Wednesday, 12 May 2004

Finally, someone has the right answer to how to clean a compromised system. So, you didn’t patch the system and it got hacked. What to do?

Click here to find out.

Is it the one correct answer - If you have already been compromised? Three cheers for Jesper M. Johansson, Ph.D., CISSP, MCSE, MCP+I, Security Program Manager at Microsoft for pointing this out. Maybe.

However, it should be noted (as was done to me by a security professional whom I respect greatly) that there are many options other than and in addition to patching available to prevent system compromise. Here's what my colleague said in email:

“I can't believe they actually published that!  While instilling fear and hopelessness it has no redeeming value and makes MS look bad (by implying a 'justification' for the pain of the patch process).  There are other alternatives to cleaning systems and validating what has been altered besides reformatting.  Things like Tripwire, regular audits, etc. etc. etc.  The real decision is what is it worth to not have to reformat?  Also you don't need any of the MS patches to prevent a system from being compromised.”

All valid points. I agree on one level or another with everyone here: Prevention and planning are worth a ton of cure. But when you have been compromised at the system level (i.e. did not plan and prevent), you're assuming a fairly large risk if you continue to use the compromised system.

Add/Read: Comments [1]
IT Security | Tech
Wednesday, 12 May 2004 10:59:49 (Pacific Standard Time, UTC-08:00)
#  Trackback

Office 2003, SharePoint, etc. Things you never knew or might not otherwise find:

MSFT tool to remove hidden history and collab data from Office documents - A couple of months ago Microsoft released a nifty tool that will permanently remove hidden and collaboration data, such as change tracking and comments, from Word 2003/XP, Excel 2003/XP, and PowerPoint 2003/XP files. When you distribute an Office document electronically, the document might contain information that you do not want to share publicly, such as information you’ve designated as “hidden” or information that allows you to collaborate on writing and editing the document with others. Before you email that doc to your customer or partner, or post it to a web site, run this tool and clean things up.

A couple of quick ways to stay up-to-date on SharePoint resources and information - Check out these resources if you're interested in SharePoint Portal or WSS 2003 - good stuff to be found:

I'll post a more complete OPML file sometime soon.

Add/Read: Comments [0]
Office 2003 | SharePoint | Tech
Wednesday, 12 May 2004 08:08:25 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Monday, 10 May 2004

Earlier I posted my first audio blog entry. This is just a quick note about how to set up to post directly to dasBlog...

It's really pretty simple: I used the Blogger-API capability of dasBlog (you'll need to turn it on in your config) and directed to publish my blog entries use the Movable Type option. You could specify XML-RPC, but if you do you won't get the headlines properly translated into dasBlog, so Movable Type is the one that works best. Very cool that dasBlog allows you to post this way, and even more cool that appears to properly emulate Movable Type when posting. When I tried to use another audio blogging service (AudBlog), it didn't play well with the Blogger API - But works like a charm.

Add/Read: Comments [2]
AudioBlogging | Blogging
Monday, 10 May 2004 21:34:47 (Pacific Standard Time, UTC-08:00)
#  Trackback

Teaching is tough. Making things like the speed of light tangible is not easy. Making it interesting is even harder.

Robert H. Stauffer understands how to teach high school students.

Add/Read: Comments [0]
Random Stuff
Monday, 10 May 2004 20:41:18 (Pacific Standard Time, UTC-08:00)
#  Trackback

Three cheers for - I signed up to test their new service last night, and today I got an email with my new account info. Within 5 minutes I'd posted my first test audio blog entry. Their service is smooth, it works (other services out there are glitchy at best in my recent experience), and it's very well designed. Quite cool. Just imagine what you can do with this kind of service. From any computer or phone you can post audio blog messages in real time. You can record up to an hour at a shot, and if you want to go longer than that, you can chain multiple recordings together into a play-list. Wow - this is great!

Update: Looks like they went live today! $4.95 a month for unlimited recording and up to 1GB of audio data transfer a month - very nice. See their Service Features page for more info.

Also check out the interview with the creator of, Eric Rice at ITConversations.

Add/Read: Comments [0]
AudioBlogging | Blogging | Tech
Monday, 10 May 2004 19:31:07 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Sunday, 09 May 2004

UPDATED: Apparently, somone one mis-spoke, and Microsoft has corrected earlier reports - see eWeek's coverage of the change in the story.

Sorry guys, all you software thieves out there will not be able to install SP2 after all (unless this all changes again). From a business and antipiracy perspective, I agree with not allowing it to install. From a security perspective, I was looking forward to seeing what impact (if any) the loosening of the reins might have.

But I don't hink Microsoft has a responsibility to provide anything to people who steal software.

It's a change of direction for Microsoft, but apparently they will allow SP2 for Windows XP to be installed on pirated copies of the OS when the service pack is released later this year. This was not the case with SP1, which has protections in it that keep people with pirated copies of Windows XP from installing it successfully.

"It was a tough choice, but we finally decided that even if someone has pirated copy of Windows, it is more important to keep him safe than it is to be concerned about the revenue issue," he added. He admitted, however, that it is more than altruism that helped Microsoft come to this decision. "Having these unsecured users means bigger worm and virus outbreaks - which also impacts the Internet and consequently, our legitimate users as well."

 - Microsoft group product manager Barry Goffe

Considering the potential positive impact of SP2 on the computing world, this is probably a good idea. After all, keeping users from spreading viruses and becoming launching platforms for hackers is an important part of securing the Internet and - in a broad sense - the Windows OS.

Add/Read: Comments [1]
IT Security | Tech
Sunday, 09 May 2004 21:20:10 (Pacific Standard Time, UTC-08:00)
#  Trackback