Maestro lets you control a virtual Spirit or Opportunity. The site claims the software is a scaled-down version of the software actually used by NASA. Here’s what Chapter 1 of the Online Manual says:

Maestro is a publicly available version of the tool used by scientists to plan daily activities for the 2003 Mars Exploration Rover mission. With Maestro, you can view pictures taken by the rover. You can also select driving destinations and points of interest where you want to take your own pictures.

Also discussed in the current issue of Windows Tricks and Tips Update is how to move objects between domains, how to move users between domains and how to move computer accounts. These 3 items are also listed in their FAQ.

Today’s Windows Tips and Tricks Update (subscribe here) has a good tip for those of us that still use tools that don’t allow UNCs and have to use drive letters for some of our network drives:

Q. Why doesn’t my Windows XP system display drive letters for my network drives, and why can’t I create long filenames and folders?

A. You might receive the error

“The drive that this file or folder is stored on does not allow long file names, or names containing blanks or any of the following characters: \ / : , ; * ? < > |”

You might also notice that no drive letters are assigned to your network drives. These problems can occur if Windows Explorer starts before your network logon script has finished running. A new feature in XP known as Fast Logon Optimization allows faster logon by letting the logon process continue, even while other tasks finish (such as applying Group Policy).

To resolve this error, you can revert the computer to a Windows 2000-style execution by performing the following steps:
1. Open Group Policy Editor (GPE) and locate the Group Policy that affects the client computers (e.g., the Domain Group Policy).
2. Navigate to Computer Configuration, Administrative Templates, System, Logon, then double-click “Always wait for the network at computer startup and logon.”
3. Select Enabled, then click OK.
4. Close GPE.

Saw this on one of the Office (? — yeah, weird, I know) web sites. At this URL, Apple let’s you create an RSS feed to see new releases, top tunes, etc of the genres you specify.

Current issue of Woody’s Windows Watch talks about the FUBAR stuff that MS04-004 has caused a number of people. MS04-004 is the one that removes the ability to include username and password in the URL field and has apparently broken a number of applications and sites. So, MS has released an update to the patch, MSKB 831167. The symptoms are described as follows:

Programs that use Wininet functions to post data (such as a user name or a password) to a Web server retry the POST request with a blank header if the Web server closes (or resets) the initial connection request.

For example, when you submit your user name and password to an SSL-secured Web site by using a form on a HTTPS Web page, Microsoft Internet Explorer may not resend this information to the Web server if the initial connection is closed (or reset).

I like knowing what my system’s doing. Bandwidth utilization, processor and page usage, that kinda stuff. I’ve been using CoolMon from ArsWare for a really long time … like more than a year. But it’s had a couple of bugs that bother me. Not significant problems, just little nuisance ones. Well, last week I came across Serious Samurize and, I’ve gotta tell ya … WOO HOO! It has built-in access to quite a few counters but also gives you access to perfmon counters and WMI stats and plug-ins PLUS console-based programs and VB scripts. You can render things as graphs (line, pie chart, histogram, etc) and/or as text. Comes with a configuration editor that’s very intuitive. It’s donation-ware (free but they ask for a donation) and well worth whatever you wanna throw at ’em. I’m a convert.

Today the BBC published one of the most worthless articles on a Windows XP vulnerability (here). Also on the “nearly worthless” list was this one from US-CERT (although it contained quite a bit more technical information). Far and away the best one, though, is this one from Secunia, at least IMHO. Secunia tells you that Kerberos and NTLMv2 authentication can trigger the vulnerability.

Very nearly as scary, at least if you’re running a server, is this WINS vulnerability as reported by Secunia.

Update:

OK, I take it back. The US-CERT Technical Alert gives a good technical overview of the ASN.1 vulnerability, adding SSL and TLS to the list (NTLMv2 and Kerberos) that trigger it.

MS04-004 is a cumulative security update (Microsoft KB832894) which addresses 3 issues:

* A cross-site scripting issue
* a drag-and-drop DHTML vulnerability and
* an incorrect parsing of URLs.

It also makes URLs of the form http://username:password@site/something-else invalid. Note that URLs of that form are acceptable according to the W3C and is a shorthand way of specifying an unencrypted username/password pair.

This bulletin replaces MS03-048.

Imagine having a truly state-of-the-art firewall. One that’s recognized as being one of the best around. How would you feel if you found out that it was susceptible to penetration? You should feel better about things. Know why? Cause nothing’s truly secure. And knowing about the vulnerability is better than not knowing. What you should care about is how quickly your vendor responds to vulnerabilities.

OK, so, US-CERT’s reported this vulnerability in Check Point’s Firewall-1 NG with Application Intelligence which allows an attacker to penetrate by attacking in a particular way. The good news? Check Point’s already got a fix.

V7#3 of Woody’s Windows Watch offers some very good insight into Secunia’s Internet Explorer File Download Extension Spoofing advisory. None of the information in the Woody’s Watch article is really new but it explains things in ways that helps one (me, in particular) understand the exposures a little better.

(If that link to the Woody’s Watch article doesn’t work yet, try this one and if it still doesn’t work, try again in a few hours — I just got the email newsletter and there’s sometimes a lag before the newsletter makes it on to his website.)

The long and short of Woody’s article: NEVER use “Open” when you’re downloading a file, ALWAYS use “Save”, even if you think you’re an expert on these things. And if you’re reading email and there’s an attachment, even if it looks benign (“no, that’s not an executable, it’s a PDF”), it might not be — check to make sure that the sender actually sent you the email and included the attachment. And, again, don’t “Open” the attachment, “Save” it and make sure it’s what you think it is.