Search results matching tags 'Microsoft Office' and 'Internet News'

Microsoft Security Advisory Notification - Issued: April 14, 2009

cmosby — Wed, 15 Apr 2009 04:00:00 GMT

********************************************************************

Title: Microsoft Security Advisory Notification

Issued: April 14, 2009

********************************************************************

Security Advisories Updated or Released Today ==============================================

* Microsoft Security Advisory (968272)

- Title: Vulnerability in Microsoft Office Excel

Could Allow Remote Code Execution

- http://www.microsoft.com/technet/security/advisory/968272.mspx

- Revision Note: V3.0 (April 14, 2009) Advisory updated to reflect publication of security bulletin.

* Microsoft Security Advisory (960906)

- Title: Vulnerability in WordPad Text Converter

Could Allow Remote Code Execution

- http://www.microsoft.com/technet/security/advisory/960906.mspx

- Revision Note: V2.0 (April 14, 2009): Advisory updated to reflect publication of security bulletin.

* Microsoft Security Advisory (953818)

- Title: Blended Threat from Combined Attack Using

Apple's Safari on the Windows Platform

- http://www.microsoft.com/technet/security/advisory/953818.mspx

- Revision Note: V2.0 (April 14, 2009): Added references and links to MS09-014 and MS09-015, which address the issue in this advisory.

* Microsoft Security Advisory (951306)

- Title: Vulnerability in Windows Could Allow

Elevation of Privilege

- http://www.microsoft.com/technet/security/advisory/951306.mspx

- Revision Note: V3.0 (April 14, 2009): Advisory updated to reflect publication of security bulletin.

Microsoft Security Advisory Notification - Issued: April 14, 2009

cmosby — Wed, 15 Apr 2009 04:00:00 GMT

********************************************************************

Title: Microsoft Security Advisory Notification

Issued: April 14, 2009

********************************************************************

Security Advisories Updated or Released Today ==============================================

* Microsoft Security Advisory (968272)

- Title: Vulnerability in Microsoft Office Excel

Could Allow Remote Code Execution

- http://www.microsoft.com/technet/security/advisory/968272.mspx

- Revision Note: V3.0 (April 14, 2009) Advisory updated to reflect publication of security bulletin.

* Microsoft Security Advisory (960906)

- Title: Vulnerability in WordPad Text Converter

Could Allow Remote Code Execution

- http://www.microsoft.com/technet/security/advisory/960906.mspx

- Revision Note: V2.0 (April 14, 2009): Advisory updated to reflect publication of security bulletin.

* Microsoft Security Advisory (953818)

- Title: Blended Threat from Combined Attack Using

Apple's Safari on the Windows Platform

- http://www.microsoft.com/technet/security/advisory/953818.mspx

- Revision Note: V2.0 (April 14, 2009): Added references and links to MS09-014 and MS09-015, which address the issue in this advisory.

* Microsoft Security Advisory (951306)

- Title: Vulnerability in Windows Could Allow

Elevation of Privilege

- http://www.microsoft.com/technet/security/advisory/951306.mspx

- Revision Note: V3.0 (April 14, 2009): Advisory updated to reflect publication of security bulletin.

Microsoft Security Advisory Notification - Issued: April 14, 2009

cmosby — Wed, 15 Apr 2009 04:00:00 GMT

********************************************************************

Title: Microsoft Security Advisory Notification

Issued: April 14, 2009

********************************************************************

Security Advisories Updated or Released Today ==============================================

* Microsoft Security Advisory (968272)

- Title: Vulnerability in Microsoft Office Excel

Could Allow Remote Code Execution

- http://www.microsoft.com/technet/security/advisory/968272.mspx

- Revision Note: V3.0 (April 14, 2009) Advisory updated to reflect publication of security bulletin.

* Microsoft Security Advisory (960906)

- Title: Vulnerability in WordPad Text Converter

Could Allow Remote Code Execution

- http://www.microsoft.com/technet/security/advisory/960906.mspx

- Revision Note: V2.0 (April 14, 2009): Advisory updated to reflect publication of security bulletin.

* Microsoft Security Advisory (953818)

- Title: Blended Threat from Combined Attack Using

Apple's Safari on the Windows Platform

- http://www.microsoft.com/technet/security/advisory/953818.mspx

- Revision Note: V2.0 (April 14, 2009): Added references and links to MS09-014 and MS09-015, which address the issue in this advisory.

* Microsoft Security Advisory (951306)

- Title: Vulnerability in Windows Could Allow

Elevation of Privilege

- http://www.microsoft.com/technet/security/advisory/951306.mspx

- Revision Note: V3.0 (April 14, 2009): Advisory updated to reflect publication of security bulletin.

Microsoft Security Bulletin Summary for October 2008 - Exploitability Index

cmosby — Tue, 14 Oct 2008 04:00:00 GMT

startA('s'+sID)

Exploitability Index

endA()

chkHide('s'+sID);

How do I use this table?

Use this table to learn about the likelihood of functioning exploit code to be released for each of the security updates that you may need to install. You should review each of the assessments below, in accordance with your specific configuration, in order to prioritize your deployment. For more information about what these ratings mean, and how they are determined, please see Microsoft Exploit Index.

Bulletin ID	Bulletin Title	CVE ID	Exploitability Index Assessment	Key Notes
MS08-056	Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)	CVE-2008-4020	2 - Inconsistent exploit code likely	Functioning exploit code could be created. However, the severity impact is limited as the vulnerability allows spoofing in a dialog in specific Web application scenarios only. As a result, this may get little attention from attackers.
MS08-057	Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)	CVE-2008-4019	1 - Consistent exploit code likely
MS08-057	Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)	CVE-2008-3471	2 - Inconsistent exploit code likely
MS08-057	Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)	CVE-2008-3477	2 - Inconsistent exploit code likely
MS08-058	Cumulative Security Update for Internet Explorer (956390)	CVE-2008-2947	(Public at bulletin release)
MS08-058	Cumulative Security Update for Internet Explorer (956390)	CVE-2008-3472	1 - Consistent exploit code likely
MS08-058	Cumulative Security Update for Internet Explorer (956390)	CVE-2008-3473	1 - Consistent exploit code likely
MS08-058	Cumulative Security Update for Internet Explorer (956390)	CVE-2008-3475	2 - Inconsistent exploit code likely
MS08-058	Cumulative Security Update for Internet Explorer (956390)	CVE-2008-3474	3 - Functioning exploit code unlikely
MS08-058	Cumulative Security Update for Internet Explorer (956390)	CVE-2008-3476	3 - Functioning exploit code unlikely
MS08-059	Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)	CVE-2008-3466	1 - Consistent exploit code likely	While only specific types of enterprise customers would likely install Host Integration Server, functioning exploit code is likely to be created.
MS08-060	Vulnerability in Active Directory Could Allow Remote Code Execution (957280)	CVE-2008-4023	2 - Inconsistent exploit code likely	Triggering the vulnerability to cause a denial of service condition is likely. However, creating functioning exploit code to leverage remote code execution is difficult due to not being able to control a needed write address.
MS08-061	Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)	CVE-2008-2250	1 - Consistent exploit code likely
MS08-061	Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)	CVE-2008-2252	1 - Consistent exploit code likely	Functioning exploit is most likely to be created for multiprocessor systems.
MS08-061	Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)	CVE-2008-2251	3 - Functioning exploit code unlikely	Triggering the vulnerability may be possible, but successful, functioning exploit code is very difficult to create.
MS08-062	Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)	CVE-2008-1446	1 - Consistent exploit code likely	Consistent exploit code has been discovered in limited, targeted attacks. While the Internet Printing Protocol (IPP) service is enabled by default, access to this service using IIS also requires authentication by default on all platforms.
MS08-063	Vulnerability in SMB Could Allow Remote Code Execution (957095)	CVE-2008-4038	2 - Inconsistent exploit code likely
MS08-064	Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841)	CVE-2008-4036	2 - Inconsistent exploit code likely
MS08-065	Vulnerability in Message Queuing Could Allow Remote Code Execution (951071)	CVE-2008-3479	3 - Functioning exploit code unlikely	While information disclosure might be possible, obtaining useful content from memory is not always possible. The memory corruption issue can be triggered, but remote code execution is difficult to gain.
MS08-066	Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)	CVE-2008-3464	1 - Consistent exploit code likely

Microsoft Security Bulletin Summary for October 2008 - Exploitability Index

cmosby — Tue, 14 Oct 2008 04:00:00 GMT

startA('s'+sID)

Exploitability Index

endA()

chkHide('s'+sID);

How do I use this table?

Bulletin ID	Bulletin Title	CVE ID	Exploitability Index Assessment	Key Notes
MS08-056	Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)	CVE-2008-4020	2 - Inconsistent exploit code likely	Functioning exploit code could be created. However, the severity impact is limited as the vulnerability allows spoofing in a dialog in specific Web application scenarios only. As a result, this may get little attention from attackers.
MS08-057	Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)	CVE-2008-4019	1 - Consistent exploit code likely
MS08-057	Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)	CVE-2008-3471	2 - Inconsistent exploit code likely
MS08-057	Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)	CVE-2008-3477	2 - Inconsistent exploit code likely
MS08-058	Cumulative Security Update for Internet Explorer (956390)	CVE-2008-2947	(Public at bulletin release)
MS08-058	Cumulative Security Update for Internet Explorer (956390)	CVE-2008-3472	1 - Consistent exploit code likely
MS08-058	Cumulative Security Update for Internet Explorer (956390)	CVE-2008-3473	1 - Consistent exploit code likely
MS08-058	Cumulative Security Update for Internet Explorer (956390)	CVE-2008-3475	2 - Inconsistent exploit code likely
MS08-058	Cumulative Security Update for Internet Explorer (956390)	CVE-2008-3474	3 - Functioning exploit code unlikely
MS08-058	Cumulative Security Update for Internet Explorer (956390)	CVE-2008-3476	3 - Functioning exploit code unlikely
MS08-059	Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)	CVE-2008-3466	1 - Consistent exploit code likely	While only specific types of enterprise customers would likely install Host Integration Server, functioning exploit code is likely to be created.
MS08-060	Vulnerability in Active Directory Could Allow Remote Code Execution (957280)	CVE-2008-4023	2 - Inconsistent exploit code likely	Triggering the vulnerability to cause a denial of service condition is likely. However, creating functioning exploit code to leverage remote code execution is difficult due to not being able to control a needed write address.
MS08-061	Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)	CVE-2008-2250	1 - Consistent exploit code likely
MS08-061	Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)	CVE-2008-2252	1 - Consistent exploit code likely	Functioning exploit is most likely to be created for multiprocessor systems.
MS08-061	Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)	CVE-2008-2251	3 - Functioning exploit code unlikely	Triggering the vulnerability may be possible, but successful, functioning exploit code is very difficult to create.
MS08-062	Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)	CVE-2008-1446	1 - Consistent exploit code likely	Consistent exploit code has been discovered in limited, targeted attacks. While the Internet Printing Protocol (IPP) service is enabled by default, access to this service using IIS also requires authentication by default on all platforms.
MS08-063	Vulnerability in SMB Could Allow Remote Code Execution (957095)	CVE-2008-4038	2 - Inconsistent exploit code likely
MS08-064	Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841)	CVE-2008-4036	2 - Inconsistent exploit code likely
MS08-065	Vulnerability in Message Queuing Could Allow Remote Code Execution (951071)	CVE-2008-3479	3 - Functioning exploit code unlikely	While information disclosure might be possible, obtaining useful content from memory is not always possible. The memory corruption issue can be triggered, but remote code execution is difficult to gain.
MS08-066	Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)	CVE-2008-3464	1 - Consistent exploit code likely

Update: Microsoft admits it knew about, didn't patch, bugs - ComputerWorld.com

cmosby — Wed, 26 Mar 2008 04:00:00 GMT

Update: Microsoft admits it knew about, didn't patch, bugs

Gregg Keizer

document.write('');
document.write(''); if ((!document.images && navigator.userAgent.indexOf('Mozilla/2.') >= 0)|| navigator.userAgent.indexOf("WebTV") >= 0) {document.write('');}

March 25, 2008 (Computerworld) Microsoft Corp.'s security team today acknowledged that it knew of bugs in its Jet Database Engine as far back as 2005 but did not patch the problems because it thought it had blocked the obvious attack vectors.

A researcher at Symantec Corp. said Microsoft should have fixed the flaws years ago.

In a post to the Microsoft Security Research Center (MSRC) blog late Monday afternoon, Mike Reavey, the MSRC's operations manager, admitted that outside researchers had notified Microsoft in 2005 and 2007 of separate bugs in Jet, a Windows component that provides data access to applications such as Microsoft Access and Visual Basic.

In both cases, Microsoft told the researchers that it would not fix the flaw because it considered users safe. Outlook blocked the .mdb file format from being opened, Exchange servers stripped them from incoming messages and Internet Explorer issued warnings when users clicked on such files, said Reavey as he explained Microsoft's decision.

But the company hadn't thought of the attack strategy now being used by hackers. "Everything changed with the discovery of this new attack vector that allowed an attacker to load an .mdb file via opening a Microsoft Word document," he said. "The previous guidance does not work against this new attack. So that's why we alerted customers to these attacks and are re-investigating Jet parsing flaws -- this is a new attack vector discovered that we didn't know about."

Attackers are, in fact, doing an end run around Outlook, researchers at Symantec said last week. That finding prompted Microsoft to issue a security advisory warning users running Word on Windows 2000, XP and Server 2003 SP1 to take defensive steps.

One researcher said today that Microsoft could have done more -- and done something earlier -- to prevent the sudden scramble for a fix.

"I can't count the number of times we've seen this in the past with a Microsoft product," said Oliver Friedrichs, a director with Symantec's security response team. "Clearly, there should have been more concern from Microsoft in the first place. There have been two vulnerabilities, one in 2005 and another in 2007, and both were left unpatched.

"It does draw some concern," Friedrichs said.

The MSRC is still working out how it wants to patch the vulnerability or whether it can put up more barriers to the now-known Word attack. It may block Word documents from automatically loading .mdb files, Reavey said, or it may replace the version of Jet in Windows 2000, XP and Server 2003 SP1 with a newer edition that doesn't contain the bug. The new Jet Database Engine is part of Windows Vista and Windows Server 2003 SP2, and it is slated for inclusion in Windows XP SP3, making those operating systems immune to attacks.

Reavey did not provide any additional details on a patch timeline. Last Friday, an MSRC spokesman said a fix might come as a so-called "out-of-band" release -- in other words, before the next scheduled general security update, which is due April 8.

No matter what kind of patch it produces or when it pushes a fix to users, Microsoft can't change the .mdb file format to make it less dangerous, according to Reavey. "Jet database files (file type .mdb) will remain on the unsafe file type list because they can run code by design," he noted. "Even if we tried to, we could not secure this file format, it will always present attackers an opportunity to run code."

Until a patch is released, Reavey repeated advice that both Microsoft and Symantec gave last week: disable Jet or block .mdb files at the gateway.

Source: Update: Microsoft admits it knew about, didn't patch, bugs

Update: Microsoft admits it knew about, didn't patch, bugs - ComputerWorld.com

cmosby — Wed, 26 Mar 2008 04:00:00 GMT

Update: Microsoft admits it knew about, didn't patch, bugs

Gregg Keizer

document.write('');
document.write(''); if ((!document.images && navigator.userAgent.indexOf('Mozilla/2.') >= 0)|| navigator.userAgent.indexOf("WebTV") >= 0) {document.write('');}

March 25, 2008 (Computerworld) Microsoft Corp.'s security team today acknowledged that it knew of bugs in its Jet Database Engine as far back as 2005 but did not patch the problems because it thought it had blocked the obvious attack vectors.

A researcher at Symantec Corp. said Microsoft should have fixed the flaws years ago.

In a post to the Microsoft Security Research Center (MSRC) blog late Monday afternoon, Mike Reavey, the MSRC's operations manager, admitted that outside researchers had notified Microsoft in 2005 and 2007 of separate bugs in Jet, a Windows component that provides data access to applications such as Microsoft Access and Visual Basic.

In both cases, Microsoft told the researchers that it would not fix the flaw because it considered users safe. Outlook blocked the .mdb file format from being opened, Exchange servers stripped them from incoming messages and Internet Explorer issued warnings when users clicked on such files, said Reavey as he explained Microsoft's decision.

But the company hadn't thought of the attack strategy now being used by hackers. "Everything changed with the discovery of this new attack vector that allowed an attacker to load an .mdb file via opening a Microsoft Word document," he said. "The previous guidance does not work against this new attack. So that's why we alerted customers to these attacks and are re-investigating Jet parsing flaws -- this is a new attack vector discovered that we didn't know about."

Attackers are, in fact, doing an end run around Outlook, researchers at Symantec said last week. That finding prompted Microsoft to issue a security advisory warning users running Word on Windows 2000, XP and Server 2003 SP1 to take defensive steps.

One researcher said today that Microsoft could have done more -- and done something earlier -- to prevent the sudden scramble for a fix.

"I can't count the number of times we've seen this in the past with a Microsoft product," said Oliver Friedrichs, a director with Symantec's security response team. "Clearly, there should have been more concern from Microsoft in the first place. There have been two vulnerabilities, one in 2005 and another in 2007, and both were left unpatched.

"It does draw some concern," Friedrichs said.

The MSRC is still working out how it wants to patch the vulnerability or whether it can put up more barriers to the now-known Word attack. It may block Word documents from automatically loading .mdb files, Reavey said, or it may replace the version of Jet in Windows 2000, XP and Server 2003 SP1 with a newer edition that doesn't contain the bug. The new Jet Database Engine is part of Windows Vista and Windows Server 2003 SP2, and it is slated for inclusion in Windows XP SP3, making those operating systems immune to attacks.

Reavey did not provide any additional details on a patch timeline. Last Friday, an MSRC spokesman said a fix might come as a so-called "out-of-band" release -- in other words, before the next scheduled general security update, which is due April 8.

No matter what kind of patch it produces or when it pushes a fix to users, Microsoft can't change the .mdb file format to make it less dangerous, according to Reavey. "Jet database files (file type .mdb) will remain on the unsafe file type list because they can run code by design," he noted. "Even if we tried to, we could not secure this file format, it will always present attackers an opportunity to run code."

Until a patch is released, Reavey repeated advice that both Microsoft and Symantec gave last week: disable Jet or block .mdb files at the gateway.

Source: Update: Microsoft admits it knew about, didn't patch, bugs

SANS Internet Storm Center - DST hype

cmosby — Sat, 10 Mar 2007 05:00:00 GMT

DST hype
Published: 2007-03-10,
Last Updated: 2007-03-10 18:38:01 UTC
by Swa Frantzen (Version: 2)
With last minute -pun intended- patches for the DST change being released in the last few days, it's now too late to panic and go about breaking more than what you'll fix.
Let's look ahead at what's likely to be going to happen if you are in or are dealing with others in an affected area:

Machines that got patched, including patches for applications keeping their own independent timezone information will likely work without a hick-up.
Home machines missing an update, or not being supported likely will end up on the wrong time, just as the rest of the house, car and phone. Users know how to update the time (well those that aren't owners of VCRs with a perpetual blinking 00:00 on it anyway). Even so, the impact of this will be mostly negligible.
Businesses might have meetings, conf. calls etc where participants end up turning up on the wrong time. Simple reminders and rescheduling can fix this, nothing earth shattering will happen. And if you're working in large international businesses this mess happens more often at every DST change where the different continents don't sync the changes, where the southern hemisphere changes in the other direction etc.
Time sensitive applications in businesses that are still using local time might go wrong. The typical applications there would be logs and access control

Logs: If you're used to dealing with days that don't have the 2 to 3 hour hour, or -worse- days where 2:30 happens twice, you're well equipped to deal with a log that 's one hour off. Just record when it got straightened out and you'll be fine. If you do need to make changes, out best suggestion is to get rid of local time. UTC rules, it has much less changes (a leap second is about the worst that happens and that can be automated) and it is independent of location, politicians feeling the need to mess with time, and DST changes.
Access control: Time based access control can be a bit more tricky but you know if after all the media attention you still don't have a plan "B" you deserve the wrath of people being mad at you for having been waiting for an hour locked out of the building. Even then it's not going not to be all that huge of an issue

Time critical systems. Well are you sure they are time critical if you run use local time? UTC rules here without a doubt!
That said, I'm sure many of you will enjoy fellow handler John Bambenek appearance on Comedy Central's Daily Show. Sorry about the ad in front, and it's time limited, so if you want to see it in a few months, it'll likely be a broken link.
GEEKS USE UTC
Anyway I've posted a new poll where you can show us you crystal ball skillz. I'll replace it overnight with one where you can tell us how it went. Enjoy!
UPDATE
Jon wrote in with a story of his supplier of punch-clocks that had needed firmware upgrades for the clocks due to the DST change and the pain he felt due to it: Not only was it hard to update the clocks, but worse the clocks started to skip an hour every day since they got update. Clearly his vendor didn't get the reasons for proper testing, or more likely ended up in that spot what I was trying to warn about in the first paragraph: "Now [it's] too late to panic and go about breaking more than what you'll fix". I feel Jon's pain and wish him a speedy recovery of his clocks and the data they collect.
--
Swa Frantzen -- NET2S

Source: SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc

SANS Internet Storm Center - DST hype

cmosby — Sat, 10 Mar 2007 05:00:00 GMT

DST hype
Published: 2007-03-10,
Last Updated: 2007-03-10 18:38:01 UTC
by Swa Frantzen (Version: 2)
With last minute -pun intended- patches for the DST change being released in the last few days, it's now too late to panic and go about breaking more than what you'll fix.
Let's look ahead at what's likely to be going to happen if you are in or are dealing with others in an affected area:

Machines that got patched, including patches for applications keeping their own independent timezone information will likely work without a hick-up.
Home machines missing an update, or not being supported likely will end up on the wrong time, just as the rest of the house, car and phone. Users know how to update the time (well those that aren't owners of VCRs with a perpetual blinking 00:00 on it anyway). Even so, the impact of this will be mostly negligible.
Businesses might have meetings, conf. calls etc where participants end up turning up on the wrong time. Simple reminders and rescheduling can fix this, nothing earth shattering will happen. And if you're working in large international businesses this mess happens more often at every DST change where the different continents don't sync the changes, where the southern hemisphere changes in the other direction etc.
Time sensitive applications in businesses that are still using local time might go wrong. The typical applications there would be logs and access control

Logs: If you're used to dealing with days that don't have the 2 to 3 hour hour, or -worse- days where 2:30 happens twice, you're well equipped to deal with a log that 's one hour off. Just record when it got straightened out and you'll be fine. If you do need to make changes, out best suggestion is to get rid of local time. UTC rules, it has much less changes (a leap second is about the worst that happens and that can be automated) and it is independent of location, politicians feeling the need to mess with time, and DST changes.
Access control: Time based access control can be a bit more tricky but you know if after all the media attention you still don't have a plan "B" you deserve the wrath of people being mad at you for having been waiting for an hour locked out of the building. Even then it's not going not to be all that huge of an issue

Time critical systems. Well are you sure they are time critical if you run use local time? UTC rules here without a doubt!
That said, I'm sure many of you will enjoy fellow handler John Bambenek appearance on Comedy Central's Daily Show. Sorry about the ad in front, and it's time limited, so if you want to see it in a few months, it'll likely be a broken link.
GEEKS USE UTC
Anyway I've posted a new poll where you can show us you crystal ball skillz. I'll replace it overnight with one where you can tell us how it went. Enjoy!
UPDATE
Jon wrote in with a story of his supplier of punch-clocks that had needed firmware upgrades for the clocks due to the DST change and the pain he felt due to it: Not only was it hard to update the clocks, but worse the clocks started to skip an hour every day since they got update. Clearly his vendor didn't get the reasons for proper testing, or more likely ended up in that spot what I was trying to warn about in the first paragraph: "Now [it's] too late to panic and go about breaking more than what you'll fix". I feel Jon's pain and wish him a speedy recovery of his clocks and the data they collect.
--
Swa Frantzen -- NET2S

Source: SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc

Google Apps Premier Edition Takes Aim at the Enterprise - eWeek

cmosby — Thu, 22 Feb 2007 05:00:00 GMT

Hmmm isnt this interesting....

Google Apps Premier Edition Takes Aim at the Enterprise
By John Pallatto
February 22, 2007
After months of testing, Google is ready to see whether businesses large and small are ready to pay to use its online suite of basic business applications, including spreadsheets, e-mail, word processing, calendars and instant messaging.
Google, which has steadily transformed itself from a search engine pioneer into a data access, Internet advertising and business application powerhouse, introduced on Feb. 22 its Google Apps Premier Edition at a cost of $50 per account per year.
The Premier Edition adds Google Docs and Spreadsheets; Gmail for mobile devices on BlackBerry; and application-level controls to Google Calendar, Gmail, Google Talk and Start Page applications that the company introduced as a free service starting in August 2006.

While the free applications were initially offered to serve small and midsize companies, the Premier Edition has collaboration and management features that will appeal to companies of all sizes, including large enterprises, said Dave Girouard, vice president and general manager of Google's enterprise group in Mountain View, Calif.
Google Docs and Spreadsheets allow multiple employees to work on the same document simultaneously and the applications keep track of all revisions and edits. The application-level control features allow administrators to set limits on how documents are shared inside and outside an organization.
Click here to read about the launch of Google's private-label apps start pages.
Google is supporting the apps with a 99.9 percent update service-level agreement in which customers will receive credits for downtime. The company is also offering 10GB of storage per user, as well as application programming interfaces to enable data migration, user provisioning and single sign-on, along with mail gateways to allow businesses to customize their e-mail service.
These features are helping to draw interest from large organizations that "have a desire for choice," Girouard said. Google is seeing a "higher level of interest from big company CIOs than we would have expected at the start," he said.
Providing basic business applications, spreadsheets, word processing and e-mail as an online service "is a big opportunity in the market that nobody has taken advantage of yet," he said.
But Girouard denied that the Premier Edition is designed specifically to take market share away from Microsoft Office. Google doesn't believe that enterprise customers will "buy any less Microsoft products" because they decide to use Google Apps. Instead they expect that companies will use Google apps as a supplement to their Microsoft Office applications and to give employees who wouldn't normally have a copy of Microsoft Office on their desktops a chance to use the Google productivity applications online, Girouard said.
Surveys have shown that more than 40 percent of the work force isn't given access to e-mail by their employers, Girouard said. Google Apps could provide an inexpensive way for employers to provide e-mail access to workers in retail or in other industries where people are not normally linked to desktop workstations, he said.
To read Peter Coffee's view on whether Google poses a serious challenge to Microsoft Office, click here.
But analysts said that the Premier Edition poses a long-term challenge to Microsoft, which has garnered huge revenues and profits from selling its Office package for hundreds of dollars a copy plus annual maintenance fees.
"This is the first time there is a compelling, low-cost, service-based alternative to Microsoft Office. And although Google isn't positioning this offering directly against Office, that's where it is headed," said Erica Driver, principal analyst with Forrester Research in Cambridge, Mass.
Next Page: Window of opportunity.
"Microsoft has a couple of years' opportunity to respond to this. But it is certainly an indicator of the direction in which Google is headed. And I fully expect [Google] to add more and more features and capabilities into this suite," Driver said.
In the next few years, said Driver, Google will focus on delivering this service to workers who wouldn't normally have access to Microsoft Office.
"But looking ahead a few years, I see this cutting into Microsoft's revenues and I also see it forcing Microsoft to consider alternative delivery mechanisms for its own products—most noticeably software as a service," she said.
Microsoft is definitely going to have to find a way to respond to the challenge posed by Google Apps over the next five years, said Jim Murphy, research director with AMR Research in Boston.
"It is the beginning of probably the most significant challenge we have seen to Microsoft on the desktop, enterprise or otherwise, in probably 10 years," when it was locked in competition with IBM over the Lotus desktop applications, Murphy said.
What do corporate executives think about Google's chances of cutting into Microsoft's Office and Live business? Find out here.
The introduction of Google Apps is "timely," he said, because enterprises will soon have to decide whether they will upgrade to the latest version of Microsoft Office.
Companies of all sizes will likely experiment with Google Apps before they decide whether to carry out the next Office upgrade. "At least it's going to interest CIOs, and they are going to look at it," Murphy said.
"In five years we'll see a more competitive environment" in the desktop applications market, Murphy said. Microsoft will at least have that much time to decide whether it can use its own experience with the Office Live applications to successfully shift into the software-as-a-service model, he said.
One company that decided to make the shift is Prudential Real Estate Affiliates, a Chicago-area franchise that employees 450 sales agents and support staff. The agency has been using Gmail for nearly a year in place of an outsourced e-mail service that performed so poorly that it had to be replaced, said Camden Daily, the group's technology director.
The agency had already worked with Google on the Google Earth and Maps projects, so it used its Google contacts to join the Gmail beta program. "We went ahead and switched, and basically everybody loved the interface ever since," he said.
Daily said he rarely gets complaints from users saying they can't access the Gmail service or are having trouble learning how to use it.
Using Gmail also saves Daily a lot of time and effort in software installation and maintenance. "We're a pretty big real estate company. But we only have a couple of people in our IT department," he said. Since all software updates and patches will be handled in Google's data center, "if a new a new update comes along, I'm not going to have to walk around and touch 50 machines to install it. I don't have to worry about patches, security problems," Daily said.
There is also a lot of interest among the agency staff in using the Google Calendar, he said. But the agency has been holding off until it finds the right synchronization utility for staffers who want to access the calendar with their BlackBerrys and other smart devices.
Check out eWEEK.com's Enterprise Applications Center for the latest news, reviews and analysis about productivity and business solutions.

Source: Google Apps Premier Edition Takes Aim at the Enterprise