Firefox 3 today

Today is Firefox 3 Tuesday.  So this is just a reminder to go download it today!

 Subscribe in a reader

iPhone Countdown to 3G

Here you go, a little Countdown Widget for Dashboard, it counts down to the iPhone release date.  July 11th at 6 pm.  Enjoy.

http://joelesler.net/files/iPhone_Countdown.zip

 Subscribe in a reader

Firefox 3 today

Today is Firefox 3 Tuesday.  So this is just a reminder to go download it today!

 Subscribe in a reader

iPhone Countdown to 3G

Here you go, a little Countdown Widget for Dashboard, it counts down to the iPhone release date.  July 11th at 6 pm.  Enjoy.

http://joelesler.net/files/iPhone_Countdown.zip

 Subscribe in a reader

iPhone 3G activation in store or not?

Talked to a guy at a local AT&T store here this weekend.  He indicated to me this:

"part of the activation will be done in store, and some of it will be done at home"

Now, I am not sure what that means, maybe the activation of the plan will be done in-store, then you go home and actually set up/sync your device?  Or you will attach your phone to something they have, so they can tie your name to the phone, and if you don't activate it, then you get penalized in 30 days?

I've heard rumors.

 Subscribe in a reader

iPhone 3G activation in store or not?

Talked to a guy at a local AT&T store here this weekend.  He indicated to me this:

"part of the activation will be done in store, and some of it will be done at home"

Now, I am not sure what that means, maybe the activation of the plan will be done in-store, then you go home and actually set up/sync your device?  Or you will attach your phone to something they have, so they can tie your name to the phone, and if you don't activate it, then you get penalized in 30 days?

I've heard rumors.

 Subscribe in a reader

Boss Conference

Sourcefire has announced the first BOSS (Best of Open Source Security) Conference. This event will be held in Las Vegas, in February 2009.  I'm excited about this conference as it would be fun to work at and see alot of the other people in the Open Source community.  I have a few plans for the event, so we'll see.

We have an open call for speakers to take part in the conference. For more information on the conference or to submit a speaker application visit: www.bossconference.com

 Subscribe in a reader

Podcast Episode Six

As always, for your enjoyment, we have published Podcast Episode Six of the Internet Storm Center Podcast.

I'd like to thank all the viewers that were live on the show while broadcasting, it was great having you, maybe next time we'll be able to get more?

We again, had Larry Pesce of PaulDotCom Security Weekly.

Go grab it through iTunes.

As I said in my after-show notes, subscribe to PaulDotCom and our show through iTunes, that way together, we can become more powerful than you can possibly imagine.

Subscribe in a reader

Podcast Episode Six

As always, for your enjoyment, we have published Podcast Episode Six of the Internet Storm Center Podcast.

I'd like to thank all the viewers that were live on the show while broadcasting, it was great having you, maybe next time we'll be able to get more?

We again, had Larry Pesce of PaulDotCom Security Weekly.

Go grab it through iTunes.

As I said in my after-show notes, subscribe to PaulDotCom and our show through iTunes, that way together, we can become more powerful than you can possibly imagine.

Subscribe in a reader

Podcast Episode Six Record Notice

Hey all, just to let you all know Johannes and I (and maybe a guest, don't know yet) will be recording the Internet Storm Center Podcast (Episode 6) tomorrow night at 7:30 pm EDT.  

I'll be broadcasting it live on Ustream:

http://www.ustream.tv/channel/internetstormcenter

See you there if you can make it!

 Subscribe in a reader

Podcast Episode Six Record Notice

Hey all, just to let you all know Johannes and I (and maybe a guest, don't know yet) will be recording the Internet Storm Center Podcast (Episode 6) tomorrow night at 7:30 pm EDT.  

I'll be broadcasting it live on Ustream:

http://www.ustream.tv/channel/internetstormcenter

See you there if you can make it!

 Subscribe in a reader

Office Etiquette (what not to do)

How to toss your co-workers up underneath of a bus:

"John Doe has been out of the office for a few days, but I understand that John will be in this afternoon."

Lesson one: Never tell anyone when someone else will be back in the office, especially when that someone is returning from vacation! Oh, and the fact that this person (John in my example), is not coming into the office this afternoon, but is actually getting off the plane from their vacation this afternoon.

Do you really expect people to drive from the airport directly to work and check their email?

One more Apple post, Snow Leopard

So, in about a year we can expect Apple to release it's next version of OSX, 10.6 affectionately called "Snow Leopard".  Instead of focusing on new features, it is instead going to focus on tuning, performance, and security.  Always a good thing.

So let's take a quick look at the features that we know of so far.

1.  Microsoft Exchange Support -- What?!  Hells yeah.  Enterprise for the Mac, here we come.

2.  64-bit.  Totally.  The ability to theoretically address 16-TB (That's Terabytes, which equals a -load of RAM).  I have 4 Gb of RAM now.  I can't imagine what 16-TB will be.  Not that I'll ever have that much, but it would be cool.  Heh.

3.  True Multicore.  Enuff said.

4.  Quicktime X.

5.  OpenCL (The Open Computing Library), the ability to utilize more of the GPU (Graphics Processing Unit).  Meaning graphics take place where they should be computed, on the graphics card.

Nice.

 Subscribe in a reader

In a World of Apple news, Quicktime 7.5 is out.

In case you didn't catch it yesterday amongst all the other Apple News that was floating around, Quicktime got a security update yesterday to 7.5.    The next version of OSX (Snow Leopard)  will have a totally new version of Quicktime, called Quicktime "X".  I guess Apple is getting tired of fixing the legacy code of Quicktime and is killing it and making a better one.

 Subscribe in a reader

Okay, so here's my iPhone 3G post

No doubt you are reading about the iPhone 3G in 300 other news media outlets today.  However, it would improper for me to call myself an Apple fanatic and not blog about it, so here you go.

1.  I think the price point is beautiful.  299/199.  Now, this includes the AT&T subsidization.  You have to remember that.  The phone isn't any cheaper, just AT&T is giving money to Apple to pay for the phone.  299 is a steal, and the lines to get this phone will be around the block.

2.  You have to buy the phone in the store and activate it in the store.  This is complete horse-sh*t.  That was one of the awesome things I loved about the current iPhone is that you could take it home and activate it.  But there were alot of problems with that.  I remember being stuck in New York City on the launch day last year without an activated phone.  Drove me nuts.

3.  3G/GPS.  As rumored, and it's true.  Next car that I buy will not have the GPS built in (saving me about 3000 dollars).  And since I live in an area that has 3G...  awesome.

4.  MobileMe (while this is not necessarily iPhone related) it's about time that Apple did something with .mac.  Don't get me wrong, I am a .mac user, and I use it all the time, however, I am glad they are doing more with the tech that they built.  I am happy to see that Contacts, Mail, and Calendars will be stored in the cloud and be pushed down to all devices.  This is awesome.

5.  AppStore.  I think there are going to be some very beautiful and useful apps that come out of the AppStore and am excited to see what happens.

Now for a few things that I still don't like.

6.  Lack of MMS.  Come on, let me text friggin pictures!

7.  Can't tether to your laptop (use your iPhone as a modem), but on the other hand, when I had my treo (before my blackberry, before my iPhone), I only used the tethering feature like twice, and it sucked.  So I don't really care.

8.  To-Do's.  I've said it before, and I'll say it again, I want my iPhone to sync To-Do's with my Mac.  Although on the other hand, I really imagine that someone will build an app to be able to have To-Do's synced in the cloud (mobileme) and have them pushed down to all devices, and then there will be a local client app on the iPhone to be able to navigate these.  Duh.

9.  Note syncing.  Will Notes be synced to the cloud (Mobileme)?  Don't know, but hopefully they will, and then hopefully the notes will be pushed down to the iphone's Notes application.

10.  Nothing.

Other than a few points, I will be picking the iPhone up on launch day, just like I did the last one.  There are a few points I am not happy about (like the fact that I have to activate it in the store, what kind of crap is that!), but  I am looking forward to having push email and 3G.

 Subscribe in a reader

Office Etiquette (what not to do)

How to toss your co-workers up underneath of a bus:

"John Doe has been out of the office for a few days, but I understand that John will be in this afternoon."

Lesson one: Never tell anyone when someone else will be back in the office, especially when that someone is returning from vacation! Oh, and the fact that this person (John in my example), is not coming into the office this afternoon, but is actually getting off the plane from their vacation this afternoon.

Do you really expect people to drive from the airport directly to work and check their email?

One more Apple post, Snow Leopard

So, in about a year we can expect Apple to release it's next version of OSX, 10.6 affectionately called "Snow Leopard".  Instead of focusing on new features, it is instead going to focus on tuning, performance, and security.  Always a good thing.

So let's take a quick look at the features that we know of so far.

1.  Microsoft Exchange Support -- What?!  Hells yeah.  Enterprise for the Mac, here we come.

2.  64-bit.  Totally.  The ability to theoretically address 16-TB (That's Terabytes, which equals a -load of RAM).  I have 4 Gb of RAM now.  I can't imagine what 16-TB will be.  Not that I'll ever have that much, but it would be cool.  Heh.

3.  True Multicore.  Enuff said.

4.  Quicktime X.

5.  OpenCL (The Open Computing Library), the ability to utilize more of the GPU (Graphics Processing Unit).  Meaning graphics take place where they should be computed, on the graphics card.

Nice.

 Subscribe in a reader

In a World of Apple news, Quicktime 7.5 is out.

In case you didn't catch it yesterday amongst all the other Apple News that was floating around, Quicktime got a security update yesterday to 7.5.    The next version of OSX (Snow Leopard)  will have a totally new version of Quicktime, called Quicktime "X".  I guess Apple is getting tired of fixing the legacy code of Quicktime and is killing it and making a better one.

 Subscribe in a reader

Okay, so here's my iPhone 3G post

No doubt you are reading about the iPhone 3G in 300 other news media outlets today.  However, it would improper for me to call myself an Apple fanatic and not blog about it, so here you go.

1.  I think the price point is beautiful.  299/199.  Now, this includes the AT&T subsidization.  You have to remember that.  The phone isn't any cheaper, just AT&T is giving money to Apple to pay for the phone.  299 is a steal, and the lines to get this phone will be around the block.

2.  You have to buy the phone in the store and activate it in the store.  This is complete horse-sh*t.  That was one of the awesome things I loved about the current iPhone is that you could take it home and activate it.  But there were alot of problems with that.  I remember being stuck in New York City on the launch day last year without an activated phone.  Drove me nuts.

3.  3G/GPS.  As rumored, and it's true.  Next car that I buy will not have the GPS built in (saving me about 3000 dollars).  And since I live in an area that has 3G...  awesome.

4.  MobileMe (while this is not necessarily iPhone related) it's about time that Apple did something with .mac.  Don't get me wrong, I am a .mac user, and I use it all the time, however, I am glad they are doing more with the tech that they built.  I am happy to see that Contacts, Mail, and Calendars will be stored in the cloud and be pushed down to all devices.  This is awesome.

5.  AppStore.  I think there are going to be some very beautiful and useful apps that come out of the AppStore and am excited to see what happens.

Now for a few things that I still don't like.

6.  Lack of MMS.  Come on, let me text friggin pictures!

7.  Can't tether to your laptop (use your iPhone as a modem), but on the other hand, when I had my treo (before my blackberry, before my iPhone), I only used the tethering feature like twice, and it sucked.  So I don't really care.

8.  To-Do's.  I've said it before, and I'll say it again, I want my iPhone to sync To-Do's with my Mac.  Although on the other hand, I really imagine that someone will build an app to be able to have To-Do's synced in the cloud (mobileme) and have them pushed down to all devices, and then there will be a local client app on the iPhone to be able to navigate these.  Duh.

9.  Note syncing.  Will Notes be synced to the cloud (Mobileme)?  Don't know, but hopefully they will, and then hopefully the notes will be pushed down to the iphone's Notes application.

10.  Nothing.

Other than a few points, I will be picking the iPhone up on launch day, just like I did the last one.  There are a few points I am not happy about (like the fact that I have to activate it in the store, what kind of crap is that!), but  I am looking forward to having push email and 3G.

 Subscribe in a reader

Okay, its hot

Stupid hot

AT&T Outage?

I live in Delaware --

Getting reports of outages on AT&T's network around here.  Data seems to be working intermittently, calls aren't working, however, sms seems to be working fine.  

New iPhone supposedly coming out today?  Coincidence?

 Subscribe in a reader

Okay, its hot

Stupid hot

AT&T Outage?

I live in Delaware --

Getting reports of outages on AT&T's network around here.  Data seems to be working intermittently, calls aren't working, however, sms seems to be working fine.  

New iPhone supposedly coming out today?  Coincidence?

 Subscribe in a reader

Is "X" a security risk?

This post is in response to a buddy of mine's, Martin McKeay over at the "Network Security Blog".   He has a post entitled "Is Twitter a risk?".  Well, of course Twitter is a risk.  Of course Email is a risk, of course "X" is a risk!  Everything is a risk, but you have to get to a point where you have to do the balancing act between what is allowed and what isn't allowed.   If you won't want to allow Twitter in the work place, then there are many ways to ban things like that (websense, proxies, etc).   I don't want to pick on Twitter, because I am on Twitter.  But any "Service" is going to pose a risk.  

Heck, SSH at my house poses a greater risk than anything I can post on Twitter.  You know how much data one person who knew what to do could offload from your corporation to their house via SSH?  The possibilities are endless.

At some point you prevent your employees from doing bad things, at some point you prevent your employees from doing things to your networks, and other people's networks.  But at some point you have to invest a certain amount of trust in users.  And I know people are going to disagree with me and say "never trust your users!".  Which, is mostly a good philosophy, but it's a delicate balancing act.  Where do you draw the line?

 Subscribe in a reader

Is "X" a security risk?

This post is in response to a buddy of mine's, Martin McKeay over at the "Network Security Blog".   He has a post entitled "Is Twitter a risk?".  Well, of course Twitter is a risk.  Of course Email is a risk, of course "X" is a risk!  Everything is a risk, but you have to get to a point where you have to do the balancing act between what is allowed and what isn't allowed.   If you won't want to allow Twitter in the work place, then there are many ways to ban things like that (websense, proxies, etc).   I don't want to pick on Twitter, because I am on Twitter.  But any "Service" is going to pose a risk.  

Heck, SSH at my house poses a greater risk than anything I can post on Twitter.  You know how much data one person who knew what to do could offload from your corporation to their house via SSH?  The possibilities are endless.

At some point you prevent your employees from doing bad things, at some point you prevent your employees from doing things to your networks, and other people's networks.  But at some point you have to invest a certain amount of trust in users.  And I know people are going to disagree with me and say "never trust your users!".  Which, is mostly a good philosophy, but it's a delicate balancing act.  Where do you draw the line?

 Subscribe in a reader

Genius

I know its kinda hard to see, but, see the green thing on the right in
the photo? Business card holder on the back of a car with "take one -
>" next to it.

Great idea.

Genius

I know its kinda hard to see, but, see the green thing on the right in
the photo? Business card holder on the back of a car with "take one -
>" next to it.

Great idea.

Apple also released Security Update 2008-003

• AFP Server

Issue: Files that are not designated for sharing may be accessed
remotely
Solution: Deny access to files and folders that are not inside a
folder
designated for sharing
Credit: Alex deVries and Robert Rich

• Apache

Issue: Multiple vulnerabilities in Apache 2.0.55, including cross-site
scripting.
Solution: Apache is updated to version 2.0.63 to address several
vulnerabilities
Note: This is for Mac OS X Server 10.4.x systems, since Leopard ships
with Apache 2.2.x.

• AppKit

Issue: Maliciously crafted file, unexpected application termination,
arbitrary code execution
Solution: Improved validation of document files.
Credit: Rosyna of Unsanity

• Apple Pixlet Video

Issue: Vulnerability to unexpected application termination, arbitrary
code execution
Solution: Improved bounds checking.

• ATS

Issue: Vulnerability to arbitrary code execution
Solution: Additional validation of embedded fonts.
Credit: Melissa O'Neill of Harvey Mudd College

• CFNetwork

Issue: Vulnerability leading to disclosure of sensitive information
Solution: User prompts

• CoreFoundation

Issue: Vulnerability leading to unexpected application termination or
arbitrary code execution
Solution: Additional validation of length parameters.

• CoreGraphics

Issue: Vulnerability that may lead to an unexpected application
termination or arbitrary code execution
Solution: Proper initialization of pointers

• CoreTypes

Issue: Lack of prompting against opening "certain potentially unsafe
content types" in Automator, Help, Safari, and Terminal
Solution: Enhancements to Download Validation in Mac OS X v10.4, and
Quarantine in Mac OS X v10.5
Credit: Brian Mastenbrook

• CUPS

Issue: Information disclosure
Solution: Validation of environment variables

• Flash Player Plug-in

Issue: Arbitrary code execution
Solution: Updating to version 9.0.124.0

• Help Viewer

Issue: Vulnerability to application termination or arbitrary code
execution
Solution: Improved bounds checking
Credit: to Paul Haddad of PTH Consulting

• iCal

Issue: Vulnerability to unexpected application termination or
arbitrary
code execution
Solution: "Improving reference counting in the affected code"
Note: This issue only affects pre-Mac OS X 10.5 systems.
Credit: Rodrigo Carvalho of Core Security Technologies

• International Components for Unicode

Issue: Disclosure of sensitive information
Solution: "...replacing invalid character sequences with a fallback
character."

• Image Capture

Issue: Path traversal vulnerability
Solution: Improved URL handling

Issue: Privilege elevation
Solution: Improved handling of temporary files

• ImageIO

Issue: Out-of-bounds memory read leading to information
disclosure
Solution: Additional validation of BMP and GIF images
Credit: Gynvael Coldwind of Hispasec

Issue: Multiple vulnerabilities in libpng version 1.2.18
Solution: Updating to version 1.2.24

Issue: Vulnerability to unexpected application termination or
arbitrary code execution
Solution: Additional validation of JPEG2000 images.

• Kernel

Issue: Remote vulnerability to unexpected system shutdown due
to undetected failure condition
Solution: Proper detection of the failure condition.

Issue: Local user vulnerability to unexpected system shutdown
due to mishandling of code signatures
Solution: Perform additional validation of code signatures

• LoginWindow

Issue: Race condition preventing MCX preferences being applied
Solution: Eliminate the race condition

• Mail

Issue: IPv6 vulnerability leading to unexpected application
termination, information disclosure, or arbitrary code execution
Solution: Properly initializing variable.
Credit: Derek Morr of The Pennsylvania State University

• ruby

Issue: Remote vulnerability
Solution: Mongrel updated to version 1.1.4

• Single Sign-On

Issue: Password disclosure in sso_util
Solution: Make password parameter optional, force sso_util to promp
Credit: Geoff Franks of Hauptman Woodward Institute

• Wiki Server

Issue: Remote vulnerability to information disclosure
Solution: Improved handling of error messages
Credit: Don Rainwater of the University of Cincinnati

Apple also released Security Update 2008-003

• AFP Server

Issue: Files that are not designated for sharing may be accessed
remotely
Solution: Deny access to files and folders that are not inside a
folder
designated for sharing
Credit: Alex deVries and Robert Rich

• Apache

Issue: Multiple vulnerabilities in Apache 2.0.55, including cross-site
scripting.
Solution: Apache is updated to version 2.0.63 to address several
vulnerabilities
Note: This is for Mac OS X Server 10.4.x systems, since Leopard ships
with Apache 2.2.x.

• AppKit

Issue: Maliciously crafted file, unexpected application termination,
arbitrary code execution
Solution: Improved validation of document files.
Credit: Rosyna of Unsanity

• Apple Pixlet Video

Issue: Vulnerability to unexpected application termination, arbitrary
code execution
Solution: Improved bounds checking.

• ATS

Issue: Vulnerability to arbitrary code execution
Solution: Additional validation of embedded fonts.
Credit: Melissa O'Neill of Harvey Mudd College

• CFNetwork

Issue: Vulnerability leading to disclosure of sensitive information
Solution: User prompts

• CoreFoundation

Issue: Vulnerability leading to unexpected application termination or
arbitrary code execution
Solution: Additional validation of length parameters.

• CoreGraphics

Issue: Vulnerability that may lead to an unexpected application
termination or arbitrary code execution
Solution: Proper initialization of pointers

• CoreTypes

Issue: Lack of prompting against opening "certain potentially unsafe
content types" in Automator, Help, Safari, and Terminal
Solution: Enhancements to Download Validation in Mac OS X v10.4, and
Quarantine in Mac OS X v10.5
Credit: Brian Mastenbrook

• CUPS

Issue: Information disclosure
Solution: Validation of environment variables

• Flash Player Plug-in

Issue: Arbitrary code execution
Solution: Updating to version 9.0.124.0

• Help Viewer

Issue: Vulnerability to application termination or arbitrary code
execution
Solution: Improved bounds checking
Credit: to Paul Haddad of PTH Consulting

• iCal

Issue: Vulnerability to unexpected application termination or
arbitrary
code execution
Solution: "Improving reference counting in the affected code"
Note: This issue only affects pre-Mac OS X 10.5 systems.
Credit: Rodrigo Carvalho of Core Security Technologies

• International Components for Unicode

Issue: Disclosure of sensitive information
Solution: "...replacing invalid character sequences with a fallback
character."

• Image Capture

Issue: Path traversal vulnerability
Solution: Improved URL handling

Issue: Privilege elevation
Solution: Improved handling of temporary files

• ImageIO

Issue: Out-of-bounds memory read leading to information
disclosure
Solution: Additional validation of BMP and GIF images
Credit: Gynvael Coldwind of Hispasec

Issue: Multiple vulnerabilities in libpng version 1.2.18
Solution: Updating to version 1.2.24

Issue: Vulnerability to unexpected application termination or
arbitrary code execution
Solution: Additional validation of JPEG2000 images.

• Kernel

Issue: Remote vulnerability to unexpected system shutdown due
to undetected failure condition
Solution: Proper detection of the failure condition.

Issue: Local user vulnerability to unexpected system shutdown
due to mishandling of code signatures
Solution: Perform additional validation of code signatures

• LoginWindow

Issue: Race condition preventing MCX preferences being applied
Solution: Eliminate the race condition

• Mail

Issue: IPv6 vulnerability leading to unexpected application
termination, information disclosure, or arbitrary code execution
Solution: Properly initializing variable.
Credit: Derek Morr of The Pennsylvania State University

• ruby

Issue: Remote vulnerability
Solution: Mongrel updated to version 1.1.4

• Single Sign-On

Issue: Password disclosure in sso_util
Solution: Make password parameter optional, force sso_util to promp
Credit: Geoff Franks of Hauptman Woodward Institute

• Wiki Server

Issue: Remote vulnerability to information disclosure
Solution: Improved handling of error messages
Credit: Don Rainwater of the University of Cincinnati

Apple posts Mac OS X 10.5.3 Update

Apple has released the 10.5.3 update for OSX Leopard.  I'll install it and let you know my feedback, however, in the meantime, here is a list of issues that have been fixed.

• General
  

Fixes a font issue that could result in Helvetica Narrow being used in applications instead of Helvetica.
Addresses an issue with stuttering video and audio playback in certain USB devices.
Resolves stability issues with Word of the Day, iTunes Artwork, and Slideshow screen savers.
Fixes an issue in which certain attached hard drives may not show up in the Finder.
Addresses an issue with .Mac syncing of Dashboard widgets over multiple Macs that use different screen resolutions.
Includes additional RAW image support for several cameras.
Improves the accuracy of the Software Update progress bar indicator.
Addresses an issue in which Finder may not be available if the computer name is blank in Sharing preferences.
Improves Active Directory binding and login.
Eliminates a delay when logging in as an Active Directory user in a .local domain.
Improves Spotlight searches on a AFP file server volumes.
Clients can now change their password at the login window when bound to a Mac OS X 10.4 Open Directory server.
Improves Safari reliability when connecting to the Internet through a Microsoft ISA proxy.

• Address Book
  

Addresses reliability issues when searching for contacts using built-in search.
Resolves issues with mapping addresses that contain an ampersand character (&).

• AirPort
  

Improves 802.1X behavior and reliability.
Improves reliability when using Time Capsule.

• Automator
  

Addresses an issue in which some actions may not work with the "Show When Run" option enabled.
Resolves an issue in which the "New iCal Event" action may not work.
Resolves an issue that prevents workflows from being saved in the Finder's contextual menu.
Fixes reliability issues for Automator scripts that search for files by date.
Resolves an issue that prevents workflows from being saved in the Finder's contextual menu.
Addresses an issue in which Automator workflows as Finder plugins do not work when the workflow begins with the "Get Selected Finder Items" action.
Fixes an issue in which the "Copy Files" action does not reliably work when added from Automator’s warning dialog.

• iCal
  

Addresses potential privacy issues by allowing events to be marked as private.
Resolves an issue in which the inspector does not show capacity and availability info for conference rooms within a building.
Addresses an issue in which the current day could appear in the left-most column of the weekly view.
Addresses reliability issues with meeting alarms, invitations and attachments.
Resolves issues with reliability when restoring from iCal backups.
Fixes accuracy issues with auto-completion, availability data and location names.
Resolves an issue in which iCal may send cancellation notices for events in the past after a calendar is deleted.
Fixes reliability issues with iCal syncing.

• iChat
  

Addresses reliability issues with screen sharing.
Resolves an issue in which saved chat transcripts may reported as "still in use" after opening and closing them in iChat.
Resolves an issue with group chats not being indexed in Spotlight.
Only the last 250 messages of an active chat are saved. Fixed to save unlimited number of lines.
Addresses issues with echo cancellation that may occur on portable Macs.

• Mail
  

Resolves an issue in which Mail may prevent idle sleep when set to automatically check for new messages every minute.
Addresses stability issues that may be encountered when dragging large attachments into an email message.
Fixes an issue that could occur if two compose windows are open when dragging a file to the Mail icon in the Dock.
Addresses reliability issues when changes are made to a mailbox while offline.
Resolves wrapping issues that may be found with consecutive spaces in plain text.
Fixes issues with certain web pages appearing garbled when emailed from Safari.
Fixes an issue in which the Sent, Drafts, and Outbox mailboxes incorrectly list the "cc" recipients in the "To" column.
Addresses reliability issues with attachments added to plain text notes.
Fixes reliability issues with authenticated RSS feeds.
Resolves an issue in which attaching an alias to an email message may not send the actual file.

• Parental Controls
  

Addresses reliability issues with application logging and time limits.
Resolves an issue in which Parental Controls may prevent forced sleep.
Addresses performance issues with web content filters.
Fixes an issue with managed accounts in which iChat transcripts may not be created.
Addresses issues with 4-byte files and whitelist.

• Spaces
  

Resolves an issue in which switching to a different space and returning back to the original space may reorder the application windows with a different active window.
Resolves an issue in which activating an application from the Dock switches to a different space, even if there is a window for that application in the current space.
Fixes an issue in which Command-Tab may incorrectly switch to a new space.
Addresses reliability issues with Spaces when syncing preferences over .Mac.

• Time Machine
  

Includes fixes for Time Machine compatibility with Time Capsule.
Resolves certain issues when backing up a portable Mac that is on battery power.
Addresses compatibility issues with Aperture 2.
Addresses reliability issues when performing a full restore from a Time Machine backup.
Fixes an issue in which certain function keys may be disabled after using Time Machine.
Fixes a possible alert message that incorrectly states a backup volume does not have enough space.
Updates Time Machine to reliably restore attachments and messages in Mail.

• VoiceOver
  

Includes Braille Update 1.0 which enables GW Micro, HandyTech, HIMS, Nippon, and Papenmeier Refreshable Braille displays.
Addresses an issue with Braille dot 7 and 8 underlining.
Fixes an issue in which HTML page anchors may be ignored by the VoiceOver cursor.
Fixes an issue that prevented Hot Spots from being used in text areas.
Resolves an issue with spell checking in which VoiceOver may only announce the first misspelled word if there are multiple words spelled incorrectly.

 Subscribe in a reader

Lack of posts

Sorry about the recent lack of posts, wife, daughter, mother-in-law, and I were at Disney world all last week, so I didn't have any posts while on the road. My brain is currently fried as I've read about 2000 emails in the past two days. So I'll get back into blogging here in a day or so.

Subscribe in a reader

Podcast Episode Five has been released!

Morning everyone,

Just a quick note to let everyone know that we put out Podcast Episode 5 this morning. We had a special guest with us! Larry Pesce of PaulDotCom Security Weekly! The guys over at PaulDotCom do a great job, and we loved having Larry on the show! Congradulations to Paul, as he is home with a new baby!

Don't forget the Live Podcast that we are doing at SANSFIRE on July 23rd at 8pm.

iTunes users, go here to subscribe.

Non-iTunes users, go here to download.

Thanks!

Apple posts Mac OS X 10.5.3 Update

Apple has released the 10.5.3 update for OSX Leopard.  I'll install it and let you know my feedback, however, in the meantime, here is a list of issues that have been fixed.

• General
  

Fixes a font issue that could result in Helvetica Narrow being used in applications instead of Helvetica.
Addresses an issue with stuttering video and audio playback in certain USB devices.
Resolves stability issues with Word of the Day, iTunes Artwork, and Slideshow screen savers.
Fixes an issue in which certain attached hard drives may not show up in the Finder.
Addresses an issue with .Mac syncing of Dashboard widgets over multiple Macs that use different screen resolutions.
Includes additional RAW image support for several cameras.
Improves the accuracy of the Software Update progress bar indicator.
Addresses an issue in which Finder may not be available if the computer name is blank in Sharing preferences.
Improves Active Directory binding and login.
Eliminates a delay when logging in as an Active Directory user in a .local domain.
Improves Spotlight searches on a AFP file server volumes.
Clients can now change their password at the login window when bound to a Mac OS X 10.4 Open Directory server.
Improves Safari reliability when connecting to the Internet through a Microsoft ISA proxy.

• Address Book
  

Addresses reliability issues when searching for contacts using built-in search.
Resolves issues with mapping addresses that contain an ampersand character (&).

• AirPort
  

Improves 802.1X behavior and reliability.
Improves reliability when using Time Capsule.

• Automator
  

Addresses an issue in which some actions may not work with the "Show When Run" option enabled.
Resolves an issue in which the "New iCal Event" action may not work.
Resolves an issue that prevents workflows from being saved in the Finder's contextual menu.
Fixes reliability issues for Automator scripts that search for files by date.
Resolves an issue that prevents workflows from being saved in the Finder's contextual menu.
Addresses an issue in which Automator workflows as Finder plugins do not work when the workflow begins with the "Get Selected Finder Items" action.
Fixes an issue in which the "Copy Files" action does not reliably work when added from Automator’s warning dialog.

• iCal
  

Addresses potential privacy issues by allowing events to be marked as private.
Resolves an issue in which the inspector does not show capacity and availability info for conference rooms within a building.
Addresses an issue in which the current day could appear in the left-most column of the weekly view.
Addresses reliability issues with meeting alarms, invitations and attachments.
Resolves issues with reliability when restoring from iCal backups.
Fixes accuracy issues with auto-completion, availability data and location names.
Resolves an issue in which iCal may send cancellation notices for events in the past after a calendar is deleted.
Fixes reliability issues with iCal syncing.

• iChat
  

Addresses reliability issues with screen sharing.
Resolves an issue in which saved chat transcripts may reported as "still in use" after opening and closing them in iChat.
Resolves an issue with group chats not being indexed in Spotlight.
Only the last 250 messages of an active chat are saved. Fixed to save unlimited number of lines.
Addresses issues with echo cancellation that may occur on portable Macs.

• Mail
  

Resolves an issue in which Mail may prevent idle sleep when set to automatically check for new messages every minute.
Addresses stability issues that may be encountered when dragging large attachments into an email message.
Fixes an issue that could occur if two compose windows are open when dragging a file to the Mail icon in the Dock.
Addresses reliability issues when changes are made to a mailbox while offline.
Resolves wrapping issues that may be found with consecutive spaces in plain text.
Fixes issues with certain web pages appearing garbled when emailed from Safari.
Fixes an issue in which the Sent, Drafts, and Outbox mailboxes incorrectly list the "cc" recipients in the "To" column.
Addresses reliability issues with attachments added to plain text notes.
Fixes reliability issues with authenticated RSS feeds.
Resolves an issue in which attaching an alias to an email message may not send the actual file.

• Parental Controls
  

Addresses reliability issues with application logging and time limits.
Resolves an issue in which Parental Controls may prevent forced sleep.
Addresses performance issues with web content filters.
Fixes an issue with managed accounts in which iChat transcripts may not be created.
Addresses issues with 4-byte files and whitelist.

• Spaces
  

Resolves an issue in which switching to a different space and returning back to the original space may reorder the application windows with a different active window.
Resolves an issue in which activating an application from the Dock switches to a different space, even if there is a window for that application in the current space.
Fixes an issue in which Command-Tab may incorrectly switch to a new space.
Addresses reliability issues with Spaces when syncing preferences over .Mac.

• Time Machine
  

Includes fixes for Time Machine compatibility with Time Capsule.
Resolves certain issues when backing up a portable Mac that is on battery power.
Addresses compatibility issues with Aperture 2.
Addresses reliability issues when performing a full restore from a Time Machine backup.
Fixes an issue in which certain function keys may be disabled after using Time Machine.
Fixes a possible alert message that incorrectly states a backup volume does not have enough space.
Updates Time Machine to reliably restore attachments and messages in Mail.

• VoiceOver
  

Includes Braille Update 1.0 which enables GW Micro, HandyTech, HIMS, Nippon, and Papenmeier Refreshable Braille displays.
Addresses an issue with Braille dot 7 and 8 underlining.
Fixes an issue in which HTML page anchors may be ignored by the VoiceOver cursor.
Fixes an issue that prevented Hot Spots from being used in text areas.
Resolves an issue with spell checking in which VoiceOver may only announce the first misspelled word if there are multiple words spelled incorrectly.

 Subscribe in a reader

Lack of posts

Sorry about the recent lack of posts, wife, daughter, mother-in-law, and I were at Disney world all last week, so I didn't have any posts while on the road. My brain is currently fried as I've read about 2000 emails in the past two days. So I'll get back into blogging here in a day or so.

Subscribe in a reader

Podcast Episode Five has been released!

Morning everyone,

Just a quick note to let everyone know that we put out Podcast Episode 5 this morning. We had a special guest with us! Larry Pesce of PaulDotCom Security Weekly! The guys over at PaulDotCom do a great job, and we loved having Larry on the show! Congradulations to Paul, as he is home with a new baby!

Don't forget the Live Podcast that we are doing at SANSFIRE on July 23rd at 8pm.

iTunes users, go here to subscribe.

Non-iTunes users, go here to download.

Thanks!

Podcast Episode Four released

Morning everyone,

Just a quick note to let everyone know that we put out Podcast Episode 4 this morning. Just a few announcements at the beginning, and then I put the audio for May's Monthly "Reboot Wednesday" Podcast that we do through SANS on after that. We'll be recording Episode five next week. We'll let you know when it's out!

iTunes users, go here to subscribe.

Non-iTunes users, go here to download.

Thanks!

 Subscribe in a reader

Podcast Episode Four released

Morning everyone,

Just a quick note to let everyone know that we put out Podcast Episode 4 this morning. Just a few announcements at the beginning, and then I put the audio for May's Monthly "Reboot Wednesday" Podcast that we do through SANS on after that. We'll be recording Episode five next week. We'll let you know when it's out!

iTunes users, go here to subscribe.

Non-iTunes users, go here to download.

Thanks!

 Subscribe in a reader

Debian SSL Comic

Classic!

Debian SSL Comic

Classic!

Apple Blogger's Network

Hey everyone, if you like/love Apple products and are interested in following a spliced feed from a bunch of different Bloggers who ALSO love Apple, be sure and subscribe to the Apple Blogger's Network.  There are all kinds of interesting ideas and posts, all from people who love to use and talk about Apple products.

If YOU are a person that is interested in blogging about Apple, if you have an Apple Blog, etc, please email me here, and i'll send you an invitation.  All the network is is an aggregate feed for a bunch of blogs, so you will see some non-Apple posts, however, it makes for a great read!

 Subscribe in a reader

Apple Blogger's Network

Hey everyone, if you like/love Apple products and are interested in following a spliced feed from a bunch of different Bloggers who ALSO love Apple, be sure and subscribe to the Apple Blogger's Network.  There are all kinds of interesting ideas and posts, all from people who love to use and talk about Apple products.

If YOU are a person that is interested in blogging about Apple, if you have an Apple Blog, etc, please email me here, and i'll send you an invitation.  All the network is is an aggregate feed for a bunch of blogs, so you will see some non-Apple posts, however, it makes for a great read!

 Subscribe in a reader

Debian ftw?

So, all you Debian users your ssh is ftl.

All the other security blogs are covering it at this point, (so I won't, much) however, it is of high concern, so hopefully you are/have regen'ed all your ssh/ssl keys by now.  

We will probably move the ISC to Yellow at some point today to raise awareness.

 Subscribe in a reader

Debian ftw?

So, all you Debian users your ssh is ftl.

All the other security blogs are covering it at this point, (so I won't, much) however, it is of high concern, so hopefully you are/have regen'ed all your ssh/ssl keys by now.  

We will probably move the ISC to Yellow at some point today to raise awareness.

 Subscribe in a reader

Live Stream from my Office

Just playing around with a live stream from my office on Stickam.  Feel free to pop in and say hello if you want, you'll know if I am in there, I'll be there, I'll have the audio off the majority of the time unless I'm in the office and someone asks me a question.  But I'll have the camera on.  I put the link over there on the right as well (Live stream from my office)  But here is the link as well.  This is the office where I record the Internet Storm Center Podcast as well, so soon, I might be able to get that going on there.

 Subscribe in a reader

Live Stream from my Office

Just playing around with a live stream from my office on Stickam.  Feel free to pop in and say hello if you want, you'll know if I am in there, I'll be there, I'll have the audio off the majority of the time unless I'm in the office and someone asks me a question.  But I'll have the camera on.  I put the link over there on the right as well (Live stream from my office)  But here is the link as well.  This is the office where I record the Internet Storm Center Podcast as well, so soon, I might be able to get that going on there.

 Subscribe in a reader

Live Podcast

Hey everyone, just to kinda tease you a bit, the Internet Storm Center is planning a live Podcast for SANSFIRE 2008. We are going to have a special event, with some surprise guest hosts and everything. We don't have dates nailed down yet, but if you are going to be at SANSFIRE 2008, please feel free to email me at my contact link, or follow me on Twitter (both links at the top of the blog). Of course I will be updating here as well, but we've got something special planned!

Hope to see you there, we hope to have a great turn out!

Subscribe in a reader

Live Podcast

Hey everyone, just to kinda tease you a bit, the Internet Storm Center is planning a live Podcast for SANSFIRE 2008. We are going to have a special event, with some surprise guest hosts and everything. We don't have dates nailed down yet, but if you are going to be at SANSFIRE 2008, please feel free to email me at my contact link, or follow me on Twitter (both links at the top of the blog). Of course I will be updating here as well, but we've got something special planned!

Hope to see you there, we hope to have a great turn out!

Subscribe in a reader

Podcast update

It seems that little experiment we tried with the Internet Storm Center podcast paid off.  We released Episode 3 of the Podcast yesterday, and we have already received over 5000 downloads in 24 hours.  Seems we are going quite well.  

Thanks to all of you that listen, every episode is getting better.  We are soliciting feedback, I've received about 10 emails this morning about the podcast, so if you have a suggestion, please feel free to click "contact" up above and jot me an email.  Thanks.

 Subscribe in a reader

900 posts

In true Joel Esler fashion...  I've reached the 900 post point.  Milestone for me I guess.  See you at 1000!

 Subscribe in a reader

Podcast update

It seems that little experiment we tried with the Internet Storm Center podcast paid off.  We released Episode 3 of the Podcast yesterday, and we have already received over 5000 downloads in 24 hours.  Seems we are going quite well.  

Thanks to all of you that listen, every episode is getting better.  We are soliciting feedback, I've received about 10 emails this morning about the podcast, so if you have a suggestion, please feel free to click "contact" up above and jot me an email.  Thanks.

 Subscribe in a reader

900 posts

In true Joel Esler fashion...  I've reached the 900 post point.  Milestone for me I guess.  See you at 1000!

 Subscribe in a reader

What went wrong with the Podcast?

This morning we had a reader write into the Internet Storm Center telling us that the intro music and the outro music was there but there was no vocal track on the podcast.

Turns out what happened was, when I copied and pasted the vocals from the track that I recorded the podcast on into the template I have set up for music and what not, it overwrote the vocal track.  

It's hard to describe, but basically Garageband overwrote itself, so the vocal track ceased to exist.  What a pain.  So, here I am this morning panicking to myself saying 'oh crap I erased the vocal, we'll have to re-record, blah blah'.  

Then I thought about it, I have Time Machine.  I know my laptop backed up to Time Machine after I recorded the podcast right?  So I went to my ~/Music/Garageband folder, and hit the Time machine button, went back in time till yesterday at 7 pm between the time when we got done recording the podcast and I saved it, to when I edited the podcast and put music in it at about 830 pm.  There was the original recording, I clicked restore and Time Machine asked me if I wanted to keep the old one, the new one, or both.  I clicked both.    Then I was able to get the audio from one session to another successfully, then mix it down to mp3.

Worked great.  Thank you Apple.  Thank you Time Machine.  If I didn't have time machine we would have had to re-record the podcast, because of a stupid copy and paste error that I made.  Saved me about 3 hours worth of work.  Awesome.

 Subscribe in a reader

ISC Podcast Episode 3

Hey all, we just put out Episode Number 3 for the Internet Storm Center Podcast. Available via iTunes here, and for you non-iTunes users, here.

 Subscribe in a reader

Apple's Safari Market Share on Windows Tripled!

Normally I'd be excited about this, but I am not.  Not really.  Since the way that Apple went about was slightly shady.  I wrote about it here.  And Apple did exactly as I thought they were going to do and trumpet the fact that they now have three times the market share that they used to, but they did it in kind of a shady way.  I called it!

 Subscribe in a reader

What went wrong with the Podcast?

This morning we had a reader write into the Internet Storm Center telling us that the intro music and the outro music was there but there was no vocal track on the podcast.

Turns out what happened was, when I copied and pasted the vocals from the track that I recorded the podcast on into the template I have set up for music and what not, it overwrote the vocal track.  

It's hard to describe, but basically Garageband overwrote itself, so the vocal track ceased to exist.  What a pain.  So, here I am this morning panicking to myself saying 'oh crap I erased the vocal, we'll have to re-record, blah blah'.  

Then I thought about it, I have Time Machine.  I know my laptop backed up to Time Machine after I recorded the podcast right?  So I went to my ~/Music/Garageband folder, and hit the Time machine button, went back in time till yesterday at 7 pm between the time when we got done recording the podcast and I saved it, to when I edited the podcast and put music in it at about 830 pm.  There was the original recording, I clicked restore and Time Machine asked me if I wanted to keep the old one, the new one, or both.  I clicked both.    Then I was able to get the audio from one session to another successfully, then mix it down to mp3.

Worked great.  Thank you Apple.  Thank you Time Machine.  If I didn't have time machine we would have had to re-record the podcast, because of a stupid copy and paste error that I made.  Saved me about 3 hours worth of work.  Awesome.

 Subscribe in a reader

ISC Podcast Episode 3

Hey all, we just put out Episode Number 3 for the Internet Storm Center Podcast. Available via iTunes here, and for you non-iTunes users, here.

 Subscribe in a reader