Log in

Newest on retrospect

Jun. 26th, 2011 | 10:31 pm
location: Home
mood: awakeawake
music: None

So, I've finally cleaned out all the spam and this blog should be clean now.

As you probably know, my creative outlet is here nowadays.

From the headlines:
- Can't see the forest for the logs?
- The case for "Net tops"
- A lesson in troubleshooting
- rm -r -f /bin/laden
- How to read a Microsoft security bulletin
- Night time photography
- One photo - many stories
- It's a server, damn it...
- OWASP enlightment on new web standards
- Stay frosty, Sweden!

So head on over.

Link | Leave a comment {2} | Share

Tomorrow in Retrospect

Jun. 18th, 2010 | 11:58 pm
location: Home
mood: calmcalm
music: Nah

My blogging is not dead, but it has moved and is now known as "Tomorrow in Retrospect". If you wonder what I've written since my last post on Livejournal: look no further than http://erik.zalitis.se/. I don't intend to abandon LiveJournal though.

Latest posts:
(2010-06-17) The always amazing Randi
(2010-06-17) Am I evil? Or why evil people won't say yes
(2010-06-17) Book review: "The Science of Fear"
(2010-06-17) Chasing waterfalls
(2010-06-17) The future of anonymizers

Link | Leave a comment | Share

EZSecurity Bulletin for November of 2009 / Six new bulletins from Microsoft / The Science of Fear

Nov. 11th, 2009 | 05:28 pm
location: Home
mood: tiredtired
music: Computer fans and noisy neighbours

EZSecurity Bulletin for November of 2009

In this issue

1. Intro
2. This month’s security bulletins from Microsoft
3. Book review: The science of fear
4. Links and tricks

1. Intro

So what’s up in the security world? Right now it’s business as usual with no new wide-spread attacks. But when it comes to blended mixtures of old attacks, there’s really no slowdown to be seen. During the month of October, we saw a global surge in spam, but I doubt people cared too much about it. It seems to me that the Internet works a bit like the human body. There is always something that the immune defense system has to attack and destroy. We only feel sick when the fight isn’t going so well. Right now, my left ear is under attack by evil bacteria’s and I have a mild fever. In a few days I’ll be right as rain, so it shouldn’t kill me. The same is true about the Internet, when it gets “sick”. A few years ago, a prominent doom sayer wrote that the Internet will fail in 2006. Needless to say, it didn’t happen. In 2008 an all out attack on the root DNS servers was unsuccessful and the people betting on the death of the Internet have their eyes set on 2012.

Would it be pretentious of me to laugh at them in advance, you think?

“There's always an Arquillian Battle Cruiser, or a Corillian Death Ray, or an intergalactic plague that is about to wipe out all life on this miserable little planet, and the only way these people can get on with their happy lives is that they Do... Not... Know about it!”
- K, ”Men in black”

2. Microsoft Security Bulletin Summary for November 2009

As per usual, Microsoft release their security bulletins the second Tuesday every month. This month comes along with six bulletins, where three are rated critical and three are rated important. Our advice is that you install them all as soon as possible (Next patch Window is fine!)

MS09-063 - Vulnerability in Web Services on Devices API Could Allow Remote Code Execution
MS09-064 - Vulnerability in License Logging Server Could Allow Remote Code Execution
MS09-065 - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution

MS09-066 - Vulnerability in Active Directory Could Allow Denial of Service
MS09-067 - Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution
MS09-068 - Vulnerability in Microsoft Office Word Could Allow Remote Code Execution

3. Book review: The Science of Fear

I’m a regular reader of Bruce Schneier’s excellent security newsletter and I’ve also read some of his books. About 6 months ago he recommended the book “The Science of fear – Why we fear the things we shouldn’t -- and put ourselves in greater danger” by Daniel Gardner (ISBN: 978-0-525-95062-2) in his newsletter. I’ve read it, and here’s a short review.

First off, it is not a very technical book. It instead focuses on human psychology and how we act on risks and handle fear. And the score card is in: we’re not doing it very well. I personally reflect on the idea of “mind over matter”. The idea is that we can put reason in the driver seat and relegate emotion to be the noisy “back seat driver”, who always thinks he knows how to drive better than the real driver. But I don’t think we can. It’s just a misconception. Gardner calls emotion “gut” throughout the book and clearly establishes gut as the driver. If you think that’s wrong, try to do algebra while suffocating. Or better: don’t. Really, don’t! Gut is the primary driver and reason can only step in as the “second opinion”. This means you don’t have to give in to fear every time, but you can only stop it after it sets in.

The book swiftly kills the old theory of the “rational human being” and instead explains that gut is good at keeping us alive in threatening situations. It also establishes how gut cannot handle fear and anxiety if they are abstract. How do you handle a guy with a knife? Run? Fight? Gut has the answer! How do you handle the fear of swine flu? It’s not that you know when it will strike or how it will affect you. The answer is: gut cannot present a clear assessment of the danger. You feel anxiety as a result.

Daniel Gardner refers to a number of rules that explain the human behavior when it comes to thoughts about risks and threats. The “example rule” that states we will react more strongly to something that saw, experienced or read about recently. The “Anchor rule” that shows how we use recently heard numbers when we try to calculate risks. If you say there are 50 000 criminals out on the street, most people will say “that’s too much”. Instead of discarding the unverified numbers, they lower them. We say something like -“More like 5000 criminals I think” when we criticize the numbers presented to us. Politicians know this! Be careful when they give you big numbers with no sources available.

Then there’s the “Good – bad” rule. It states that we underestimate the risks with things we like. Gun violence is easy to fear too much, whereas the risk of getting skin cancer due to excessive exposure of the sun is something we often play down. Sunning in fun and good for you (In limited doses)

There are many other rules explained and myths debunked in a book overflowing with common sense and historical anecdotes. I warmly recommend it to anyone interested in psychology or who understands just how neglected the science of fear is in the IT-security business. Rating? 4 out of 5 Amygdalas.

“A person is smart. People are dumb, panicky dangerous animals and you know it. Fifteen hundred years ago everybody knew the Earth was the center of the universe. Five hundred years ago, everybody knew the Earth was flat, and fifteen minutes ago, you knew that humans were alone on this planet. Imagine what you'll know tomorrow.”
- K, ”Men in black”.

“Reason and emotion” was a Disney-made war time propaganda feature that tried to establish the “Mind over Matter” idea. Where do you think they got it wrong?

4. Links and tricks

The official bulletins from Microsoft:

ISC Sans's monthly Microsoft-analysis is always a good read:

All back-issues of this newsletter can be found here:

A collection of useful security links:

A good site to check for known vulnerabilities for your favorite programs:

What's the general state of the Internet?:

OWASP Sweden's email list archive:

Recommended for you developers out there:

My own, random knowledge base:

Erik Zalitis
System Specialist
Certified Ethical Hacker
MCSE:Security 2003
MCSE:Messaging 2003
Citrix Certified Administrator for PS4.
VMware Certified Professional on VI3
ITIL Foundations

Link | Leave a comment | Share

EZSecurity / 13 new bulletins from Microsoft / The patch that breaks OCS and LCS / Windows 2008 R2

Oct. 15th, 2009 | 12:35 pm
location: Stockholm
mood: busybusy


The aftermath of Tuesday the 13th does not include Jason but comes with some horror anyway.

The good news is that the zero day exploits against SMBv2 and MS FTP are fixed. That's the good news...

One of the new patches, MS09-056, fixes a design error that pretty much negates the usefulness of certificate verification. If you can get a trusted root CA to sign a certificate with a CN like www.goodsite.com\0www.badsite.com, you can fool some browsers/applications that the certificate for www.badsite.com is really for www.goodsite.com. To make it even clearer, that https://www.badsite.com really is ... say ... https://www.paypal.com. This vulnerability is present in many non-Microsoft products as well. \0 is a null byte, which fools the vulnerable applications to stop read the string even if there's more data to be read. So they see www.goodsite.com\0www.badsite.com as www.goodsite.com and that the root CA is trusted. And there you go.

Looks like someone already took advantage of that one:

MS09-056 should NOT be applied to servers running Microsoft Office Communication server or Microsoft Live Communication server. More on this later on in the bulletin.

Other than that, I believe the really critical ones are MS09-061 and MS09-062. Some of the vulnerabilities in those bulletins are rated with a MS Exploitability Index of 1! Also note that MS09-062 affects Microsoft SQL server.

In other news: Adobe Acrobat and the Reader have a vulnerability that is not yet patched:

October 2009 is something they call “Cyber Security Awareness Month”:

.. and:
Microsoft Security Bulletin Summary for October 2009

As per usual, Microsoft releases their security bulletins the second Tuesday every month. This month comes along with thirteen bulletins, where all thirteen are rated critical. Our advice is that you install them all as soon as possible.

Please note this:
MS09-056 - Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571) should not be installed on servers running Microsoft Office Communication (OCS) Server or Microsoft Live Communication servers (LCS). Doing so will cause them to stop working. I still recommend installing this patch on other servers.

More here:

MS09-050 - Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517)
MS09-051 - Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682)
MS09-052 - Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112)
MS09-053 - Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)
MS09-054 - Cumulative Security Update for Internet Explorer (974455)
MS09-055 - Cumulative Security Update of ActiveX Kill Bits (973525)
MS09-056 - Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571)
MS09-057 - Vulnerability in Indexing Service Could Allow Remote Code Execution (969059)
MS09-058 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486)
MS09-059 - Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (975467)
MS09-060 - Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)
MS09-061 - Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378)
MS09-062 - Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488)

Windows 2008 R2 - A mini review

It's been a rule for many years that Disney puts out at least one feature movie each year. Microsoft seems to be on going the same way with their software releases. As a rule of the thumb, Microsoft are intent to release a new Windows release every second year. On the 22nd of October 2009, Windows 7 and Windows 2008 R2 hit the shelves. I've tested both of them since August, and here's a "mini-review" of Windows 2008 R2.

The R2 moniker hints us that this is a "second edition" of Windows 2008 rather than a totally new operating system. You might remember Windows 2003 R2 as 2003 with a few new tricks up its sleeves. In my opinion, this is also true for Windows 2008 R2 in relation to Windows 2008. And Microsoft got this release right! Windows 2008 R2 comes along with a number of very useful changes and a faster graphical interface. Here is some of the new stuff that R2 brings to the table.

What's new with Windows 2008 R2?

If you're working with a customer who has a number of small branch offices, you'll probably find the new "Branch cache" interesting. It adds the possibility of caching documents on local sites, without having to setup a dedicated fileserver onsite. You can either have a "cache server" that retains a copy of all documents the users download or you can use the local Windows 7-clients for this. Windows 7 can cache documents in a "peer-2-peer" fashion, which can implement a branch cache for sites that don’t have any onsite servers. Hyper-V

I find Hyper-V a bit lackluster compared to VMWare ESX/VSphere. Microsoft is clearly behind the curve here, but R2 somewhat closes the gap. One of the new features is the better-late-than-never function called "Live migration", which is what VMWare calls "VMotion". "Live migration" permits moving a virtual guest from one host to another. You should also be able to add disks to a guest that is running. I said "should", because I've not been able to make it work.

That said, I've tested the new Hyper-V, and you can't complain about the virtualization itself. It's fast and pretty trouble free. Microsoft now counters the free VMWAre ESXi-server by offering a free product called "Microsoft Hyper-V Server 2008 R2", which is a scaled down 2008 Core R2 with Hyper-V installed. It’s free and should not be confused with the Hyper-V role that can be installed on normal R2s.

More here:

Microsoft Cluster Services has always been a bit quirky, but R2 comes with a few very promising new features. “Cluster Shared Volumes” or “CSV” allows access to the clustered disk resources from all nodes. This technology was created to support "Live Migration" for Hyper-V, so I'm not sure if it can be used to allow for load balanced clustering in the future. I've not had the time to verify this: but the cluster service also supports Powershell and uses mount points so you don't risk running out of drive letters anymore.

Active Directory
Of the few new changes in R2, I find three of them really interesting.

"Managed Service Accounts" solves an age old problem with service accounts: password changes. Until now, changing the password of a service account could be really dangerous. Unless you really knew exactly which services that used an account, changing the password could cause a disruptions. Suddenly you found out that someone used the account to run an SQL service you had no idea even existed. So once the password is set, it's never changed. With "Managed Service Accounts", the passwords are changed automatically. This mechanism has been in place for domain computer accounts for many years now, so it's about time that we get it for service accounts as well.

"Authentication mechanism assurance" stores information about the methods used to authenticate in the Kerberos ticket. Say what? Ok, in plain English, this makes it possible to see if the administrator is logging in with just a password or with a smartcard. That way you can deny administrators not using a smartcard access to high security applications and still allow them access to less critical ones.

Recycle bin
(Sigh!) Remember Active Directory 2000? If you delete an object by mistake, you'll learn how to do an authorative restore pretty darn quick. And you will not like the experience. R2 allows you to deploy a "recycle bin", so minor mistakes can be undone. It will NOT be as easy as to click on an icon and select "Restore". But it exists and can be deployed to decrease the time needed to recover minor mistakes.

More on the recycle bin here:

All the new stuff in ADDS 2008 R2:

Finally you can now use Powershell on the core edition of R2. This is a very nice addition, because it makes local administration useful and now that .Net framework (a requirement for Powershell) is included, you can actually use Core for your web front ends. And the list goes on. There are changes to most of the roles in Windows 2008 R2, so remember to check out what's new with the ones you want to use. This article only lists a few.

The overall feeling I get from installing, testing and working with Windows 2008 R2 is that it addresses some of the irritations with Windows 2008 server. The GUI responds faster, well known quirks have been fixed and the newest hardware technologies are supported. Microsoft says that they've increased the performance of the iSCSI-initiator and there is indeed very little that feels half-baked when it comes to the roles and features. The exception is the rather lack luster built in backup, which is really rudimentary and, frankly put, useless. They way I see it, Microsoft's biggest enemy when they launched Windows 2008 was Windows 2003 server. It's hard to convince people to upgrade when Windows 2003 fills the needs of most customers. With Windows 2008 R2 the 2008 platform has reached the maturity, stability and ability that make an upgrade really worth considering.

It's no secret that Microsoft built the Windows server concept to work as a whole. If you only use Microsoft products in your environment for everything from messaging to workstation deployment, you get more features and capabilities. This is a bit sad, since it will make Windows server a less fully-featured product when deployed in a heterogeneous environment. In a competitive world, I believe this is how Microsoft tries to survive the declining role of their operating systems as a cash cow. But for those that want to be a "Microsoft only shop", this is good news. Windows 2008 R2 is a very good product in a time when Microsoft needs to convince buyers that the lessons have been learnt with Vista (and to a much lesser extent, Windows 2008).
Links and tricks

The official bulletins from Microsoft:

ISC Sans's monthly Microsoft-analysis is always a good read:

All back-issues of this newsletter can be found here:

A collection of useful security links:

A good site to check for known vulnerabilities for your favorite programs:

What's the general state of the Internet?:

OWASP Sweden's email list archive:

Recommended for you developers out there:

My own, random knowledge base:

Erik Zalitis
System Specialist
Certified Ethical Hacker
MCSE:Security 2003
MCSE:Messaging 2003
Citrix Certified Administrator for PS4.
VMware Certified Professional on VI3
ITIL Foundations

Link | Leave a comment | Share

[Swedish Only] Tack för det, Televerket

Sep. 28th, 2009 | 10:12 pm
location: Hemma
mood: aggravatedaggravated

Pappret kom idag med teleräkningen och hade rubriken "information om uppdaterade Särskilda vilkor". Larmklockorna gick av och jag letade febrilt efter den nya avtalstexten. Den existerade inte ens, men man hänvisades till deras webbsida www.telia.se/vilkor.

Jag laddade ner det gamla (nu gällande) och det nya avtalet. Förutom att det nya var betydligt längre, drog detta till sig mina blickar:

Telia NIX-bortkoppling
Fattar jag rätt? Telia tar sig rätt att ge vilka telefonförsäljare som helst mitt nummer? NIX-registret fungerar inte som skydd här, eftersom jag HAR en affärsrelation med Telia. Alltså kan telefonförsäljarna göra NIX-registret värdelöst. Eller ska jag tolka det som att Telia själva ska kontakta mig med tredje parts information? Alltså själva sälja produkter från andra?

Trafikuppgifter? Alltså mina epostuppgifter? Om så, har det brunnit i huvudet på dem? Spam eller UCE står för Unsolicited Commercial Email. Alltså reklambärande epost jag INTE BEGÄRT! Detta borde inkludera epost jag får för att jag inte förbjudit dem att skicka den...

Det är i alla fall snälla nog att låta mig skriftligen förbjuda dem att göra det. Fantastiskt.. Negativ avtalsbindelse, eller? Nej, faktiskt inte, eftersom jag kan välja att säga upp avtalet innan det träder i kraft. Jag accepterar det bara om jag har kvar abbonemanget. Men det är så nära man kan komma, tycker jag.

Jag ger upp...

Här är avtalet:

Det gamla (utgående):

Hela sidan:

Link | Leave a comment | Share

April's fool the Conficker editon

Mar. 30th, 2009 | 05:48 pm
location: Work
music: Talk radio

The Internet ends on the 1st of April 2009, when the hordes of infected PCs will bring the whole world to its knees. Conficker will not even need raw sockets to send us back to the 18th century. It's the truth! Repent! And accept my security expert status without me showing any credentials. Umm.. Umm.. Sorry, just my bad sense of humour here.

Conficker will change its tactics on the 1st of April. If you have Windows, make sure to patch, check your firewall and update your antivirus and it'll be just fine. I really don't think the worm will be that much of a problem, since it will only change the way it updates itself. Ah well. The patch you must apply is called MS08-067.

Microsoft's official Conficker-site:
Comment: Isn't it wonderful for a virusprogrammer to have Microsoft handling your "PR-Drive" ? :-)

ISC SANS has a good summary:

F-Secure has a tool for the unfortunate that get their PCs infected:

My own notes on Conficker (In Swedish):

Link | Leave a comment | Share


Dec. 28th, 2008 | 08:44 pm
location: Home
mood: awakeawake
music: Fans of the computer - Greatest hits

I had lots of ideas about what to write about, but life happens. So I got sidetracked. It's probably to late to write a review of Fallout 3 now. Suffice to say, I like it a lot but it's not a true fallout. More like  "DC Wastelands 15 years after the war". Still good. 8 out of 10.

I have spent the xmas played computer games, drinking beer and generally feeling fine.

On of my new year's resolutions is to write more blog- and security notes. See if it goes the same way as the old resolution.

Link | Leave a comment {1} | Share

Fallout 3 - first impressions

Oct. 31st, 2008 | 02:14 pm
location: Home
mood: energeticenergetic

I've been playing Fallout 3 since I got it yesterday and its time for me to summarize my impressions of the game.

The installation was pretty straight forward and uneventful. So no disaster here.

The intro
Fallout 1 had a simple, yet very elegant intro with scenes of a broken America accompanied by the Inkspots song "Maybe". Ron Perlman narrated the events that lead up to the destruction of almost all life on earth. Fallout 2 did pretty much the same thing, but from another angle. Fallout 3 starts out the same way but I can't help feeling a bit disappointed that the scenes from the Intro is the same as Bethesda used in the teaser that they put on YouTube. Still its pretty. Perlman is back with his low and dark voice but who wrote his lines. I can't remember on the top of my head exactly what was wrong, but there were a few sentences that came out wrong or just wasn't very logical.

Character creation is handled through a serious of events in your life. You start out as a kid and can select your stats by picking up a kids book called "You're special". SPECIAL is short for "Strength, Perception, Endurance, Charisma, Intelligence, Agility and Luck". That's the system Fallout has always used to let you define the skills of your character. The scale ranges from 1 (very poor) to 10 (excellent) in every base skill. They all start out on 5, and you have a few unassigned points that you can add to whatever skills you want to specialize in. That's only the base skills. You also get a lot of other attributes, but let's go on with the review.

Now you'll go through a few thinly veiled events that lets you make "the choices that defines your character". After that something goes wrong and you're slowly pushed towards the world outside the Vault. This part plays pretty much as the start of Oblivion. Things happen and there's a "come on - tag along - we must get going" feeling all over. The older fallouts did not work like this. You created your character in a form the "old school" way. When you were done, a brief cut scene played and the you were on your own. Starting a new character in Fallout 3 will be boring, since you have to go through the same darned sequences again. It's sad, because the whole idea was not so bad in itself. It's just that it takes around 30 minutes or so to go through the whole introduction when you create a new character.

So, now you're outside the vault, looking out over the remains of Washington DC. It's called the "DC Wastelands" these days and it looks like Fallout should do. They got this part right! The nearest populated junk town is called Megaton and its built in a crater with an undetonated atom bomb in its center. I won't go further on the story here. Its up to you do explore. Lets try to sum it up.

You interact with other characters in the same way as you have always done. To everything they say you can answer in a variety of ways. The answer will have consequences! You can be nice, mean or sly. You can threaten or lie. Your base skills in intelligence and charisma as well as your skills in speech will matter! One irritation thing is that you cannot get out of the discussion except by selecting the "goodbye" line. If you're in the middle of a deep conversation tree, you have to work yourself back to the "root menu" so to speak. In the older Fallout you just hit the escape key to end a discussion. Otherwise Fallout 3 delivers rather well thought out discussions and the possibility to either just get the facts or to interview people to get the whole story.
Rating: Very good

Combat is real time with a possibility of a semi-turn based mode called VATS. The fights work out like they should, but often work out the same way all the time. You shoot at a target while running backwards until you die, they die or you hit something like a brick wall. The vats mode works as it should, but it feels like an afterthought.
Rating: OK

It's dark and gritty. It's broken down and falling apart. It looks and feels like a wasteland should. This part in large is done to specs.
Rating: Very good

The audio works, but is never spectacular. You have a few radio stations to listen to, but they tend to loop quickly. Bethesda should have recorded a lot more material for them. President Eden sounds like a deranged Richard Nixon and "Three dog" seems to have a serious Wolfman Jack complex going on. I'm not sure I like the radio station metaphor. It's 200 years since the world nearly ended and water is scarce and electricity even more scarce.  But I guess I can buy the concept anyway.
Rating: good

The controls are mostly standard and use the Pip 3000-device strapped to your arm as a metaphor. When you hit the TAB key it pops up and stops the whole game play let you select stimpacks and weapons. Using the pipboy stops the game flow abruptly which is a bit irritating sometimes. It's graphically very appealing though.
Rating: ok

The games seems fairly stable. I've had one situation when I had to restart the games since I lost all possibility of interaction with anything besides the Pipboy. Fallout - buggy be thy name!  This is not just Fallout 3. All fallout games so far have had some weird bugs. I still love them. Must be the masochist in me or so...
Rating: ok

Fallout 3 delivers most of the time. But it has some serious shortcomings. I like it and will spend a lot of time with it, that's for sure. More notes to come.

Is it good? - yes!
Is it Fallout? - Mayyyyyybe.

Link | Leave a comment | Share

Fallout 3 cometh

Oct. 24th, 2008 | 09:02 pm
location: Home
mood: calmcalm

Enough of all this security talk now! Let's talk about Fallout. Fallout 3 to be exact. The two first games in the fallout-series are easily among the most well made computer games ever created. That's in my not-so humble opinion. Fallout 3 has large shoes to fill and in one week we'll know if it's any good. I've avoided reading too much about it, since I want deeper aspects of the story to be a surprise.

To be honest, I'm worried about what Fallout 3 will be. They've ignored all the complaints and kept the damned hand held nuke-launcher. They also kept the radio stations and a lot of other weird stuff.

Another thing that strikes me as odd is that they somehow mirrored the Californian remnants from Fallout 1 and 2. That is to say, Fallout 3 takes place on the east coast with all the west coast factions in place. That's right. The super mutants, the Enclave and Brotherhood of steel are all there. Even the Necropolis style ghouls shows up for the party. You know the ones that were created in the failing vault in Bakersfield, CA. All right, maybe I'm not fair here. After all, an additional 40 years have passed since the ending of Fallout 2. It's just like they (Bethesda) don't understand the fallout universe.

Ok, enough nagging. I don't know exactly what the game is going to look like, and it has good potential of being a really good game. I'm pretty sure of it from what I've seen. But will it be a true fallout? In one week I'll hold the box in my trembling hands.. One LONG week... 7 days... I want it now!

Link | Leave a comment | Share

Notes from the vulnerabilities webinar

Oct. 23rd, 2008 | 11:30 pm
location: Home
mood: busybusy

I did attend the webinar "TechNet Webcast: Information Regarding an Out-of-Band Security Bulletin Release" Microsoft held where they told us the details of the vulnerability. Here some short notes I took while listening.I did attend the webinar Microsoft held where they told us the details of the vulnerability. Here some short notes I took while listening.

About the vulnerability
It's being exploited actively, but at this time only towards targeted systems. Mostly XP.
Uses RPC over port 445/139.
Can be used for worms. No worms active at this time.
The patch affects a very small portion of the file, so it should not cause problems.
"Malware" is on the field.
Microsoft have created "definitions" for all the malware they know about and made it available for its partners. 1)
Its bulletin number is MS08-067.

Notes and recommendations
Update your antivirus software.
Microsoft has detailed information on their "research and defense blog"
SDL site is updated (Security Design lifecycle)
All patch tools from Microsoft except the old SMSSUSFP can detect and/or distribute this patch.
Shutting down the computer browser service AND then the server service will work as a mitigation. It will have functionality impact on your machine! (e.g. no file sharing)
Hostsvc-crashes may be signs of attacks.

Questions asked:
Should servers on the DMZ be patched as soon as possible? Yes
Are there any trojans known?: Yes, TrojanSpy:Win32/Gimmiv.A and TrojanSpy:Win32/Gimmiv.A.dll.
Is this a buffer overflow? See 2)
Is there a new cab-file released? Yes, but it can take time to replicate. This cab is used with MBSA et.al.
Can XP and 2003 be configured to require authentication for some mitigation? No.
Reboot really needed? Yes!
Does it affect RPC over HTTP/S? Answer: No
Can it attack an unpatched ISA Server? Speakers did not know. (My guess: not unless you actually allow or publish TCP 445/139 to the server!)

1) http://www.microsoft.com/security/msrc/mapp/overview.mspx

2) Much more technical overview:

The latest information is here:


Updated on friday:

Swedish newssite ide says "PATCH NOW!!!":


An additional webcast will be held tomorrow at 8pm CET.

Link | Leave a comment | Share