Wednesday, April 30, 2008
Securing Your Wireless Network
Wireless computing is becoming a common practice in families as more and more computers are added to home networks. As a result, I updated the post from last fall on Setting Up a Home Network with Windows Vista, which has turned out to be a very popular collection (at least according to the the blog analytics).
Included in the update are two publications from Ars Technica. The most recent is Joel Hruska's "The ABCs of securing your wireless network" which is an introduction to the basics of securing your home wireless network. It includes the most relevant high-level points home users need to know in order to secure a network of game consoles, phones, and PCs. Although this publication also includes some of the material from the original "blackpaper", that has been included as well.
As it turns out, Vista4Beginners also have two new tutorials on network printers. Both have also been incorporated in the original posting.
See the complete list of helpful documents in Setting Up a Home Network with Windows Vista and learn how to not only set up a wireless network but also keep it secure.
Included in the update are two publications from Ars Technica. The most recent is Joel Hruska's "The ABCs of securing your wireless network" which is an introduction to the basics of securing your home wireless network. It includes the most relevant high-level points home users need to know in order to secure a network of game consoles, phones, and PCs. Although this publication also includes some of the material from the original "blackpaper", that has been included as well.
As it turns out, Vista4Beginners also have two new tutorials on network printers. Both have also been incorporated in the original posting.
See the complete list of helpful documents in Setting Up a Home Network with Windows Vista and learn how to not only set up a wireless network but also keep it secure.
Tuesday, April 29, 2008
Windows XP SP3 Delayed
Microsoft has delayed distribution of Windows XP Service Pack 3 due to issues with “Microsoft Dynamics Retail Management System (RMS)”. As reported at Bits from Bill,
Microsoft decided to wait until they could block some systems they don’t want updated. They’re not making any changes to SP3, they’re just going to block those system which they’ve determined are incompatible.While you are at Bill's site, be sure to read about What You Can Expect from XP3 when it is released. But, please, wait until it is released to the Windows Update and Microsoft Download Center rather than downloading it from alternative links that some sites are offering. Only get Microsoft software from Microsoft.
Thursday, April 24, 2008
Announcing WinPatrol 2008 With ActiveX Control
Bill Pytlovany released a new version of WinPatrol which includes a great new security feature. On increasingly frequent occasions we hear of "zero-day" or unpatched vulnerabilities affecting programs with ActiveX components. In fact, the majority of all browser plug-in vulnerabilities can be attributed to Active X. With WinPatrol 2008, you can monitor and control Active X components. Aside from the Microsoft plug-ins, popular programs including ActiveX are Adobe Flash, Apple Quicktime, RealPlayer and SunMicrosystems Java.
There are several options available for viewing the ActiveX controls on your computer with WinPatrol 2008 and they can easily be changed by toggling the check box combinations. The example below illustrates a selection of all Active-X controls, including those not used with IE.
The combination of options for viewing ActiveX controls includes:
After the vulnerability has been patched, reverse the process to enable the ActiveX control.
WinPatrol will also monitor your system and let you know when new ActiveX components try to make their home on your system. If it’s not something you wanted WinPatrol will kill the new component before it can do any damage.
See WinPatrol 2008 introduced in its 10th year
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
There are several options available for viewing the ActiveX controls on your computer with WinPatrol 2008 and they can easily be changed by toggling the check box combinations. The example below illustrates a selection of all Active-X controls, including those not used with IE.
(Click image to view full size)
The combination of options for viewing ActiveX controls includes:
- List all ActiveX controls including those not used by Internet Explorer
- Only view ActiveX controls used by Internet Explorer
- Toggle non-Microsoft ActiveX controls on/off.
After the vulnerability has been patched, reverse the process to enable the ActiveX control.
WinPatrol will also monitor your system and let you know when new ActiveX components try to make their home on your system. If it’s not something you wanted WinPatrol will kill the new component before it can do any damage.
See WinPatrol 2008 introduced in its 10th year
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
Bah! Experts Exchange = Scam Artists
Last week when I read Ed Bott's Dear Google: Please take pay sites out of search results, I was pleased to see that I am not the only person who has been frustrated with finding that the search results link led to the Experts Exchange. I have always thought that the site is a sad joke. Why? Because they tickle the search engines with the right information to show up fairly high in the search results. The problem is what the person faces when landing on the site. I agreed with what Ed wrote:
Why, I wondered, would there be a referral link to one of my blog posts from a subscription site? Then I remembered the comments posted by one of Ed's readers indicating that by scrolling to the bottom of the page, the answers are displayed. So I decided to give it a try.
Sure enough, after going past a link to "Start your free trial to view this solution", followed by a block of information relating to the "Question Stats" and then another solicitation to enroll,
a bunch of this nonsense
followed by a long, drawn out category listing what did I discover? Why the answer of course. What really irks me though is that the "Accepted Solution" was none other than a link to a Microsoft Help document, one of my articles and that of another website.It is bad enough that the ExpertsExchange is playing games with people, their time and their intelligence. However, it is worse that all of that enticement to obtain a subscription leads to FREE information, publicly available.
Try searching the site or clicking on the Trial Membership link and learn that these scam artists are charging an outrageous fee for information provided/collected by other people.
The self-description at Alexa is that of a
Edit Note (Mar2010): It has been almost two years since this topic was posted. The content of the comments continues to repeat between those who support EE and those people who feel they were scammed. It is up to each person to make their own decision. Comments closed.
"And it’s apparent from the structure of the replies that there’s no “expert” involved, just a bunch of other (paid) user/members."That was why I was rather surprised when viewing recent analytics for Security Garden to see a link from ExpertsExchange.
Referring URL | http://www.experts-e...eous/Q_23102170.html | |
Visit Entry Page | http://securitygarde...rk-with-windows.html |
Why, I wondered, would there be a referral link to one of my blog posts from a subscription site? Then I remembered the comments posted by one of Ed's readers indicating that by scrolling to the bottom of the page, the answers are displayed. So I decided to give it a try.
Sure enough, after going past a link to "Start your free trial to view this solution", followed by a block of information relating to the "Question Stats" and then another solicitation to enroll,
a bunch of this nonsense
followed by a long, drawn out category listing what did I discover? Why the answer of course. What really irks me though is that the "Accepted Solution" was none other than a link to a Microsoft Help document, one of my articles and that of another website.
"michko:An article from MS on setting up a home network in Vista (and you have to set up a home network, you can't just share a folder, then access it from another Vista pc):
http://windowshelp.microsoft.com/Windows/en-US /Help/7617 4f4a- 7522- 425a-9424- 324dd29926 5e1033.msp x
And just in case you need more information, or need to have it explained differently, here are two other articles on the same subject:
http://securitygarden.blogspot.com/2007/10/set ting-up-ho me- network -with-wind ows.html
http://www.windvis.com/how-to-create-a-network "-in-window s- vista
Try searching the site or clicking on the Trial Membership link and learn that these scam artists are charging an outrageous fee for information provided/collected by other people.
The self-description at Alexa is that of a
"Premium content subscription site where users collaborate with each other to solve their technology problems."I disagree. Experts Exchange are scam artists.
Edit Note (Mar2010): It has been almost two years since this topic was posted. The content of the comments continues to repeat between those who support EE and those people who feel they were scammed. It is up to each person to make their own decision. Comments closed.
Wednesday, April 23, 2008
Microsoft Releases New Ultimate Extras
Not that three additional Windows Vista desktop DreamScenes and two new sound schemes (Glass and Pearl) are all that Ultimate, but at least we are seeing some content, finally.
Information is available at Ultimate PC for the new content:
Information is available at Ultimate PC for the new content:
Tuesday, April 22, 2008
Microsoft Announcements
Two items of interest to the public.
First, for people still using Windows XP, Service Pack 3 has been released to manufacturing (RTM). SP3 is expected to be available on Windows Update on April 29.
See TechNet, Windows XP Service Pack 3 Released to Manufacturing.
The next bit of news is that Microsoft has released the latest Microsoft Security Intelligence Report (SIR). As reported at Microsoft Press Pass,
First, for people still using Windows XP, Service Pack 3 has been released to manufacturing (RTM). SP3 is expected to be available on Windows Update on April 29.
See TechNet, Windows XP Service Pack 3 Released to Manufacturing.
The next bit of news is that Microsoft has released the latest Microsoft Security Intelligence Report (SIR). As reported at Microsoft Press Pass,
"The report focuses on the second half of 2007 and uses data derived from a range of tools running on approximately 450 million computers worldwide to provide an in-depth, global view of software vulnerabilities, software exploits, malicious software and potentially unwanted software.A complete report and copy of the SIR is available from the Microsoft Malware Protection Center.The latest SIR shows the fewest number of security vulnerability disclosures across the software industry since the second half of 2005, along with a rise in malicious and potentially unwanted software, which demonstrates a continued use of malware as a tool for targeting computer users for profit."
Remembering Another Lost Friend
It seems like only yesterday that I learned about the death of my "big brother". Instead, it was yesterday that I learned that a number of months ago another friend, another member of the LandzDown Team's chosen family had died. That person is Björn, known on-line as DieHard.
Long time members of the security community will remember his dancing avatar. Björn gave so much of himself to every person he helped. There was always a personal touch. I have many memories of Björn and shall miss him. He has been given a place of honor here at Security Garden next to Pat. The quote provided by Winchester73 fits perfectly:
Members of the community are welcome to join the LandzDown Team Remembering DieHard.
Long time members of the security community will remember his dancing avatar. Björn gave so much of himself to every person he helped. There was always a personal touch. I have many memories of Björn and shall miss him. He has been given a place of honor here at Security Garden next to Pat. The quote provided by Winchester73 fits perfectly:
"A good leg will fall. A straight back will stoop. A black beard will turn white. A curled pate will grow bald. A fair face will wither. A full eye will wax hollow. But a good heart is the sun and the moon, for it shines bright and never changes, but keeps its course truly."
(William Shakespeare, Henry V)Without a doubt, Björn had a good heart and will be missed ever more.
Members of the community are welcome to join the LandzDown Team Remembering DieHard.
Friday, April 18, 2008
Apple Improves Update Notifications
With thanks to stopBADware.org and others who complained, Apple has made an improvement in their update practices. Last month, I questioned whether Apple was Turning to Foistware Methods. Based on the example provided by stopBADware.org, at least the updates are separated from the "new software". This isn't a perfect solution, however, it is much better than the way it had been handled.
See Apple Responds to Community Concerns at stopBADware.org for an illustration of the changes made by Apple.
See Apple Responds to Community Concerns at stopBADware.org for an illustration of the changes made by Apple.
Microsoft 2008 MVP Global Summit
Recently I posted the final installment of the four-part series About: The Microsoft MVP Program and mentioned the MVP Global Summit. Those interested in a flavor of what the Summit is about can get a birds-eye view from the press release, Microsoft 2008 MVP Global Summit Virtual Pressroom. Greater detail, with NDA information excluded, is available in the keynote presentations by Ray Ozzie and Steve Ballmer.
Press Release: Microsoft 2008 MVP Global Summit Virtual Pressroom
Keynote Presentations:
Press Release: Microsoft 2008 MVP Global Summit Virtual Pressroom
Keynote Presentations:
- Steve Ballmer, Chief Executive Officer, Microsoft Corp.
- Ray Ozzie, Chief Software Architect, Microsoft Corp.
Security Advisory 951306 – Vulnerability in Windows Could Allow Elevation of Privilege
On April 17, 2008, Microsoft released Security Advisory 951306, Vulnerability in Windows Could Allow Elevation of Privilege.
Summary
Microsoft is investigating new public reports of a vulnerability which could allow elevation of privilege from authenticated user to LocalSystem, affecting Windows XP Professional Service Pack 2 and all supported versions and editions of Windows Server 2003, Windows Vista, and Windows Server 2008. Customers who allow user-provided code to run in an authenticated context, such as within Internet Information Services (IIS) and SQL Server, should review this advisory. Hosting providers may be at increased risk from this elevation of privilege vulnerability.
Currently, Microsoft is not aware of any attacks attempting to exploit the potential vulnerability. Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs.
Recommendations
Review Microsoft Security Advisory 951306 which provides an overview of the issue, summary of affected products, workarounds, suggested actions, frequently asked questions (FAQ) and links to additional resources.
References
Summary
Microsoft is investigating new public reports of a vulnerability which could allow elevation of privilege from authenticated user to LocalSystem, affecting Windows XP Professional Service Pack 2 and all supported versions and editions of Windows Server 2003, Windows Vista, and Windows Server 2008. Customers who allow user-provided code to run in an authenticated context, such as within Internet Information Services (IIS) and SQL Server, should review this advisory. Hosting providers may be at increased risk from this elevation of privilege vulnerability.
Currently, Microsoft is not aware of any attacks attempting to exploit the potential vulnerability. Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs.
Recommendations
Review Microsoft Security Advisory 951306 which provides an overview of the issue, summary of affected products, workarounds, suggested actions, frequently asked questions (FAQ) and links to additional resources.
References
Wednesday, April 16, 2008
Mozilla Firefox 2.0.0.14 Update
Mozilla has released a Firefox Update, identified in the release notes as fixing MFSA 2008-20 Crash in JavaScript garbage collector. The latest version is now 2.0.0.14.
If you have not yet been offered the update, Click Help >Check for updates.
If you have not yet been offered the update, Click Help >Check for updates.
SunJava SE Update 6
Update 6 has been released by SunMicrosystems for Java SE.
As I have indicated previously, I do not have Java installed on my home computer. It has been a year without the SunJava update headaches and I have yet to find anything that has not performed properly due to this bit of freedom I have experienced without it. However, I know there are many others who use SunJava so have updated the widely used tutorial, SunFlowers and SunJava Update to reflect the latest release.
Note: If you do not have the Google Toolbar installed on your computer, it may be offered with the update. Be sure to UNcheck the option if you do not want the toolbar.
References:
As I have indicated previously, I do not have Java installed on my home computer. It has been a year without the SunJava update headaches and I have yet to find anything that has not performed properly due to this bit of freedom I have experienced without it. However, I know there are many others who use SunJava so have updated the widely used tutorial, SunFlowers and SunJava Update to reflect the latest release.
Note: If you do not have the Google Toolbar installed on your computer, it may be offered with the update. Be sure to UNcheck the option if you do not want the toolbar.
References:
- Release Notes: SunJava SE 1.6.0_06
- Instructions: SunFlowers and SunJava Update
- Download: Java SE Downloads
Tuesday, April 15, 2008
Tuned In to Zune!
I am pleased to say that I am happily tuned in to Zune! Finally, I got that Zune I wished for when the Zune launched.
After the Zune 2 release, the prices of Zune 1 dropped. I debated which model to get. In the long run, the size won out. I opted for the Zune 8 GB Flash and am extremely pleased with my choice. At 1.7 ounces, it weighs next to nothing, is very small so easily slips into a pocket. It hasn't taken me long to load over 2 GB of favorites to listen to. I particularly like that the Zune has FM reception. This provides yet another avenue of entertainment, weather reports or the news.
Being what I would describe as rather "fumble fingered", I was afraid that I wouldn't be comfortable operating this little device. However, I have found the Zune intuitive to operate. For the time being, I haven't found the need to go beyond Zune Marketplace. However, there are quite a few Zune support sites as well as blogs devoted to the Zune. A selected few of the available sites are referenced below. If you are in the market for an MP3 player, consider a Zune. I am certainly glad I did.
Now that I have a collection of music loaded, perhaps I'll have time to move on to the next project. I really want to get back to reshaping, remodeling, reorganizing Windows Vista Bookmarks. An on-line forum friend, John L. Galt, sent me an incredible listing of bookmarks to include.
Zune Reference Sampling:
After the Zune 2 release, the prices of Zune 1 dropped. I debated which model to get. In the long run, the size won out. I opted for the Zune 8 GB Flash and am extremely pleased with my choice. At 1.7 ounces, it weighs next to nothing, is very small so easily slips into a pocket. It hasn't taken me long to load over 2 GB of favorites to listen to. I particularly like that the Zune has FM reception. This provides yet another avenue of entertainment, weather reports or the news.
Being what I would describe as rather "fumble fingered", I was afraid that I wouldn't be comfortable operating this little device. However, I have found the Zune intuitive to operate. For the time being, I haven't found the need to go beyond Zune Marketplace. However, there are quite a few Zune support sites as well as blogs devoted to the Zune. A selected few of the available sites are referenced below. If you are in the market for an MP3 player, consider a Zune. I am certainly glad I did.
Now that I have a collection of music loaded, perhaps I'll have time to move on to the next project. I really want to get back to reshaping, remodeling, reorganizing Windows Vista Bookmarks. An on-line forum friend, John L. Galt, sent me an incredible listing of bookmarks to include.
Zune Reference Sampling:
- Got Zune?
- Wired! Zune
- Zune Insider
- Zune Marketplace
- Zunerama
- zunescene
- Zune User Group
- Zune Thoughts
Windows Vista SP1 For All Supported Languages
Today Microsoft released Windows Vista Service Pack 1 (SP1) to Windows Update or for download of the standalone installer from the Microsoft Download Center (x86 and x64) for any of the 36 supported languages.
References:
References:
- Prerequsites
- Releasing Windows Vista SP1 for more languages
- Want Vista SP1? Here’s what to expect
- Windows SP1 FAQ
- Windows Update
Thursday, April 10, 2008
About: The Microsoft MVP Program
Last year, Channel 9 began publishing a series on the Microsoft Most Valuable Professional (MVP) Program. The first three podcasts were published in June and July. Although the fourth has been ready and waiting for well over six months, it was finally published this week.
This last in the series is rather bitter-sweet. It is an interview of Sean O'Driscoll as a General Manager for Community Support and the MVP Program at Microsoft. As it turns out, Toby Richards has since assumed that position as Sean transitions to life outside Microsoft (See 15 years at Microsoft, coming to an end…mixed emotions).
The list of the complete series is provided here, with this last presentation very timely with the MVP Global Summit scheduled for next week. The MVP Global Summit is an event where Microsoft MVPs from around the world gather in Redmond technical sessions, meet with Microsoft executives, product teams, and perhaps most rewarding, meet their peers who they may know only by name or from working together on various forums.
Personally, I shall be watching Part 1 again now that Brian Boston is my MVP Lead.
The MVP Program In-Depth:
This last in the series is rather bitter-sweet. It is an interview of Sean O'Driscoll as a General Manager for Community Support and the MVP Program at Microsoft. As it turns out, Toby Richards has since assumed that position as Sean transitions to life outside Microsoft (See 15 years at Microsoft, coming to an end…mixed emotions).
The list of the complete series is provided here, with this last presentation very timely with the MVP Global Summit scheduled for next week. The MVP Global Summit is an event where Microsoft MVPs from around the world gather in Redmond technical sessions, meet with Microsoft executives, product teams, and perhaps most rewarding, meet their peers who they may know only by name or from working together on various forums.
Personally, I shall be watching Part 1 again now that Brian Boston is my MVP Lead.
The MVP Program In-Depth:
"The next 4 podcasts will focus on the ins and outs of the MVP program. Microsoft Most Valuable Professionals (MVPs) are exceptional technical community leaders from around the world who are awarded for voluntarily sharing their high quality, real world expertise in offline and online technical communities."Tune in to the podcasts:
- The Voice of Support - Show 12: The MVP Program In-Depth (Part 1 of 4).
Ed Hickey and Brian Boston, who are both MVP leads @ Microsoft, give an overview of the program.
- The Voice of Support - Show 13: The MVP Program In-Depth (Part 2 of 4)
April Spence and Ben Miller, MVP leads @ Microsoft, talk about where MVPs can be found and the MVP site. - The Voice of Support - Show 14: The MVP Program In-Depth (Part 3 of 4)
April Spence and Mike Fosmire, MVP leads @ Microsoft, provide some details on what the "MVP awards" are all about - and what kinds of events do Microsoft organizes for the program.
"Sean O'Driscoll, a General Manager for Community Support and the MVP Program at Microsoft, is interviewed by Ken Levy discussing the history, current state, and future of Microsoft MVPs and the MVP Program. For the past 5 years, Sean has been responsible for the MVP Program which now includes about 4,000 MVPs worldwide. Microsoft MVPs (Most Valuable Professionals) are a select group of experts representing technology's best and brightest people who share a commitment to community. For more information about the MVP Program, refer to http://mvp.support.microsoft.com/."
Tuesday, April 08, 2008
Microsoft Security Bulletin Summary for April 2008
Microsoft released the Security Bulletin for April, 2008. In addition to an updated version of the Microsoft Windows Malicious Software Removal Tool, there were five critical and three important security update released.
Critical
References:
TechNet:
MSRC Blog:
Critical
MS08-022 -- Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338)
- MS08-023 -- Security Update of ActiveX Kill Bits (948881)
Important
References:
TechNet:
MSRC Blog:
Monday, April 07, 2008
Happy 2nd Anniversary, Security Cadets!
Security Cadets is one of the security and computer help forums where I spend some of my time. I also occasionally contribute to the Security Cadets blog. Two years ago, site owner, AndyAtHull, opened the doors. Changes have been made over the past two years, all growth-related. A trained staff is available for helping with malware and other computer-related issues.
If you are a member at Security Cadets, stop in at the party and join the celebration. Should you need computer assistance, help is free and provided with a smile so don't hesitate to register and post the nature of your problem.
Congratulations, Security Cadets on your second anniversary!
If you are a member at Security Cadets, stop in at the party and join the celebration. Should you need computer assistance, help is free and provided with a smile so don't hesitate to register and post the nature of your problem.
Congratulations, Security Cadets on your second anniversary!
Phishing is not your Phriend
This video of CastleCops Founder Paul Laudanski's lecture recorded in Ford Theater on October 18, 2007, was just made available. In the video, Paul provides a bit of information on himself and Robin as well as Castle Cops and discusses Phishing Methods, Detection, and Data Tracking. The lecture was presented at the invitation of Case Western Reserve University. Sit back and enjoy Paul's excellent presentation:
From YouTube
From YouTube
Thursday, April 03, 2008
April 2008 - Microsoft Security Bulletin Advance Notice
As part of the regularly scheduled updates, Microsoft is planning on releasing five Critical and 3 Important updates on Tuesday, April 8, 2008.
Also planned is the release of five high-priority, non-security updates on Windows Update and Windows Server Update Services and three high-priority, non-security updates on Microsoft Update and Windows Server Update Services.
Additional information regarding the updates is available in the Advance Notification and MSRC Blog post, April 2008 Advance Notification
Also planned is the release of five high-priority, non-security updates on Windows Update and Windows Server Update Services and three high-priority, non-security updates on Microsoft Update and Windows Server Update Services.
Additional information regarding the updates is available in the Advance Notification and MSRC Blog post, April 2008 Advance Notification