TMI Engineering Blog

2BAccessible.com Goes Live

2008-04-17T17:04:00.006-04:00

TMI Web Solutions is proud to announce the launch of 2BAccessible a website that will help bridge the gap between eCommerce and the vast untapped market of consumers with disabilities.

More than ten million Americans are visually impaired and this number is expected to grow to 30 million in ten years. While the internet is an ideal medium for these people to purchase goods and services, many websites poorly implement the established standards that would make them accessible to screen readers.

Following proper accessibility guidelines does more than just help people with disabilities navigate websites. The same standards that help screen readers parse websites also helps search engines such as Google and Yahoo! To find out how being accessible (also known as "508 Compliant") can help your website, contact the TMI Web Division at 703.505.4059

Sophos - Top 10 Malware for February 2008

2008-03-31T21:50:00.003-04:00

Sophos has released their malware statistics for the month of February.

For more information please see - http://www.sophos.com/security/top-10/index.html

Blackberry Scheduled Outage - Update!

2008-03-28T14:31:00.005-04:00

BlackBerry Infrastrcuture, database upgrade for all *NA Network subscribers. This affects all RIM customers in the Americas.

Start Date & Time: 03/29/08 06:00:00 GMT
End Date & Time: 03/29/08 10:00:00 GMT

Downtime Duration : 4 hours

BlackBerry subscribers may be unable to send or receive messages during the maintenance. Subscribers may also be unable to register their device, roam in another location, or use other services such as Internet browsing. BlackBerry Internet Service subscribers may be unable to use the BlackBerry Internet Service web site or perform activities such as creating new accounts, accessing their Internet mailbox, integrating third-party email accounts, or viewing email attachments during the maintenance. Devices may not receive new service books during the maintenance. BlackBerry Connect and BlackBerry-enabled devices that require a new PIN may be unable to receive the PIN. BlackBerry Enterprise Servers may be unable to connect to the BlackBerry Infrastructure during the maintenance.

Wireless service providers and device resellers may be unable to use BlackBerry administration web sites or perform activities such as creating subscriber accounts or provisioning services for subscribers during the maintenance.

Windows Vista SP1

2008-03-25T14:26:00.003-04:00

Windows Vista Service Pack 1 is an update to Windows Vista that addresses feedback from our customers. In addition to previously released updates, SP1 contains changes focused on addressing specific reliability and performance issues, supporting new types of hardware, and adding support for several emerging standards. Windows Vista SP1 also addresses some management, deployment, and support challenges.

Download x86 x64

Click here to see notable changes presented in SP1.

Patch Tuesday Updates - March 11th

2008-03-18T15:40:00.003-04:00

Attention:The following updates have been applied to systems supported by TMI. If you have questions about these updates please contact us at tech@tmiva.com

MS08-016 – Critical: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)

Bulletin Severity Rating: Critical - This security update resolves two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a malformed Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS08-009 - Critical: Vulnerability in Microsoft Word Could Allow Remote Code Execution (947077)

Bulletin Severity Rating:Critical - This critical security update resolves one privately reported vulnerability in Microsoft Word that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Blackberry Scheduled Outage....

2008-03-18T12:31:00.008-04:00

Research In Motion has stated that there will be a total network outage on Saturday March 22nd. This outage will occur during their normal maintenance window [2:00AM-6:00AM EDT].

This outage is scheduled for all BIS & BES users in the Americas, and will take the entire four hour window.

For more information please see DataOutages.com.

What is Patch Tuesday?

2008-03-17T22:08:00.000-04:00

Patch Tuesday is the second Tuesday of each month, the day on which Microsoft releases security patches.

Starting with Windows 98, Microsoft included a "Windows Update" system, that would check for patches to Windows and its components which Microsoft would release intermittently. With the release of Microsoft Update, this system also checks for updates to other Microsoft products, including Office, Visual Studio, SQL Server, and others

Patch deployment costs

The Windows Update system suffered from two problems, affecting opposite ends of the users scale. On the one hand, less experienced users were not aware of it, and did not run it. Microsoft's solution was to introduce the concept of "Automatic Update", which would pro-actively inform the user that an update was available for their system.

The second problem affected large deployments of Windows, such as can be found at large companies. Such large deployments found it increasingly difficult to make sure all systems across the company were all up to date. The problem was made worse by the fact that, occasionally, a patch issued by Microsoft would break existing functionality, and would have to be uninstalled.

In order to reduce the costs related to the deployment of patches, Microsoft introduced the concept of Patch Tuesday. The idea is that security patches are accumulated over a period of one month, and then dispatched all at once on an anticipated date which system administrators can prepare for. This date was set not too close to the beginning of the week, and yet far enough from the end of the week to allow any problems that may arise to be resolved before the weekend. System administrators can mark the second Tuesday of the month as the "day in which machines are updated", and plan accordingly. The name "Patch Tuesday" has been in use since the third quarter of 2004. It is becoming synonymous for the day any software vendor issues a vulnerability patch. Some editors/analysts talk about "Exploit Wednesday" as the day after, or even "Day Zero" immediately following the update, when hackers can launch attacks against the newly announced vulnerabilities.

Security implications of Patch Tuesday

The most obvious security implication is that security problems that have a solution are withheld from the public for a period of up to a month. Implicitly, this policy assumes that most attacks use information reverse engineered from the security patches that fix the vulnerability, rather than true "Zero day attack" exploits. It is unknown to what extent this assumption is true.

In the past, there were some cases where either vulnerability information or actual worms were released to the public a day or two before patch Tuesday. This does not leave Microsoft enough time to incorporate a fix for said vulnerabilities, and thus, theoretically, leave a one month window for attackers or the worm to exploit the hole, before a patch is available to formally fix it. This phenomenon is unrelated to Exploit Wednesday.

Exploit Wednesday

Many exploits are seen shortly after the release of a patch. By analyzing the patch, exploit developers can more easily figure out how to exploit the underlying vulnerability. Therefore the term "Exploit Wednesday" was coined. Also, starting to abuse an exploit on this day gives malicious code writers the longest period of time before a fix is supplied to users. Malware authors can sit on a new exploit until after a given patch Tuesday, knowing that there will be an entire month before Microsoft releases any patch to fix it.

Other consequences

Immediately following Patch Tuesday, millions of computers are rebooted within a short period of time. This causes an exceptional strain on other internet companies. For example, in August 2007, Skype experienced a two-day outage following Patch Tuesday.

For more information see...

From : Wikipedia

Welcome to TMI's Engineering Blog....

2008-03-17T21:51:00.000-04:00

Evening,

This is the first of what will hopefully be many posts. We will be using this blog as a means to communicate critical updates, outages and news.

We hope that you will take advantage of this blog and come to take advantage of it's information.

Joshua Morehouse