Uncategorized

Microsoft has made Release Candidate 1 of the Windows XP Service Pack 2 available for general download from their Windows XP Service Pack 2 Technical Preview Program page. Don’t go charging in and install it just yet, though. Read some of the documents available from that page first and see if you’re willing to offer up your machine to the software gods.

SDSU says they were compromised and the personal data of all 178,000 students and alumni may have been compromised. Read about it at Sign On San Diego

No, Broadband day. After waiting 7 years, I finally got broadband. Yeah, believe it or not, in Silicon Valley there’re whole neighborhoods that can’t get any broadband — too far for DSL and no digital cable. Well, Comcast has been dragging fibre and tearing up the streets around here for a couple of weeks now and yesterday I got a call from an automated voice. I almost hung up but when she said “Comcast” I listened.

To make a long story short, I installed my modem with my self-install kit today and have been hitting 3.1Mbps on my downloads.

Yes, welcome to the 90s.

CERT has released advisory TA04-078A which discusses several vulnerabilities in OpenSSL. I’ve seen quite a few update notices from the major Linux vendors (including Cygwin) so they’re convering it, the only thing that we have to do is install the updates.

Information Week has this article which discusses one of my main concerns about offshoring — what about the security of the data we ship over and how can we make sure it a) doesn’t get in to the wrong hands and b) isn’t used for the “wrong” purposes?

I’ve been on this quest for quite a while now and I’ve just finished testing out the new release of Mulberry V3.1.2, Becky V2.08.01, The Bat! V2.04.07 and PocoMail V3.03 Build 1740. Unfortunately, none of them passed muster. The one that’s come the closest is Mulberry but even that’s not there yet.

What am I looking for? Well, I thought it was pretty simple:

* excellent IMAP support including SSL
* secure SMTP support (SMTP over SSL or TLS)

Sounds simple, right? Well, it’s not! As it turns out, “excellent IMAP support” means more than just supporting the protocol. It also means understanding how to work with IMAP’s capabilities. Like what? Like, most of them require me to download ALL messages, headers and body, from the server before I can look at any message. If I’ve got 300 messages on the server I have to download all 300 messages to my machine before I can look at or respond to any of them. What’s the big deal? — I’m on dial-up (not because I wanna be but because I have no other cost-effective option right now). Downloading those messages, especially when I’m gonna delete 90% of them as SPAM, takes forever. That’s one. Another is that those messages take up a lot of space on my hard-drive. I don’t have a lot to spare. And if I wanted them on my hard drive I could use POP3.

Which one came closest to satisfying my IMAP needs? — Mulberry. Why isn’t it my choice? — the UI is really funky! Doesn’t obey typical Windows keyboard shortcuts. And in the current version some of their own funky shortcuts just aren’t working. This is the 2nd time I’ve tried Mulberry and it’s getting better. Hopefully in the next couple of revs they’ll get it right (for me).

PocoMail’s UI is really nice but it’s one of those clients that makes me download the entire message base. Same for The Bat! Sorry guys, no can do. No matter what other features you have, this is a deal breaker.

Becky was pretty good on the IMAP front and has a GREAT message editor but has no support for SSL neither for the IMAP server nor the SMTP server. I won’t do IMAP nor SMTP without SSL. Yeah, I could tunnel it through a pre-established SSL connection but that’s too futzy.

So where does that leave me? I’m still with Thunderbird and PINE with Outlook Express. I’ll keep at looking, though. If you know of any other clients I should check out, leave a comment or drop me an email. But please don’t bother telling me about Outlook — I’ve got it and have some issues with it, too. But that’s for another posting.

For all the budding Linux sysadmins, http://www.linuxhq.com/guides/SAG/.

Right now there are a total of 5 different security newsletters from Microsoft. Two for home users and three for geeks, uhh … I mean IT professionals.

If you’re a home user:
* The Microsoft Security Newsletter for Home Users — a bimonthly publication.
* The Microsoft Security Update — a monthly publication.

If you’re an IT type:

* The Microsoft Security Notification Service — a monthly newsletter
* The Microsoft Security Notification Service: Comprehensive Version — same as the one above but it includes modifications to previously published notices.
* The Microsoft Security Newsletter — published monthly

If you have a Microsoft Passport you can sign up for these at the Passport subscription center. If you don’t have a Microsoft Passport you can sign up for one here.

You can also sign up for the Security Notification Service without a Passport. Go here to do that.

Update, March 10, 2004 — Microsoft has revised this, increasing the severity to Critical and removing references to Outlook Today. See the Microsoft Office Security Bulleting for March, 2004

Secunia has published this advisory affecting Outlook 2002 Service Pack 2, a component of Office XP Service Pack 2. Office 2000 SP3, Office XP and Outlook 2002 SP3, Office 2003 and Outlook 2003 are not vulnerable.

In a nutshell, if Outlook Today is your default folder home page in Outlook, you’re exposed. Opening a malicious email or visiting a malicious web site is all that’s required to infect you. At that point your files are exposed. The easiest workaround is to change your default folder. The other alternative is to download and install Office 2000 Service Pack 3.

Can’t recall where I saw this but Topix.net is a new site with local news. You key in your ZIP code and it’ll show stories that are local to you (yes, it knows about Beaver, Oklahoma). Course, it’s also got business, national, international, science, etc.