Windows Home Server - 27th November Update

After installing the November update you will notice that your network health turns red on your home server. With the November update, you can now get a trusted SSL certificate for your .HomeServer.com domain name. If you have already set up remote access, you will need to quickly unconfigure your existing domain name and re-run Setup to acquire an SSL certificate for your HomeServer.com domain name.



How to turn on back Windows Live domain?
- To reconfigure your domain name, open your Windows Home Server Console and click the Settings button.
- Once the Settings are open, click the Remote Access.
- As you can see, the Domain Name Status still informs you that it is working. Your Remote Access page should still be viewable away from your home. However, a trusted SSL certificate has not been setup as the earlier Network Health notification informed you.
- To complete the setup, click the Unconfigure button. After clicking the Unconfigure button, it will change to a Setup button. Click the Setup button to install a trusted SSL certificate for your HomeServer.com domain name.
- Once the Setup button has been clicked, the Domain Name Setup Wizard will open. Click the Next button to continue.
- The Domain Name wizard will ask you to verify your Windows Live ID that you previously used to setup your personalized HomeServer.com Domain. Type in your Windows Live E-mail Address and Password and click Next.
- The Domain Name wizard will display all registered names linked to your Windows Live account that you just entered. Select the correct domain name and click Next.
- Click Done.

Your Domain Name Status should display Working if you have followed these steps.

Windows Home Server corrupts files

When you use certain programs to edit files on a home computer that uses Windows Home Server, the files may become corrupted when you save them to the home server.

Several people have reported issues after they have used the following programs to save files to their home servers:
- Windows Vista Photo Gallery
- Windows Live Photo Gallery
- Microsoft Office OneNote 2007
- Microsoft Office OneNote 2003
- Microsoft Office Outlook 2007
- Microsoft Money 2007
- SyncToy 2.0 Beta

Researchers hack and crack Microsoft wireless keyboards

Weak encryption used by Microsoft Corp.'s wireless keyboards can be cracked in a matter of moments, a pair of Swiss security researchers said yesterday. Giving hackers a way to snatch passwords and financial account information in real-time and from a distance away.

Max Moser and Philipp Schrodel, of the Swiss security company Dreamlab Technologies AG, cracked the one-byte encryption key used by Microsoft's Optical Desktop 1000 and 2000 keyboards, Moser said, then eavesdropped on keystroke traffic using an inexpensive radio receiver and a few inches of copper wire. "All we need is about 30 characters," Moser said, referring to the number of keystrokes necessary for analysis, "and we can decipher the text."

Armed with a radio receiver that costs less than $80 and a copper-wire antenna, Moser and Schrodel were able to sniff out and pull in wireless signals between keyboards and computers from as far away as 33 feet. Walls and windows were no obstacle. "You could sit in a car across the street from an office," said Moser, "and point the antenna at a building on the other side of the street." With a longer antenna -- perhaps hidden inside a larger vehicle, such as a truck -- the range could be boosted to more than 130 feet.

Once the data packets transmitted from keyboard to computer have been pinched, it's a simple job to crack the code. Microsoft's wireless keyboards use a one-byte encryption key that provides only 256 possible key values for each keyboard and its associated receiver, the part that plugs into the PC. "We try every one of those for each keystroke, and then compare them to wordlist in combination with a weighted algorithm," said Moser. "It only takes about 30 keystrokes to recover the encryption key."

From there, anything typed on the hacked keyboard shows up in a separate window in the sniffer/decoder software the two researchers crafted. They were even able to grab keystrokes from multiple keyboards simultaneously, with each keyboard's results appearing in a separate window.

Gates: Next IE to be IE8

Bill Gates confirmed that Microsoft will call its next browser Internet Explorer 8, though Microsoft isn't sharing much else, such as the obvious questions: When will it arrive and what features will it have?

The confirmation came during his speech at the "Mix and Mash" conference taking place this week in Redmond, Wash. In a posting on the IE blog, Microsoft general manager Dean Hachamovitch jokes about some of the names Microsoft ruled out, such as "IE 7+1" and "IEVIII."

But, seriously, folks don't care about the name. They care about features and timing. Don't you guys agree with me?

LogMeIn releases remote control for Macs

LogMeIn has began offering a version of its remote-access service for Mac users. Once installed, LogMeIn Free for Mac allows a computer to be controlled from another computer via a Web browser.

The company is also releasing a beta version of LogMeIn Rescue for Mac for support technicians performing long-distance control and repair.

Both new LogMeIn tools work with Macs running OS 10. 4 Tiger and 10.5 Leopard operating systems. Users can access their Macs from browsers on computers running Windows, Mac, and Linux operating systems, as well as on the iPhone and other compatible handhelds.

For all the LogMeIn supporters, this is a great news especially to those who have Mac at home or at work.

Windows DNS Flaw Is Back

Microsoft said Monday that a flaw in the way its Windows operating system looks up other computers on the Internet has resurfaced and could expose some customers to online attacks.

The flaw primarily affects corporate users outside of the United States. It could theoretically be exploited by attackers to silently redirect a victim to a malicious website.

Microsoft originally patched this flaw in 1999, but it was rediscovered recently in later versions of Windows and was then publicized at a recent hacker conference in New Zealand.

The bug has to do with the way Windows systems look for DNS (Directory Name Service) information under certain configurations.

Any version of Windows could theoretically be affected by the flaw, but Microsoft issued an advisory Monday explaining which Windows configurations are at risk and offering some possible workarounds for customers. The company said it is working to release a security patch for the problem.

Here's how the attack would work: When a Windows system is specially configured with its own DNS Suffix it will automatically search the network for DNS information on a Web Proxy Auto-Discovery (WPAD) server. Typically this server would be a trusted machine, running on the victim's own network.

WPAD servers are used to cut down on the manual configuration required to get Windows systems working on the network. DNS suffixes are used to associate computers with certain domains of the network and to simplify administration.

To make it easier for the PC to find a WPAD server, Windows uses a technique called DNS devolution to search the network for the server. For example, if an IDG PC was given a DNS suffix of corp.idg.co.uk, it would automatically look for a WPAD server at wpad.corp.idg.co.uk. If that failed, it would try wpad.idg.co.uk and then wpad.co.uk. And that's where the problem lies: by looking for DNS information on wpad.co.uk, the Windows machine has now left the IDG network and is doing a DNS look-up on an untrusted PC.

This flaw only affects customers whose domain names begin with a "third-level or deeper" domain, meaning that even with the DNS suffix, users on networks like idg.com or dhs.gov are not affected.

Attackers who registered "wpad" domains within second-level domains such as co.uk or co.nz could redirect victims to malicious Websites without their knowledge, something called a "man in the middle" attack. A victim might think he was visiting his bank's Website, but in reality, he could be sent to a phishing site.

18SX USB thumb drive

Check out this very cool, cute and funny USB thumb drive (also known as pen drive). Hope everyone enjoying this video clip.

New variant of MSN worm found!

This week a new variant of MSN worm was found! MSN Cleaner doesn't really works anymore. For those who using MSN/Windows Live Messenger, please take note of this.

I tested and MSN Cleaner did not managed to detect the main host file. MSN Cleaner only managed to clean the so called ‘spreading’ files which usually detect as imageXX.zip.

Finally, I have to use Hijackthis to scan and remove it.