Thursday, 05 January 2006
A patch for the truly nasty WMF vulnerability on all versions of Windows has just been pushed out in an extra release by Microsoft. It is described in Security Bulletin MS06-001. It's available for your WSUS server and from Microsoft Update, or you can get it by downloading it from the links on the security bulletin web page.
This update resolves a newly-discovered, public vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. Note This vulnerability is currently being exploited and was previously discussed by Microsoft in Microsoft Security Advisory 912840. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This is a huge one - super critical, as there are many exploits in the wild that are actively taking advantage of this vulnerability. UPDATE NOW!
On January 12th at 9:00 am Pacific time my boss, Jim Maloney, will be presenting along with George Tubin, a senior analyst at Tower Group, on the topic of preventing fraud in the online banking world. They'll discuss the threats, ways to protect customers, and some tools and processes that can help get the job done. It's a hot topic in the marketplace, and I think many people will find this web cast interesting from a security perspective, regardless of whether or not you work at a financial institution.
There's been a lot of talk and movement in this space in the past few months, after the FFIEC (the federal government organization that's made up on several individual federal agencies responsible for setting banking standards) issued new guidance to banks and other financial institutions that says something needs to be done to further protect online banking accounts, and that it needs to be done sooner rather that later. The emphasis of the guidance is on a defense in depth and layered security approach. Jim and George will be specifically addressing that guidance in the web cast.
You can sign up for the web cast here (uses LiveMeeting). A press release that announces the event is available here.
Monday, 26 December 2005
Plagiarism sucks, and Om Malik's weblog was apparently being copied verbatim, images and all, and repurposed sans-attribution on another site that was serving up ads and (potentially) making money. I've had this happen to me a few times in the past year or so, and in some cases found the only way to fight it was to quote the DMCA in an email to the host. Lord knows asking Google to hold them accountable for their terms of service did not work in my case - Google just wrote back and said "we can't do anything." Plus the bad guys were repurposing content from a whole slew of other sites. Lazy jerks.
By the way - this is really not exactly a trivial deal for many blog authors and publishers. I know when it happens to me, I chase it down and take it seriously. No lawyers needed - I am pretty good at that stuff and have some legal and courtroom experience, so why not put it to use eh? The ads on my site pay for my web hosting and my Internet access each month, and then some, so I have a little more than just an ego interest in what I choose to write and post.
Anyhow, below is an email I used last year to resolve a plagiarism problem involving full content from this web site. It's blunt, direct, complete and it worked. Also, note that this letter followed multiple attempts to get the site owner to remove plagiarized content. I'm posting the email letter here simply for the benefit of anyone who might become a victim of blog plagiarism and wants access to some ideas that have worked for others in the past.
And by the way - make sure you have a copyright statement and maybe a Creative Commons license on your main page that states what people can and cannot do with your blog content (mine's at the bottom of every page - it says people can repurpose it with attribution and for non-commercial purposes). It can't hurt to do this, and it helps set reasonable expectations and ground-rules for well-behaved people, while it can also be ammo for the ill-behaved later on...
Note that the problem I tackled with the below email was resolved within 4 hours of the email being sent to the hosting provider (the site owner never responded), and it happened a year and a half ago, so please don't go harassing anyone - this is just posted here to help people who might end up in a similar situation.
Where you see the word "(-- edited --)" below, I have removed identifying information to protect the innocent as well as those who complied with the requests to remove the offending content.
-------- Original Message --------
Subject: ACTION REQUIRED: Illegal use of copyrighted content by one of your customers for commercial purposes
Date: Sun, 3 Apr 2005 17:18:51 -0700
NOTICE: IF YOU ARE THE OWNER, OPERATOR OR HOSTING PROVIDER OF THE “MICROSOFT-DOTNET-TECHNOLOGY.INFO” DOMAIN, THIS IS A CEASE AND DESIST LETTER REQUIRING YOU TO IMMEDIATELY CEASE REPUBLISHING CONTENT OR ALLOWING/ENABLING CONTENT TO BE REPUBLISHED, WHICH IS SOURCED FROM THE “GREGHUGHES.NET” DOMAIN.
The owner of the web site(s) located on your servers/network at the below IP address and domain name is stealing and republishing - via an automated web-server application that gathers an XML feed - content owned and copyrighted by Greg Hughes at http://www.greghughes.net:
The following ARIN information identifies (-- edited --) Holdings, LLC (which is a corporation in Colorado) and (-- edited --).com (which appears to be a possibly defunct operation) as owners of the IP address/block in question:
Location: United States [City: Loveland, Colorado]
NOTE: More information appears to be available at NET-216-7-186-0-1.
(-- edited --) Holdings, LLC D393LLC-DC-INVERNESS6 (NET-216-7-160-0-1)
220.127.116.11 - 18.104.22.168
(-- edited --).com VONOC-216-7-186-0-23 (NET-216-7-186-0-1)
22.214.171.124 - 126.96.36.199
# ARIN WHOIS database, last updated 2005-04-02 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
The person(s) running the web site at MICROSOFT-DOTNET-TECHNOLOGY.INFO have been contacted in the past via the “contact” form on the web site and told to stop repurposing this content, specifically because they have not obtained permission and because they are profiting from advertising revenue from said web site. This activity constitutes theft of intellectual property under copyright laws and the DMCA. The information being sourced is copyrighted as indicated on the web site, and is not in the public domain for re-use. The party(ies) associated with MICROSOFT-DOTNET-TECHNOLOGY.INFO have not responded to repeated contacts and requests to cease use of the copyrighted material.
We have sent a CEASE AND DESIST letter to the parties once again today (April 3, 2004) through their web site contact form at http://www.microsoft-dotnet-technology.info/contact.asp. At this time we request that you remove the offending web sites and pages from your servers, as they are clearly in violation of the common acceptable use provisions of the parties to this email:
http://www.(-- edited --).com/acceptable-use.asp#copyright
IN ADDITION, the same person(s) appear to be sourcing copyrighted material for commercial use from Yahoo!, Search Engine Watch, moreover.com, the Kansas City Public Library, National Geographic News, about.com, and Web Hosting News. Unless the situation is rectified immediately we will also be contacting those persons and companies to advise them of the misuse of the copyrighted property and data.
The WHOIS information on record for the domain in question is:
Created On:27-Nov-2004 15:34:17 UTC
Last Updated On:27-Nov-2004 15:34:20 UTC
Expiration Date:27-Nov-2005 15:34:17 UTC
Registrant Name (-- edited --)
Registrant Organization:(-- edited --)
Registrant Street1:(-- edited --)
Registrant City:(-- edited --)
Registrant Postal Code:(-- edited --)
Registrant Phone:(-- edited --)
Registrant (-- edited --)
Admin Name:(-- edited --)
Admin Organization:(-- edited --)
Admin Street1:(-- edited --)
Admin Postal Code:(-- edited --)
Admin Phone:(-- edited --)
Admin (-- edited --)
Billing Name:(-- edited --)
Billing Organization:(-- edited --)
Billing Street1:(-- edited --)
Billing Postal Code:(-- edited --)
Billing Phone:(-- edited --)
Billing (-- edited --)
Tech Name:(-- edited --)
Tech Organization:(-- edited --)
Tech Street1:(-- edited --)
Tech Postal Code:(-- edited --)
Tech Phone:(-- edited --)
Tech (-- edited --)
Name Server:VOB1.(-- edited --).COM
Name Server:VOB2.(-- edited --).COM
(Note: I edited the names and other identifying infomration from the WHOIS record at the request of the person listed in the contact sections of the record becuase they asked me to do so. While the information is accurate as it was originally posted, it serves no useful purpose to keep that person's phone and other information here and the orginal issue was resolved, so I agreed to make the change).
Saturday, 24 December 2005
Looks like Santa's got himself a gmail account, and the Google Earth team has been working with him to set up a live map tracking capability for the big night. If you've got Google Earth, you can track Santa online. If you don't have it, now is a good time to grab a free copy.
Here's email from Santa that Google posted:
To: "Google Support"
Subject: Naughty or Nice Layer
I love Google Earth and have been planning a big trip with it. Now I'm wondering if you've ever thought about licensing data layers for "nice" and "naughty." If interested, I've got a really good list -- I've checked it twice. Rooftop accurate data!
Let me know,
Google says: "While we didn't work a deal for Naughty or Nice data layers, we did negotiate the rights to track this user on his big trip. If you've already got Google Earth, you can too."
Philip Chu's Seven Habits of Highly Effective Programmers is a great read. He goes into the characteristics of what I would agree makes up a truly effective technical professional (regardless of whether you be a programmer, systems engineer, admin or whatever).
Anyone who works in the software or IT field should read this.
I like his final line, too: "Stupidity is contagious."
[via a link from Digg]
Friday, 23 December 2005
As I mentioned here last year, you can track Santa's progress on Christmas Eve with your kids online at the NORAD Track Santa web site.
On December 24th kids can call toll free at 1-877-Hi-NORAD anytime after 9AM Eastern Standard Time (7AM Mountain Standard Time) to find out the status of Santa from NORAD. Or, even better, check out the NORAD Track Santa web site (available in several languages):
Looks like Brent's got a good list of online resources, too. Enjoy.
© Copyright 2012 Greg Hughes
This work is licensed under a Creative Commons License
This page was rendered at Friday, 13 July 2012 20:36:40 (Pacific Standard Time, UTC-08:00)
newtelligence dasBlog 2.1.8015.804
"Computers used to take up entire buildings, now they just take up our entire lives."
"So how do you know what is the right path to choose to get the result that you desire? And the honest answer is this... You won't. And accepting that greatly eases the anxiety of your life experience."
Syndication [XML] and .net Alerts
For lazy, highly-technical or enlightened people, get this site's content without the use of a web browser. I use FeedDemon
for this, but you can choose your own. Subscribe - click the icon for my feed
... or sign up for Microsoft Alerts to receive updates through your MSN Messenger, e-mail, or mobile device. Click the orange button thingie to sign up with your Passport account:
Drop me an email:
Add me to MSN Messenger
|June, 2012 (1)
|November, 2011 (1)
|October, 2011 (7)
|July, 2011 (1)
|May, 2011 (1)
|April, 2011 (1)
|January, 2011 (2)
|December, 2010 (3)
|November, 2010 (2)
|October, 2010 (1)
|September, 2010 (1)
|July, 2010 (1)
|June, 2010 (13)
|May, 2010 (4)
|April, 2010 (10)
|February, 2010 (1)
|January, 2010 (2)
|December, 2009 (1)
|November, 2009 (2)
|September, 2009 (2)
|August, 2009 (1)
|July, 2009 (2)
|June, 2009 (4)
|May, 2009 (7)
|April, 2009 (3)
|March, 2009 (5)
|February, 2009 (1)
|January, 2009 (10)
|December, 2008 (7)
|November, 2008 (7)
|October, 2008 (18)
|September, 2008 (18)
|August, 2008 (18)
|July, 2008 (35)
|June, 2008 (16)
|May, 2008 (12)
|April, 2008 (16)
|March, 2008 (22)
|February, 2008 (32)
|January, 2008 (9)
|December, 2007 (6)
|November, 2007 (4)
|October, 2007 (19)
|September, 2007 (36)
|August, 2007 (19)
|July, 2007 (17)
|June, 2007 (16)
|May, 2007 (13)
|April, 2007 (11)
|March, 2007 (5)
|February, 2007 (14)
|January, 2007 (16)
|December, 2006 (16)
|November, 2006 (4)
|October, 2006 (23)
|September, 2006 (14)
|August, 2006 (21)
|July, 2006 (34)
|June, 2006 (25)
|May, 2006 (20)
|April, 2006 (20)
|March, 2006 (17)
|February, 2006 (34)
|January, 2006 (30)
|December, 2005 (23)
|November, 2005 (39)
|October, 2005 (30)
|September, 2005 (49)
|August, 2005 (31)
|July, 2005 (21)
|June, 2005 (35)
|May, 2005 (53)
|April, 2005 (54)
|March, 2005 (60)
|February, 2005 (27)
|January, 2005 (59)
|December, 2004 (70)
|November, 2004 (58)
|October, 2004 (55)
|September, 2004 (64)
|August, 2004 (53)
|July, 2004 (65)
|June, 2004 (50)
|May, 2004 (49)
|April, 2004 (26)
|March, 2004 (20)
|February, 2004 (26)
|January, 2004 (28)
|December, 2003 (12)
|October, 2003 (8)
|September, 2003 (11)
|August, 2003 (1)
On this page
Search and Translate this Site
Blog Posting Categories
| Scott Adams' Dilbert Blog
Scott Adams is the creator of Dilbert, and his blog is an incredibly smart, clever and often funny (sometimes very serious) look at the world. Everyone should read this blog.
| Alex Scoble
Alex is a former coworker who blogs about a variety of IT-related topics.
| Brent Strange
Brent is a cool dude and a great QA guy that I used to work with. His blog is, appropriately, focused on QA and testing technology.
| Chris Brooks
Chris was formerly my boss at work and is an avid board gamer and photographer. He always has some new info about top-notch board games you may have never heard of, so if you're into them, you should check out this blog.
| Chris Pirillo
Lockergnome by trade, Chris is always up to something new. If you are not familiar with the Lockergnome newsletters, be sure to check them out, too.
| Matthew Lapworth
Matt's a software developer and friend. He seems to enjoy extreme sports. That's fine as long as he doesn't, like, die or something.
| Milind Pandit
Milind writes about all sorts of interesting stuff. We worked toegther for eight years, and he worked at our employer longer than I, which pretty much makes him old as dirt in company time. :)
| MSFT Security Bulletins [RSS]
RSS feed for all Microsoft security bulletins provides an always-up-to-date list of updates along with complete descriptions of each.
Rory Blyth is one of the funniest and most thought-provoking bloggers I read. And I blame him for everything. Literally.
| Scott Hanselman
Scott's computerzen blog is a popular spot for all things .NET and innovative. I used to work with him, but then he went off to Microsoft. He's one of the smartest guys I know, and arguably the best technical presenter around.
Who Links Here
Total Posts: 1889
Android (7) Apple (67) AudioBlogging (42) Aviation (2) Blogging (154) Fireworks (5) Geek Out (130) GnomeDex (20) Google Voice (1) Helping Others (27) Home Servers (5) Humor (144) IT Security (218) Kineflex Artificial Disc Surgery (16) Management (8) Microsoft Office (4) Mobile (139) Movies (31) Mt. St. Helens (13) Office 2003 (52) OneNote (29) Personal Stories (163) Photography (29) Random Stuff (642) RSS Stuff (47) RunAs Radio (28) Safe Computing (39) SharePoint (56) Tablet PC (42) Tech (1036) Things that Suck (69) Windows (6) Windows Media Technology (27)
This Year: 0
This Month: 0
This Week: 0