Homeland Forensics appoints two new Directors, chooses Wen Peng as new CFO
Homeland Forensics CEO's Letter to Stakeholders in 2008
Homeland Forensics to Launch New Secure P2P Marketplace for Small Business Capital Formation at 504investor.com
Homeland Forensics CEO Delivers Letter to Stakeholders
Homeland Forensics Files for Patent Protection and Discloses New Inventions
Homeland Forensics Secures Digital Forensics Expert Jason Coombs as New CEO
Homeland Forensics Files 8K Reporting Change of Management, Stock Sale
PreEmpt Blocks WMF Vulnerabilities
A recent Microsoft Security Bulletin (MS05-053) addressed the Windows 2000/XP/2003 vulnerability where a remote attacker could run arbitrary code on your machine by simply having you view a clip art image on the web. Our fix addresses these and future issues for Windows 2000/XP/2003 and the Windows NT/Me/98 for which no patch has been released yet.
Further Information from Microsoft
PreEmpt 2.0 Now Available for Windows NT and 98/ME Family of Operating Systems
Effective today, PreEmpt 2.0 now supports Windows NT and the Windows 98/ME family of Operating Systems along with the previous support for Windows XP and Windows 2000.
PreEmpt 2.0 Now Available for Windows 2000 Family of Operating Systems
Effective today, PreEmpt 2.0 now supports the Windows 2000 family of Operating Systems along with the previous support for Windows XP.
PreEmpt Blocks Zero-day remote code execution vulnerability in MSDDS.DLL
The Microsoft DDS Library Shape Control (Msdds.dll) is a COM object that could, when called from a Web page displayed in Internet Explorer, cause Internet Explorer to unexpectedly exit. This condition could potentially allow remote code execution if a user visited a malicious Web site. The exploit will open a remote shell if you visit a malicious website. Other payloads are possible. The exploit will have all the privileges assigned to the user running Internet Explorer. Microsoft has released a security advisory with regards to MSDDS.DLL.
PreEmpt 2.0 proactively blocks vulnerabilities in latest Microsoft patch release. On August 9, Microsoft released six patches addressing security vulnerabilities ranging from Moderate to Critical and PreEmpt 2.0 has provided proactive protection in advance of the notification.
For those issues that do not involve direct user intervention to exploit the threat, PreEmpt 2.0 has included protection from at least two (MS05-38 and MS05-041) of the notices for over 6 months. The company's research team is studying the remaining patches for additional fix opportunities and threat mitigation techniques. As we address these vulnerabilities additional messages will be provided in the Message Center.
PreEmpt 2.0 released. Thank you for selecting PreEmpt 2.0, the next generation Desktop Intrusion Prevention product based on the popular Qwik-Fix Pro security product. It has been completely redesigned to improve both the protection technology as well as the user interface and user experience.
We have listened to your improvement suggestions and have added many important features that include:
- Entirely new intuitive user interface for improved usability
- Visible alerts when certain classes of threats have been blocked
- New classes of fixes that are unique in the Windows security environment
- Dramatic improvements in compatibility with third-party programs
- Improved descriptions of which threats PreEmpt proactively protects against
- Expanded fix descriptions including the impact of enabling/disabling a given fix
Plus many more user configurable options that allow you to customize PreEmpt to meet your security and operating requirements.
Thanks for participating in the PreEmpt 2.0 beta program. Build .59 includes the following new fixes:
We're also happy to announce that PreEmpt proactively protected against the automated exploitation of the newly announced Microsoft vulnerability MS05-035 "A Vulnerability in Microsoft Word That Could Allow Remote Code Execution". Automated exploitation protection is provided by the "Disable IE Automatic Document Viewing" functionality which we've included since August of 2004.
- Disable WebDAV Fix
Disable World Wide Web Distributed Authoring and Versioning (WebDAV) per Microsoft Security Bulletin MS03-007.
- Disable Remote Desktop Fix
The Remote Desktop comes with XP and can be installed on any Windows operating system. This application allows complete control of the host system through the Terminal Services service. Surprisingly, 33% of installations have been found to leave this feature enabled.
- Disable Job Icon Handlers Fix
The .job icon handler runs mstask.dll, which can be used as an exploit vector. This fix disassociates mstask.dll from .job files.
- SAM File Fix
Though the true SAM (System Account Manager) file in %systemroot%\system32\config is protected, the backup saved by Windows (%systemroot%\repair) is not. This file can be uncompressed, after which usernames and passwords can be cracked easily by applications such as John the Ripper.
- Remove Guest Account Fix
The guest account is used in many privilege escalation exploits. Removing this account reduces the attack surface without significantly altering the functionality of the reconfigured machine.
- Syn Attack Fix
A basic Internet attack employs SYN flooding to perform a Distributed Denial of Service (DDoS) attack. The effectiveness of this DDoS attack can be reduced by a registry entry that helps to protect against SYN flooding.
There's also many user interface improvements, including the removal of most of the flicker, and minor bugfixes.
PreEmpt Blocks GDI+ Vulnerability.
The JPEG parsing engine included in GDIPlus.dll contains a dangerous exploitable buffer overflow potentially allowing an attacker to run arbitrary code on the affected system. This vulnerability is particularly dangerous because it allows remote code execution through any application which loads a jpeg compressed image with a .jpg or .jpeg files renamed as .bmp or .gif files from a remote source.
PreEmpt Beta User Interface Released.
This latest version of the PreEmpt 2.0 Beta includes the public release of the updated user interface. As you can see the new user interface maintains the general sense of the product while highlighting and clarifying certain functions. The message center has been changed to support hyperlinks and the ability to offer more detailed description of protections as they are released. The main user screen includes an updated view on the system at a glance and includes color coded icons, global help, and a simplified update button.
You can also resize the screen and it will remember the last size you created. Various other miscellaneous word changes and features have been added to the first beta release as well.
Qwik-Fix Pro Blocks New Microsoft Vulnerabilities
Microsoft released 10 new security patches today that cover a total of 14 new security vulnerabilities. The company is currently investigating their root causes and testing these against Qwik-Fix Pro. We have determined so far that the "Disable IE Automatic Document Viewing" fix proactively protected against the remote code execution vulnerability (MS05-031) inside Windows Interactive Training which a malicious website could use to compromise your machine. We are still reviewing all of the vulnerabilities and will update this message as more protection information is identified.
Qwik-Fix Pro Blocks Recent Internet Explorer Remote File Execution
Microsoft Internet Explorer is vulnerable to an issue which permits an attacker to trigger the execution of an existing file in the user's temporary or alternate directory using FTP command-line injection. Microsoft has left this unaddressed in a majority of their Windows operating systems. Qwik-Fix Pro users have been protected in advance against this vulnerability by our Active System Hardening technology for the past 18 months.
Qwik-Fix Pro 1.4 Clear Pagefile Fix
Your system utilizes hard disk space to provide additional "virtual" memory. Since the information on this area of your hard drive is not cleaned by default, hackers can sort through its contents to find passwords, online banking PINs and other confidential or sensitive information. The Qwik-Fix Pro Clear Pagefile Fix automatically clears the contents of this file on shutdown. Note: this Fix can cause your computer to shutdown more slowly as it is clearing the file.
This fix does not apply to Windows 95/98/ME operating systems.
Windows 98, Windows 98 SE and Windows ME MS05-002 Update
Microsoft recently announced that their KB891711 update (which was released to address a vulnerability related to cursor and icon format handling), fails to adequately protect users of Windows 98, Windows 98 SE and Windows ME.
Qwik-Fix Pro Users with 98, 98 SE and ME systems have been protected against all exploits targeting this vulnerability since January of 2005.
Qwik-Fix Pro 1.4 Maintenance Release
This update fixes several minor issues with licensing and software compatibility.
In addition, advanced protection against a number of vulnerabilities in Microsoft's latest patch release was verified for: Office XP buffer overflow (MS05-005), Drag-and-Drop in Windows' shell (MS05-008), Automated exploitation of buffer overflows in RTF documents (MS05-012), Cross Domain Vulnerability in DHTML Edit Control (MS05-013), and URL Decoding Zone Spoofing (MS05-014).
Qwik-Fix Pro Blocks Second Hole in HTML Help ActiveX Control
A second vulnerability has been identified in the HTML Help ActiveX Control that could allow an attacker to remotely execute code on a vulnerable machine. Microsoft has acknowledged this vulnerability was not fixed by the MS05-001 patch issued on January 11th to patch another vulnerability in the same ActiveX control. The vulnerability can be exploited by simply visiting a malicious web page and affects all versions of Windows except XP SP2.
Qwik-Fix Pro users were protected in advance from the root cause of this newly discovered vulnerability.
Qwik-Fix Pro Blocks LoadImage Vulnerability
A remotely exploitable buffer overflow exists in the LoadImage API of Windows where an attacker can send a specially constructed cur, ico or ani file within an HTML page or in an Email to execute arbitrary code on the target system. Several exploits are in the wild using this vulnerability and it is rated as "Critical" by Microsoft. As a user of Qwik-Fix Pro, your system is protected from this exploit and all variants utilizing the LoadImage vulnerability to attack your system.
Qwik-Fix Pro Blocks XP SP2 Vulnerability
A new Windows vulnerability was announced over the Christmas weekend that affects all versions of Windows, including XP SP2. Today, the "Phel" Trojan started spreading around the Internet exploiting the recently discovered vulnerability by circumventing the LocalMachineZone lockdown built into SP2. Microsoft has acknowledged the vulnerability and has rated it as a Critical issue, but no patch has been released.
The company has already identified new variants of the Phel Trojan that are spreading in the wild with new malicious payloads. In addition, new variants of this Trojan are being developed on public security mailing lists such as Full Disclosure.
Qwik-Fix Pro users have been protected from this vulnerability and all its variants with the "Secure the IE My Computer zone" fix since September 1, 2003.
||Media Inquiries, Contact: