Silicon Shecky

Infosec Practitioner

Connect

Windows 7 RC1 Released

By Leave a Comment

Microsoft pulled a fast one and put up the Windows 7 RC download a day early. Now it time to get it and play with it. I understand that XPM is supposed to be testable, so lets see what it is, and don’t forget to report bugs you find so maybe we can get the worst bugs out of it before it ships.

You can download it at:

http://www.microsoft.com/windows/windows-7/download.aspx

They did set it up so that if the download gets interrupted it will pick up where it left off, which should make things a little easier on that end.

Overhype:Flu Vs. IT

By Leave a Comment

Keeping up in the IT world, you come across all sorts of interesting things. You also start seeing patterns that can almost be seen as a microcosm to the rest of the world. With all the focus on Swine Flu lately, you can see some similarities between the way it is being presented and say, Cornficker.

Swine Flu is still making headlines, while Cornficker has done exactly what I figured. It feel from the spotlight, and it fell hard. So hard that the FBI complained about the over-hype and problems that the over-hype caused. Now we are seeing that exact same over-hype with the whole Swine Flu health issue, but no one will ever say it was over-hyped. Cornficker, by the way, has one variant that is about the self destruct, while most of the others have been turning into spam-bots, creating a very large botnet.

The Swine Flu is a nasty illness, but it is being called an epidemic, when in reality such a small portion of people are getting it, and an extremely small amount are dying from it. Yes it is nasty, and yes it needs to be fought, but it doesn’t seem to be any more widespread than any other influenza, just a strain that is more rare.

So one has to wonder, with the latest Zero-Day Adobe Exploit, what we are doing about it. The answer is nothing. People are supposedly waiting for the patch for the newest exploit, yet they still haven’t applied the patches for the prior exploit. Mind you, these things get no press, even though they can be just as dangerous as anything else out there.

Yes, you should test patches before deploying them, but you need to have a plan and a time frame that is not insanely long for a decision. The patches for exploits out in the wild (zero-day) should be deployed as fast as possible. It is simple common sense.

Of course, common sense isn’t so common anymore. Just look at the plan on the Swine Flu “epidemic”.  It consists of scaring everyone to death, hurting the economy because of travel bans, and basically hyping the hell out of it until we become complacent and don’t even listen to the people who are basically crying wolf constantly about it.

Hype can be good, but in this day and age, we over-hype so much so fast that I have to wonder, “What are we thinking?”

IE8 not being pushed? Only if you work in PR.

By Leave a Comment

IE8, still not ready for everyone to use due to compatibility issues with many websites out there. Microsoft says, “We are not pushing IE8 out there yet.” Everyone breaths a sigh of relief.

At least until today. If you run updates, you should take a close look at the high priority updates. Yeah the ones that get pushed down through Automatic Updates. You will see IE8 there. Sounds like a push to me. Yet Microsoft is still claiming that they are not pushing it out.

Now I don’t know about you, but if I saw it in the Optional Software updates, I would believe them, but with it in High Priority? Come on, we all know that usually we just let the high priority updates get installed, because they are usually the most critical of the updates, and if you are set up to autoupdate, it will get pushed down and installed unless you are set up to check what updates have been downloaded for install.

To use a phrase from a segment on a sports show I listen to.. Microsoft, Who Ya Crappin?