Another Windows attack

Microsoft and CERT.ORG have issued bulletins on the Windows Metafile vulnerability:
http://www.microsoft.com/technet/security/advisory/912840.mspx
http://www.kb.cert.org/vuls/id/181038
Microsoft's bulletin confirms that this vulnerability applies to all the main versions of Windows: Windows ME, Windows 2000, Windows XP and Windows 2003.
They also list the REGSVR32 workaround. It's a good idea to use this while waiting for a patch. To quote Microsoft's bulletin:
Un-register the Windows Picture and Fax Viewer (Shimgvw.dll)
1. Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll"
(without the quotation marks), and then click OK.
2. A dialog box appears to confirm that the un-registration process has succeeded.
Click OK to close the dialog box.
Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started
when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.
To undo this change, re-register Shimgvw.dll by following the above steps.
Replace the text in Step 1 with “regsvr32 %windir%\system32\shimgvw.dll” (without the quotation marks).
This workaround is better than just trying to filter files with a WMF extension. There are methods where files with other image extensions (such as BMP, GIF, PNG, JPG, JPEG, JPE, JFIF, DIB, RLE, EMF, TIF, TIFF or ICO) could be used to exploit a vulnerable machine.
iframecash - don't visit the siteWe got several questions on our note on Google Desktop yesterday. Bottom line is that if an image file with the exploit ends up to your hard drive, Google Desktop will try to index it and will execute the exploit in the process. There are several ways such a file could end up to the local drive. And this indexing-will-execute problem might happen with other desktop search engines too.
And finally, you might want to start to filter these domains at your corporate firewalls too. Do not visit them.
toolbarbiz[dot]biz
toolbarsite[dot]biz
toolbartraff[dot]biz
toolbarurl[dot]biz
buytoolbar[dot]biz
buytraff[dot]biz
iframebiz[dot]biz
iframecash[dot]biz
iframesite[dot]biz
iframetraff[dot]biz
iframeurl[dot]biz
So far, we've only seen this exploit being used to install spyware or fake antispyware / antivirus software on the affected machines. I'm afraid we'll see real viruses using this soon.

The Cingular curse is over

FINALLY! Our Cingular contract was over on the 18^th of December. That same day we transferred our numbers over to Sprint. I couldn’t WAIT! If there was a problem to be had with a mobile phone…we had it. Bad connections, no coverage, equipment problems, billing problems, lousy customer service...we ran the table on problems.

I run my business on the road. My mobile phone is my office phone…my wife’s is our home phone. We decided that having moth mobiles and a landline was a waste of money…and it was with we 1^st had Sprint service. We never had a problem with our service…just of hardware. Our hardware was old and Sprint didn’t have any deals for existing customers. I decided that I was going to change providers to AT&T for better hardware…boy THAT was a mistake. It was never…not better. We had nothing but problem after problem. It took ATT/Cingular over 2 months to port our numbers and another 6 months to get our billing problems straightened out.

Cingular brags about their network….don’t know why. I had lousy coverage everywhere I went. There’s nothing more frustrating than talking to a client and have the call static out or just drop completely. I couldn’t stand it a minute longer.

Sprint seems to have some of their earlier problems straightened out. I’ve been on their service for a week now…and I’ve only been in one area that had no service. The client I was visiting said no mobiles work there. He’s tried all the carriers from Nextel to Cricket…no one works there.

I evidently got really lucky and landed one of the new Samsung A900 phones. I was told by several people that they are impossible to find and they’ve only been out about 3 weeks. I had to have it for the Bluetooth connectivity it offers. That’s one thing that bugs me about Sprint…crippled Bluetooth. If you offer Bluetooth phones…LET THEM WORK! They cripple the Bluetooth down to a glorified headset connection…big whoop. If that’s the only thing I could ‘tooth’ to my phone…then I wouldn’t pay to premium price for a Bluetooth enabled phone.

Even the “techs” at Sprint told me that the Bluetooth functionality on the A900 was only for Bluetooth…contrary to EVERTYHING else I’ve read about the phone. I no longer depend on the store employees to provide my information on anything tech related

Everything said that is was a full Bluetooth enabled phone…even through Sprint. The only detractor was the store personnel. Even their phone tech said it wouldn’t work. Supposedly the “read it in the manual” I guess their manual was different than the one that came with my phone.

Anyway…Bluetooth works…the service is clean and clear…and now people can actually hear me on the phone now…all is good.

The Slingbox

A couple of nights ago our 40 inch TV blew up. Somehow or another the magic smoke was released...make me sad. That TV is the only one in the house with the PVR and the Xbox. The TV in the bedroom is sold school...coax input only. The TV is covered under warranty...but with the Christmas holiday no one can be here until Wednesday
That wouldn't be so bad...except they pretty much just pick it up ant take it in for repair. Now THAT is a two week turnaround. That makes me sad. 3 weeks with no TV in the living room...major suckage.
Enter the Slingbox (www.slingbox.com)

This little jewel will transmit streaming video from your provider of choice to any PC loaded with their player and configured with a unique user ID… Pretty slick… and it seems fairly secure for what amounts to a video server.

I set it up on the Dish Network PVR and. we’re right back in business. Now...granted the stream isn't a crisp as a normal television and to get the video stream outside your network you have to do some configuration on your router...but...this thing is pretty cool. I can be ANYWHERE with an internet connection and watch MY television. It even works on my Tablet PC using the Bluetooth modem on my phone. Once they pickup the wounded big screen I think I'm going to break ut my projector, hook up the Xbox to the Slingbox and game BIG TIME