Archive | 2005

IT’s Seven Dirty Words

Over at InfoWorld: Application development, Steve Fox has a funny and true editorial on IT’s seven dirty words. “Remember the George Carlin routine “The Seven Words You Can’t Say on Television”?? (No, I’m not going to print them here; if you’re really curious, Google ’em.) I got to thinking the other day that IT has its own set of dirty words. Try saying any one of these in polite IT company, and someone will hand you a bar of soap to wash your mouth out. My filthy seven:…”

SANS ISC: InfoCon Yellow

Over at Resigned to the Bittersweet Truth, Bill McGonigle posts InfoCon Yellow!. “The Internet Storm Center has declared InfoCon Yellow for the first time since May 2004. ”

“Due to a number of very well working Windows exploits for this weeks patch set, and the zero-day Veritas exploit, we decided to turn the infocon to yellow.

Advice: Use the weekend to patch ALL … read the rest at InfoCon Yellow!

Patents: good, bad or necessary?

Dan Bricklin asks What if VisiCalc had been patented?. “My name has been brought up a few times in the last few weeks with regards to software patents.”

Dan’s stance is interesting and pragmatic. Correction was: “He notes in the post that he just received a patent today, applied for in 1996 during the Trellix days.” Should be: “Interland, the company that purchased the Trellix assets, received a patent today for the 1996 Trellix work.” Congrats, Dan. Interland, use it wisely.

Exploits in the wild for Microsoft’s August patches

Slashdot post: Exploits Circulating for Latest Windows Holes. 1sockchuck writes “Exploits are already circulating for at least two (and possibly four) of the Windows security holes addressed in Microsoft’s updates on Tuesday. Several working exploits have been released for a new vulnerability in Windows Plug and Play technology, which could be used to spread a worm targeting Windows 2000 machines, according to eEye security, which has released a free scanner to help network admins identify vulnerable computers.”

Keep patching! If you were quick on the draw initially, you might have run into trouble as some of the patch files were corrupted, but Microsoft fixed that problem.

New Linux Thin Clients from HP?

I may have missed the initial announcement when these shipped, but browsing through a PC Connection catalog yesterday, I spotted the HP t5515 Thin Client Workstation on sale for a little over $300. This is a diskless PC with a Transmeta Crusoe CPU, 128 Mb RAM, Linux 2.4 burned into Flash RAM, video, audio, NIC, spare PCI slot and USB2. Looks cute, and I could see a lot of places where clients with browser-based data entry, mail and other processes could benefit from the small cost, form factor and power demands to make for a better, cheaper office. Hey, hang an external drive off the USB connection and you have a PC!

HP is a pretty open company and has been pushing Open Source solutions on many platforms. I was surprised to dig through the technical documentation to discover that the Linux image burned into Flash RAM can only be made with a proprietary toolkit from MetroWorks under a fee-based licensing scheme. This looks like a prime opportunity for someone to reverse-engineer the box and allow developers to customize the image to their own needs. The base image that ships with the HP Thin Client includes a proprietary Citrix client, Altiris image management tool, and other software that a developer could clear out, leaving room to customize the box. (The default image also ships with Mozilla, the Open Source rdesktop Windows RDP client, VNC client and VNC server.)

A local technician tells me that his past experiences with thin clients indicated that they should only be used in controlled and air-conditioned environments and that they would tend to overheat if left in a warm room. I’ll be interested to follow how these devices fare.

Update: here’s a review at OSNews.

What’s on the Vista this week?

Microsoft Watch from Mary Jo Foley opines that Microsoft Needs to Come Clean About Vista. “Before Beta 1 went out, Microsoft officials would say little about the next Windows release. But now it’s time to talk turkey… What is Microsoft gaining from hiding the fact that some of the features originally slated for Vista and Longhorn Server have been pulled from the products?”

As I pointed out last week, it’s not a beta until it’s feature-complete. Microsoft is showing off a prototype, a demo. When they have the new UI in place, and lock down the features they plan to actually ship, then it is time for beta evaluation and testing. At this point, it’s just idle promises from a company that might ship something 16 months in the future…

What’s wrong with this HTML?

Internet Explorer (version 6.0.2900.2180.xpsp_sp2_gdr.050301-1519IC – I swear I am not making that up!) reports “Problems with this Web page might prevent it from being displayed properly or functioning properly. In the future, you can display this message by double-clicking the warning icon displayed in the status bar.” The same page loads fine without error in FireFox 1.06, Mozilla 1.7.1, Opera 8.01 and Safari 2.0 (412.2). The page validates correctly using the W3C HTML validator as Transitional HTML 4.01. On Laura’s machine, IE says there’s an error on line 2, without further information. It seems suspicious that IE is the only one to detect an “error.” Can anyone spot the error on this page? (Besides grammar, syntax and content, wise guys 🙂

UPDATE: Found it. Of course, it was a trick question. There was nothing wrong with the HTML. And it was nothing I changed that caused the problem to appear, despite the proximity of changes to the error being found.

There was a small JavaScript call at the end of the third column that looked like this:

<script language="javascript" type="text/javascript" src="
http://technorati.com/embed/cddjc96gix.js">
</script>

And would generate a response that looked like this:

<!--
Profile not found or undisplayable
-->

All of the other browsers (FireFox, Safari, Opera 6 and 8, Camino, Mozilla 1.7.1 and 1.7.11) would gracefully ignore the comment and work fine.

IE, otoh, not only failed, but failed with a miserable error message that gave no clue what document had the error. If the error handler had indicated the JavaScript interpreter had the problem, I could have nailed this in a couple of minutes. Rack this up to lousy error messages, the bane of debugging everywhere!

Microsoft’s Patch Tuesday, August

Last night, Microsoft released its monthly batch of security patches. They include 3 Critical Updates, one Important and two Moderate Security Bulletins. They include:

CRITICAL

* MS05-038 – Cumulative Security Update for Internet Explorer (896727) – Yet another security rollup for Internet Explorer, affecting Win2k and Up (and likely down)

* MS05-039 – Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588) – Puts a whole new meaning in “play,” doesn’t it?

* MS05-043 – Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423) – Just when you thought it was safe to print…

IMPORTANT

* MS05-040 – Vulnerability in Telephony Service Could Allow Remote Code Execution (893756)

MODERATE

* MS05-041 – Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591)

* MS05-042 – Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing (899587)

RE-RELEASES

Re-released this month, with updates for additionally affected platforms and updated patches are:

* MS05-023 – Vulnerabilities in Microsoft Word May Lead to Remote Code Execution (890169) – noting that the Word 2003 Viewer is also in danger

* MS05-032 – Vulnerability in Microsoft Agent Could Allow Spoofing (890046) – Noting that there is a revised update available for x65-based systems.

So, the count is up to 43 Security Bulletins so far this year. It’s the 33rd week of 2005. Trustworthy Computing continues…

Get details on all the latest bulletins and tools from Microsoft at http://www.microsoft.com/technet/security — and get patching!

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.