CompuSkills Blog

Microsoft has started a new UK Technet service on Twitter. ASKTechNetUK. The idea is that that Microsoft provide

a range of technical, marketing, licensing experts on hand to have a chat or to answer your questions on Microsoft, TechNet or IT pro life in general (according to Tech Net).

This could be a very useful service, given how hard it can be to find information that you are looking for on TechNet itself. However, it doesn’t seem realistic that technical experts would sit around waiting to tell you how to configure your Windows server firewall. And it does seem that the Twitters are being used more to point people at urls rather than to give out free tech support in 140 character format.

So, it’s a welcome initiative but don’t expect to get a personal technical adviser from it.

For the first time in its history, Microsoft is laying off thousands of staff. It is cutting 5% of its worldwide workforce, according to the BBC.

Microsoft is not only suffering from the global financial crisis, but it also experiencing the effects of a fall in demand for PC software.

It was also reported yesterday that Microsoft had sold its $1 billion investment in US Cable tv firm Comcast. Comcast’s share value had fallen by a third since August.

Microsoft have issued a beta version of their Vista replacement, Windows 7. It can be downloaded for free from Microsoft Technet if you are a member.

There’s a review from its first unveiling in October at the Springboard Series page.

The BBC site has some footage and a discussion of the launch. Microsoft seem to be focusing on creating an operating system targeted at improving the interoperability of devices.

The Register review seemed reasonably convinced that it represented an improvement over Vista. However:

…. Curran did not nail the two things that matter most in Windows 7. The first is the changes to the shell, by which I mean the taskbar, desktop and Explorer. The second is less tangible, but it is the countless minor changes Microsoft says it has made to make Windows faster, smoother and less annoying……
All told, this will likely be a strong release, as it needs to be after the Windows Vista experience, just do not expect miracles. This is Windows Vista with a new face, not a major new version of Windows.

Just to let everyone know that Compuskills will be closed from 1230 today until 0900 on Monday, 5 January 2009.

Ongoing projects will be worked on as previously agreed over the period, but no new work will be accepted during the close down. Customers with maintenance and support contracts will still be able to request assistance.

Thank you for your custom in 2008 and we wish you a great new year.

There’s news of another security flaw found in Internet Explorer (IE). Microsoft are releasing a patch tomorrow. (17 December, 2008, if you are reading this in the future.)

Microsoft issued a Security Advisory that suggested that attacks had only been launched against IE7 on XP, Vista and Windows Server operating systems. However, all versions of IE from 5 onwards are considered potentially vulnerable.

According to Microsoft, the vulnerability results from an invalid pointer reference in IE’s data binding function.

“This can cause Internet Explorer to exit unexpectedly, in a state that is exploitable.”

A couple of points: The attack is more likely to be effective against users running as Administrator. The attack cannot be carried out through the use of email. Using protected modes (in IE 7 or 8 ) or enhanced modes (in Windows Server) offer some protection.

This vulnerability will possibly allow malicious attackers to access personal data on IE user’s PCs. Microsoft also suggest that SQL injection attacks may be used to insert the malicious code into websites so have pointed site owners towards a page detailing ways to protect sites from SQL injection attacks.

Just another reminder. As previously mentioned, the deadline to get your applications for grandfather rights to the CGEIT qualification to ISACA is closing fast. You have until 31 Dec 08, so if you are elligible, make sure your forms are on the way now.

For people with significant experience in the governance (management) of enterprise information technology systems, the chance to get an ISACA [wiki link] certification (without an exam) is running out.

A few months ago, ISACA extended the grandfathering deadline for the Certified in the Governance of Enterprise IT (CGEIT) qualification until 31 December 2008. This means you only have just over four weeks to get your paperwork signed off and sent in for accreditation.

You can read more on the ISACA site.

Just to let you know, if you haven’t already seen it on the dashboard, but WordPress has been upgraded to 2.6.5.

This upgrade fixes a security problem so unless you have an overwhelming reason not to, it is advised that you upgrade as soon as possible. From the WP Blog:

The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy wp-includes/feed.php and wp-includes/version.php from the 2.6.5 release package.

Also, as a result of the faked 2.6.4 version that was passed around, WP decided to skip this release number (which is why you should be upgrading from 2.6.3 to 2.6.5). WordPress have stated there will never be a verion 2.6.4 release.

Clickjacking has been a hot topic for the past couple of months. This is an issue that might affect pretty well any browser platform except Lynx.

Wikipedia defines clickjacking as:

a malicious technique of tricking web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. A vulnerability across a variety of browsers and platforms, a clickjacking takes the form of embedded code or script that can execute without the user’s knowledge, such as clicking on a button that appears to perform another function.

Robert Hansen and Jeremiah Grossman have released a few items of information about what it is and how to prevent it but the presentation will be deferred until later this month when there should be a solution to the Adobe issue at least.

According to a story in the Register, among the most disturbing reported aspects of clickjacking is the capacity to turn the PC user’s microphone and webcam into snooping devices. This was supposedly achieved by a proof of concept game which used Flash (although it is claimed that javascript and DHTML could achieve the same results)

The proof of concept is a powerful demonstration of the spooky implications behind clickjacking. The vulnerability allows malicious webmasters to control the links visitors click on. Once lured to a booby-trapped page, a user may think he’s clicking on a link that leads to Google - when in fact it takes him to a money transfer page, a banner ad that’s part of a click-fraud scheme, or any other destination the attacker chooses.

If it’s any reassurance, the Register didn’t initially have much success at getting clickjacked in Firefox, although Internet Explorer worked immediately. Disabling your webcam when you aren’t actively using it is a very good start to prevention, although it won’t guarantee you will be protected against other intrusions.

Adobe have published instructions for a Flash Player workaround until they have dealt with the issue..

There has been a quiet period on the blog over the last few months as we have been heavily involved in real world projects. Hopefully this has come to an end now and we will recommence our development and publishing of WordPress themes.  More news will follow.