Converting from VMware Workstation to Hyper-V

Why Hyper-V?

The first question is: Why Hyper-V? Depending on your age, the answer could be as simple as: For the same reason that Internet Explorer killed Netscape Navigator. It's good enough, and the price is lower.

A Windows 10 Professional ($140) license is about the same cost as VMware Workstation ($250). Yet, it includes the ability to join a domain, and use BitLocker. AND you get Hyper-V, too. Windows 10 will probably be around for years, with included updates. Plan on re-buying Workstation every year. Are there things that VMware Workstation does better? Probably. But Hyper-V is good enough for many things.

For many of my classes, the student work is distributed as a VMDK file. Yet, I want to be able to run under Hyper-V. There are some forensic ways to do this using dd and boot CD's, but it isn't really an elegant way to go. Fortunately, @da_667 helped me out!
I'm going to paraphrase @da_667. Any errors are mine!

Installing Microsoft Virtual Machine Converter

Download the Microsoft Virtual Machine Converter from: https://www.microsoft.com/en-us/download/details.aspx?id=42497. You want version 3.0 or later. Grab the MSI and install.

Now you need an Administrative PowerShell windows. Hit the start button. Type PowerShell. Right click on "Windows PowerShell" and select "Run as Administrator". Hit Yes if prompted.

Allow the execution of downloaded scripts by typing:

Set-ExecutionPolicy Bypass

Answer Yes.

Load the newly installed PowerShell module by typing:

Import-Module 'C:\Program Files\Microsoft Virtual Machine Converter\MvmcCmdlet.psd1'

Now you're finally ready to do the conversion. 

Converting the VMDK

You're going to run a command that looks like this to do the conversion:

PS C:\WINDOWS\system32> ConvertTo-MvmcVirtualHardDisk -SourceLiteralPath 'C:\Users\markj\vms\import\Sec-511-Linux\Virtual Disk-cl1.vmdk' -VhdType DynamicHardDisk -vhdformat vhdx -Destination 'C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks\'

As far as I can tell, it'll work with two arbitrary files. You don't have to store your disk images anywhere special on disk to get the command to work.

Maybe you'll get lucky and be done at this point. It was never that easy for me.

The Inevitable Error

Here's the infuriating error you'll get:

PS C:\WINDOWS\system32> ConvertTo-MvmcVirtualHardDisk -SourceLiteralPath 'C:\Users\markj\vms\import\Sec-511-Linux\Virtua

l Disk-cl1.vmdk'

ConvertTo-MvmcVirtualHardDisk : The entry 2 is not a supported disk database entry for the descriptor.

At line:1 char:1

+ ConvertTo-MvmcVirtualHardDisk -SourceLiteralPath 'C:\Users\markj\vms\ ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : WriteError: (Microsoft.Accel...nversionService:DriveConversionService) [ConvertTo-MvmcVirtualHardDisk], VmdkDescriptorParseException

    + FullyQualifiedErrorId : DiskConversion,Microsoft.Accelerators.Mvmc.Cmdlet.Commands.ConvertToMvmcVirtualHardDiskCommand

ConvertTo-MvmcVirtualHardDisk : One or more errors occurred.

At line:1 char:1

+ ConvertTo-MvmcVirtualHardDisk -SourceLiteralPath 'C:\Users\markj\vms\ ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : WriteError: (Microsoft.Accel...nversionService:DriveConversionService) [ConvertTo-MvmcVirtualHardDisk], AggregateException

    + FullyQualifiedErrorId : DiskConversion,Microsoft.Accelerators.Mvmc.Cmdlet.Commands.ConvertToMvmcVirtualHardDiskCommand

PS C:\WINDOWS\system32> 

Or, if you prefer graphics:

Like, I have no idea what any of that means.

The Fix

This sounds scary, but isn't. :)

Open up the VMDK file in your editor of choice. I used Notepad++ but Notepad or any normal ASCII text editor will work fine. Heck, if you've got Bash on Ubuntu on Windows installed, you could use vi!

Find the line in the vmdk file that looks like:

ddb.toolsInstallType = "2"

and just comment it out with a #, so it looks like this:

#ddb.toolsInstallType = "2"

That should be it!

Re-Run your conversion and it should work fine!

Like this:

PS C:\WINDOWS\system32> ConvertTo-MvmcVirtualHardDisk -SourceLiteralPath 'C:\Users\markj\vms\import\Sec-511-Linux\Virtual Disk-cl1.vmdk' -VhdType DynamicHardDisk -VhdFormat vhdx -DestinationLiteralPath C:\Users\markj\vms\sec-511-linux\

Now you should have a VMDK file all ready to go.

Creating the new Hyper-V VM

I'm going to skimp on this part because there are plenty of tutorials out there on how to do this. Basically, use the "New Virtual Machine" function to create the new VM. When you get to the "Connect Virtual Hard Disk" option, select "Use an existing virtual hard disk" and point it to the image you just created.

And you're done!

Virtualization of HP NonStop / Tandem

I wanted to educate myself on Tandem / HP NonStop systems. These are my notes.
I've worked with Solaris, AIX, and Linux. I've also worked with HP-UX on HP/9000's on PA-RISC and Itanium. I've worked with HP/3000 administrators. But I wasn't as familiar with "Tandem"s as I'd like. So, I did some research. 

First, they stopped using the "Tandem" name when they were bought by Compaq 20 years ago. They're HP NonStop systems now.

The notes in the graphics have lots of other information. I created all of the graphics myself. License notes are below.

Virtualization you know

Most security professionals are familiar with VMware ESXi, Hyper-V, QEMU, or other virtualization style technologies which let you run multiple OS instances and applications on a single piece of hardware. Like this:

Tandem / HP NonStop Virtualization

Virtualization on Tandem (now called HP NonStop) is totally different. Today, we'd call them clusters. The idea is that one OS image runs across multiple hardware servers. Servers are connected to multiple network ports and storage devices. Each network and storage device is connected to multiple servers. That way, if one server, NIC, RAID card, disk, DIMM, CPU, or any other component dies, the application stays up. Way cool stuff.

The Wikipedia Article on Tandem has great information as well.

Summary / Implications

In the ESXi environment that most people are familiar with, you could have "high security" and "low security" VM's running in the same cluster. The Hypervisor should keep an adversary from jumping from a compromised low security VM to a high security one. NonStop OS provides no such segmentation. If your application is exposed to the Internet, per say, then the whole OS and everything that runs in it is also exposed.

Each deployment will have to consider that with their organization's risk appetite.

Resources

• http://www8.hp.com/h20195/V2/GetDocument.aspx?docname=4AA4-2988ENW&cc=us&lc=en
• http://h20223.www2.hp.com/NonStopComputing/cache/76809-0-0-0-121.html
• http://en.wikipedia.org/wiki/Tandem_Computers
• http://www.serverwatch.com/server-news/hp-extends-itanium-nonstop-servers.html
• http://www.scribd.com/doc/237725464/HP-NonStop-Server-Virtualization-Primer#scribd
• http://en.wikipedia.org/wiki/Itanium#Itanium_9500_.28Poulson.29:_2012
• http://www.tandsoft.com/pdf/N2TUG%202013%20Vendor%20Presentation.pdf
• http://www.isaca.org/Groups/Professional-English/hp-nonstop-tandem/Pages/Overview.aspx

Thanks for reading!

---

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Editing a Windows Registry Under Linux

Forensicators frequently find themselves working with Windows systems under Linux. The hivex tools let you do that.

Under Fedora (tested under 20), a simple "yum install hivex" gives you the tools you need to navigate and dump registry files.

Windows 8 Cursors over RDP

Hello Reader(s),

I recently ran into issues when using Remote Desktop Protocol, RDP, (specifically using the Linux rdestop tool) to access a Windows 8 machine. The issue was that the mouse cursor was not visible.

I was able to fix this by:

1. Hit Windows-E to bring up Explorer
2. Right click on "This PC"
3. Select Properties, like this:
   
4. In the box that pops up, select "Advanced System Settings". I just kept hitting Tab to move the cursor there rather than using the mouse to guess.
5. In the System Properties dialog, go to the Performance box and select "Settings...". Like this:
   
6. In the "Performance Options" dialog box, (use the tab key to) select "Adjust for best performance".
7. Then, I did Alt-A to Apply and just hit Enter to close the box.
8. At this point, I had my mouse cursor back!

I hope this works for you, too!

MJ

TPM and Multiple Machines

Hey guys,

My my current employer is considering a full disk encryption (FDE) technology which uses TPM's instead of our current software based solutions with passwords. I'm doing some testing.

Quick aside: In short, right now, users type in a password (encryption key) when their machine boots. The solution we're considering (BitLocker) stores the encryption keys in the special TPM chip on supported computers.

Normally, most people's experience with TPM's is on laptops. They're rare on desktop machines. I much prefer working with desktops. Thus, my home lab had no TPM support. I have two motherboards with headers for TPM's. A quick Amazon search found a TPM which Prime quickly delivered. So, I setup Windows 8.1 Enterprise Evaluation edition on an OCZ ssd.

I installed the TPM module in the motherboard. Then, I configured it. And booted into Windows.
This was the surprisingly difficult part. Using the Control Panel applet to configure BitLocker led to nothing but frustration. I finally found some instructions on how to force BitLocker to use the TPM (By default, it appears to NOT use the TPM.) Here's the command that did it:

manage-bde -on C:

Some testing indicated that everything worked as expected (could seamlessly boot into Windows 8.1; loading the drive into a forensic workstation showed a garbled mess; etc.). Now, for the fun part. The part that you can't do with a laptop.

I took the drive and the TPM out of my initial build machine and put it in a test machine; configured the BIOS; booted. Useless. Windows wouldn't boot as it couldn't decrypt the drive. I was hoping that I'd be able to use the drive; no such luck.

Finally, I returned the TPM and drive back to the original machine. Everything worked fine. ("manage-bde -status") still shows the drive as encrypted.

I'm torn. On one hand, I'm glad that the encryption protected the data even after the drive and the TPM were moved into a different machine. Let's face it: you'd have to have a VERY determined adversary to try something like pulling a TPM off of a laptop motherboard. On the other hand, in an enterprise environment, sometimes data recovery means that you need access to data even if the original machine is b0rked. I guess that's what MBAM is for.

MJ

Linux Setup Document

This post is basically for myself. I'm a big fan of Fedora Linux. This document goes through all of the different small setup things I do when setting up a new workstation. I put it here in the hopes that someone else can learn from my methods (and maybe improve on them!)

• yum install eterm Eterm e16 enlightenment pv pbzip2 yum-downloadonly gkrellm sysstat unrar rar tcpreplay wireshark
•  vi /etc/cron.d/sysstat
  Change the first line to run every 2 minutes, rather than 10
• vi /etc/logrotate.conf
  Set to keep 104 weeks of logs
  Uncomment the compress line
• time yum update yum\*
• time yum update rpm\*
• time yum --downloadonly update
• vi /etc/grub2.cfg
  Remove quiet & rhgb
  kill the load_video stuff
• time yum update
• Reboot

Install Google Chrome and plugins:

• Goto http://www.google.com/ click on the blue button to download the rpm. Install it.
• Launch Google Chrome
• Install Google Voice / Chat Video plugin thing. How
• Install google-musicmanager

Install CERT Forensics Tools:

• yum install http://www.cert.org/forensics/tools/cert-forensics-tools-release-17.rpm
• yum install CERT-Forensics-Tools

 Install 3rd party repo's and multimedia tools:

• yum localinstall http://rpm.livna.org/livna-release.rpm
• yum localinstall http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-stable.noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-stable.noarch.rpm
• TBD
• yum install vlc mplayer mplayer-gui

I'll be updating this as I learn new tricks. Feel free to add your own below!

Porn on Wikipedia

Ever have one of those moments when you realize you're dumber than you thought you were? Yup. I just had one. Ignorance is bliss and all that? Yup.

Apparently Wikipedia has porn. And not just "normal" porn. Some pretty ... how shall I say? specific? sub-sub-sub genres. Did I spend all morning searching this out? Nope. Slashdot has a story about the Wikipedia Board delaying their installation of a content filter. (Quick definition Content Filter: A piece of software which would run on Wikipedia's servers to examine all uploaded content to determine if they were pornographic in nature or violate Copyright. If the uploaded content matches any of those then the upload would be prohibited; or, maybe just flagged for review by someone else. The content in question would include images, videos, articles, and audio files.)

Now, I think that the Wikimedia Board and Foundation do great things. They don't accept advertisements, which means that they don't have a bunch of money. Designing, testing, and implementing a system such as this is quite expensive. Even just buying one "off the shelf" would be quite a project.

• Think of this from the perspective of a software vendor: If you had a small software company that made a product like this, all you'd have to do is make a tax deductible donation to the Wikimedia foundation of a copy of your software along with a few thousand dollars worth of servers to run it on. Then, you could walk into any potential customer and say, "We do this for Wikipedia. You will throw nothing at us that we haven't seen before." It'd be very easy selling for your company from here on out. Any company in this space with a good product would be dumb not to do this. No company has done this yet. Therefore, no one has a good product. Therefore, this must be an incredibly hard problem to solve.

Larry Sanger's article about this is fascinating to me. He's got the examples of why this type of Content Filter may be required. For the many years that I've been using (and contributing to) Wikipedia, I've always assumed it was safe. I figured there was an article on "Sex" with nice, clinical information. I had no idea what was all out there.

• Who's Larry Sanger? It appears that he's a co-founder of Wikipedia.

PAN Silent Packet Drops in 3.1.8

This is more of an FYI. I want to share what my company is going through so we can all learn from each other.

We monitor our network by sending out pings every 500ms. We have multiple ping sources going to scores of endpoints. Then, we correlate and report on the data. We've been doing this for years. We've got a good understanding of what "normal" looks like on the network.

We upgraded a Palo Alto Networks PA-4020 (Threat Protection & URL Filtering, two vwires) from 3.1.4 to 3.1.8. Within hours, that firewall started experiencing "incidents". In each incident, the device would stop passing traffic for up to 15 seconds. Of course, the logs and counters don't show anything abnormal. Every few hours, the system would experience an incident. Sometimes at 03:00, but usually during business hours. It did seem to be somewhat load related. (High load on this box is a few hundred Mbit/sec)

Support didn't seem to believe us that this was a problem. After about a week / ten days, we gave up on getting support engaged to understand the problem, and we rolled back to 3.1.4. Everything has been fine since then.

Since then, we've got support engaged and looking at the problem. They're saying that there haven't been any fixes in 3.1.9 for issues like this. In other words, they're recommending we avoid 3.1.9 as we'll likely have the same problem.

Is anyone else running these versions of code? Do you have good monitoring like this? If I gave you some scripts, would you let me know how it goes?

We do have 3.1.8 on over a dozen other 4020's and it is working fine. Very different traffic loads on those devices and no URL filtering.

We played with 4.0 for a bit... and then went back to 3.1 for stability. Don't even get me started on 4060's: The solution to one of my tickets is "Just keep rebooting until it works".

If you're seeing silent packet drops in 3.1.8 or 3.1.9, you're not the only one.

This is cross posted to PAN's support forums.

New Email Worm Squirming Through Outlook Users' Inboxes

This SUCKS!

Someone just proved that malware delivery techniques from ten years ago still work. Which means every hacker-for-hire group, every bored college Freshman that's just back at University, and FD script kiddie is going to be analyzing every old technique, seeing which ones still apply. I predict we'll see additional copy-cats of this throughout the next 72 hours. Some may be silly, others will be malicious.

This reminds me of the Solaris in.telnetd vulnerability from 2007. For those not familiar: http://www.kb.cert.org/vuls/id/881872 Basically, there was a vulnerability in Solaris 10's telnet daemon. Not a huge deal except for two things:

• This vulnerability did not exist in previous versions of Solaris


• This vulnerability had been fixed in AIX and Linux 13 years prior

To be fair, Solaris in 1994 was not vulnerable; at some point, the vulnerability was added to Solaris 10.

How is this relevant to the "new" email worm? After the Solaris vuln was published (with exploit code), people started going after all kinds of other things that they had assumed were "fixed". Many, but not all, remained fixed. I predict the same will happen here.

What's next? Another remote code execution vulnerability in Windows(R) animated cursors?

New Email Worm Squirming Through Windows Users' Inboxes: "Trailrunner7 writes 'There appears to be an actual email worm in circulation right now, using the tried-and-true infection method of sending emails containing malicious executables to all of the names in a user's email address book. The worm arrives via emails with the subject line 'Here You Have' or something similar, and the messages contain a link to a site that will download a malicious file to the victim's PC. The malware then drops itself into the Windows directory with a file name of CSRSS.EXE, which is identical to a legitimate Windows file. From there, it's 2001 all over again, as the worm attempts to mail itself to all of the contacts in the victim's Outlook address book.'

Read more of this story at Slashdot.

"

My Beautiful Wife

While going through old pictures, I found these pictures of my beautiful wife. :)

Enjoy!

Deleted after my wife complained about the pictures.

Cobo NAIAS Fire

So, I was at Cobo yesterday for the Detroit Auto Show / North American International Auto Show.

Of course, there was the fire. Here's some quick video I shot as the security guards were ushering everyone out:

Video 1:

NAIAS Cobo Fire 2010 #1 from Mark J on Vimeo.

Video 2:

NAIAS Cobo Fire #2 from Mark J on Vimeo.

MJ

The Google Hack

I admit. When I first read Google's post about getting hacked, I was pretty stoked about how they were going toe to toe with one of the world's most powerful and "meanest" governments.

I then realized that the most important part was in the first paragraph, "resulted in the theft of intellectual property from Google". The next nine paragraphs just put an interesting, humanitarian spin on things.

John Markoff and Ashlee Vance just published "Fearing Hackers Who Leave No Trace". In it, they discuss why it is a big deal for someone to hack into Google, Adobe, or the other companies. It is well worth the read.

And, if you've missed it:

• http://blogs.technet.com/msrc/archive/2010/01/19/security-advisory-979352-going-out-of-band.aspx This site looks down now. But, this is where Microsoft has announced that they're releasing an Out of Band patch for this IE issue.


• Microsoft advises using IE 8 instead of version 6 or 7 as it is "less vulnerable". Not "safe", just less bad.


• Not so fast says Vupen. They say that IE8 is just as vulnerable as anything else. They all suck.


• New Windows(R) kernel Vulnerability. To top it all off, Tavis Ormandy has just published a new vulnerability in the Windows Kernel. Which versions? Oh, just those in NT 3.1 through Windows 7. That includes the Server versions (like 200{0,3,8} as well as things like XP) since they're all on the same happy kernels. What kind of vulnerability? Privilege Escalation. So, as long as you can execute any code on the box, you can now escalate to full privileges. Nice.
  

Status Mail

Below is a scrubbed version of a status email I put together for my management on the new Microsoft Vulnerability.

A few days ago, Google published a not saying that they were targeted by an adversary which successfully

On January 12th I (and thousands of others!) received notice from Google saying that they "detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google." Note that the attack was not on Google's products (web search, advertising, YouTube, Gmail, etc.). The attack was against Google corporate, which is likely protected with the same kinds of firewalls, IPS, and AV which any Fortune 500 company uses. Google also mentioned that, in the course of investigating the attack, they discovered that they were only one of many companies that were targeted as part of the same attack.

On January 14, George Kurtz (McAfee's CTO) published information saying that they are "working with multiple organizations which were impacted by the attack" that famously hit Google. As part of their investigation, they found a new Zero Day exploit in Internet Explorer. George goes on to say:


As with most targeted attacks, the intruders gained access to an organization by sending a tailored attack to one or a few targeted individuals. We suspect these individuals were targeted because they likely had access to valuable intellectual property. These attacks will look like they come from a trusted source, leading the target to fall for the trap and clicking a link or file. That’s when the exploitation takes place, using the vulnerability in Microsoft’s Internet Explorer.

Once the malware is downloaded and installed, it opens a back door that allows the attacker to perform reconnaissance and gain complete control over the compromised system. The attacker can now identify high value targets and start to siphon off valuable data from the company.

Our investigation has shown that Internet Explorer is vulnerable on all of Microsoft’s most recent operating system releases, including Windows 7. Still, so far the attacks we’ve seen using this vector have been focused on Internet Explorer 6.

End Quote

Microsoft's Response: Normally, Microsoft tempers their Security Advisories by trying to make customers understand to what degree adversaries are exploited an particular vulnerability. Version 1.0 of the security advisory mentions that they are only aware of one customer who was actually hit by an exploit for this vulnerability. I have never seen Microsoft publish a SA without there being some type of wide-spread exploitation. Microsoft has no acceptable work around.

Germany has taken an unheard of step. The German Office for Internet Security has recommended that citizen not use Internet Explorer version 6, 7, or 8 on Windows XP, Vista, or Windows 7 until Microsoft issues a patch.

McAfee (and others) have reported that code to exploit the IE vulnerability is public.

Anti-virus is of limited use against this threat. Anti-Virus works best against exploits which many customers have already seen. A dedicated attacker could download a malware toolkit, create the exploit, and send it to a few employees in minutes. It would be an attack that the AV has never seen before, and thus can only provide limited protection.

References:
http://googleblog.blogspot.com/2010/01/new-approach-to-china.html

http://arstechnica.com/security/news/2010/01/researchers-identify-command-servers-behind-google-attack.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss

http://siblog.mcafee.com/cto/operation-%E2%80%9Caurora%E2%80%9D-hit-google-others/

http://siblog.mcafee.com/cto/%E2%80%9Caurora%E2%80%9D-exploit-in-google-attack-now-public/

http://www.microsoft.com/technet/security/advisory/979352.mspx

http://www.dw-world.de/dw/article/0,,5132998,00.html

An Inflection Point in Information Security

Very recently, The Microsoft Security Response Center (MSRC) published a blog post about Security Advisory 979352. Go ahead and take a minute to read the blog post. The Security Advisory is only interesting from a comical (not informational) perspective.

This is crazy, on two fronts. First, it's like a security advisory from Ms. Cleo "Ya' gots som'body doin' sum'tin' baaaaaadd on yo' network! Ya gots ta' fix da Intanet Explora!" There's less detail than in ... well, a Microsoft security bulletin. A third grader could've published something with more actionable intelligence in it.

Second, Um... but, targeted attacks have been going on FOR A LONG TIME. Now Google decides to go public about one of their's, with only a few blog posts, I might add. That's all it took? One company to make a stink about it? Just had to be the right company, I guess. (This behavior of American media only paying attention to "celebrities" (whether they are Paris Hilton or Google) and ignoring "experts" (SANS, other Information Security groups) is ridiculous, but that's another blog posting)

We've crested an inflection point in the Information Security Industry. Here's what I mean:

• Google has gone public about them falling victim to a targeted attack which appears to have used vulnerabilities in IE and Adobe Reader. They point out that many other, very large organizations were also attacked.
• Adobe responds by saying that everyone should (purchase an) upgrade to the latest and greatest Acrobat version which has 90% more securification. Or, something like that...
• Microsoft has published a security advisory (granted: with zero detail) for something that only one customer has reported. This is a huge change for Microsoft. Historically, Microsoft has tried to temper reported vulnerabilities by saying that only small numbers of companies had been effected or such. This is a new direction for them. Hopefully one which will continue.

It appears that we're crossing an inflection point in the history of Information Security. Companies which are serious about security have been spending large amounts of money on their Information Security programs. First, they have to understand what's happening on their networks; which is no easy task. Second, they have to recognize when they're being attacked; which is even harder. Here's where it gets really difficult: At this point you need a two pronged approach to understand if the attack was successful, and understand the damage; the second prong is to figure out how to defend yourself against that attack in the future.

In the past, these companies have relied on best-of-breed commercial and open source tools which consistently failed to meet their needs. So, they've spent countless man-hours creating custom tools to fill the gaps. They've spent countless hours fighting vendors who blew them off because they were the "only one" experiencing said problem.

Now (I hope!) the tables have finally turned. Google (who loves to tote that their key servers run Linux) has forced Microsoft to publicly acknowledge a vulnerability which only caused financial harm for one company. Google is forcing a major world government to rethink their policies.

Google is forcing every company out there to rethink their security policies, written and unwritten. Every company now knows that they bad people out there will work hard to get at their data.

Links:

• Microsoft Blog Post
• Microsoft Security Advisory (979352)
• McAfee Gets It: Read the ending paragraphs
• Slashdot Article

Crazy Coworkers

So, I was at a team meeting this morning...

I've got a co-worker who has either had the most interesting life evar, or is a habitual liar.  At this point, I'm not sure which.  He told the following stories today:

• He went out drinking.  Passed out.  Woke up in the Rio Grande river.  Had no idea how he got there.  Marines helped him home.
• Was in high school, in England, in a boarding school.  Got drunk.  Real drunk.  Puked out a window.  Of the third story.  Onto a kid sitting outside smoking.  Said kid was unhappy, came up to find him, and pummeled him.

I have no idea if either (both?) of these are legit, but damn.

Indy 500 Pics

 

Boo

Blogs are dumb.

Hopefully I'll be putting some pictures up here soon. We'll see.

markjx