Microsoft has just patched another critical hole in Vista that it knew about as long ago as last Christmas. The delay was similar to its lag in patching the serious (and heavily targeted) animated-cursor flaw I told you about last month. The new problem involves the way that the OS’s Client/Server Run-time Subsystem (CSRSS) handles error messages, and it affects Windows 2000 SP4 and Windows XP too. This flaw may not be as severe as the cursor problem, as Microsoft says you’d have to perform certain unspecified “actions” on a malicious Web site before an assault could succeed. But if you were to get snared, an attacker could run any command or program on the victimized PC. Proof-of-concept code, which often presages attacks, is available, but no active attacks on this hole have been reported yet. If you have Automatic Updates enabled, the fix should already be installed. Otherwise, make …
Read More »Configuring Exchange Server 2007 Preview – Disaster Recovery with Exchange Server 2007
Disaster Recovery with Exchange Server 2007 Solutions in this chapter: Backing Up Exchange 2007 Using Windows 2003 Backup Restoring Exchange 2007 Storage Groups and Databases Using Windows 2003 Backup Repairing a Corrupt or Damaged Exchange 2007 Database Using Eseutil Restoring Mailbox Data Using the Recovery Storage Group Feature Recovering an Exchange 2007 Server Using the RecoverServer Switch Recovering an Exchange 2007 Cluster Using the RecoverCMS Switch Restoring Mailbox Databases Using the Improved Database Portability Feature
Read More »Microsoft Invites Hackers Back for Blue Hat
Microsoft’s latest Blue Hat conference kicked off with talks on mobile security, hardware hacking, and Windows security tools Microsoft Corp. is once again inviting members of the hacking community into its Redmond, Washington, campus to show the software giant where it’s gone wrong. The company’s latest Blue Hat conference kicked off Wednesday with talks on mobile security, hardware hacking, Microsoft’s security tools and the underground vulnerability economy. Microsoft began hosting these events two years ago as a way to foster dialogue between the company’s security team and external security researchers, many of whom have been critical of the company’s approach to security. Typically held twice a year, the Blue Hat conferences are closed to most outsiders but draw hundreds of Microsoft employees. The name Blue Hat derives from the Black Hat security conferences. The “Blue” part comes from the color of badges that Microsoft staffers wear on campus. The conference …
Read More »Configuring the ISA Server 2006 HTTP Filter
In this article I will give you a high level overview of the ISA Server 2006 HTTP Filter. I will show how to use this HTTP Filter to protect your internal network from some types of attacks in Webserver Publishing scenarios. We will also see how to prevent users from using the Universal Firewall Bypass protocol (HTTP) to bypass the Firewall for network traffic like Microsoft Live Messenger, Yahoo Messenger or othes that have a function to use HTTP instead of their native protocols. What is a Webfilter A Webfilter in ISA Server 2006 is a set of Dynamic Link Libraries (DLLs) which are based on the IIS ISAPI (Internet Server Application Programming Interface) Model. Webfilter in ISA Server 2006 will be loaded from the Webproxy Filter. If the Webfilter is loaded, all information will be forwarded to the Webproxy Filter. The Webproxy Filter is responsible for determining which type …
Read More »The Greenest Laptop on the Planet
The One Laptop Per Child non-profit headed up by MIT’s Nicholas Negroponte is coming up against its self-imposed deadline of May 31 to secure three million orders for its little green computers. Lots of developing countries have shown interest, but none have yet signed on the dotted line. In a 60 Minutes segment, Negroponte accuses Intel of trying to scuttle One Laptop Per Child’s chances of success by pushing its own $400 Classmate laptop to the same education ministries around the globe. Even at $176 per laptop, government officials in places like Brazil or Cambodia are understandably wary of spending scarce funds on an unproven technology. Maybe Negroponte should pound the drum harder not just on the affordability of his laptops, but on how they are also much more environmentally friendly than the alternatives.
Read More »MENGHUKUM DIRI SENDIRI
Suatu ketika, Raden Permadi didatangi sekelompok “orang kampung” dalam keadaan cemas. Kelompok orang tersebut minta pertolongan sang ksatria untuk menumpas sekawanan perampok yang sedang merajalela di kampungnya. Terdorong rasa kemanusiaan yang mendalam, apalagi mentaati posisinya sebagai penjaga ketentraman, Raden Permadi tanpa pikir masuk ke gudang senjata, mengambil panah sebagai sarana untuk menghadapi pengacau. Betapa terkejutnya dia, karena didapati kakaknya, Raden Yudisthira sedang memadu kasih dengan Dewi Drupadi. Suatu tindakan tidak sopan bagi adik untuk menyaksikan keadaan ini. Apa boleh buat, dia tetap memasuki gudang, mengambil senjata untuk membantu rakyat.
Read More »Menggunakan Software Legal, Sudah Siapkah Kita?
“Migrasi ke opensource” yach kata ini ini yang sering terdengar oleh kita jika menemui seputar polemik dalam pemilihan atau penggunaan sistem operasi yang akan digunakan di warnet, instansi baik swasta maupun pemerintah dan untuk keperluan pribadi. Antara menggunakan Windows atau Linux (Opensource), antara ramai atau sepi, untung atau rugi? Bagi user atau pemakai menggunakan windows merupakan hal yang baru karena sudah terbiasa atau istilahnya sudah familiar, tapi bagaimana dengan linux? Menggunakan linux diakui kurang familiar dengan kebanyakan user akan tetapi linux juga memilki kelebihan-atau keunggulan yang tidak dimiliki oleh windows semisalnya dalam hal kestabilan dan daya tahan terhadap ancaman virus, spyware, Trojan dll. Mendengar kata “linux” saja, kebanyakan suara yang terdengar adalah seperti sesuatu hal yang menakutkan bagi pemakai komputer umumnya. Akhirnya timbulah semacam pameo atau semacam anggapan yang secara spontanitas terucap adalah bahwa “linux” itu susah! Padahal kalau ditelusuri lebih mendalam sebenarnya tidaklah demikian seperti yang ada saat ini …
Read More »Apa yang salah dengan Windows Vista?
Windows Vista adalah langkah besar menuju kemunduran kebebasan anda. Biasanya, software baru memberikan kebebasan untuk melakukan sesuatu yang lebih dengan komputer anda. Vista didisain untuk membatasi apa yang dapat anda lakukan. Vista memaksakan bentuk baru dari DRM (Digital Rights Management). DRM ini lebih tepat disebut Digital Restrictions Management, karena dengan teknologi ini perusahaan besar mencoba untuk menekan kita semua, dengan cara mengontrol tentang bagaimana kita menggunakan komputer. Berikut kutipan dari Bruce Scheier (Ahli keamanan teknologi) “Windows Vista membawa kumpulan “feature” yang anda tidak inginkan. Feature ini akan membuat komputer anda kurang dapat dipercaya dan kurang aman. Mereka (feature) membuat komputer anda lebih tidak stabil dan berjalan lebih lambat. Mereka akan menyebabkan masalah dukungan teknis. Bahkan feature ini memaksa anda untuk mengupgrade perangkat hardware dan software yang telah ada. Teknologi DRM yang bersifat otoriter – dan anda tidak dapat menolak mereka.” “Windows Vista includes an array of “features” that you don’t …
Read More »Inside Windows Vista User Account Control
UAC’s Goal UAC is meant to enable users to run with standard user rights, as opposed to administrative rights. Administrative rights give users the ability to read and modify any part of the operating system, including the code and data of other users—and even Windows® itself. Without administrative rights users cannot accidentally (or deliberately) modify system settings, malware can’t alter system security settings or disable antivirus software, and users can’t compromise the sensitive information of other users on shared computers. Running with standard user rights can therefore reduce urgent help desk calls in corporate environments, mitigate the impact of malware, keep home computers running more smoothly, and protect sensitive data on shared computers. UAC had to address several problems to make it practical to run with a standard user account. First, prior to Windows Vista™, the Windows usage model has been one of assumed administrative rights. Software developers assumed their …
Read More »