Tuesday, 27 September 2005

Microsoft today released SP2 for Office 2003, which can be downloaded via Office Update, or you can grab it here and you can read about it here.

In addition, OneNote 2003 SP2 was also released today - read about it here, and download it here.

One of the notable features in my book is the Phishing protection update for Outlook:

Microsoft Office Outlook® 2003 Phishing Protection and Junk E-mail Filter

SP2 contains a new Phishing Protection feature to be used with the Outlook Junk Email Filter. Phishing is the luring of sensitive information through e-mail, such as passwords and other personal information, by an attacker masquerading as someone trustworthy. Phishing attacks can result in a user divulging sensitive information, including financial information, that can result in a loss of privacy or money. Phishing e-mail is hard to identify, because attackers make their e-mail appear genuine and often mimic recognizable e-mail sent out routinely by legitimate organizations such as banks and credit card companies.

To enable phishing protection, you need both Office 2003 SP2 and the latest Outlook 2003 Junk E-mail Filter Update. Once both are installed, Office 2003 SP2 has phishing protection turned on by default.

For best results, we recommend you regularly download the latest version of the Outlook 2003 Junk E-mail Filter Update. To determine whether you need this update, see the Microsoft Knowledge Base article
(872976): How to obtain the latest Outlook 2003 Junk E-mail Filter.



Add/Read: Comments [0]
IT Security | Office 2003 | OneNote | Tech
Tuesday, 27 September 2005 17:59:59 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Monday, 26 September 2005

I've become a bit of a flag-at-half-staff resource on the Internet it seems. I get lots of emails on the subject, and just this morning received one from a FOX affiliate asking if I send out emails announcing when the flag should be flown at half-staff. Well, uhh - no. Really, I'm not an authority on much of anything.

But, Mark Peterson at the Peterson Flag Company does have such an email list, so for those who want to be notified every time a proclamation is issued to fly the American Flag at half staff, here you go:



Add/Read: Comments [1]
Random Stuff
Monday, 26 September 2005 04:27:19 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Sunday, 25 September 2005

I've recently started a little research project, through which I am hoping to figure out the best option for replacing four disparate old-skool PBX systems with a single, unified VoIP/SIP-based system. I've amassed more than a few Internet resources and have been doing research for a number of weeks, and figured someone else out there might have some ideas, as well. Plus, I need a place to catalog my thoughts and discoveries, so here we go...

I have specific needs that must be met, and probably the most complicated of them is that I have people who work in multiple locations, but who need to be logically grouped together as a team. So, there's a need for an Automated Call Distribution (ACD) capability, with full management monitoring, sign-in and sign-out, etc.

Whatever I come up with, it must be SIP-based (duh), and should integrate with/leverage the existing Windows 2003 Active Directory, as well as the communication and presence capabilities of Live Communication Server 2005 (which is highly SIP-aware, of course). A feature-rich unified messaging voice mail, FAX, etc. system is a must, with the full compliment of delivery methods. End user self-service is important - In this day and age, it's hard to imagine putting in a system that doesn't allow its users to self-manage those settings that are safe to expose.

And it needs to work. All the time. None of this random glitch, dropped call, nasty audio quality stuff. VoIP has come a long way in the past few years, and my expectations are very high. I use Vonage at home and have watched it grow from mediocre to pretty darn good over the past 18 months. But I don't want to (read: can't) do that with a business-critical PBX system, and my expectations are that the IP-PBX system will be a better experience than I've had with Vonage.

It should be enabled to integrate tightly with Microsoft Business Solutions and the Office System servers and software - like Microsoft CRM, for example. And Outlook. SharePoint integration would be a huge plus, too. Web-based chat for the customer service folks would be terrific.

What else? Well, easy to setup and maintain is a plus, and web-based administration is a no-brainer.

And it needs to be something a medium-sized business can swallow, cost-wise. The days of high-priced telephony systems and proprietary solutions are practically over, and so is my involvement with them. Good riddance.

So, here's a partial list of what I have looked at so far. I guess if it's on the list, it stands out enough in my mind enough to merit a mention:

  • Asterisk - Open source (some commercial packages of it), in use all over, has matured somewhat. I know people who have deployed it and swear by it, and others who cuss its name daily. I'll let you guess which group tends to use a strict change management process...
  • Vonexus - A commercial, Microsoft-platform-cased IP PBX system from Vonexus and parent company Interactive Intelligence, geared for and targeted at small and mid-sized businesses. The more I read about Vonexus, the more I drool. I need to contact these people and find out more. It looks almost too good to be true. We'll see what it costs.
  • Other standard players - mostly hardware specific systems from Cisco, 3Com, Avaya, etc. All are great, but all are expensive and fairly proprietary. Not sure I want to go that route.

Anyone done this before and care to share experience? Know of something I am missing out on? Let me know, especially if you're familiar with Vonexus - I'd like to speak with people who use their systems (in addition to talking to their sales people).

A few online resources that are good to watch for VoIP:

And there's many more. Send me yours and if I like 'em I'll post them, too.



Add/Read: Comments [1]
Tech
Sunday, 25 September 2005 11:36:14 (Pacific Standard Time, UTC-08:00)
#  Trackback

In the course of trying to save some time and make things a little more streamlined at work, I've been looking for Microsoft RSS feeds for security patch releases with sufficient detail in them to be able to do some automation of our internal patch tracking. I am already aware of the RSS feed at TechNet, since I have been subscribed to it since day-one:

http://www.microsoft.com/technet/security/bulletin/secrss.aspx

But unfortunately it munges multiple pieces of discreet information into one data element (specifically the title) and also leaves a bunch of stuff completely out, since it's just a list of summaries, really:

   <item>
  <title>MS05-043: Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423)</title>
  <link>http://www.microsoft.com/technet/security/Bulletin/MS05-043.mspx</link>
  <description>This update resolves a newly-discovered, privately-reported vulnerability. A vulnerability exists in the Print Spooler service that could allow remote code execution. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</description>
  <guid isPermaLink="false">http://www.microsoft.com/technet/security/Bulletin/MS05-043.mspx</guid>
  <pubDate>Tue, 9 Aug 2005 00:00:00 GMT</pubDate>
</item>

Maybe this is a good example of where RSS extensions could or should come into play, or maybe what I need instead is a more generic (non-RSS for all I care) XML feed that has a schema that supports keeping the patch number, KB article title, bulletin name and long description as separate data points. Plus, where's the rest of the info for each bulletin? I'd also like to see what platforms each bulletin applies to (in a yes-or-no format for each one), the intricate details about the vulnerability, and other stuff like that.

Is there an XML feed that does that already? Maybe there is but I've just not found it. There's the old MSSecure.XML from the HFNetChk command line tool (not updated since 2004 on the MS Downloads site, it appears), but even that's much more verbose than what I need. I've looked around here and here, and I have done some searching, just no luck. I figure they have the data available to build all those services, but I can't find a good detailed source to build my own lists.

I did three minutes worth of Excel work to play with the feed (and I suck at Excel so my formatting in it is poor, but it basically works) and came up with a working spreadsheet from the TechNet feed. I definitely need to be able to do more with it though. You can see my l33t Excel skiilz (um, not) here:

What I really want is to be able to automatically pull the details of each released security bulletin into a list or Excel spreadsheet, add my own metadata to each one, and have that list/spreadsheet live over time. I'm trying to avoid a whole lot of cut/paste activity and need to find a way to speed this process up. Before you say I should just use Excel and VBA to parse through the available data, let me ask you - What if Microsoft changes their formatting on their bulletins?

So - my biggest obstacle right now is a data feed. If anyone knows of one, drop me a line and let me know.



Add/Read: Comments [0]
IT Security | Tech
Sunday, 25 September 2005 04:36:04 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Saturday, 24 September 2005

Stuck on StupidEvery now and then some random person or event comes along that deserves memorialization. Such is the case with Lt. Gen. Russel Honore and his words this past week when confronted with a gaggle of reporters. Honore and others (including the Mayor of New Orleans, who was having a hard time with the media crowd) were at a press conference (called by the mayor) in order to immediately get out the important word about the government's plan to evacuate people from the city of New Orleans in the face of yet another hurricane - this time, it was Rita.

But some of the reporters at the press conference were apparently still stuck on Katrina. The General was there to make sure they clearly understood their role in the situation. There's a time and a place for everything, to be sure - and that means there's a time for the media to ask questions, and there are other times when the message needs to be immediate, clear and loud in order to save lives and ensure peoples' safety. Unfortunately, there are many in the media who are all about conflict, not about helping people (regardless of what they say their motivations are). It's makes the former journalist in me scream at the TV. I hate it.

So - Thank God for people like Lt. Gen. Russel Honore. Here's his words, an audio file and a partial video of the interaction between him and the media:

Audio Attachment: 0920honorestuckonstupid.mp3 (1685 KB)

Video Attachment: stuckonstupid2.wmv (2957 KB)

Gen. Honore: And Mr. Mayor, let's go back, because I can see right now, we're setting this up as he said, he said, we said. All right? We are not going to go, by order of the mayor and the governor, and open the convention center for people to come in. There are buses there. Is that clear to you? Buses parked. There are 4,000 troops there. People come, they get on a bus, they get on a truck, they move on. Is that clear? Is that clear to the public?

Reporter: Where do they move on --

Gen. Honore: That's not your business.

Reporter: But General, that didn't work the first time --

Gen. Honore: Wait a minute. It didn't work the first time. This ain't the first time. Okay? If...we don't control Rita, you understand? So there are a lot of pieces of it that's going to be worked out. You got good public servants working through it. Let's get a little trust here, because you're starting to act like this is your problem. You are carrying the message, okay? What we're going to do is have the buses staged. The initial place is at the convention center. We're not going to announce other places at this time, until we get a plan set, and we'll let people know where those locations are, through the government, and through public announcements. Right now, to handle the number of people that want to leave, we've got the capacity. You will come to the convention center. There are soldiers there from the 82nd Airborne, and from the Louisiana National Guard. People will be told to get on the bus, and we will take care of them. And where they go will be dependent on the capacity in this state. We've got our communications up. And we'll tell them where to go. And when they get there, they'll be able to get a chance, an opportunity to get registered, and so they can let their families know where they are. But don't start panic here. Okay? We've got a location. It is in the front of the convention center, and that's where we will use to migrate people from it, into the system.

Reporter: General Honore, we were told that Berman Stadium on the west bank would be another staging area --

Gen. Honore: Not to my knowledge. Again, the current place, I just told you one time, is the convention center. Once we complete the plan with the mayor, and is approved by the governor, then we'll start that in the next 12-24 hours. And we understand that there's a problem in getting communications out. That's where we need your help. But let's not confuse the questions with the answers. Buses at the convention center will move our citizens, for whom we have sworn that we will support and defend...and we'll move them on. Let's not get stuck on the last storm. You're asking last storm questions for people who are concerned about the future storm. Don't get stuck on stupid, reporters. We are moving forward. And don't confuse the people please. You are part of the public message. So help us get the message straight. And if you don't understand, maybe you'll confuse it to the people. That's why we like follow-up questions. But right now, it's the convention center, and move on.

Reporter: General, a little bit more about why that's happening this time, though, and did not have that last time --

Gen. Honore: You are stuck on stupid. I'm not going to answer that question. We are going to deal with Rita. This is public information that people are depending on the government to put out. This is the way we've got to do it. So please. I apologize to you, but let's talk about the future. Rita is happening. And right now, we need to get good, clean information out to the people that they can use. And we can have a conversation on the side about the past, in a couple of months.

Time to print some bumper stickers... "Don't get stuck on stupid." Heh. It's not a new phrase - more like old made new again. But it's great, and appropriate.

Update: The Stuck on Stupid Blog. Heh...

(via RadioBlogger and The Political Teen)



Add/Read: Comments [0]
Helping Others | Humor | Random Stuff | Things that Suck
Saturday, 24 September 2005 16:12:53 (Pacific Standard Time, UTC-08:00)
#  Trackback

Hacked_stickerA long, long time ago, I ripped apart my Series 1 TiVo PVR and put in a couple 120GB hard drives. In the end I got an obscenely huge number of hours of recording time, plus I added an ethernet card so a phone line's not needed to get programming info, and then I did some other fun "hacking."

Anyhow, I woke up this morning and found out my trusty modified TiVo was misbehaving badly. Or maybe it's just sick - It had a choppy image and sound on both live TV and recordings, even on the menu systems you can hear the drive inside moving between glitchy animation pauses on the screen, and it's exhibiting generally sluggish, choppy behavior. So, I figured I'd sacrifice everything on it (it's practically full - maybe another cause of the problem, who knows?) and I did a delete and reset through the TiVo's menu system.

That was at about 7am. The system restarted and the screen read, "Clearing and deleting everything. This will take an hour." It's after 2pm now and the screen hasn't changed. Seem like either the system assumed it has a 20GB hard drive in it still, or the hard drive(s) are having problems. But, it sounds like it's still methodically plugging away, so I'll let it go for a while longer and just see what happens.

Anyone else been through this? Any ideas? I've had this TiVo since they first came out, and it's served me well, but I'm also thinking maybe it's time to pick up a Series 2 TiVo and open it up and do some more PVR hacking.



Add/Read: Comments [3]
Geek Out | Random Stuff | Tech
Saturday, 24 September 2005 11:46:54 (Pacific Standard Time, UTC-08:00)
#  Trackback