Tuesday, September 26, 2006

*** Great Lakes Geek Freebie Software - Today Only ***

*** Great Lakes Geek Freebie Software - Today Only ***

Download NTI Ninja software free on 9/26NewTech Infosystems (NTI) is making their new Ninja software - a USB data storage and protection software solution - available free.Unlike most fixed partition USB software, NTI Ninja allows users to adjust the size of their public and private partitions on their portable storage device. In addition, the software provides users with complete storage area anti-tamper encryption and password protection.The new software was developed to meet the dramatic increase in today's mobile workforce, the increased use of USB storage devices and the need to protect content and data from being stolen or compromised on the small, portable devices.Get it on the 26th for free or pay $24.95 after that.The link is at http://www.greatlakesgeek.com

*** More Freebies ***
While you are in the mood for free stuff, check out the Free Book on Security Engineering. Ross Anderson is a professor of security engineering at the University of Cambridge Computer Laboratory and an acknowledged expert in the field. His book, Security Engineering, is now available online for free download (chapter by chapter) even though it's still for sale http://www.greatlakesgeek.com/glg/tips.htm And you can win a free copy of O'Reilly's Podcasting Hacks - Tips & Tools for Blogging Out Loud.

Check the news at http://www.greatlakesgeek.com
Thanks to Great Lakes Geek sponsors Aztek Technology, BEST Group Management Consultants, Boundless Flight, Hahn Loeser and O’Reilly Publishing. They get it. Do you? Want to join them and reach lots of business and tech professionals? Drop us a line.

Wednesday, September 20, 2006

FAQ about the latest IE bug

Listed below are a set of FAQ questions surrounding the new IE bug.

What's the problem? A vulnerability newly discovered in Microsoft Internet Explorer could allow an attacker to take over a targeted machine -- even a machine whose patches are all up to date.

What's it called? The Common Vulnerabilities and Exposures list tentatively designates this vulnerability as CVE-2006-4868. McAfee calls it Exploit-VMLFill; Trend Micro calls it EXPL_EXECOD.A; Symantec calls it Trojan.Vimalov, reflecting its probable Russian origin. SecurityFocus assigns it a Bugtraq ID of 20096.

Which programs and versions are affected? Internet Security Systems reports that the flaw affects all versions of IE that include support for VML, which means Versions 5 and 6, though tests so far have generally looked at Version 6. There have been no reports of the attack working on IE 7. Recent versions of Outlook and Outlook Express are also vulnerable, as are all versions and service packs for Windows 2000 and XP. (On Windows 2003, IE runs by default in a restricted mode, in which certain binary and script behaviors are disabled; if those settings have been changed the system may be vulnerable.)

Are Mac, Linux or Unix systems vulnerable? What about Firefox? No, no, no and no. (Something Firefox aficionados are trumpeting loudly over in the SunbeltBlog comments That's not winning many popularity contests.)
How is the vulnerability exploited? So far, the exploit has been found in the wild on a handful of Russian sites, mostly porn-related. Propagation is via the usual routes, particularly e-mail, though IM or any service by which an HTML link can be sent will do. Users must click on an HTML link to load the affected document. Outlook or Outlook Express users who automatically open HTML messages are also at risk.

What's the sequence of events? Security veterans won't be surprised to learn that we have yet another buffer-overflow attack here. The buffer is deluged and overflows, pushing JavaScript shell code into adjacent buffers for execution. The code downloads a piece of malware and saves it to the hard drive as CPU.exe, after which Internet Explorer generally shuts down.

What's the payload? Depends, but the vulnerability can allow attackers to take complete control of the machine so the potential for mayhem is high. Most attacks so far are recruiting PCs into botnets, presumably to be used for other attacks or malware propagation at a later date. They're also depositing a stunning amount of adware on victimized machines, as Sunbelt researcher Adam Thomas described in a blog posting. The potential for trouble, rather than the current infection rate, is why organizations such as Secunia are concerned at the moment.

When can I expect an official patch? Microsoft, in a security advisory released yesterday, says it's working on a patch that's in the final stages of compatibility testing. The company expects to release it on October's Patch Tuesday, scheduled for Oct. 10.
That long?! So far, it doesn't appear that we've got another Windows Metafile zero-day mess on our hands, not least because the vulnerability was apparently obscure for quite some time. (More on the discovery process below.) If things heat up, Microsoft says it'll work to release the patch earlier.

Is that likely? Chris Mosby's blog says that Web Attacker, the notorious tool kit for Trojans, has been updated to include support for exploiting the vulnerability. Not a good sign.
What can I do in the meantime? Simply put: Turn off JavaScript execution, since the code inserted in the buffer overflow is JavaScript. More fully, Microsoft and independent experts are recommending that admins (and users with admin privileges) temporarily unregister vgx.dll, the affected library, with the following command:
regsvr32 -u "%ProgramFiles%\CommonFiles\Microsoft Shared\VGX\vgx.dll"
After the DLL is unregistered, reboot the computer. Once a patch is available, the DLL may be reregistered at your convenience. Security expert Jesper Johansson has posted some useful templates, using Group Policy, for fast fix deployment in Windows domains.
Microsoft says that Windows Live OneCare users who currently have green status are protected from all known malware, and it recommends that all users check that their antivirus protections are up to date. Antivirus software that includes protection against buffer overflows appears to protect against the exploit.
If vgx.dll is crucial to your users, the Access Control List for the DLL may be modified to forbid access to the "everyone" group.
Microsoft suggests those using IE 6 for XP Service Pack 2 can protect themselves by disabling binary and script behaviors in the Internet and Local Internet security zones. Those setting are reached through the Tools --> Internet Options -- > Security --> (zone) --> Active X controls and plug-ins for both zones.
(Several observers have noted that Microsoft is clearly taking the problem seriously, as it's rare for the company to recommend disabling functionality in its products, even temporarily!)

What does vgx.dll do? Practically speaking, not much. It's a dynamic link library supporting VML, the hypertext markup language that handles the display of vector graphics. The VML proposal has been around since 1998, but it's not very widely used online. It's unlikely that most users will even know it's (temporarily) not supported by their IE browser.
Hasn't vgx.dll been involved in security advisories before? Good memory. It was indeed one of the buffers affected in certain versions of Windows when the 2004 .jpeg processing buffer-overflow problem covered in MS04-028 was spotted.

Who found the flaw? Funny you should ask. Sunbelt first noticed the exploit in the wild around noon on Monday and posted the code to a private mailing list of security professionals, who began the vetting process. According to Alex Eckleberry at Sunbelt, this was the first the security professionals on their (closed, vetted) list had heard of the vulnerability. However, Eckleberry found out later in the day that ISS has apparently been aware of the exploit for some time and has been working with Microsoft on a fix. That organization issued an advisory on Tuesday.

The full article can be found here.

Tuesday, September 19, 2006

Does MOSS 2007 support folders?

Q: I was wondering if document libraries in SharePoint 2007 support folders within them. Does MOSS 2007 support folders?

A: Yes, MOSS (Microsoft Office SharePoint Server) does support folders within a document library (see screen caption below). To create a folder, simply click "New" and select "New Folder".

Monday, September 18, 2006


As discussed during our last meeting, SharePoint 2007 has many new features. And as with any new feature, some confusion is bound to be included. Two of those new features are ODC and BDC. To help clear some of the confusion around these 2 items, here's a brief explanation of the two.

ODC (Office Data Connection) is used to connect Excel Services to a specific database, without making the user remember userID, password, DB Name, server name, etc. Instead, all these items are stored in an XML format file with the extension name .ODC. The .ODC file can be created by using the Excel client to create the file, then upload the file to a Data Connection Library. Once uploaded, a user simply refers to the ODC file, where all connection string parameters are stored. The data connection can then be used by various Excel Web Parts to display the data and KPIs. To read more about the ODC, go to http://blogs.msdn.com/excel/archive/2006/02/16/533865.aspx

BDC (Business Data Catalog) is another method used to connect to a database. The BDC file is also in XML format. The key difference is that a BDC file also holds the query statement so it connects and retrieves the data. Once the data is retrieved, the BDC can be connected to 1 of 5 BDC web parts. To read more about the BDC, go to http://msdn2.microsoft.com/en-us/library/ms563661.aspx

Thursday, September 7, 2006

Spreadsheet Web Part Add-In for Microsoft Office Excel 2003

During our last meeting we discussed SharePoint 2007 and how Excel Services is one of it's big features. I recenly found a web part that enables the use of Excel 2003 with Windows SharePoint Services.

The Spreadsheet Web Part Add-In for Microsoft® Office Excel 2003 makes it easy to design your own Spreadsheet Web Parts and save them to a site based on Microsoft Windows® SharePoint™ Services.

For more information or to download the Excel web part, click here.

Wednesday, September 6, 2006

What is WinFX?

Q: What is WinFX?

A: WinFX is an Object Oriented set of APIs that leverage the .Net Framework and expose that breadth of the Longhorn OS to developers. WinFX contains .Net Framework(FW) and is available in managed code. It builds on and extends the .Net FW

As the name may suggest, WinFX consists of 2 major parts:
1. WIN (Windows): Win32 APIs.
2. FX (Framework): speaks to .Net Framework

There are 4 Portions of WinFX
1. Presentation
2. Data
3. Communications
4. Fundamentals

In addition, WinFX offers functionality from other systems:
  • Avalon fucntionality is in the System.Windows namespace. This is the new presentation SubSystem for Longhorn.
  • ASP.Net and Indigo functionality are both in the System.Web namespace. Indigo is the new technology for web services.
  • WinFS functionality is in the System.Storage namespace. It contains relational aspects of the file system.
  • Yukon Functionality for database access is in System.Data.SQL Server namespace