SANS WMF FAQ

SANS: Why is this issue so important

Great info on the WMF vulnerability and what it does.

Tags: WMF, Security

New WMF exploit released. Infocon Yellow.

SANS:
New exploit released for the WMF vulnerability. Infocon back to Yellow.

The exploit generates files:

* with a random size;
* no .wmf extension, (.jpg), but could be any other image extension actually;
* a random piece of junk in front of the bad call; carefully crafted to be larger than the MTU on an ethernet network;
* a number of possible calls to run the exploit are listed in the source;
* a random trailer

Tags: WMF, Security

No one understands what we do

Mike McBride's post about his yearly reviews reinforces my theory that no one really understands what we do. I haven't had a review at my current job, but at my previous law firm IT job I heard a lot of things Mike has heard over the years. We spend a lot of time telling users no, and I'm sure we all come off as distant and intimidating.

Tags: Law Firm IT

Infocon back to Green

SANS moved Infocon back to green.

As it has been 24 hours since we elevated the Infocon to yellow in response to the WMF 0-day exploit, we will be lowering the Infocon level to Green

An advisory has been released by Microsoft, working snort signatures are available and as a result of raising the Infocon to yellow yesterday, awareness of the issue has been raised appropriately.

Moving to green signifies that no -new- significant threats are currently being tracked and is not intended to imply that the threat level today is any less than it was yesterday. See Infocon Levels for more information. Administrators and others responsible for system security are encouraged to act appropriately if no action or incomplete actions have been taken at this time.

Tags: Security, Windows, Sys Admin

Exchange 12 and 64-bit

The Mircosoft Exchange Team Blog, You Had Me At EHLO, has more on Exchange 12 and 64-bit only decision: Exchange 12 and 64-bit.

Tags: Exchange, Windows, Sys Admin

Infocon still at Yellow

Microsoft has issued a security advisory on the WMF vulnerability. Details are available here.

Three days to raise $25,000

Creative Commons needs $25,000 in donations in the before the first of the year or they are at risk of losing their tax exempt status.

There is a donate button on the right side of this blog. Read the rest of Professor Lessig's post for more details.

Crossposted to Oncee@Blogger.

Infocon Yellow

SANS - Internet Storm Center: Windows WMF 0-day exploit in the wild (NEW)

SANS - Internet Storm Center: Update on Windows WMF 0-day (NEW)

We are moving to Infocon Yellow for a bit. There has been some debate among the handlers about this step, but considering that a lot of people are on holidays and might otherwise miss the WMF 0-day problem, we have decided to raise the alert level.

Proposed changes to federal rules Rules 26 and 37(f) targets IT

New Amendments to Civil Procedures to Create a "Legal Chernobyl"

I've been trying to take a less alarmist tone on electronic discovery issues (I don't think it's really helpful - I want to talk more about rolling up your sleeves and getting things done), so some of this article feels a little "over the top," but I recommend it especially for IT people who want to get a flavor for what may be coming down the road.

Dennis is referring to a column in InforWorld called "Document Management Systems Go to Court" by Ephraim Schwartz.

Schwartz writes:

The two proposals are specifically targeted at electronic discovery. First, the proposed amendments to Rule 26 will require attorneys for both parties to a litigation in Federal court to sit down prior to the proceedings to discuss their clients’ document management systems. That’s right; you read that correctly.

The rule also requires each company to designate a spokesperson for its IT group. This is the first time the courts are bringing IT directly into litigation, according to Trent Dickey, attorney with Sills, Cummis, Epstein & Gross.

Next up, Rule 37(f), also called a safe harbor rule, says that corporations that have lost information but have otherwise acted in good faith cannot be sanctioned. Congress is expected to take action on this rule, one way or the other, by December 2006.

It is probably easiest to comprehend the importance of the changes to Rules 26 and 37(f) by looking at what happens when you don’t manage documents properly. In Zubulake v. UBS Warburg, the judge instructed the jury that it was legitimate to presume that the information Warburg could not provide due to lost backup tapes and e-mails was probably damaging to the company’s case. Zubulake was awarded $20 million.

Tags: Law Firm IT

Blogger throws the baby out with the bathwater

Kevin O'Keefe pointes to a story that Legitimate Blogger/Blogspot accounts being deleted. It looks like Blogger is making good on it's threat on deleting blogs it has marked as spam.

Outlook 12 : Instant Search

The Outlook Program Manger's blog: Instant Search - Part 3: The New User Interface

This is the most requested feature from my users. Outlook 12 is going to be an exciting release. RSS aggregation was announced in an earlier post.

Tags: Exchange, Windows, Sys Admin, Law Firm IT

Outlook integration

The other Scoble, not Alex, links to the Outlook product managner talking about upcoming RSS integration.

Michael Affronti is a program manager on Microsoft’s Outlook team and is starting to write about the future of Outlook. Here he’s writing about RSS Aggregation into Outlook 12.

Tags: Exchange, Windows, Sys Admin, Law Firm IT, Outlook

Insider Threat Statistics

Bruce Schneier links to a recent study from Europe that outlines internal threats. I agree with him that these findings apply as much to the U.S. as they do to Europe.

Based on its survey, McAfee has identified four types of employees who put their workplace at risk:

* The Security Softie – This group comprises the vast majority of employees. They have a very limited knowledge of security and put their business at risk through using their work computer at home or letting family members surf the Internet on their work PC.

* The Gadget Geek – Those that come to work armed with a variety of devices/gadgets, all of which get plugged into their PC.

* The Squatter – Those who use the company IT resources in ways they shouldn't (i.e. by storing content or playing games).

* The Saboteur – A very small minority of employees. This group will maliciously hack into areas of the IT system to which they shouldn't have access or infect the network purposely from within.

He also points out McAfee has a vested in talking up this kind of threat.

Some good news for RIM/Blackberry

The Gahtan’s Technology and Internet Law Blog reports: USPTO notifies RIM and NTP that patents likely to be struck down

According to the New York Times, the USPTO has notified both NTP and Research in Motion, the maker of the BlackBerry wireless e-mail device, that the technology patents at the heart of an infringement lawsuit by NTP against RIM are likely to be struck down.

NTP Sticks It to RIM

NTP Sticks It to RIM

Slashdot is reporting NTP has licensed its wireless email patent to a new Blackberry competitor. From the article: "The deal comes amid dwindling options for RIM, seller of the popular BlackBerry e-mail paging service. NTP four years ago successfully sued RIM for infringing on NTP's wireless e-mail patents. After a tentative $450 million settlement fell apart in June, RIM has battled back through court appeals, holding out hope that the U.S. Patent & Trademark Office (PTO) will strike down NTP's patents."

Running presentations from your iPod

Playlist has a great how to on doing presentations from your iPod. Your color-screen iPod can control PowerPoint and Keynote slides.

Although its capabilities are limited compared to a laptop, it is possible to use a full-sized, color-screen iPod to run presentations developed in PowerPoint on Windows or Macintosh, or Keynote on the Mac. You’ll need to attach the iPod to a projector or a TV so that everyone can see the presentation, and to speakers if you have a soundtrack or narration to go with the presentation. What you can do—and what you might want do—depends on a few factors.

Via The Unofficial Apple Weblog

Findlaw blogs are live

According to this page over at Findlaw's LawyerMarketing.com: Convert Blog Buzz to Business for Your Firm, Findlaw's blawg product is live. An example of a Findlaw blog can be found at www.securitiesfraudhotline.com. It still appears you have to have a FirmSite before you can buy into the Findlaw blog product.

I previously discussed Findlaw's move into blog products back in October.

Watch your mouth and have a positive attitude

Mike McBride over at Out of the Frying Pan, and into the Cube points out the importance of watching your mouth and having a good attitude when working in IT.

Lots of ideas floating around this weekend in the podcasts I was listening to surrounding the idea of what you say about the users you support. It all started with Douglas Welch's podcast "Don't Say It" where he talks about the possible consequences of getting not only getting caught "user bashing" but also the negative attitude about doing support that results from spending so much of your time complaining about the users.

It's really good advice, but as Kevin and George talked about in the latest In The Trenches, this idea of respect is a two-way street. It's all well and good for tech support folks to do everything they can to respect end users, but at the same time those end users need to respect the tech support folks.

BTW Mike's blog used to be called One Man IT Dept., but he recently changed it because of a change of jobs.

WEP to WPA: wireless security

Alex Scoble points out this good article on wireless security: Wi-Fi Security: Are We There Yet?

BlackBerry Users Remain in the Dark

WP: BlackBerry Users Remain in the Dark

Research in Motion Ltd. made it easier to communicate with the introduction of its BlackBerry wireless e-mail device, but the company has not been as communicative with the public about its own plans in its time of legal crisis.

RIM faces an injunction that could leave its 3.65 million U.S. customers without service unless the company settles its patent-infringement case with McLean-based NTP Inc.

The company has met privately with some of its customers to reassure them that the service will not shut down and that a settlement is far likelier. But in public, RIM has said very little -- in deference to the legal process, the company said.

"NTP obviously wants to fight through the media, but RIM has made every effort to demonstrate respect for the legal system and to comply with the court-ordered confidentiality restrictions in this case," Mark Guibert, RIM's vice president of corporate marketing, said in an e-mailed statement.

RIM's last public statement was on Nov. 30, when it said simply that it was devising a "workaround" system and plans to keep fighting to overturn decisions in the court and with patent regulators. So far, it has declined to elaborate.

And that has some analysts and public relations experts questioning whether RIM's approach might backfire.

"RIM is putting customers in a very precarious situation, asking them to trust them time and again," even as it adopts a legally risky strategy, said Ken Dulaney, vice president of mobile computing for market research firm Gartner Inc., which has advised its clients to postpone any purchases or investments in the BlackBerry service.

"We're getting tons of calls on this," Dulaney said. "Customers are disappointed that RIM is putting this legal case before them."

More on KM

Here is another great post on KM from Dennis Kennedy. Your firm might already be using KM products and you might not realize it.

Page Views and RSS

Richard MacManus writes in his blog, Read/WriteWeb, that RSS blows HTML away when looking at page views per user.

The web is changing. If you want to track visitor, you need to count the people who read you content via RSS, as well as those who visit your pages. According to my FeedBurner stats, this blog has twice as many people who read it via RSS than who surf here with their web browsers. Feedburner only counts people who use the FeedBurner burned feed. It does not count those people who use the Blogger RSS and Atom feeds from this site. Bloglines tells me the number of people who use Bloglines to read the feeds from this site, but I'm sure there are a number of people reading this blog via feeds who remain uncounted.

Ten tips for KM

Dennis Kennedy repost a very good article on what KM is and how to use it.

More on BlawgWorld

Robert Ambrogi agrees with me on BlawgWorld. He says, "BlawgWorld was a worthwhile experiment, but now it should be shelved."

Even more on the BlackBerry's legal woes

The New York Times has a very detailed story, Bye Bye BlackBerry? (registration required), about RIM's current legal mess and how they might try to address it with new software.

BlawgWorld 2006 needs to be in blog format

I agree with Kevin O'Keefe: LexBlog Blog : BlawgWorld 2006 gets mixed reviews : Needs to be posted in blog format

I also think TechnoLawyer needs to be a real blog, and not hide the good stuff in email newletters, behind registration and cost walls.

Top 10 System Administrator Truths

Search for A Good Story: The Top 10 System Administrator Truths

If you have ever been a Sys Admin you will find this is the list you always wanted to make, but never had the time. The most important truths are backup, backup, backup and be polite. You don't what to be accused of IT ‘Tude.

TimeMatters 7, SR 1

ITP Web Log reports Time Matters released Service Release 1 for Version 7 on November 16.

Fortune's analysis of Blackberry's legal mess

FORTUNE: BlackBerry held hostage