OCRegister blog: Gadgetress – post: Hacking Vista: Easier than you’d think

I thought I would post this for any of the non-techies that happen across my site. In case you’re thinking about upgrading to Windows Vista because it’s more secure, you might want to take a look at the video on the link above. The guys at eEye show just how easy it is to use the old trojan horse tactic to hack a computer running the latest OS from Redmond. In this case the attackers use an attack script disguised as a word document to take control of the target computer. I do have to wonder if UAC was enabled on the example target, but either way it shows what is still the largest vulnerability on any computer. It’s the human behind the keyboard. This is the critical piece of information that Tamara C. misses on her blog. That’s one security problem not easily fixed by software.

Microsoft says Linux, other programs violate patents

The Redmond spin machine is at it again, claiming that open source software such as Linux may infringe upon patents held by the company. I would consider this claim to be possible, but unlikely. Of course only time will tell, but I suspect that this is merely the latest attempt at scaring executives away from using open source products. To some extent I think this tactic is having an effect. I have talked with several CIOs and senior IT managers that have expressed concerns with using open source in the enterprise. However, I think most competent managers evaluate a software product on it’s merits more than marketing hype and corporate FUD. (the competency part, well, that’s a whole other story…)

Every SA eventually comes across a weird problem with a server that just doesn’t seem to make sense. I recently had one such problem with an old server at work. This machine was fraught with problems when I took the job, but since it was the one and only DC at the time, I had no choice but to fix it. After fixing the problems I knew about, one of the first things I did was to replace that machine. Rather than retiring the old machine, I kept it around as a backup. We migrated to Windows Server 2003 at that time and recently went fully native after updating that old box. The upgrade worked flawlessly, or so I thought. When I attempted to install a service pack I got a strangely vague error message at the very end. “An error in updating your system has occurred.” A look through svcpack.log showed 2 problems at the very end of the process. A program called mofcomp was exiting with a return code of 3. That indicates a syntax error, which didn’t make sense as the syntax was correct. A search for the next line: “DoInstallation:RunInfProcesses for ProcessesToRun Failed” brought me to Katy Coe’s tutorial on how to fix WMI repository corruption. She does a great job in her article, but after trying the applicable steps, I still had trouble. I eventually found a reference to a Microsoft tool (which I would have found on Katy’s site if I’d just scrolled.. doh!) called WMIdiag. This tool saved the day. It found a number of problems with a handful of unregistered DLLs and EXEs. After registering the components and checking through the suggestions in the WMIdiag log the mofcomp program compiled the MOF files. The service pack installed and all was well. I didn’t have to go to all this trouble, I could have retired the machine and been done with it. After all, the server wasn’t even a critical part of my infrastructure, but it was an interesting problem to solve and I learned a few things in the process.