
  
  
  
• Be aware of options selected by default - When you sign up for some online accounts or services, there may be a section that provides you with the option to receive email about other products and services. Sometimes there are options selected by default, so if you do not deselect them, you could begin to receive email from lists those lists as well.
  
  
  
• Use filters - Many email programs offer filtering capabilities that allow you to block certain addresses or to only allow email from addresses on your contact list. Some ISPs offer spam "tagging" or filtering services, but legitimate messages misclassified as spam might be dropped before reaching your inbox. However, many ISPs that offer filtering services also provide options for tagging suspected spam messages so the end user can more easily identify them. This can be useful in conjunction with filtering capabilities provided by many email programs.
  
  
  
• Don't follow links in spam messages - Some spam relies on generators that try variations of email addresses at certain domains. If you click a link within an email message or reply to a certain address, you are just confirming that your email address is valid. Unwanted messages that offer an "unsubscribe" option are particularly tempting, but this is often just a method for collecting valid addresses that are then sent other spam.
  
  
  
• Disable the automatic downloading of graphics in HTML mail - Many spammers send HTML mail with a linked graphic file that is then used to track who opens the mail message—when your mail client downloads the graphic from their web server, they know you've opened the message. Disabling HTML mail entirely and viewing messages in plain text also prevents this problem.
  
  
  
• Consider opening an additional email account - Many domains offer free email accounts. If you frequently submit your email address (for online shopping, signing up for services, or including it on something like a comment card), you may want to have a secondary email account to protect your primary email account from any spam that could be generated. You should also use a secondary account when posting to online bulletin boards, chat rooms, public mailing lists, or USENET so that you can get rid of when it starts filling up with spam.
  
  
  
• Don't spam other people - Be a responsible and considerate user. Some people consider email forwards a type of spam, so be selective with the messages you redistribute. Don't forward every message to everyone in your address book, and if someone asks that you not forward messages to them, respect their request.

Authors: Mindi McDowell, Allen Householder