Search results matching tag 'Security'

I am a forum spammer! Delete my account immediately!!

Anonymous — Mon, 26 Oct 2009 05:00:00 GMT

The subject may look confusing that 1 part of it confirms its a forum spammer and another part to delete that account!!! Here is the email text that I have received highlighting valueable advice on security: *********** This email address was created solely to register automatically at thousands of forums for the purposes of spamming forums like yours. Remove my account and any other account registered with my email address, and strongly consider strengthening your forum's password requirements....(read more)

Some of the .NET patch install suggestions....

bradley — Wed, 21 Oct 2009 05:00:00 GMT

Some of the .NET patch install suggestions....

Newsgroups: microsoft.public.windowsupdate
References: <OSBXnxGTKHA.4360@TK2MSFTNGP04.phx.gbl>

"Shawn E. Hale"
news:OSBXnxGTKHA.4360@TK2MSFTNGP04.phx.gbl...

All other updates released this date installed fine with the
exception of KB953297. Another home computer installed this update
with no problem.

The only difference I can find is that the computer where the install
failed had .NET Framework 1.1 Hotfix KB928366 installed. The article
(http://support.microsoft.com/kb/953297) states that this recent
update "supersedes" the hotfix. I tried to uninstall the hotfix but
that lead to another problem where it could not find the "netfx.msi"
file to continue.

So I stopped that hoping to find another answer here. Any thoughts
on what I should do?

I had the same problem, all 100pc's on the network were failing (due,
I think, to previously installed Visual Studio .Net apps, which
updated dot net). It appears that the installer is referencing a
registry key to find the location of the netfx.msi file. When it
fails to find the file it errors out.

I grabbed the dotnetfx.exe file from
http://www.microsoft.com/downloads/details.aspx?FamilyID=a8f5654f-088e-40b2-bbdb-a83353618b38&displaylang=en ,
opened it with WinRAR (or use any comprssion program) and extracted
the netfx.msi to our network. I then entered the network location
into the registry key
[HKEY_CLASSES_ROOT\Installer\Products\DDE7F2BCF1D91C3409CFF425AE1E271A\SourceList\Net] "1"=hex(2):<long hex string you will need to change to your netfx.msi location

Then I re-ran the updates and it installed fine.

Hope this helps someone,
Box

Online advertising regaining momentum

siljaline — Wed, 21 Oct 2009 05:00:00 GMT

After bogging down in the recession, internet advertising is regaining the momentum that has made it the decade's most disruptive marketing machine.

The signs of an online revival are emerging even while advertising in print and broadcasts remains in a slump that has triggered mass layoffs, pay cuts and other upheaval.

Internet advertising was just about the only bright spot in the third-quarter reports of two major U.S. newspaper publishers, Gannett Co. and McClatchy Co.

Meanwhile, the companies still are dealing with steep declines in print ads — an imbalance most analysts predict will take years to address.

More: http://www.cbc.ca/technology/story/2009/10/21/online-advertising-rebound.html

Social engineering at it's finest

bradley — Mon, 19 Oct 2009 05:00:00 GMT

They are starting to spoof "upgrade" emails very nicely these days. Warn your customers that no upgrades will be emailed to them.

Inform them of exactly HOW you do updates and how you will not email them links like this. Set in place a process for how you inform folks of needed actions and ensure communication is done in such a manner that they know you are you and spoofs like this can't happen.

Adobe Patched Lücke in Acrobat Reader 9.1.x

Wstein — Fri, 16 Oct 2009 05:00:00 GMT

neben dem Microsoft Patchday gab auch Adobe ein Update für den Adobe Reader heraus. Dieses Update schließt Lücken über die DOS – Angriffe oder verschiedene Buffer overflows ausgeführt werden können. Das Update sollte unbedingt eingespielt werden, der Adobe Reader hat dann die Versionsnummer 9.2.

Viele Grüße

Walter Steinsdorfer

One of the promised land issues in cloud deployments is that you never have to worry about upgrades.

Anonymous — Thu, 15 Oct 2009 05:00:00 GMT

Obligatory cloud paranoia post to justify the Mac Book from www.vladville.com

One of the promised land issues in cloud deployments is that you never have to worry about upgrades.

The reality is vastly different. Just ask the Sidekick folks about how well upgrades go. And on the Google doc front, just because someone else updates doesn't mean that the problems go away...

Bugs hit Google Docs after recent upgrade:
http://www.computerworld.com/s/article/9139350/Bugs_hit_Google_Docs_after_recent_upgrade

Bottom line, I don't care how big or small you are, there are risks in updating. Period. Whether we do it, he does it, they do it, we all deal with the resulting aftermath.

A big, big, big sigh

bradley — Thu, 15 Oct 2009 05:00:00 GMT

Jerome Chout : Do not apply KB974571 to LCS/OCS Servers:
http://blogs.technet.com/jchout/archive/2009/10/15/do-not-apply-kb974571-to-lcs-ocs-servers.aspx

This is one of those patch testing moments that you just shake your head and wonder who was asleep at the wheel here. Just for grins I installed 974571 on my Live Communication Server 2005. The minute you reboot the box, the internal IM dies and refuses to log in, the LCS server service fails to start. When you log into the box and check the event viewer, it's very obvious that LCS is having a problem.

There are times that I know that it's hard to find patch issues. We have a lot of software, we have a corner issues. This one... this is a big fat ooops that implies to me that someone somewhere didn't do a basic job of testing.

This is why I have the "canary plan" where I test patches first before installing them. This is why i know patches can be uninstalled. This why we don't have automatic updates on.

In my opinion, this one should not have gotten out the door like this. And when one does, it impacts patch trust.

And for me, that's a big big sigh.

A big, big, big sigh

Anonymous — Thu, 15 Oct 2009 05:00:00 GMT

This is why I have the "canary plan" where I test patches first before installing them. This is why i know patches can be uninstalled. This why we don't have automatic updates on.

In my opinion, this one should not have gotten out the door like this. And when one does, it impacts patch trust.

And for me, that's a big big sigh.

Oktober Patchday!

Wstein — Wed, 14 Oct 2009 05:00:00 GMT

es ist wieder soweit, Microsoft hat gestern abend wieder einige Sicherheitsupdates freigegeben. Das aktuelle Security Bulletin findet ihr unter http://www.microsoft.com/germany/technet/sicherheit/bulletins/ms09-oct.mspx

Es sind einige kritische Updates vorhanden die Remotecodeausführung verhindern, diese sollten unbedingt eingespielt werden. Insbesondere auf den SMB-Patch möchte ich verweisen, hier gibt es ja bereits Beispielcode wie die Lücke ausgenutzt werden kann. Wer diesen Patch nicht sofort einspielen möchte kann auch per Gruppenrichtlinie SMBv2 ausschalten (siehe Screenshot).

Viele Grüße

Walter Steinsdorfer

Things to read, things to watch

Anonymous — Wed, 14 Oct 2009 05:00:00 GMT

Things to watch tonight -- http://ecn.channel9.msdn.com/o9/edge/2/0/4/1/1/oct2090msrcov_edge.wmv

Things to read tonight --

http://blogs.technet.com/msrc/archive/2009/10/13/october-2009-security-bulletin-release.aspx

http://isc.sans.org/diary.html?storyid=7345

Assessing the risk of the October security bulletins – Security Research & Defense blog
MS09-051: A note on the affected platforms – Security Research & Defense blog
MS09-050: Exploit timeline for SMB2 RCE vulnerability – Security Research & Defense blog
MS09-054: Extra info on the attack surface for the IE security bulletin – Security Research & Defense blog
MS09-061: More information about the .NET security bulletin – Security Research & Defense blog
Scanti-ly Clad – Another Rogue Stripped by MSRT – Microsoft Malware Protection Center blog

And I already had to pull this one - http://support.microsoft.com/default.aspx?scid=kb;en-us;974417 off the blog site as it was causing the site to resolve very poorly. I'll be calling into Microsoft support tomorrow (or rather emailing in) but when something worked before, and now it doesn't, sometimes don't do a "system rollback", think about which patch may be the trigger and pull off just that one.