Tag: Announcements

Smart planning: Turkey considers a move to DST, but with a two year ramp period

Post author By M3 Sweatt
Post date 14/08/2008
1 Comment on Smart planning: Turkey considers a move to DST, but with a two year ramp period

Now this is a positive move.

Turkey is considering moving to daylight saving time (as noted here).

This year, it’s business as usual, with Turkey’s DST ending at the end of October. But what is particularly important to note: if approved by the government,

“… organizations such as airlines, banks and stock exchange will be given up to two years to adapt and then implementation will begin.”

I was asked today…

“Why is this such a good move on their part?”

As noted previously here, in order to achieve more seamless transitions to new DST rules and time zones, governments should really strive to provide…

official confirmations of planned changes to DST and time zones, and
provide ample advance notice and concentrated efforts on promoting the change to the affected citizens is a requirement.

There are plenty of examples I’ve noted here on the scrambling that manufacturers, customers, enterprises and partners face when there is little or no advance notice of these types of changes. If you look at how Australia approached their upcoming change this past April (more details are available here), the national government allowed more than eight months between the announcement and the actual change. As noted on the Australia Eastern & Central 2008 Daylight Saving Changes page, the official Australian Government Time web site helped to prepare and educate end users.

As noted in my previous post, our product teams are moving to a regular update schedule, following the Windows regular cadence for publishing newly legislated DST rules and time zone updates. These semi-annual “Cumulative DST and Time Zone Updates” will be released in November/ December (to the Download Centre and via Windows Update respectively) for the coming calendar year, and in the July/August timeframe when we need a semi-annual update.

But updates are only good when customers have the appropriate time to plan and deploy.

For each, the window closes for additional updates a few months (generally four to six) prior to the release date. Our goal is that sysadmins and IT Pros can plan on rolling out and installing/ deploying these cumulative update roll-ups as they are published.

One for step for Turkey… one giant leap towards improving DST changes for customers and partners worldwide 😉

Tags: Microsoft, Daylight Saving Time, Daylight Savings Time, RSS, DST.

Share this post :

Tags Announcements, DST

Uncategorized

Of interest: Windows Live OneCare security suite to be included with many new PCs

Post author By M3 Sweatt
Post date 30/07/2008
1 Comment on Of interest: Windows Live OneCare security suite to be included with many new PCs

Of interest… OneCare to be preinstalled in new PCs from several PC manufacturers…

To address the growing security and management needs of today’s new PC user, Microsoft Corp. is working with 11 original equipment manufacturers (OEMs), including Sony Corporation of America and Toshiba Asia Pacific to preinstall trial subscriptions of Windows Live OneCare on select new PCs across North America, Europe and Asia. Windows Live OneCare provides all-in-one security and anti-malware protection for consumers and small businesses along with tools that automate and simplify PC management and performance.

New Alliances Continue Momentum for Windows Live OneCare: Manufacturers choose Microsoft’s all-in-one security suite to help protect and maintain their customers’ PCs.

Tags Announcements, news, OneCare, security

Uncategorized

Microsoft Security Advisory (956187): Increased threat for DNS spoofing vulnerability, and what you should do

Post author By M3 Sweatt
Post date 28/07/2008
1 Comment on Microsoft Security Advisory (956187): Increased threat for DNS spoofing vulnerability, and what you should do

As noted in this security advisory on TechNet…

Microsoft released Microsoft Security Bulletin MS08-037 on July 8, 2008, offering security updates to protect customers against Windows Domain Name System (DNS) spoofing attacks.

Microsoft is not currently aware of active attacks utilizing this exploit code or of customer impact at this time. However, attacks are likely imminent due to the publicly posted proof of concept and Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary.

Microsoft’s investigation of this exploit code has verified that it does not affect Microsoft customers who have installed the updates detailed in Microsoft Security Bulletin MS08-037. Microsoft continues to recommend that customers apply the updates to the affected products by enabling the Automatic Updates feature in Windows.

As noted in this article over at Redmond Developer News, this “advisory comes almost immediately after H.D. Moore, a hacker and researcher who created the Metasploit vulnerability testing framework, published the attack code in two parts on Wednesday and late Thursday. The code was posted at several security mailing lists and at the Computer Academic Underground Web site.”

As Gregg Keizer of Computerworld pointed out in his article today…

“You know a bug is big news when it makes National Public Radio‘s All Things Considered, the network’s afternoon drive-time show. That’s what happened on Friday, when Dan Kaminsky, the security researcher who uncovered a critical flaw in the Domain Name System (DNS) software used to direct traffic on the Internet, gave a synopsis of the problem and what has been done to fix it.

“What’s all the fuss? A basic flaw in the Domain Name System makes it much easier than originally thought to insert bogus information into the Internet’s routing infrastructure. Here’s how Kaminsky put it: “A bad guy has a 1-in-65,000 chance of stealing your Internet connection, and he can try a couple thousand times a second.

“By the way, this explanation by Kaminsky is among the few around we think is understandable to the DNS layman. Recommended reading.”

Yes, I agree.

As Kaminsky explains, this threat is to the system that maps your common domain name (such as www.myinternetprovider.com) to a specific IP address, the numbers you often see associated with a web site (for example, 1.160.10.240). With this exploit, “malicious people [could] impersonate almost any website on the Internet.”

I like the way that Gregg describes the issue and provides suggested actions.

So what should you do? For the most part for consumers and general users, the fixes are handled by your ISP. Gregg provides a list of several tools you can access via the Internet to test that your DNS server has been updated. The simplest way is to visit Kaminsky’s blog and click on the “Check My DNS” button under the “DNS Checker” column, as noted at right.

Turns out my “name server appears to be safe…”

That’s a relief. 😉

As noted…

“If the testing tools show that you’re vulnerable, you should contact your ISP or network administrator to ask what is being done to plug the hole.

As Kaminsky notes, based on the data collected at his website…

“From July 8th to July 9th, 4242 of 5000 tests actively run by users behind unique name servers showed that server to be vulnerable. That’s about 85%. Today, July 25th, the last 5000 tests (about the last six hours) from unique name servers show only 2503 of 5000 vulnerable — just above 50%. Now, I’m not going to deny. There’s selection bias. It’s a limited sample. There are tons and tons of unpatched ISPs. This is all true.

“You know what? A lot of people did a lot of work to make that number drop. More needs to be done, but 13 days made a difference, and it’s awesome to see it.”

But it appears that there is still some work to do…

“Apple Inc. has not yet patched Mac OS X, a fact that hasn’t escaped security researchers such as Andrew Storms of nCircle Network Security Inc. and security consultants such as Rich Mogull.

“Fortunately, noted Mogull, attacks are much more likely against Mac servers than individual Macs, so though the later are technically vulnerable, “there’s no need to panic.”

Whoops…

Microsoft Security Advisory (956187): Increased Threat for DNS Spoofing Vulnerability

Tags Announcements, security

Uncategorized

New from Windows Live: Search and Give, benefiting schools and charitable organizations

Post author By M3 Sweatt
Post date 27/07/2008
1 Comment on New from Windows Live: Search and Give, benefiting schools and charitable organizations

New from Live Search: Search And Give…

Whether it’s your local school or an effort to find a cure, Search and Give will donate a penny each time you use this page to search the Web.

How does it work?

Sign in to select a charity or school (this is easy)

Start searching from the Search & Give home page

Live Search will make the donation

Champion your cause with something you do every day – search the Web.

So far, Search And Give has raised nearly $350,000.

Tags Announcements, Search, Windows Live

Uncategorized

Advisory: New Daylight Saving Time and Time Zone updates available for Windows

Post author By M3 Sweatt
Post date 26/07/2008
2 Comments on Advisory: New Daylight Saving Time and Time Zone updates available for Windows

A quick note to let you know that Knowledge Base article http://support.microsoft.com/kb/914387 “How to configure daylight saving time for Microsoft Windows operating systems” reflects the manual changes and additions DST and TZ. KB 914387 should contain all DST changes made since RTM.

The cumulative DST packages for Windows have been released to the DLC for supported versions of XP, WS03, Vista and Server 2008.
http://support.microsoft.com/kb/951072

The next release of the 2008 Cumulative Time Zone Update for Windows (and other products) is scheduled to release in Nov/December.

The above packages will be pushed out via Windows Update next month.

More info to be available soon at Microsoft DST & Time Zone updates

Tags advice, Announcements, customer satisfaction, DST, tips, Windows Server, Windows XP