Dec 30, 2009

Microsoft Response to Holiday IIS Zero Day

Here is the response from Microsoft. Looks like they are blaming it on configuration errors.

Results of Investigation into Holiday IIS Claim:
We’ve completed our investigation into the claims that came up over the holiday of a possible vulnerability in IIS and found that there is no vulnerability in IIS.
What we have seen is that there is an inconsistency in IIS 6 only in how it handles semicolons in URLs. It’s this inconsistency that the claims have focused on, saying this enables an attacker to bypass content filtering software to upload and execute code on an IIS server.
The key in this is the last point: for the scenario to work, the IIS server must already be configured to allow both “write” and “execute” privileges on the same directory. This is not the default configuration for IIS and is contrary to all of our published best practices. Quite simply, an IIS server configured in this manner is inherently vulnerable to attack.
However, customers who are using IIS 6.0 in the default configuration or following our recommended best practices don’t need to worry about this issue. If, however, you are running IIS in a configuration that allows both “write” and “execute” privileges on the same directory like this scenario requires, you should review our best practices and make changes to better secure your system from the threats that configuration can enable. Once again, here’s a list of best practices resources:



The IIS folks are evaluating a change to bring the behavior of IIS 6.0 in line with the other versions. In the meantime, they’ve put more information up about this on their weblog.
I hope this helps answer any questions.
Happy Holidays and Happy New Year.
Christopher
*This posting is provided 'AS IS' with no warranties, and confers no rights*

Dec 29, 2009

Possible IIS 6 0-day

News from SANS


Microsoft responds to possible IIS 6 0-day, (Tue, Dec 29th): "Following up to recent diaries 7816 and 7810 and numerous other sources regarding a possible IIS&nbs ...(more)..."

Dec 15, 2009

Adobe Warns of Reader, Acrobat Attack

Adobe Warns of Reader, Acrobat Attack: "itwbennett writes "Monday afternoon, Adobe 'received reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild,' the company said in a post to the company's Product Security Incident Response Team blog. According to malware tracking group Shadowserver, the vulnerability is due to a bug in the way Reader processes JavaScript code. Several 'tests have confirmed this is a 0-day vulnerability affecting several versions of Adobe Acrobat [Reader] to include the most recent versions of 8.x and 9.x. We have not tested on 7.x, but it may also be vulnerable,' Shadowserver said in a post on its Web site. The group recommends that concerned users disable JavaScript within Adobe's software as a work-around for this problem. (This can be done by un-checking the 'Enable Acrobat JavaScript' in the Edit -> Preferences -> JavaScript window). 'This is legit and is very bad,' Shadowserver added."
Read more of this story at Slashdot.

Windows Share Refresher

I had a rights issue at work recently and it made me read up on Windows rights.

Here is a nice refresher on best practices for Windows Share rights assignments. Believe it or not it's really pretty simple. I think the key is to remember that it's the sum of both the security (NTFS) rights and the share rights that matters. I had an issue with RDP rights vs. share rights that I had to iron out and this answered the question.

Just make sure to tighten up the inherited rights if you use his suggestion on giving Authenticated Users full access to the Share.

Dec 11, 2009

Launching a Virtualbox Guest from OS X as an App

I've been using Virtualbox quite a bit lately now that I have my new MacBook Pro for work.  I have the disk space and I need access to Windows for a variety of things.

Anyway, I quickly tired of opening the Virtualbox Application just to launch the machine I needed (it's nearly always the same one even though I have many). So, I poked around in Google and found this great bit of instruction from Mark Bockenstedt.

Basically, you just have to create a script in Script Editor and save it as an Application. Then change the icon (if you want) and drag it to the dock. Here is all the code for the script.

  do shell script "vboxmanage startvm Ubuntu"

Very simple, very easy.

Nov 19, 2009

Microsoft Security Advisory (977544): Vulnerabilities in SMB Could Allow Denial of Service

What a surprise... Ok, I was kinda surprised. I guess this is why we have firewalls.

Microsoft Security Advisory (977544): Vulnerabilities in SMB Could Allow Denial of Service: "Revision Note: V1.0 (November 13, 2009): Advisory published.Summary: Microsoft is investigating new public reports of a possible denial of service vulnerability in the Server Message Block (SMB) protocol. This vulnerability cannot be used to take control of or install malicious software on a user’s system. However, Microsoft is aware that detailed exploit code has been published for the vulnerability. Microsoft is not currently aware of active attacks that use this exploit code or of customer impact at this time. Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary."

Nov 13, 2009

Google Autocomplete

Recently I started seeing a lot of these and it intrigued me. So I tried my own and discovered how easy (and addicting) it can be. I quickly discovered there is a blog dedicated to Google Autocompelete (AutocompleteMe.com).

Nov 12, 2009

Microsoft Steady State

For years I have replied upon the Faronic's product, DeepFreeze, for supporting public computer labs. Recently I found Microsoft Steady State and it looks promising. One of the problems I recently ran into with DeepFreeze was the lack of interaction with the operating system. This can be good in some cases but bad in others. I am hoping that Microsoft has solved some of these issues Steady State seeing as they have pretty good access to the code. Hopefully I can post some results here when I get the chance.

Online Charts and Diagrams

Lovely Charts is a great online resource for creating a number of quality online flowcharts, network diagrams and the like. The free account allows you to save one project on the site. You can still create new projects and save/export them as much as you like. You can only save one though. If you update your account (for a very reasonable fee) you can save many projects and edit them online.

It's a very useful tool for those of us who rarely dabble in the art of network diagrams and flowcharts but sometimes need a graphic to support an idea to upper management. Let's face it, Visio just isn't worth it and there are few substitutes. This is a great one.

Nov 10, 2009

Microsoft Security Tools

My thoughts here exactly. I'll be the first to tell you that I dislike third party utilities. This article from LifeHacker really hits home for me (of course I primarily use a Mac but there are certainly Windows PCs in the house). With a little common sense I see no reason why people would need third party AV tools anymore. There was a time when you couldn't do without some type of AV software. But let's be honest, Windows has come a long way.

Nov 8, 2009

Malware Can Download Child Porn To Your Computer

This is pretty scary stuff. I guess it's nothing we should be surprised about though.

Malware Can Download Child Porn To Your Computer: "2muchcoffeeman writes "The Associated Press tells the story of Michael Fiola, a former Massachusetts government employee who was arrested in 2007 after child porn was found on his state-issued laptop computer. He was eventually cleared of all charges after some digging by the defense found that the laptop was infected with malware that was 'programmed to visit as many as 40 child porn sites per minute — an inhuman feat. While Fiola and his wife were out to dinner one night, someone logged on to the computer and porn flowed in for an hour and a half. Prosecutors performed another test and confirmed the defense findings. The charge was dropped — 11 months after it was filed.' The article also discusses the technical aspects of how it could happen and about similar cases in the United Kingdom in 2003."

Read more of this story at Slashdot.

Nov 6, 2009

Home Wiring HowTo

Here's a little help on the Home Wiring front. We recently moved into a new house and I've been meaning to run some cable over to the new TV cabinet. Now I have some encouragement.

You've ripped a movie on your laptop, and now want it on that fancy new home theater PC next to your TV. If you've got the time, wiring your house with Cat-5e cable could make transfer times a distant memory.

Instrucables user Rogue Agent gets into the nuts, bolts, studs, and boxes needed to wire a house with omni-present cable in a fairly professional manner. The tutorial is based on setting up an actual cable switching box on a server-type rack. For those who just need to run cable from one room to another, the tips on finding, mounting, and securing cable through the walls, without your home looking like the scene of a sledgehammer party, are just as helpful.

Have you taken the dive into home cable networking? What guides, tutorials, or tips do you wish you'd known from the start? Tell us, and share the links, in the comments.

Nov 5, 2009

Google Dashboard - For all your Google Settings

I never really thought it was hard to manage this stuff before. Perhaps I will find something new. Still this is a great idea for heavy Google users.

Transparency, choice and control - now complete with a Dashboard!: "Posted by Alma Whitten, Software Engineer, Yariv Adan, Product Manager, and Marissa Mayer, VP of Search Products and User Experience

(Cross-posted from the Official Google Blog.)

Today, we are excited to announce the launch of Google Dashboard. Have you ever wondered what data is stored with your Google Account? The Google Dashboard offers a simple view into the data associated with your account — easily and concisely in one location.

Over the past 11 years, Google has focused on building innovative products for our users. Today, with hundreds of millions of people using those products around the world, we are very aware of the trust that you have placed in us, and our responsibility to protect your privacy and data. In the past, we've taken numerous steps in this area, investing in educating our users with our Privacy Center, making it easier to move data in and out of Google with our Data Liberation Front, and allowing you to control the ads you see with interest-based advertising. Transparency, choice and control have become a key part of Google's philosophy, and today, we're happy to announce that we're doing even more.

In an effort to provide you with greater transparency and control over their own data, we've built the Google Dashboard. Designed to be simple and useful, the Dashboard summarizes data for each product that you use (when signed in to your account) and provides you direct links to control your personal settings. Today, the Dashboard covers more than 20 products and services, including Gmail, Calendar, Docs, Web History, Orkut, YouTube, Picasa, Talk, Reader, Alerts, Latitude and many more. The scale and level of detail of the Dashboard is unprecedented, and we're delighted to be the first Internet company to offer this — and we hope it will become the standard. Watch this quick video to learn more and then try it out for yourself at www.google.com/dashboard.

Nov 3, 2009

New Blogger Template

Well, I went to back up my blogger template the other day and ended up installing one of the default templates instead (stupid blogger interface). Anyway, here it is... I like the two right-side columns more. It isolates the articles on the left and allows for easier reading (not that anyone actually reads this blog).

Oct 29, 2009

Replacing CSPrint

I will have the joy of replacing the aging CSPrint product over the next few months. I need to start tracking down some alternatives. While I am delighted to get rid of the ailing print charge-back software, I am not looking forward to the process. We have numerous printers used by many different departments. Coordinating things will not be easy.

CSPrint, a product of the CBORD Group, Inc., allows charging for printing using the Campus Card System also from CBORD. We have been using it for years but the company will no longer be supporting it (it hasn't been updated in years).

So I am off to search-engine-land to look at my choices. I know of the Papercut software and it looks promising. Hopefully something will be an easy learn fall right into place. If anyone has any suggestions, please let me know.

Gmail Security Tips

Here are some great tips for Gmail account security from the GMail Blog. I think the last one is really important. There have been numerous cases in the media recently about free email accounts being compromised using "security questions". At the very least, make sure you have a reliable backup email account listed for password recovery.

Gmail account security tips: "Posted by Sarah Price, Online Operations Strategist

As part of National Cyber Security Awareness Month, we recently posted about how to pick a smart password. Having a strong password goes a long way in helping to protect your data, but there are a number of additional steps you can take to help you keep your Gmail account secure:

1. Remember to sign out. Especially when using a public computer, be careful to sign out of your Google account when you're finished. Just click the 'Sign out' link at the top right corner of your inbox. If you're using a public or shared computer and want to be extra thorough, you can also clear the browser's cache, cookies and history. Then, completely close the browser. On your personal computer, you can also lock your computer with a password-protected screensaver if you need to step away momentarily. Learn the best ways to lock your screen in Windows or in Mac OS X. Forgot to sign out? Open up a new Gmail session on another computer and use Gmail's remote sign out feature to close any sessions that might still be open elsewhere.

2. Be careful about sending certain sensitive information via email. Once you send an email, you're no longer in control of the information it contains. The recipients, if they so choose, could forward the email or post its contents in a public place. Even if you know and trust the people you're emailing, that information may become exposed if their accounts become compromised or they get a virus on their machines. As a rule of thumb, should you need to provide a credit card number or financial account number to respond to a message, provide it over the phone or in person — not over email. And never share your password with anyone. Google does not email you to ask you for your password, your social security number, or other personal information — so don't send it!

3. Enable 'Always use HTTPS.' Any time you visit a webpage, your computer needs to send and receive information across the Internet. HTTPS is used to encrypt data as it is transmitted between computers on the Internet, so look for the 'https' in the URL bar of your browser to indicate that the connection between your computer and Gmail's servers is encrypted. We use HTTPS on the Gmail login page, and you can choose to protect your entire Gmail session with HTTPS as well. HTTPS can make your mail slower, so we let you make the choice for yourself. Open Settings and choose 'Always use HTTPS' on the General tab if you want to turn it on.

4. Be wary of unexpected attachments.To help protect you from viruses and malware, Gmail automatically scans every attachment when it's delivered to you, and again each time you open a message. Attachments you send are also scanned. That said, no system is foolproof, so if you happen to get an email from a friend with an attachment you didn't expect, don't be afraid to ask the sender what it is before you decide whether to open it.

5. Make sure your account recovery information is up-to-date. Your account recovery information helps you regain access to your account if you ever forget your password, or if someone gains access to your account without your permission. We currently offer several paths to account recovery. Every Gmail user must select a security question and answer — be sure to choose a combination that is easy for you to remember, but hard for others to guess or come across by investigating. Don't choose a question like "What is my favorite color?" as others may easily guess the answer. We also encourage you to provide a secondary email address and/or a mobile phone number, so we can send you a link to reset your password if you lose access to your account.

Oct 22, 2009

The Risks and Rewards of Warmer Data Centers

I've always wondered why it had to be sooo much cooler in there... What's the difference between keeping it at 68 degrees compared to 80? As long as things don't over-heat? I guess the colder it is, the more time you have when things start to fail?

The Risks and Rewards of Warmer Data Centers: "1sockchuck writes 'The risks and rewards of raising the temperature in the data center were debated last week in several new studies based on real-world testing in Silicon Valley facilities. The verdict: companies can indeed save big money on power costs by running warmer. Cisco Systems expects to save $2 million a year by raising the temperature in its San Jose research labs. But nudge the thermostat too high, and the energy savings can evaporate in a flurry of server fan activity. The new studies added some practical guidance on a trend that has become a hot topic as companies focus on rising power bills in the data center.

Sep 21, 2009

GMail Student Migration Glitch

Not good for Google. Even a little bad publicity in this arena is enough to prevent people from going this route.

"Going Google" Exposes Students' Email: "A ReadWriteWeb piece up on the NY Times site explores the recent glitch during the move of a number of colleges onto Google's email service that allowed a number of students to see each others' inboxes for a period of more than three days. Google would not give exact numbers, but the article concludes that about 10 schools were affected. "While the glitch itself was minor and was fixed in a few days, the real concern — at least at Brown — was with how Google handled the situation. Without communicating to the internal IT department, Google shut down the affected accounts, a decision which led to a heated conversation between school officials and the Google account representative. In the end, only 22 out of the 200 students were affected, but the fix was not put into place until Tuesday. ... The students had access to each other's email accounts for three solid days... before the accounts were suspended by Google. Oddly enough, this situation seems to be acceptable [to Brown's IT manager, who] 'praised Google for its prompt response.' (We don't know about you, but if someone else could read our email for three days, we wouldn't exactly call that 'prompt.')"

Pseudo Eagle Eye Project over at MIT

This reminds me a lot of the movie "Eagle Eye" in which a government computer does pretty much the same thing to determine who would be likely to be coerced into doing evil things to "Save the Country". Interesting to say the least. I hope I can make time to read the article.

MIT Project "Gaydar" Shakes Privacy Assumptions: "theodp writes "At MIT, an experiment that identifies which students are gay is raising new questions about online privacy. Using data from Facebook, two students in an MIT class on ethics and law on the electronic frontier made a striking discovery: just by looking at a person's online friends, they could predict whether the person was gay. The project, given the name 'Gaydar' by the students, is part of the fast-moving field of social network analysis, which examines what the connections between people can tell us, from predicting who might be a terrorist to the likelihood a person is happy, fat, liberal, or conservative." MIT professor Hal Abelson, who co-taught the course, is quoted: "That pulls the rug out from a whole policy and technology perspective that the point is to give you control over your information — because you don't have control over your information."

Sep 19, 2009

Sysinternals Updates

The well know Sysinternals Tools have been updated and SANS has a great link to all the good stuff.

Sep 11, 2009

Oracle To Increase Investment In SPARC and Solaris

Oracle To Increase Investment In SPARC and Solaris: "An anonymous reader writes 'The Slashdot community has recently questioned what Oracle will do with Sun hardware if and when Oracle's acquisition of Sun closes. And it seems that speculation about the future of SPARC hardware has been common among Slashdot commenters for years. That said, it seems newsworthy that Oracle is going out of their way with some aggressive marketing directed at IBM to state clearly their plans to put more money than Sun does now into SPARC and Solaris.' MySQL is not mentioned in this ad, perhaps because (as Matt Asay speculates) the EU is looking closely into that aspect of the proposed acquisition."

Sep 9, 2009

Basic Raid Level Information

I found this information helpful so, as usual, I copied it somewhere I can find it quickly. There is always the Wikipedia RAID page as well.

In the IT world, hardware failure is not about if it will happen, but when it will happen. If you run a server that has any sort of important data on it, protection of that data is very important. Many people chose to implement a redundant RAID (redundant array of independent disks) array to help deal with the risk of having a hardware failure. There are several types of RAID that are appropriate for servers, and there are several ways they can be effectively implemented.

IBM patented the idea of RAID in 1978. It was not until 1988 that the RAID levels that we have come to know were defined. This development was done at University of California in Berkeley. Now days RAID is used in many servers throughout the world and even in desktop machines.

RAID 1
The use of a mirroring RAID array, or RAID 1 is useful in server situations. It creates an exact copy of the original drive. If either of the drives fail, the system can continue operations without any downtime. Then the new hard drive can be put into the system and it can rebuild the array.

This system is considered a little less desirable than a RAID 5 setup for most situations of day-to-day operation. However, it has several applications where the use of RAID 1 can be beneficial. One advantage is that it has a faster seek time than RAID 5, which makes it beneficial for data that, will not be written to often. The main advantage is that some 1U servers do not have room for a 3 drive array, so implementing RAID 1 is often considered better for reliability than no RAID at all. However, the most useful way that I have seen RAID 1 used in the real world is as backups. With a hot-swappable setup, the mirror disk can be removed and kept as backup much the same way as a tape backup can be stored. This proves to be very useful for mission critical systems since it allows for a system to be brought back online after a data failure, or the system to be brought up on separate hardware after a catastrophic hardware failure.

RAID 5
Probably the most common disk array used in enterprise computing is a RAID 5 array. This is because it maximizes disk usage, reliability, and speed of access. To get an idea of how it works, there are usually 3 drives in an array that each have their data divided between two other drives.

On mission critical servers, RAID 5 is often used with a cache that has an attached battery backup. This ensures that in a power failure, no transactions are lost from the server. Often times database servers with high amounts of transactions will have a battery unit since the RAID card would cache transactions before waiting, a power failure could result in an inconsistent database or critical data loss.

RAID 10
This type of RAID array requires 4 or more drives. At the top level is a RAID 0 array which combines lower level RAID 1 arrays. This type of RAID array has a benefit over RAID 5 in that it has faster write times. This often makes it a little bit better of a choice than RAID 5 for database servers.

Space Calculations
To calculate RAID 1 you simply divide the total drive space by 2. For RAID 5 you multiply the total space of the drives by the number of drives over 1 to get total usable space. Then for RAID 10 you add up each RAID 1 array.

RAID1
2 80 GB Drives
80/2=80

RAID5
3 80 GB Drives
240*(2/3)=160

5 80 GB Drives
400*(4/5)=320

RAID10
4 80GB Drives
2 RAID 1 Arrays = 160GB usable

Hardware RAID

The use of hardware RAID arrays no longer makes as much sense as it once did. There are still reasons to use a hardware RAID over a software RAID. The first reason to use hardware RAID is that it usually has a cache, which speeds up the operation of the array dramatically. The second advantage is that it will not cut into system resources as much as software RAID. The biggest advantage is in the possibility of having a battery backed up cache. This will help prevent corruption from an unexpected power issue or a system crash.

Software RAID
Although historically all RAID arrays were completely hardware based, there is a growing popularity of software RAID. One of the reasons for this is that CPU speeds are now fast enough that the processing time involved managing the RAID array is really minimal compared to the overall processor.

One of the major advantages of software RAID is that it can be setup on commodity hardware so the physical disks can easily be moved to another server in the event of a hardware failure that does not involve the disks. The biggest disadvantage is that software raid has no cache so the limit to the speed data can flow from the Operating System is the limit of the drives.

Notifications
Lets assume you have a working RAID setup now. Now if a drive fails the system continues like nothing ever happened. The problem is, without notification of a drive failure, there is no reason to have raid. So make sure you setup a system to notify you whenever a drive fails. It may notify you by email, page you, or on some control panel. The important thing is that you know before two drives fail and render the array useless.

Conclusion
Hopefully you will be able to make some important purchasing decisions for you next server after reading this article. There are a lot of things to consider when planning data availability so make sure you spend enough time to get everything right. Remember that no single RAID setup is best for all applications.

by Tyler Weaver

Sep 8, 2009

Remote B.S.O.D. Returns in Windows 7

It really makes you wonder if they test anything at all. Apparently the days of remote BSOD have returned in Windows 7 are back.

Sep 4, 2009

Educause Announces Plans To Sign .edu TLD With DNSSEC

Educause Announces Plans To Sign .edu TLD With DNSSEC: "jhutkd writes 'Educause (who run the .edu gTLD) announced today that they will deploy DNSSEC and sign the .edu zone by the end of March 2010. This will enable all educational institutions to benefit from deploying DNSSEC via the secure delegation hierarchy starting with IANA's ITAR (a temporary surrogate for the root zone signing), going through .edu, down to schools, and potentially leading all the way down to individual departments. Unlike larger gTLDs like .org, the churn of adding new and deleting old zones in .edu is much lower (due to the fact that there are tight controls on who may register for a delegation). Thus, many of the hassles of adding new DS records and maintenance procedures might be more manageable and help speed DNSSEC's rollout in this branch of the DNS hierarchy.'

Sep 2, 2009

Flowcharts for Computer Troubleshooting

I've always wanted to make something like this but never had the time (from Lifehacker)

We recently showed you a fun (but accurate) tech support cheat sheet courtesy of popular web comic xkcd. If hardware is more your problem, this series of (non-comic) interactive charts can help you troubleshoot some common hardware problems.

The flowcharts are the creation of author Morris Rosenthal. Morris has created detailed, interactive charts for everything from hard drive failure to CD and DVD troubleshooting to modem failure.

I'm by no means the resident hardware expert at Lifehacker HQ, but the charts offer an easy way to diagnose and resolve some basic problems for anyone from beginners to the more hardware-savvy folks out there.

Hit up the link to see all eight diagnostic charts in action.

Google Apps News

Nice, I've been looking forward to trying out Wave.

Google to let Apps users try out Wave: "Google plans to let Apps users test its Wave collaboration and communication tool, which is still in development.

Sep 1, 2009

Google Mail Fail

Whoops, I thought I heard something crash.

Google Mail: "

 September 1, 2009 2:37:00 PM PDT

The problem with Google Mail should be resolved. We apologize for the inconvenience and thank you for your patience and continued support.

 September 1, 2009 2:13:00 PM PDT

We are continuing to investigate this issue. We will provide an update by September 1, 2009 3:13:00 PM PDT detailing when we expect to resolve the problem.

Users can access their email via IMAP or POP. You can find instructions for how to do this here.

Also, at this time, Google Apps Sync for Microsoft Outlook (applies only to Google Apps Premier and Edu customers) is not available.

 September 1, 2009 1:02:00 PM PDT

We are continuing to investigate this issue. We will provide an update by September 1, 2009 2:16:00 PM PDT detailing when we expect to resolve the problem.

Users can access their email via IMAP or POP. You can find instructions for how to do this here.

 September 1, 2009 12:53:00 PM PDT

We're aware of a problem with Google Mail affecting a majority of users. The affected users are unable to access Google Mail. We will provide an update by September 1, 2009 1:53:00 PM PDT detailing when we expect to resolve the problem. Please note that this resolution time is an estimate and may change.

"

Aug 29, 2009

WinToFlash Turns Your Windows Installation DVD into a USB-based Installer [Downloads]

WinToFlash Turns Your Windows Installation DVD into a USB-based Installer [Downloads]


Windows: Want to turn your Windows installation DVD into an installation flash drive? WinToFlash can do that and more.

WinToFlash can transfer Windows XP, Vista, and 7 onto a flash drive as well as Server 2003 and 2008. WinToFlash can also transfer Windows Preinstallation Environments to flash drive.

The process is simple and mostly obvious. You tell WinToFlash where the installation files you want to transfer are located and either let the transfer wizard take care of things, or specify settings like what kind of format the flash drive will undergo. In our test using a USB 2.0 generic flash drive it took about 12 minutes to turn a Windows 7 installation DVD into a USB-based installer.

WinToFlash is freeware, Windows only.

Aug 27, 2009

Windows Server 2008 R2 Only Supports 64bit

Looks like Microsoft has stepped into the 21st century. The latest version of Windows Sever 2008 R2 is set to only support 64bit architecture.

I just wonder how long they are going to support the original version of Server 2008 that will also run on the 32bit processors in shops that can't afford (or just don't want to do) the upgrade.

Aug 24, 2009

Tech Support Cheat Sheet

I think the big problem is the box about "Google". Most people are so intimidated by "Googling something" that they refuse and would rather have their hand held. The rest have no idea how to read the results of a Google search. Let's face it, there is an art to "Googling" something and the even more difficult part of reading the results.

Tech Support Cheat Sheet

Aug 20, 2009

Vulnerability in Pidgin, patch!, (Thu, Aug 20th)

I've recently moved back to iChat but I'll certainly be patching, just in case.

Vulnerability in Pidgin, patch!, (Thu, Aug 20th): "Time for your daily patch.
CORE security technologies published a vulnerability in libpurple ...(more)..."

Aug 19, 2009

Five favorite Entourage tips

I found #4 particularly helpful. I've always wondered how to work with the database for Entourage.

Five favorite Entourage tipsReady to stop doing things the slow way in Microsoft Entourage? Joe Kissell shows his five favorite ways to boost your productivity in this popular e-mail program.

Jul 28, 2009

NoScript to the Rescue, Again

Slashdot is running a scary but true story, 92% of Windows PCs Vulnerable To Zero-Day Attacks On Flash. Now is the time for NoScript to come to the aid of just about everyone.

Jul 13, 2009

Infocon Yellow... script not working!

SANS has updated Infocon to Yellow and it looks like my script is busted. What a great time to test things.

Jul 7, 2009

Google Searching for Files

I keep reverting back to this Lifehacker post so it must be of some worth to post here.

-inurl:(htm|html|php) intitle:"index of" +"last modified" +"parent directory" +description +size +(wma|mp3) "Nirvana"

ActiveX Zero Day

Looks like another ActiveX Zero Day exploit is out. I always thought that these were supposed to be the end of the Internet as we know it. They have always shown to be less than substantial. I guess that's a good thing.

May 28, 2009

May 25, 2009

Facial Recognition

Slashdot has a story about a facial recognition installation in Turkey. This is pretty scary stuff if you ask me. Sure, it's halfway around the world but once this kind of thing is tested and trusted it's only a matter of time before we are living in a Tom Cruise movie.

May 1, 2009

Laptop Advice

Great advice from the people over at SANS.
"If you had a wad of money sitting out in a public place, would you turn
your back on it - even for just a minute? Would you put it in checked
luggage? Leave it on the backseat of your car? Of course not. Keep a
careful eye on your laptop just as you would a pile of cash."

Apr 13, 2009

Another Conficker Victim

Looks like the University of Utah was hit by the Conficker Worm. According to the Salt Lake Tribune there was minimal damage and no loss of data but the network was definitely affected.

Mar 30, 2009

April Fools!

Well, what do you think of the whole Conficker fiasco? I think if it raises security awareness then if has to be a good thing. I know my systems are all patched. Hopefully anyone who isn't will be made an April Fool!

Feb 13, 2009

Command Line Fu

Here is a nice place to find that elusive one-liner you've been searching for.

Command-line Fu.com

Feb 4, 2009

Google Latitudes

Google has released Latitudes today. It allows you to track just about any modern mobile phone via GPS (sorry iPhoners, not yet). I don't know whether to be excited or scared. I guess it's just making something we all knew was possible more easily accessible.

Firefox 3.0.6 Released

Firefox has been updated to 3.0.6. I should have known. I just finished imaging all the labs. Make sure to hit help->check for updates today.

Feb 3, 2009

Email is the new FTP

This morning I was informed by a co-worker that a professor on campus attempted to send him a 3.5GB file via email. Not only was he surprised that it did not work, he was mad and thought there must be something wrong on my co-workers end because he had done everything correctly.

Now this makes me wonder what most people think when it comes to file size (if at all). Since I have been around computers for a while I understand the significance of size when talking about files and what you can do with them. I suspect to most people nowadays, this does not matter at all.

Most people who have been introduced to computers in the past couple years have not had to deal with size as an issue (at least not with files). Applications can handle huge files much more easily than in the past. Computing power has become so limitless that the average end user has a super computer on their desktop with multiple cores/processors to do their work. Bandwidth issues have become a thing of the past. Disk storage is so cheap that people have terabyte raids at their disposal for just a few hundred dollars. USB drives, the floppy disks of old, are so large now that more than files can be stored on them. Multiple operating systems can be installed to them as they are carried around as portable workstations.

With instant messaging and texting becoming the usual forms of communications, email has become the File Transfer Protocol (FTP) of the past. Huge amounts of online storage are available to most free email accounts. People use them for storage rather than email. Why am I surprised when people get angry because they can't email a file? A file is just a file after all.

Jan 16, 2009

Recovering a Dying Hard Drive

Seems like a I get these questions a lot lately. Anyway, here is a good link to remember.

SANS' nice bit on how to recover a dying drive.

Jan 6, 2009

Free Windows Downloads

Lifehacker has a great link to a blog with a the Ultimate List of Free Windows Downloads. There are some great tools listed. Anything from security and troubleshooting tools, to office and multimedia tools. Even a large assortment of screensavers and themes.