Silicon Shecky

Technology is a wonderful thing. We have computers, laptops, servers, the Internet, e-mail, and of course mobile technologies. We use and abuse them all without even a second thought. Then something breaks and we are lost.

It is amazing how much technology controls our lives. It is supposed to be a tool to make our lives easier, but we depend on it so heavily, it controls us. I’m as guilty as anyone in this respect. Today RIMs Blackberry Internet Service went boom again. North America and South America both wound up affected, and yet there was not a lot of talk about it. No CNN headlines, no nothing. It only affected e-mail and if you worked for a company that had a BES server you weren’t affected. Nope just people like me who use the BIS part were.

It drove me crazy. I thought maybe I left Outlook open at home. A visit to my webmail site showed that e-mail was not going to my PC at home, as all of it was still on the main server. A quick google search found a couple of articles about it finally.

Outages happen in the IT world. We all know that. What this instance shows us again is that relying on cloud services is an iffy thing. Its all still a beta product, all of it. The Internet, e-mail, mobile devices, all of it beta products. Don’t be controlled by it, for it is just a tool.

IT World has a nice little article which gives some tools to help protect those running IIS 6.0 and earlier from the latest exploit. The fun thing is that they are both free tools from Microsoft that basically shut down the WebDAV protocol.

Microsoft has acknowledged the problem, but has not said if or when a patch for it will be available. Windows 2000 servers are more at risk from this vulnerability since WebDAV is turned on by default, in contrast to Windows 2003 where WebDAV is turned off by default.

So, there you have it. Go get the tools and lock it down.

Google, we have a problem. It seems you can’t go to a single tech site right now without hearing about the “Google Poisoning Attack” and how it works. For an attack that has been around since March, its amazing that it is now starting to pick up mainstream attention.

To put it in simple terms, legitimate websites are unknowingly causing the problem due to flaws in Adobe software. Adobe, yep, Flash, Acrobat, other items, doesn’t matter. It seems that there is some flaw involved with it all. I do know that there have been a few Zero-Day Adobe exploits that have recently been patched by Adobe, heck my own machine got updated today. Will it help me out, I don’t know.

The scary thing about it all is that although this poisoning has been around since march, the amount of affected sites has almost quadrupled in one weeks time from about 800 to about 3000 according to ScanSafe. CERT has raised a red flag because of this huge increase, and it does not look like it is slowing down.

The real question about all of this is again, patching. When was a fix for the vulnerability released, and how long does it take companies to patch?

I’d post more information about what happens to your machine such as FTP usage, stolen passwords, etc, but honestly, so much is out there on it that you just need to go to any site such as eWeek’s site to get more info on the attack itself. Just be careful and make sure your machines are as updated as they can be.