Thursday, September 25
The New York Times released a
scathing review of Office 2003 today that
basically accuses of Microsoft of more dirty pool. The
first complaint of course is new features, or more
accurately, the lack of them. Microsoft released a
host of new design and usability features in Office XP
and received heavy criticism from customers as it
required extensive retraining. In this release, Word,
Excel, PowerPoint, and Access are largely untouched
(except for the expanded XML capabilities). What did
receive a significant upgrade is one of Microsoft's
most heavily critiqued products - Outlook. The new
Outlook supports better anti-spam capabilities,
including the ability to blacklist and whitelist
e-mail addresses. Another heavily criticized feature
is Office 2003 new Information Rights Management (IRM)
ability which allows you to restrict which documents
specific users can read, but not print, forward, edit,
etc. It also allows a user (or corporation) to set
self destruct dates on documents without an electronic
paper trail. (Something Microsoft themselves often
find useful) Office 2003 also receives poor marks for
lack of compatibility with pervious versions of
Office, and because it requires Windows 2000 or
Windows XP to run. While it's easy to throw stones at
Microsoft for this release, I think it's exactly what
their customers wanted: small, useful, and incremental
improvements that don't require extensive retraining
of users and redevelopment of applications. Of course
that headline doesn't sell papers.
Wednesday, September 24
I'm excited about Microsoft's beta release of the
64-bit edition of Windows XP. Officially dubbed
Windows XP 64-Bit Edition for 64-Bit Extended Systems,
the new OS is designed to run on AMD's Athlon 64 or
Opteron chips putting us one step closer to the
eventual migration to 64-bit computing. AMD is really
betting the farm on this one, since Intel is taking a
more conservative "wait and see" approach and only
offering 64 bit processors for servers. Since most
current workstation applications don't max out the
current 32 bit processors, AMD is marketing the new 64
bit chips to gamers and high end users rather than
businesses in the hope that the rest of the industry
will follow. It's a big gamble that could cost AMD
dearly if it doesn't play out the way they planned.
Unfortunately, a lot depends on software
manufacturers. Without the applications that take full
advantage of the 64-bit chips, most people won't
migrate to the new hardware regardless on how "cool"
it is. I would imagine that there are a number of
undisclosed development deals that may be released
before Microsoft is ready to release the full version
of XP 64-bit edition "sometime in 2004." If they're
smart, they'll also port these applications to take
advantage of XP Pro's dual processor capability which
would significantly boost performance and allow for
more complex applications. Quake 64 anyone?
Friday, September 19
If your fellow IT
staffer's nerves has been stretched a little thin over
the last few weeks, it's time let off a little steam
with some silliness that goes beyond "casual day".
Believe it or not, today is "talk like a pirate day",
and the mates and I are planning a little after work
"pirate themed" party. No, I'm not making this up, and
there is a
website explaining it all. In addition to talking
like a pirate throughout the day, I highly recommend
taking your crew to see "Pirates
of the Caribbean" which is in theaters now, or
rent a copy of the hilarious Monty Python/Cheech and
Chong classic "Yellowbeard."
To this mix, we're adding chicken wings, grog, rum and
coke, and maybe even a costume contest. So grab your
parrot, eye patch and wooden leg, kick open the doors
to the server room and announce: "Avast ye scurvy
dogs, prepare to be boarded!!"
Wednesday, September 17
Exploit code for the
expanded RPC vulnerability was released yesterday,
making it very likely that another Blaster type worm
will be released in the next few days. If your
organization hasn't rolled out the latest patch, this
may be your last chance to deploy this patch
proactively. In case you missed the link of the day
yesterday, Microsoft has posted an excellent article
on
Best Practices for Mitigating RPC and DCOM
Vulnerabilities that may be very helpful in
formulating your security plans.
Tuesday, September 16
To assist administrators in locating unpatched
computers that are vulnerable to the RPC exploit,
Microsoft has released a new network scanning tool
that replaces the one released last month. "The
KB 824146 Scanner tool is provided as a utility to
assist administrators. It can quickly identify those
Microsoft Windows systems on their network that
immediately require the patch described in KB article
824146. The utility can be used to identify systems
that have the patch applied as well as those systems
that may require further investigation and
verification of the patch installation. Microsoft
recommends that the patch described in KB article
824146 be applied to all vulnerable systems" You
can download this free scanning tool
here.
And now for something completely different.
Monday, September 15
Like many of you, I've been busy patching systems
against the
expanded RPC vulnerability since Microsoft
released the patch last Wednesday. Companies crippled
by Blaster and SoBig over the last few weeks have
suddenly seen the light and aren't waiting weeks or
even months to patch their systems anymore. The risks of
instabilities caused by poorly written patches
seem small compared to the potential damage caused by
the latest round of worms. Still, other companies are
tied up in meetings debating their policies while the
clock is ticking, as a potentially more fatal
worm than Blaster may be in development somewhere in the
world. In my view, the real danger isn't the
potential threat from a new Blaster variant. It could be more
disastrous if nothing happened.
Take last week for example: I'm relieved that no acts
of terrorism occurred on the anniversary of September
11. The additional security and heightened public
awareness may have thwarted any number of terrorist
plans and prevented another incident, but the lack of
an incident often leads to a false sense of security.
As time goes on, our security measures will start to
slip, and eventually succumb to budget cuts. And it is this
complacency and lack of security that will enable
another attack. Patch management works the same way.
It costs time and effort to patch the thousands of
servers and workstations in an enterprise environment,
but if a new
virus or worm doesn't appear to exploit the latest
vulnerability, these efforts shouldn't be seen as a
waste of time or an unnecessary waste of resources.
It's insurance against a much greater threat. If your
companies management has recently embraced aggressive
patch management in the wake of Blaster and SoBig,
don't let them undermine these efforts six months down
the road. Not only will you get the blame for the next
outbreak, you'll be spending your weekend cleaning it
up while your managers are at home with their
families.
Tuesday, September 9
"Homeless hacker" Adrian Lamo turned himself into
a federal courthouse in California today, where he was
later released on $250,000 bond and ordered to fly to
New York (at the governments expense) and turn himself
into the FBI to face charges for allegedly breaking into the
New York Times network. Once again, I believe the
federal government is chasing headlines for busting a
well known "hacker" who publicly exposed gaping
security holes at large corporations. The small print
is that Adrian often offered to
help
those companies secure their network, and was even
willing to sign non disclosure agreements. He isn't
some menacing corporate spy or rampant vandal, just a
curious and often helpful hacker who walked a very fine legal line. If
you've caught any of his interviews on TechTV, it's
obvious Adrian isn't some cyberterrorist who threatens
our freedoms. He just stepped on the wrong feet, and
the now someone wants to make an example out of him
for the sake of headlines. (Apparently, he stepped on
very big feet) Certainly, the FBI has much bigger
fish to fry, and I think it's a shame their slim
resources are being misappropriated in exchange for
cheap publicity. So why should you care? Consider the
case of Kevin Mitnick, another notorious hacker who
was paraded around for the press and locked up for
nearly 5 years without a trial while the
prosecution "built their case" against him. When he
finally received his day in court, he plead guilty in
exchange for parole and a commuted sentence for time
already served. Nothing like 5 years in a cell to take
the fight out of you. This is a dangerous precedent
for the courts, and it will take a lot of public
awareness to keep things from getting out of hand. If you want to show your support for
Adrian, check out
http://www.freelamo.com/ The irony is that
major news outlets haven't given much publicity to
Adrian's case as the story has been overshadowed by the
shameless actions of the RIAA who
sued a 12 year old girl for file swapping music.
They decided to settle the case today for $2,000.00,
or about $2 per song. She's lucky nobody referred to
her as a hacker....
Monday, September 8
I've been having some server issues
this morning resulting in multiple outages lasting a
few minutes at a time. Predictably, my web host's
(Interland) support staff had no idea anything was
happening, but the problem magically resolved once I
reported it. Unfortunately, it didn't stay resolved
and the site was down most of the day. Fed up, I've
migrated to a new server and will be hitting up Interland
for a refund of my hosting fees - which still
doesn't make up for lost revenues and the time and
frustration spent trying to get tech support motivated
to fix this issue. I'm hopeful the new server will
resolve the stability issues, but I've already reserved a
dedicated server at ServerBeach.com and plan to migrate
as soon as some of the backend components are in
place. Thanks to everyone for being patient. ;-)
Thursday, September 4
Received a call from an old friend
of mine who works as a full time antivirus
administrator at an international firm. I was
surprised to hear that they were having so many
problems with Blaster as well as SoBig, since my
friend is very aggressive when it comes to securing
networks. But the best antivirus administrator is
useless if management refuses to let him do his job.
He recommended an e-mail gateway to management months
ago but was told "we tried one, but didn't like it".
(Despite the fact LoveBug and other e-mail worms
repeatedly crippled their network) In the case of the
recent RPC vulnerability exploited by Blaster, he
recommended that they patch all of their systems when
Microsoft released the patch. The request was denied.
He urged them to patch their systems again when the
Department of Homeland Security issued their warning,
but was turned down again. After the exploit code was
published on the web, he finally convinced his boss to
take the threat seriously and they actually had a
meeting with senior management. Unfortunately,
management's decision was that it would be "too
expensive" to patch all their systems and the risk was
minimal because the network was protected by a
firewall. My friend argued that one laptop user who
became infected from home could unleash the worm
behind the firewall and they would still be at risk.
Again, the warnings were ignored. As you can
probably guess,
things played out exactly as my friend predicted. An
improperly configured firewall let Blaster into a
minor subnet infecting hundreds of computers. While IT
was scrambling to clean up the mess, several laptop
users who became infected outside the company's
network brought in their machines and connected to the
internal network. As the worm spread, network
performance slowed to a crawl making it impossible to
work, or patch systems... and then the SoBig
worm hit, adding a 150% load to the mail servers.
(That e-mail gateway sure would have come in handy...) After several spending several 14 hour days cleaning
up this preventable disaster, my friend was approached
by his boss who suggested "We really should do more to
prevent this kind of thing from happening again." I
don't know about you, but I would have killed him.
Wednesday, September 3
Apparently authorities have arrested another suspect
in connection with the W32.Blaster Worm. This
particular individual is a 24 year old man from
Romania who is suspected of creating yet another
very minor and inconsequential variant of Blaster,
know as W32.Blaster.F. Like Jeffery Lee Parson, who is
accused of allegedly creating W32.Blaster.B, this
suspect made simple and minor variations to the
original Blaster worm and re-released it. He also made
the mistake of referencing his frequently used
internet alias (for bragging rights?) and made a
reference to one of his college professors as well. It
certainly didn't take Sherlock Holmes to track these
two down. But the original Blaster and SoBig virus
writers are still at large, apparently because they
were just too smart to put their names and addresses
in the code. I'm starting to suspect Dr Evil is behind
all this in a nefarious plot to take over the world.
Or maybe a certain mouse.... Narf! Seriously, these
arrests aren't going to deter hackers any more than
the RIAA's lawsuit deter file swappers. It may scare
off a few people on the fringes, but the hardcore
elements that are responsible for the vast majority of
incidents will adapt and move on.
Tuesday, September 2
On Friday, FBI agents arrested and charged 18 year old
Jeffrey Lee Parson of Minneapolis with one count of
"intentionally damaging a protected computer"
for
allegedly creating a variant of the W32.Blaster worm.
However, he didn't create the original worm, and he didn't
even create the most destructive variant. If the
allegations are true, he simply changed the name of
the Blast.exe file and the textual message within the
original worm
and re-released it. This minor variant dubbed
W32.Blaster B is estimated to have infected up to 7,000 PC's,
and causing approximately $5,000 in damage, but for
this "crime against the people", Mr. Parson is facing
10 years in prison and a fine of up to $250,000.00 The
FBI hasn't had a patsy this big since Lee Harvey Oswald. After years of bungling, a variety of
scandals, and a mountain of bad press, the FBI is
desperate for a success story and this arrest is all
about headlines. As a result of enthusiastic press coverage, the
average person now believes the original virus writer
has been caught and presumably brought to justice.
Nothing to fear any more, the G-men are on the
case.... This whole story is a sham, and the media
should be all over the FBI for it, but instead they're
willing participants. It sells headlines, so who cares
if it's significant. Don't get me wrong - I'm glad the
FBI is chasing virus writers and I think they should
be punished. But Jeff Parson hardly qualifies as a
hardcore black hat. He's a typical teenager who didn't
think about the possible consequences of what he was
doing. Well, now that the FBI have their
headlines, I hope they don't give up their search
for the real writers behind W32.Blaster, SoBig,
and other worms. In reality, the true authors are
probably on the other side of the globe, far away from
the reach of American law enforcement. China, Russia,
Korea, India, Pakistan, the Middle East, and hundreds
of other nations have lots of talented coders that
would love to cause this much economic damage to the
United States. It's digital terrorism aimed
squarely at capitalism, but without the fear of
military retaliation. Damage estimates for SoBig alone
have reached 5.56 Billion dollars, but it's still
spreading and systems remain unpatched and vulnerable.
Let's fix the problem, not the blame. The real enemy
is complacency, not some 18 year old in Minneapolis.
If Jeffery Lee Parson is found guilty, the judge
should put a "DUNCE" cap on his head and make him sit
in the corner - right next to the thousands of IT
managers and administrators who knowingly left their
system vulnerable despite repeated warnings and
several weeks of lead time.
Monday, September 1
For those readers who are not in
the U.S., the first Monday of every September is Labor
Day, a national holiday to commemorate "social
and economic achievements of American workers"
The first labor day was celebrated in New York city in
1882 and rapidly spread to other states until finally
becoming a national holiday in 1894. It's also the
only federal holiday that doesn't commemorate some
specific person, religion, battle, war, or other
historical event. Most Americans couldn't tell you
that, and to them it's a weekend that marks the end of
summer. It's usually a day filled with cookouts,
people returning form vacations, and sporting events.
It also fills the need for bankers and the federal
government to have a formal holiday every month.
(April and August are the only current exceptions) For
what its worth, I think we should move Labor Day into
August and observe September 11 as a national day of
remembrance. While the day would be a bit more solemn,
and may not fall on a Monday, we made a lot of
promises in 2001 that we would never forget those who
died that day and we should keep that promise. The
American flags and patriotic stickers that become so
popular that year have become faded and torn over
time. A few people replace these items regularly and
still display them, but most haven't. For them,
patriotism was a fad and they take better care of the
flags and insignia of their favorite sports team than
they do the symbols of our country. If your flag is
getting a bit faded and torn and you forgot to replace
it on July 4th, take a day in the next few weeks to
replace it. Help show the world and the rest of our
fellow Americans that patriotism isn't a passing fad.
And show the families of the victims of September 11th
that we haven't forgotten them either.
|
