A Hong Kong resident and three other men, including the self-proclaimed "Godfather of Spam," were sentenced to prison on Monday for their roles in an email stock fraud scheme, the Justice Department said.

The sentences, ranging from 32 to 51 months in prison, were handed down by US District Judge Marianne Battani in federal court in Detroit, the department said in a statement.

Hui, the former chief executive of a company called China World Trade, was sentenced to three years of supervised release following his prison term and agreed to forfeit 500,000 dollars to the United States, it said.

Alan Ralsky, 64, of West Bloomfield, Michigan, and his son-in-law, Scott Bradley, 48, also of West Bloomfield, were sentenced to 51 months and 40 months in prison respectively on the same charges.

John Bown, 45, of Fresno, California, was sentenced to 32 months in prison for conspiring to commit wire fraud,mail fraud and to violate the Spam Act and conspiring to commit computer fraud, the Justice Department said.
"Today's sentencing sends a powerful message to spammers whose goal is to manipulate financial transactions and the stock market through illegal email advertisements," said assistant attorney general Lanny Breuer.

"People who use fraudulent emails to drive up stock prices and reap illicit profits will be prosecuted, and they will face significant prison time," Breuer said.

http://www.asiaone.com/News/AsiaOne%2BNews/Crime/Story/A1Story20091124-181822.html

See also:  http://www.cbsnews.com/stories/2009/11/23/ap/business/main5752872.shtml entitled, Mich. Spammer Gets 4 Years In Stock Fraud Scheme

Microsoft Security Advisory (977981)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
Published: November 23, 2009

Version: 1.0

Microsoft is investigating new public reports of a vulnerability in Internet Explorer. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue.

Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4 and Internet Explorer 8 on all supported versions of Microsoft Windows are not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6 and Internet Explorer 7 on supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 are affected.

The vulnerability exists as an invalid pointer reference of Internet Explorer. It is possible under certain conditions for a CSS/Style object to be accessed after the object is deleted. In a specially-crafted attack, Internet Explorer attempting to access a freed object can lead to running attacker-supplied code.

At this time, we are aware of no attacks attempting to use this vulnerability against Internet Explorer 6 Service Pack 1 and Internet Explorer 7. We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

We are actively working with partners in our Microsoft Active Protections Program (MAPP) and our Microsoft Security Response Alliance (MSRA) programs to provide information that they can use to provide broader protections to customers. In addition, we’re actively working with partners to monitor the threat landscape and take action against malicious sites that attempt to exploit this vulnerability.

Microsoft continues to encourage customers to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software.

Workarounds

Microsoft has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified in the following section.

*  Set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting in these zones
*  Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone
*  Enable DEP for Internet Explorer 6 Service Pack 2 or Internet Explorer 7

http://www.microsoft.com/technet/security/advisory/977981.mspx

We just released Security Advisory 977981 concerning an issue affecting Internet Explorer 6 and Internet Explorer 7 that could lead to remote code execution. At this time, we are not aware of any active attacks seeking to use this vulnerability. Our teams are currently working to develop an update and we will take appropriate action to protect customers when the update has met the quality bar for broad distribution. That may include releasing the update out of band.

I want to point out that Internet Explorer 8 is not affected on any platform and that running Protected Mode in Internet Explorer 7 on Windows Vista mitigates this issue. We provide more guidance and workarounds in the advisory so I encourage customers to review it right away.

http://blogs.technet.com/msrc/archive/2009/11/23/microsoft-security-advisory-977981-released.aspx

When you use HyperV or any virtualization, you want to remove the time syncronization that the child has to the parent.  The reason is you want that child, especially if that's a domain controller to sync independently.  In my case I also had to set up time sync on the parent as well as it was drifting.  To the point of badly.  So uncheck that box, and don't sync the time up to the parent and then that child server will independently sync to an external time source as it needs to.

Em breve a Microsoft vai lançar três novas certificações cobrindo o assunto Virtualização. Os exames já estão em processo de desenvolvimento e o intuito é divulgar o exame beta da primeira certificação, que terá o número 70-659, falando sobre virtualização de servidores com o Windows Server 2008 R2, na seqüência teremos o exame 70-669 para virtualização de desktops e para concluir o exame 70-693, certificação avançada para administração de ambientes virtuais. E é claro, que se certificar nestes três exames será reconhecido com um MCITP, veja:

70-659: TS: Windows Server 2008 R2, Server Virtualization

70-669: TS: Desktop Virtualization

70-693: Pro: Windows Server 2008 R2, Virtualization Administrator

MCITP: Windows Server 2008 R2, Virtualization Administrator credential

Agora é aguardar para recebermos a primeira lista de Skills e estudar bastante.

Obrigado pela leitura e até a próxima publicação,

Abraços.

Cleber Marques

Microsoft MVP & MCT | Charter Member: SCVMM & MDOP
Projeto MOF Brasil: Simplificando o Gerenciamento de Serviços de TI
Meu Blog | MOF.com.br | CleberMarques.com | CanalSystemCenter.com.br

Yeps folks!! the recording from todays open Q&A with Scott Guthrie is now available for download.

Scott answered questions across the board, both about current releases, upcoming releases and specific platform/product features.

Needless to say, Scott’s a fountain of knowledge!

Download the recorded session here: http://www.lidnug.org/presentations.aspx

Enquanto aguardamos o SCCM 2007 SP2 ser liberado para download no site TechNet Subscriptions, ou no site do MVLS (para empresas com contrato), nós podemos baixar duas versões diferentes no Microsoft Download Center, que são:

Microsoft System Center Configuration Manager 2007 SP2 Update

Versão que deve ser instalada em uma instalação SCCM 2007 SP1 para atualizá-la.

Microsoft System Center Configuration Manager 2007 SP2 Evaluation

Versão completa do SCCM 2007 SP2 que pode ser testada por até 180 dias.

Obrigado pela leitura e até a próxima publicação,

Abraços.

Cleber Marques

Microsoft MVP & MCT | Charter Member: SCVMM & MDOP
Projeto MOF Brasil: Simplificando o Gerenciamento de Serviços de TI
Meu Blog | MOF.com.br | CleberMarques.com | CanalSystemCenter.com.br

Trend Micro threat analysts recently unearthed spammed messages that purported to have come from Trend Micro. Targeting trusted organizations is not an uncommon technique, used by cyber criminals when carrying out spam campaigns.  In this case, the phishing URL and domain are already inaccessible.

The emails bear the subject, “Malware Blocking Tests put Trend Micro on Top” and inform users about the recent NSS Labs tests. They also describe how NSS Labs conducted the test, which was based on “socially engineered malware.” Ironically, however, the emails were themselves a good example of socially engineered malware.

http://blog.trendmicro.com/spoofed-trend-micro-email-leads-to-phishing-site/

Rogue anti-virus scammers have tainted search results for Chromium OS - the open source version of Google's Chrome OS - in a bid to expose surfers hunting the web operating system to a fake anti-virus scan scam instead.

Search terms such as "chromium os download" point to sites featuring scripts that redirect stray surfers towards scareware scam portals. These sites falsely report that users PCs are loaded with malware before pushing users to download a clean-up tool little or no utility. The SecureKeeper utility offered through the scam uses a series of aggressive and misleading tricks to coerce people into paying $49.95 to purchase a licence, as explained in a blog post by security firm eSoft here.

http://www.theregister.co.uk/2009/11/23/chromium_scareware/

Facebook administrators have blocked a clickjacking exploit that displayed images of a scantily clad woman on profile pages without first prompting the user for permission.

The attack began when a victim encountered the image of the near-naked woman on a friend's profile page along with the words "Want 2 C something hot? Click da button, baby!" Facebookers who took the bait - and were logged in to their accounts at the time - found their profile pages were updated to include the same image. The more people who fell for the come-on, the more the come-on was presented to new potential victims, giving the attack a viral quality.

Researchers who first spotted the ruse attributed it to a CSRF, or cross-site request forgery, vulnerability on Facebook's site. A spokesman for the social networking site disputed that explanation, saying the attack was really the result of clickjacking.

"This problem isn’t specific to Facebook, but we’re always working to improve our systems and are building additional protections against this type of behavior," Facebook spokesman Simon Axten wrote in an email. "We’ve blocked the URL associated with this site, and we’re cleaning up the relatively few cases where it was posted (something email providers, for example, can’t do)."

Clickjacking is a vulnerability at the core of the web that allows webmasters to trick users into clicking on a link they didn't intend to.

http://www.theregister.co.uk/2009/11/23/facebook_clickjacking_exploit/

I don't want to have FB and Twitter still!

How online shoppers can make their systems more attractive to online thieves

The holiday season is almost here, and even in a recession huge numbers of people will likely be shopping online for gifts this year.

The rush by shoppers to the Web makes the season a great time for online retailers. It's also a great time for hackers looking to steal data and money from the unwary millions expected to search for great deals online.

The growth of holiday hackers has annually prompted security analysts, identity theft awareness groups and various government agencies to come up with lists of precautions that consumers can take to avoid becoming a victim of online fraud. Such lists can prove a benefit to consumers, but unfortunately some people ignore it.

For those unwary consumers, Computerworld this year offers a handy list of tips that can help maximize the their exposure to online fraud.

Tip #1 : Open all attachments from strangers and click on all embedded links in such e-mail messages.
Tip #2 Respond to Dr (Mrs.) Mariam Abacha, whose name is used by many hackers who say they have close friends and relatives in Nigeria who have recently been widowed or deposed in a military coup and need your help to get their millions of dollars out of the country.
Tip #3 Install a peer-to-peer file-sharing client on your PC. and configure it so all files, including bank account, Social Security and credit card numbers along with copies of mortgage and tax return documents, are easily available to anyone on the same P2P network.
Tip #4 Come up with passwords that are easy to crack. It saves hackers from spending too much time and effort trying to access your PC. Clever sequences such as 123456 and abcdef and your firstname.lastname all make fine, easy-to-remember default passwords for you and for hackers.
Tip #5 Avoid installing the latest anti-malware tools and security updates. Keeping operating systems properly patched and anti-virus and anti-spyware tools updated make life hard for hackers.

Continue reading in http://www.networkworld.com/news/2009/112309-five-ways-to-lose-your.html

From SecurityFocus Bugtraq:

I found an interesting privacy issue while analyzing PDF files. This bug occurs when you are using Internet Explorer to print locally saved web pages as PDF and affects all IE versions including IE8. It does not matter which PDF generation software you are using like Adobe Acrobat Professional, CutePDF, PrimoPDF, etc as long as you are invoking it from inside the IE print function. In Windows, even when your default browser is not IE and if you right click a file to select the PRINT from the context menu, then by default it invokes the IE print handler. So, you will still see this issue in the generated PDF.

This bug is NOT ABOUT the local disk path appearing in the FOOTER of your pdf since it is clearly visible and already known by most people. This is easy enough to hide by just going File -> Page Setup -> Change the Footer value from ?URL? to ?-Empty-?. After doing that, you will not expect your internal disk path being put anywhere else. However, that does not happen.

The privacy issue arises from the fact that your local disk path gets invisibly embedded inside your PDF in the title attribute. Only when you open the file in an Editor like Notepad, you will see it. Currently, there is no option in IE to disable it. The only workaround is to manually nullify this value by editing the PDF file. Note that this problem does not occur when using other browsers such as Firefox and Chrome. In fact, Chrome handles the other footer issue intelligently as well by showing your disk path as ???, rather than exposing it.

More with PoC is in http://www.securityfocus.com/archive/1/508010

From IE Team Blog:

Last week at PDC, as we were about to start talking to people about IE9, I saw the following notification from my Facebook account [...]

The message was from someone I know pretty well, and I believed the message. The address itself wasn't that suspicious; there are a lot of URL shortening services, and the .info domain has many legitimate sites on it. So I clicked it.

Result when after clicked...in http://blogs.msdn.com/ie/archive/2009/11/23/ie8-smartscreen-in-action.aspx

Well, I find IE SmartScreen Filter to beat others (Firefox, Ad-Aware Download Guard and SpywareGuard) when it comes to blocking unsafe downloads and site and hope to see others and Microsoft to continue with the good work. 

C’est tellement bête que c’en est lamentable : Microsoft a décidé de supprimer les menus dans Office 2007 et Office 2010 : les menus sont remplacés par le ruban, et il est IMPOSSIBLE de faire un e transition douce avec aussi les menus.

Du coup les utilisateurs perdent pas mal de temps à “chercher leur menus” et le support des entreprise à chercher avec eux (un de mes sports favoris !!!).

Une société à créé un petit Add-On pour résoudre ça : pourquoi ne l’ai-je pas trouvé avant !!!!

Merci Arnaud, tu me sauve la vie.

Les infos sont ici :

http://orentis.wordpress.com/2009/11/23/office-2010-favoriser-ladoption-au-changement-en-activant-les-anciens-menus/

L’outil est la : http://www.ubit.ch/software/ubitmenu-languages/#c205

Laurent Gébeau – www.toutwindows.com

I got this strange litte error a while back when I tried to run a newly created build definition: “Value cannot be null. Parameter name: path1”. Not much to go on in that message…

My configuration is a Windows 7 x64 and VS 2010 Beta 2 Ultimate with TFS Basic running locally. Build controller and agent is also running locally. First I thought this was a problem related to my x64 OS. But after testing this on a different box running x86 and getting the same result that obviously wasn’t it.

So after getting some great help from the product team it turned out to be an issue with a registry value that was affected by the current regional settings for the decimal separator. In Sweden we use comma (,) instead of th US-default period (.) and that’s what caused this error to occur.

So to solve this problem you can simply change the regional settings for the build agent to use period instead of your normal symbol.

Another option is to use an updated build template xaml file, which can be found here.

While I disagree with many of the specific reasons noted in the article, I agree with the overall premise that it can happen again.  Folks need to stay patched up and protect their systems with multiple layers of defenses.  There are certainly improvements there, but there's also a greater need for more participants in the process. 

It was estimated that only 1/3 of all PCs had the proper patches in place weeks after they were available when the first variant of Conficker appeared in the wild.  There's not been a substantial improvement in folks staying patched up, although many have learned valuable lessons.

Conficker - Why it can happen again
http://www.eweek.com/c/a/Security/10-Reasons-Why-Conficker-Can-Happen-Again-103283/

QUOTE: The Conficker worm affected users nearly one year ago. But now that it has left the headlines, there might be a false sense of security in the Windows ecosystem. There shouldn't be. Even the most up-to-date security programs are hard-pressed to keep up with the latest threats. There are countless millions of PCs and thousands of applications that aren't protected by the latest security software or have never been patched to close known security flaws. There is no telling when some new virus or Trojan as cunningly malicious as Conficker will appear.

It was just under a year ago that the Conficker worm was first detected. It was ravaging Windows PCs all over the world. The worm exploits Windows flaws to link the host computer to virtual command that can be controlled by the worm's remote authors. Conficker still controls millions of computers all over the world.

Vivez ou revivez les moments forts des Microsoft Days 2009, une édition placée sous le signe de lancements majeurs : Windows 7, Windows Server 2008 R2, Exchange Server 2010, ForeFront et System Center 2010, cliquez ici pour visualiser les webcasts :

Laurent Gébeau (MToo)

Microsoft on Monday said it is investigating a possible vulnerability in Internet Explorer after exploit code that allegedly can be used to take control of computers, if they visit a Web site hosting the code, was posted to a security mailing list.

Microsoft confirmed that the exploit code affects IE 6 and IE 7, but not IE 8, and it said it is "currently unaware of any attacks trying to use the claimed vulnerability or of customer impact," according to a statement.

CNet News

We’ve seen how to create a database and a table. Now we need to know how to add a record to that table.

This takes a SQL INSERT statement and executes it against the table in our open database.

PS> Import-Module accessfunctions
PS> $db = Open-AccessDatabase -name test03.mdb -path c:\test
PS> $sql = @"
>> INSERT INTO test1
>> (FirstName, Lastname, DOB)
>> VALUES ("Fred", "Smith", "01/09/1979")
>> "@
>>
PS> Add-AccessRecord -sql $sql -connection $db
1
PS> Close-AccessDatabase $db

if you think this is identical to the function we used to create a table you are right.  We are also unlikely to want to add a single record at a time to the table.  next job is how we can add bulk data to the table.

My father's new desktop arrived today by courrier and it has Windows 7 Home Premium 64bit edition on the box. This marks the offical launch of Widnows 7 a product that really has treated me well for nearly 6 months now. When the Release to Manufacturing announced 2 months ago I upgraded my Vista Ultimate 64 bit to Windows 7 and boy it has been great ever since.

My father has been using Windows 7 Ultimate since July for their media center and Windows 7 Home Preimum on his netbook and he was excited to get a replacement for his XP workstation which will retire after 5 years of service. Now I just have to carve out some time to help him migrate data. For a Windows 7 Walkthrough: User State Migration Tool Click here: http://download.microsoft.com/download/A/F/3/AF33254E-1AE4-4F7F-80A9-49E53E688511/usmt.wmv

More Information:

Windows User State Migration Tool (USMT) Version 3.0.1
http://www.microsoft.com/downloads/details.aspx?familyid=799AB28C-691B-4B36-B7AD-6C604BE4C595&displaylang=en

Windows XP to Windows 7 Hard-Link Migration of User Files and Settings
http://www.microsoft.com/downloads/details.aspx?familyid=E90EBEAD-7B48-4D1E-9461-BE5F07B83468&displaylang=en

Windows Easy Transfer for transferring from Windows XP (32 bit) to Windows 7
http://www.microsoft.com/downloads/details.aspx?familyid=734917D8-0663-4C26-89D0-2D00B632EBDB&displaylang=en

Have fun everyone!

Jeff Loucks
Available Technology

  Subscribe in a reader