After several years, I have decided to change out the Content Management System (CMS) for the site once again. PHP-Nuke is an OK piece of software, but it has had its 'issues' over the years, and it is popular enough that Nuke sites tend to find themselves targets for the legions of skiddies who can't get a date of Friday night (and you know who you are.)

So, effective pretty much immediately, I will no longer be posting new articles on the Nuke site. Instead, I will be posting all new content on my blog, and over the next &HOWEVER_LONG_IT_TAKES_ME I will be migrating the existing content over to the blog, as well. Hopefully, when all is said and done, some feature (like the photo gallery) I had to take down because of security-related problems, will magically re-appear.

The URL for the blog is: https://.net/blog, or you can just scroll down and you will see a block with the last 5 postings.

Regards,
-etee
The 'Web-meister'

Folks, there is a storm a-brewin' out there on the Internet, and when it hits full force, things are going to get really ugly, really fast.

What I am talking about is the rash of exploits for the 'WMF 0-day' vulnerability that have been showing up over the last week. There is a security advisory from Microsoft on the subject, but as of yet no patch has been released.

This thing has been spreading via malicious Web pages, via email spamm, and via IM spamm ('spimm'), meaning people have lots of opportunities to get their systems infected. 'Infection' can result in the installation of malware ranging from adware and spyware (LOTS of adware and spyware) to trojan programs and rootkits designed to turn your PC into a zombie, ready to do the bidding of its new master, capable of nefarious activities ranging from being a spam-bot to being a participant in a Distributed Denial of Service (DDoS) attack.

And, folks it is gonna get really, really bad, as people return to work, fire up their office PCs, and give these exploits a fresh set of targets to go after. And, since many companies are likely to wait on Microsoft to supply an 'official' patch before doing anything, those machines are going to be vulnerable... in a big way.

So, what can you do to protect yourself and your PC? There are several sources of good advice on this matter. In addition to the Microsoft security advisory (above), here are some sites I found at the SANS/ISC Diary which provide good guidance:

F-Secure Weblog

Secunia Advisory

SANS/ISC Diary: Trustworthy Computing

SANS/ISC Diary: WMF FAQ

While I hate to start a new year out like this, I have one thing I need to say:

Update 03-Jan-2006: Microsoft has updated their security advisory this morning to document the steps they have taken to prepare a permanent fix for this problem. An excerpt from the revised advisory is quoted below:

"'Microsoft has completed development of the security update for the vulnerability. The security update is now being localized and tested to ensure quality and application compatibility. Microsoft's goal is to release the update on Tuesday, January 10, 2006, as part of its monthly release of security bulletins. This release is predicated on successful completion of quality testing."

At least we have a small glimmer of hope: now let us all pray that the light at the end of the tunnel isn't an oncoming train...

Update 06-Jan-2006: Yesterday, Microsoft released a patch for this vulnerability. If you don't have Windows Update set to install patches automatically, get thee to the patch and install it, quickly.

I would like to take this opportunity to wish all the readers of this site a Happy and Prosperous 2006.

I know things haven't been updated around here as much as I would have liked in the past year. Hopefully, the challenges of 2005 are behind us, and we can move forward into the future. So, keep an eye out, who knows, there may even be new content show up here, and sooner than you think!

Cheers and Best Wishes,
-etee
Webmaster

Yesterday was "Black Tuesday", the day of the month when Microsoft releases the current month's crop of Security Bulletins and patches for the Windows OS and Microsoft applications. This month, they gave us 2 bulletins:

• MS4: Cumulative Security Update for Internet Explorer (905915) - this update patches four separate vulnerabilities, including the '0-day' exploit that has been running around the 'Net. Patch immediately, if not sooner.
• MS5: Vulnerability in Windows Kernel Could Allow Elevation of Privilege (908523) - this update patches a vulnerability in the Windows Kernel, which could allow a local user (one who is logged on to the system) to gain Administrator privileges. While Microsoft says this is only exploitable by a local user, eEye Digital Security outlines a path by which this vulnerability could indirectly be exploited 'remotely', which might lead to worm-like propogation. It may also be possible to exploit this remotely if the user credentials are known. This vulnerability only affects Windows 2000 SP4 (and, according to eEye, NT 4.0.)

SANS Internet Storm Center has a good analysis of these bulletins, which can be read by clicking on this link.

As always, if you don't have Windows Update set to download and apply patches automatically, then you need to do so manually. And soon.

This came out today:

On 13 December 2005 Microsoft is planning to release:

Security Updates

• 2 Microsoft Security Bulletin affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer (MBSA).

For the full details, click on the following link: Microsoft Security Bulletin Advance Notification.

Soooo, if you don't have automatic updates turned on, don't forget to patch, and patch promptly. Remember, there are a couple of active exploits running around, and you don't want your PC to be 0wn3d by anyone else, now, do you?