[ March 2008 ]

So it's with much interest that I noted that only 1 person ( out of 30 ) responded to my email a few weeks ago regarding the vmsplice exploit, which takes advantage of a bug in the linux kernel to gain root privileges. Of course, with all the unpatched machines around, it didn't take long for a server to be compromised ( in part due to low password security ). This lax attitude to security is not only visible in in the computing field - it's seen in the way people use their bank cards, their level of awareness of their personal security and the way they use the personal identifying information. When you have important business information available on a server, one should be taking all steps to make sure that information is protected. Another side of compromised systems is the cost involved:

1. your bandwidth is often used at a prodigious rate, leading to capped accounts and more purchases
2. it costs money to get someone to clean out the infection ( if that is at all possible - sometimes a new installation is called for )
3. time is money, and a compromise like this is likely to lead to quite a bit of downtime
   

Luckily on this occasion, no data was compromised but it took quite a bit of time to clean out the compromise and all the associated files that come along with it. By taking a few precautions and making sure that all your systems are protected correctly, you can save yourself a lot of money and time in the long term. Take a look at the following article on the costs of security breaches:

The Cost of Security Breaches

 OpenOffice 2.4 was released this Thursday past and brings with it a lot of improvements and additions for a point release. Among these are:

• Base now has support for MS Access 2007 ( full MS Office OOXML support coming with release 3.0 )
• usability improvements in printing
• enhancements to PDF handling ( OO creates ISO-spec PDF out of the box )
• default font is now DejaVu which supports more languages than the previous font
  
• Writer now has an easier selection of language for spellchecking ( much welcomed! )
• Chart, Calc and Draw all include numerous usability improvements

If you haven't tried OpenOffice before and are looking for a free and compatible solution to the high cost of MS Office, then give OO and try - it quite easily coexists with MS Office on a pc. Here are the download links:

OpenOffice 2.4 download

Please note there is an option ( default ) to include the Java JRE package - if you already have Java on your machine, you can deselect this option and save some download time. 

The international ISO fast-track vote on whether or not Microsoft's OOXML format should be adopted as an ISO standard is due for completion this week. After Microsoft's ( illegal some would say ) antics during the previous round of voting, one might have thought they'd let the process run its course this time, but it appears that Microsoft knows its format can't stand on its own two feet, and is trying all sorts of interesting things to get its standard passed.

The following is just a sample:

• We have already mentioned the letter from Tomasz Schweitzer, president of PKN in which he asked KT 182 (technical committee responsible for OOXML standardisation process in Poland) to “abstain from voting” in case of not achieving a consensus over OOXML during the (Thursday’s) meeting. The letter was sent on February 26, 2008 to KT 182 chairman, Elżbieta Andrukiewicz and was supposed to be distributed among the KT 182 members (it was addressed to the chairman and all the members). However, a source close to KT 182 revealed that no one in the committee knew about the letter since Andrukiewicz didn’t even bother informing the members about the letter and replied to Schweitzer on her own. The PKN president was so surprised that Andrukiewicz decided not to distribute it that he made the letter available on the Internet. Just to remind you, on Thursday’s meeting 12 members voted for OOXML, 10 members voted against it and 2 abstained from voting. As the consensus has not been achieved, Andrukiewicz decided that the voting should continue by e-mail and all the missing members should be allowed to vote. What she did not mention is that if the missing members fail to send her an e-mail with their stance, it will be automatically assumed they vote yes. This is one of the crazy rules of PKN process of opinioning new ISO standards.
• OOXML supporters anonymously registered a domain similar to the Document Freedom Day domain in order to, much like many Porn sites, exploit user confusion and to fool visitors into their site. This technique is a redirection scam which, according to the explanation given by the Online Internet Institute, takes place
• when you go to one URL and are automatically transferred to another URL. It further explains that it
• doesn't always send you to a porn or gambling site and that
• it could be a scam to lure you to places you had never intended to go.
• At the meeting held on 20th March 2008, we were informed that Microsoft has complained to the Ministry of Consumer Affairs and to the apex office of the country about the constitution of the committee and also cast aspersions on the impartiality of the chairperson of LITD15, Mrs. Neeta Verma. The chairperson was furious and offered to step down from her post. She pointed out that the committee has met numerous times and Microsoft never brought this issue up in front of the committee nor did they check the facts with her or her organization before complaining to the apex office. I do not have a copy of their complaint but am assuming that their complaint is that the committee is packed with supporters of ODF. Mrs. Verma was persuaded to stay back only after all the other members requested her to stay. After that, Dr. Arora of CSI displayed great statesmanship by asking the Microsoft representative if Microsoft would like to withdraw its complaint ...
• The British Standards Institute (BSI) looks set to reverse its position on Microsoft's Office Open XML (OOXML) file format by approving it as an international standard. "A source close to the matter told The Register today that the technical group chaired by Francis Cave and assigned to make recommendations to the policy making panel overwhelmingly came out five to one in favour of OOXML... and this all the while the UK government's strategic organisation BECTA, continues to compaign against closed standards and proprietary software in schools througout the UK
  

Meanwhile, the president of the European Academy for Standardisation, Tineke Egyedi, is critical of OOXML being made a standard when ODF exists already, and she believes duplicative standards conflict with WTO rules. Besides this, it appears that very little has changed since the last round of voting in terms of the changes to the spec itself - which is mind blowing. Essentially, Microsoft wants to get the spec passed this time through manipulating the system rather than making the changes that were required. But then they know quite well that it would be impossible in this short period to effect these changes. So the final question is, if this is such a large and time-consuming spec, why is it being fast-tracked?

Eskom's power issues have been hitting the IT sector (  amongst others ) quite hard recently and it's becoming more and more normal for smaller companies to have some sort of electrical backup for their IT systems. The two main items that are used, are UPSs and inverters. There are 2 types of UPSs available:online and line-interactive. Line-interactive UPSs are generally cheaper as they do not continuouly supply power to the load but only when there is either a lowering in input voltage or the AC has gone completely. They do not really provide any protection of equipment either when AC is available.

Online UPSs are quite a bit more expensive because the load is essentially protected all the time. In addition, they provide a lot of protection in areas such as line voltage quality and brown/blackouts. UPSs do not provide a long runtime generally for their capacity and are therefore more useful in situations where you'd like the load to be shutdown safely when a power issue occurs.

Inverters take a DC signal ( eg. from a battery ) and convert it to AC for use by computing and other equipment. These also vary in price considerably depending on the type of inverter. Some more sensitive equipment ( such as the switch-mode power supplied in computers ) are susceptible to breakage when being used with an inverter that does not put out a pure sine wave signal. Cheaper inverters tend to provide non-pure sine wave output which could lead to problems so sometimes it's worth the extra cost to purchase inverters that provide a proper sine wave signal. Inverters are often used in applications where long runtime is required and therefore more batteries are supplied in these scenarios.

Inverters and UPSs provide the following safety features for your sensitive computer equipment:

• indicate to the load that a problem has occurred and give the load the opportunity to switch off in a controlled manner
• protect the load against unusual electrical supply issues such as brown outs and low voltage
• provide long runtimes in situations where these are needed in the absence of AC
  

It appears that many people are still too quick to forward on chain emails generally because they sincerely believe the content of that email. When you've received an email that requests to be sent on, then it's more than likely to be a chain letter, especially under the following conditions:

• something bad will happen if the email is not sent on
• it predicts a problem is going to occur ( eg. a new virus has been found )
• it features 'commentary' by 'experts'

And there are chain emails with local content as well - a number of supposed police briefs concerning certain types of crimes have been circulating the last year. The local police would not use bulk email for this purpose and have soundly debunked these emails.

Please make use of a hoax listing site to check the validity of emails before passing them on and then even, use your sound judgement to determine whether it is valid or not. The following sites offer guidance:

hoaxbusters

vmyths

Many chain emails are carriers of viruses and trojans, and by sending these on, you are unwittingly aiding the possible infection of other systems and propagation of malicious code.

Meanwhile, there has been a large increase in the number of websites recently that are hosting malicious code that can infect your pc. Many of these are Fortune 500 companies' sites so don't let the fact that you're on a prominent site lead you to a false sense of security. Always keep your guard up. In addition, you can take the following steps to safeguard yourself:

• keep your operating systems and applications up to date - install updates provided by the vendor
• if you are not using at minimum IE7 then switch to a more secure browser eg. Firefox
• make sure the SSL certificate displayed matches the site you are on when doing online shopping, banking or ecommerce ( always check it )
• keep your anti-virus definitions up to date
  
• do not respond to requests for personal information or validation through your email - these can be phishing and pharming attacks