IE Flaw Found and Exploited

A newly found IE zero-day flaw has been found, publicized and is now being exploited. And this is not the kind of story I like to report.

In walking through this news, I'm hoping you'll help me understand the logic and report back to me and the tens of thousands of Redmond Report readers by writing to [email protected]

On Monday Rapid7, a security firm, wasted no time in telling the world that IE 9 and a number of earlier versions had a flaw that impacted XP, Vista and Win 7. The attacks trick a user into clicking on a malicious Web site, giving the attacker access to elevated privileges.

Of course now hackers are exploiting the flaw which Microsoft, given the short notice, hasn't had time to fix.

Why on earth do security firms publicize flaws before they are fixed? To me this is totally irresponsible.

Tell me where I'm wrong or more likely right at [email protected] In the meantime, if I get hacked this way, I'll blame Rapid7.

Posted by Doug Barney on 09/19/2012 at 1:19 PM11 comments


Windows Phone 8 So Very Close

The iPhone 5 is close to shipping, driving Apple stock to an all-time high -- and I think it's an unsustainable high (although the P/E ratio of around 16 isn't as out of line as I thought it would be).

With far less fanfare, Windows Phone 8 is also imminent, having gained release-to-manufacturing status. I guess it takes about six weeks for OEMs to turn these things around.  The launch date is now expected to be Oct 29, with shipments soon after.

I still hear good things about the phone, but I think the real movement will come from enterprise customers who may see tight integration with corporate apps, and some aggressive moves by OEMs such as Nokia making us offers we can't refuse.

Do you see a Win 8 phone in your future, perhaps tying it into Lync? Mail me at [email protected]

Posted by Doug Barney on 09/19/2012 at 1:19 PM1 comments


Microsoft's Hidden Price Spike

Recession -- what do you do? If you are Microsoft, you raise prices for your most loyal customers by some 43 percent.  

Loyal customers buy volume licenses, one of which is the Enterprise Agreement (EA). These agreements are purposely confusing because if Microsoft is the only one to understand them, it gives Microsoft control. This is the same technique that lets lawyers charge $300 an hour.

Fortunately some folks, like analyst Paul DeGroot, understand licensing, and by DeGroot's calculations, EA Windows three-year-renewals could cost up to 43 percent more.

That's because when customers renew, they renew not at the EA rate but at the Select or Select Plus rate (which is higher).

What is your experience with Microsoft licensing and is it better or worse than other vendors?

Posted by Doug Barney on 09/17/2012 at 1:19 PM7 comments


An Android Aside

Some of you may know I've been struggling with what smartphone to get next. Fact is, I could have gotten a free phone from Verizon way back in March, but I'd have to wait a full two years for another freebie. I decided to wait.  Not for another Blackberry, heck no, but for either the iPhone 5 or the next Windows Phone.

Some of you have suggested an Android device. A couple of my kids have had 'em and they weren't feeling the love. And an unnamed former huge Microsoft exec whose technical chops are impeccable recently complained about not getting his Android phone to fully connect to his Exchange folders. If this guy couldn't get it to work, what hope is there for mere mortals?

Posted by Doug Barney on 09/14/2012 at 1:19 PM10 comments


Bing Goes Social

I've noticed a new theme coming out of Redmond lately: social networking. No, Microsoft isn't going to build its own monster network. Not even Google can crack that nut. Instead, Microsoft hopes to pick up a few crumbs by embracing all the work Facebook has done.

The idea is simple, at least according to Redmondmag.com columnist Brien Posey. Bing, an underrated search engine in my estimation, can also now search social networks. At first Brien was nervous, fearing an invasion of privacy. After some sleuthing, er, some searching, it turns out it will only find stuff your friends post and only things you overtly make public. And you  have to turn social searching on.

Sounds like Microsoft hit the balance right.

Posted by Doug Barney on 09/14/2012 at 1:19 PM0 comments


System Center 2012 SP1 Nears

System Center 2012 is only about a year old and Microsoft is already getting its first service pack ready, one that should ship early next year.

Most service packs are rolled up bug fixes with a few small new features tossed in for good measure. This one actually marks a real shift in System Center to a decidedly more cloud-centric approach.

In fact there is so much new that Microsoft is confusing folks by calling it a service pack. It really should call it a new version, though Microsoft would probably be compelled to charge for a new version (so I guess SP1 is OK after all).

Of course, as you may guess, SP1 supports Windows 8 and Windows Server 2012. That's a given.

So here's where the cloud kicks in: SP1 makes it easier to transfers VMs from in-house servers to Windows Azure. Also, you can tie VMs to Azure backup services.

Is the cloud starting to make more sense the more tools that come out or is it all a plot to take over your data and ultimately your job? You tell me.

Posted by Doug Barney on 09/14/2012 at 1:19 PM0 comments


Doug's Mailbag: Is Google Books Doing It Right?

Is Google Books a helpful resource or just a way for Google to cheat original content authors? Here's what you think:

As an engineering student, I have to say that Google books has been one of the best resources online in terms of figuring out things that we had no idea how to do! I really appreciated it because it often gave examples and explanations that were different from the other sources that I had (and books that I did pay for!) So in terms of textbooks, I love it...but it is a pain because if you search for something specific, it will sometimes block out the important pages that you obviously wanted to see based on your search. But then if you go back in a different browser (or a friend's computer), then you can usually see what you were looking for! 
-Lauren Barney (Doug's daughter)

You aren't being too hard on Google. I was at the Waterside Publishing Conference to accept an award some years ago and one of the speakers was a Chinese publisher who said books were only worth the value of the paper. But he couldn't understand why those of us who were authors weren't jumping all over the chance to have our work published in China. As I explained to him, several of my books were published in China and I thought it would only be fair if I shared in the profits. Like Google, he thought that the writers didn't deserve to be paid -- only those who were stealing their work should make money. Needless to say, after writing well over 80 books, I think I do deserve to be paid for my work.
-Brian

I think as the book market transitions to a digital one( just as the market for CDs and DVDs has), it will change the entire distribution model.  Authors may need to adjust to lower compensation per copy for digital distribution, but the opportunity for vastly higher sales volume may outweigh that.  And, as with music and video, some people may want to sample without buying, but many will pay an appropriate amount to consume the content they desire. 

Content creators of all sorts will need to adjust to this new model of distribution instead of reacting like the RIAA and MPAA: trying to sue people back into a bygone era of physical media ownership.  As for Google scanning and posting content from existing books, how is that different from a library? They buy one copy and many people can read that one copy without paying the author any money. The Google copies are also incomplete (certain page ranges are blank). So if someone wants the full content, they still need to pay for either a physical or digital copy.  But, without being able to find this content first by searching Google, they might not even know the work or author even existed.  And if all they wanted was a snippet of the content for research or references, they wouldn't be a potential purchaser anyway.  

It's an adjustment for sure, but it sort of seems inevitable at this point.  As long as content providers can produce revenue for the creators and allow them to specify how their content is distributed, everyone will benefit.  Look at the Apple store, advertiser-backed Web pages, Netflix-like streaming services, etc.
-Paul

Share your thoughts with the editors of this newsletter! Write to [email protected] Letters printed in this newsletter may be edited for length and clarity, and will be credited by first name only (we do NOT print last names or e-mail addresses).

Posted by Doug Barney on 09/12/2012 at 1:19 PM0 comments


Tool Puts Win 8 in Windows Server 2012 Driver's Seat

Remote Server Administration Tools (RSAT) for the Windows 8 was just released as a sort of a beta (it only works with the Windows 8 Customer Preview). It's meant to let Win 8 clients manage Win 2012 servers remotely.

With RSAT, IT can use PowerShell or the built-in GUI.

If you want to control earlier servers, it appears you'll have to first load Windows Management Framework 3.0.  That way RSAT will talk to Windows 7 SP1, Windows Server 2008 R2 SP2 and  Windows Server 2008 SP2.

Posted by Doug Barney on 09/12/2012 at 1:19 PM0 comments


Will the Hypervisor Replace Operating Systems

Redmondmag.com columnist Brien Posey always has an interesting take, especially with his recent article that focused on the future of the hypervisor, particularly market leading VMware.

Big changes have been happening in data centers. More and more servers are split into a bunch of VMs, and server operating systems are becoming more dedicated with smaller footprints. We've long had Linux appliances. Now Windows Server is increasing focus on Server Roles.

This is the perfect context for hypervisors (which assume the duties of an OS). You see, these slices of server computing are narrowly focused, so they need less OS support.

VMware is the company Posey sees moving in this direction (wouldn't it love to intrude on Microsoft's OS turf?). VMware is already looking to handle storage and to virtual networks -- key pieces that OS's generally touch. And Posey got a sneak peak at some cool stuff in VMware labs that seem to back up his prognostications, especially in the area of configuration.

When you look at things like Linux appliances, a lightweight OS doesn't actually have to do all that much. It's easy to assume that VMware may not be that far away.

One of the questions Posey didn't address is could VMware support Windows servers apps? Would this let IT run these apps without paying the Microsoft server license tax, and would Redmond let it?

What is your expert analysis? Send it forth to [email protected]

Posted by Doug Barney on 09/12/2012 at 1:19 PM2 comments


Did the Internet Mess Up 9/11?

Yesterday should have been a somber, reasoned reflection on the events that occurred in 2001. We should have been celebrating the rebirth of the World Trade Center, which will be the tallest building in Manhattan as long as the city has a heart. We should have been coming together as we did that day 11 years ago. We should have had a little class.

What did we do instead? The maker of a virulently anti-Muslim video gleefully posted a clip on YouTube, with the full knowledge of the reaction it would create. Then the idiot pastor who burned the Koran (protests of that directly resulted in 21 deaths) promoted the video all day yesterday. And these toads don't feel at all responsible for the murder of Chris Stevens, our ambassador to Libya and three other Americans? I guess it's OK since this time only four people died. 

And how do the folks in Cairo and Libya celebrate their new-found freedom? By attacking us on a day of mourning. Class. Pure class.

Meanwhile, on our home turf, politics can't even pause for 9/11. Early yesterday, before the protests even started, an embassy worker in Cairo sent out a statement condemning those that insult the religious feelings of Muslims, and indeed all religions. In a bizarre twist, the Obama administration felt compelled to disavow this statement.

Meanwhile, thanks to the Internet, all of this is happening in near real-time.

According to a Presidential candidate not named Ron Paul, our President was "disgraceful" because somebody in the Cairo embassy sent out an unapproved message viewed as an apology to Muslims, and this came out before Mr. Obama had a chance to formerly address the tragedy unfolding in Libya (and after Obama disavowed the message). Does this campaign have some kind of faulty dialup connection and can't keep pace with what is actually happening? Is that why you attack a sitting President on specious grounds on 9/11?

The Internet changes everything. Before you cram your foot in your mouth, refresh your browser!

It was horrible when Keith Olbermann attacked John McCain night after night, and it is just as bad when the talking heads do the same on the right. By the way, the only sign on my lawn is Scott Brown for Senate. If you want to attack me, attack me for being non-partisan. 

Is there any way to take politics out of politics? And if we can't take the politics out of politics, can we at least take it out of 9/11? Your thoughts welcome at [email protected]

I probably should have spent the evening watching ESPN.

Posted by Doug Barney on 09/11/2012 at 1:19 PM11 comments


New Java Flaw Found

Oracle now knows what it feels like to be Microsoft. Security experts are constantly finding flaws in Microsoft software and telling the world all about them.

Well, last week Oracle thought it had fixed a well-publicized problem in Java, one that had some advising end users to just stop using Java altogether. Instead of offering a round of applause, researchers told the world of a flaw found inside the supposedly fixed version.

Fortunately, the researchers had the good sense to hold off publishing actual details of the flaw until Oracle has a "proof of concept" fix.

My question is, why publish them then? Not all machines will be patched with this proof of concept fix. Any idiot can take what the researcher publishes and attack unpatched machines.

Am I missing something? If so, corrections readily accepted at [email protected]

Posted by Doug Barney on 09/10/2012 at 1:19 PM2 comments


PowerShell 3.0 Muscles Its Way to Market

While the general PC market gets all worked up over Windows 8 and new Windows Phone devices, real IT pros probably care more about PowerShell 3.0, a tool most consumers have never heard of (and wouldn't even know what to do with it if they did).

PowerShell 3.0 is not just the last version of the scripting tool. It also works with the latest client and server OSes: Windows 7 and Windows Server 2008 R2 Service Pack 1 (rolls off the tongue, doesn't it?).

PowerShell is all about commands -- or commandlets (cmdlets). And now there are over 2,400 cmdelts available.

Microsoft also says PowerShell 3.0 is essentially ready to support Windows Server 2012, which just shipped, and Windows 8, which is getting close, real close.

Posted by Doug Barney on 09/10/2012 at 1:19 PM1 comments