Vista Tip-Administrative CMD

Most administrators use the command prompt to run administrative tasks.
The problem is that if you are using Vista, opening the CMD will not allow you to run
commands as an administrator(unclear to me as to why couldn’t they simply let the UAC
take care of it).


To solve this you could start the CMD using a shortcut with RUNAS, a better solution
though is creating a shortcut for CMD and setting the check box by the ‘Run as administrator’
(Properties>Advanced).

No TELNET client in Vista

As I am getting familiar with Vista I was very surprised to find that the
Telnet client is not preinstalled with the OS and it has to be added by:


1. Click Start and go to the Control Panel
2. Select Programs and Features
3. Select Turn Windows features On or Off.
4. Check the Telnet Client option and click OK

Search Abilities in Vista

Finding files in Vista is greatly enhanced. At this stage I don’t want to get into the technical
details of how it works yet I would like to focus on the results: You can find anything in Vista
and fast!


At first I found it odd that when I open the Start menu I can write directly into a search
box. Slowly it grew on me.


When searching several options will narrow down the results you receive:


  1. Prefixing the search with a(or several) criteria you want to use:
    size>10mb bigdocument
    rating:<*** U2
  2. The use of natural language (needs to be turned on by going to Organize>Folder and Search Options>
    Search[Tab]>Use natural language search
    files created today

My first example includes tags (e.g. size,rating). These tags stem from the column heading in Explorer,to view
all of them simply right click a heading and choose the ‘More’ options from the list…

PayPal and Ebay security for the masses?

By providing a keychain device to PayPal users and additional layer of security will be put in
place. The layer will be in the form of a randomly created password that will be visible on the
device(in addition to the standard password) that will be needed to access the account:


writeReferer(‘http://msmvps.com/blogs/donna/archive/2007/01/11/new-paypal-key-to-help-thwart-phishers.aspx’);

New PayPal key to help thwart phishers

Paying for security flaws-Ethical?

In a previous post I have discussed the subject of vulnerabilities market-the subject comes
up again. It seems that companies currently have programs that will pay people who discover
vulnerabilities in OTHER companies products.


To me this raises several ethical questions:


1)Why pay for vulnerabilities?
It is possible to claim that anything done towards exposing flaws(thus warning the
users and obligating the vendor to fix it) is a good thing.
On the other hand doesn’t this cause people to look for these flaw with renewed and added
vigor? And once these people do find a flaw,who will they sell it to,a company that offers a few
thousands of dollars or to a group of people that are willing to put up 50k?


2)Why does a vendor offer to pay for vulnerabilities in another vendors product?
The fact that the company offering to pay for the vulnerability is not the company that is
the owner of the product seems to be somewhat odd in my eyes. It is obvious that the owner
of a product would prefer to lower the tone regarding security flaws discovered in it’s own
products, thus frowning upon such initiatives. Yet at times, it seems that the eagerness of companies to
help other companies by disclosing security flaws in their products is not driven by their
will to help the products users but by something else(gloat?).

And as usual, you have the opposite angle which says that the company offering the money
will disclose all details to the vendor. Yet we all know that the company disclosing the flaw
will want to get the credit and the publicity (if it is a serious issue the publicity will be huge).
Wouldn’t it be “nicer” if the company would disclose the information without requesting the credit and
without creating a fuss around it?


3)Leave it in the dark?
No software is perfect. Flaws will exist in every piece of software and it does not matter
how much effort is invested in preventing them. Considering the fact that currently the new
trend is to target applications and not necessarily the OS we will see a huge amount of
flaws(in my opinion) being discovered in pieces of software that we haven’t really given much
thought to.

It can be claimed that a large number flaws will never will be exploited as they will never be
discovered. In other words unless the flaw is published no one would have used it. Considering
the fact that most of the applications(not the OS) do not have a standard update facility yet,
and due to old habits users may not pay as much attention to them perhaps leaving hidden
vulnerabilities alone may not be a bad idea.
Yet, letting the sun shine on them will obligate the vendors to develop patching mechanisms
and the users to actually use these mechanisms.

The major challenge in creating a mechanism for patching is that each vendor will have a different,
non-standard mechanism. This will be very inconvenient for the user community-enter tools that analyze
a system and provide patches for all software installed…


Every story has three sides:Mine,yours and the truth. I think that this is the case with our
subject,and consider it-building a tool to update all software on a system may not be a bad
idea…