It has been warned by from Symantec that anyone still using pcAnywhere to remote into their computers should disable the product and stop using it. It was revealed that several years ago a theft of its source code puts their customers at risk of an attack.
from www.smh.com.au -
Security firm Symantec took the rare step of advising customers to stop using one of its products, saying its pcAnywhere software for accessing remote PCs is at increased risk of getting hacked after blueprints of that software were stolen.
The announcement is the company's most direct acknowledgement to date that a 2006 theft of its source code put customers at risk of attack.
Symantec said it was only asking customers to temporarily stop using the product, until it releases an update to the software that will mitigate the risk of an attack.
It acknowledged that some customers would need to continue using the software for "business critical purposes", saying they should make sure they were using the most recent version of the product and "understand the current risks", which include the possibility that hackers could steal data or credentials.
Still, it is highly unusual for a software maker to advise customers to disable a product completely while engineers develop an update to fix bugs. Companies typically recommend mitigating factors that will reduce the risk of an attack.
"That's crazy. That's pretty much unheard of to just say 'Stop using it'. Especially a vendor as large as Symantec," said H.D. Moore, chief architect of Metasploit, a platform that security experts use to test whether computer systems are vulnerable to attack.
PcAnywhere is a software program that is also bundled with some titles in Symantec's Altiris line of software for managing corporate PCs, Symantec said in a white paper and note to customers released on its website overnight where it disclosed the warning.
Company spokesman Cris Paden said that Symantec has fewer than 50,000 customers using the stand-alone version of pcAnywhere, which was available for sale on its website for $US100 and $US200 as of early Wednesday afternoon in the US.
The company last week warned customers of the 2006 theft of the source code, or blueprints, to pcAnywhere and several other titles: Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities and Norton GoBack.
It made the announcement after a hacker who goes by the name YamaTough released the source code to its Norton Utilities PC software and had threatened to publish its widely used anti-virus programs. Authorities have yet to apprehend that hacker.
At the time, Paden said that the theft of the code posed no threat as long as customers were using the most recent versions of Symantec's software, with one exception: users of pcAnywhere might face "a slightly increased security risk".
In the white paper published early on Wednesday morning in the US, the company indicated the situation was more serious.
"At this time, Symantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks," it said in the white paper.
The company also reiterated its previous guidance that users of its other software titles were not at heightened risk because of the breach in 2006.
"The code that has been exposed is so old that current out-of-the-box security settings will suffice against any possible threats that might materialise as a result of this incident," it said on its website.
Integrate your Time and Attendance with: Sage ERP MAS 90, Sage ERP MAS 200, QuickBooks, ADP, Paychex, or any system that accepts CSV files.
Time clocks will help you track employee time in nearly any business environment. Time Clocks also utilize Time and Attendance software which make payroll easy and accurate.
http://acutedata.com/Solutions/Payroll-and-Timekeeping/Payroll-Time-and-Attendance
Have you ever wanted to create a new company in Sage ERP MAS 90 or MAS 200 and copy the customers, vendors and items from one of your existing companies without the transactions attached to them? This is great for starting a new company in MAS, or even creating a test company with no existing transactions to train with.
For as far back as I can remember of MAS90/200, there has been a hidden utility in Sage ERP MAS 90/200 to accomplish just that.
For more instructions on using the utility, use the help button in the lower right hand of the screen when you are in the Copy Masterfile Utility.
One of the biggest hold backs for us upgrading our customers to Sage ERP MAS 90/200 v4.5 is an issue where invoice amounts double in the posting of the Daily Transaction Register.
About a month ago, it was found that Sage 100 (also known as ERP MAS 90/200) was duplicating postings in the Daily Transaction Register from Sales Order Invoices. The Daily Transaction Register was always in balance so it wasn't always noticed but when looked at closely, it showed that the amounts were doubled.
At the time, the only workaround was to preview the Daily Sales Reports/Updates prior to updating the Daily Sales Report.
As of yesterday, Sage released Hot Fix SO4081-T.
This resolves the double posting issues.
You can download the fix here.
StarShip version 12.0.2 now supports USPS rate changes effective Jan. 22, 2012. StarShip v12.0.2 supports 2012 rate and service updates as well as the following Endicia enhancements: • Support for the 2976A form to print on a 4x6" thermal label • Expanded support of free Delivery Confirmation to First-Class parcel • New First-Class Package Service • New Express Mail Flat Rate box • New Priority Mail - Regional Rate Box C • More on StarShip's enhancements for the latest USPS rate change!
StarShip 12.0.2 Upgrade You are eligible to receive the v12.0.2 upgrade FREE of charge as part of your StarShip Subscription Plan (valid thru: 10/16/2012) This will available on 1-20-12. Although you may not be affected by the USPS update, we strongly recommend upgrading to version 12.0.2 because we will not be releasing web updates or enhancements to previous versions.
DOWNLOAD INFORMATION: StarShip 12.0 has 2 components: Server and Client. After end-of-day close January 20th download the upgrade from: StarShip 12.0 Server: http://updates.vtechnologies.com/ssfiles/12.0.2/serversetup.exe StarShip 12.0 Client: http://updates.vtechnologies.com/ssfiles/12.0.2/clientsetup.exe
UPGRADE INSTRUCTIONS: http://www.vtechnologies.com/Docs/SS/ss_upgrade.pdf
Important notes for Starship v9 customers
• FedEx will retire all API transactions on May 31, 2012. This means you can no longer ship FedEx packages in StarShip v9 after this date. • Effective June 1, 2011, FedEx has retired the API subscription transaction. This means that you are now unable to add or re-subscribe FedEx accounts in StarShip v9. • Support for StarShip version 9.9.92 was discontinued on 12-31-11 (version support matrix). • StarShip v12 includes support for FedEx Web Services. This will give you uninterrupted FedEx shipping with added features such as FedEx SmartPost and Electronic Trade Documents. • StarShip v12 has exclusive support for USPS Endicia giving you commercial discount pricing, expanded flat rate boxes and more. We have discontinued USPS Manifest and Metered Mail in v10 and higher. • We understand that this is going to be a transition and that's why we strongly recommend planning your v12 migration now to avoid frustrating shipping delays when the May deadline arrives and FedEx no longer allows you to ship packages using your current method.
Contact us for a free brain storming session!
