LabMice.net - The Windows 2000\XP\.NET Resource Index Dell Business Weekly Promo
Home | About Us | Search |

Last Updated December 10, 2003

Daily Briefing

Welcome to our Blog! We've decided to start this web log as a way to communicate new changes to our site, discuss various happenings, and share occasional rants about a variety of topics (mostly tech related). We hope to keep it fun, interesting, and brief. And as always, we don't intend to follow any of the traditional blog rules. If you'd like to send us feedback about the site or comments posted in the Blog, just drop me a line at bernie@labmice.net
HomeBlog
 
      

Archive

August 2003
July 2003
June 2003

 
 

 


Thursday, September 25

The New York Times released a scathing review of Office 2003 today that basically accuses of Microsoft of more dirty pool. The first complaint of course is new features, or more accurately, the lack of them. Microsoft released a host of new design and usability features in Office XP and received heavy criticism from customers as it required extensive retraining. In this release, Word, Excel, PowerPoint, and Access are largely untouched (except for the expanded XML capabilities). What did receive a significant upgrade is one of Microsoft's most heavily critiqued products - Outlook. The new Outlook supports better anti-spam capabilities, including the ability to blacklist and whitelist e-mail addresses. Another heavily criticized feature is Office 2003 new Information Rights Management (IRM) ability which allows you to restrict which documents specific users can read, but not print, forward, edit, etc. It also allows a user (or corporation) to set self destruct dates on documents without an electronic paper trail. (Something Microsoft themselves often find useful) Office 2003 also receives poor marks for lack of compatibility with pervious versions of Office, and because it requires Windows 2000 or Windows XP to run. While it's easy to throw stones at Microsoft for this release, I think it's exactly what their customers wanted: small, useful, and incremental improvements that don't require extensive retraining of users and redevelopment of applications. Of course that headline doesn't sell papers.

Wednesday, September 24
I'm excited about Microsoft's beta release of the 64-bit edition of Windows XP. Officially dubbed Windows XP 64-Bit Edition for 64-Bit Extended Systems, the new OS is designed to run on AMD's Athlon 64 or Opteron chips putting us one step closer to the eventual migration to 64-bit computing. AMD is really betting the farm on this one, since Intel is taking a more conservative "wait and see" approach and only offering 64 bit processors for servers. Since most current workstation applications don't max out the current 32 bit processors, AMD is marketing the new 64 bit chips to gamers and high end users rather than businesses in the hope that the rest of the industry will follow. It's a big gamble that could cost AMD dearly if it doesn't play out the way they planned. Unfortunately, a lot depends on software manufacturers. Without the applications that take full advantage of the 64-bit chips, most people won't migrate to the new hardware regardless on how "cool" it is. I would imagine that there are a number of undisclosed development deals that may be released before Microsoft is ready to release the full version of XP 64-bit edition "sometime in 2004." If they're smart, they'll also port these applications to take advantage of XP Pro's dual processor capability which would significantly boost performance and allow for more complex applications. Quake 64 anyone?


Friday, September 19
If your fellow IT staffer's nerves has been stretched a little thin over the last few weeks, it's time let off a little steam with some silliness that goes beyond "casual day". Believe it or not, today is "talk like a pirate day", and the mates and I are planning a little after work "pirate themed" party. No, I'm not making this up, and there is a website explaining it all. In addition to talking like a pirate throughout the day, I highly recommend taking your crew to see "Pirates of the Caribbean" which is in theaters now, or rent a copy of the hilarious Monty Python/Cheech and Chong classic "Yellowbeard." To this mix, we're adding chicken wings, grog, rum and coke, and maybe even a costume contest. So grab your parrot, eye patch and wooden leg, kick open the doors to the server room and announce: "Avast ye scurvy dogs, prepare to be boarded!!"


Wednesday, September 17
Exploit code for the expanded RPC vulnerability was released yesterday, making it very likely that another Blaster type worm will be released in the next few days. If your organization hasn't rolled out the latest patch, this may be your last chance to deploy this patch proactively. In case you missed the link of the day yesterday, Microsoft has posted an excellent article on Best Practices for Mitigating RPC and DCOM Vulnerabilities that may be very helpful in formulating your security plans.


Tuesday, September 16
To assist administrators in locating unpatched computers that are vulnerable to the RPC exploit, Microsoft has released a new network scanning tool that replaces the one released last month. "
The KB 824146 Scanner tool is provided as a utility to assist administrators. It can quickly identify those Microsoft Windows systems on their network that immediately require the patch described in KB article 824146. The utility can be used to identify systems that have the patch applied as well as those systems that may require further investigation and verification of the patch installation. Microsoft recommends that the patch described in KB article 824146 be applied to all vulnerable systems" You can download this free scanning tool here

And now for something completely different.


Monday, September 15
Like many of you, I've been busy patching systems against the expanded RPC vulnerability since Microsoft released the patch last Wednesday. Companies crippled by Blaster and SoBig over the last few weeks have suddenly seen the light and aren't waiting weeks or even months to patch their systems anymore. The risks of instabilities caused by poorly written patches seem small compared to the potential damage caused by the latest round of worms. Still, other companies are tied up in meetings debating their policies while the clock is ticking, as a potentially more fatal worm than Blaster may be in development somewhere in the world. In my view, the real danger isn't the potential threat from a new Blaster variant. It could be more disastrous if nothing happened. Take last week for example: I'm relieved that no acts of terrorism occurred on the anniversary of September 11. The additional security and heightened public awareness may have thwarted any number of terrorist plans and prevented another incident, but the lack of an incident often leads to a false sense of security. As time goes on, our security measures will start to slip, and eventually succumb to budget cuts. And it is this complacency and lack of security that will enable another attack. Patch management works the same way. It costs time and effort to patch the thousands of servers and workstations in an enterprise environment, but if a new virus or worm doesn't appear to exploit the latest vulnerability, these efforts shouldn't be seen as a waste of time or an unnecessary waste of resources. It's insurance against a much greater threat. If your companies management has recently embraced aggressive patch management in the wake of Blaster and SoBig, don't let them undermine these efforts six months down the road. Not only will you get the blame for the next outbreak, you'll be spending your weekend cleaning it up while your managers are at home with their families.


Tuesday, September 9
"Homeless hacker" Adrian Lamo turned himself into a federal courthouse in California today, where he was later released on $250,000 bond and ordered to fly to New York (at the governments expense) and turn himself into the FBI to face charges for allegedly breaking into the New York Times network. Once again, I believe the federal government is chasing headlines for busting a well known "hacker" who publicly exposed gaping security holes at large corporations. The small print is that Adrian often offered to help those companies secure their network, and was even willing to sign non disclosure agreements. He isn't some menacing corporate spy or rampant vandal, just a curious and often helpful hacker who walked a very fine legal line. If you've caught any of his interviews on TechTV, it's obvious Adrian isn't some cyberterrorist who threatens our freedoms. He just stepped on the wrong feet, and the now someone wants to make an example out of him for the sake of headlines. (Apparently, he stepped on very  big feet) Certainly, the FBI has much bigger fish to fry, and I think it's a shame their slim resources are being misappropriated in exchange for cheap publicity. So why should you care? Consider the case of Kevin Mitnick, another notorious hacker who was paraded around for the press and locked up for nearly 5 years without a trial while the prosecution "built their case" against him. When he finally received his day in court, he plead guilty in exchange for parole and a commuted sentence for time already served. Nothing like 5 years in a cell to take the fight out of you. This is a dangerous precedent for the courts, and it will take a lot of public awareness to keep things from getting out of hand. If you want to show your support for Adrian, check out http://www.freelamo.com/  The irony is that major news outlets haven't given much publicity to Adrian's case as the story has been overshadowed by the shameless actions of the RIAA who sued a 12 year old girl for file swapping music. They decided to settle the case today for $2,000.00, or about $2 per song. She's lucky nobody referred to her as a hacker....


Monday, September 8
I've been having some server issues this morning resulting in multiple outages lasting a few minutes at a time. Predictably, my web host's (Interland) support staff had no idea anything was happening, but the problem magically resolved once I reported it. Unfortunately, it didn't stay resolved and the site was down most of the day. Fed up, I've migrated to a new server and will be hitting up Interland for a refund of my hosting fees - which still doesn't make up for lost revenues and the time and frustration spent trying to get tech support motivated to fix this issue. I'm hopeful the new server will resolve the stability issues, but I've already reserved a dedicated server at ServerBeach.com and plan to migrate as soon as some of the backend components are in place. Thanks to everyone for being patient. ;-)


Thursday, September 4
Received a call from an old friend of mine who works as a full time antivirus administrator at an international firm. I was surprised to hear that they were having so many problems with Blaster as well as SoBig, since my friend is very aggressive when it comes to securing networks. But the best antivirus administrator is useless if management refuses to let him do his job. He recommended an e-mail gateway to management months ago but was told "we tried one, but didn't like it". (Despite the fact LoveBug and other e-mail worms repeatedly crippled their network) In the case of the recent RPC vulnerability exploited by Blaster, he recommended that they patch all of their systems when Microsoft released the patch. The request was denied. He urged them to patch their systems again when the Department of Homeland Security issued their warning, but was turned down again. After the exploit code was published on the web, he finally convinced his boss to take the threat seriously and they actually had a meeting with senior management. Unfortunately, management's decision was that it would be "too expensive" to patch all their systems and the risk was minimal because the network was protected by a firewall. My friend argued that one laptop user who became infected from home could unleash the worm behind the firewall and they would still be at risk. Again, the warnings were ignored. As you can probably guess, things played out exactly as my friend predicted. An improperly configured firewall let Blaster into a minor subnet infecting hundreds of computers. While IT was scrambling to clean up the mess, several laptop users who became infected outside the company's network brought in their machines and connected to the internal network. As the worm spread, network performance slowed to a crawl making it impossible to work, or patch systems... and then the SoBig worm hit, adding a 150% load to the mail servers. (That e-mail gateway sure would have come in handy...) After several spending several 14 hour days cleaning up this preventable disaster, my friend was approached by his boss who suggested "We really should do more to prevent this kind of thing from happening again." I don't know about you, but I would have killed him.


Wednesday, September 3
Apparently authorities have arrested another suspect in connection with the W32.Blaster Worm. This particular individual is a 24 year old man from Romania who is suspected of creating yet another very minor and inconsequential variant of Blaster, know as W32.Blaster.F. Like Jeffery Lee Parson, who is accused of allegedly creating W32.Blaster.B, this suspect made simple and minor variations to the original Blaster worm and re-released it. He also made the mistake of referencing his frequently used internet alias (for bragging rights?) and made a reference to one of his college professors as well. It certainly didn't take Sherlock Holmes to track these two down. But the original Blaster and SoBig virus writers are still at large, apparently because they were just too smart to put their names and addresses in the code. I'm starting to suspect Dr Evil is behind all this in a nefarious plot to take over the world. Or maybe a certain mouse.... Narf! Seriously, these arrests aren't going to deter hackers any more than the RIAA's lawsuit deter file swappers. It may scare off a few people on the fringes, but the hardcore elements that are responsible for the vast majority of incidents will adapt and move on.


Tuesday, September 2
On Friday, FBI agents arrested and charged 18 year old Jeffrey Lee Parson of Minneapolis with one count of "intentionally damaging a protected computer" for allegedly creating a variant of the W32.Blaster worm. However, he didn't create the original worm, and he didn't even create the most destructive variant. If the allegations are true, he simply changed the name of the Blast.exe file and the textual message within the original worm and re-released it. This minor variant dubbed W32.Blaster B is estimated to have infected up to 7,000 PC's, and causing approximately $5,000 in damage, but for this "crime against the people", Mr. Parson is facing 10 years in prison and a fine of up to $250,000.00 The FBI hasn't had a patsy this big since Lee Harvey Oswald. After years of bungling, a variety of scandals, and a mountain of bad press, the FBI is desperate for a success story and this arrest is all about headlines. As a result of enthusiastic press coverage, the average person now believes the original virus writer has been caught and presumably brought to justice. Nothing to fear any more, the G-men are on the case.... This whole story is a sham, and the media should be all over the FBI for it, but instead they're willing participants. It sells headlines, so who cares if it's significant. Don't get me wrong - I'm glad the FBI is chasing virus writers and I think they should be punished. But Jeff Parson hardly qualifies as a hardcore black hat. He's a typical teenager who didn't think about the possible consequences of what he was doing. Well, now that the FBI have their headlines, I hope they don't give up their search for the real writers behind W32.Blaster,  SoBig, and other worms. In reality, the true authors are probably on the other side of the globe, far away from the reach of American law enforcement. China, Russia, Korea, India, Pakistan, the Middle East, and hundreds of other nations have lots of talented coders that would love to cause this much economic damage to the United States. It's digital terrorism aimed squarely at capitalism, but without the fear of military retaliation. Damage estimates for SoBig alone have reached 5.56 Billion dollars, but it's still spreading and systems remain unpatched and vulnerable. Let's fix the problem, not the blame. The real enemy is complacency, not some 18 year old in Minneapolis. If Jeffery Lee Parson is found guilty, the judge should put a "DUNCE" cap on his head and make him sit in the corner - right next to the thousands of IT managers and administrators who knowingly left their system vulnerable despite repeated warnings and several weeks of lead time.


Monday, September 1
For those readers who are not in the U.S., the first Monday of every September is Labor Day, a national holiday to commemorate "
social and economic achievements of American workers" The first labor day was celebrated in New York city in 1882 and rapidly spread to other states until finally becoming a national holiday in 1894. It's also the only federal holiday that doesn't commemorate some specific person, religion, battle, war, or other historical event. Most Americans couldn't tell you that, and to them it's a weekend that marks the end of summer. It's usually a day filled with cookouts, people returning form vacations, and sporting events. It also fills the need for bankers and the federal government to have a formal holiday every month. (April and August are the only current exceptions) For what its worth, I think we should move Labor Day into August and observe September 11 as a national day of remembrance. While the day would be a bit more solemn, and may not fall on a Monday, we made a lot of promises in 2001 that we would never forget those who died that day and we should keep that promise. The American flags and patriotic stickers that become so popular that year have become faded and torn over time. A few people replace these items regularly and still display them, but most haven't. For them, patriotism was a fad and they take better care of the flags and insignia of their favorite sports team than they do the symbols of our country. If your flag is getting a bit faded and torn and you forgot to replace it on July 4th, take a day in the next few weeks to replace it. Help show the world and the rest of our fellow Americans that patriotism isn't a passing fad. And show the families of the victims of September 11th that we haven't forgotten them either. 
 

 

  

Send us your feedback!
If you have any questions, comments, or suggestions that would help us improve this page, please drop us a line and let us know!

Dell Business Weekly Promo

This site and its contents are Copyright 1999-2003 by LabMice.net. Microsoft, NT, BackOffice, MCSE, and Windows are registered trademarks of Microsoft Corporation. Microsoft Corporation in no way endorses or is affiliated with LabMice.net. The products referenced in this site are provided by parties other than LabMice.net. LabMice.net makes no representations regarding either the products or any information about the products. Any questions, complaints, or claims regarding the products must be directed to the appropriate manufacturer or vendor.