Saturday, December 31, 2005

Lavalys - Comprehensive IT Security and Management

What a bummer they quit Everest home version! :(

Blogger: Browser Cookies Disabled

Blogger: Browser Cookies Disabled
Why do I get this error when I try to log into blogspot.com but can get in if I use the Blogger button on the Google toolbar?

ANY ATTEMPT TO DISPLAY A MALICIOUS IMAGE IN WINDOWS

Security Now! Notes for Episode #20: "regsvr32 -u shimgvw.dll" This is from Steve Gibson from www.GRC.com
This fix is temporary, until Microsoft comes out with a patch Steve has an undo for it if it breaks anything.
To immediately disable the vulnerable Windows component:

Logon as a user with full administrative rights.

Click the Windows "Start" button and select "Run..."

Enter the following string into the "Open" field:



regsvr32 -u shimgvw.dll

(You can copy/paste from this page using Ctrl-C/Ctrl-V)

Click "OK" to unregister the vulnerable DLL.

If all goes well, you will receive a confirmation prompt, and your system is now safe. No need to reboot, but you might want to just to be sure that any possible currently loaded instance is flushed out.

Friday, December 30, 2005

'Intel Inside' sent to the place where brands go to die

So how does "Leap Ahead" grab you?

I knew that it would, lol.

As an AMD only household here I won't have to change my case badges ;-)

Wednesday, December 28, 2005

Windows zero day nightmare exploited

Image handling flaws can infect Windows machines, including XP SP2, when visiting maliciously constructed web sites. This does not just affect Internet Explorer users. Firefox users are apparently vulnerable as well.

More information is available at F-Secure here. This one will garner a LOT of attention in nearly every corner of the web.

Watch Microsoft closely for a patch.

Jack

Tuesday, December 27, 2005

Schneier on Security: Internet Explorer Sucks

"This study is from August, but I missed it. The researchers tracked three browsers (MSIE, Firefox, Opera) in 2004 and counted which days they were 'known unsafe.' Their definition of 'known unsafe': a remotely exploitable security vulnerability had been publicly announced and no patch was yet available.

MSIE was 98% unsafe. There were only 7 days in 2004 without an unpatched publicly disclosed security hole.

Firefox was 15% unsafe. There were 56 days with an unpatched publicly disclosed security hole. 30 of those days were a Mac hole that only affected Mac users. Windows Firefox was 7% unsafe."
Mr. Schneier continues....
"This underestimates the risk, because it doesn't count vulnerabilities known to the bad guys but not publicly disclosed (and it's foolish to think that such things don't exist). So the "98% unsafe" figure for MSIE is generous, and the situation might be even worse.

Wow."

Why is ANYbody using IE still? Get Firefox!

--MissM

Monday, December 26, 2005

Open Source and Your Legal Rights

A court fight in Florida over the software used in the instruments that detect alcohol in breath could threaten the ability of states and localities to prosecute drunk drivers.

The battle is over the source code of breath analyzers made by CMI Group, a closely held maker of breath-alcohol instruments. Defense lawyers have challenged the use of the device and asked to see the original source code that serves as its computer brain, saying their clients have the right to examine the machine that brings evidence against them.
Last February, a state appeals court in Daytona Beach ruled that Florida had to produce "full information" about the test that establishes the blood-alcohol level of people accused of driving under the influence, or DUI. Otherwise, the court said, the evidence is inadmissible.
"It seems to us that one should not have privileges and freedom jeopardized by the results of a mystical machine that is immune from discovery," the state's Fifth District Court of Appeal wrote.


A court in Seminole County later interpreted the ruling to apply to CMI's source code. As a result, at least 1,000 breath tests have been thrown out of court in the county this year. Last month, a court in Sarasota County said the breath tests used in 156 DUI cases will have to be thrown out if CMI continues to refuse to hand over the source code.
CMI, which is based in Owensboro, Ky., has refused to turn over the code for its Intoxilyzer 5000, saying it is proprietary. "It's a trade secret, and like any company they don't just turn over information for the asking," says Allen Holbrooke, outside attorney for CMI. [WSJ 12-16-2005]


As I see it, this is a huge, broad issue that has been creeping inexorably onto the radar screen: since the constitution grants defendants the right to challenge the evidence against them, it should come as no surprise that DUI defendants -- or rather, the defendant's lawyer -- are going after the technology that nailed them. Since most test and measurement equipment (TME) today has a programmed computer in its bowels, the defendants want to double-check the code of the all-too-human programmer. "Opening the source", as it were.

Now, those country-boy lawyers are no dumbies. They realize that any self-respecting TME manufacturer would want to protect its source code -- especially as open-source Linux replaces proprietary TME operating systems and programming languages. It has become too easy to lift source code from online court documents right into a compiler. So, the lawyers are trying to bluff an acquittal by asserting TME source code evidence as critical to their cases. "Uh, my client is innocent by reason of programming error." In the past, the TME device was treated as a "black box"; it could be externally tested but its entrails could not be dissected. To test a radar gun, for instance, you drive a car with a calibrated speedometer at the radar gun and then trigger a speed measurement. How the gun got the measurement internally is less relevant when the external results match the experimental. Apparently, the law is heading down a different track with programmable TME.

So, besides DUI, look for more creative legal tactics regarding voting machines, ATM fraud, automobile insurance cases -- did you know automobiles now tell police and insurance investigators how fast you were going when the car went off the road? -- medical devices and many other instances. Thousands of legal hours worth. It will be interesting to see how defendants rights are (re)balanced against property rights.

Sunday, December 25, 2005

OnComputers Radio show Podcast 12-25-05

This is the On Computers Radio show podcast for 12-25-2005. If you prefer, you can download the same file here via ftp.

Alex Bosworth's Weblog: Dynamics of Digg

I found this article interesting. I believe that it is a glimpse inside what I believe Web 2.0 really is, and that is "Attention," although there are many terms for this now. Everybody is trying to monetize the eyes that are drawn to a site. And I believe that most diggers are what could be considered "early adopters," those who use RSS, podcasts without Itunes, fill in your own "geeky edge" :).

» Digging into the Digg System | Web 2.0 Explorer: "Digging into the Digg System
Posted by Richard MacManus @ 6:43 pm

Alex Bosworth has a great post investigating the dynamics of the digg.com system. He discovered that the system is 'very simple' and made up of five groups of people:

1. Readers: Alex guesstimates that 'ten to twenty percent of those ever click 'digg''. I'd love to know the actual figure though.

2. Diggers: 10-20% says Alex. He also says these are the least important members of the system, because 'once a link is on the front page, it makes marginal difference the number of votes next to the link.'

3. Hardcore Diggers: 'people who sit in the queue of submitted stories and watch for breaking news that should make its way up to the front page, or report stories as being spam or irrelevant.'

4. Submitters: people who submit stories. It's highly competitive and difficult to be the first to post a successful story (one that makes the front page).

5. Publishers: 'often bloggers who want to get readership for their content.'"

--MissM
P.S. in order to give attribution to the source of the link, I used a new extension I found for Firefox 1.5, its called How'd I get here? and once put on your toolbar, it will trace back the path to the original site to the page one is looking at.
Clicking back one more time, the original link came from digg.com ;)

Xbox 360: Back to the Drawing Board

Though this FiringSquad.com article really takes the XBox 360 team to task, it is still constructive criticism. I have disagreements with a few small details, but only a few. It's worth a read.

XBos 360 is a perfect example of how a company gets painted into a corner by a release date and doesn't have time to work everything out well enough. It's a common problem, and not just at Microsoft. Still, I like the product, which surprises me greatly. I expected it to be just another console, which it definitely is not.

Jack

Migration Software

This looks good. Whether or not it is will take some time and a long look at a bulk licensing agreement.

It's softare to automate the transition from various Microsoft products to Linux. Handles the desktop, Exchange to Linux based apps and a whole lot more.

I've sometimes wondered why this hasn't been done before. A series of products like this could ease the transition to Linux to the point where the expense becomes acceptable. Yes, you save money using Linux. Everyone knows that. But the costs of conversion could easily double one's IT budget for the year, which is a powerful deterrent. It will take a good while to amortize the expense of conversion and begin realizing the savings. If this software can cut the price and problems of conversion to a significant degree, it could sell a lot of enterprises on the conversion.

Jack