Bill Gates - Hooters VIP?
Alexander Muse , January 26, 2007
Turns out Bill Gates is a big fan of Hooters and now with his Hooters VIP card he will always be able to get free food (no free drinks of course). This, of course, is all according to Mary Jo Foley of ZDnet.
Apple security flaw resolved
Alexander Muse , January 26, 2007
We have been ‘working around’ a security flaw in Apple’s AirPort Wi-Fi system. Apple just announced they have plugged the flaw as reported by cNet:
The update fixes a vulnerability that affects both the server and client versions of Mac OS X, Apple said in its alert. The problem was disclosed in November as part of the Month of Kernel Bugs campaign.
An attacker could exploit the flaw over a wireless network by sending malicious data to a vulnerable Mac, Apple said. “An attacker in local proximity may be able to trigger a system crash by sending a maliciously crafted frame to an affected system,” it said in the alert.
The issue affects the Intel Core Duo-based versions of Mac mini, MacBook and MacBook Pro computers equipped with wireless, Apple said. Other systems, including the Core 2 Duo versions of the same machines are not affected, it said.
Apple fixed the issue by adding more validation of wireless frames, the Cupertino, Calif., company said. The AirPort Extreme Update 2007-001 can be obtained from the Software Update feature in Mac OS X or Apple’s Software Downloads Web site.
Vulnerabilities in the Mac OS X have been rising, leading some experts to note that the Macintosh platform is not impervious to security problems. The vast majority of security vulnerabilities, however, affect computers running Microsoft Windows. Also, attacks on Macs have largely been theoretical so far.
Microsoft Word Zero-Day Attack
Alexander Muse , January 26, 2007
Microsoft has just started investigating a zero-day attack against Word. Symantec announced the flaw as reported by eWeek:
The Redmond, Wash.-based software maker said it’s aware of “very limited attacks” exploiting the reported Word flaw. If the vulnerability—and attack—is confirmed, the company is likely to issue a pre-patch advisory with workarounds or suggested actions or vulnerable customers.
The vulnerability was discovered during an actual live attack by anti-virus vendor Symantec. It affects multiple versions of Microsoft Word and can be used in successful code execution attacks against users of Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP.
According to an advisory from Symantec, the flaw is unrelated to the three previously known Word bugs that remain unpatched.
In the attack scenario discovered by Symantec, a rigged Word document arrives by e-mail with a lure to trick the target into opening the file.
“When the infected Word document is opened, it uses an exploit to drop some files onto the computer. These files are back door Trojans that enable an attacker to gain remote access to your computer,” the company warned.
Ironport Blocker available from Dell
Alexander Muse , January 23, 2007
Ironport developed the “Blocker” to provide spam filtering for companies under 200 employees. Their other models, specifically not available through Dell, are specifically designed for larger organizations or those organization with special needs.
Architel is recommending all clients migrate to Ironport’s Blocker and we now have a contact at Ironport who can provide information about the Dell supplied solution. Her name is Suzanne Fleming and she can be reached at 512-689-9259. Of course Sarah can help you as well. Here are the details:
Ironport Spam Filter
Supplied by Dell
Part number A0652840
Ironport Texas Sales: Jennifer 650-989-2030
Cost: $1698 from Dell and $300/year after that (under 50 users)
Blogspot Spam
Alexander Muse , January 23, 2007
Terry Zink discovered a new type of spam today:
This morning I ran across a new type of spam; spammers are creating blogspot accounts and when you go to them they redirect to the real payload site (in my case, pharmaspam). Google ought to be able to help out with this. They own Blogspot, so I would expect that they should be able to shut down blogspot accounts that redirect to known spam sites. They would just need to leverage their Gmail filtering service.
Switch to Vista? Not before SP1.
Alexander Muse , January 22, 2007
We are advising our clients to wait until Service Pack 1 for Vista is available to upgrade from XP. Microsoft has announced that Vista SP1 will be released in the second half of 2007. This should give everyone plenty of time to plan hardware purchases.
Spammers using current headlines!
Alexander Muse , January 22, 2007
Terry Zink noted that spammers are using current headlines from various news stories in the subject line to get you to read their spam. He explains:
“One of the techniques that spammers use is to borrow a headline from the news and use it as a subject line in their message. This is designed to confuse filters and people alike because it looks like a legitimate message in your email client if you merely examine subject and sender (but the email address gives it away). Anyways, I got a stock spam today with the subject line “History for Super Bowl Coaches.” This is in reference the Saints-Bears and Colts/Patriots NFL games yesterday (Sunday, Jan 21). For the first time in history, two black coaches are coaching in the Super Bowl (actually, one black coach would have made history, two is even more so). Obviously, spammers are watching the news and borrowing headlines for their own purposes, and they are doing it quickly (less than 12 hours in this case).”
Chris Szurgot suggest, “spammers’ botnets prowl the web searching for current news headlines, inserting those into new spam messages.”
What is VirtualCIO?
Alexander Muse , January 20, 2007
The third silo of support offered by Architel is VirtualCIO. Lots of times we hear the comment, “we haven’t have our VirtualCIO meeting.” That begs the question is VirtualCIO a meeting or a concept? The idea behind VirtualCIO is that our team serves as your CIO throughout our relationship. Working within your budget constraints and considering your business objectives it is our on going objective to make your technology solution match both as closely as possible.
Sometimes there is no available budget for new hardware or software and we must make the existing environment work. In most cases we have a limited budget and make various decisions where to spend that money. Often times we must deal with a less than optimal configuration and our goal is to offset the associated risks. For example, one client’s hardware is out of warranty and is prone the failure. The client cannot afford new equipment until next quarter. We focus much of our effort on the retention of data instead of focusing on what we cannot control.
The nice thing about our service model is that if you feel like your technology is out of control you can always ask us to reexamine the premise of our current technology plan. Often pain associated with problems such as spam cause a business to rethink their budgets. Money that was previously not available suddenly is available when users complaints reach the boiling point. The only risk when reacting to pain is that sometimes we all miss the forest for the trees. VirtualCIO cannot be delivered exclusively by Architel, instead it is a partnership between a client’s management team and Architel’s management. It requires the dedication of time and resources.
Blog Comments
Alexander Muse , January 19, 2007
Josh Hallett has a post titled, “Blog Comments - Legal Issues & You’re Not That Anonymous.” Turns out blog owners can be threatened by companies who are unhappy with comments made on their posts. The Texas Startup Blog is under attack from a local sports company, eSports Partners who threatened legal action if they did not remove comments made by third parties (unrelated to The Texas Startup Blog).
Not wanting to deal with expensive litigation to prove they had the right to allow unmoderated comments on their blog, they decided to simply remove the post. What are your rights? The Supreme court ruled in late 2006 that owners of weblogs had no obligation to moderate comments, nor do they have an liability derived from the content posted. The court ruled that injured parties must address their issues to the parties (i.e. the people making the comments) directly. The forum owner, i.e. the comment area owner, is not responsible for their content. This is your right, but if you are facing a cease and desist letter you might determine how much it is worth to preserve your rights ($10-20K).
Microsoft Vista and Office Download
Alexander Muse , January 18, 2007
Microsoft is going to allow users to download Vista and Office 2007 via the internet. No need to wait for media, just download and install. Nice work! Information Week had the story,
“Microsoft said Wednesday it plans for the first time to make its new Windows Vista operating system and Office 2007 productivity suite available for downloading by PC users over the Internet on Jan. 30, the day it releases those products to the retail market and computer manufacturers. Microsoft and Circuit City Stores plan to sell what the software company expects to be the most popular versions of Windows and Office for consumers and small business customers on Microsoft’s Windows Marketplace site. A Microsoft executive says that while downloading Windows from the Web won’t appeal to the majority of PC users, it lets the world’s largest software company establish an online beachhead for future sales.”
