Kurt Shintaku's Blog

We were fortunate enough to have several Hollywood celebrities come by the Windows Vista "Lounge" here in Los Angeles.  Here’s a few of the visitors… I’m sure you’ll recognize them.  (The embedded photos are small because they’re thumbnails.  There are publishing rights on the originals which you can find at WireImage.  See below for links to the originals… or come see me offline if you want to see the larger images.)

   
William H. Macy, Jimmy Kimmel, Catherine Bell, DJ AM (Adam Goldstein)

   
Josh Duhamel, Molly Sims, Eddie Cahill, Emily Proctor
(Of Las Vegas & CSI: NY & Miami fame which are incidentally, two of my favorite shows… seriously.  Got them "Season Pass-ed" on both the TiVo & the Windows Media Center!)

     
Eva Longoria, Maria Menounos, Zoe Saldana, Julian McMahon (Fantastic Four/Nip Tuck), Ken Watanabe (Batman Begins/Last Samurai)

   
Allison Janney (West Wing), Matt Leinart (NFL’s Arizona Cardinals), Jason Lewis (Sex in the City)

Windows Vista Lounge photos from WireImage.com:
1) http://www.wireimage.com/SearchResults.aspx?igi=255951&s=Vista&sfld=C&vwmd=e
2) http://www.wireimage.com/SearchResults.aspx?igi=255953&s=Vista&sfld=C&vwmd=e

Wish you could be "alerted" whenever a new KB article was published on your product of specialization?  For example, wouldn’t it be great to get a notification whenever a new KB article was written about "Windows Vista Ultimate"?

Well, that’s what we have here.  Here’s a list of RSS Feeds for Microsoft Knowledge Base article topics: 
http://support.microsoft.com/selectindex/?target=rss

Now if you just want one concentrated location for all news, articles, and events for a given topic or product, check this site out:
http://support.microsoft.com/selectindex/

You’ll notice that the lists are different but not by a whole lot.

Let’s suspend the whole "Microsoft vs Apple" competitive bit for a second in the interests of a constructive security discussion.

My friend Blake Handler wrote a blog entry about a potentially important flaw within Quicktime that’s not only gone unpatched for Windows, but more importantly points to the fact that patching across all applications & utilities is something that companies need to be very vigilant about:  Even software that they don’t bless but know is probably installed on their managed workstations.

(A full description of the flaw and it’s implications of not being patched are available on Secunia’s web site:  http://secunia.com/blog/7/)

WHAT’S THE CONCERN?
The issue is that a simple hyperlink pointing to a Quicktime RTSP stream within:
– any web site/page using any web browser – Firefox, IE, Opera, etc.
– any hyperlink-aware mail application – not just HTML-aware email utilities
– any hyperlink-aware application in general, such as Word, Acrobat, etc., that embed links within documents
…could enable a hacker to completely take over a Quicktime user’s Windows-based computer though any one of these entry vectors.   Remember that this is not patchable – Apple has not released a patch for this flaw on it’s Windows version of Quicktime.

TWO IMPLICATIONS OF THIS ISSUE
Since the flaw is buffer overflow based, there are two important implications by this:
– System execution privileges are used, meaning elevating the attacker’s security rights to that of a workstation administrator is trivial using most hacker toolkits.  This means complete and total control over the computer.
– Intel’s NX (no-execute) instruction bit should prevent this tactic from being successful, if it’s enabled on end user workstations with NX-enabled processors and Windows XP Service Pack 2, or Windows Vista.

MOST COMPANY’S DON’T PATCH QUICKTIME
What makes this flaw disconcerting is the fact that most IT departments I’ve seen do not publish or disseminate Quicktime patches to their desktop environment. If any patches are made, they’re those from Microsoft Update & possibly Adobe. In fact, most of the time, Quicktime isn’t even a IT-blessed application for a corporate workstation, meaning it was installed by the end user.

THIS ISN’T ABOUT APPLE
Now I want to be clear that I’m not "throwing stones" at Apple. ("People that live in glass houses… blah blah blah.")  I’m fully aware that Microsoft should be the last company throwing stones at any other software developer for writing security hole ridden code. 

What I’m trying to say is that IT desktop folks should be very very concerned about:
– UNPATCHED FLAWS:  Unpatched security flaws on applications on their managed systems
– UNKNOWN APPLICATIONS:  Application installations they don’t know about on their managed systems
– VECTORS OF ATTACK:  Vectors of entry for attacks on potentially dangerous flaws that exists on managed workstations

This means that:
– If you allow any old application to be install on end user’s workstations, you’re looking for trouble
– If you choose not to patch "unauthorized, unapproved" applications on end user’s workstation you’re looking for trouble
– If you’re not monitoring entry points for attacks (like inbound Internet connections, inbound email, workstation firewalls, etc.) you’re looking for trouble

For those of you that are investors:

Microsoft revenue results for the quarter were fueled by strong, broad-based demand across all our customer segments, channels, and regions. Net income and diluted earnings per share for the second quarter were $2.6 billion and $0.26, respectively.

The table below provides a brief summary of results by business group:

The earnings press release is included below and all of the related financial materials are available on the Investor Relations website at http://www.microsoft.com/msft/.  An on-demand webcast will be available for a full year.

Wow.  King James of the Cavaliers is representing Microsoft.  (Stats:  http://msn.foxsports.com/nba/player?statsId=3704)

LeBron James to Appear in Microsoft Ads

SEATTLE – The ever-expanding LeBron James empire is entering a new realm.
Microsoft Corp. is using the NBA star to promote next week’s consumer release of its new Windows Vista operating system. James will make what a Microsoft spokesman described Tuesday as cameo appearances on national television commercials that will begin airing Jan. 30…

http://www.msnbc.msn.com/id/16780328/

In case you’re wondering, "Huh?  What do I care about Lebron James and what does he have to do with computers?", remember that if you’re reading this blog, you’re probably not the target audience.  If you recall MSN’s "fat blue bumbling butterfly" commercials, you probably thought those were lame as well.  You’d also be surprised to know that that ad campaign was immensely successful:  And it was again, probably not targetted at you. 

For the record, Fortune Magazine thinks it’s a good idea:

Microsoft teams up with the cool kids
‘Willy Gates’ and his software empire are trying to shed a stale image and lure coveted content partners.

NEW YORK (FORTUNE) – When Microsoft takes over the Rockefeller Plaza observation deck Wednesday afternoon, it won’t be to host a tech talk. It’s to get the bright lights of media and entertainment – Bonnie Fuller, Benny Medina, BBDO Worldwide CEO Andrew Robertson – together for "a stimulating conversation about triangulating the sweet spot of pop culture, technology, and brand," according to the invite.

Didn’t see that coming? It might seem a little strange for the software giant to be hosting such a symposium, but it’s actually part of a much bigger trend at Microsoft (Research).

Everyone’s heard the big news about the company: Advertising! Partnerships! Branded entertainment! It’s great, and it’s about time. But what no one’s caught onto is just how completely unexpected – and yes, maybe even cool – those new partners are, from Def Jam President Shawn "Jay-Z" Carter and NBA superstar LeBron James to those pretty politicos the Dixie Chicks and the ever trendy MTV…

http://money.cnn.com/2006/06/07/technology/pluggedin_fortune/index.htm

Check it out — an offer for Windows Vista users only.

Take your mobile PC running Windows Vista to any North American T-Mobile HotSpot between 30th January and 30th April for a complimentary, blazing-fast broadband connection.  This offer goes live today and will not receive further promotion until January 30th, but I wanted readers of this blog to be the first to know:)

Visit www.skysurprise.com for program details.  There you’ll meet Yuri and Sergei, the cosmonauts, and to learn all about the new dance craze, "the cosmonaughty."  Then turn up the volume and dance!

(Taken from http://windowsvistablog.com/blogs/windowsvista/archive/2007/01/24/exclusive-to-windows-vista-users-complimentary-t-mobile-hotspot-access.aspx)

This is a nice article comparing major mobile device OS’s and how they stack up.

How Smartphone Platforms Compare
Business-technology buyer’s guide to the BlackBerry, Linux, Mac OS X, Palm, Symbian, and Windows Mobile platforms.

LINK: http://www.informationweek.com/hardware/showArticle.jhtml?articleID=196902226&pgno=1&queryText=

To attend visit:  https://www.clicktoattend.com/invitation.aspx?code=115220

Introduction
In August of 2005 the United States Congress passed the Energy Policy Act, which changes the dates of both the start and end of daylight saving time (DST). When this law goes into effect in 2007, DST will start three weeks earlier (2:00 A.M. on the second Sunday in March) and will end one week later (2:00 A.M. on the first Sunday in November) than what had traditionally occurred. Microsoft is committed to working with customers to make this transition as seamless as possible for customers affected by these new time changes. We are further committed to working with others in the industry to address the broader challenges presented by this U.S. statute.  Additional Context is available here http://www.microsoft.com/windows/timezone/dst2007.mspx

Impact on Windows Mobile
Devices running Windows Mobile 5.0 and previous versions of Windows Mobile will require an update to change registry settings to adjust the time on the device. Without an update, the device time will be incorrect during the 4 additional weeks of Day Light Savings time this year.

Resolution
Microsoft has developed a Desktop Utility that can be used to update Windows Mobile devices running Windows Mobile 5.0, Windows Mobile 2003, Windows Mobile 2003 Second Edition.  This utility will be available through standard support channels as well as online at http://www.Microsoft.com/windowsmobile/ on February 9^th.

Also note, that during this same time, there will be a special patch available to update Pocket PC 2002 devices as well.