Posts belonging to Category How to

Windows XP zero-day under attack; Use Microsoft’s “fix-it” workaround

By Ryan Naraine | June 15, 2010, 11:49am PDT

Just five days after Google researcher Tavis Ormandy released details of a critical vulnerability affecting Windows XP and Windows Server 2003, malware authors have struck, exploiting the flaw to plant malware on Windows machines.

The attacks, described by Microsoft as “limited,” are being distributed on rigged Web sites (drive-by downloads).

“Windows Server 2003 customers are not currently at risk from the Win Help issue based on the attack samples we have analyzed,” according to Microsoft’s security response center.

The attacks, which are only targeting Windows XP computers with the HCP protocol enabled, follows the controversial public disclosure of the flaw by Ormandy, a high-profile Google researcher.

The issue, which exists in the Microsoft Windows Help and Support Center, is caused by improper sanitization of hcp:// URIs. It allows a remote, unauthenticated attacker to execute arbitrary commands.

Ormandy, who recently used the full-disclosure hammer to force Oracle to address a dangerous Sun Java vulnerability, posted exploit code for the Windows issue just five days after reporting it to Microsoft.

In an e-mail message announcing the zero-day discovery, Ormandy said protocol handlers are a popular source of vulnerabilities and argued that “hcp://” itself has been the target of attacks multiple times in the past. This prompted his decision to go public without the availability of a patch:

Ormandy said he spent the five days “negotiating” for Microsoft to get a fix ready in 60 days but when that failed, he decided to go public because he was convinced that malicious hackers may be looking into these kinds of security holes.

For instructions on fixing the Windows XP Vulnerability, visit ZDnet

Five Best Computer Diagnostic Tools

By Jason Fitzpatrick posted on Lifehacker – May 30th 2010

Earlier this week we asked you to share your favorite diagnostic tool. Below we’ve rounded up the top five answers, and now we’re back to highlight the most popular computer diagnostic tools among Lifehacker readers.

Hiren’s BootCD is an impressive toolkit rolled into one packed DOS-based LiveCD. Sporting over a hundred separate diagnostic and repair tools, Hiren’s BootCD can help you do everything from diagnose a memory problem to clone a disk to speed test your video card. If you can’t find out what is wrong with your computer after running through all the tools on Hiren’s BootCD the diagnostic answer you may end up at is “Time to buy a new computer.” A note about Hiren’s BootCD: many of the diagnostic tools gathered on the disc are abandonware or older versions of still produced commercial software. The legal status of Hiren’s BootCD is murky so Hiren doesn’t directly host the disc image himself. You’ll need to search Google to find locations like here and here where the disc is hosted.

  • SIW (Windows, Free)

If things haven’t gotten bad enough that you’re forced to take refuge with a LiveCD, SIW is a Windows-based diagnostic tool that can help you get to the bottom of things. SIW is incredibly detailed in its analysis, next to nothing is left uncatalogued from the timings of your memory modules to the DLL files loaded to what applications you have set to autorun at startup. Even if you’re not currently experiencing any computer issues SIW gives you a really interesting peek inside your computer.

For the other three tips and more, visit

(Editor’s note: Hirens CD IS ILLEGAL.  Period. There is no ‘murky.’)

How to Build a Private Cloud

If you’re nervous about running your business applications on a public cloud, many experts recommend that you take a spin around a private cloud first.

By Beth Schultz on Mon, May 10, 2010

The Case For and Against Private Clouds

But building and managing a cloud within your data center is not just another infrastructure project, says Joe Tobolski, director of cloud computing at Accenture.

“A number of technology companies are portraying this as something you can go out and buy – sprinkle a little cloud-ulator powder on your data center and you have an internal cloud,” he says. “That couldn’t be further from the truth.”

An internal, on-premise private cloud is what leading IT organizations have been working toward for years. It begins with data center consolidation, rationalization of OS, hardware and software platforms, and virtualization up and down the stack – servers, storage and network, Tobolski says.

Elasticity and pay-as-you-go pricing are guiding principles, which imply standardization, automation and commoditization of IT, he adds.

And it goes way beyond about infrastructure and provisioning resources, Tobolski adds. “It’s about the application build and the user’s experience with IT, too.”

Despite all the hype, we’re at a very early stage when it comes to internal clouds. According to Forrester Research, only 5% of large enterprises globally are even capable of running an internal cloud, with maybe half of those actually having one, says James Staten, principal analyst with the firm.

For the rest of the article, visit CIO Magazine

TR Dojo: Five dumb mistakes IT pros make in the field

Bill Detwiler: No matter how technically proficient you are, even the sharpest IT consultant or support pro is going to make a mistake every now and then. Most mistakes are recoverable, but you definitely want to avoid ones that could lose you clients and customers.

I’m Bill Detwiler, and on this episode of TR Dojo, I’ll go over five of the worst mistakes IT pros can make in the field and give you some advice on how to avoid them.

The first mistake you should avoid is rushing blindly into an upgrade. As an IT pro, you’ve probably handled lots of upgrades, but no matter how good your track record has been, the unforeseen consequence of a software change is one of the most common culprits of client dissatisfaction.

It’s the nature of complicated systems and software that one small change can break some crucial feature or functionality that your users depend on. How many times have you upgraded Windows XP to SP3 (including IE8) only to find out after the fact that something in the upgrade has broken a feature your users need to do their job? Before performing any upgrade, you must make sure that all the client’s critical applications will work with the new software.

Watch the TR Dojo Video at TechRepublic

10 MORE outstanding Firefox extensions

  • Date: April 22nd, 2010
  • Author: Jack Wallen

  • It’s been a while since we last took a look at worthwhile Firefox extensions. Well, it’s time again. But now, Firefox has added collections to the mix. Extension collections are exactly what they sound like — collections of related extensions. In this list, we have a few worthwhile collections (since they’re new, there aren’t many) as well as some stand-alone extensions.

    1: Reference Desk
    Reference Desk is good for students or anyone who needs to research information. It installs: DeeperWeb (navigate through Google search results using tag-cloud technique), SimilarWeb (find related sites), Converter (unit, time zone, and currency converter), Merriam-Webster (dictionary), Wired-Marker (highlighter), ScrapBook (save and organize sites), Reframe It (connect and share your thoughts online), and Read It Later (save sites for later reading).

    2: Web Developers Toolbox
    Web Developers Toolbox will help speed up your development process with extensions for troubleshooting, editing, and debugging Web projects. This collection includes Test Pilot (test Firefox features), Pixlr Grabber (Screen grabs), iMacros for Firefox (macro recorder/player), Stylish (install themes for just about any site that is theme-able), Colorzilla (advanced eyedropper), ShowIP (show the IP address of the current page), Greasemonkey (customize the way a Web page displays), FireFTP (cross-platform FTP client), Web Developer (menu and toolbar with Web developer tools), Firebug (edit, debug, and monitor CSS, HTML, and JavaScript), and FoxyProxy Standard (proxy management tool).

    To read the full list, and access the downloadable PDF, visit

    10 Linux rescue tools for recovering Linux, Windows, or Mac machines

    Date: April 14th, 2010 – Author: Jack Wallen

    When you’re dealing with a system that won’t boot, you need a robust and dependable recovery tool. Here are a few Linux tools that might save the day.

    Our consulting firm has had a rash of problems recently that required the help of Linux rescue tools. From corrupt partition tables to severely infected machines, Linux tools come in handy when the host system won’t boot. But because of the plethora of tools available, it’s sometimes tough to sift through the cruft and find the ones that are usable. So I decided to highlight some of the better tools. I hope one or two of them will find their way to your toolkit.

    Note: This article is also available as a PDF download.

    Read the list at

    Video: Troubleshoot Windows blue screen of death (BSOD) with WinDbg

  • Date: April 19th, 2010
  • Author: Bill Detwiler
  • Few things are more infamous in the Windows world than the dreaded Blue Screen of Death. They can strike without warning. And, troubleshooting them is often a combination of knowledge, skill, and lots of trial and error. During this TR Dojo episode, I show you a slightly more methodical blue screen troubleshooting approach using Microsoft’s own WinDbg debugger tool.

    Video: Troubleshoot Windows blue screen of death (BSOD) with WinDbg