Archive
2005 May 2005 Apr 2005 Mar 2005 Feb 2005 Jan More ...
Comments or feedback appreciated here. Thanks!
Sygate Secure Enterprise (SSE) 3.x has already reached End-of-life (EOL) on 18 Jul 2005 but technical support will still be available through 18 Jul 2006.
Support, availability of patches for security vulnerabilities and lack of certain enterprise features (in 3.x) are some key points to consider for planning a SSE upgrade project, taking into consideration Sygate Security Agent (SSA) upgrade as well.
For the initial Sygate Enterprise Protection (SEP) 5.0 release, expected anytime now (Jul-Aug 2005), direct upgrade from 3.x is not supported. This will likely change in the next release towards Q4'05. The current version is SSE 4.1 MR1, released earlier this month on 12 Jul 2005.
Contact Enterprise Support for more information.
Upgrade to 0.10.12 is the official statement to plug multiple critical security vulnerabilities discovered in the popular protocol analyzer tool. Affected versions = 0.8.5 up to and including 0.10.11.
The zlib compression library used by Ethereal is also flagged with vulnerabilities (zlib 1.2.1 and 1.2.2). zlib 1.2.3 provides the fixes and now ships with the Windows Installer.
Check out the security advisory from ethereal.com.
By now you should have heard about "Windows Vista", the official (marketing) name for Longhorn client OS, announced 22 Jul 2005.
But do you know that core presentation and communication subsystems in Longhorn (er Vista) also have been christened, together with the Beta 1 release of Vista client on Wed 27 Jul 2005?
Avalon = Windows Presentation Foundation (WPF) and Indigo = Windows Communication Foundation (WCF)
News as reported at eweek.com.
Official MS press release announced 25 Jul 2005, only genuine copies of Windows will be granted full access to download Windows updates. Exception is Windows security updates which will remain opened to all (Windows) users, accessible via Windows Update, Microsoft Update for Windows or the Download Center.
According to MS, all transactions are anonymous and work by installing an (obligatory) ActiveX control on the client side that works with the Windows Product Activation service at Microsoft's server end.
( Note: http://genuine.microsoft.com will be contacted as part of the validation process )
[20050726] Calling Swiss IT Pros MC* (MCT, MCSE, MCP, etc.)I have been planning to found an IT Pro User Group here in Switzerland supported by an international non-profit organization / network for sometime now. You are cordially invited to be part of this exciting initiative, as founding members at this early stage in particular.
This is an excellent not-to-be-missed opportunity and channel to network among your peers in CH and the region, and to show that IT Pros are strategic part of business, and that we really do care ;)
All that is needed now is a bit of your time off you (busy) schedule to make it happen! Please contact me directly for more details.
Thanks for your interests!
[20050725] Movies - Original Dialog or Dubbed?Movies from just about anywhere in the world are shown here in their unabridged versions and original dialogs with subtitles, whether in the cinemas or on local television stations (dual channel mostly).
Depending on the movie and target audience, some of them will be dubbed in the local languages (German, French and Italian) e.g. animation features, although certain mainstream or big budget movies are also dubbed to cater to non-English speaking movie-goers.
( Imagine mostly Europeans watching Stephen Chow's action comedy Kung Fu Hustle in the original version with only a handful of Asians in the cinema, yet they are able to follow the dialog reading subtitles, laugh along and enjoy it just as much! )
The only annoying thing watching a movie in cinemas here, besides the unbelievably expensive movie ticket, is the mandatory break halfway through. Lasting about 10 minutes, it gives movie-goers a chance to go to the bathroom or puff a few puff (although most cinemas have since gone smoke-free), and of course the refreshment counter to ring in some extra cash (popcorns, beer, ice-cream, etc.).
How is it like going to the cinema from where you live? It will be an interesting (unscientific) survey to see how the demographics look like.
Post your comments today!
Along with the Giant acquisition in Dec 2004, the MS Anti-Spyware product is perhaps one of the largest and few remaining fort developed on VB6 in the world, according to a report at theregister.co.uk. Being part of the family does have its privileges (no VB6 support issue), non?
Members of the built-in 'Server Operators' group in an Active Directory 200x domain environment does not possess (almost) equivalent rights and permissions as that of the 'Domain Admins' group. Read how this misconception could impact IT operations (process, roles & responsibilities), security (risks) and business (end-users), to name a few.
Legacy VMWare Workstation 5 images may not be 'snapshotable' hence miss out on newer features such as Cloning (workaround).
Following the heals of 1.0.5 announced Wed 13 Jul 2005,
1.0.6 is
released today. It fixes newly discovered API issues (affects only certain
applications) and simultaneously extends support to multiple languages
(vulnerability
list).
blog / RSS feeds - a frequent request from many readers of this site (here) leedesmond.com - it has been decided to attempt equipping the site with this new functionality. Production rollout or schedule remains undefined presently (can only work on it ad-hoc when time permits).
Several open-source options are still being evaluated since the past few weeks. bBlog is currently the one being leaned towards. It at least managed to install and worked on 'non-standard' configuration after much tweaking and cries for help (thanks to the exceptional support from development team and public forum). Some key functions still do not work as expected and a complete reinstallation was again recommended (already did installs and reinstalls at least 3 times by the way!).
You can read about the agony of the struggle as documented (note: link may go off-line or disappear altogether without warning as it is still under evaluation and testing).
Your suggestions, comments or feedback
here are
greatly appreciated.
Tune in for more updates!
Microsoft Swiss Security Team recently launched a blog (20050705) focusing on
security and related topics. Pay them a
visit
today!
The team (info from blog):
This is a gem of information from the MS source that created all those security guidance solutions for the IT Professional community. See what you (may) have been missing at secguide's Weblog.
Some caveats that an IT administrator needs to be aware of as summarized in Tech Tips.
There was a public post "Spread Firefox Downtime" by Asa Dotzler (asa) on Fri 15 Jul 2005 about this incident, which can only be viewed after much navigation further down the main page at spreadfirefox.com (ref: '[20050715] Alert Security - SpreadFirefox.com Hacked to Spread Spam?').
Affecting both SMS 3.x and 4.x, potential operational issues can result if not addressed, particularly when SMS Machine Group level configuration is deployed. More info at Tech Tips section.
If you have been to Tech.Ed recently and had connected to CommNet with your Windows machine, running "ipconfig /all" at the command prompt may elicit a different response:
Network functionality does not appear to be affected and ipconfig can alternatively be retrieved by using the GUI interface of the NIC (e.g. WiFi NIC > Properties > Status > Support > Details).
For more information see the Tech Tips section.
News (officially) broke today that SpreadFirefox.com has been compromised (hacked?), discovered only on Tue 12 Jul 2005, which was possibly the reason why the site was inaccessible most of the day.
However, it was believed that the attack actually took place much earlier, evidenced by
multiple Emails received several days in a row, as shown below (in German
Note: Lese selbst = Read (it) yourself
The usual prescription applies - delete the mail if not already opened; otherwise do not click on any embedded links within the message.
Only today Fri 15 Jul 2005 that an administrative Email touching on this incident finally arrived from the Mozilla Foundation:
( curiously enough, this incident is not even mentioned anywhere on the affected site spreadfirefox.com )
[quote]
From: admin@spreadfirefox.com
Date: Friday, July 15, 2005 5:39 AM
To: announce@spreadfirefox.com
Subject: SPAM-LOW: Spread Firefox outage and privacy breach notice
Attachments: (none)
On Tuesday, July 12, the Mozilla Foundation discovered that the server hosting Spread Firefox, our community marketing site, had been accessed on Sunday, July 10 by unknown remote attackers who exploited a security vulnerability in the software running the site. This exploit was limited to SpreadFirefox.com and did not affect other mozilla.org web sites or Mozilla software.
We don't have any evidence that the attackers obtained personal information about site users, and we believe they accessed the machine to use it to send spam. However, it is possible that the attackers acquired information site users provided to the site.
As a Spread Firefox user, you have provided us with a username and password. You may also have provided us with other information, including a real name, a URL, an email address, IM names, a street address, a birthday, and private messages to other users.
We recommend that you change your Spread Firefox password and the password of any accounts where you use the same password as your Spread Firefox account. To change your Spread Firefox password, go to SpreadFirefox.com, log in with your current password, select "My Account" from the sidebar, select "Edit Account" from the sidebar, then enter your new password into the Password fields and press the "Save user information" button at the bottom of the page.
The Mozilla Foundation deeply regrets this incident and is taking steps to prevent it from happening again. We have applied the necessary security fixes to the software running the site, have reviewed our security plan to determine why we didn't previously apply those fixes in this case, and have modified that plan to ensure we do so in the future.
Sincerely,
The Mozilla Foundation
[unquote]
10 years into being on this very day (14 Jul 1995), the MP3 file extension adopted for
the popular audio coding format is still the undisputed leading music format of choice.
This is due in part to its superior audio coding technology and acceptance as an international
standard (ISO standard IS 11172-3 "MPEG Audio Layer 3"), and worldwide compatibility ensured with
the publicly available MP3 source code. Read more about it from the German institute that
revolutionized and started it all -
Fraunhofer IIS
(Institut Integrierte Schaltungen).
A number of security flaws has been discovered in Kerberos v5, affecting a wide range of OS platforms base on the popular MIT authentication protocol - Solaris, Linux and Mac OS X - to name a few. More info at secunia.com and mit.edu.
As reported in heise.de (German only) and available now for download from official source (apple.com).
Get 1.0.5
here today
(fixes recently discovered security
vulnerabilities).
A total of 3 security bulletins were released on 'Patch Tuesday' - all rated critical - affecting Windows, Internet Explorer and WinWord. Learn more here.
As announced in the annual Worldwide Partner Conference (WPC) in Minneapolis, Minnesota over the weekend (8-10 Jul 2005), the MCP Program is set for a major overhaul. Starting with the soon-to-be released MS SQL Server 2005 and MS Visual Studio Team System 2005, the revised MCP Program will take on titles segregated into three new certification tiers based on skill-identifying credentials:
Tier 1: Microsoft Certified Technology Specialist
Tier 2: Microsoft Certified IT Professional or Professional Developer
Tier 3:
Microsoft Certified Architect
How this new MCP certification framework will evolve and the effects on the majority of MCSE holders or candidates pursuing certification (based on old/current MCP program) remains unclear though (i.e. timeframe, upgrade path, cost).
Read more about it at mcpmag.com and techtarget.com (thanks to fellow MCTs Richard and Lorenzo).
Some new SSE 4.1 MR 1 functionality include (per mailing list):
Available list of bug fixes. Contact Sygate Enterprise Support for more information or download access.
Check out for potential gotchas in the Tech Tips section.
Hands shaking, big hugs, parting words ... hard to imagine that another Tech.Ed
has come and gone right at this very moment after the last session 1730 hrs.
Some delegates would have already left earlier, some later tonight while still others
will fly off a day or two later (or ride the bike, drive, take the tram or ...).
Overall it was a blast and many of us, the MCTs that is, thoroughly enjoyed the entire event, not to mention meeting up with old friends, colleagues and "long-time no see" acquaintances, and the opportunity to network and make new contacts.
To sum it all - the event was generally well organized. Weather was not too good for most of the week (cold and rainy in Summer Amsterdam), food for lunch and the Tech.Ed Party can be greatly improved, better quality and courtesy of certain service personnel, etc. But most of us enjoyed every minute of it and sure had great fun!
Come join (most of) us at IT Forum 2005 Barcelona (Microsoft IT Forum 2005 from 14-17 November, Barcelona, Spain) - Hola !
Got to sign-off now... CommNet is closing in a couple of minutes soon. Have a safe trip back everyone!
(click for photos)
I have been receiving many of your valuable input via the feedback channel on this blog. Many thanks for your interest and support - please keep them coming!
Note that a reply is possible only with your valid Email address and should take only a couple of days unless I am on the road (business or vacation). Drop me another line if you do not get a reply within a reasonable timeframe. Oh one more thing: please help jog my memory with a picture, web site or some references like "Hey Desmond we met at IT Forum Copenhagen and ..." :-)
Don't wait - take advantage of many new exciting features introduced in TechNet Plus 2.0 today! Click on the banner on the left hand side of this "motd / blogs" page and mention "www.leedesmond.com" sent you. Thank you!
... that Euro 50 cents is expected by the nice lady that "guards" the gates of relieve to visitors of popular nightspots in and around downtown Amsterdam? Similarly, Euro 20 cents is charged for using this facility at most public areas.
In case you are wondering, we are talking about the place frequent by weary tourists to answer the call of nature, but usually cannot find them when they are most needed - the toilet.
As first reported in this blog "[20050705] Tech.Ed 2005 Amsterdam - MCT Breaking News (non NDA)", and picked up by mcpmag.com, more details about MCLC have been revealed. Read more about it here.
(click for photos)
Overheard during lunch in the dining hall: 50 is "cinquante", 60 is "soixante" but 70 is "soixante-dix" (60 plus 10), 80 is "quatre-vingt" (4 times 20) and 90 is "quatre-vingt dix" (4 times 20 plus 10) - explained by a French to a Norwegian delegete.
If a user without a minimum of "Power User" rights machine on a Windows
machine attempts to start IE, the Netcraft Anti-Phishing Toolbar (IE v1.5.11)
will display the following error dialog, even if the user has previously
run the application successfully:
A couple of scenarios can happen:
1. Clicking No will continuously show the same dialog unless the Cancel button is selected
(IE will start).
2. A click on Yes (to close IE as prompted) will result in another error message as
follows (IE will be closed if opened):
(click for photos)
Finally acknowledged and a bug fix made available by Microsoft at KB895953.
SQL Server 2005, Visual Studio 2005 and BizTalk Server 2006 will be launched 7 Nov 2005 in San Francisco. This was revealed by Andy Lees at the keynote address (corporate vice president of Server and Tools Marketing and Solutions).
(click for photos)
"Microsoft Certified Learning Consultant (MCLC)" new premier MCT program
announced at this very moment by Ken Rosen (MCT Closed Session "MCT 2005:
State of the Program" Room D / RAI 1200 hrs - confirmed non-NDA).
In summary [quote]:
1. Target audience: Senior trainers who design and develop consultative
learning solutions
2. Customer value: guaranteed technical, instructional and consultative
competence for learning solutions tailored to their unique need
3. Trainer value: differentiation from core MCT community, early and
preferential engagement opportunities
4. Partner value: differentiation from other Certified and Gold Partners; early and
preferential engagement opportunities
Requirements:
1. Initial Certification: (a) Active MCT (b) Case study detailing a consultative learning
solution developed and delivered by the consultant - to be reviewed and approved by regional review board
(c) career advancement certification (MCSE, MCDBA, MCSA, MBS Certified Master)
(d) customer ROI Attestation Letter
2. Renewal: (a) renew with MCT Certification yearly
(b) requires additional case study every 2 years
3. no additional subscription fees for 2005-2006
4. exempt from minimum delivery requirements
5. applications accepted quarterly
