There is a marked difference..

Yesterday, I un-installed Microsoft Office 2007 from my Vista installation. Wow, did that take a time to complete or what. The purpose was to install the newly released Office 2010 Beta.

First attempt – please uninstall FrontPage 2003 and Access server database. More time passed.

Second attempt – it is installing but when will it finish?

It finally did finish, after which I had this unswerving desire to get back to Windows 7. After a few months of using Windows 7, notwithstanding aspects I do not overly like, Windows 7 booted quickly, responded quickly, and was/is a real pleasure. Users with fancy dual core and quad core machines may not notice so much of a difference, but for me and my trusty single core machine, Windows 7 has proved itself to be manna from the skies.

I can see very little reason why, on the right machine, users would not like Windows 7. It looks better and is more secure than XP, and it works faster than Vista. It will breathe new life into the PC market, and anybody who thinks that Mac and Ubuntu will grow in the future are barking up the wrong tree.

Windows 7 is no niche, cutesy or geeky operating system. It carries forward the versatility that Microsoft Windows has always had, and adds stability and speed to the equation. I have said in the not-so-distant past that I would not go back to XP. Well, apart from doing my bit for the Office 2010 Beta, I will not be returning to Vista as an everyday OS.

Footnote - To be honest, I could run the Office 2010 Beta in Windows 7 but would have to use the 32-bit variant because I also run FrontPage 2003, and I want to commit my time to the 64-bit Office 2010..

Tout sur la migration ou l’installation de Windows 7

Si vous voupréparer une migration Windows 7 et ne savez pas par quoi commencer.

Le Coach, c’est Fabrice Meillon qui vous explique tout, en Français…

C’est ici : http://technet.microsoft.com/fr-fr/windows/technet-coach-windows7-chapitre1.aspx

Laurent Gébeau – www.toutwindows.com

Weekend reading

• Unified Messaging (Voicemail) in Exchange 2010
• Understanding Shadow Redundancy in Exchange 2010
• Exchange 2010 RTM DAG using Server 2008 R2 – Part 4
• Introducing the Outlook Social Connector
• Review of Outlook Social Connector Provider Extensibility
• How do I disable these engine end-of-life notifications I am receiving from Antigen and Forefront?
• 11 Languages MUI out of the box
• Announcing the Outlook Social Connector
• Developing a provider for the Outlook Social Connector
• how to publish Exchange 2010 OWA behind ISA 2006 or TMG beta 3
• We Have Not Won The War On Spam
• OCS R2 Presence in Exchange 2010 OWA
• Understanding MailTips Architecture
• Bulk mailbox creation: Import passwords from a file
• Office 2010 Beta: Outlook 2010 Shines
• Finding Users Who Have “Out Of Office” Enabled In Exchange 2010…
• Uncovering the new Exchange 2010 Volume Snapshot (VSS) Plug-in (Part 1)
• Deploying Exchange Server 2007 and Office Communications Server 2007 R2 (Part 3)
• OCS Presence in Exchange 2010 in action
• Installation of OCS 2007 R2 Web Service Provider for Exchange 2010
• Microsoft Office Communications Server 2007 R2 Web Service Provider
• How to Manage Groups that I already own in Exchange 2010?
• Installing Exchange 2010 Pre-requisites For Windows 2008 SP2…
• Script to install Exchange 2010 pre-requisites for Windows Server 2008 R2

Dernière opportunité de gagner un Windows 7 ultimate

Bonjour

Pour continuer de vous remercier pour votre fidélité, je vous offre de nouveau une nouvelle licence Windows 7 Ultimate.

Il suffit de répondre à ma question sur mon livre d’or : http://mtoo.net/livre/livredor.php.

Quelle est la seule ville au monde dans laquelle a été ouvert un Windows Café ?

Le premier à répondre gagne une version de Windows 7 Ultimate , le suivant des cadeaux surprise Microsoft.

Et pour tous les autres un grand merci pour votre fidélité, vos visites, et n’hésitez pas à me laisser un mot sur mon livre d’or.

Bonne chance !

Laurent Gébeau

Expression Web 3 Service Pack 1 Now Available

Microsoft Expression Web 3 Service Pack 1 (SP1) contains significant fixes and improvements in publishing, SuperPreview, file management, extensibility, and other areas of the program. You can get a more complete description of SP1, including a list of issues that were fixed, in the Microsoft Knowledge Base article 976594: Description of the Microsoft Expression Web 3 Service Pack 1. SP1 includes improvements developed as a result of user input from Microsoft Connect, such as support for custom Windows colors, improved text selection, and better performance.

Download Expression Web 3 SP1 here. [English]

Other languages:

German: http://download.microsoft.com/download/7/F/8/7F85E5EB-800E-4284-AC4C-7A49FAC1315E/WebSP1_de.exe

French: http://download.microsoft.com/download/B/1/6/B16EDAD7-983F-415E-871D-E3A33C056411/WebSP1_fr.exe

Italy: http://download.microsoft.com/download/6/0/8/608C8631-7DC8-4B10-848F-35B19F516F5C/WebSP1_it.exe

Spanish: http://download.microsoft.com/download/B/0/5/B05606F9-7888-4D51-A9E1-51D8020BA1EC/WebSP1_es.exe

Traditional Chinese http://download.microsoft.com/download/4/E/2/4E2EFB9E-2FB4-47CA-B2ED-7B7BDCC59E96/WebSP1_zh-Hant.exe

Simplified Chinese: http://download.microsoft.com/download/2/F/B/2FB54FE1-A207-4AD2-82DB-D9FE8265F35F/WebSP1_zh-Hans.exe

Japanese: http://download.microsoft.com/download/3/E/F/3EFF5FF4-0E07-4F2F-84DB-384EEDC8AEEA/WebSP1_ja.exe

Korean: http://download.microsoft.com/download/C/4/2/C427C5B6-2CF5-402D-AC20-A5D16E8CC618/WebSP1_ko.exe

WMICookbook: Read Routing Table

When we need to troubleshoot networking problems we will sometimes need to read the routing table on a machine. The routing table contains the information on the routes known to the network interfaces. This can be created automatically or manually . On the local machine we can use the route command to find this information – but how do we find it on a remote machine. WMI has a class that enables us to read the routing table.

Our function takes a single parameter – a computer name (or IP address) I’ve used the advanced function parameters to this function operates on the pipeline.  We then create a .NET class to hold our data – we will be accessing a couple of WMI classes so we’ll make the presentation neat.  The class is added using Add-Type.

As an aside I really like this technique for collecting data together into a single object.  Its neater and easier to use than Add-Member.

We can then use Get-WmiObject -Class Win32_IP4RouteTable -ComputerName $computer to retrieve the routing information. We create an instance of our object and populate the properties.  One thing we need to know is the Interface ie which address on our machine is using this route,  We can find this from the Win32_NetworkAdapterConfiguration  class.  There isn’t an association but we can find the address by using the InterfaceIndex as a filter – its the same value in both classes.  if the InterfaceIndex = 1 its the Loopback Adapter on 127.0.0.1

We can then add our route to the data. When all the routes are collected we can display the data.  The data could be output onto the pipeline but at the moment I can’t think what else to do with it so we’ll leave it like this for now.

Note: Win32_IP4RouteTable is only available on Windows 2003 and later

Opera 10.01 Remote Array Overrun (Arbitrary code execution)

Topic : Opera 10.01 Remote Array Overrun (Arbitrary code execution)
SecurityAlert : 73
CVE : CVE-2009-0689
SecurityRisk : High    (About)
Remote Exploit : Yes
Local Exploit : Yes
Exploit Given : Yes
Credit : SecurityReason Research
Date : 20.11.2009
Affected Software :
- - Opera 10.01
- - Opera 10.10 Beta
NOTE: Prior versions may also be affected.

Opera fix:  The vulnerability was fixed in the latest release candidate Opera RC3

Vulnerability details in http://securityreason.com/achievement_securityalert/73

Note:  For users who have the new beta build: Opera v10.10 Build 1892 (BETA), you should check with Opera ASA if it's affected

Zero-day vulnerabilities in Firefox extensions discovered

One of the reasons behind Firefox's popularity is the availability of a vast library of extensions. Users use them to modify the browser to their liking and make their browsing experience easier and more pleasant. The problem is, unbeknown to them, these extensions are exposing them to risk.

At the SecurityByte & OWASP AppSec Conference in India, Roberto Suggi Liverani and Nick Freeman, security consultants with security-assessment.com, offered insight into the substantial danger posed by Firefox extensions.

Mozilla doesn't have a security model for extensions and Firefox fully trusts the code of the extensions. There are no security boundaries between extensions and, to make things even worse, an extension can silently modify another extension.

Any Mozilla application with the extension system is vulnerable to same type of issues. Extensions vulnerabilities are platform independent, and can result in full system compromise.

The researchers believe that the weakest link in the chain is the human factor. Many add-on developers do it for a hobby and are not necessarily aware of how dangerous a vulnerable extension can be.

More in http://www.net-security.org/secworld.php?id=8527

So how do you do a dry run?

So how do you do a dry run without buying a new server?  Look around/or build from Frys and find an overgrown desktop that can support HyperV and 64bit and stick at least 8 gigs of ram in there.  You don't need a test lab with boxes all over the place, you do need a nice enough overgrown desktop that can handle virtualization and lots of RAM.

Right now the machine I'm using for my dry run is the server I ultimately plan to migrate to.  But before that I have a box that is nothing but a virtual platform with even removable drive drays that I can slide drives and and out and make machines as I need them.

Like many things in tech, you can't just read, you have to do.  Invest in yourself here.

Ultimos lugares para el Run09 Reloaded

Dumb code could stop computer viruses in their tracks

On the day a new computer virus hits the internet there is little that antivirus software can do to stop it until security firms get round to writing and distributing a patch that recognises and kills the virus. Now engineers Simon Wiseman and Richard Oak at the defence technology company Qinetiq's security lab in Malvern, Worcestershire, UK, have come up with an answer to the problem.

Their idea, which they are patenting, is to intercept every file that could possibly hide a virus and add a string of computer code to it that will disable any virus it contains. Their system chiefly targets emailed attachments and adds the extra code to them as they pass through a mailserver. A key feature of the scheme is that no knowledge of the virus itself is needed, so it can deal with new, unrecognised "zero day" viruses as well as older ones.[...]

"This is not based on virus signature detection, so it is not something malware writers can imagine their way around," Wiseman says. Qinetiq, which has just acquired the military networking firm Boldon James, plans to exploit the trick in future secure mailservers.  "It sounds like it might have some promise," says Ross Anderson, a software security engineer at the University of Cambridge. But he adds: "I'm not sure that injecting raw machine code into attachments will be a panacea."

http://www.newscientist.com/article/mg20427355.600-dumb-code-could-stop-computer-viruses-in-their-tracks.html

MS AJAX Lib beta is out

You can get it from here. I’m curious to see if it contains new features…

Reactive Extensions for .NET

I’ve just noticed this post from the Parallel team. Now, this will be useful because it seems like it solves lots of the bugs introduced in the latest public CTP of the Parallel lib :)

New York voting machines hit by malware to lead to allegations of voter fraud and machine failures

Voting machines in a New York town have been hit by a virus casting doubt on the accuracy of counts retrieved from any of the machines.

According to the Gouverneur Times Cathleen Rogers, the democratic elections commissioner in Hamilton County, claimed that a problem had been found with their voting machines the week prior to the election, and the ‘virus' had been fixed by a technical support representative from Dominion, the manufacturer. [...]

In Symantec's 2010 security predictions, it claimed that highly specialised malware was uncovered in 2009 that was aimed at exploiting certain ATMs, indicating a degree of insider knowledge about their operation and how they could be exploited.

http://www.scmagazineuk.com/new-york-voting-machines-hit-by-malware-to-lead-to-allegations-of-voter-fraud-and-machine-failures/article/158190/?

Security Trends to Watch in 2010

- Antivirus is Not Enough
- Social Engineering as the Primary Attack Vector
- Rogue Security Software Vendors Escalate Their Efforts
- Social Networking Third-Party Applications Will be the Target of Fraud
- Windows 7 Will Come into the Cross-Hairs of Attackers
- Fast Flux Botnets Increase
- URL-Shortening Services Become the Phisher’s Best Friend
- Mac and Mobile Malware Will Increase
- Spammers Breaking the Rules
- As Spammers Adapt, Spam Volumes Will Continue to Fluctuate
- Specialized Malware
- CAPTCHA Technology Will Improve
- Instant Messaging Spam

http://www.symantec.com/connect/blogs/don-t-read-blog
http://www.symantec.com/podcasts/detail.jsp?podid=b-2010_security_outlook

Students Signing Up For Computer Hacking

The threat of cyber attacks on businesses and governments has led to a rapid increase in the number of universities offering students the chance to learn how to hack computer networks.  The degrees have been set to feed the expanding industry of "ethical hacking", in which companies pay hackers to infiltrate their systems and expose weaknesses.

The prospect of a lucrative career in the security services, police, defence and IT industries has fuelled the popularity in the courses, with hundreds of undergraduates and graduate students already enrolled.

The ethical hacking degree at Abertay University in Dundee was set up in 2006 and was the first of its kind in the UK.  Since then, other courses have been set up at Coventry, Northumbria and Sunderland, with more in the pipeline at Glasgow Caledonian, Edinburgh Napier and Leeds Metropolitan amongst others.

Colin McLean, the programme tutor in Ethical Hacking and Countermeasures at Abertay, told Sky News that teaching his students to hack networks means they will have the skills to protect banks, businesses and the critical national infrastructure against cyber attacks.

"The current people in those jobs are not protecting against hackers," he said.

"There should be jobs for people who know exactly what hackers are doing and obviously how to stop the hackers as well."

Critics have warned of the dangers of arming young people with knowledge that could so easily be turned to criminal endeavour.

http://news.sky.com/skynews/Home/Technology/More-Universities-Offer-Hacking-Courses-As-Govts-And-Frims-Look-To-Counter-Cyber-Criminal-Threat/Article/200911315458299?

Zip Tools: The Best Alternatives to WinZip and WinRar

Update Rollup 1 for Exchange Server 2007 SP2

Update Rollup 1 for Exchange Server 2007 Service Pack 2 (KB971534) is now available to download.

Overview
Update Rollup 1 for Exchange Server 2007 Service Pack 2 (SP2) resolves issues that were found in Exchange Server 2007 SP2 since the software was released. This update rollup is highly recommended for all Exchange Server 2007 SP2 customers.
For a list of changes that are included in this update rollup, see KB971534.
This update rollup does not apply to Exchange Server 2007 Release To Manufacturing (RTM) or Exchange Server 2007 Service Pack 1 (SP1). For a list of update rollups applicable to Exchange Server 2007 RTM or Exchange Server 2007 SP1, refer to the Knowledge Base article KB937052.

Refer to the How to Install the Latest Service Pack or Update Rollup for Exchange 2007 topic in the Exchange Server 2007 Technical Documentation Library for instructions to deploy this Update Rollup.

StreamInsight talk coming up at SQLBits

My talk on StreamInsight is up next. I’ll try to blog more about that later. For now, I want to mention more about SQLBits itself. This is by far the largest SQL-only conference I’ve attended (I haven’t been to SQL-PASS yet), and it’s great to be involved.

Yesterday I had an all-day seminar about the new items for Developers in SQL 2008. It was a good time – the delegates responded very positively, and many of them have caught up with me since.

But for me, the conference is being a great way of catching up with (and meeting for the first time) a bunch of SQL people that I rarely see. I’ve met people that lived only a few miles from where I grew up, and people that read my blog (Hi!), discovered people who have connections to Adelaide, and even found that my Adelaide friend Martin Cairney (who is also here) has a strange connection to Donald Farmer (of Microsoft), that their parents shared a back fence or something… Now Trevor Dwyer tells me a colleague of his knows me from somewhere… the world is very small here.

My StreamInsight talk will be interesting I hope. I have some stuff to show off, and I plan to involve the audience a little as well. If you’re at SQLBits and feel like being involved in an interactive session, then definitely come along. I want to hear from people in the audience who have dabbled with StreamInsight and also other vendors’ Complex Event Processing offerings. This is a brand new technology from Microsoft, and there will be a large range of adoption levels in the room.

MS discovers flaw in Google plug-in for IE

Microsoft has helped discover a flaw in the Google Chome Frame plug-in for Internet Explorer users.

The plug-in allows suitably coded web pages to be displayed in Internet Explorer using the Google Chrome rendering engine. Redmond warned that the plug-in made IE less secure as soon as it became available back in September, an argument bolstered by the discovery of a cross-origin bypass flaw in the add-in

Successfully exploiting the flaw creates a means for hackers to bypass security controls though not to go all the way and drop malware onto vulnerable systems.

Google acknowledged the flaw and urged users to update to version 4.0.245.1 of Google Chrome Frame. All users should be updated automatically to the latest version of the software, which also tackles a number of performance and stability glitches. Chief among these are problems handling iFrames, as explained in Google's security advisory here.

http://www.theregister.co.uk/2009/11/20/google_plug_in_bug/

IE8 bug makes 'safe' sites unsafe

The latest version of Microsoft's Internet Explorer browser contains a bug that can enable serious security attacks against websites that are otherwise safe.

The flaw in IE 8 can be exploited to introduce XSS, or cross-site scripting, errors on webpages that are otherwise safe, according to two Register sources, who discussed the bug on the condition they not be identified. Microsoft was notified of the vulnerability a few months ago, they said.

Ironically, the flaw resides in a protection added by Microsoft developers to IE 8 that's designed to prevent XSS attacks against sites. The feature works by rewriting vulnerable pages using a technique known as output encoding so that harmful characters and values are replaced with safer ones. A Google spokesman confirmed there is a "significant flaw" in the IE 8 feature but declined to provide specifics.[...]

Late on Thursday afternoon, Microsoft told The Register: "Microsoft is investigating new public claims of a vulnerability in Internet Explorer. We're currently unaware of any attacks trying to use the claimed vulnerability or of customer impact."

Once its investigation is finished, the company will "take appropriate action," including issuing a patch or guidance on how users can protect themselves against exploits.

http://www.theregister.co.uk/2009/11/20/internet_explorer_security_flaw/