I think I’ve mentioned a couple of times that I reloaded my laptop. When I went to reinstall Sharpreader, I found the sharpreader domain abandoned. Apparently they’ve boarded up the windows and left town.
I decided to give Google Reader another chance after my older brother mentioned it to me. I logged in, and it appears they’ve done some upgrading. It looks good. I deleted my old feeds, and imported my OPML file. After tweaking a few settings I’m finding it quite usable.
My favorite feature is the ability to share items with people. My shared page is here.
What I’m really missing right now is the notification box that my previous rss readers had. Obviously they can’t give me a new article notification if I’m not at the site, but I was thinking they should give that notification through the Google Talk software (like I get gmail notifications). Perhaps they already do that. I haven’t reinstalled Google Talk since my upgrading.
The other item I’m missing is search. That seems amazingly ironic. Yes this is the one time I”m pretty sure I’m using the term ironic correctly. I want the ability to search my feeds. I wand to easyly be able to search specific folders and even one specific feed. Why can’t I search my Google Reader feeds?
Obviously I’m new to Google Reader, so if anyone has an answer, please feel free to jump in the comment section.
Archive for April 2007
Switching to Google Reader
Microsoft DNS Exploits
SANS is reporting that successfull attacks were seen on April 4th against Windows DNS servers at two U.S. Universities.
We’ve disabled remote management of DNS. It would be a bad thing™ if our domain controllers were compromised. Don’t forget to check for other places you might use Microsoft DNS. Some systems up on our DMZ are running Microsoft DNS. Fortunately those are all firewalled correctly.
http://support.microsoft.com/kb/935964
Another new email virus being spammed
I’m seeing email detected stopped by my AV.
Subjects:
Worm Activity Detected!
Worm Alert!
Virus Detected!
the attachment is a password protected zip file. The name isn’t coming through cleanly because my vendor replaces special characters with codes I don’t understand.
patch=2d3834.zip (2d may be code for “-” and then I think there are four random numbers in the file name).
update – sans now has a blog entry on this http://isc.sans.org/diary.html?storyid=2612
Microsoft Desktop Search 3
While reloading my computer, I found that there is an upgrade to Microsoft Desktop Search. Version 3 does have one imrovement. It has the capability to index file shares. That could be useful.
So far I’m struggling with one drawback. In the past I have indexed multiple mailboxes. This makes it easier to find account approval emails that might be in on several accounts. I have the two additional accounts opened with this Outlook Profile.
First I tried disabling the new default setting in Desktop Search to only index the local cache. These mailboxes are not part of the local cache. That didn’t help. I have two thoughts left, set up the extra accounts as IMAP accounts or check if the indexing in Outlook 2007 is better.
Laptop Woes
I’ve been fighting a blue screen of death on my Toshiba M400. The error is 0x0000007F 0×00000008, 0×80042000. The blue screen message indicates that this could be software, it could be hardware.
One bug check that was automatically submitted to Microsoft resulted in the suggestion that the video card was faulty.
One search suggested that it might be a Symantec Antivirus problem with kernel memory.
Another search indicates its a stack overflow in the Windows kernel mode thread.
It could really be anything. To get into the operating system, I booted to safe mode and used msconfig to disable most everything. I tried removing Symantec Antivirus and disabling Cyberarmor. Each time I was only able to get into the OS without a BSOD briefly.
I called Toshiba support in search of a diagnostics CD similar to that which Dell provides. Unfortunately Toshiba only provides the diagnostics for use within Windows. They suggest that I revert to the manufacturor image. I wasn’t too happy with that response.
Since I was unable to pin it down as a hardware or software problem, I went ahead and backed up my data before restoring to the manufacturers image (hold down zero while booting).
I’m going to wait a few reboots before applying any patches or installing any software.
MS07-013 and Windows 2003 sp2
We have a Windows 2003 64 Bit Edition with Service Pack 2 installed. Our vulnerability scanner is reporting that this server is vulnerable to MS07-013 because %windir%\system32\riched20.dll version is version 5.31.23.1225. According to the security bulletin http://www.microsoft.com/technet/security/Bulletin/MS07-013.mspx this should be version 5.31.23.1226. Neither Microsoft Update or MBSA detect a patch needed on this system.
Is MS07-013 included in Windows 2003 sp2? Is the system still vulnerable? Who knows!
It is not included in the list of updates included in Windows 2003 SP2 http://support.microsoft.com/kb/914962
If %windir%\system32\riched20.dll version 5.31.23.1225 is considered “patched” in Windows 2003 sp2 than we need the security bulletin updated. If it is not patched then I need a patch released.
I’ve sent a note to my Microsoft TAM. We’ll see what happens.
I notice that a mailing list at patchmanagement.org reports four other curious patches. Those patches all have correct file versions on my server.
update – I heard back from my TAM. He provided this link which indicates MS07-013 is included in Windows 2003 sp2. While it doesn’t specify the version number to expect, it does say it will be earlier than if you applied the patch to a sp1 server.
More Virus email Spammed
At 2:15pm today,I started receiving virus alerts indicating a new virus is being spammed using fake war news to socially engineer the recipient into opening the attachment.
SANS has a post about it here.
Characteristics I’ve seen:
Subjects:
Israel Just Have Started World War III
USA Just Have Started World War III
Iran Just Have Started World War III
Missle Strike : The USA kills more than 1000 Iranian citizens
Missle Strike : The USA kills more than 10000 Iranian citizens
Missle Strike : The USA kills more than 20000 Iranian citizens
Attachments:
movie.exe
Read More.exe
video.exe
Read me.exe
news.exe
Click here.exe
If your antivirus is capable, or if you’ve just blocked executable attachments, this is a non-event for you. Otherwise, warm up your thumb, and keep hitting reload until your antivirus vendor provides an update.
8:50 and already a rough morning
I got a call this morning while driving into work that the domain we receive the most mail on is not getting email. Naturally since I recently requested some changes in the way we receive mail that was blamed first.
It turns out they were right, in a way. I had requested that we update DNS so we no longer have a wildcard MX record. With a wild card mx record, you could address mail to anyserver.example.com (obviously not our real domain) and it would be delivered to our MTA. Since this causes us to process a lot of unnecessary email I thought we should remove that.
We use split DNS and run our external DNS through our ISP. When AT&T/SBC performed the update instead of removing the wildcard mx record, they removed example.com.
So we’re getting no email addressed @example.com. The negative response cache TTL is 2 hours. So even after we get SBC to fix the record, we may not get email for a while.
At least this is a reminder that people should be using our new domain name instead of the old example.com.
If we had been monitoring our external MX records, we would have seen them go away and possibly gotten it fixed before most peoples cached response expired.
SANS again kicking up a FUD storm?
SANS is reporting the the Microsoft ANI patch may be causing some problems. That’s the kind of headline that strikes fear into someone who is about to “release the hounds” and push patches to the enterprise.
The article fails to mention specifics about any of these bugs other than one bug when interacting with a specific third party software. A patch for that was available at the same time Microsoft released the ANI patch.
A second reading shows that they’ve only “received a few emails.” So in the vast SANS audience they’ve found a few computer problems. That’s probably par for any software installation. I would suspect that the importance of this update has brought people out of the woodwork who haven’t updated for a while.
Its now been 18 hours since that entry was posted, and it has not been updated. You’d think when you raise questions about a patch, you’d follow up with an all clear or confirmation of what is breaking.
