Be on the wave or under it™

The News – 09/08/03

I’m (Still) In Pieces, Bits and Pieces

The demands of starting up the newly-renamed The WiMAX Guys wireless networking company have eaten into my SNS time, so below are some short takes on recent technology developments.

For those who wonder why we’re no longer The WiFi Guys, it’s got something to do with government inefficiency and lip service to the Web. The Minnesota Secretary of State’s office has an online database of all companies in the state. When we checked the database, there was no registration of The WiFi Guys. But when we applied for the name, we were told it had been registered in January.

Dismayed, we protested that the name was available on their online database. “Oh, you can’t go by the Web,” we were told. Turns out the online database was more than six months out of date. (It has since been updated.)

So the upshot is, we wasted some advertising and have lots of business cards with a name we can’t use. Not exactly what a startup needs.

Briefly Noted

• Shameless Self-Promotion Dept.: It’s here: A new company from StratVantage – The WiMAX Guys. The business has two parts. The first is targeted at consumers and small businesses who buy the wireless networking gear, but can’t get it to work. We visit and get it up and running fast. The second part of the business is new installs for people who want to set up wireless hotspots. Check out the Website at www.TheWiMAXGuys.com.
  
  I’ve written another article for Fawcette Technical Publications’ Enterprise Architect magazine. This one’s on a best practices sharing effort called Project Avalanche. My feature article, Grid Computing Takes Off in the Enterprise, was published in the inaugural issue of Enterprise Architect. (Registration required to view.)
  
  My article, “Innovative Marketers Target Unwired Customers” was published in the NetSuds newsletter.
  
  Coming Soon: A new eBook, Be On the Wave Or Under It™ will collect the best of SNS’ insights over the last couple of years, along with additional material from CTOMentor white papers and new material. It will make a great gift (Halloween?) for associates and friends in need of a guide to the latest and greatest technology. Watch for more information in upcoming SNS issues.
  
  Several issues ago I debuted SNS Begware, an opportunity for you, gentle reader, to express your appreciation by tipping your server via PayPal. See the sidebar for more info. Total in the kitty so far: $76.48. Thanks Jacqueline!
  
  I repurposed and adapted an article about the wireless service known as Short Messaging Service (SMS) for the Reside newsletter. It’s entitled, Wherever they go, there you are and it points out how marketers can use – carefully – this new way to contact their customers.
  
  StratVantage has been accepted as a member of the World Wide Web Chamber of Commerce and now displays their logo on our Websites. In addition, I’m featured in Manyworlds’ Thought Leader Showcase, which lists a few of the white papers I’ve done.
  
  
• Windows OS Joke: Alert SNS Reader Andy Stevko sent along this hilarious parody of a Microsoft security advisory. You may need to be a techie to get all the humor, and it’s quite long, but I laughed out loud upon reading it.

Title: Ongoing Compromises of the Windows Operating Environment

Date: 20 August 2003

Software:

• Microsoft Windows 3.1
• Microsoft Windows 95
• Microsoft Windows 98
• Microsoft Windows NT 4.0
• Microsoft Windows SE
• Microsoft Windows ME
• Microsoft Windows 2000
• Microsoft Windows 2000 Server
• Microsoft Windows XP
• Microsoft Windows Server 2003

Impact: Run code of the attacker's choice

Max Risk: Important

Bulletin: MS02-0401 (REVISED)

Microsoft encourages customers to review Security Information at: http://www.microsoft.com/security on a regular basis, and subscribe to CERT/CC bulletins at http://www.cert.org.

-----------------------------------------------------------------

Issue:
=====

Microsoft Windows is a collection of software components that enable users to experience the Internet. All components share a common series of interfaces that taken together comprise the Windows Operating Environment.

-         By default, Internet Explorer is enabled on all systems running Microsoft Windows. (It should be noted that there are substantial issues with Internet Explorer reported; users should consult the Microsoft Security Resource Center to obtain the appropriate patches.)

-         Insecure scripting languages such as VBScripting are used throughout the Microsoft Windows Operating Environment and included in many Microsoft applications such as Microsoft Office. Users have reported that it is difficult, if not impossible, to completely remove such scripting features even though they are proven to be regularly exploitable, thus making it likely they will be subject to repeated exploitation.

-         Microsoft products often integrate with the operating system internals, meaning that by installing new software, particularly from Microsoft, the operating system may become modified and thus provide an opportunity to introduce new vulnerabilities or exploit trusted relationships within the Windows Operating Environment. As such, many applications are difficult to uninstall completely from a computer since they may be serving as patches to the underlying operating system.

-         Improper software development has facilitated repeated security incidents resulting in the loss of customer information, e-mail addresses, system downtime, and customer productivity in environments based on the Microsoft Windows Operating Environment. User misconfiguration is also a factor.

-         Microsoft products are often rushed to market without a thorough check of the software quality. Buffer overflows are one result of this issue, and after several years of high-profile incidents, continue to impact the technology community instead of being fixed once and for all. Microsoft notes that it frequently releases patches to existing patches and believes this is the best way for users to stay protected given Microsoft's current software development and business practices.

-         Due to the frequency of patches and critical fixes being released to the user community, it's quite likely that many network administrators are hesitant to install such patches, since the cure may be worse than the original problem, or even create new ones, as evidenced by issues arising from several Windows Service Packs over the years.

-         Despite advances in marketing a concept of "Trustworthy Computing" it is unlikely that there will be any single solution to remedy the many issues associated with the security and stability of Microsoft products.

Microsoft prides itself on innovation and consistency in developing new and exciting software products. Over the years, customers have come to expect this as a hallmark of how Microsoft does business. The fact that each new security incident resulting from Microsoft products presents a higher degree of danger to the Internet community is one example of our ability to produce software products in a consistent manner with regard to quality assurance, reliability, and security. We reiterate our pledge to provide software products with a consistent level of quality to our customers worldwide.

Mitigating Factors:
====================

-         For an attack against Microsoft Operating Environment to be successful, the user/victim must be running an exploitable version of Microsoft Windows.

-         Microsoft Windows systems operating in closed network environments stand a somewhat higher chance of survivability when new security incidents regarding Microsoft products is reported than other, more exposed systems. Systems that are not connected to a network are most secure from such network-based exploits.

Risk Rating:
============

-         Important

Patch Availability:
===================

  - No patches are available to fix this vulnerability. However, there are three technical actions for users to take to increase their level of operating system and information security:

(1)   Boot the affected computer from a floppy disk.

(2)   At the command prompt, type "format c: /sys." For more severely-damaged systems, run the FDISK command. (Visit http://fdisk.radified.com/ for information on this Microsoft-produced disk utility.)

(3)   Once complete, decide on what non-Microsoft operating system you would like to use instead. Some suggested ones are Linux and Mac OSX. (Note that users will need new hardware to take full advantage of Mac OSX.) Users are strongly advised to avoid anything with the words "SCO" or "UnixWare" in it, as these words represent a company that's almost as greedy and evil as we are at Microsoft.

This Advisory supersedes Microsoft Security Bulletin MS02-0401 "Local User Actions May Provide Unauthorized Remote Access" dated 1 April 2002. This Bulletin may be found at http://www.infowarrior.org/articles/2002-04.html.

Acknowledgment:
===============

Microsoft thanks Richard Forno for reporting this issue to us and for working with us to help protect customers. Richard Forno (www.infowarrior.org) thanks the internet community for recognizing a belated (but quite truthful) April Fools' joke when they see it. :) He further thanks Microsoft for producing products that not only keep him and his friends employed as IT and security professonals but continue to pollute the Internet and adversely impact on people not even running Windows.

Thanks a bunch, guys.

----------------------------------------------------------------

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. MICROSOFT HAS NO KNOWLEDGE OF THIS APRIL FOOLS SATIRE AND HAS NOT ENDORSED IT, NOR DID THIS 'SECURITY BULLETIN' ORIGINATE FROM ANY MICROSOFT OFFICE. IT'S A SATIRE -- SO READ IT, LAUGH, AND HOPEFULLY LEARN FROM IT. :) MICROSOFT IS A TRADEMARK OF MICROSOFT CORP.

• Speaking Of Alert SNS Readers: You may not know it, but you, gentle reader, are part of a secret international cabal whose members use special signs to acknowledge one another in public. Recently Alert SNS Reader Roger Hamm was in a training session at which students each had computers. The student sitting next to him, upon noticing Roger’s login, passed him a note which said, “Alert SNS Reader.” Turns out Alert SNS Reader Robert Koerner had never met Roger, despite talking on the phone with him many times over the years. OK, guys, now let’s work on a secret handshake.
  
  
• TW to Drop AOL? From the How the Mighty Have Fallen Dept. comes news that AOL Time Warner is considering dropping the AOL from their name. Whatever happened to synergy?
  News.com
  
  
• Take This Quiz: There are those who think extremely talented programmers are antisocial and very strange. Take this fun quiz and see if you can determine if the pictures are of inventors of programming languages or serial killers.
  Malevole
  
  
• Wi-Fi Hotspot Wave Spreading: In the last two months organizations as varied as the Minneapolis Park System, Sprint, Baby Bell SBC, Verizon Wireless, AT&T Wireless, McDonalds, and the Ft. Lauderdale Airport have announced plans to provide public wireless hotspots. Chip giant Intel will offer free Wi-Fi access via thousands of U.S. hotspots during “One Unwired Day” on September 25. Intel will sponsor festivals in New York, Chicago, San Francisco and Seattle, with live music, product demonstrations and drawings for laptops, wireless home networking products and access cards. Even voice is going Wi-Fi, with Motorola and NEC America announcing they plan to develop a wireless office phone that will be able to make phone calls through both cellular networks and through Voice over WLAN (VoWLAN, stupid acronym alert) networks
  
  People are setting up their own wireless networks at an ever-increating rate, according to Synergy Research Group, which reports that second quarter sales for wireless LAN equipment hit $563.5 million, up 33% from last year. In contrast, research firm Parks Associates says the U.S. hotspot market could generate revenues of $800 million by 2007.
  Wi-Fi Planet
  
  
• Wi-Fi Picture Frames: Each week seems to bring yet another way to unwire your life. Alert SNS Reader Pete Simpson (my partner in The WiMAX Guys) sends along an item about a relic of the dotcom craziness: the digital picture frame. The Wallflower wireless picture frame is a 12-inch 1,024 pixels by 768 pixels LCD display surrounded by a picture frame. It connects to a Wi-Fi wireless home network and can download pictures to its own hard drive.
  
  The unit detects the network present and automatically configures itself. The Wallflower is pricey, starting at $649 for three different frame styles, and $699 for the Black Rose frame style.
  Wallflower Systems
  
  
• Code Reuse Causes Embarrassment: I didn’t know if I totally believed this story, sent along by Alert SNS Reader Andy Stevko, as it sounds too much like an urban legend. As the story goes, developers at the Australian Defense Science & Technology Organization's Land Operations/Simulation were asked to model kangaroo movements and reactions to helicopters. Since coders are universally lazy, the developers decided to reuse some code originally used to model infantry detachments. They changed the mapped icon from a soldier to a kangaroo, and increased the figures' speed of movement.
  
  In a demonstration of the simulation for some visiting American pilots, they buzzed the virtual kangaroos with a virtual helicopter. “The kangaroos scattered, as predicted, and the visiting Americans nodded appreciatively... then did a double-take as the kangaroos reappeared from behind a hill and launched a barrage of Stinger missiles at the hapless helicopter. (Apparently the programmers had forgotten to remove that part of the infantry coding.)”
  
  Whenever I have doubts about a story like this that sounds too good to be true, I check it out at the Urban Legend Reference Pages at www.snopes.com. See what they have to say about this story by following the link below.
  Urban Legend Reference Pages
  
  
• Single Use Digital Cameras: From the Who Asked For It? Dept. comes an item about the Ritz Camera chain which has apparently developed a new one-time use digital camera called the Dakota Digital. The device is priced like traditional disposable film cameras and offers high quality picture results, but has no LCD screen for image previewing.
  
  So what’s the appeal of this camera for retailers like Walgreens, which is testing the camera in all 140 stores in Wisconsin, and Walt Disney World, which this fall will stock the single use digital camera in its hotels and theme parks? The camera does not connect to a computer. Users must take the camera in for processing, where they can get prints within 15 minutes and receive a CD of the digital images.
  DP Preview
  
  
• Free Nanotube White Paper: Alert SNS Reader Roger Hamm sends along a link to a free white paper on nanotubes, miniscule tubes formed by carbon atoms in a ring configuration.
  Cientifica
  

Return to Mike’s Take