A patch for the truly nasty WMF vulnerability on all versions of Windows has just been pushed out in an extra release by Microsoft. It is described in Security Bulletin MS06-001. It's available for your WSUS server and from Microsoft Update, or you can get it by downloading it from the links on the security bulletin web page.

This update resolves a newly-discovered, public vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. Note This vulnerability is currently being exploited and was previously discussed by Microsoft in Microsoft Security Advisory 912840. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This is a huge one - super critical, as there are many exploits in the wild that are actively taking advantage of this vulnerability. UPDATE NOW!

On January 12th at 9:00 am Pacific time my boss, Jim Maloney, will be presenting along with George Tubin, a senior analyst at Tower Group, on the topic of preventing fraud in the online banking world. They'll discuss the threats, ways to protect customers, and some tools and processes that can help get the job done. It's a hot topic in the marketplace, and I think many people will find this web cast interesting from a security perspective, regardless of whether or not you work at a financial institution.

There's been a lot of talk and movement in this space in the past few months, after the FFIEC (the federal government organization that's made up on several individual federal agencies responsible for setting banking standards) issued new guidance to banks and other financial institutions that says something needs to be done to further protect online banking accounts, and that it needs to be done sooner rather that later. The emphasis of the guidance is on a defense in depth and layered security approach. Jim and George will be specifically addressing that guidance in the web cast.

You can sign up for the web cast here (uses LiveMeeting). A press release that announces the event is available here.

Plagiarism sucks, and Om Malik's weblog was apparently being copied verbatim, images and all, and repurposed sans-attribution on another site that was serving up ads and (potentially) making money. I've had this happen to me a few times in the past year or so, and in some cases found the only way to fight it was to quote the DMCA in an email to the host. Lord knows asking Google to hold them accountable for their terms of service did not work in my case - Google just wrote back and said "we can't do anything." Plus the bad guys were repurposing content from a whole slew of other sites. Lazy jerks.

By the way - this is really not exactly a trivial deal for many blog authors and publishers. I know when it happens to me, I chase it down and take it seriously. No lawyers needed - I am pretty good at that stuff and have some legal and courtroom experience, so why not put it to use eh? The ads on my site pay for my web hosting and my Internet access each month, and then some, so I have a little more than just an ego interest in what I choose to write and post.

Anyhow, below is an email I used last year to resolve a plagiarism problem involving full content from this web site. It's blunt, direct, complete and it worked. Also, note that this letter followed multiple attempts to get the site owner to remove plagiarized content. I'm posting the email letter here simply for the benefit of anyone who might become a victim of blog plagiarism and wants access to some ideas that have worked for others in the past.

And by the way - make sure you have a copyright statement and maybe a Creative Commons license on your main page that states what people can and cannot do with your blog content (mine's at the bottom of every page - it says people can repurpose it with attribution and for non-commercial purposes). It can't hurt to do this, and it helps set reasonable expectations and ground-rules for well-behaved people, while it can also be ammo for the ill-behaved later on...

Note that the problem I tackled with the below email was resolved within 4 hours of the email being sent to the hosting provider (the site owner never responded), and it happened a year and a half ago, so please don't go harassing anyone - this is just posted here to help people who might end up in a similar situation.

Where you see the word "(-- edited --)" below, I have removed identifying information to protect the innocent as well as those who complied with the requests to remove the offending content.

[via tech.memeorandum.com]

-------- Original Message --------
Subject:  ACTION REQUIRED: Illegal use of copyrighted content by one of your customers for commercial purposes
Date:  Sun, 3 Apr 2005 17:18:51 -0700

NOTICE: IF YOU ARE THE OWNER, OPERATOR OR HOSTING PROVIDER OF THE “MICROSOFT-DOTNET-TECHNOLOGY.INFO” DOMAIN, THIS IS A CEASE AND DESIST LETTER REQUIRING YOU TO IMMEDIATELY CEASE REPUBLISHING CONTENT OR ALLOWING/ENABLING CONTENT TO BE REPUBLISHED, WHICH IS SOURCED FROM THE “GREGHUGHES.NET” DOMAIN.

The owner of the web site(s) located on your servers/network at the below IP address and domain name is stealing and republishing - via an automated web-server application that gathers an XML feed - content owned and copyrighted by Greg Hughes at http://www.greghughes.net:

216.7.187.20 (MICROSOFT-DOTNET-TECHNOLOGY.INFO)

The following ARIN information identifies (-- edited --) Holdings, LLC (which is a corporation in Colorado) and (-- edited --).com (which appears to be a possibly defunct operation) as owners of the IP address/block in question:

Location: United States [City: Loveland, Colorado]

NOTE: More information appears to be available at NET-216-7-186-0-1.

(-- edited --) Holdings, LLC D393LLC-DC-INVERNESS6 (NET-216-7-160-0-1)
                                  216.7.160.0 - 216.7.191.255
(-- edited --).com VONOC-216-7-186-0-23 (NET-216-7-186-0-1)
                                  216.7.186.0 - 216.7.187.255
 
# ARIN WHOIS database, last updated 2005-04-02 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

The person(s) running the web site at MICROSOFT-DOTNET-TECHNOLOGY.INFO have been contacted in the past via the “contact” form on the web site and told to stop repurposing this content, specifically because they have not obtained permission and because they are profiting from advertising revenue from said web site. This activity constitutes theft of intellectual property under copyright laws and the DMCA. The information being sourced is copyrighted as indicated on the web site, and is not in the public domain for re-use. The party(ies) associated with MICROSOFT-DOTNET-TECHNOLOGY.INFO have not responded to repeated contacts and requests to cease use of the copyrighted material.

We have sent a CEASE AND DESIST letter to the parties once again today (April 3, 2004) through their web site contact form at http://www.microsoft-dotnet-technology.info/contact.asp. At this time we request that you remove the offending web sites and pages from your servers, as they are clearly in violation of the common acceptable use provisions of the parties to this email:

http://www.(-- edited --).com/acceptable-use.asp#copyright

IN ADDITION, the same person(s) appear to be sourcing copyrighted material for commercial use from Yahoo!, Search Engine Watch, moreover.com, the Kansas City Public Library, National Geographic News, about.com, and Web Hosting News. Unless the situation is rectified immediately we will also be contacting those persons and companies to advise them of the misuse of the copyrighted property and data.

The WHOIS information on record for the domain in question is:

Domain ID:D8436219-LRMS
Domain Name:MICROSOFT-DOTNET-TECHNOLOGY.INFO
Created On:27-Nov-2004 15:34:17 UTC
Last Updated On:27-Nov-2004 15:34:20 UTC
Expiration Date:27-Nov-2005 15:34:17 UTC
Sponsoring Registrar:R136-LRMS
Status:ACTIVE
Status:OK
Registrant ID:C7727838-LRMS
Registrant Name (-- edited --)
Registrant Organization:(-- edited --)
Registrant Street1:(-- edited --)
Registrant City:(-- edited --)
Registrant State/Province:Gujarat
Registrant Postal Code:(-- edited --)
Registrant Country:IN
Registrant Phone:(-- edited --)
Registrant (-- edited --)
Admin ID:C7727839-LRMS
Admin Name:(-- edited --)
Admin Organization:(-- edited --)
Admin Street1:(-- edited --)
Admin City:Ahmedabad
Admin State/Province:Gujarat
Admin Postal Code:(-- edited --)
Admin Country:IN
Admin Phone:(-- edited --)
Admin (-- edited --)
Billing ID:C7727840-LRMS
Billing Name:(-- edited --)
Billing Organization:(-- edited --)
Billing Street1:(-- edited --)
Billing City:Ahmedabad
Billing State/Province:Gujarat
Billing Postal Code:(-- edited --)
Billing Country:IN
Billing Phone:(-- edited --)
Billing (-- edited --)
Tech ID:C7727841-LRMS
Tech Name:(-- edited --)
Tech Organization:(-- edited --)
Tech Street1:(-- edited --)
Tech City:Ahmedabad
Tech State/Province:Gujarat
Tech Postal Code:(-- edited --)
Tech Country:IN
Tech Phone:(-- edited --)
Tech (-- edited --)
Name Server:VOB1.(-- edited --).COM
Name Server:VOB2.(-- edited --).COM

(Note: I edited the names and other identifying infomration from the WHOIS record at the request of the person listed in the contact sections of the record becuase they asked me to do so. While the information is accurate as it was originally posted, it serves no useful purpose to keep that person's phone and other information here and the orginal issue was resolved, so I agreed to make the change).

Looks like Santa's got himself a gmail account, and the Google Earth team has been working with him to set up a live map tracking capability for the big night. If you've got Google Earth, you can track Santa online. If you don't have it, now is a good time to grab a free copy.

Here's email from Santa that Google posted:

To: "Google Support"
From: claus@gmail.com
Subject: Naughty or Nice Layer

I love Google Earth and have been planning a big trip with it. Now I'm wondering if you've ever thought about licensing data layers for "nice" and "naughty." If interested, I've got a really good list -- I've checked it twice. Rooftop accurate data!

Let me know,
S. Claus

Google says: "While we didn't work a deal for Naughty or Nice data layers, we did negotiate the rights to track this user on his big trip. If you've already got Google Earth, you can too."

Philip Chu's Seven Habits of Highly Effective Programmers is a great read. He goes into the characteristics of what I would agree makes up a truly effective technical professional (regardless of whether you be a programmer, systems engineer, admin or whatever).

Anyone who works in the software or IT field should read this.

I like his final line, too: "Stupidity is contagious."

Nice.

[via a link from Digg]

As I mentioned here last year, you can track Santa's progress on Christmas Eve with your kids online at the NORAD Track Santa web site.

On December 24th kids can call toll free at 1-877-Hi-NORAD anytime after 9AM Eastern Standard Time (7AM Mountain Standard Time) to find out the status of Santa from NORAD. Or, even better, check out the NORAD Track Santa web site (available in several languages):

Looks like Brent's got a good list of online resources, too. Enjoy.