Monthly Archives: May 2008

Featured in FUD Watch

Recently I took issue on my About.com Internet / Network Security site with a ’study’ published by a security software vendor which alleged that Microsoft’s Windows Vista operating system has weaker security than Windows 2000. The study, in my opinion, pulled a few magic numbers out of context and tried to use them to build [...]

Comcast Hijackers Expose Flaws in Internet’s DNS

Teen hackers Defiant and EBK apparently used “social engineering” to disrupt Comcast Web sites and redirect user e-mail. Defiant and EBK used the Domain Name System and registrar Network Solutions to reroute and deface Comcast sites. Defiant and EBK took comcast.net down for more than two hours and put obscenities in the WHOIS information.

http://www.data-storage-today.com/story.xhtml?story_id=13200CUXO3OC

See also:  How was Comcast.net hijacked? http://www.newsnow.co.uk/A/278825466?-18613

Hacker Changes Mars Lander’s Web Site, Redirects Traffic

A spokeswoman for the Phoenix Mars Lander mission says a hacker took over the mission’s public Web site during the night and changed its lead news story.

Spokeswoman Sara Hammond says a mission update posted Friday was replaced with a hacker’s signature and a link redirecting visitors to an overseas Web site.
http://www.foxnews.com/story/0,2933,361170,00.html

Alex Wins his Berth to the State Track Meet

Despite a strong wind that seemed to come from all directions at once JOMS-600x200sometimes, Alex met the challenge today and qualified for a trip to the State Track meet at the Jesse Owens Memorial Stadium on the grounds of Ohio State University.


Alex qualified with the exact same time that he qualified for the Regional Finals with — a time of 50.77 seconds in the 400m.  He came in 3rd place, and he's the only Junior (11th grader in High School) to move on to the State tournament (all of the others to qualify were Seniors).


Here's the video of his run (listen to how hard the wind was blowing)…



If you know, or have ever met, Alex, you know that he's a tall, lanky fellow.  So, seeing him in the 3rd place position on the awards blocks was kind of funny.  Even Alex Trent 3rd Place Ohio Regionalthough he's in the 3rd place spot on the block, his head is still on the same level as the 2nd and 1st place finishers.  Notice the 1st place winner, though.  Alex and I both really liked the uniforms this team wore.  The emblem on the chest of the uniform makes them look like superheroes.  How can you *not* be intimidating wearing a superhero costume?  Alex indicated he may try to talk his coach into new uniforms for next year.


Alex's height has always been a plus, because being tall usually means you're generally not fast.  This causes other runners to underestimate his speed.  Today, however, his height was a detriment because he had a much higher profile to the wind, which slowed him down considerably.  So, you can understand a bit what a feat it was to finish even 3rd.  He said that at times he felt he was moving in slow motion.  He felt he was in one of those dreams where you run as fast as you can but don't get anywhere.


Yet, here's our boy, wearing his Regional hardware (bling) proudly:


Alex Trent Regional Winner


He didn't take it off for several hours even after we made it back home today. JOMS-statue And, incidentally, he's still wearing his track uniform.


After the race the local newspaper grabbed him for an interview.  Alex said he gave them the standard sports comments like "I'm pleased to do well today" and "I'm really excited to be moving on".  Funny guy.  So, I should have more to post tomorrow about this when the local paper releases.  What's interesting is that his interview will be in the Sunday paper — the biggest paper of the week.  That should get some additional attention from potential colleges.


So, yeah.  We're off to Ohio State University on Thursday of this week.  Alex's  qualifying run is on Friday, June 6th, at 3:10pm.  If he finishes in the top 4 of his heat on Friday, he'll run again on Saturday, June 7th, at 2:05pm.  We're going to make a fun, family weekend of it.


If you happen to be in the Ohio State area either of those days, drop by and look us up, and sit down to watch our boy run.  We'll be in Building 092 on the Ohio State campus.


athletics


Located on Fred Taylor Drive, north of Lane Avenue, Jesse Owens Memorial Stadium is the newest addition to The Ohio State University Department of Athletics’ aggressive campaign to upgrade and build state-of-the-art facilities for competition.

The 10,000-seat Jesse Owens Memorial Stadium arguably is one of the finest multi-sport facilities in the country, hosting track and field and lacrosse in the spring and soccer in the fall.

 


 


 


Jesse Owens Memorial Stadium JO
Building 092
2450 Fred Taylor Dr
Columbus, OH 43210

Blackberry Refuses To Spy For India

Research In Motion, the company that makes the Blackberry phone, has refused demands by the Indian government to decrypt suspicious text messages.

There are only around 115,000 Blackberry users in India, but they’re causing the government a problem. It seems that the country’s security services and department of technology haven’t been able to unencrypt text messages sent on the Blackberry, and they’ve asked Research In Motion (RIM), the Canadian company that makes the device, for the master key, worrying that criminals and terrorists might take to the device.

http://news.digitaltrends.com/news-article/16814/blackberry-refuses-to-spy-for-india

Blended Threat from Combined Attack Using Apple’s Safari on the Windows Platform

Microsoft Security Advisory (953818)
Microsoft is investigating new public reports of a blended threat that allows remote code execution on all supported versions of Windows XP and Windows Vista when Apple’s Safari for Windows has been installed. Safari is not installed with Windows XP or Windows Vista by default; it must be installed independently or through the Apple Software Update application. Customers running Safari on Windows should review this advisory.

At the present time, Microsoft is unaware of any attacks attempting to exploit this blended threat. Upon completion of this investigation, Microsoft will take the appropriate measures to protect our customers. This may include providing a solution through a service pack, the monthly update process, or an out-of-cycle security update, depending on customers needs.

Mitigating Factors:

•    Customers who have changed the default location where Safari downloads content to the local drive are not affected by this blended threat.

http://www.microsoft.com/technet/security/advisory/953818.mspx

Broadcast Flag Follow-up

I’ve been attempting to learn about the Broadcast Flag over the past few days, and instead of focusing on what it can/can’t do I decided to look at a few other things.



First of all, I want to say that I believe the issue early this month with NBC was a total fluke.  I think a lot of people are getting bent out of shape considering this has been and continues to be a onetime bug not reproducible by anyone at Microsoft, NBC, EFF, etc.  This is compounded with the lack of understanding between different technologies, mainly Copy Generation Management System – Analog (CGMS-A) and the Broadcast Flag.  The Broadcast Flag only applies to Over the Air (ATSC) broadcasts.  It doesn’t and can’t apply to NTSC, CableCARD, etc.  It is understandable that people are upset when something like this happens (especially with the longstanding CGMS-A issues, and CableCARD issues that mostly appear to be software conflicts), but everything needs to be kept in check.



With all of that said, this whole situation doesn’t match up.  On Microsoft’s side first, they said “Microsoft included technologies in Windows based on rules set forth by the (Federal Communications Commission).”  CNET published the story under the title “Microsoft confirms Windows adheres to broadcast flag” despite the fact nothing they published from Microsoft said “Broadcast Flag.”  It is also worth noting that the FCC doesn’t have any rules on the Broadcast Flag.  Ten days later CNET published a follow-up story refuting parts of their previous story quoting Microsoft as saying “Please note that Windows Media Center does not support Broadcast Flag.” 



Cut to NBC’s side of things, CNET reported that NBC “made an inadvertent mistake” and “incorrectly flagged” the shows in question and they later reported that “It was a CGMS-A flag, not a broadcast flag.”



Where does this leave us?  With a seemingly rare occurrence that can’t be reproduced.  Microsoft says the Broadcast Flag isn’t supported, NBC says they didn’t put the Broadcast Flag on and instead they magically enabled CGMS-A(nalog) on a pure digital ATSC broadcast.  These two bits of information are where things actually get interesting.



NBC first, they are saying they enabled CGMS-A, an analog (NTSC) copy protection technology on a non-analog (ATSC) broadcast.   In NTSC, the CGMS-A bits are broadcast in Vertical Blanking Interval (VBI) which also carries closed captions, V-chip data, and other digital data.  However, best I can find there is no standard for CGMS-A in ATSC broadcasts.  There is a VBI extension for ATSC, but based on the specs it doesn’t support CGMS-A.  Can CGMS-A even be put on ATSC?  Based on what I’ve seen the answer would be no.  If this is the case, it leaves NBC with no idea what really happened on the broadcast end.  If it was somehow CGMS-A on ATSC it would also seem to be a onetime occurrence that has ever been reported before.



On Microsoft’s side, the question is does Windows support the Broadcast Flag?  Microsoft says “Windows Media Center does not support Broadcast Flag,” but there is more to the story then that.  Who knows what the software truly supports, but Microsoft has developed for the Broadcast Flag in the past.  Most notability while developing for Vista which would be prior to the time it was officially stuck down.



Microsoft’s position on the Broadcast Flag is simple and is even semi-outlined in a 2003 document.  Basically it boils down to we will support the Broadcast Flag if it is created with us in mind.  This is exactly how I would expect Microsoft to deal with it in a world of digital video on the Internet and Microsoft wanting to push their Windows Media technologies.  It is no secret, Microsoft supported CGMS-A in Windows Media Center way back in 2002 and now they are the only PC-based platform with CableCARD and pending DIRECTV support.  It is a game that Microsoft knows how to play, and it pays in the end (it also helps grow their digital download aspirations, Microsoft TV division, etc).



Other interesting bits are the ASF specs which reference and start to define how to deal with the “Broadcast Flag” (I’m assuming that’s proper Broadcast Flag and not general flag in a broadcast).  And then there are the PBDA PowerPoint’s from Vista, which show a nice block diagram of 8VSB demodulation (which is ATSC)  with the Broadcast Flag clearly being detected with dealt with.

image


Since Microsoft really never published any of the in-depth specs for PBDA type stuff we don’t know for sure if Windows does “support” it, or rather if Broadcast Flag support is in the live implementation.  I’m not trying to scare anyone or suggest Microsoft wants to kill access to all of your media (they want the opposite), but I think it is important for everyone to understand what can be done.



While I haven’t had the time to do in-depth research on the Broadcast Flag in general, I do see that the issue between NBC and Microsoft from a few weeks ago is appearing to be nothing but a fluke.  I’m interested to see if anything like this (copy protection on ATSC) happens again, but truthfully the situation is looking more like a single rare occurrence to me than an issue with the Broadcast Flag.

OpsMgr 2007 : Des extensions pour Cross Plateform

Pour Rappel, Cross Plateform monitoring est une future fonction d’Operations Manager 2007 permettant d’intĂ©grer nativement la supervision de serveurs Linux et Unix. Ă  ce jour, 4 plateformes sont supportĂ©es (HP-UX, Red Hat Enterprise Linux, Sun Solaris et SUSE Linux Enterprise Server).


Alors que ce produit très prometteur n’en est qu’Ă  sa version bĂ©ta, l’Ă©diteur Xandros a dĂ©jĂ  annoncĂ© des extensions Ă  l’offre Cross Plateform permettant la prise en charge de MySql, Apache, Tomcat, …


J’attend tout cela avec impatience [:D]

Useful SharePoint Designer custom activities

I was searching projects in codeplex.com and found an interesting project called Useful SharePoint Designer Custom Workflow Activities where you can find:

  • Send Email with HTTP File attachment – Allows sending emails with attachments retrieved using a web request
  • Send Email with List Item attachments – Allows sending list item attachments as files attached to an email
  • Start Another Workflow – Starts another workflow associated with a list item
  • Grant Permission on Item – Allows granting of specified permission level on a spicified item
  • Delete List Item Permission Assigment – Allows deleting of specified permission level assigment for a given user
  • Reset List Permissions Inheritance – removes any unique permissions assigned to an item by inheriting list permissions
  • Is User a member of a SharePoint group – Checks if a given user is part of given sharepoint group
  • Is Role assigned to User – Checks if a user role is already assigned on the current list item
  • Lookup user info – allows to lookup properties in site’s user information list for a given login
  • NEW! Copy List Item Extended Activity – Allows copying/moving list items and files cross site.
  • NEW! Send Email Extended – Enhaced version of the OOTB activity. Allows you to specify the sender. Also does not break links in body.

And also there are a few activities related to working with InfoPath. Not so long ago I was writing code to read and write values inside InfoPath forms on current Workflows. So, these activities are very useful.

  • Get InfoPath field inner text
  • Get InfoPath field inner xml
  • Set InfoPath field inner text
  • Set InfoPath field inner xml

Kudos to Paul Kotlyar’s

OpsMgr 2007 : Présentation Disaster Recovery

Voici un webcast de Satya Vel et Starr Parker qui montre les mĂ©thodes de rĂ©cupĂ©ration d’une infrastructure Operations Manager.


Un très bon webcast à ne pas manquer.


Téléchargement ICI.

Recent Comments

Archives