Friday, February 11, 2005

Big Symantec "Oops"

On February 8th 2005, Symantec released a "Security Response" to the vulnerabilities in a great many of their products recently discovered by ISS X-Force. If you run any Symantec software, it would be well worth your time reading the information on http://www.symantec.com/avcenter/security/Content/2005.02.08.html.

Symantec, being the responsible corporate citizens they are, then released their Enterprise Administration February Newsletter on 10 February in which they claim that the "
Latest Windows Patches Underscore Need for Effective Patch Management", yet they totally fail to mention that the recent 13 patches released by Microsoft pale into near-insignificance when compared to the 30 products that this cross-platform bug affects in Symantec's own products.

Symantec, in this Newsletter, then claims that "
Symantec Solutions Named Best of the Best By Microsoft IT Pros". That says a lot about those IT Pros, doesn't it?

And I wonder why we don't use Symantec security products, preferring NOD32, which just happened to reach 7 years of Virus Bulletin 100% awards.

Regards,
The Outspoken Wookie

Apple OSX Update

Apple has today released OS X Panther 10.3.8 - an update that provides a number of bug fixes and performance enhancements mainly for third party (non-Apple) products. Major improvements include updated OpenGL drivers for ATI and nVidia graphics cards and better filesharing for mixed Mac + PC environments.

The 27-odd megabyte update can be downloaded from http://www.apple.com/support/downloads/macosxupdate1038.html and a partial list of updates can be viewed at http://www.info.apple.com/kbnum/n300569.

Regards,

The Outspoken Wookie

Tuesday, January 11, 2005

Removing Desktop Wallpaper for Remote Desktop Connections

I just came across this information (again) and thought I'd share it. There seems to be a number of people looking for information on how to remove the desktop wallpaper on RDP (Remote Desktop) connections. I posted this information a few years ago at QuarkAV.com and Eriq Neale has also posted this on his blog at Simultaneous Pancakes.

Basically, deleting the value in the HKU\.DEFAULT\Control Panel\Desktop\Wallpaper Registry key will achieve this.

A handy thing to remember. Especially for those OEM installs that set a desktop background that takes a while to download over a remote connection to your server/XP Professional machine.

Regards,
The Outspoken Wookie

Monday, January 10, 2005

SATA Connectors

I have to say that to date I'm a bit disappointed in SATA - not the spec, per se, nor the drives, but the connectors. Sure, they are small. Sure, the cables are smaller which should result in tidier case interiors and better airflow. I'm disappointed in the connectors. Specifically the power connectors.

I've seen MORE than enough dodgey SATA power connectors to be satisfied that the manufacturers have actually all USED them. The little "nibs" (or whatever you call them) on the bottom of the connector that's supposed to provide a fit into the connector - well too many manufacturers make these marginally too small, resulting in SATA power connectors that like to turn into SATA power disconnectors.

Its really annoying.

Its really BAD.

This entry was inspired by a supposedly reputable company who built a server with SATA power cables that would have fallen out due to the regular airflow inside the case - the loosest SATA power connectors I've ever seen - and they shipped it to a customer like that. Atrocious, if you ask me. No excuse at all for that. Were it *my* client, I'd ave driven the hour it would take me to get to the company who supplied the hardware and torn someone a new orifice of their choice.

Anyway - I'm quite picky about things. I've never been one to tolerate incompetence. I sure don't suffer fools well. :)

Regards,
The Outspoken Wookie

Friday, January 07, 2005

Lowlife scum

What sort of a human being could do something like this? The Register reports that "The US Federal Bureau of Investigation (FBI) reports that Netizens wishing to help victims of the recent tsunami, and who attempt to donate money online to relief organizations, may themselves become victims of a browser exploit that will infect their boxes."

Now, the tsunami was an awesome natural disaster. It was something that would have been terrifying to witness, and those people who remain in the affected areas will be suffering for quite a while - their homes, towns and lives have been destroyed and washed away, along with many loved ones, and their land has been made infertile and untenable by the salt water. Trying to re-establish anything there will be a difficult, time consuming, heart wrenching job - something I'm glad the rest of us will probably never have to experience.

So, what sort of lowlife scum would make it their aim in life to try to cause damage to those people willing to donate to this cause? What's worse is the lowlife scum charging wads of cash to try and "locate" missing people. And again, the FBI choose to blow their own trouser flute by not disclosing the offending sites. Yay for the FBI - wankers!

If anyone actually manages to locate one of these peole, I say we need to fly them into one of the worst affected areas, with no additional resources, and force them to do the manual work needed to help in rebuilding this part of the world. make them see for themselves what its like. Make them actually do some good for this planet, not try to hurt those others trying to help.

It would be more effective than a bullet. Which is probably what they really deserve.

Regards,
The Outspoken Wookie

Tuesday, January 04, 2005

UPnP - It is unbelievably insecure

Designed by two companies who should have known better (Intel and Microsoft) and now supported by over 725 industry players (see http://www.upnp.org/), UPnP is a security vulnerability waiting to happen. And when it happens, it will happen in a rather big way.

UPnP is a device discovery and control specification that was designed to easy and enhance network communications. It was designed to allow one device (such as a PDA or your Windows XP Home computer) to control another device (such as an air conditioner, home automation, home security or Internet gateway) without needing a password nor any other authentication at all. Now, that is where its vulnerability lies - no authentication is required.

Why on earth would anyone want to allow unauthenticated access to their Internet Gateway (also known as a firewall)? I, for one, think this is a Bad Thing (tm) and when worm authors decide to look at UPnP as another point to attack a network, then all hell will break loose. Malware (virus, worm, trojan, and so on) authors can already disable the Windows XP Firewall due to a stupidity-encouraged design flaw by the Microsoft Security team. Microsoft decided to implement a mechanism whereby another vendor could disable the Windows Firewall during the installation of its third-party firewall simply by asking Microsoft's firewall to turn off. All these Bagle variants have to do is to trigger this mechanism, and the Windows Firewall is disabled, replaced with nothing — well, nothing enhancing your security.

How long will it be before a worm is written that will utilize the UPnP control features and combine this with the 'Disable Windows XP SP2 Firewall' vulnerability to disable not only your personal firewall, but also the firewall of anyone insane enough to enable UPnP? This means that it could disable the hardware firewall on a business or corporate network, if the administrator was 'green' enough to believe Microsoft's hype about UPnP that they preach in their MCP and MCSE courses.

UPnP is something that never should be implemented on any network where the administrator is concerned in any way about security. Firewalls — of all devices — should never have UPnP enabled. It is complete and utter lunacy to use it, and it is complete and utter lunacy for Microsoft to push it as a security tool. It is a security hole waiting to happen.

Regards,
The Outspoken Wookie

Microsoft's DRM Introduces Vulnerabilities

With another half-hearted attempt at pleasing one industry segment to the detriment of the rest, Microsoft's DRM feature of Windows Media Player - designed to keep Microsoft in the good books with the RIAA and MPAA - has introduced a rather serious vulnerability to their operating system (since in all countries except the EU, Microsoft Windows Media Player is bundled with Windows XP, and the EU is still waiting for their new version of Windows without this bundled application).

A recent article over at PC World shows how pop-ups and adware/spyware are able to be bundled with DRM-enabled Windows Media files. Basically what happens is that when the .wmv (Windows Media Video) file is played, it is allowed to open up a web page before playing the video content in the file. This generally only happens when a License file cannot be downloaded for the media in question, but the malicious files will open a website that opens other pop-ups and possibly even attempt to push spyware to your computer.

Microsoft also admits that it is possible for an existing file to be modified after it has been created, allowing malicious coders to modify DRM-enabled files to point to their own or other selected web servers, and then be able to target other unpatched Internet Explorer vulnerabilities to push unwanted advertisements and software to target computers.

While there are steps that can be taken to make this process more "manual" - i.e. requiring you to authorize the loading of the webpage and obtaining of the License key, these steps SHOULD have been the default settings that the software comes with - not something that users need to do to secure their machines post installation.

Another thing - WHY is Windows Media Player even installed on Windows Server 2003 and Windows Small Business Server 2003 operating systems? These are servers, not home entertainment systems. Since when has a media (video or audio) file been needed on a Server? Sure, if you are running Windows Media Services on this server, then you'd think that WMP *may* be needed, but really its not even needed then - a workstation is the place media files should be played, not on the server. By Microsoft's mind numbingly stupid "all in" Server OS design, they are introducing vulnerabilities that should never, ever affect these systems.

I've long been a proponent of the "secure by design, secure by default" school of thought - meaning that only the required software should be installed on any particular system - especially a Server - and its settings should be configured to secured upon install. The user then needs to open it up or install additional software as and when required. Sure, it means a bit more work on a Server, and on a Workstation there's going to be more software installed by default, but it means that things like this just couldn't happen.

At Quark IT, security is a major part of our business and we consider the security implications of anything that our clients are considering installing or changing to be one of the most important things. It is no use deciding to run this really useful piece of software or hardware if it opens your network and its sensitive data up to your competition and the world in general. I just wish that more IT Consultants and software authors thought this way.

Microsoft has been getting a lot better in recent years. Both the Windows XP and Windows Server 2003 ranges have been significantly better than their earlier releases when it comes to security. They still have a long, long way to go, but they are currently on the right path. Let's hope that they address this vulnerability in the January 2005 "Patch Tuesday" release.

Regards,
The Outspoken Wookie

Monday, January 03, 2005

Finally, I get a Blog happening!

Well, here it is folks, the first blog by the outspoken Wookie. I wonder if George Lucas is going to try and shut me down now? Just because he based Chewy on a picture of me he'd seen... :)

Anyway, after a long time spent wondering if I would ever get a blog online, I suppose that now, January 2005, is as good a time as any. I can't say that this will be a regularly updated blog (at least maybe not to start with) but I will update it when I feel the urge.

Those of you who know me, and all who will get to know me through this blog and my websites - http://www.QuarkIT.com.au/, http://www.QuarkAV.com/, http://www.QuarkAutomation.com.au/ and http://www.QuarkGroup.com.au/ - will know that I'm more than willing to speak out when I see something that's, well, let me just say "not right". I'm also willing to speak up when I see something that's well done. Unfortunately, many years in the IT industry has made it more easy for me to see the bad side of things. However, sometimes its a side that others don't quite see until it is brought to their attention.

So, with that being said, I'm just going to plunge headfirst into this thing and see where it takes us. I hope - for all of us - that it provides an alternative viewpoint to the IT industry that opens our minds a little more. I also hope we learn something from our visits here.

Regards,
The Outspoken Wookie