March 8th, 2010 by Hescominsoon

Xsigo Virtual I/O Blog.

One thing that holds virtualization back has been for each vm you needed a network cable.  Xsigo makes it two per server..period.  Nice.

March 8th, 2010 by Hescominsoon

bfish.xaedalus.net » Stay in Sync with GCal and Thunderbird..

I have converted two of my domains to gmail via Google apps.  I am now using Thunderbird via Secured IMAP to check my e-mail for those accounts.  I also now have access to my business e-mail from my phone without having to get a higher priced data plan.  I am using two addons(detailed at the linked post which will be copied below) for Thunderbird to accomplish this.  So far it works great.  I am going to try it for a bit and see how well it works out.

@Update: 2nd November, 2007: Updated guide for Lightning v0.7 and Provider 0.3.1 releases — Jonny

For a long time I have been looking for a rock solid calendaring system. I’ve gotten too used to working for companies who have Microsoft Exchange (or, God forbid, Scalix) installed which allow me to edit and update a calendar from multiple locations and even sync it with my Mobile Phone. When I first heard of Google Calendar I hoped that I would be able to enjoy such benefits again, but I am not a great fan of web-apps, and prefer a nice, solid desktop client to do my email / organisation from.

Queue Lightning, the calendaring extension for Thunderbird which brings the desktop email app one step closer to becoming a viable alternative to Microsoft Outlook. Installation can be a little bit confusing and you must remember that this add-on is still in the 0.x stages, so may be a tad unstable at times (but that’s ok, we love this kind of thing!)

Open up Thunderbird (I am using the 2.0.0.6 release) and on the Top Menu, go to:

Tools -> Add-ons

When the Add-ons window opens, click on the Install button on the bottom left and paste in the following URL to install the latest release of Lightning (Windows Only, Linux / Mac users will need to get this link by copying the XPI download path from the Mozilla Add-on repository, located here.

Win32 Lightning Add-On XPI Download Link:

https://addons.mozilla.org/en-US/thunderbird/downloads/file/20424/lightning-0.7-tb-win.xpi

If you get a warning similar to “Lightning could not be installed because it is not compatible with Firefox” then you are trying to install the XPI directly into Firefox. Instead, you need to either “open” the link from inside the Thunderbird Add-Ons Install Window, or save the XPI to your desktop and then drag it into the Thunderbird Add-Ons Window.

Once you have installed the Lightning Extension, Thunderbird will ask you to restart. Upon restarting you will be greeted with a new Sidebar on the right displaying tasks and events and a tool bar underneath your folder list.

This is all well and good and provides us with an easy to use local calendar, but that’s not much use if you wanted to update it at work, or on the road / mobile device. This is where the Provider Add-on comes in to play.

Provider allows bidirectional syncing between the Lightning Calendaring Extension in Thunderbird and Google’s GCal Service. This is possible because Google, being the lovely chaps that they are, decided to opt for the iCalendar standard in GCal, well done chaps

Installation of Provider is pretty similar to that of Lightning. Again, go to the Add-ons Window (Tools -> Add-Ons) and Install the XPI available for download from Provider’s Page in the Mozilla Add-on repository.

Win32 Provider Add-On XPI Download Link:

https://addons.mozilla.org/en-US/thunderbird/downloads/file/20552/provider_for_google_calendar-0.3.1-tb+sb.xpi

Again, once installed, Thunderbird will have to be restarted.

Now, the last piece of the Pie is to tie our Google Calendar into our Lightning Calendar. First of all, you will need to log into your Google Calendar account. Once you are at the main page, click on “Settings” from the Top Right Menu:

Once on the settings page, you need to drill down into the “Calendars Settings” screen and then click on your Calendar from the list (I only had a single calendar.)

Now, finally, you need to copy the URL of your Private Address XML Feed into the clipboard.

You’re done in Google Calendar for now and we can head back to Thunderbird to finally wrap this tutorial up . Once you are back in Thunderbird, you need to create a new calendar in Lightning. You can do this by clicking on the following Menu item:

File -> New -> Calendar…

Upon clicking the New Calendar menu item, another window will appear. The first option is the location of your Calendar – select “On the Network” and click Next.

The next option allows you to specify the Format of the Calendar, slect the “Google Calendar” radio button (if you don’t have a Google Calendar radio button, make sure your Provider Extension is installed correctly). In the location input box, paste in your Google Calendar Private Address XML Feed that we extracted above, and click Next.

The next window asks you to give your new Calendar a Name and a Colour, I will leave these entirely up to you

Finally (yes, at last) you will have a “Google Calendar Login” window which will ask for your Google Account login. If you only have a single Google Calendar, Provider will have automagically extracted your username from the XML feed you just specified; however, just double check that it reads @GMAIL.COM. Then enter your usual GMail password.

Well done, you can now enjoy the many benefits of being able to view and update your Google Calendar directly from Thunderbird – nice work

Further Reading

• Provider Entry in the Mozilla Wiki

March 8th, 2010 by Hescominsoon

- Newegg Sticks with “demo boxes” – Intel Counters | [H]ard|OCP.

Continuing on the earlier story which has really exploded Intel has come out and said these are total fakes.  Demos are units Intel sends to partners and vendors to try out and design things for.  These things are totlaly fake.

Intel is rightfully concerned about this.  My problem is how Newegg is handling this.  How they handle this incident is going to make it very easy for me to decide if I continue to do business with them or not.

March 8th, 2010 by Hescominsoon

Legal Action Threatened by Processor Distributor | Overclockers.

This company is now trying to sue to shut folks up.  Read the story I bet D&H is lying.  They say it’s slanderous or whatnot.  I bet they are getting ruffled because they got some fakes either by an inside job or whatever and got caught and now don’t want to face the consequences.  Let’s see if they are actually reacting out of..crap how did this get through…or are they doing the typical trying to bring in the lawyers for a gov’t grade coverup.  If it’s the latter they’re already toast.

February 24th, 2010 by Hescominsoon

The blame here is not online banking but the operating system(Windows) faulty design and the users lack of proper security education.  ANY business no matter how small needs to have a security audit done:

1. To make sure your machines aren’t infected

2. To get educated on how windows computers are vulnerable by design

3.  To learn how to protect yourself from online fraud and other threats

4.  To ensure proper recovery and mitigation procedures are in place BEFORE this kind of damage takes place

As the economy sputters along more and more single person, home-based businesses are going to have this happen.  It’s all too easy for a machine to get infected and with this new generation of malware once you are infected…it’s too late to recover.  Listen to my podcast for more information.

McCarthy said she never would have done online banking for her business if she had understood how precarious it was for her business.

via N.Y. Firm Faces Bankruptcy from $164,000 E-Banking Loss — Krebs on Security.

February 18th, 2010 by Hescominsoon

It’s very simple.  Yahoo is abandoning their search.  All of their search results are going to come from Bing.  How bad is Bing?  I can search Microsoft’s site with Google faster, with more accuracy, and more relevance than Bing can hope for.

January 19th, 2010 by Hescominsoon

Full Disclosure: Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack.

If you honestly believed Vista or 7 was a total rewrite because Microsoft said so this issue blows that straight out of the water. This is code from back in the nt.x days.  This allows anyone to elevate themselves to kernel level without any kind of notification.  Vista and 7 were not supposed to have any dos or 16 bit code left in them…guess what?  It’s still there.  The workarounds are easy for experienced administrators.  I will be implementing the recommended configuration of not allowing the execution of 16 bit code.  Luckily 64 bit versions appear to not be affected.

January 19th, 2010 by Hescominsoon

Computer Security Research – McAfee Labs Blog.

This is an expansion of the most recent IE exploit.  Now comes the analysis.

Allowing a system level file for windows(in this case a dll) be executable without any kind of security context is a really bad idea.  That’s really all  Activex is but there are several other DLL’s inside of IE that allow other DLL’s to be executed.  In this case it was mshtml.dll.  Mshtml.dll was the source of hte exploit and now a further analysis of the malware shows it uses it’s own dll to leverage this vulnerability.

ECC HIGHLY reccomends you do one of two things:

1.  Simply don’t use IE at all

2.  If you can’t(or won’t) at least get your security setup to wholesale blacklist dll’s at the firewall.  This will break some sites that are coded for IE.  Many of these sites will work under Firefox as well.

January 15th, 2010 by Hescominsoon

Praetorian Prefect | Using Group Policy to Disable JavaScript in Adobe PDF Files.

This is also a good idea.  Adobe right now is having all kinds of JavaScript issues.  Killing JavaScript across the entire network is a good idea.

January 15th, 2010 by Hescominsoon

This was an exploit form back in ie6.  It is present in all version up to 8.  mshtml.dll once again has a major issue that allows remote sites to take over your machine.  If you are running ie6, ie7, or ie8 you are vulnerable.  HOWEVER if you have DEP turned on for ie 7 or 8 then the threat is reduced but not eliminated.  This is also why you NEVER surf on a server.  Frankly I am going to extend Microsoft’s advice.  Raise ALL security levels to high except trusted sites…leave it at medium(for windows updates) then never launch IE again.  I am being dead serious.

VIDEO OF EXPLOIT IN ACTION.  Blow the video up to full screen then watch for a list that shows up at around 1 minute.  Notice how notepad is running nicely.  At around 1 minute 50 seconds the “hacker” issues a kill command followed by a number.  That number is the notepad.  watch as notepad goes boom..no warning..no notifications.  This person has full control of your system..all because of a badly designed OS and browser.  Notice the users on the right.  Those are system processes..processes even the administrator does not have direct access to.  I have said it over and over having a web browser tied so closely to the kernel is a bad idea.  As long as IE exists in it’s current form Windows will NEVER be remotely secure.

Here’s the backstory.  Apparently some Chinese folks(possibly the gov’t) started using this unknown security hole in IE to start trying to get into various activists that are opposed to the vast range of Chinese gov’t controls.  They targeted Google because this is where these targeted activists had their mail.  Google detected this activity and began a backtrace.  They found out that multiple large companies had also been attacked using this issue.  The story is continuing to unfold.  The only fix available right now is to put all of your IE settings up to high.  This has the effect of making IE unusable on the internet.

My recommendation:  Use either google chrome or firefox.  Don’t bother with IE anymore…at all.  There’s so many links with full information I am not going to embed them into this post.  The list follows.

*UPDATE* there are quite a few programs that idiotically use IE to operate.  Now various exploit writers and researchers are hitting these as well.  Many other programs are now falling over after being hit either with IE exploits or ones similar that are now being found in a rash of other software.

Google’s Initial Response disclosure of what was targeted and revelations of other companies hit

Microsoft’s confirmation and advisory.

Other companies also hit.

(This list will continue to grow)

Mcafee has multiple postings:

1 2 3(twitter feed) 4

*UPDATE*  Itworld has much the same opinion of IE as I have had for a long time.