Posts

iDefense announced a vulnerability today in Microsoft’s HTML Application Host (MSHTA). Note: As of today, this issue has been addressed by MS Security Bulletin MS05-016 - Make sure you’ve updated! MSHTA’s are a notorius problem and are still in use as a very convenient means of executing code on a target host. Since I have nothing better to do but clean up my place and pack all my belongings so I can move in a couple weeks, I figured I’d write up a little proof of concept. ...

I must be tired or something, but ponder this while pulling down your Monday morning donut and coffee. Imagine for just a second that Apple wifi-enables the iPod. Now the F-Secure weblog has all kinds of information about mobile phone viruses and even have a new job opening for just such a position. So, as predicted, that sector is growing quickly. Now let’s go back to the wifi-enabled iPod. Let’s assume for the sake of ease that bluetooth has also been enabled. With 4.5 million iPods sold in the last quarter of 2004 alone, the estimated iPod userbase is estimated to be around 15 million at this time. 15 million iPods. 15 million runners and joggers and iPods all talking to each other. 15 million iPods getting infected by malware and launching a DoS attack on the Internet. ouch Now let’s not be vendor-biased here. Since iPod decks out their mp3 players, all the other vendors will as well. But the virus will be smart and able to jump from mp3 player to mp3 player via bluetooth, infect it, and sit patiently waiting for orders from it’s master. ...

Perhaps I should document when I go to sleep each night…just for the fun of it! The only thing is, I do I determine when I go to sleep if it’s like 2am the next day? I’ll just have to post on the specific date. Nix that - I think I will just include both the date and time.

I found this via Scoble, but take a look at what Paul Rademacher has done with Google Maps and Craigslist! I could’ve used this a month ago, but I’m pretty happy with the place I found. I used the Apartment People here in Chicago and was pleased with their service. This is primarily due to the agent you get - I’ve heard both good and bad things. Fortunately, my agent (Susan Richter) was excellent. She was able to quickly determine my needs and tastes and show me exactly what I was looking for…even if I can be a little demanding. ;) ...

I always wondered what I might use the custom tags in wordpress for. Fitlog is a great example of what you can do - I had never even considered using wordpress to track this kind of data, but what a great idea! Now I just need some things to track… via [Robin Hastings]

Apparently, MSN Messenger 7 has been released. Wahoo. I wonder if lets you turn it off without hacking the registry now so it doesn’t fire up every single time you start up any other MS communication tool…

amanda had a question for me about my indented categories in my sidebar using the Minima Plus theme. I figured I’d make a post out of it instead of replying in the comments. I had the biggest problem getting those categories like that. I tried every combination of parameters possible and was getting nowhere. If you take a look on the Wordpress forum (specifically, this thread) you will see that other people were having similar problems. ...

If you are planning on using a base virtual machine to deploy an environment, don’t forget to sysprep your vm it in order to get a new SID, GUID, and MAC address! Otherwise, you have to use NewSID and it’s not an easy process.

I love troubleshooting. As you know I like to script, most recently with virtual server. I’ve got a set…ok, two…of scripts that create and tear down customized virtual server environments. Unfortunately, the kill script started having some problems recently. After I would run the script, virtual server would hang and a process called {% codeblock %}dw20.exe{% endcodeblock %} would start chewing up CPU and memory. Turns out dw20 is some sort of Office error reporting application. So virtual server was dying for some reason. Tracking down the virtual servers logs only resulted in the following ambiguous error: The thread "" was forcibly terminated because it did not exit after a waiting period.Not much help there. Digging in the system event logs was a little bit more help:Access denied attempting to launch a DCOM Server. The server is: {DA3111BC-1BD7-4884-A535-8470D36028F7} The user is renamed_admin/MSVS01, SID=S-1-5-21-[not]-[these]-[sorry]-500. Access denied indicates that it must be some sort of permissions error. But…I’m running as Administrator. Oh wait… I logged out and logged back in, and the kill script worked flawlessly! ...

I love those little Snyder’s Buttermilk Ranch Pretzel Pieces, but I have one word of advice if you do too. Never, under any circumstances, and I mean never snort one of those little suckers up your nose or down the wrong pipe. I am in so much pain right now. errata/buttermilk_ranch_pieces