MSMVPS.COM

Phishing for Quickbooks

bradley — Sat, 05 Dec 2009 02:09:00 GMT

On the topic of Quickbooks... be aware that there is a phishing email scam going around to grab your information.

Intuit - Security Alert:
http://security.intuit.com/alerts/alert.php?a=8

IMPORTANT UPDATE FOR QuickBooks Customers: Intuit is receiving reports of individuals receiving fraudulent email from QuickBooks or QuickBooks Online. The emails asks customers to download a plug in to assess their security. Customers should delete this email. As we discover these fraudulent sites (cyber criminals often use the same email repeatedly, although they change web sites), we take them down.

Silverlight: ComboBox SelectedItem

Deborah Kurata — Sat, 05 Dec 2009 02:08:06 GMT

When last we saw our Silverlight ComboBox in this prior post, it was correctly populating, but as we paged through the records in our DataForm, the SelectedItem was not set correctly.

In XAML:

Regardless of the customer type for a Customer, in this example the SelectedItem is always set to the first item on the list.

The basic problem is that the data bound to the ComboBox has both a display member (the CodeText) and a value member (the CodeId). We want to bind the Customer object's CustomerTypeId property to the Code object's Code Id.

The ComboBox has a DisplayMemberPath property so the ComboBox does display the CodeText properly. It also has a SelectedItem property, which is expecting a Code object. But the Binding statement does not allow us to specify a Code object, only a property name (CustomerTypeId in this case).

Because the ComboBox does not have a ValueMemberPath property, there is no easy way to tell the control that it should map the CustomerTypeId to the CodeId. But there is a hard way using value converters.

A value converter is basically what it sounds like: it converts one value to another value. Use a value converter any time that you want to reformat or change a value in any way.

For the ComboBox SelectedItem to work correctly, we need to "convert" the CustomerTypeId to an appropriate Code object. Basically we need to use the CustomerTypeId to find and return the Code object with a matching CodeId.

Building a converter is not very hard once you know the basics. Just build a class that implements IValueConverter. Then write the code in the associated Convert and ConvertBack methods. I added this class directly to my Silverlight project.

NOTE: Be sure to import the System.Windows.Data namespace.

In C#:

using System.Windows.Controls;
using System.Windows.Data;

namespace SLCSharp
{
public class CustomerTypeIdConverter : IValueConverter
{

public DomainDataSource ItemsSource { get; set; }

        public object Convert(object value,
            System.Type targetType,
            object parameter,
            System.Globalization.CultureInfo culture)
        {
            // Set a default return value
            int custTypeId = (int)value;
            BoCSharp.Code returnValue = null;

            // Look for the value in the list of items
            foreach (var item in ItemsSource.Data)
            {
                BoCSharp.Code codeObject = (BoCSharp.Code)item;
                if (codeObject.CodeId == custTypeId)
                {
                    returnValue = codeObject;
                    break;
                }
            }
            return returnValue;
        }

        public object ConvertBack(object value,
            System.Type targetType, object parameter,
            System.Globalization.CultureInfo culture)
        {
            // Set a default return value
            BoCSharp.Code codeObject = (BoCSharp.Code)value;
            int returnValue = 0;

            if (codeObject != null)
            {
                returnValue = codeObject.CodeId;
            }
            return returnValue;
        }
    }
}

In VB:

Imports System.Windows.Data

Public Class CustomerTypeIdConverter
Implements IValueConverter

    Private _ItemsSource As DomainDataSource
    Public Property ItemsSource() As DomainDataSource
        Get
            Return _ItemsSource
        End Get
        Set(ByVal value As DomainDataSource)
            _ItemsSource = value
        End Set
    End Property

    Public Function Convert(ByVal value As Object, _
               ByVal targetType As System.Type, _
               ByVal parameter As Object, _
               ByVal culture As System.Globalization.CultureInfo) _
          As Object _
          Implements System.Windows.Data.IValueConverter.Convert
        ' Set a default return value
        Dim custTypeId As Integer = CType(value, Integer)
        Dim returnValue As BoVB.Code = Nothing

        ' Look for the value in the list of items
        For Each item In ItemsSource.Data
            Dim codeObject As BoVB.Code = DirectCast(item, BoVB.Code)
            If codeObject.CodeId = custTypeId Then
                returnValue = codeObject
                Exit For
            End If
        Next

Return returnValue
End Function

    Public Function ConvertBack(ByVal value As Object, _
               ByVal targetType As System.Type, _
               ByVal parameter As Object, _
               ByVal culture As System.Globalization.CultureInfo) _
          As Object _
          Implements System.Windows.Data.IValueConverter.ConvertBack
        ' Set a default return value
        Dim codeObject As BoVB.Code = DirectCast(value, BoVB.Code)
        Dim returnValue As Integer = 0

        If codeObject IsNot Nothing Then
            returnValue = codeObject.CodeId
        End If

Return returnValue
End Function
End Class

This code defines a property for the DomainDataSource. This allows you to pass in the Codes data source so you can find the appropriate Code object based on the CustomerTypeId.

The Convert function "converts" the CustomerTypeId to the associated Code object. When the ComboBox SelectedItem is set to a particular CustomerTypeId, the CustomerTypeId is passed to the Convert function. The code in the Convert function first converts the passed in value to an integer. It then loops through the ItemsSource to find the Code object with a CodeId that matches the passed in CustomerTypeId. It then returns the found Code object.

NOTE: Instead of the loop, you could use LINQ instead:

In C#:

var returnValue = ItemsSource.Data.Cast<BoCSharp.Code>().Where(
item => item.CodeId == custTypeId).FirstOrDefault();

In VB:

Dim returnValue = ItemsSource.Data.Cast(Of BoVB.Code). _
Where(Function(item) item.CodeId = custTypeId).FirstOrDefault

The ConvertBack function converts back from a Code object to a CustomerTypeId. This one is easy. As long as a valid Code object is based in, the CustomerTypeId is just the Code object's Code Id.

There is one more required step: you need to modify the XAML to define the converter as a resource and associate it with the ComboBox.

In the UserControl.Resources section, add the following to define the value converter:

In XAML:

<UserControl.Resources>
<local:CustomerTypeIdConverter x:Key="CustomerTypeIdConverter"
ItemsSource="{StaticResource CustomerTypeSource}"/>
</UserControl.Resources>

Notice how this sets the ItemsSource property to the CustomerTypeSource, which contains our customer type codes.

Then replace the ComboBox item in the DataForm with this:

In XAML:

This references the converter from the UserControl resources.

Voila! Paging through the DataForm now shows the correct values!

Dang it! It works until you hit the back button.

Then all of the values are off by one (the value from the prior Customer).

This MUST be a bug in the DataForm. BUMMER!

Now what?

You have several choices:

1) Remove the pager control.

In a "real" application, you don't want your users to page through 500 customers. Rather you will have a selection box or search feature for the user to find the customer to edit. Without the pager control, this technique works great!

2) Subclass the ComboBox control and add your own SelectedValue.

Rocky shows how to do this on his blog here.

3) By a suite of Silverlight controls that includes a ComboBox from a third party vendor.

In my application, I went with Option #1. I have a DataGrid that displays data for the customers and allows searching and sorting. Double-clicking on in customer in the grid row then displays this DataForm (WITHOUT the pager control). All is well.

Enjoy!

Warning on Quickbooks 2009 R9 update

bradley — Sat, 05 Dec 2009 01:58:00 GMT

Important information on QuickBooks 2009 Release 9. See Web version.

	QUICKBOOKS® 2009 RELEASE 9

	Dear Susan Bradley, Last month we announced QuickBooks 2009 Release 9. [1] This major update introduces many fine changes, including an important update to the underlying QuickBooks database. [2] That earlier Alert also included advice on using the Accountant's Copy to overcome the lack of backwards compatibility between R9 and earlier releases. [3] What's New: Recent calls to our support centers now show that some users may need extra guidance, especially in network implementations or with QuickBooks Enterprise Solutions 9.0. Intuit Response: We've significantly beefed up our resources to such users with new guidance in our Knowledge Base.

	NEW STEP-BY-STEP UPDATE GUIDE

	Based on Real Experience of QuickBooks Users From the Calls We've Received: Our support team has created a new update guide to help users with the most likely pitfalls in applying R9. You can find the update guide here: http://support.quickbooks.intuit.com/support/pages/knowledgebasearticle/898625 We think the guide will help your clients avoid common problems. Please Note: We continue to update these resources based on what our customers are telling us. That is, this is a dynamic site, and when your clients visit the site, it will have the most current information available.

	DRILLING DOWN

	Especially for Your Clients Using Enterprise Solutions 9.0 or with Network Implementations Few of the calls coming into QuickBooks support have to do with individual users on a stand-alone machine. Most problems arise when the QuickBooks user has only partially updated a networked implementation of QuickBooks. Server Issues: In this scenario, the user has followed the prompt for an Automatic Update; that action has applied R9 to the networked machine (a "client"as opposed to a "server" in the jargon of information technology). However, the server remains on Release 8. Then, when the user next tries to open a QuickBooks data file, the user receives an error message, because the QuickBase Database Manager and the data file are on different releases. One Extra Step: In this scenario, the QuickBooks user needs to update the server to Release 9, using the Manual Update. Instructions on how to do this are part of the Step-by-Step Update Guide noted above.

	ACTION REQUESTED

	As You See Fit Inform Clients as Needed: If you have clients using Enterprise Solutions 9.0, or QuickBooks 2009 over a network, or other clients you suspect will need more support in applying R9, please send them the below link to this useful online guide. Short URL for Client Convenience: Because some clients have a hard time with longer URLs, we've prepared the following short alias to share with your clients: www.quickbooks.com/R9 This is a link that will redirect the user to a different location. Some clients may be more comfortable with the full link given above. Thanks again for helping your clients with this unique release. Sincerely, ~ The ProAdvisor Team.

	NOTES

	The release affects Windows desktop versions of QuickBooks 2009 and QuickBooks Enterprise 9.0. It further affects backwards compatibility with earlier releases of the same software products. QuickBooks 2009 R9 will move the underpinnings of the QuickBooks database from Sybase SA10 patch 3712 to patch 3960. Intuit has tested the patch in multiple scenarios and found that with the patch, QuickBooks 2009 shows significant improvements in many areas of data handling, including those areas which are associated with rare instances of data corruption, especially among heavy users. Backwards compatibility in the QuickBooks 2009 R9 Accountant's Copy includes previous releases of QuickBooks 2009 and QuickBooks 2008

Microsoft fixing VS 2010 Beta 2 bug: EnvDTE.WindowEvents.WindowActivated event not fired for window getting the focus after closing other window

carlosq — Fri, 04 Dec 2009 22:28:00 GMT

While VS 2010 Beta 2 has still an undesirable number of bugs as I have blogged a lot, Microsoft is putting a lot of effort to fix them. This one was fixed today (for the RTM release):

VS 2010 Beta 2 Bug: EnvDTE.WindowEvents.WindowActivated event not fired for window getting the focus after closing other window
https://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx?FeedbackID=515234

VS 2010 not installing .NET Framework 2.0 / 3.0 / 3.5 by default

carlosq — Fri, 04 Dec 2009 21:55:00 GMT

More than a year ago I wrote a popular post:

.NET Frameworks, CLRs and Visual Studio add-ins
http://msmvps.com/blogs/carlosq/archive/2008/11/14/net-frameworks-clrs-and-visual-studio-add-ins.aspx

I stated that VS 2010 would install .NET Framework 2.0, 3.0 and 3.5 (all of them based on CLR 2.0) and, of course, .NET Framework 4.0 (based on CLR 4.0). You may have noticed in the betas of VS 2010 that .NET Framework 2.0, 3.0 and 3.5 are not installed by default, you have to download and install them separately for VS 2010 to use them in projects. So, I have updated the post.

BTW, in the December 2009 issue of MSDN Magazine there is a good article about loading multiple CLRs in the same process

In-Process Side-by-Side
http://msdn.microsoft.com/en-us/magazine/ee819091.aspx

Windows 7: What to do if you can't find a driver

jeffl — Fri, 04 Dec 2009 21:01:00 GMT

I am not one to plug companies I wouldn't use. So know this first, I have used Driver Detective. Some people out there will be upgrading to Windows 7 and will run into problems finding a driver. Now when I ran into the this problem in the early betas of Windows 7 I spent time looking for drivers online. I used some pretty specific techniques that everyday users would find impressive but I say are just plain time consuming. And I don't have time for it. So for that reason I would like to introduce...(read more)

Weekend reading

Rui Silva — Fri, 04 Dec 2009 19:58:45 GMT

Ensuring High Availability in Exchange Server 2010 Moving Exchange to the Cloud, Part 1 Microsoft Exchange/Outlook 2010 UC Mobile and Voicemail Features (Beta) Release! Microsoft Planning Exchange Server 2007 SP3 Next Year Visualizing Quota Information using Outlook 2010 and Outlook Web App PLEASE READ –> Events 9320 and 9359 on new installation of Exchange 2010 Basic Powershell script to show appointments from a calendar using the EWS Managed API Using Contact photo's in EWS in Exchange 2010...(read more)

SCCM 2007 SP2 completo no TechNet Subscription

Cleber Marques — Fri, 04 Dec 2009 18:40:00 GMT

Apesar da grande correria e de deixar o blog com poucos tópicos estes dias (algo que eu não gosto mesmo de fazer), eu resolvi não deixar de noticiar esta atualização no TechNet Subscriptions, lá está disponível para download o SCCM 2007 SP2 completo, então preparem suas instalações J

Obrigado pela leitura e até a próxima publicação,

Abraços.

Cleber Marques

Microsoft MVP & MCT | Charter Member: SCVMM & MDOP
Projeto MOF Brasil: Simplificando o Gerenciamento de Serviços de TI
Meu Blog | MOF.com.br | CleberMarques.com | CanalSystemCenter.com.br

Where did it all go?

cgross — Fri, 04 Dec 2009 17:47:39 GMT

Ok – so I have a somewhat funny story to share . . . About a week ago, I received a monitoring alert via Kaseya that free space on the C: drive on my SBS 2008 server was getting low. I logged in to the server, opened My Computer and it showed that I was using 73 GB of my 80GB C: partition. So I downloaded TreeSize Free to see what was taking up all of the space. The problem I ran in to was that TreeSize was showing that I was only using 31.9 GB of space on my C: – no where near the 73 GB that Windows was reporting. TreeSize did indicate that it couldn’t access the C:\PerfLogs or C:\System Volume Information. I manually verified the PerfLogs folder was empty, and I did find that I had approx 8GB in ShadowCopies for the C: drive that I didn’t need since all of my critical shares had been moved to a different partition, so I disabled ShadowCopies on the C: drive, but that still left me with a 33GB discrepancy between Windows & TreeSize . . .

At this point, I am going to share two crucial bits of information: 1) This is the first time I’ve dealt with low-drive space on a Windows 2008 box. 2) I’ve been using TreeSize for years, and by force of habit, I always open My Computer, right-click on the drive I want to scan and launch TreeSize from the context menu. So can you see where I went wrong?

Yep – I was quietly bitten by UAC in SBS 2008. By launching TreeSize in my normal fashion, TreeSize was not running with elevated permissions and was unable to access all of the directories on the drive, many of which were several layers deep. Interestingly enough, TreeSize Free didn’t throw any errors when it encountered a directory it couldn’t access. Once I launched TreeSize Free from the Start Menu with elevated permissions, it was able to scan the full drive and show me my smoking gun – 27GB of IIS logs for the WSUS Administration site collected over the last 12 months. So after cleaning up my unnecessary Shadow Copies & purging old IIS logs, I’m back to 41.2 GB (51.5%) free space on my C: drive . . .

There are not seven pairs of XPVCOM in system - Windows 7 x64

Simon Sabin UK SQL Consultant's Blog — Fri, 04 Dec 2009 15:22:13 GMT

Simply put you can't use the celluar emulator on a 64 bit operating system. You will get the following error "There are not seven pairs of XPVCOM in system" How naff is that. You have to be running a 32 bit operating system. If using windows Read More......(read more)

48-Core Intel Processor - Leveraged by Barrelfish

jeffl — Fri, 04 Dec 2009 15:11:00 GMT

Intel has released a research chip with 48 cores. Called a single-chip data center, its core selling point is that it uses dramatically less energy. What I noticed is that its new architecture leverages software memory control and messaging. As you will remember from my previous post on Barrelfish and next generation Windows, this architecture is designed without hardware level memory control allowing the operating system to control the use of cores and memory alleviating the current bottlenecks...(read more)

Security Advisory for Adobe Flash Player

Don — Fri, 04 Dec 2009 12:10:00 GMT

Release date: December 3, 2009

Vulnerability identifier: APSB09-19

Platform: All Platforms

Summary

Adobe is planning to release an update for Adobe Flash Player 10.0.32.18 and earlier versions, and an update to Adobe AIR 1.5.2 and earlier versions, to resolve critical security issues. Adobe expects to make these updates available on December 8, 2009.

Security Bulletin

Access Bulk Load data

RichardSiddaway — Fri, 04 Dec 2009 11:40:53 GMT

We have already seen how to load individual records into an Access Table. Sometime we require the ability to add multiple records. We can easily adapt the way we use our Add-AccessRecord function to accommodate a bulk load scenario.

Lets create a csv file with the information

FirstName,LastName,DOB
Dave,Brown,15/06/1982
Jo,Black,27/07/1982
Alex,White,30/06/1982
Bill,Smith,17/07/1982

We can then write a script to read the csv file and add the data

            001              
002               
003               
004               
005               
006               
007               
008               
009               
010               
011               
          Import-Module AccessFunctions               
$db = Open-AccessDatabase -name test03.mdb -path c:\test               
Import-Csv -Path c:\test\names.csv | foreach {               
    $value = " ""$($_.FirstName)"", ""$($_.LastName)"", ""$($_.DOB)"" "               
    $value               
    Add-AccessRecord -connection $db -table test1 -values $value               
}               
              
Get-AccessData -sql "select * from test1" -connection $db -grid               
Close-AccessDatabase $db               
Remove-Module AccessFunctions 
       
 

Start by importing the accessfunctions module and open the database.

use Import-Csv ro read the data file. Pipe the data into a foreach where we concatenate the values to give a single string. I’m using string substitution to achieve this. Notice the use of “” round the data values. This is to ensure that we get a each value wrapped as “value” when it is passed into the function.

Once we have added the data we can use the Get-AccessData function to check our data has been inserted.

Final actions are to close the database and remove the module

Technorati Tags: PowerShell,office 2010,Access,Bulk load

ALT.NET Hispano VAN: Get Things Done con Jeroen Sangers

lopez — Fri, 04 Dec 2009 10:13:20 GMT

Este sábado 5 de Diciembre, 18 GMT/UTC (3 de la tarde por aquí en Buenos Aires), habrá otra des-conferencia virtual de la comunidad ALT.NET Hispano. El tema será productividad, más específicamente Get Things Done (GTD) (ver también Consigue hacer el trabajo). La presentación inicial estará a cargo de Jeroen Sangers:

http://jeroensangers.com/

@jeroensangers

Este es el temario de Jeroen:

Mi presentación va más que nada sobre Getting Things Done y consiste
de tres partes:
1. Control: un flujo de trabajo para controlar tus acciones
2. Perspectiva: dar dirección a todo lo que haces
3. Consejos prácticas para implementar un sistema de productividad

GTD se populariza con un libro de David Allen. Pueden leer la descripción de GTD en el sitio de Allen:

What is GTD?

Ahí leo:

Sophisticated without being confining, the subtle effectiveness of GTD lies in its radically common sense notion that with a complete and current inventory of all your commitments, organized and reviewed in a systematic way, you can focus clearly, view your world from optimal angles and make trusted choices about what to do (and not do) at any moment. GTD embodies an easy, step-by-step and highly efficient method for achieving this relaxed, productive state. It includes:

Capturing anything and everything that has your attention

Defining actionable things discretely into outcomes and concrete next steps

Organizing reminders and information in the most streamlined way, in appropriate categories, based on how and when you need to access them

Keeping current and "on your game" with appropriately frequent reviews of the six horizons of your commitments (purpose, vision, goals, areas of focus, projects, and actions)

Pueden encontrar una buena descripción (con diagrama incluido, como el que aparece en el libro original) de GTD y una relación con los “cuadrantes de Covey” (me gusta recordar al creador de ese concepto, que es la matriz de Eisenhower).

Mis enlaces sobre GTD, y productividad:

http://delicious.com/ajlopez/gtd
http://delicious.com/ajlopez/productivity

Bueno, ya envíe varios posts sobre las VAN de ALT.NET Hispano, pero les recuerdo:

Si no conocen qué es una reunión VAN, pueden consultar VAN meetings. Para ver cómo se desarrolla una VAN de ALT.NET Hispano, y qué software necesitan para asistir, ver Descripcion-de-Reuniones-VAN. Pueden ver el historial de anteriores reuniones VAN (visiten las que dieron, por ejemplo, sobre NHibernate, WPF y demás) (yo participé en VAN sobre Scrum y en otra sobre generación de código). También pueden suscribirse para proponer nuevos temas, y colaborar con la comunidad. Si no pueden asistir a ésta VAN, seguramente quedará publicada más adelante, con video incluido.

Nos leemos!

Angel “Java” Lopez
http://www.ajlopez.com
http://twitter.com/ajlopez

Totalizadores y Contadores en una tabla de mi BD

peplluis — Fri, 04 Dec 2009 09:24:00 GMT

Algunos de vosotros estáis preguntando como es posible totalizar ciertos valores ya sea de estadística o control en una de las tablas de nuestra aplicación.

Aquí os propongo una de las formas de implementarlo :
(Aunque no olvideis que existen otras formas de realizarlo, eso si quizas no tan accesibles :-))

En el lado de SQL podéis ejecutar este ‘script’ para generar la tabla…

CREATE TABLE [dbo].[Contadores](

[Peras] [int] NOT NULL DEFAULT ((0)),

[Naranjas] [int] NOT NULL DEFAULT ((0)),

[Manzanas] [int] NOT NULL DEFAULT ((0))

) ON [PRIMARY]

Ahora solo tendréis que realizar el correspondiente ‘Update’ desde vuestra aplicación incrementando la columna que deseáis contabilizar. Esta pregunta es frecuente cuando se realizan aplicaciones tipo albaranes/facturas u otro tipo, en la que se requiere seguir o registrar una numeración aunque en ese caso no debéis olvidar bloquear el registro y más a lo sumo en aplicaciones que varios usuarios estén utilizando esa numeración.

Private cn As New SqlClient.SqlConnection( _

"Data Source=MiSrv\SQLEXPRESS;" + _

"Initial Catalog=MiBd;" + _

"Integrated Security=True")

Private da As New SqlClient.SqlDataAdapter( _

"Select * from Contadores", cn)

Private Sub Button1_Click() Handles Button1.Click

'En este caso simulamos incrementar el contador de Manzanas

da.UpdateCommand = New SqlClient.SqlCommand( _

"Update Contadores SET Manzanas = Manzanas + 1", cn)

cn.Open()

da.UpdateCommand.ExecuteNonQuery()

cn.Close()

End Sub

Espero que os sea útil,
Buen fin de semana.
Pep Lluis,

Apple released 2 Security Bulletins for Java for Mac OS X 10.5 and 10.6

donna — Fri, 04 Dec 2009 08:27:25 GMT

Java for Mac OS X 10.5 Update 6 and Java for Mac OS X 10.6 Update 1 was released yesterday by Apple.

Thanksgiving Webcam promo leads to malware

donna — Fri, 04 Dec 2009 08:11:45 GMT

The $10 Webcam that Anna Giesman bought her daughter at Office Depot over the Thanksgiving weekend sounds like one of those deals that's too good to be true. And for her, it was.

A week later, she's worried and upset because a CD that came with the camera contained a Web link that apparently infected her PC with fake antivirus software.

Her story shows how easily malware can get onto the computers of unsuspecting consumers in an era when cyber-criminals are becoming expert at hacking legitimate Web sites to prey on their visitors.

Giesman bought the camera in order to give her daughter a way to chat over the Internet with a friend who had just moved to Germany. When she put the CD that came with the Markvision Magnetic Webcam into her PC, a menu popped up offering her drivers as well as a link to Markvision's site. Wanting to learn more about the product, she clicked on the Web link, but she immediately knew something was wrong.

Continued in http://www.computerworld.com/s/article/9141773/Thanksgiving_Webcam_promo_leads_to_malware

EFF sues CIA, DoJ, DoD, DoT and Homeland Security on social networking surveillance

donna — Fri, 04 Dec 2009 08:09:53 GMT

EFF sues feds for info on Facebook, Twitter, LinkedIn, YouTube and Flickr which I think a-OK if they have to find and able to find the correct bad guy. It's good to question the guidelines though so they don't go overboard.

[Misc] If you need to visit the American Embassy in London but…

Cliff Hobbs at myITforum.com — Fri, 04 Dec 2009 08:00:46 GMT

… need to take your mobile or other electronic devices or ANYTHING with a battery in (yes including car keys that contain a battery for remote central locking whether the battery is built into the key or on a central fob), then you will NOT be admitted Read More......(read more)

"Fresh Carder" (fr3sh_card3r_rz) using Yahoo E-mail Account Creates Fake Bank Websites

donna — Fri, 04 Dec 2009 07:57:37 GMT

F-secure has highlighted in their blog the following fake domains using Monica Lewinsky and other names (but using one Yahoo! e-mail account as fr3sh_car3r_rz@yahoo.com) to scam people by creating fake bank sites since 2008:

     Domain Name: BENINECOB.COM
     Eco Bank
     David Kieselstein (fr3sh_card3r_rz@yahoo.com)
     81 fair hill drive
     westfield, New Jersey 07090
     US

     Domain Name: S-CFS.COM
     Citizens First Bank
     Monica Lewinsky (fr3sh_card3r_rz@yahoo.com)
     390 lewinsky ave
     hull port mn,49309
     US

     Domain name: NORDEABANKAB.COM
     Nordea Bank Ab
     Emilia Martins (fr3sh_card3r_rz@yahoo.com)
     1015 E Wylie St
     Bloomington, Indiana 47401
     US

     Domain name: BOF-IRELAND.INFO
     Bank of Ireland
     Patricia Jones (fr3sh_card3r_rz@yahoo.com)
     Rainwood Apts 1885 Harper Dr A
     Lake City 30260
     US

     Domain name: FIN-VB.COM
     First Investment Bank
     Don Spusta (fr3sh_card3r_rz@yahoo.com)
     1878 algonquin ave
     deltona, Florida 32725
     US

     Domain name: IRBUK-OFFICE.COM
     UK Inland Revenue & Customs
     West john (fr3sh_card3r_rz@yahoo.com)
     564 galant dr
     wincostin mn,48493
     US

     Domain Name: KCW-UK.COM
     Commonwealth Bank UK
     Monica Lewinsky (fr3sh_card3r_rz@yahoo.com)
     390 lewinsky ave
     hull port mn,49309
     US

The reality of patching

bradley — Fri, 04 Dec 2009 07:49:00 GMT

Remember that skit with Lily Tomlin where she represented the phone company?

"We are omnipotent". There are times I think people think that Microsoft's patching department thinks like this.

There are folks out there that think there are divisions in Redmond that are tasked with spyware better known as Windows Genuine Advantage and Office Genuine Advantage.

There are folks out there that think there are engineers in Redmond that have remote control buttons that remotely reboot computers at night for patching just at the opportune time to have the person lose data.

The reality is vastly different.

Fact 1: Windows update settings never spontaneously change. Ever. If you think your settings changed, look in the windowsupdate.log file in the c:\windows directory. You will probably find that either something got installed that changed the settings, or that you forgot that you set them that way.

Fact 2: Periodically the AU engine underneath Windows updates gets updated. This engine update occurs even if you have it set to 'notify only'. This is updating the under plumbing of the AU engine. It's happened several times in the past. And it always silently updates just fine in the past. They do blog and warn people it's coming (see the http://blogs.technet.com/mu blog for details)

Fact 3: Security patches get deployed on the second Tuesday of the month. Then there are non security updates that get released at the end of the month on the 4th Tuesday. You can track these releases by looking at this http://support.microsoft.com/kb/894199 . There is a set release intended.

Fact 4: Not all patches are security patches. Thus there are times you don't NEED to get patches on asap. Conversely there are times you want to push up the deployment of a service pack that you'd otherwise hold back on. Windows 2008 sp2 is one of these "you want it on the box" service pacsk.

Fact 5: The people who code up Windows genuine advantage and Office genuine advantage do not secretly work for Apple, nor do they code spyware into the software. While some argue that the WGA and now OGA should only do the test for validation once, the argument from the Redmond camp is that you need to protect yourself and retest the validity of software to ensure that you didn't get ripped off from a repair person. I say they need to make the replacement media easier to get. I'm still not sure if I should be more mad at OEMs or more mad at Microsoft for how hard it is to get repair media but that's another rant blog post for another day.

Fact 6: Microsoft documents what each patch does and what the known issues are in each security bulletin at the top of each section. You think I magically know the side effects? I read the bulletins. I also look at the patches being installed and unlike some vendors and journalists that were taken to task by Ed Bott, the goal for each Tuesday patching is to first step back and ask yourself if it makes any sense that the patch is doing what you think it's doing. Prevx's claims that the updates were hardening registry keys didn't make sense. Microsoft would have documented these changes. They don't randomly throw out code. And for all of the pain of patch Tuesday you think you see, there are gazillions of folks that get through Patch Tuesday just fine.

Fact 7: Microsoft never blocks your Windows update settings. If they are blocked you are either in a domain and the group policy on the server is controlling it, you have had a malware infection and the malware mangled the registry keys, or you've installed some lovely security software that decided that their security center was so vastly better than Microsoft's that they've taken it over.

Fact 8: That warning the system gives you in the beginning of the install that they warn you to choose to install updates during the installation because if you don't the install could fail and you could be insecure is false. At the present time, there are no installer only patches that fix things during the install. Furthermore installing security updates during the intial install is placing the system more at risk as I guarantee that the Server teams and the Win7 teams are not testing build installs every time a patch comes out. When the system is built, the firewall is enabled on the nic anyway, so exactly how do they think you are more at risk from attack is beyond me as well. Not to mention most of us build servers and workstations behind firewalls anyway.

At the end of the day if you really think the operating system you use is that out to get you, maybe you need to find another operating system. Because there is an element of trust that must be made with all software vendors.

To the folks at Prevx who just damaged the trust of patching just a little bit more due to the "black screen of death" story fiasco ....way to go guys and thanks for the help in destroying it more.

Do you have a build document?

bradley — Fri, 04 Dec 2009 07:30:00 GMT

So officially demoted my SBS 2003 box tonight (sniff sniff, it served me well for five years) and once again, the first time I ran the dcpromo the netlogon service wouldn't shut down. I just went into the service, shut it off and then the server dcpromo'd down.

I went back to my own recap of blog posts (which reminds me I need to add to) as my guidance. See you guys think I blog to entertain you and gain brownie points with the Mini Cooper management so I can become a Mini Cooper MVP? Wrong. I do it for me because it helps me understand and document what I've done. Go back to November of 2004 and that's the tasks I did when I built my SBS 2003.

To you this is a blog. To me, it was my build document. As I did a true dry run of my exact network migration from start to finish. So when I hit those slight little roadblocks along the way... like the pdf file with the messed up permissions that stopped the robocopy from copying over that I fixed ahead of time by merely deleting the file since I didn't need it. Like the fact that on the final step where the dcpromo got stuck on netlogon service still running and not shutting down, I went "oh yea, I blogged about that, just turn off the service and try it again"

And it reminds me that we need/you need/we all need to have a build document. A plan of action. A document that provides you guildance all the way from start to finish to patching.

http://blogs.msdn.com/sbsdocsteam/archive/2009/11/12/the-windows-sbs-2008-migration-guides-are-updated.aspx

Something that takes those documents and make them your own.

When a C++ destructor did not run – Part 1

Senthil — Fri, 04 Dec 2009 06:01:03 GMT

Consider this piece of C++ code.

   1: using namespace std;

2:

   3: class C

   4: {

   5: public:

   6:     C()

   7:     {

   8:         cout << "Constructed";

   9:     }

  10:     ~C()

  11:     {

  12:         cout << "Destructed";

  13:     }

  14: };

15:

  16: void SomeFunc()

  17: {

  18:     C c;

  19:     throw std::exception("Gone");

  20: }

If you know any C++ at all, you’ll know that when SomeFunc returns, both “Constructed” and “Destructed” will be printed to the console. That is because RAII in C++ guarantees that the destructor of an object created on the stack will always run when control leaves the scope, no matter what.

You put all this code is in a static library, say PureCPP.lib, and you compile it with the /EHs option, because you want to use C++ exceptions.

You then write a native application to consume this library, statically link to it, and everything works great.

One day, you wake up and realize you’ll have to try out this .NET stuff that everyone is talking about. You discover that there’s this language called C++/CLI that’s great for interfacing with native code. So you fire up VS, create a CLR console application that calls SomeFunc, and link PureCPP.lib against it.

Just when you’re wondering how easy things turned out to be, you notice something strange. There’s something missing in the console output. When you figure out what’s missing, your jaw hits the ground. Mine did too, when I realized that it was the “Destructed” part that was missing. Which means the impossible just happened - the destructor for class C did not run.

What followed was a long and exciting journey into the world of SEH (Structured Exception Handling), exception codes and exception propagation and handling by the CLR versus C++. All that in the next part – stay tuned.

Remember the ‘wow’ factor?

Mike Hall — Fri, 04 Dec 2009 05:59:51 GMT

How quickly it turned into the ‘Whoa’ factor? I have been working the Microsoft Answers forum for a while now, and there is one forum group, Hardware and Drivers, which demonstrates the above very quickly. The basic claim is that Windows 7 will run on a less powerful machine than Vista ever could. OK, I have a less powerful machine, but will Windows 7 run on it? I am not even going to try. You see, I know that there are components which are eminently not compatible with Windows 7 and the reason I...(read more)

Steven Burn maintains hpHOSTS but he don't post as hpHOSTS and he's Professional and recognized Security Researcher! Do your research or come and join the security community to know him before you talk.

donna — Fri, 04 Dec 2009 01:30:26 GMT

Microsoft MVP Steven Burn do not post in forums as hpHOSTS. He post using MysteryFCM and his blog is here. The hpHOSTS entry in WOT comments is not Steven Burn but it is a reference by WOT that the domain is in hpHOSTS database because hpHOSTS is a friend of WOT and WOT is using hpHOSTS database just like how some other good companies are using hpHOSTS database.

Steven Burn is a professional. He help in forums for FREE. He don't sell products too. His work (software and online services) is free and you can find it in his other website - Ur I.T. Mate. He's very active in security circle and I personally find him very professional. His hpHOSTS was featured in Windows Secrets last October 2009 and May 2008 because he got the service that will help people to prevent bad sites. He was interviewed last August 2009 and he was mentioned at SANS ISC Handler's diary (his investigation). He was featured or thanked by Microsoft in their Security Newsletter last September 2009 and also is a RECOGNIZED security researcher. See: Security Researcher Acknowledgments for Microsoft Online Services.

Why this blog entry about our friend, Steven? It's because of this editorial or newsletter from Cloudeight InfoAve or Thundercloud.net is INCORRECT and WRONG article about Steven, about WOT and about Windows Secrets! They simply don't know him and never even contacted him about hpHOSTS or did not even check with WOT what is hpHOSTS entry in WOT database and yet, they attacked his name three times (3 newsletters).

See Steven's take on this in http://hphosts.blogspot.com/2009/12/cloudeight-ever-hear-of-e-mail.html

Silverlight 3 Parte No.3: Usando Elementos de estilos (Styles) para generar un mejor encapsulamiento de "Look and Feel" con VS 2008 y C#

lalfaro — Fri, 04 Dec 2009 01:30:00 GMT

Hola Amigos, gracias por leer mi blog, si te gusta los posts en mi blog, por favor sígueme en Twitter bajo @lalfarod> para ver mis aportaciones.

Continuaremos con la tercera parte de nuestros post sobre Silverlight 3, esto lo estamos haciendo ya que está por salir Silverlight 4 y muchos de la comunidad desean aprender para estar listos antes de su lanzamiento. En esta ocasión hablaremos de cómo usar elementos de estilos (Styles) para generar un mejor encapsulamiento de "Look and Feel".

Silverlight soporta un mecanismo de estilo que nos permite encapsular varios valores de propiedades o configuraciones de controles como un recurso reciclable.

Podemos guardar estas declaraciones de estilos en diferentes archivos para nuestras páginas, esto es similar a usar el CSS con HTML cuando hacemos diferentes escenarios de customización.

Para nuestro ejemplo que venimos trayendo en las dos últimas partes (Parte numero 1 y Parte numero 2), vamos crear nuestros estilos adentro del archivo App.xaml que se encuentra en nuestro proyecto, esto permitirá que cualquier pagina pueda usarlo:

Vamos a empezar por encapsular estilos (Styles) en el control <Border></Border> y el control <TextBlock></TextBlock> que se encuentra en él:

Podemos crear dos elementos de estilos (Style) en nuestro archivo App.xaml, para encapsular las configuraciones que anteriormente pusimos de los controles <Border></Border> y <TextBlock></TextBlock> :

Tomen en cuenta como le estamos colocando un valor único “Key” a cada estilo (Style).

Ahora podemos modificar nuestros los controles <Border></Border> y <TextBlock></TextBlock> para que hagan referencia a estos valores únicos “Keys”. Usaremos un feature de XAML llamado "markup extensions" para hacer esto, los mismos son usados cuando no hay un valor constante o literal.

Primero les voy a mostrar cómo estaban declarados los controles en nuestro archivo MainPage.xaml:

Ahora asignando los valores únicos “Keys”, verán un código mucho más ordenado y fácil de entender:

Ahora veamos como quedo nuestra página en el IE:

Ya después de haber escrito toda la configuración de los controles en el archivo App.xaml, su código se vera de esta forma:

Encapsulando las configuraciones de los estilos de esta forma, deja a los programadores tener un mejor focus de los comportamientos en las aplicaciones y al igual deja poder usar de nuevo estos estilos en otros controles o paginas.

Un Saludo,

Luis Antonio Alfaro

US CERT Warning - Fake H1N1 alerts circulating in email

Harry Waldron — Fri, 04 Dec 2009 01:15:00 GMT

Please do not visit any H1N1 sites offered by email, as your PC may become infected with malware.

US CERT Warning - Fake H1N1 alerts circulating in email
http://www.us-cert.gov/current/index.html#h1n1_malware_campaign_circulating

Fake H1N1 (Swine Flu) alerts lead to malware
http://blogs.zdnet.com/security/?p=5045

QUOTE: Malicious hackers are using fake alerts around H1N1 (Swine Flu) vaccines to trick end users into installing malware on Windows computers, according to warnings issued by computer security firms. The latest malware campaign begins with e-mail messages offering information regarding the H1N1 vaccination. The e-mail messages contain a link to a bogus Centers for Disease Control and Prevention site with prompts to create a user profile. During this process, a malware file gets planted on the user’s machine.

Black Screen of Death Issues and free wallpaper

Harry Waldron — Fri, 04 Dec 2009 00:44:00 GMT

PrevX may have encountered a large pocket of users with KSOD issues and felt the issue was larger than it is currently being reported. They have since updated the earlier post and apologized for some of the misleading information. Malware or video driver issues can indeed create KSODs. PrevX offers a good recovery tool that may reset Windows back to normal from a KSOD. I've downloaded a copy if needed to help friends or family in the future.

Most importantly, please continue to use the automated Microsoft Update to keep Windows and Office updated. Patch management is important in staying secure. So far, there are no documented KSOD issues with Microsoft Update. Graham Cluley’s blog was rated in one assessment as "Best IT Security blog". I've found it to be a great resource. He just posted some good feedback on the KSOD issue.

I've added some wallpaper to my growing library as well

Download your very own Black Screen of Death Wallpaper
http://www.sophos.com/blogs/gc/g/2009/12/03/download-black-screen-death/

QUOTE: I've even made it available for download as a 1024x768 pixel Black Screen of Death wallpaper should you want it. Look! I even managed to get a Black Screen of Death on my MacBook. Joking aside, PrevX's original blog post does seem to have been unfortunate. The claim that the problem could affect "millions" or Windows users was clearly far wide of the mark. If there had been problem as widespread as PrevX's initial headline suggested then we would have expected many reports popping up on the net. Obviously Prevx's alert has backfired on them, and I think they've shown good character in coming clean and apologising to the IT community and Microsoft specifically for any confusion that has occurred.

P.S. KSOD = blac(K) (S)creen (O)f (D)eath

NOVELL: Downloads - Novell Linux Management Pack for System Center Operations Manager

Rod Trent at myITforum.com — Thu, 03 Dec 2009 23:38:51 GMT

Novell ® Linux* Management Pack for Microsoft* System Center Operations Manager expands the monitoring capabilities of Operations Manager in enterprise environments by enabling monitoring of key Linux services. A consolidated operations console Read More......(read more)

PowerShell script to check if an OpsMgr Agent was installed

Rod Trent at myITforum.com — Thu, 03 Dec 2009 22:09:47 GMT

PowerShell script to check if an OpsMgr Agent was installed: Stefan Stranger's Weblog - Manage your IT Infrastructure : Have these servers an OpsMgr agent installed? Read More......(read more)