XP will treat the iPhone like a digital camera device. Therefore, any computer program that will sync to and from digital cameras to a windows box can be used to move the pics and vids over.

If you do not have a program that transfers pictures and videos from digital cameras, you can use window’s Scanner and Camera Wizard…

1. Click Start
2. Click All Programs
3. Select Accessories
4. Select Scanner and Camera Wizard

5. Select the iPhone out of your potential devices.

6. If you want to be able to manually copy pictures and videos over in an explorer-like interface, click the advanced users only link. If you want to copy pictures/videos over in a little wizard-like interface, click Next.

Using either the explorer or wizard interfaces will allow you to delete media as well. Using this method is obviously a lot quicker than deleting the media manually on the iPhone itself.

Scheduled start date and time: 11/13/2010 02:00 AM ET

Scheduled end date and time: 11/13/2010 04:00 AM ET

System(s) Affected: All Services

Expected Impact: You will experience brief service interruptions during the maintenance window. All incoming messages will be queued until the maintenance is complete.

Action required: none

Should you have any questions about this maintenance window, please email us at support@stgfl.com.

Scheduled start date and time: 10/30/2010 08:00 PM ET

Scheduled end date and time: 10/30/2010 10:00 PM ET

System(s) Affected: All Services

Expected Impact: We are performing network upgrades that will result in several short interruptions in service during the maintenance window. Incoming messages will be queued until the maintenance is complete.

Action required: none

The reboot will take less than 30 minutes and is due to a previous software upgrade to our backup system.

Once the maintenance has been completed or it it takes longer than anticipated, this page will be updated accordingly.

****UPDATE: Maintenance Complete.****** 10/25/2010 – TJR

SEVERITY: HIGH

28 September, 2010

SUMMARY:

This vulnerability affects: All current versions of Microsoft’s .NET Framework

How an attacker exploits it: By sending a large number of web requests containing cipher text (and interpreting error responses)

Impact: In the worst case, an attacker can gain enough information to read and/or tamper with encrypted data from your web server

What to do: Install the proper .NET Framework update immediately (Windows update will not immediately push this update, you should download it manually)

EXPOSURE:

At a cryptography conference in 2002, a researcher introduced a cryptological “side-channel” attack called a padding oracle attack, which attackers can leverage to decrypt Cipher Block Chaining or CBC-mode encryption without knowing the encryption key. Without getting into too much technical detail, block ciphers, like CBC, require that all messages arrive with the exact same number of blocks (multiples of eight bytes). However, the plain text messages you encrypt come in varying lengths, which may not fit perfectly within those specifically-sized boundaries. As a result, cryptographic algorithms have to use padding to fill in the extra, unused portions of each block. In order to check whether or not an encrypted value is padded correctly or not, encryption mechanisms employ something called a padding oracle. The researcher from 2002 found that by sending multiple, incorrectly padded messages to a server, he could interpret the error messages returned by the padding oracle to eventually learn enough to decrypt the server’s encrypted content without knowing the encryption key. The researcher even released a tool called Padding Oracle Exploit Tool (POET), which you can use to leverage this class of vulnerability.

More recently, at the Ekoparty security conference in Argentina, two security researchers reported that Microsoft ASP.NET suffers from this classic padding oracle attack. More specifically, they found a universal padding oracle vulnerability that supposedly affects every ASP.NET web application. They claimed attackers can leverage this flaw to decrypt cookies, view states, form authentication tickets, membership passwords, user data, and anything else encrypted using the ASP.NET framework’s API. As a result of these researcher’s findings, Microsoft has decided to release an out-of-band security update to correct this issue.

According to Microsoft’s out-of-band security bulletin, the ASP.NET components that ship with the .NET Framework suffer from an information disclosure vulnerability due a padding oracle flaw like the one described above. By repeatedly sending web requests containing a cipher text to a vulnerable ASP.NET web server, an attacker could interpret the error messages returned by the web server to eventually gain enough information to read or tamper with encrypted data. This would allow the attacker to gain access to significant amounts of sensitive information from your web server, and in one example, attackers even demonstrated how this leak could be leveraged to attack and potentially gain full access to the server.

Researchers have already released tools and shared examples showing how you can leverage this vulnerability. Furthermore, Microsoft has also seen evidence of attackers leveraging this flaw in the wild. If you have a web server using the .NET Framework, we highly recommend you update it immediately.

For more technical detail about this flaw, check out the articles in the References section below.

SOLUTION PATH:

Microsoft has released .NET Framework updates to fix this vulnerability. If you have web servers that use the .NET Framework, you should download, test and deploy the corresponding update immediately.

Business impact : Some users in EAST.EXCH022 are unable to connect to the exchange server

Technical details : Our system administrators have verified reports of connectivity issues in the EAST.EXCH022 domain. We are currently investigating this issue and will provide more updates when they are available.

“Here you have” Email contains fake and malicious PDF or WMV links

Severity: Medium

10 September, 2010

Virus/Worm Summary:

• Subject lines to avoid: include “Here you have,” or “Just for you,” and “This is the Free Dowload (sic) Sex Movies, you can find it Here”
• Malicious email attachment: contains supposed links to PDF or WMV files, which actually link to malicious .SCR files
• Impact: Spreads via your email contacts and through network shares. Infects your computer with various malware, and potentially steals information
• What to do: Make sure you are using updated antivirus software, and block .SCR files at your gateway (see below for details)

About the Virus:

Late yesterday, various antivirus (AV) vendors began receiving reports of a new mass-mailing email worm, generally called VBMania, which arrives with various subjects including, “Here you have.” Today, others in the press have jumped on the bandwagon and published many shrill reports [ 1 / 2 / 3 ] that describe this worm as an outbreak and suggest it has flooded inboxes worldwide. While we don’t doubt that attackers have aggressively seeded this malicious email using spamming techniques (and likely a botnet), we haven’t yet seen the worm in our own inbox. There are reports of it affecting some well known companies. However, it doesn’t seem to be as wide-spread as the big worms of the past (Nimba, etc). In fact, most antivirus (AV) companies still only rate this worm as only a medium risk. While you should make yourself, and your users, aware of this new worm, it doesn’t offer reason for panic.

What you can do

• As always, remind your users never to open unexpected attachments or click on unexpected web links from any source. Inform them that most modern viruses falsify the “From” field and can appear to come from friends, co-workers, or other trusted parties.
• Most major antivirus vendors already have signatures that detect this worm. Check with your vendor for the latest update. 

 - This alert was researched and written by Corey Nachreiner, CISSP

Additional Resources

If you currently do not have a robust security solution, you can learn more about STG’s network security solutions, including managed virus protection here:  http://www.stgfl.com/guardlink/

This event is sponsored by the City of Palm Coast and will cover topics specific to businesses such as evacuation routes, insurance, disaster preparedness and our own TJ Rosenthal, Director of Technical Services, will be discussing Technology Concerns When Creating a Disaster Recovery Plan.

Event Location: 305 Palm Coast Pkwy, NE. Palm Coast, FL 32137

Time: 3:00 pm – 5:00 pm, Thursday, Sept. 16th

Saturday, Sept 11, 2010, 2:00 am – 3:00 am EST

We apologize for this inconvenience and thank you in advance for your cooperation.  Should you have any questions or concerns regarding this, please email support@stgfl.com.

Southern Technology Group will be performing maintenance on our servers on the evening of September 7, 2010, 9:00 pm – 11:00 pm.  Access to Citrix will not be available during our maintenance window.  There may also be periodic lapses in connection to the mail server.  No emails will be lost during this maintenance window and you should not notice any significant disruption in access to your information via your mobile smart phones.  Should you have any questions regarding this scheduled maintenance, please email support@stgfl.com.

Thank you for your cooperation and understanding.