Doomsday DNS flaw!!! (or is it?)

The last few days(actually almost a month now) have been very exciting in the relatively
“boring” world of DNS. In that world nothing much changes…DNS has been around for
quite a while now and it has always helped us translate friendly names into long and daunting
numbers (IP addresses).

It did so in a reliable and predicable manner. Yet that soothing effect of predictability seems
to have gotten it into trouble. According to security researcher Dan Kaminsky, a vulnerability
exists in the NDS implementation itself (affecting all vendors) that allows cache poisoning
(in other words, an incorrect IP address will be inserted into a DNS servers cache for a well
known website [e.g. your bank]).

Dan turned over the details to multiple vendors and worked with them to patch their systems.
He also decided to keep the details of this vulnerability confidential until his session at the Black
Hat security conference in Las Vegas (this seems to have failed, the details have leaked to the
Internet and discussion around his request to keep it quiet rages on).
In addition to that it seems that now there is an actual working exploit out there…

I won’t go into too much technical detail regarding this vulnerability (partly due to the fact that
I am not fully familiar with it), yet it seems that it has to do with the predictability of the
queries and replies being exchanged between servers and clients and servers.

Microsoft has release a patch for this vulnerability at:

Note that the patch changes the behavior of DNS server(specifically which ports they use), and
this may confuse some firewall software.

CERT have published an article at:

User Account Control (UAC) timeout

About an year ago, I wrote a relatively long and detailed post about UAC. One
thing I failed to mention is what happens once an application that you have started
requires acknowledgment yet the request is ignored.

UAC has a timeout of two minutes. If no acknowledgment is received within those
two minutes, the action fails silently (same as if you would have declined).

The only thing that bugs me here is that you have no notification/logging of what
just happened. If you were away from the system while the UAC prompt appeared
you might not understand why something failed…

The empire strikes back (or project Mojave)

In the last few weeks it seems that Microsoft is on the warpath. Microsoft feels that
it has a bad image and it would like to change that. One of the major contributors to this
image is Windows Vista.

Windows Vista is perceived as a problematic OS (to say the least). Even though SP1 has
fixed some of the bad reputation that Vista received it is still perceived as a bad OS. In my
opinion this belief has no foundation, I have been using Vista for a very long time now
and I am very happy with it. Just as everything in life, Vista has a price: you need better
hardware (that is cheaper these days), ISVs had to fix application for them to run
on Vista and hardware manufacturers had to create drivers to fit the standards Vista has set.

Skeptics may say that none of the things I mentioned should happen for a consumer to be
able to enjoy Vista. In my opinion (again), this claim is absurd. I see the OS as the engine
of a system, would you mount a new super fast engine on an old airplanes body? Why not?
Oh,it would rip it apart…and whose fault would that be,the engines manufacturer or yours?

But we are diverging from what I wanted to write about in this post, which is ‘Mojave’.
based on rumors it seems that ‘Mojave’ is codename of a new OS created by Microsoft…Well
not exactly. As part of Microsoft’s attempt to fight back and tell it’s story about Vista,
Microsoft decided to meet with a group of Vista skeptics (basically people that think Vista is
bad). The group was told they will be shown a new OS codenamed Mojave and that they should
give feedback on the new product. Based on reports, 90% of the participants provided positive

At this stage they were told that Mojave is actually Windows Vista…


The whole experiment was filmed, I hope that it will be revealed,seeing the expressions
will be priceless…and as always,perception is everything.

Click here for additional coverage.

Influencing the product

Since I have started working at Microsoft, I always hoped that I will be able to contribute
and influence the development of a product.

My role at Microsoft is that of an IT manager.I manage a team that supports the user
community and infrastructure at the development center in Israel (Haifa). My main focus is
supporting the people that build the products.
Yet, I believe that the added value that I, and my team can provide to the business is
the feedback we can provide as an IT department by dogfooding and providing
general feedback on the products being developed. Since most products built at Microsoft
touch the IT world, we are the best candidates to work on them before they are released.

Earlier this week I had the privilege to meet representatives of the team working on
Forefront Threat Management Gateway (engineers and technical writers). In this meeting they
have asked for my feedback on the UI of the product. We went through the process by acting
out specific scenarios and reviewing the GUI used to configure those scenarios. During the review
I had quite a few observations, one such observation is that when choosing a deployment
scenario in the ‘Getting Started Wizard’, the description text  for each scenario should be more
descriptive regarding the real life usage of that scenario.

I was happy to see that the information I provided was noted and that the
product will be changed to reflect my observations, insofar as they coincide with observations
of other target/representative customers.

All in all it is great to know that the product teams are open to suggestions and are
willing to receive feedback and implement it.  

Protecting your WoW account

As a past player of World of Warcraft I am impressed. Basically, in the game you
play a character that you build and cultivate. This character interacts and lives inside
the virtual world of WoW. Just as in real life, you wouldn’t want to have this identity
to be stolen.

So what do Blizzard do you ask?

Well, they will provide you(for a fee offcourse) with a SecurID 6 digit token. In other
words,whenever you authenticate you also need to provide the 6 digit number showing
on the token.

Security everywhere…


Read more at Engadget…

Slipstreaming IE 8 into Windows Vista

WIM images provide huge amounts of flexibility. Personally, I was very disappointed
to find out that SP1 could have not been slipstreamed into Vista. After a long wait
we can finally feel that it has been a worthwhile wait. IE8 (at Beta1) can be slipstreamed
into WIM images!

Matt Hester, shot a short video describing the whole process. The video can be found at
the following link.

BitLocker and Hyper-v

Slowly but surely BitLocker is starting to creep into our lives. Soon enough we will
be convinced that it was there all along. Microsoft have released a document describing
how BitLocker and Hyper-V can and should work together to provide a secure virtual

Download it here.

IRM in Outlook 2007

These days I find myself using Outlook as the main tool I use to communicate. Thus,
the more I know about it, the better. Information Rights Management enables us to protect
our data to some extent. When used in conjunction with Outlook, in addition to protecting
our data it can also help us shape the way our communication is used.

One useful example is the ability to prevent the dreaded ‘Reply to all’ button…

The Outlook team has decided to publish a series of posts regarding IRM with Outlook,
this is the first one: