Monday, April 19, 2004

Hmm. I'm sure that I meant to write something for Saturday and Sunday. I just didn't find the time to actually do it.

Saturday started out with the usual sleeping in a bit, then breakfast and some cleaning. Then I went over to the the in-law's house, where I got another circuit of the sprinkler system working. I had to replace a couple of broken sprinklers, and then some adjusting of the patterns. So now the two main areas of grass have the sprinklers working, although manually at the moment. Eventually I'll get the timer sequence set up, when I figure out how things are wired. Not terribly hard, but just takes some time.

I didn't have much time to spend over there, as I had to get home and finish up my notes for my speech at church on Sunday. That took up the rest of the day, although I did get a chance to do some minor cleaning of the back yard (actually the back patio).

Sunday morning was the usually church administrative meetings, then a final touch-up of the speech. The afternoon was taken up with the meetings; the talk went well.

After church, back home, where the grandkids (and their parents) were waiting for us. Even though the weather was a bit cool and cloudy, I fired up the BBQ and cooked some steaks for the whole gang. We all had a nice dinner, and a nice visit with the family.

So, the usual weekend fare, nothing exciting. And back to work today, doing some audits of the computers at work to see how many of the systems have installed this month's Microsoft patches. Not as high as I hope, but typical for our distributed IT support system. There is some minor movement to change that, though, to a more centralized support system, with some site-specific support available where needed. The key will be for the IT department to become more consist ant in our own recommendations, the "eating your own dog food" thing.

Left work a bit early to go to the optometrist. The eyes are getting a bit weaker, but not too bad. I'm sitting at a "1.75", which means that reading glasses are appropriate. I mentioned to the doctor that I sometimes had problems doing close work (small parts and pieces), and he suggested that I get a "3.00" set of glasses for that work. He got the sample lenses out, and I was able to read really fine/small print at close range (under 10 inches). That might be a good idea also.

Tuesday, April 20, 2004

Two very important issues regarding computer and Internet security:

First, the "Netsky.V" version virus/worms can be installed on your computer by just reading/viewing an infected message . You don't need to open the attachment. If infected, someone can remotely access your computer, including running any program of choice, or even erasing files of any kind. This vulnerability is patched by the latest Microsoft patches. One link describing the problem is here http://www.theregister.co.uk/2004/04/15/pesky_netsky/ , lots of others available. Also, see below on how to fix Outlook to reduce this risk. (Note to new readers: around here, links usually open up a new window so you won't get lost.)

Second, it is possible for an attacker to shut down large segments of the Internet using a specific 'reset connection' technique. There are some workaround; but corporate security folk should be aware of this (most probably are). Very technical details are here http://isc.sans.org/diary.php?date=2004-04-20 , a less-technical version is here http://www.securityfocus.com/news/8491 .

Another place to go for technical alerts is the US-CERT security site, part of the "Homeland Security" gang. Go here for the technical bulletin http://www.us-cert.gov/cas/techalerts/TA04-111A.html . They also have a non-technical newsletter about information security issues on that site.

Mantra: update Windows and Anti-Virus often, install a firewall, don't preview your mail (turn auto-preview off), update Office/Outlook.

If you are using Outlook 2003, you should set it up to reduce the possibility of an HTML message introducing a virus by reading the messages in plain text. This information is from Microsoft's site.

To set up Outlook 2003 to read messages in plain text: (from Microsoft
site:
http://office.microsoft.com/assistance/preview.aspx?AssetID=HP062150771033&CTT=98)

"If you are concerned about potential viruses (virus: A computer program or macro that "infects" computer files by inserting copies of itself into those files. When the infected file is loaded into memory, the virus can infect other files. Viruses often have harmful side
effects.) contained in HTML formatted messages, you can have Microsoft Outlook automatically display messages that you open in plain text instead. However, reading messages in plain text does not provide full protection against viruses or scripts (script: A type of computer code used to perform tasks on Web pages, such as incrementing a "number of visitors" counter each time there is a new visitor. Web scripts can be written in several script languages. Scripts do not need to be compiled to be run.) in e-mail messages.

"On the Tools menu, click Options, and then click Preferences.
" Click E-mail Options, and then select the Read all standard mail in plain text check box.
" To include messages signed with a digital signature, select the Read all digitally signed mail in plain text check box."

It's also important to do the Microsoft Office update; go here: http://office.microsoft.com/officeupdate . Just doing the "Windows Update" will not install Office updates. You will need your Office CD nearby when you do the updates.

I'll have more information about all of this later.

On another subject, you might have known that Novell bought the Ximian and SUSE Linx stuff last year, and is busily integrating Linux into their product line. One of the things they are promoting is getting Linux on the desktop as a replacement for Windows.

Without getting into the Windows/Linux wars, I find it interesting that Novell is planning on "eating their own dog food". That means that if you are going to tell others what to do, then you ought to be prepared to do it yourself. So, according to this article in "The Register", Novell will be installing Linux/Open Office on all their corporate desktop systems by July of this year. The Novell spokesdude said that the project 'will teach us a lot about the process and help [us] empathise with customers considering similar projects".

Along that line, I've purchased a copy of "VMWare", which allows you to set up several 'virtual' operating systems on one physical computer, easily switching between them without having to restart the computer. So I am going to get a Liunux install (haven't decided which one yet) to put on my laptop and start using that a bit. There are some good information security tools that run on Linux, and I need to work with them a bit more. I'll have more information on that project as I work with it.

Wednesday, April 21, 2004

On the computer/network security front, take a look at this article about the latest Microsoft patches (opens in blank window, per our habit around here). Then, (after you finish reading today's post, of course), go do your updates.

I spent most of the day at work on mail problems. Although we (the Security section) are turning the system over to the Production section, they are still learning the system.

Yesterday the mail system was confused, and started blocking all outgoing messages because it thought they contained executable attachments. (One of the basic rules on our mail system is that we block all incoming and outgoing executable attachments. If an outgoing message is blocked, we notify our sender. We don't send a blocked notification on incoming messages -- that just encourages the spammers.) That incorrect blocking started a bit after 6am, and I got there at 7:30am to lots of waiting voicemail and email complaining about the blocking. It took a short time (under an hour) to determine that one of the two mail servers had the problem. So I stopped the 'receive mail' service, letting the other mail server take up the slack. I also released all of the incorrectly blocked messages (after making sure that they actually didn't contain executable attachments). That took until about 8:30am, and I spent a bit of time responding to voicemail and email.

A delay of no more than two hours wasn't a big deal -- in fact, email (contrary to popular belief -- is not really an efficient way to send messages. Email can take a while to get to it's destination, although most people think that it is instantaneous. With the volume of email, and the spam blocking in place, you need to be careful about how you 'craft' your message. It may not get delivered.

In fact, I wrote a short report about that very subject -- found here. And there is also my report on the difficulties in setting up an anti-spam system here. Both of those were written last year, and may need a bit of updating, but the basic concepts are still valid.

Anyhow, today's plan of working with VMWare (see yesterday's post) was overridden by the need to monitor the email system. It did have a few problems today also, but not as bad as yesterday (and yesterday wasn't that bad). One message, with a PowerPoint file, seemed to be stuck in the 'rule analysis' queue, holding up a bit of other mail. I haven't seen that problem since last spring. It was easy enough to fix, once it was found. And a companion mail system -- our backup virus checker running Network Associates WebShield -- sometimes has problems with undeliverable messages. Those can cause a mail loop, especially if the file has a large attachment. So I spent most of the day making sure the 'mail always gets through' ... sooner or later.

I checked out the mail system this evening (and will one more time tonight), but at the moment it is working OK. But it is interesting to look at the volume of mail we get in the evening. I checked it at about 8pm, and there is a lot of incoming mail. And most of it is spam. There are some newsletter-type messages, but watching the subject lines shows that it is mostly marketing stuff. We process about 50,000 messages a day. Our average spam 'catch rate' is about 34%. Some spam still gets through, but we are blocking quite a bit.

Last night, Pam and I watched "Master and Commander", which was a pretty good movie. Some of the dialog was a bit 'muddy' -- not clear, and the English accents were a bit too much at times. But, overall, it was a good movie; we enjoyed it. Earlier, I watched "2 Fast, 2 Furious", which had an OK story line, and some nice racing sequences (with lots of special effects).

At home after dinner, I worked on a bit of Church stuff: meeting notes and calendar updates to send out. A bit of surfing, one more check of the mail system, then it's time to 'veg out' in front of the television.

You regular readers (yes, both of you) might notice that I have changed the "Latest" entry at the very top to just say the day, not the day and time. Any preferences? Or did you even notice? Comments about that (or anything else around here) can be sent via our mail form.

As for you new readers (now that I am an official "Daynoter" -- I am humbled by that honor) -- your comments are also welcome. And if you have wandered over to our little short story about the death of the Internet, comments about that are also welcome.

You might even get a response (there's a good chance you will).

Thursday, April 21, 2004

Still having mail problems, but we're keeping them under control. I seem to recall having a similar problem last year. It seems like one type of message that one user creates with a large attachment has caused a problem again. I think that it's the type of file inside the attachment that is causing the problem. More investigation on that tomorrow. In the meantime, extra checking of the mail server 'health' is in order.

The big news at home is that Stacy (youngest daughter, 19) is back from college (BYU-Idaho) for about 9 days. She's got a short break between semesters, and caught a ride home with a friend. There were three of them in a small pickup truck for the 12 hour trip of about 900 miles. They obviously took advantage of the liberal Nevada speed laws (in parts of Idaho, there is a 75mph limit on the interstate highways), and also just stopped for gas and snacks. They had a good time on the trip, even though when she got home she was suffering a bit of "TB" (Tired Bottom). We had a nice little visit before she hit the sack for the night.

I have a couple of security audits to do tomorrow, and still need to play with VMWare. I spent part of the day trying to download a couple of Linux distributions. It's still a bit 'techie', though. Although you can purchase boxed sets of various 'distros', trying to figure out what to download is a bit more difficult. The 'free download' process is still obscure. Even when you finally get to the place where you think you should download something, you are not sure you are getting the right files, and you have to figure out how to save/store an "ISO". I just looked at the Red Hat and Mandrake sites, but I suspect that the others are just as obscure.

What I am looking for is a basic, beginner-level site. The site should have a button that says "Create the disk 1 CD"; and when you click it, all it will ask is for the drive letter of your CD/RW drive. If you need multiple disks, then have a button for each one. And then the install process should be as simple as inserting the CD and following simple (non-techie) instructions. If there is already an operating system on your computer, then the install process should be smart enough to create another partition (resizing the existing one if necessary), then installing it in a 'dual boot' mode. The whole process has to be simple enough for "Aunt Minnie" to figure out.

Watch out for the new viruses/worms. Nesky is up to version "Z" (what's next?), some worms will install just by reading your mail (see the Outlook thing above), and others by just visiting a bad web site. Get those updates installed.

Saturday, April 21, 2004

Several important security issues to talk about.

If you get an email that says "Osama Bin Laden was captured", with a link to click on, don't do it. The link will attempt to install a "trojan" on your computer that will try to steal passwords and bank account information. This one is getting widespread; it started appearing late Thursday. And it doesn't require opening an attachment, just clicking on the link to get to the hacker's site. That site seems to be inactive now, but you should be careful about any link in a mail message that you didn't expect to get.

We started getting these at work late Thursday night. It immediately looked suspicious. For one, it was from the "Editor of CNN". And the link was a numeric IP address, not a site name. And it didn't have all of the marketing/promotion text you would expect if it was from a news site. And besides, why would the editor send me a message like that? Even if I had signed up for news alerts, they would be better crafted than that.

So, I quickly set up a rule to block any message with "Osama" in the message. I spent a bit of time wandering around various security and anti-virus sites, but there was no mention of this particular message. But it just didn't look right, so we continued to block it. By the end of the day, we had about a dozen of them.

So, the lesson here is to think before clicking. Look for the validity of the message. Obvious spelling and grammar errors should be a warning about the message being bogus. It's like a message from "AOL" asking you for your user name and password. Wouldn't you think that they already know that? Why would they need to ask you for information that they already know?

Next on our list is a severe problem with Symantec Norton Internet Security. There is a severe vulnerability that can allow your system to freeze with just a single packet of data from the Internet, so it's a "Denial of Service" problem. One data packet to freeze your system. And the only way to get control of your system is to force a hard restart of the system (usually by doing a power reset).

The folks at "eEye Digital Security" found this one, link is here. The details are a bit technical. They report that you can fix this with an update/patch at Symantec through their "Live Update" feature. I did a quick "wander" through their site, and couldn't find the exact link, or any information about it. But if you have that product, get your updates installed.

Now to number three on our security hit parade - a problem with possible data theft on a MS IIS 5.0 server running "SSL". If you purchase something on the 'net, or access your banking system, you usually do so with a 'secure link' that encrypts the data between your computer and their system. You can tell you are on a secure site because the site's address starts with "https" rather than "http".

Due to a vulnerability (for which Microsoft had previously released the patch), there is a way for an attacker to break into these systems, and attempt to steal password, payment, and account information. The MS04-011 patch (released last week) has fixed this problem, so updates are required. But it is interesting that the exploits are happening a lot faster once a vulnerability is made public. Another reason to keep things current. See the information at Microsoft site here for details about this one.

More information about these problems can be found at the Internet Storm Center, in their daily diary of current issues. Look at their 04-23-04 and 04-24-04 diaries. There are links on those pages to other sites that have more information on all of these problems.

So, the usual mantra...get those updates installed, at work and home. And help out others -- send out alerts to your family members.

On the home front, I was too tired last night to write anything...and we spent some time visiting with Stacy. This morning (after sleeping in and a bowl of Raisin Bran for breakfast), I spent a bit of the morning replacing the front brake pads on the Camry. That's not a hard job, although somewhat messy with all that brake dust. It worked out OK, though. I need to look at the rear brake shoes to see how they look, but that's a job for next weekend.

Then I spent a bit of time with the drip system in the back yard. I needed to tweak the spray patterns a bit. While doing that, I noticed some damage to the petunias that were planted last week. The snails were having a good time feasting on the plants. So I grabbed the culprits and gave them a free trip to the garbage can (which will be picked up on Monday), and then put some snail bait around the plants. I may need to get some more, since some are pretty damaged. That's also next weekend; that will give some time for the snail bait to do it's work.

The whole family will be here for dinner tomorrow. That will be a nice visiting time. But I'll also be taking a peek at the latest security threats: the ones mentioned above, and the inevitable variants. They have the potential (perhaps small) of doing damage to the Internet. Sort of like my little story about that.

... more later ...
Last Week	Next Week	mail	bookmark	The Digital Choke story