technical solutions and commentary

Ryan Naraine of the ZDNet Zero Day Security Blog reported on several security holes that plague Google’s services and products. Read the entire post at http://blogs.zdnet.com/security/?p=539

Among the holes is one that affects Gmail in which hackers are able to plant a script that will forward email from a users Gmail account to an Email account setup by a hacker. This can cause serious privacy issues for companies, especially public companies, which may be using Gmail as forwarding accounts for corporate email, or may be using the “Google Applications for the Enterprise” service which is built in part on top of Gmail.

The Google search appliances that are marketed and sold to businesses and government agencies to index and provide search results for internal documents is also at risk because of a cross-site scripting bug.Another bug in Google’s Blog Hosting service, BlogSpot, also exists that can cause sensitive information to get into the wrong hands. A cross-site scripting bug in the BlogSpot Polls is susceptible to hijacking. See Beford.org 

The Picasa photo-sharing desktop application and web service contains a vulnerability which is subject to an exploit scenario that uses cross-site scripting, cross-application request forgery and URI handler weakness. This results in the ability of an attacker to steal photographs from the user’s hard drive, not just from the Google Photo Sharing Web Site.

Another cross-site scripting bug in the Urchin Analytics service can be used to steal user credentials.

SharePoint Learning Kit 1.2 production release is available from CodePlex.

Feature Summary:

* Supports SCORM 1.2, SCORM 2004 and Class Server instructional content

* Supports tracking and grading of e-learning and non-e-learning instructional content

* Allows users to store and manage instructional content in SharePoint document libraries

* Supports learner centric and/or instructor directed assignment workflow in SharePoint

* Light-weight and seamless administration through SharePoint

The source code is available for custom modifications and enhancements. Get if here - http://www.codeplex.com/SLK/Release/ProjectReleases.aspx?ReleaseId=6072

Microsoft recently (Sept. 24, 2007) signed of on the Release Canidate 0 for Windows Server 2008 and has made it avaialable for public download. You can get the latest build from MSDN here http://msdn2.microsoft.com/en-us/evalcenter/bb383572.aspx

I took 5 minutes to call my credit card company and asked if there were any promos to get a better interest rate. Got a rate that was half of what I was currently paying, no problem. Try it out. 

If you are a college student with a university email address you can get an awesome deal on Office 2007 Ultimate starting on Sept 12, 2007. Goto the site www.TheUltimateSteal.com and get a copy for cheap!

Today I stumbled upon the Beta “Home” portal of Windows Live. It is a new experience in combining search and MSN portal features. It has a great user interface and experience. Check out the new beta portal at home.live.com 

The Windows Live team is offering 4GB of free space to Silverlight developers and designers to host their streaming applications. Silverlight enables the simplified delivery of cross-platform, cross-browser rich media applications.

This Windows Live Service is in Alpha Release. You can sign up for it at http://silverlight.live.com/

System Center Virtual Machine Manager 2007 Features Overview

Current Release – RTM Sept. 6, 2007

• Farm Management & Virtual Machine Provisioning

• Health Monitoring, Performance Monitoring, Alerting, Environment Optimization through integration of   Operations Manager and Configuration Manager.

• Hardware, VM, and Application level monitoring through Operations Manager integration.

• Patching of VMs (online or offline) and Images through Configuration Manager integration.

• Data Protection Manager integration allows for backup at the physical host level (which includes all the VMs running on that host).

Futures (6 months after W2008 RTM)

• Adding Viridian (Windows Hypervisor) Support

• Adding VMM support to manage all the different hypervisor technologies – Windows, VMWare, Xen - covering all the key scenarios they offer.  From a single console and a single command-line!

The Official Announcment and Details are on the Microsoft Virtualization Team Blog.

Oracle database administrators beware… 

PC World is reporting that a leading security researcher has uncovered several security holes caused from “stupid” programming errors. These mistakes can give an attacker the ability to steal data among other things. mong the holes found where SQL injection vulnerabilities and tyhe ability to circumvent the auditing capability in 11g and other versions of the databases.

The researcher that discovered the errors said pointed out that “Oracle must educate their own development team because they should normally avoid these simple security vulnerabilities.” Some of the errors discovered in 11g point to architectural prblem in the product.

Oracle will likely have to develop patches for the holes discovered. However, the patching of the Oracle databases will require time and effort for the DBA’s.

 See the full article on PCWorld.com at http://www.pcworld.com/article/id,136699-c,applicationbugs/article.html

Moving TS Licensing (TSL) Services from one server to another is not as simple as copying the TSL database from the old server to a new one and starting the TSL Services. If you are preparing to move you TSL services to a new server, review these resources and understand the process before you try and move the service.  

1. Review the section “How to deploy Windows Server 2003 Terminal Services” in the Microsoft KB Article 823313 - http://support.microsoft.com/kb/823313 

2. Moving the TS licenses requires you to install the TS Licensing service on the new server and call the MS License clearing house to get new license key packs and get them activated. The TSL are activated per TSL server. I have included the relevant text below from the guidance at http://www.microsoft.com/windowsserver2003/techinfo/overview/quickstart.mspx.

3. This transcript from a web chat on TS Licensing has some additional useful information that may be relevant to your particular situation - http://support.microsoft.com/default.aspx?scid=%2Fservicedesks%2Fwebcasts%2Fen%2Ftranscripts%2Fwct091603.asp

• You must call Microsoft Clearinghouse to move licenses from one computer to another and to get the keypacks that go with the new server ID. Each activated license server is unique and is identified with a certificate provided during activation. Simply moving the licensing database from one computer to another does not complete the process. You actually need to reinstall licenses on the new computer as a part of moving the licenses. For the correct local phone number to call the Microsoft Clearinghouse, use Terminal Server Licensing.

• You must call Microsoft Clearinghouse to install and move the existing Windows 2000 Licenses to a Windows Server 2003 license server. A license server that runs on Windows Server 2003 supports both Windows Server 2003 and Windows 2000 Terminal Server licenses. However, if you upgrade or migrate your Windows 2000 license server, you need to reinstall the Windows 2000 Terminal Server CALs on the Windows Server 2003 license server. For reinstallation, you need to call the Microsoft Clearinghouse to get the license keypacks that go with the new server ID.