Re-awarded as Microsoft MVP

Microsoft Most Valuable Professional     I received an email on Dec. 28th from the regional MVP Lead informing me that I’ve been re-awarded as Microsoft MVP again (January – December 2007).  It’s my 4th consecutive year award with Microsoft MVP Program.  I’m actually surprised to receive the early re-award notification because it is not the usual date to know the status but I’m *guessing* that the reason behind the early notification on the award status is the coming soon event for Microsoft MVPs called MVP Global Summit (March 12 – 15, 2007) in which Mr. Bill Gates will deliver the keynote.  The early notification will allow MVPs to prepare for the summit… I *guess*.  Whatever the reason, I’m happy for I’m re-awarded as Windows Security MVP.

Thanks to fellow MVPs, to the MVP Lead Cathy Lee (also to my former MVP Leads Melissa Travers, Jerry Bryant, Emily Freet), to the MVP Program management team for the support and benefit and to the whole team at Microsoft that makes MVPs experience with the program an exciting one.  Thanks also to the Product Groups at Microsoft for listening to the feedbacks that we are sending to them.  Thanks to MSDN Team for the susbcription.  Thanks to Ms. Susan Bradley for this blog page at her Thank you also to Calendar of Updates team and friends for the continous support in keeping users informed on security for PC and Internet.  Last but not the least, thanks to friends and team-mates at Gladiator Security Forums, CNET forums, Alliance of Security Analysis Professionals and its members and to software authors for great work in helping users and full support that I received on many incidents.  There are many more security forums to mention! but I better stop as it is going to be a long one ROFL.  We are all friends because we have same goal and that is to have a safe and enjoyable computing.


The 20 Most Innovative Products of the Year

Always intriguing, often useful, and sometimes surprising, these 20 products showcase some of the best in tech this year.

1. Microsoft Office 2007
2. Intel Core 2 Duo
3. Parallels Desktop for Mac
4. Nintendo Wii
5. Samsung 32GB SSD
6. Sony Reader
7. YouOS
8. Dell XPS M2010
9. Seagate Barracuda 7200.10 750GB
10. T-Mobile Dash
11. Pioneer Inno
12. Farecast
13. Sony BWU-100A Blu-Ray Disc Rewritable Drive
14. Olympus EVolt E-330
15. Google SketchUp
16. Sony PlayStation 3
17. RIM BlackBerry Pearl 8100
18. Rhapsody 4.0
19. Logitech NuLooq
20. Shure E500PTH Sound Isolating Earphones,128176-page,1/article.html,128176/printable.html

ID Vault – a hardware security for online transactions. Vista will be supported.

My fellow admin Hardhead (blog: at Calendar of Updates received a Christmas present from his mom.  It’s ID Vault by GuardID ( 

He shared some thoughts and screenshots on how ID Vault works.  You can see it at

I think ID Vault is cool.  I am using Microsoft Fingerprint Reader as my password keeper.  Then I’m using Norton Internet Security to guard private stuff that I want it protect.  Next, I have to make sure that the bank website or financial institution site that I’m viewing is not fraud, I have to check this and that (protocol https, secure lock icon, security certificate etc) and making sure that the anti-phishing toolbar or filter is not flagging it as fake site.  ID Vault seems offering not just a cool hardware tool, a good way to keep our imporant data (password, login info) in one place but also, PIN it.  Just like ATM machine where our money is in the bank.  We have the ATM card but we can only make transaction in the ATM machine with that card if you have the PIN number.  Another cool thing about it, is ID Vault can be used in any computers that you want to use as long as the software to run ID Vault is installed.

Read more what Hardhead has shared on the above hardware security – ID Vault.  Again, it is in

I want one of that.  It’s interesting and IMHO cool.


Dec. 27th at 3:45AM, my internet connection dropped.  I turned on/off the wifi catcher but still no luck in getting an internet connection.  Wifi manager also show I’m connected locally (to my router and networked computer).  I thought there is a problem with the wifi manager in Vista or maybe my modem or router.  I unplug everything but still no luck.

I gave up after 1 hour of troubleshooting [:D] and Iet the wifi manager, modem and router as on.  Then suddenly I have internet connection again.  Hhmm what’s that? I mean, what happened.  I was guessing that it is maybe a problem with the local ISP.  I went to the ISP website but no report on service interruption.  I tried visiting my forums at but nothing is loading.  I visit Microsoft website but no luck too. 

 I decided to try local sites (Asia sites) and I got no problem in browsing Asia’s websites.  Then I noticed the news about it at Malaysia’s news online The Star.  Taiwan was hit by an earthquake and it is the caused of damaged cables that many neighbouring countries are using to provide internet services.  After some hours, the local ISP here has the information about it.  They are aware of the issue and they are hoping to provide back links for us to use to see outside Asia sites. 

I keep trying and today, it seems OK now.  Sorry for those affected of the earthquake.  It’s sad that this stuff happens especially during holidays where family and friends want to be together to the holidays.  My thoughts and prayers are with you and to those who lost love ones.


MXINSPECT Announces Hosted Prevention Solution That Makes Internet Browsing Safe

MXINSPECT today announces a hosted prevention solution that makes internet browsing safe. The service filters internet traffic for threats and content so only what you desire from the web actually arrives. Web Defense also provides content filtering to protect business interests by limiting the sites that employees may visit. Employee productivity increases are seen not only in impeding the drain in resources caused by malware, but also by preventing staff from wasting work time browsing the internet for personal purpose. Web Defense extends the MXINSPECT portfolio of services, which currently include SPAM and antivirus filtering of email traffic, to cover all web based internet related traffic.

Is Malware Hiding Behind that Certified Site?

A new study warns that Web sites containing security certificates are not necessarily safe. The results were somewhat surprising when Web sites bearing the TRUSTe security certificate were compared against a list of known malware sites from McAfee’s Siteadvisor product, a service that black-lists Web sites containing spyware, spam, viruses and online scams.

Web sites that feature the TRUSTe security  certificate are two times more likely to contain badware than Web sites without any security certification, spyware and adware researcher Ben Edelman alleges in a new report.

Among others, adware providers Direct-revenue and Webhancer are using TRUSTe certificates in an attempt to look more trustworthy than they really are, Edelman claimed. Direct-revenue is facing legal action from the New York Attorney General for its adware software. Edelman alleged that Webhancer often is installed without the user’s consent.

Vista flaw discovered, risk believed low

Windows Vista, the new computer operating system that Microsoft Corp. is touting as its most secure ever, contains a programming flaw that might let hackers gain full control of vulnerable computers.

Microsoft and independent security researchers, however, tried to play down the risk from the flaw, which was posted on a Russian site recently and is apparently the first affecting the new Vista system released to larger businesses in late November.

The software company said it was investigating the threat but found so far that a hacker must already have access to the vulnerable computer in order to execute an attack.

That could occur if someone is actually sitting in front of the PC or otherwise gets the computer’s owner to install rogue software, said Mikko Hypponen, chief research officer for Finnish security research company F-Secure Corp.

“The bottom line is you couldn’t use a vulnerability like this to write a worm or hack a Vista system remotely,” Hypponen said Tuesday. “It only has historical significance in that it’s the first reported vulnerability that also affects Vista. It’s a nonevent in other ways.”

Windows Workstation Service NetrWkstaUserEnum Denial of Service

Affected OS:
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

h07 has discovered a weakness in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service).

The weakness is caused due to an error in the Workstation service when handling NetrWkstaUserEnum RPC requests with a large value in the maxlen field.

Successful exploitation causes svchost.exe to consume a large amount of memory and may result in the system becoming temporarily unresponsive.

The weakness is confirmed on a fully patched Windows XP SP2 system and has also been reported in Windows 2000 SP4.

Solution:  Filter NetrWkstaUserEnum RPC requests with a large maxlen value.

Active users of Messenger Plus! is 14 million — It’s sad and alarming!

Microsoft MVP Sandi Dawn Hardmeier has been researching a lot about Winfixer & Messenger Plus!.
If you are not familiar with both, here’s a brief info:

Messenger Plus! is a free add-on for Microsoft’s Messenger program.  It is not developed by Microsoft.  It’s a 3rd party software. 

Winfixer is a rogue antispyware program.  It’s a SECURITY RISK – See Symantec’s article on Winfixer Symantec is one of the security vendors out there that detects WinFixer and they’ve been updating the detections for it. 

Sandi has the blog entries on this Winfixer and it’s much better to read than Symantec’s article because Sandi’s article will show you what Winfixer does in your computer.

So why Sandi is spending too much energy with the above? because it’s alarming.

Some alarms includes:

ALARM 1: Messenger Plus! conflicts with some programs.  An example

ALARM 2: Messenger Plus! FAQ said “Unfortunately, some of the anti-adware/spyware products distributed nowadays don’t care to make a difference between a clean adware solution and a nasty spyware. As a result, users who want to give their support by installing the sponsor sometimes get scared by alarming warning coming from their anti-adware/spyware product. In addition to displaying false information to their users, these products can also, in some occasions, damage the installation package of the sponsor, preventing further removal. This is why warning related to Messenger Plus! should be ignored and the proper procedure be followed (see below). In case of doubt, remember that Messenger Plus! has been on the market since 2001, longer than many of the detection software you see nowadays. Millions of people are using it daily, proving without the shadow of a doubt that the program is reliable and can be trusted.”

Symantec and other reputable security tools who are in the market for many years or before 2001 or before Messenger Plus! comes out.  These reputable security tools will not flag Winfixer and other risks if it’s not bad.  Messenger Plus! sponsor program is a gate by Winfixer and other ads to fool users in downloading and installing a rogue antispyware product so why install Messenger Plus! sponsor program that will put you at risk?

ALARM 3:  Messenger Plus! comes is different flavors – a sponsored and a non-sponsored program.  If you’ll get the sponsored program… you will get adware.  Some might say, oh! I don’t mind using Adware program since the application is cool and it has what I want and need.  Be careful guys.. adware that comes from Messenger Plus! sponsor program will likely give you WinFixer, LOP, C2Media.  Your hosts file could be over-ridden or modified without your knowledge or consent (?) by their own host file.  See the EULA of MP! to have an idea what you are dealing with.

ALARM 4FOURTEEN (14) MILLION ACTIVE USERS!!!!  That’s not a WOW from me but a sad numbers.  Sandi is right, we are not sure how many of those active users are using the sponsor program. 

If you will read all the articles made by Sandi, you’ll see more alarming stuff in installing MP! with sponsor program!

Let’s hope the active users of Messenger Plus! sponsor program will not grow.   There are other ways to get support from users e.g. donation, or by charging users who want to use the program IMHO so to tell the users to install MP! with sponsor program as way to support MP! is unacceptable.  The software author should give the users the option on how to support his program.  Remove the sponsor program! Give that as your christmas gift and a contribution to the community by giving them a 100% adware-free MP! I’m sure there will be donation if your program is worth for a $.

My security wish list this Christmas – I hope Microsoft will disallow such program in extending itself to their Windows Live Messenger or MSN or Windows Messenger because there is a CLEAR SECURITY RISK to users!  OK.. users opted for it.  Still, if it’s blocked to be added in Microsoft’s Live Messenger Program… there will no 3rd party security risk.

Hey Sandi.. As I’ve said “I salute your work!” [:)]

Microsoft Windows MessageBoxA Denial of Service Vulnerability

Microsoft Windows is prone to a local denial-of-service vulnerability because the operating system fails to handle certain API calls with unexpected parameters.

A local unprivileged attacker may exploit this issue by executing a malicious application.

Successful exploits will crash the operating system, denying further service to legitimate users.