Results of Investigation into Holiday IIS Claim:
Dec 30, 2009
Microsoft Response to Holiday IIS Zero Day
Results of Investigation into Holiday IIS Claim:
Dec 29, 2009
Possible IIS 6 0-day
Microsoft responds to possible IIS 6 0-day, (Tue, Dec 29th): "Following up to recent diaries 7816 and 7810 and numerous other sources regarding a possible IIS&nbs ...(more)..."
Dec 15, 2009
Adobe Warns of Reader, Acrobat Attack
Read more of this story at Slashdot.
Windows Share Refresher
Here is a nice refresher on best practices for Windows Share rights assignments. Believe it or not it's really pretty simple. I think the key is to remember that it's the sum of both the security (NTFS) rights and the share rights that matters. I had an issue with RDP rights vs. share rights that I had to iron out and this answered the question.
Just make sure to tighten up the inherited rights if you use his suggestion on giving Authenticated Users full access to the Share.
Dec 11, 2009
Launching a Virtualbox Guest from OS X as an App
Anyway, I quickly tired of opening the Virtualbox Application just to launch the machine I needed (it's nearly always the same one even though I have many). So, I poked around in Google and found this great bit of instruction from Mark Bockenstedt.
Basically, you just have to create a script in Script Editor and save it as an Application. Then change the icon (if you want) and drag it to the dock. Here is all the code for the script.
do shell script "vboxmanage startvm Ubuntu"
Very simple, very easy.
Nov 19, 2009
Microsoft Security Advisory (977544): Vulnerabilities in SMB Could Allow Denial of Service
Microsoft Security Advisory (977544): Vulnerabilities in SMB Could Allow Denial of Service: "Revision Note: V1.0 (November 13, 2009): Advisory published.Summary: Microsoft is investigating new public reports of a possible denial of service vulnerability in the Server Message Block (SMB) protocol. This vulnerability cannot be used to take control of or install malicious software on a user’s system. However, Microsoft is aware that detailed exploit code has been published for the vulnerability. Microsoft is not currently aware of active attacks that use this exploit code or of customer impact at this time. Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary."
Nov 13, 2009
Google Autocomplete
Nov 12, 2009
Microsoft Steady State
Online Charts and Diagrams
It's a very useful tool for those of us who rarely dabble in the art of network diagrams and flowcharts but sometimes need a graphic to support an idea to upper management. Let's face it, Visio just isn't worth it and there are few substitutes. This is a great one.
Nov 10, 2009
Microsoft Security Tools
Nov 8, 2009
Malware Can Download Child Porn To Your Computer
Malware Can Download Child Porn To Your Computer: "2muchcoffeeman writes "The Associated Press tells the story of Michael Fiola, a former Massachusetts government employee who was arrested in 2007 after child porn was found on his state-issued laptop computer. He was eventually cleared of all charges after some digging by the defense found that the laptop was infected with malware that was 'programmed to visit as many as 40 child porn sites per minute — an inhuman feat. While Fiola and his wife were out to dinner one night, someone logged on to the computer and porn flowed in for an hour and a half. Prosecutors performed another test and confirmed the defense findings. The charge was dropped — 11 months after it was filed.' The article also discusses the technical aspects of how it could happen and about similar cases in the United Kingdom in 2003."
Read more of this story at Slashdot.
Nov 6, 2009
Home Wiring HowTo
You've ripped a movie on your laptop, and now want it on that fancy new home theater PC next to your TV. If you've got the time, wiring your house with Cat-5e cable could make transfer times a distant memory.
Instrucables user Rogue Agent gets into the nuts, bolts, studs, and boxes needed to wire a house with omni-present cable in a fairly professional manner. The tutorial is based on setting up an actual cable switching box on a server-type rack. For those who just need to run cable from one room to another, the tips on finding, mounting, and securing cable through the walls, without your home looking like the scene of a sledgehammer party, are just as helpful.
Have you taken the dive into home cable networking? What guides, tutorials, or tips do you wish you'd known from the start? Tell us, and share the links, in the comments.
Nov 5, 2009
Google Dashboard - For all your Google Settings
Transparency, choice and control - now complete with a Dashboard!: "Posted by Alma Whitten, Software Engineer, Yariv Adan, Product Manager, and Marissa Mayer, VP of Search Products and User Experience
(Cross-posted from the Official Google Blog.)
Over the past 11 years, Google has focused on building innovative products for our users. Today, with hundreds of millions of people using those products around the world, we are very aware of the trust that you have placed in us, and our responsibility to protect your privacy and data. In the past, we've taken numerous steps in this area, investing in educating our users with our Privacy Center, making it easier to move data in and out of Google with our Data Liberation Front, and allowing you to control the ads you see with interest-based advertising. Transparency, choice and control have become a key part of Google's philosophy, and today, we're happy to announce that we're doing even more.
In an effort to provide you with greater transparency and control over their own data, we've built the Google Dashboard. Designed to be simple and useful, the Dashboard summarizes data for each product that you use (when signed in to your account) and provides you direct links to control your personal settings. Today, the Dashboard covers more than 20 products and services, including Gmail, Calendar, Docs, Web History, Orkut, YouTube, Picasa, Talk, Reader, Alerts, Latitude and many more. The scale and level of detail of the Dashboard is unprecedented, and we're delighted to be the first Internet company to offer this — and we hope it will become the standard. Watch this quick video to learn more and then try it out for yourself at www.google.com/dashboard.
Nov 3, 2009
New Blogger Template
Oct 29, 2009
Replacing CSPrint
CSPrint, a product of the CBORD Group, Inc., allows charging for printing using the Campus Card System also from CBORD. We have been using it for years but the company will no longer be supporting it (it hasn't been updated in years).
So I am off to search-engine-land to look at my choices. I know of the Papercut software and it looks promising. Hopefully something will be an easy learn fall right into place. If anyone has any suggestions, please let me know.
Gmail Security Tips
Gmail account security tips: "Posted by Sarah Price, Online Operations Strategist
As part of National Cyber Security Awareness Month, we recently posted about how to pick a smart password. Having a strong password goes a long way in helping to protect your data, but there are a number of additional steps you can take to help you keep your Gmail account secure:
1. Remember to sign out. Especially when using a public computer, be careful to sign out of your Google account when you're finished. Just click the 'Sign out' link at the top right corner of your inbox. If you're using a public or shared computer and want to be extra thorough, you can also clear the browser's cache, cookies and history. Then, completely close the browser. On your personal computer, you can also lock your computer with a password-protected screensaver if you need to step away momentarily. Learn the best ways to lock your screen in Windows or in Mac OS X. Forgot to sign out? Open up a new Gmail session on another computer and use Gmail's remote sign out feature to close any sessions that might still be open elsewhere.
2. Be careful about sending certain sensitive information via email. Once you send an email, you're no longer in control of the information it contains. The recipients, if they so choose, could forward the email or post its contents in a public place. Even if you know and trust the people you're emailing, that information may become exposed if their accounts become compromised or they get a virus on their machines. As a rule of thumb, should you need to provide a credit card number or financial account number to respond to a message, provide it over the phone or in person — not over email. And never share your password with anyone. Google does not email you to ask you for your password, your social security number, or other personal information — so don't send it!
3. Enable 'Always use HTTPS.' Any time you visit a webpage, your computer needs to send and receive information across the Internet. HTTPS is used to encrypt data as it is transmitted between computers on the Internet, so look for the 'https' in the URL bar of your browser to indicate that the connection between your computer and Gmail's servers is encrypted. We use HTTPS on the Gmail login page, and you can choose to protect your entire Gmail session with HTTPS as well. HTTPS can make your mail slower, so we let you make the choice for yourself. Open Settings and choose 'Always use HTTPS' on the General tab if you want to turn it on.
4. Be wary of unexpected attachments.To help protect you from viruses and malware, Gmail automatically scans every attachment when it's delivered to you, and again each time you open a message. Attachments you send are also scanned. That said, no system is foolproof, so if you happen to get an email from a friend with an attachment you didn't expect, don't be afraid to ask the sender what it is before you decide whether to open it.
5. Make sure your account recovery information is up-to-date. Your account recovery information helps you regain access to your account if you ever forget your password, or if someone gains access to your account without your permission. We currently offer several paths to account recovery. Every Gmail user must select a security question and answer — be sure to choose a combination that is easy for you to remember, but hard for others to guess or come across by investigating. Don't choose a question like "What is my favorite color?" as others may easily guess the answer. We also encourage you to provide a secondary email address and/or a mobile phone number, so we can send you a link to reset your password if you lose access to your account.
Oct 22, 2009
The Risks and Rewards of Warmer Data Centers
The Risks and Rewards of Warmer Data Centers: "1sockchuck writes 'The risks and rewards of raising the temperature in the data center were debated last week in several new studies based on real-world testing in Silicon Valley facilities. The verdict: companies can indeed save big money on power costs by running warmer. Cisco Systems expects to save $2 million a year by raising the temperature in its San Jose research labs. But nudge the thermostat too high, and the energy savings can evaporate in a flurry of server fan activity. The new studies added some practical guidance on a trend that has become a hot topic as companies focus on rising power bills in the data center.
Sep 21, 2009
GMail Student Migration Glitch
"Going Google" Exposes Students' Email: "A ReadWriteWeb piece up on the NY Times site explores the recent glitch during the move of a number of colleges onto Google's email service that allowed a number of students to see each others' inboxes for a period of more than three days. Google would not give exact numbers, but the article concludes that about 10 schools were affected. "While the glitch itself was minor and was fixed in a few days, the real concern — at least at Brown — was with how Google handled the situation. Without communicating to the internal IT department, Google shut down the affected accounts, a decision which led to a heated conversation between school officials and the Google account representative. In the end, only 22 out of the 200 students were affected, but the fix was not put into place until Tuesday. ... The students had access to each other's email accounts for three solid days... before the accounts were suspended by Google. Oddly enough, this situation seems to be acceptable [to Brown's IT manager, who] 'praised Google for its prompt response.' (We don't know about you, but if someone else could read our email for three days, we wouldn't exactly call that 'prompt.')"
Pseudo Eagle Eye Project over at MIT
MIT Project "Gaydar" Shakes Privacy Assumptions: "theodp writes "At MIT, an experiment that identifies which students are gay is raising new questions about online privacy. Using data from Facebook, two students in an MIT class on ethics and law on the electronic frontier made a striking discovery: just by looking at a person's online friends, they could predict whether the person was gay. The project, given the name 'Gaydar' by the students, is part of the fast-moving field of social network analysis, which examines what the connections between people can tell us, from predicting who might be a terrorist to the likelihood a person is happy, fat, liberal, or conservative." MIT professor Hal Abelson, who co-taught the course, is quoted: "That pulls the rug out from a whole policy and technology perspective that the point is to give you control over your information — because you don't have control over your information."
Sep 19, 2009
Sysinternals Updates
Sep 11, 2009
Oracle To Increase Investment In SPARC and Solaris
Sep 9, 2009
Basic Raid Level Information
In the IT world, hardware failure is not about if it will happen, but when it will happen. If you run a server that has any sort of important data on it, protection of that data is very important. Many people chose to implement a redundant RAID (redundant array of independent disks) array to help deal with the risk of having a hardware failure. There are several types of RAID that are appropriate for servers, and there are several ways they can be effectively implemented.
IBM patented the idea of RAID in 1978. It was not until 1988 that the RAID levels that we have come to know were defined. This development was done at University of California in Berkeley. Now days RAID is used in many servers throughout the world and even in desktop machines.
RAID 1
The use of a mirroring RAID array, or RAID 1 is useful in server situations. It creates an exact copy of the original drive. If either of the drives fail, the system can continue operations without any downtime. Then the new hard drive can be put into the system and it can rebuild the array.
This system is considered a little less desirable than a RAID 5 setup for most situations of day-to-day operation. However, it has several applications where the use of RAID 1 can be beneficial. One advantage is that it has a faster seek time than RAID 5, which makes it beneficial for data that, will not be written to often. The main advantage is that some 1U servers do not have room for a 3 drive array, so implementing RAID 1 is often considered better for reliability than no RAID at all. However, the most useful way that I have seen RAID 1 used in the real world is as backups. With a hot-swappable setup, the mirror disk can be removed and kept as backup much the same way as a tape backup can be stored. This proves to be very useful for mission critical systems since it allows for a system to be brought back online after a data failure, or the system to be brought up on separate hardware after a catastrophic hardware failure.
RAID 5
Probably the most common disk array used in enterprise computing is a RAID 5 array. This is because it maximizes disk usage, reliability, and speed of access. To get an idea of how it works, there are usually 3 drives in an array that each have their data divided between two other drives.
On mission critical servers, RAID 5 is often used with a cache that has an attached battery backup. This ensures that in a power failure, no transactions are lost from the server. Often times database servers with high amounts of transactions will have a battery unit since the RAID card would cache transactions before waiting, a power failure could result in an inconsistent database or critical data loss.
RAID 10
This type of RAID array requires 4 or more drives. At the top level is a RAID 0 array which combines lower level RAID 1 arrays. This type of RAID array has a benefit over RAID 5 in that it has faster write times. This often makes it a little bit better of a choice than RAID 5 for database servers.
Space Calculations
To calculate RAID 1 you simply divide the total drive space by 2. For RAID 5 you multiply the total space of the drives by the number of drives over 1 to get total usable space. Then for RAID 10 you add up each RAID 1 array.
RAID1
2 80 GB Drives
80/2=80
RAID5
3 80 GB Drives
240*(2/3)=160
5 80 GB Drives
400*(4/5)=320
RAID10
4 80GB Drives
2 RAID 1 Arrays = 160GB usable
Hardware RAID
The use of hardware RAID arrays no longer makes as much sense as it once did. There are still reasons to use a hardware RAID over a software RAID. The first reason to use hardware RAID is that it usually has a cache, which speeds up the operation of the array dramatically. The second advantage is that it will not cut into system resources as much as software RAID. The biggest advantage is in the possibility of having a battery backed up cache. This will help prevent corruption from an unexpected power issue or a system crash.
Software RAID
Although historically all RAID arrays were completely hardware based, there is a growing popularity of software RAID. One of the reasons for this is that CPU speeds are now fast enough that the processing time involved managing the RAID array is really minimal compared to the overall processor.
One of the major advantages of software RAID is that it can be setup on commodity hardware so the physical disks can easily be moved to another server in the event of a hardware failure that does not involve the disks. The biggest disadvantage is that software raid has no cache so the limit to the speed data can flow from the Operating System is the limit of the drives.
Notifications
Lets assume you have a working RAID setup now. Now if a drive fails the system continues like nothing ever happened. The problem is, without notification of a drive failure, there is no reason to have raid. So make sure you setup a system to notify you whenever a drive fails. It may notify you by email, page you, or on some control panel. The important thing is that you know before two drives fail and render the array useless.
Conclusion
Hopefully you will be able to make some important purchasing decisions for you next server after reading this article. There are a lot of things to consider when planning data availability so make sure you spend enough time to get everything right. Remember that no single RAID setup is best for all applications.
by Tyler Weaver
Sep 8, 2009
Remote B.S.O.D. Returns in Windows 7
Sep 4, 2009
Educause Announces Plans To Sign .edu TLD With DNSSEC
Sep 2, 2009
Flowcharts for Computer Troubleshooting
We recently showed you a fun (but accurate) tech support cheat sheet courtesy of popular web comic xkcd. If hardware is more your problem, this series of (non-comic) interactive charts can help you troubleshoot some common hardware problems.
The flowcharts are the creation of author Morris Rosenthal. Morris has created detailed, interactive charts for everything from hard drive failure to CD and DVD troubleshooting to modem failure.
I'm by no means the resident hardware expert at Lifehacker HQ, but the charts offer an easy way to diagnose and resolve some basic problems for anyone from beginners to the more hardware-savvy folks out there.
Hit up the link to see all eight diagnostic charts in action.
Google Apps News
Google to let Apps users try out Wave: "Google plans to let Apps users test its Wave collaboration and communication tool, which is still in development.
Sep 1, 2009
Google Mail Fail
Google Mail: "
September 1, 2009 2:37:00 PM PDT
The problem with Google Mail should be resolved. We apologize for the inconvenience and thank you for your patience and continued support.
September 1, 2009 2:13:00 PM PDT
We are continuing to investigate this issue. We will provide an update by September 1, 2009 3:13:00 PM PDT detailing when we expect to resolve the problem.
Users can access their email via IMAP or POP. You can find instructions for how to do this here.
Also, at this time, Google Apps Sync for Microsoft Outlook (applies only to Google Apps Premier and Edu customers) is not available.
September 1, 2009 1:02:00 PM PDT
We are continuing to investigate this issue. We will provide an update by September 1, 2009 2:16:00 PM PDT detailing when we expect to resolve the problem.
Users can access their email via IMAP or POP. You can find instructions for how to do this here.
September 1, 2009 12:53:00 PM PDT
We're aware of a problem with Google Mail affecting a majority of users. The affected users are unable to access Google Mail. We will provide an update by September 1, 2009 1:53:00 PM PDT detailing when we expect to resolve the problem. Please note that this resolution time is an estimate and may change.
"Aug 29, 2009
WinToFlash Turns Your Windows Installation DVD into a USB-based Installer [Downloads]
Windows: Want to turn your Windows installation DVD into an installation flash drive? WinToFlash can do that and more.
WinToFlash can transfer Windows XP, Vista, and 7 onto a flash drive as well as Server 2003 and 2008. WinToFlash can also transfer Windows Preinstallation Environments to flash drive.
The process is simple and mostly obvious. You tell WinToFlash where the installation files you want to transfer are located and either let the transfer wizard take care of things, or specify settings like what kind of format the flash drive will undergo. In our test using a USB 2.0 generic flash drive it took about 12 minutes to turn a Windows 7 installation DVD into a USB-based installer.
WinToFlash is freeware, Windows only.
Aug 27, 2009
Windows Server 2008 R2 Only Supports 64bit
I just wonder how long they are going to support the original version of Server 2008 that will also run on the 32bit processors in shops that can't afford (or just don't want to do) the upgrade.
Aug 24, 2009
Tech Support Cheat Sheet
Tech Support Cheat Sheet
Aug 20, 2009
Vulnerability in Pidgin, patch!, (Thu, Aug 20th)
Vulnerability in Pidgin, patch!, (Thu, Aug 20th): "Time for your daily patch.
CORE security technologies published a vulnerability in libpurple ...(more)..."
Aug 19, 2009
Five favorite Entourage tips
Five favorite Entourage tipsReady to stop doing things the slow way in Microsoft Entourage? Joe Kissell shows his five favorite ways to boost your productivity in this popular e-mail program.
Jul 28, 2009
NoScript to the Rescue, Again
Jul 13, 2009
Infocon Yellow... script not working!
Jul 7, 2009
Google Searching for Files
-inurl:(htm|html|php) intitle:"index of" +"last modified" +"parent directory" +description +size +(wma|mp3) "Nirvana"
ActiveX Zero Day
May 28, 2009
Helpdesk Software Directory
I recently found the link from the Wikipedia Helpdesk page.
May 25, 2009
Facial Recognition
May 1, 2009
Laptop Advice
"If you had a wad of money sitting out in a public place, would you turn
your back on it - even for just a minute? Would you put it in checked
luggage? Leave it on the backseat of your car? Of course not. Keep a
careful eye on your laptop just as you would a pile of cash."
Apr 13, 2009
Another Conficker Victim
Mar 30, 2009
April Fools!
Feb 13, 2009
Feb 4, 2009
Google Latitudes
Firefox 3.0.6 Released
Feb 3, 2009
Email is the new FTP
Now this makes me wonder what most people think when it comes to file size (if at all). Since I have been around computers for a while I understand the significance of size when talking about files and what you can do with them. I suspect to most people nowadays, this does not matter at all.
Most people who have been introduced to computers in the past couple years have not had to deal with size as an issue (at least not with files). Applications can handle huge files much more easily than in the past. Computing power has become so limitless that the average end user has a super computer on their desktop with multiple cores/processors to do their work. Bandwidth issues have become a thing of the past. Disk storage is so cheap that people have terabyte raids at their disposal for just a few hundred dollars. USB drives, the floppy disks of old, are so large now that more than files can be stored on them. Multiple operating systems can be installed to them as they are carried around as portable workstations.
With instant messaging and texting becoming the usual forms of communications, email has become the File Transfer Protocol (FTP) of the past. Huge amounts of online storage are available to most free email accounts. People use them for storage rather than email. Why am I surprised when people get angry because they can't email a file? A file is just a file after all.
Jan 16, 2009
Recovering a Dying Hard Drive
SANS' nice bit on how to recover a dying drive.