Critical Security Vulnerability Discovered in Internet Explorer...

On November 11th 2008 Microsoft released an advisory (MS08-068) detailing a vulnerability present in all currently supported versions of Internet Explorer - including beta versions of IE8. The exploitation technique is referred to as "SMB Reflection". There have been widespread reports of active exploitation of this vulnerability via Internet Explorer - including reports that the UK Postal Service's website had been compromised, thusly compromising all of its visitors.

Sadly, the technique was first demonstrated in 2001 at @tlantacon, a hacker convention. Microsoft was aware of the vulnerability but there were so many mitigating factors and patching it would have broken backwards compatibility with specific applications, they decided to leave it unpatched. This recently released patch essentially further mitigates the vulnerability without truly "fixing" it. As this article is not meant as a technical dissertation on the vulnerability, if you want more technical information about this vulnerability and the recent patch, I suggest this article.

At Teklogic, we developed scripts to deploy this patch to our client base the day it was released. If you have an unpatched home PC, or know someone that does, you should get on over to Windows Update and ensure your system is up-to-date with the latest patches and Service Packs.

This is just more fodder for all of the Mozilla Firefox zealots. Although the now, very mature, browsing software has not been without its own issues lately - just proving that the only absolutely "secure" system is one that is unplugged and not in use.

What is Web 2.0???

You may have heard the term "Web 2.0" in the media recently. The term seems to suggest a new or updated version of the World Wide Web, however the term does not refer to any technical specifications at all.

As Tim O'Reiley suggests, it refers to changes in the ways people use the World Wide Web for information sharing and collaboration. To me, it means -specifically Community driven content like Blogs, Podcasts, Wiki's like Wikipedia, Social Networking sites, like MySpace & Facebook, and Content Sharing Sites like Youtube & Delicious.  There is even a "micro-blogging" service that is becoming a more and more popular way to remain excessively "plugged in" called Twitter. Twitter allows users to display short, informative blurbs - typically used to keep people informed. People can subscribe to these updated blurbs on their Cell Phone or Computer. The American Red Cross uses Twitter to exchange minute-to-minute information about local disasters.

All of these technologies center around ease of information exchange using the World Wide Web with an emphasis on user-driven content creation. This creates the proverbial "new ball game" for advertisers, designers, and business owners when it comes to getting your product or service noticed on the web. It also means an upgrade in the overall user experience of the World Wide Web as this content gets more and more real-time and self-evolving.

With people more plugged in than ever before - I mean, even you phone has a broadband Internet connection these days, we will have better information, faster, and be able to collaborate in near real-time with people and companies across the globe. A VERY good thing indeed.

Out of Office when you are out of the office.

As you may be aware, Outlook has an "Out of Office" feature that can be configured when you are away from your PC to respond automatically to incoming messages with a predefined message letting the sender know you are unavailable. This works great if you remember to do it when you are in front of your machine -but what if you are out of the office unexpectedly and didn't have time to configure your Out of Office message???

If you are using a Cell Phone based on Windows Mobile and your administrator has configured message synchronization for you (and I hope he has), its as easy as Opening Outlook on your phone (where you view your e-mail), choosing Menu and then Tools and select Out of Office. You can then customize your message with an alternate contact number or a time that you will be back in the office. This is a nifty little trick that I try to show to as many Windows Mobile users as I can. I hope you can use it too...

Cheers,

-Justin Carter-