Chris Mosby at myITforum.com

I went to two awesome sessions on the OSD feature pack yesterday.  One was by Wally Mead, and another by Johan Arwidmark, a Microsoft MVP in Setup/Deployment.

While my partner-in-crime, Jeremy, and I learned essential information in the use of the OSD Feature Pack that will make us super-heroes back at the office, I did want to make one comment about what we learned.

I was really surprised to learn that a lot of the little problems (some bigger than others) that we have been experiencing were actually issues and\or intentional(?) behavior in the OSD Feature Pack. 

Now I admit that we pushed through our issues without seeking out to much outside help from Microsoft or the community, mainly out of a deep seeded need to figure things out on my own. However, I feel that some of the things that some the issues that we were having should have been disclosed to the community and with emphasis, especially since Microsoft now says that the OSD is the PREFERED way to deploy Vista.  If this was done and I missed it, then that is my fault. Meanwhile we thought we were doing something wrong,

Two of the issues that I can remember this early in the morning are the following:

1. If you have a server image that requires specific storage drivers that have to be required on your Image Install CD, then you will have problems using that install CD if you try to use it to install an image on a workstation install that does not need those same drivers.  This is because the image install process will try to force the use of the storage drivers if you include them on the CD. In our case, that means having a seperate CDs for workstations and server installs. This might not sound like a big deal, but it is if you are in the middle of trying to get OSD running for a major deployment.
2. This is the biggest one to me.  Apparently while loading up the image capture or install process, network access functionality doesn't always load up before the wizard to start off the process is loaded. To make sure that this does happen, you have to do some hacking in the background.  You have no idea how many hours we wasted on that issue!!

OK now that I have vented about this, you should all know that documentation on some of the sessions will be available here soon.  Be on the look out for anything that has been written by Johan Arwidmark, the Jedi Master of OSD and ZTI as far as I am concerned.

 UPDATE: Looks like the guide that I saw has already been published on MyITforum.com, download it here: http://myitforum.com/articles/8/view.asp?id=8856

Here are some pictures from when I made it into San Diego on Sunday.

MMS 2006 Day 0

This is one to pay attention to, a re-release that fixes issues of the previous patch.

**************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: April 25, 2006
**************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

  * MS06-015

Bulletin Information:
=====================

* MS06-015

- http://www.microsoft.com/technet/security/bulletin/ms06-015.mspx
- Reason for Revision: This bulletin has been re-released to advise customers that revised versions of the security update are available for all products listed in the "Affected Software"
    section. Customers who have already applied the MS06-015 update who are not experiencing the problem need take no action. For additional information, see "Why did Microsoft reissue this bulletin on April 25, 2006." in "Frequently asked questions
    (FAQ) related to this security update" section.
- Originally posted: April 11, 2006
- Updated: April 25, 2006
- Bulletin Severity Rating: Critical
- Version: 2.0

This will probably be my last post for a few days at least, my co-worker Jeremy and  I will be heading off to MMS on Sunday. 

Hope to see the ones that can make it at the "Meet and Greet" events that Rod mentioned on his blog.

Just a reminder to everyone, I am terrible with names.  If you come up an talk to me and I act like I'm not sure if I know who you are, please introduce yourself.  That will save us both an embarrasing moment.

Hope that all of you that are going to MMS have a safe trip.  For the ones that can't make it, I will have a moment of silence in your honor.

Take care,
Chris

More information on the MS06-015 issue

Hi everyone, Stephen Toulouse here.  We've been continually examining the best way to assist the customers who may have been impacted by the interaction of MS06-015 with the software Mike mentioned before.  We wanted to check in and let you know the current plan.  Up until now there have been several solutions: Upgrade to the newest version of the affected software, a manual registry key fix, uninstall the third party software (NVIDIA Drivers versions 61.94 and prior or the Hewlett Packard Share-to-web software) or uninstall the update.  All of these require the user to take some sort of action.  

So what we have done is re-engineered the MS06-015 update to avoid the conflict altogether with the older Hewlett Packard and NVIDIA software. We're going to run a test pass on it and we will release this new update on Tuesday, April 25th.  What the new update essentially does is simply add the affected third party software to an "exception list" so that the problem does not occur.  The revised update automates the manual registry key fix.   

So what should you do? 

Well if you are experiencing the problem right now, you can use the currently available reg key fix documented in 918165, go to the newest versions of the affected software, or uninstall the third party software.  On Tuesday April 25th, if you have not taken those actions but are having the problem, the update MS06-015 will be delivered to the machine through AU if configured, or through Microsoft Update or the Download Center if you want to install it manually. 

I want to be real clear about that.  When the update is re-released, it's going to be very much targeted to people who are having the problem, or people who have not installed MS06-015 yet.  That means if you have already installed MS06-015 and are not having the problem, there's no action here for you.  Windows Update, Microsoft Update, and Automatic Update will have detection logic built into them to only offer the revised update (which essentially includes the reg key fix) to those customers who either don't have MS06-015 or are having the problem.

We've updated the bulletin to reflect this information as well.

S.

*This posting is provided "AS IS" with no warranties, and confers no rights.*

Published Friday, April 21, 2006 2:16 AM by stepto

Welcome to the Microsoft Security Response Center Blog! : More information on the MS06-015 issue.

Microsoft patch problems (NEW)

Published: 2006-04-21,
Last Updated: 2006-04-21 15:55:13 UTC by Adrien de Beaupre (Version: 1)

There have been reports of problems with Microsoft patch MS06-013 Cumulative Security Update for Internet Explorer (912812). MS06-016 where the Outlook Express address book disappears. In this case removal of the patch and the address book re-appears, however the other vulnerabilities the patch address come back.

One other Microsoft patch MS06-015 will be updated due to compatibility issues. This was announced in their blog.  http://blogs.technet.com/msrc/archive/2006/04/21/425838.aspx

If you have any issues with a Microsoft patch impacting your system contact them directly, the call is free. In the US or Canada dial: 1-866 - 727 - 2389 ( 866 PC SAFETY ) In other countries/regions, contact your local Microsoft office.

Cheers,
Adrien

SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System.

"Star Trek" franchise set for 2008 revival: report
Fri Apr 21, 2006 3:12 AM ET

LOS ANGELES (Reuters) - More than three years after the last "Star Trek" movie crashed at the box office, the venerable sci-fi franchise is being revived by the director of the upcoming "Mission: Impossible" sequel, Daily Variety reported in its Friday edition.

The as-yet-untitled "Star Trek" feature, the 11th since 1979, is aiming for a fall 2008 release through Paramount Pictures, the Viacom Inc. unit looking to restore its box-office luster under new management, the trade paper said.

The project will be directed by J.J. Abrams, whose Tom Cruise vehicle "Mission: Impossible III" will be released by Paramount on May 5. Abrams, famed for producing the TV shows "Alias" and "Lost," will also help write and produce.

Daily Variety said the action would center on the early days of "Star Trek" characters James T. Kirk and Mr. Spock, including their first meeting at Starfleet Academy and first outer-space mission.

The paper described "Star Trek" as Hollywood's most durable performer after James Bond, spawning 10 features that have grossed more than $1 billion and 726 TV episodes from six series.

The 10th film, "Star Trek: Nemesis," bombed at the box office on its December 2002 release, earning just $43 million in North America. Last year, Viacom-owned broadcast network UPN pulled the plug on the low-rated series "Star Trek: Enterprise"

- http://www.microsoft.com/technet/security/bulletin/MS06-015.mspx

Security Response has published a removal tool to clean infections of  W32.Mytob.PI@mm.

 Version 1.36.0 of the tool, which adds support for removal of W32.Mytob.PI@mm, can be obtained by visiting:
 http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob@mm.removal.tool.html

To date, this tool will clean the following:

• W32.Mytob@mm
• W32.Mytob.B@mm
• W32.Mytob.L@mm
• W32.Mytob.M@mm
• W32.Mytob.R@mm
• W32.Mytob.U@mm
• W32.Mytob.V@mm
• W32.Mytob.AG@mm
• W32.Mytob.AH@mm
• W32.Mytob.AS@mm
• W32.Mytob.BE@mm
• W32.Mytob.BV@mm
• W32.Mytob.CF@mm
• W32.Mytob.CH@mm
• W32.Mytob.CU@mm
• W32.Mytob.CY@mm
• W32.Mytob.DA@mm
• W32.Mytob.DB@mm
• W32.Mytob.DF@mm
• W32.Mytob.DJ@mm
• W32.Mytob.DL@mm
• W32.Mytob.DP@mm
• W32.Mytob.DV@mm
• W32.Mytob.EB@mm
• W32.Mytob.EC@mm
• W32.Mytob.ED@mm
• W32.Mytob.EE@mm
• W32.Mytob.EG@mm
• W32.Mytob.IE@mm
• W32.Mytob.KE@mm
• W32.Mytob.KP@mm
• W32.Mytob.KU@mm
• W32.Mytob.LE@mm
• W32.Mytob.LO@mm
• W32.Mytob.MC@mm
• W32.Mytob.PI@mm

Patch Tuesday Fallout (NEW)

Published: 2006-04-16,
Last Updated: 2006-04-16 00:56:49 UTC by Johannes Ullrich (Version: 1)

Microsoft published a knowledge base article about issues with MS06-015. The two main culprits appear to be HP's "Share-to-Web" software and Kerio Personal Firewall.

In order to implement the MS06-015 fix, Microsoft created a special binary (VERCLSID.EXE) which will validate extensions before the windows shell or explorer is able to instantiate them. If VERCLSID.EXE fails to run, many functions are disructed (e.g. open files in applications using the 'File'->'Open' menu).

More stories about patch MS06-013 can be found in a recent Inforworld article. This patch was expected to cause issues due to the changes in ActiveX functionality. Again, see the respective Microsoft statement. Let us know if you experience any issues. So far, everything appears to center around 'Siebel 7'. Given the lack of outcries so far, I don't expect a lot of problems with other applications.

(Thanks to Susan and Juha-Matti for their contributions!)

SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System.

********************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: April 15, 2006
********************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS06-015

Bulletin Information:
=====================

* MS06-015

- http://www.microsoft.com/technet/security/bulletin/ms06-015.mspx
- Reason for Revision: "Caveats" section updated due to new issues discovered with the security update. Users may experience issues in Windows Explorer or the Windows shell after installing the
update. Security Update Information revised to reflect correct file version information for Microsoft Windows XP and Microsoft Windows 2000.
- Originally posted: April 11, 2006
- Updated: April 15, 2006
- Bulletin Severity Rating: Critical
- Version: 1.1

.

http://www.microsoft.com/technet/security/bulletin/ms06-apr.mspx

At the time of this writing, all the bulletin links aren’t live, but here is what we have this month.  NOTE: Three of these patches require the Extended Security Update Inventory Tool

Spam reporting addresses (NEW)

Published: 2006-04-10,
Last Updated: 2006-04-10 02:53:33 UTC by William Stearns (Version: 3(click to highlight changes))

        It's been a quiet day, with a few reports of phish and pop-up spam.  It looks like we haven't covered spam reporting in a while.

        Because I work so much with spam already as part of the sa-blacklist and SURBL projects, I take an additional step and report spam to the organizations and agencies that have interest in certain spam categories.  I tend to prefer email accounts to which I can bounce spam emails as this is easier to script than trying to send the emails through web forms.

        First, the FTC will take any spam you get; send it to uce_at_ftc.gov .  Also, spamarchive.org is interested in any spam you have, but please send it as an RFC822 attachment (see your email client docmuentation on "How to send as an attachment") to submitautomated_at_spamarchive.org .

        Here are the reporting addresses I use, by category:

- Theft of cable services: ocst_at_ncta.com

- Child pornography: children_at_interpol.int, gmail_at_cybertip.ca .  Other than these, do not redistribute the spams, visit any advertised sites, or keep the emails.  You shouldn't send these to spamarchive.org as these are republished on an ftp server.

- Nigerian/419 scams (http://home.rica.net/alphae/419coal/): 419.fcd_at_usss.treas.gov

- OEM software: netpiracy_at_siia.net, piracy_at_microsoft.com

- Phish scams: reportphishing_at_antiphishing.org, phish_at_ists.dartmouth.edu, spam_at_mailpolice.com, and  phishing-report_at_us-cert.gov.  Also, postmaster_at_corp.mailsecurity.net.au and report_at_reportphish.org are interested, but please send the phish mail as an RFC822 attachment.

- Pills: webcomplaints_at_ora.fda.gov, drugs_at_interpol.int

- Pyramid scams: fraud_at_uspis.gov

- Rolex/replicas: steve.gobin_at_rolex.com, expert_at_lpconline.com

- Stock/pump and dump: enforcement_at_sec.gov

- Tobacco: alctob_at_ttb.treas.gov

- Viruses: avsubmit_at_symantec.com, newvirus_at_kaspersky.com, samples_at_F-Secure.com, virus_at_cai.com, virus_at_commandcom.com, virus_at_pandasoftware.com, virus_doctor_at_trendmicro.com, virus_research_at_nai.com

        Some of the above came from Spamlinks Reporting page - many thanks for an excellent resource.  The email addresses I covered above tend to be focused on US agencies; definitely visit spamlinks if you live outside of the US.

        -- Bill Stearns (http://www.stearns.org, wstearns@pobox.com)

SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System.

MVP Rakesh Rajan passed away

posted on Sunday, April 09, 2006 10:22 AM by donna

I just learned that Rakesh Rajan, MVP from India died few days ago.  See http://forum.t-mug.org/topic.asp?TOPIC_ID=1050.  My condolences to his family.  He was only 24 years old. 

Donna's SecurityFlash : MVP Rakesh Rajan passed away.

MS genuinely surprised 250,000 unique systems infected with Alcan.B

Published: 2006-04-08,
Last Updated: 2006-04-08 22:14:26 UTC by Patrick Nolan (Version: 1)

Alcan.B is circa June, 2005. MS's anti-malware technology team has blogged that "In February's release of the tool (MS's Windows Malicious Software Removal Tool), we added the ability to detect and remove a worm called Win32/Alcan.". So seven months and a few days after information about Alcan.B was first published, MS's Anti-Malware Engineering Team is "genuinely surprised" that 250,000 of the 250 million computers systems that ran the February Windows Malicious Software Removal Tool were infected with Alcan.B.

The Anti-Malware Engineering Team blog goes on to note that the February Windows Malicious Software Removal Tool removed the "Win32/Mywife.E worm (aka CME-24)" from 40 thousand computers, starting just a scant 11 days after the "worm" detonated on February 3rd, 2006, less than a month after it's discovery date (near January 17, 2006). Win32/Mywife.E is malware that the Anti-Malware Engineering Team had recently said was a worm that "turned out to be more hype than reality", and that "the few calls they did receive tended to be inquiries based on word-of-mouth vs. infected users" (Monday, February 06, 2006 12:38 AM).". Looking back on the week (graphic next - as Nyxem.E), "Win32/Mywife.E worm (aka CME-24)" gets around, and looking back, at other statistics, over the time period since it's release, it competes right up there with other prolific persistent malware like MyTob and netsky, and will continue to do so in the future.

SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System.

Deja Vu - worm attacks Windows and Windows Mobile powered devices

Published: 2006-04-08,
Last Updated: 2006-04-08 20:58:15 UTC by Patrick Nolan (Version: 1)

Symantec has issued information on MSIL.Letum.A@mm, "a worm written in Microsoft .NET's Microsoft Intermediate Language (MSIL) that can affect both Windows PC and Windows Mobile powered devices that have the .NET framework installed.". Trend's analysis for WORM_LETUM.A is here.

SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System.

Cross platform virus PoC (NEW)

Published: 2006-04-07,
Last Updated: 2006-04-07 13:55:10 UTC by Swa Frantzen (Version: 1)

Viruslist is reporting on a cross platform Proof of Concept (PoC) virus that works on both Linux and Windows machines. It is claimed to be capable of infecting both the linux ELF binaries and .exe's from windows.

The impact of the PoC at this point is very low in itself, but it is a sign the cross platform aspects are becoming important. As the developers of viruses continue to research this, we will see (more) cross platform malware come about in the future.

Even today websites sending exploits to their visitors tend to detect what browser/platform the visitor is using and send a matching exploit to install some malware and earn their quarter for each confirmed installation.

Planning ahead and also protecting the Linux, UNIX and Mac OS X, machines with anti-virus measures is a good thing to start on now if you haven't done so already.

For those thinking their "pet" computer is invulnerable to the virus threat: it's not. The vulnerability exploited by a virus is the ability of software to add or change other programs. All general purpose operating systems have that vulnerability to some degree.

Getting infrastructure that is fed signatures in an automated manner in place allows you to shorten the time needed to respond, even if the specific platform isn't targeted today. Since anti-virus measures are mostly reactive in nature, anything that makes your reactions faster is good.

 

--
Swa Frantzen - Section 66

SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System.

Miscellaneous news (NEW)

Published: 2006-04-06,
Last Updated: 2006-04-06 21:28:17 UTC by Kyle Haugsness (Version: 1)

No major events, so here is a brief listing of the items that I was tracking throughout the day:

• MS sent out the advanced warning for patches next Tuesday: April Advanced Notification
• A new vulnerability was announced in Internet Explorer.  The vulnerability is a race condition between loading web content (HTML) and flash files.  It allows people hosting malicious websites (phishing) to overwrite the URL address bar.  This would be useful in phishing attacks.  Details here: http://secunia.com/advisories/19521/
• A reader reported a Chase bank phishing e-mail with only a 888 phone number to dial.  My first guess was that this would be a number that charged a very high fee upon connect, so I didn't dial it.  But he reported that when you dial the number, a system prompts you for a 16-digit card number and seems to have a validation process.  Perhaps this is the next wave in phishing attacks?  He reported it to Chase bank and antiphishing.org.
  
• For a brief time this morning (in the US), the SSL certificate for Hotmail was broken.  It gave the SSL certificate for www.gendcom.info, which seems to be a legitimate site that uses SSL.  The Hotmail SSL certificate was quickly fixed.  After researching, I discovered that both organizations use Savvis webhosting.  So I'm thinking this was a technical glitch at Savvis.
• The folks running the bleeding-edge snort project had to move their web servers to a different provider temporarily due to a DDoS attack.  So you may find intermittent connectivity to them.

.

SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System.

http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032292804&Culture=en-US

At this time no additional information on these bulletins such as details regarding severity or details regarding the vulnerability will be made available until 11 April 2006.

An update on the IE ActiveX change from Mike Nash

Hi there.  Mike Nash from the STU.  Earlier this year, during our response to the WMF zero exploit with an out-of-band band security update, I wrote a blog entry explaining the details of how we got to the decision to release that update early.  I received a lot of feedback from customers around the world that the blog entry and the internal insights into our decision-making process in that situation was very helpful and that we should make it a consistent practice for issues that have widespread impact on customers and need more clarity.

 

Based on the feedback I received from several customers on the upcoming change to the ActiveX capabilities in Internet Explorer in the next cumulative IE security update, I decided that this was a topic worthy of a blog entry.

 

So what’s going on?  Three things really:  The first relates to Microsoft’s involvement with the Eolas Technologies and the Regents of the University of California v. Microsoft patent case (Eolas v. Microsoft), which requires that Microsoft change the way that IE handles ActiveX controls.

 

So when we release the next cumulative IE security update, customers will only be able to interact with Microsoft ActiveX controls loaded in certain web pages after manually activating their user interfaces by clicking on it or using the TAB key and ENTER key. 

 

To help developers verify that their applications work well with the ActiveX change, Microsoft made it available to developers on MSDN on February 9, 2006.  Microsoft also made the change available as an optional update on Windows Update and the Microsoft Download Center on February 28^th.  At the same time, the ActiveX change was made available to OEMs to include on all new systems shipping with Windows.

 

The second issue is that we have a number of security vulnerabilities in IE that are scheduled to be addressed in our next release of security bulletins on Tuesday April 11, 2006.   As you know, in order to reduce the complexity of updates and to improve quality, we ship all IE updates as cumulative updates.  As a result, the April security updates will include the non-security ActiveX change to respond to the Eolas case.

 

The third issue is that Microsoft is responding to a zero-day vulnerability in IE. The good news here is that we are on a path to include the fix for the zero day vulnerability as part of the April IE cumulative security update and possibly sooner if our ongoing monitoring and analysis of attempts to exploit vulnerability shows customers are being impacted seriously.

 

While the functionality that we changed as part of the response to the lawsuit is a small part of the functionality of IE, we did get feedback from some ISV partners and from some enterprise customers that they need a little more time to test and update their applications. 

 

So I met with the team over the last few days and we decided to make the following changes:

1. New machines that ship with Windows will include the ActiveX change. 
2. For our April IE cumulative security update, we will include the IE ActiveX change in the security update, but we will create a “compatibility patch” (deployed like a hotfix) that allows customers to turn off the change for a limited period of time through the June update cycle (2^nd Tuesday in June) to provide time for enterprise customers to resolve compatibility issuess. 

So, the real question you are asking is “Mike, what should I do?”  Here is what I would do:

 

·         For Enterprise Customers: 

o       Test the ActiveX change that we shipped on February 28^th.

o       Deploy the cumulative IE security update when it ships.

o       If you have concerns about application compatibility with the ActiveX change, then deploy the compatibility patch to temporarily revert back to the old behavior for Active X.  I STRONGLY advise that you NOT use this patch if you can avoid it, but if you do use the patch, as soon as you fix your application, remove the patch so that you can be sure that your applications work with the new ActiveX functionality.

o       Know that starting in June we really will not be supporting the old ActiveX behavior. 

·         For ISVs

o       Test your applications with the new IE ActiveX change.

o       If you have problem, let your Microsoft representative know.

o       Make sure that you have updated versions of your applications available and in the hands of your customers as soon as possible, since starting in June the old ActiveX control behavior won’t be supported.

·         For End-Users

o       Use Windows Update (and ideally Microsoft Update) to keep your systems up-to-date

 

If you have any questions, I want your feedback.  My email is mikenash@microsoft.com.

 

-Mike

*This posting is provided "AS IS" with no warranties, and confers no rights.*

 

Published Wednesday, March 29, 2006 7:06 PM by stepto

Welcome to the Microsoft Security Response Center Blog! : An update on the IE ActiveX change from Mike Nash.

Coolwebsearch / Trafficadvance got a new home...

Published: 2006-04-05,
Last Updated: 2006-04-05 20:09:42 UTC by Daniel Wesemann (Version: 1)

Looks like our long-time "friends" from the Coolwebsearch/Trafficadvance malware department have moved shop to a new hoster. If you've followed our earlier suggestions and zapped their old netblock (81.9.5.x), well, then you might want to consider banning their new sites as well. They all seem reside under  85.249.23.x now, again in St.Petersburg, Russia. If you prefer to block their domains, here's a list. All of the indicated domain names end in .biz.

traffsale1 traffweb toolbarweb toolbarsale iframecash traffcool toolbarcool traffbucks toolbarbucks traffdollars toolbardollars traffbest toolbarbest traffnew toolbarnew traffmoney toolbarmoney vip01

Be advised that unwary surfing to these sites might make your DVD drive spit out peperoni slices, cause your monitor to start flickering, and definitely will result in other side effects detrimental to the integrity of your beloved computing device. You have been warned.

SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System.

Hmmmm, looks like even Microsoft has jumped on the NASCAR bandwagon.  Not bad for an "activity" that some people around here don't consider a sport. 

Microsoft could pick someone a little better than Rusty to represent them in my opininon though...

Microsoft Streets & Trips - Rusty Wallace: King of the Road Trip 

Rusty Wallace: King of the Road Trip

Although he made his career driving around a track at speeds of more than 180 mph, Rusty Wallace, newly retired NASCAR driver and Nextel Cup champion, loves spending low-key time on the open road with his wife and their three children. The Wallace family knows that road trips can be stressful, especially when you add kids to the mix; they also know it is possible to hit the road and have a good time. With a little planning, creativity and preparation, road trips can be a cherished experience for all — whether you’re going across the country or someplace close to home. Here are a few tips and tricks from the professional to make your next road trip fun for the entire family:

.

 

NetworkSolutions Down Again - Not a DoS Attack (NEW)

Published: 2006-04-04,
Last Updated: 2006-04-04 21:26:33 UTC by John Bambenek (Version: 1)

This morning from about 8am-10am eastern Network Solutions services were unavailable again.  At the time of this writing they still haven't come "fully" up.  They explained the interruption as being caused by a "global outage" from their colocation provider.  They did not explain the nature of that outage.  In theory, things should start to work again over time. (Note: This is a different outage than yesterday allegedly).

Update: (12:05pm CDT) A Lesson in Business Continuity Planning

While I think the explanation is somewhat lacking on what happened at NetSol, there is one thing that jumps out at me.  Why is the failure of one vendor enough to cause all of NetSol to come crashing down?  You could argue that you rely on your vendors to have redundancy but sometimes the vendor itself can be a single point of failure.  In this case, it looks like the vendor's entire enterprise crumbled and took NetSol with it.  Even the most technologically robust firms can be brought to a halt by a labor strike (for instance).  The moral of the story is that if the stakes are high enough having redundant vendors can be a smart play.

Update (4:15pm CDT) Don't Believe Everything you Read on the Internet

Contrary to reports circulating on the Internet, this outage was not the result of a DoS attack.  I have spoken via email with one of the NetSol engineers and while I can't say what it is, I can say it wasn't an attack.

SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System.

 

QWest Problems (NEW)

Published: 2006-04-04,
Last Updated: 2006-04-04 18:35:05 UTC by John Bambenek (Version: 1)