Tuesday, December 26, 2006
Visual Studio 2005 SP1
To download SP1, go to http://www.microsoft.com/downloads/details.aspx?familyid=BB4A75AB-E2D4-4C96-B39D-37BAF6B5B1DC&mg_id=10055&displaylang=en#Overview
For related issues with installing SP1, go to http://support.microsoft.com/default.aspx?scid=928957
Friday, December 1, 2006
Microsoft support for classic ASP and VB6
A: Primary support ended in April of 2005 for those products. They are currently in the "extended support lifecycle" which means that we only provide free security fixes. That will be ending next year in April and then there will only be the "online" support of KB articles that are already published.
If you have a customer still using them, I highly recommend you upgrade them, as that technology just isn't up to the task of dealing with Today's types of security, scalability or reliability requirements.
Thanks to Bill Steele (Microsoft) for providing this info first hand.
Tuesday, November 14, 2006
Salary Survey
* Salary Survey 2006: Smart Salary Tool For Comparing Pay http://cwflyris.computerworld.com/t/1004849/209182/41105/2/
* 2006 Salary Survey Blog: 'I Want a Raise'
http://cwflyris.computerworld.com/t/1004849/209182/41106/2/
* Gender Gap: Women's Paychecks Still Lag Men's http://cwflyris.computerworld.com/t/1004849/209182/41104/2/
Friday, November 10, 2006
Overseas Outsourcing
To read the full article, go to http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9004836&source=NLT_AM&nlid=1
Tuesday, November 7, 2006
DoEvents()
A: The method DoEvents() will handle this requirement. By placing a call to DoEvents at the top of the loop, this method will process all messages queued from the Operating System, including shutting down the application. Using the DoEvents() method requires a reference to System.Windows.Forms.dll. Furthermore, the DoEvents() method is found in the class System.Windows.Forms.Application.
Private Sub btn1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btn1.Click
Dim intCounter as Integer
For intCounter = 1 To 1000
DoEvents() 'located in System.Windows.Forms.Application
'Processing Procedure here
Next
End Sub
Friday, November 3, 2006
VB 2005 Presentation
Wednesday, October 11, 2006
New Content Management Functionality in Microsoft Office 2007
There are two main new offerings from Microsoft:
- Content Services for SharePoint, which provides access to the Documentum repository within SharePoint so users can check documents in and out and manage metadata and virtual documents.
- Archive Services for SharePoint, which can either manually or automatically move content into SharePoint.
Friday, October 6, 2006
Microsoft due to release 11 security updates on October 10, 2006
On Tuesday, October 10, 2006 Microsoft will release 11 security updates. Six patches affect Windows, 4 affect Office, and 1 affecting the .Net Framework. A brief summary of these patches is listed below.
6 Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. Some of these updates will require a restart.
4 Microsoft Security Bulletins affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.
1 Microsoft Security Bulletin affecting Microsoft .NET Framework. The highest Maximum Severity rating for this is Moderate. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. These updates may require a restart.
Microsoft Windows Malicious Software Removal Tool
In addition, Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center. This tool will NOT be distributed using Software Update Services (SUS).
Non-security High Priority updates on MU, WU, WSUS and SUS
Microsoft will release No NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).
Microsoft will release two NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
Although we do not anticipate any changes, the number of bulletins, products affected, restart information and severities are subject to change until released.
To help answer questions on these patches, Microsoft will be hosting a web cast on Wednesday, October 11, 2006, the day after the patch release. To sign-up for this web cast click here. For more information on these patches, goto to the Microsoft TechNet site.
Monday, October 2, 2006
Development compatibility and support on Vista:
VS 2005 SP1 supported;
VS 2005 NOT supported;
VS 2003/2002 NOT supported;
VB6 supported!
Interesting! Thanks to Mark H. for passing this interesting tid-bit along.
Tuesday, September 26, 2006
*** Great Lakes Geek Freebie Software - Today Only ***
Download NTI Ninja software free on 9/26NewTech Infosystems (NTI) is making their new Ninja software - a USB data storage and protection software solution - available free.Unlike most fixed partition USB software, NTI Ninja allows users to adjust the size of their public and private partitions on their portable storage device. In addition, the software provides users with complete storage area anti-tamper encryption and password protection.The new software was developed to meet the dramatic increase in today's mobile workforce, the increased use of USB storage devices and the need to protect content and data from being stolen or compromised on the small, portable devices.Get it on the 26th for free or pay $24.95 after that.The link is at http://www.greatlakesgeek.com
*** More Freebies ***
While you are in the mood for free stuff, check out the Free Book on Security Engineering. Ross Anderson is a professor of security engineering at the University of Cambridge Computer Laboratory and an acknowledged expert in the field. His book, Security Engineering, is now available online for free download (chapter by chapter) even though it's still for sale http://www.greatlakesgeek.com/glg/tips.htm And you can win a free copy of O'Reilly's Podcasting Hacks - Tips & Tools for Blogging Out Loud.
Check the news at http://www.greatlakesgeek.com
Thanks to Great Lakes Geek sponsors Aztek Technology, BEST Group Management Consultants, Boundless Flight, Hahn Loeser and O’Reilly Publishing. They get it. Do you? Want to join them and reach lots of business and tech professionals? Drop us a line.
Wednesday, September 20, 2006
FAQ about the latest IE bug
What's the problem? A vulnerability newly discovered in Microsoft Internet Explorer could allow an attacker to take over a targeted machine -- even a machine whose patches are all up to date.
What's it called? The Common Vulnerabilities and Exposures list tentatively designates this vulnerability as CVE-2006-4868. McAfee calls it Exploit-VMLFill; Trend Micro calls it EXPL_EXECOD.A; Symantec calls it Trojan.Vimalov, reflecting its probable Russian origin. SecurityFocus assigns it a Bugtraq ID of 20096.
Which programs and versions are affected? Internet Security Systems reports that the flaw affects all versions of IE that include support for VML, which means Versions 5 and 6, though tests so far have generally looked at Version 6. There have been no reports of the attack working on IE 7. Recent versions of Outlook and Outlook Express are also vulnerable, as are all versions and service packs for Windows 2000 and XP. (On Windows 2003, IE runs by default in a restricted mode, in which certain binary and script behaviors are disabled; if those settings have been changed the system may be vulnerable.)
Are Mac, Linux or Unix systems vulnerable? What about Firefox? No, no, no and no. (Something Firefox aficionados are trumpeting loudly over in the SunbeltBlog comments That's not winning many popularity contests.)
How is the vulnerability exploited? So far, the exploit has been found in the wild on a handful of Russian sites, mostly porn-related. Propagation is via the usual routes, particularly e-mail, though IM or any service by which an HTML link can be sent will do. Users must click on an HTML link to load the affected document. Outlook or Outlook Express users who automatically open HTML messages are also at risk.
What's the sequence of events? Security veterans won't be surprised to learn that we have yet another buffer-overflow attack here. The buffer is deluged and overflows, pushing JavaScript shell code into adjacent buffers for execution. The code downloads a piece of malware and saves it to the hard drive as CPU.exe, after which Internet Explorer generally shuts down.
What's the payload? Depends, but the vulnerability can allow attackers to take complete control of the machine so the potential for mayhem is high. Most attacks so far are recruiting PCs into botnets, presumably to be used for other attacks or malware propagation at a later date. They're also depositing a stunning amount of adware on victimized machines, as Sunbelt researcher Adam Thomas described in a blog posting. The potential for trouble, rather than the current infection rate, is why organizations such as Secunia are concerned at the moment.
When can I expect an official patch? Microsoft, in a security advisory released yesterday, says it's working on a patch that's in the final stages of compatibility testing. The company expects to release it on October's Patch Tuesday, scheduled for Oct. 10.
That long?! So far, it doesn't appear that we've got another Windows Metafile zero-day mess on our hands, not least because the vulnerability was apparently obscure for quite some time. (More on the discovery process below.) If things heat up, Microsoft says it'll work to release the patch earlier.
Is that likely? Chris Mosby's blog says that Web Attacker, the notorious tool kit for Trojans, has been updated to include support for exploiting the vulnerability. Not a good sign.
What can I do in the meantime? Simply put: Turn off JavaScript execution, since the code inserted in the buffer overflow is JavaScript. More fully, Microsoft and independent experts are recommending that admins (and users with admin privileges) temporarily unregister vgx.dll, the affected library, with the following command:
regsvr32 -u "%ProgramFiles%\CommonFiles\Microsoft Shared\VGX\vgx.dll"
After the DLL is unregistered, reboot the computer. Once a patch is available, the DLL may be reregistered at your convenience. Security expert Jesper Johansson has posted some useful templates, using Group Policy, for fast fix deployment in Windows domains.
Microsoft says that Windows Live OneCare users who currently have green status are protected from all known malware, and it recommends that all users check that their antivirus protections are up to date. Antivirus software that includes protection against buffer overflows appears to protect against the exploit.
If vgx.dll is crucial to your users, the Access Control List for the DLL may be modified to forbid access to the "everyone" group.
Microsoft suggests those using IE 6 for XP Service Pack 2 can protect themselves by disabling binary and script behaviors in the Internet and Local Internet security zones. Those setting are reached through the Tools --> Internet Options -- > Security --> (zone) --> Active X controls and plug-ins for both zones.
(Several observers have noted that Microsoft is clearly taking the problem seriously, as it's rare for the company to recommend disabling functionality in its products, even temporarily!)
What does vgx.dll do? Practically speaking, not much. It's a dynamic link library supporting VML, the hypertext markup language that handles the display of vector graphics. The VML proposal has been around since 1998, but it's not very widely used online. It's unlikely that most users will even know it's (temporarily) not supported by their IE browser.
Hasn't vgx.dll been involved in security advisories before? Good memory. It was indeed one of the buffers affected in certain versions of Windows when the 2004 .jpeg processing buffer-overflow problem covered in MS04-028 was spotted.
Who found the flaw? Funny you should ask. Sunbelt first noticed the exploit in the wild around noon on Monday and posted the code to a private mailing list of security professionals, who began the vetting process. According to Alex Eckleberry at Sunbelt, this was the first the security professionals on their (closed, vetted) list had heard of the vulnerability. However, Eckleberry found out later in the day that ISS has apparently been aware of the exploit for some time and has been working with Microsoft on a fix. That organization issued an advisory on Tuesday.
The full article can be found here.
Tuesday, September 19, 2006
Does MOSS 2007 support folders?
A: Yes, MOSS (Microsoft Office SharePoint Server) does support folders within a document library (see screen caption below). To create a folder, simply click "New" and select "New Folder".
Monday, September 18, 2006
ODC vs. BDC
ODC (Office Data Connection) is used to connect Excel Services to a specific database, without making the user remember userID, password, DB Name, server name, etc. Instead, all these items are stored in an XML format file with the extension name .ODC. The .ODC file can be created by using the Excel client to create the file, then upload the file to a Data Connection Library. Once uploaded, a user simply refers to the ODC file, where all connection string parameters are stored. The data connection can then be used by various Excel Web Parts to display the data and KPIs. To read more about the ODC, go to http://blogs.msdn.com/excel/archive/2006/02/16/533865.aspx
BDC (Business Data Catalog) is another method used to connect to a database. The BDC file is also in XML format. The key difference is that a BDC file also holds the query statement so it connects and retrieves the data. Once the data is retrieved, the BDC can be connected to 1 of 5 BDC web parts. To read more about the BDC, go to http://msdn2.microsoft.com/en-us/library/ms563661.aspx