Yesterday Betty shed this mortal coil. Hers was a hard life, yet one filled with periods of joy of which we are blessed to remember. She was a small kitty who sauntered into our lives one summer afternoon...
Thursday, August 18, 2005
Tuesday, August 16, 2005
Security Advisory: Acrobat and Adobe Reader plug-in buffer overflow - Support Knowledgebase
Security Advisory: Acrobat and Adobe Reader plug-in buffer overflow - Support Knowledgebase
Yet another vulnerability! This one will probbaly slip under the radar too, but is one of the most commonly installed applications. If you have it, update it!
Yet another vulnerability! This one will probbaly slip under the radar too, but is one of the most commonly installed applications. If you have it, update it!
Monday, August 15, 2005
Uptime – Longer is better?
A while back Windows 2000 and Windows XP were touted as much more stable and secure operating systems than their predecessors. By in large that is true (despite the monthly patching cycle). However, with that very same patch cycle we now are to the point that if a machine is online for more than 30 days, you can be 100% assured it is missing patches or a patch has not been 100% applied (e.g. Reboot Pending).
I also see machines, which are behind on anti-virus updates. The typical trend I have noticed is that the machine has usually been online for 20, 30, 60 or more days. (Current longest I can recall is 72 days). Up, but not entirely stable, eh?
Hell, which is great right. A mature robust operating system that can stay up and work for 72 days without a reboot. Back in the Win9X days or even some of the NT days who would have thought that? Well, some people I am sure, is that a good thing?
If you have a machine in your environment today that has an uptime of 72 days, you can be assured that it is vulnerable to many exploits. Some minor, some severe. Taking today’s example you would have a machine that is vulnerable to MS-038, MS-039, and MS-043, all wormable exploits. (Some in the wild already, and more to come)
On the workstation side of the coin, you do not want to see long uptimes, and even in the server world you do not as well, because that means the machine has not been patched. Today most patches still require a reboot. We can get them all chained together upon boot, but if that machine is not fully bounced it is not fully patched.
What is the answer? Two fold.
Microsoft must implement patch installs that do not require a reboot (Not much chance for XP/2000 and probably even Vista).
System Administrators will need to ensure that one measure for problematic machines is an uptime report; perhaps even schedule automatic reboots at 7, 14, or 21 days if the patch cycle alone is not enough.
Even with having to shorten the uptime of all machines, we are still a lot better off than the Win9X days…
I also see machines, which are behind on anti-virus updates. The typical trend I have noticed is that the machine has usually been online for 20, 30, 60 or more days. (Current longest I can recall is 72 days). Up, but not entirely stable, eh?
Hell, which is great right. A mature robust operating system that can stay up and work for 72 days without a reboot. Back in the Win9X days or even some of the NT days who would have thought that? Well, some people I am sure, is that a good thing?
If you have a machine in your environment today that has an uptime of 72 days, you can be assured that it is vulnerable to many exploits. Some minor, some severe. Taking today’s example you would have a machine that is vulnerable to MS-038, MS-039, and MS-043, all wormable exploits. (Some in the wild already, and more to come)
On the workstation side of the coin, you do not want to see long uptimes, and even in the server world you do not as well, because that means the machine has not been patched. Today most patches still require a reboot. We can get them all chained together upon boot, but if that machine is not fully bounced it is not fully patched.
What is the answer? Two fold.
Microsoft must implement patch installs that do not require a reboot (Not much chance for XP/2000 and probably even Vista).
System Administrators will need to ensure that one measure for problematic machines is an uptime report; perhaps even schedule automatic reboots at 7, 14, or 21 days if the patch cycle alone is not enough.
Even with having to shorten the uptime of all machines, we are still a lot better off than the Win9X days…
Tuesday, August 9, 2005
Microsoft Patches for August
Today, Microsoft released their security bulletins for August. Six updates (Windows Update returned eight updates for my machine; which was 100% current as of the last patch cycle).
Microsoft Security Bulletin Summary for August 2005
http://www.microsoft.com/technet/security/bulletin/ms05-aug.mspx
Some more information on the patches and some guidance from Marc Maiffret on the possible ease of developing exploits for these vulnerabilities,
See the full email on the Patchmanagement.org listserv archive
http://marc.theaimsgroup.com/?l=patchmanagement&m=112361882832258&w=2
Microsoft Security Bulletin Summary for August 2005
http://www.microsoft.com/technet/security/bulletin/ms05-aug.mspx
Some more information on the patches and some guidance from Marc Maiffret on the possible ease of developing exploits for these vulnerabilities,
The two most critical patches to install ASAP are MS05-039 and MS05-043...
This is a very easy to exploit vulnerability. The time to
reverse engineer this patch and find the vulnerability to exploit should only be a few hours (it took us an hour, as we didn't report the bug).Marc Maiffret
See the full email on the Patchmanagement.org listserv archive
http://marc.theaimsgroup.com/?l=patchmanagement&m=112361882832258&w=2
Monday, August 8, 2005
Spyware Warrior ? Massive ID Theft Ring Discovered
Spyware Warrior - Massive ID Theft Ring Discovered
Which are you more worried about? Spyware or viruses? The lines between these types of malware are merging, but they are still separate issues. As this .blog thread will illustrate I think the real threat is Spyware!
Which are you more worried about? Spyware or viruses? The lines between these types of malware are merging, but they are still separate issues. As this .blog thread will illustrate I think the real threat is Spyware!
Inside Tech Support
Inside Tech Support
Ever wonder what happens in a technical support call center, this is a good example of all the little things that are wrong. You could call this deep dark true humor (It gets a chuckle from me), or you could call it stress therapy where this individual is venting off stress from a rough job.
Both are true. This set-up is a mirror image of many IT support environments. The only real question is, can it be fixed? Does overseas support provide better support (even if you cannot always understand them through the accent), than the unskilled or skilled but angry individual?
Wouldn’t a grand social experiment be the following… (many people on some forums are waiting for the day this anonymous OOL tech gets caught and fired), however instead of firing him take the “Office Space” approach and promote him/her, give them the power to making sweeping changes and see if it solves problems.
Okay, now, which company is going to do that!?
Ever wonder what happens in a technical support call center, this is a good example of all the little things that are wrong. You could call this deep dark true humor (It gets a chuckle from me), or you could call it stress therapy where this individual is venting off stress from a rough job.
Both are true. This set-up is a mirror image of many IT support environments. The only real question is, can it be fixed? Does overseas support provide better support (even if you cannot always understand them through the accent), than the unskilled or skilled but angry individual?
Wouldn’t a grand social experiment be the following… (many people on some forums are waiting for the day this anonymous OOL tech gets caught and fired), however instead of firing him take the “Office Space” approach and promote him/her, give them the power to making sweeping changes and see if it solves problems.
Okay, now, which company is going to do that!?
Technology apathy?
Lots of talk about patches and vulnerabilities of late, just when I was thinking some of the bigger items were behind us there looms some huge potential issues. However, I have taken a moment to step back to try to look at the larger picture. The following are some key points I noticed,
- Sloppy software development techniques
- Rushed release dates
- inflexible software developers (e.g. support and patching)
- irresponsible vulnerability disclosure
- general acceptance for BETA software in production environments
- unskilled administrators
- unskilled end users
- lack of resources
I could grow that list a bit more of I wanted, but that is a good enough start. What do those bullet points mean? Overall, those are all contributors to the larger problem that is facing us today… What is it?
I would tenetivly call it technology apathy.
Each of those is a symptom of this issue and often are found in the business world driven by non-technology skilled decision makers. They all have technology apathy…
moreover, they embrace it!
Now how many times are these same people babysat with the technology they need to do their jobs. How much money have they cost their organization by their apathy? That is the possibly one of the deepest roots of the problem.
How many front line administrators have stood up and stated that XYZ needs to be changed or implemented, but it was not allowed for a myriad of reasons? (E.g. Budgets, politics, time issues, or worse apathy towards understanding the true need for the change, product, or service).
There is virtually no job function or industry that is not impacted by technology today and is only going to continue, however as long people are allowed to embrace technology apathy, the symptoms above and many more will continue to plague us.
Small Dog Rescue and Humane Society
Small Dog Rescue and Humane Society
Remember those two little dogs we found? The humane organization updated their website. They are about 7months old. Wee little ones. Still looking for homes. Click on the link in the title then head over to the adoptables page for more information on those two and more.
Remember those two little dogs we found? The humane organization updated their website. They are about 7months old. Wee little ones. Still looking for homes. Click on the link in the title then head over to the adoptables page for more information on those two and more.
Thursday, August 4, 2005
Windows 2000 open to IP attack
Windows 2000 open to IP attack - Security Strategy: "Windows 2000 open to IP attack"
Hmm… Here we go again! This could be interesting and I do not mean that in a good way! Microsoft has communicated pre-release details about some of the patches coming next Tuesday, and they have communicated that they will be re-releasing the Windows 2000 security roll-up package… Now comes news that eEye has found a wormable security vulnerability in Windows 2000 and there still exists the possibility that other OS versions are affected also.
No details have been released as is stated in the article on silicon.com one can only hope this get patched and gets silently left behind, however, expect to hear more about this one sooner rather than later…
Hmm… Here we go again! This could be interesting and I do not mean that in a good way! Microsoft has communicated pre-release details about some of the patches coming next Tuesday, and they have communicated that they will be re-releasing the Windows 2000 security roll-up package… Now comes news that eEye has found a wormable security vulnerability in Windows 2000 and there still exists the possibility that other OS versions are affected also.
No details have been released as is stated in the article on silicon.com one can only hope this get patched and gets silently left behind, however, expect to hear more about this one sooner rather than later…
Subscribe to:
Posts (Atom)