Archive for September, 2010
An update to Adobe® Flash® Catalyst™ CS5 is now available on Labs. This extension provides designers have an easy way to build interactive portfolios, user interfaces and other interactive content without writing code.
Codename Cirrus (previously codename Stratus) enables peer assisted networking using the Real Time Media Flow Protocol (RTMFP) within the Adobe Flash® Platform.
Stuxnet continues to be a hot topic. Here are answers to some of the questions we’ve received.
Q: What is Stuxnet?
A: It’s a Windows worm, spreading via USB sticks. Once inside an organization, it can also spread by copying itself to network shares if they have weak passwords.
Q: Can it spread via other USB devices?
A: Sure, it can spread anything that you can mount as a drive. Like a USB hard drive, mobile phone, picture frame and so on.
Q: What does it do then?
A: It infects the system, hides itself with a rootkit and sees if the infected computer is connected to Siemens Simatic (Step7) factory system.
Q: What does it do with Simatic?
A: It modifies commands sent from to the Windows computer to the PLC. One running on the PLC, it looks for a specific factory environment. If this is not found, it does nothing.
Q: Which factory is it looking for?
A: We don’t know.
Q: Has it found the factory it’s looking for?
A: We don’t know.
Q: What would it do if it finds it?
A: It makes complex modifications to the system. Results of those modifications can not be deducted without seeing the actual environment. So we don’t know.
Q: Ok, in theory: what could it do?
A: It could adjust motors, conveyor belts, pumps. It could stop a factory. With right modifications, it could cause things to explode.
Q: Why is Stuxnet considered to be so complex?
A: It uses multiple vulnerabilities and drops it’s own drivers to the system.
Q: How can it install it’s own driver? Shouldn’t drivers be signed for them to work in Windows?
A: Stuxnet driver was signed with a certificate stolen from Realtek Semiconductor Corp.
Q: Has the stolen certificate been revoked?
A: Yes. Verisign revoked it on 16th of July. A modified variant signed with a certificate stolen from JMicron Technology Corporation was found on 17th of July.
Q: What’s the relation between Realtek and Jmicron?
A: Nothing. But they have HQs in the same office park in Taiwan.
Q: What vulnerabilities does Stuxnet exploit?
A: Overall, Stuxnet exploit five different vulnerabilities, four of which were 0-days:
Print Spooler (MS10-061)
Server Service (MS08-067)
Priviledge escalation via Keyboard layout file
Priviledge escalation via Task Scheduler
Q: And these have been patched by Microsoft?
A: The two Priviledge escalations have not yet been patched.
Q: Why was it so slow to analyse Stuxnet in detail?
A: It’s unusually complex and unusually big. Stuxnet is over 1.5MB in size.
Q: When did Stuxnet start spreading?
A: In June 2009, or maybe even earlier. One of the components has a compile date in January 2009.
Q: When was it discovered?
A: A year later, in June 2010.
Q: How is that possible?
A: Good question.
Q: Was Stuxnet written by a government?
A: That’s what it would look like, yes.
Q: How could governments get something so complex right?
A: Trick question. Nice. Next question.
Q: Was it Israel?
A: We don’t know.
Q: Was it Egypt? Saudi Arabia? USA?
A: We don’t know.
Q: Was the target Iran?
A: We don’t know.
Q: Is it true that there’s are biblical references inside Stuxnet?
A: There is a reference to Myrtus (myrtle plant). However, this is not “hidden” in the code. It’s an artifact left inside the program when it was compiled. Basically this tells us where the author stored the source code in his system. The specific path in Stuxnet is: \myrtus\src\objfre_w2k_x86\i386\guava.pdb. The authors probably did not want us to know they called their project “Myrtus”, but thanks to this artifact we do. We have seen such artifacts in other malware as well. The Operation Aurora attack against Google was named Aurora after this path was found inside one of the binaries: \Aurora_Src\AuroraVNC\Avc\Release\AVC.pdb.
Q: So how exactly is “Myrtle” a biblical reference?
A: Uhh…we don’t know, really.
Q: How does Stuxnet know it has already infected a machine?
A: It sets a Registry key with a value “19790509″ as an infection marker.
Q: What’s the signifigance of “19790509″?
A: It’s a date. 9th of May, 1979.
Q: What happened on 9th of May, 1979?
A: Maybe it’s the birthday of the author? Then again, on that date a Jewish-Iranian businessman called Habib Elghanian was executed in Iran. He was accused to be spying for Israel.
Q: Is there a link between Stuxnet and Conficker?
A: It’s possible. Conficker variants were found between November 2008 and April 2009. First variants of Stuxnet were found shortly after that. Both exploit the MS08-067 vulnerability. Both use USB sticks to spread. Both use weak network passwords to spread. And, of course, both are unusually complex.
Q: Is there a link to any other malware?
A: Some Zlob variants were the first to use the LNK vulnerability.
Q: Disabling Autorun in Windows will stop USB worms, right?
A: Wrong. There are several other spreading mechanisms USB worms use. The LNK vulnerability used by Stuxnet would infect you even if Autorun and Autoplay were disabled.
Q: Will Stuxnet spread forever?
A: The current versions have a “kill date” of June 24, 2012. It will stop spreading on this date.
Q: How many computers did it infect?
A: Hundreds of thousands.
Q: But Siemens has announced that only 15 factories have been infected.
A: They are talking about factories. Most of the infected machines are collateral infections, ie. normal home and office computers that are not connected to SCADA systems.
Q: How could the attackers get a trojan like this into a secure facility?
A: For example, by breaking into a home of an employee, finding his USB sticks and infecting it. Then wait for the employee to take the sticks to work and infect his work computer. The infection will spread further inside the secure facility via USB sticks, eventually hitting the target. As a side effect, it will continue spread elsewhere also. This is why Stuxnet has spread worldwide.
Q: Anything else it could do, in theory?
A: Siemens announced last year that Simatic can now also control alarm systems, access controls and doors. In theory, this could be used to gain access to top secret locations. Think Tom Cruise and Mission Impossible.
Image Copyright (c) Paramount Pictures
Q: Did Stuxnet sink Deepwater Horizon and cause the Mexican oil spill?
A: No, we do not think so. Although it does seem Deepwater Horizon indeed did have some Siemens PLC systems on it.
Q: Does F-Secure detect Stuxnet?
Note: We have learned many of the details mentioned in this Q&A in discussions with researchers from Microsoft, Kaspersky, Symantec and other vendors.
Video from Virus Bulletin 2010 where Symantec researcher Liam O’Murchu demonstrates a proof of concept Stuxnet-like SCADA modification that changes the operation of an air pump.
On 01/10/10 At 02:55 AM
Hi, I am Roby Kurian, Product Manager for Outlook. In 2007, I graduated from University of Washington (go Huskies!). While in school, I used Outlook to send and receive messages with the UW’s email system, but I never made use of Outlook’s rich features. I wish I knew then what I know now. I want to introduce some features in Outlook 2010 that can make your life as a student easier.
Manage multiple mailboxes with Outlook
Chances are you have more than one email account — a school account, and one or more personal accounts. Do you login to multiple sites to check your messages? With Outlook 2010, you can view all your accounts all in one place.
To get started, click the File tab which opens the new Backstage view. Click Add Account and then follow the step-by-step instructions for adding your email account to Outlook. For most accounts, all you need to know is your email address and password.
I’ve added my Windows Live Hotmail account to Outlook in addition to my corporate Microsoft mailbox. Now I can easily view messages and contacts from both accounts in Outlook. I love the convenience. If you use multiple accounts with Outlook, leave a comment below and tell us about your experience. You can find more set up instructions, on Office.com.
Facebook updates in Outlook
When you receive new messages, you can also catch up with the sender’s status updates on Facebook using the Outlook Social Connector. The Social Connector lets you view updates from your favorite social networks such as Facebook, LinkedIn, MySpace and Windows Live Messenger without leaving Outlook. The People Pane appears beneath the Reading Pane and displays updates from social networks, as well as messages, meetings, and file attachments that you and the recipient have exchanged.
To connect to your favorite social networks, download the provider add-ins from Office.com.
The Outlook Social Connector is included in Outlook 2010. If you’re using Office Outlook 2007 or Office Outlook 2003, there’s a download available so you too can start using the Outlook Social Connector.
Scheduling made easier
When working on a group project, do you find yourself in endless email threads trying to agree on a meeting time that works for everyone? Wouldn’t it be easier if you could see everyone’s calendars before proposing the meeting time?
The calendar sharing and publishing feature in Outlook can help. With calendar sharing you can share your calendar or publish your calendar online.
We understand privacy is important, so you control access, time span, and the amount of details that are shared in your calendar. Learn more about calendar sharing and publishing on Office.com.
Send us feedback
We also enjoy hearing how Outlook is helping make you more productive. Students, leave us a comment below about how you use Outlook at school.
Sr. Product Manager, Microsoft Outlook
So many Office customers ask about watermarking that we’ve gathered the best answers here–links to our top instructions for using watermarks in Word, PowerPoint, Publisher, and Excel. (Excel doesn’t have an actual watermark feature, but you can still create watermarks in Excel using photos or words.)
Not sure what we mean by watermarks? Not to be confused with backgrounds, which fill the entire page, watermarks are usually ghosted words, such as DRAFT, COPYRIGHT, CONFIDENTIAL, or the company or creator’s name, placed on photos and documents. But watermarks can also be images, logos, or photos.
Today’s guest blogger is Access MVP Thomas Möller, an Access MVP since 2007, and an avid developer of Add-Ins to enhance Access and the VBA Editor. Check out his website at http://www.team-moeller.de/en/.
When coding, it’s easy to make small mistakes. Usually these types of mistakes have no direct effect; the code runs and everything appears to be OK. That makes this situation so dangerous.
Over the years, you collect a lot of experience when coding. If you later review the code you wrote years ago, you surely will see potential for improvement. When you take over an application someone else has written, the situation becomes even more confusing. Here, your success depends on how well your predecessor has complied with the rules and general knowledge.
If you want to gain a quick overview of potential errors, you can use the free TM VBA Inspector. This add-in lets you browse the entire VBA code of an application for potential errors.
Because there are different views about what constitutes an error and what not, you can toggle every single failure in the Options dialog to fine-tune the TM VBA Inspector to your individual needs and your own coding style.
TM VBA Inspector provides the following possibilities:
- Detailed list of all "errors" found in the VBA code.
- By double clicking on an "error" you jump to the corresponding line in the VBA code.
- Your settings in the Options dialog box determine which errors will be reported.
How to install TM VBA-Inspector?
You can download the TM VBA-Inspector from this location:
http://www.team-moeller.de/en/?Add-Ins:TM_VBA-Inspector. The Add-In is free of charge, and has been tested to work with Access 2000 through Access 2010.
Unzip the file and run the *.msi-package. This will install the Add-In on your system. Note that you might need to confirm Yes to install prompts if Windows User Account Control is on.
How to start TM VBA-Inspector?
There are three ways to start the tool. You can either choose TM VBA-Inspector from the Add-Ins menu, or you can start TM-VBA-Inspector from the context menu of any code window. In these two cases the main window of the Add-In will open.
The third way is to select a module in the Project Explorer. Then start TM VBA-Inspector from the context menu. In this case the TM VBA-Inspector will start directly with the inspection of the selected module.
How to work with TM VBA-Inspector?
Select the tests you want to run from the Options dialog. Then start the audit of your VBA project by clicking on the Refresh button.
Step by step, the hints are entered into the result list. Depending on the size of your project, the audit might take several minutes. You can interrupt the audit at any time by clicking the Stop button.
By double-clicking an entry in the result list you switch directly to the appropriate place in the VBA code. There you can start immediately eliminating the identified errors.
A couple of weeks ago I wrote a post offering some ideas and templates for back-to-school time. I don’t know about you, but when I send my very young daughter off to school, it is with a mix of joy and trepidation. I have the same feelings when I leave her with a sitter for the evening. What if something happens? What if I can’t be found? (Breathe, Crabby, breathe.)
You can put your fears to rest a little by just making sure that your family’s emergency information is gathered together in a format that is easy to read, easy to change, and easily available. Of course, Office templates can help out with that
First impressions are hugely important; no less so than when a visitor to your website decides to deepen their relationship with your business by joining your mailing list. How you welcome them is a key first step in establishing that relationship.
Here is a collection of over 50 great looking welcome emails — mostly from online retailers — that use imagery, design, copywriting, and often an enticing offer to thank consumers for ‘joining their club.’
I’d love to add to this collection. If you have any examples I should check out, please let me know in the comments.
This week’s post is written by Amy Miller. Amy is a writer for Office.com.
For many of us, our kids are now back in school, and the reality of packed lunches, homework assignments, and hectic schedules are a new reality. If you’re a teacher, your life just got extra busy too. Juggling your own life, along with that of your children, can be a daunting task. And keeping a classroom of kids (or, shudder, teenagers) running smoothly is time consuming. Luckily, Excel is here to Help!
Many people don’t realize the wealth of Excel templates that are available for free on Office.com. Yes, you read that right….FREE! Accessing and downloading them is simple, and you can either fill them out as is, or modify them to fit your own needs. Here’s a great video that walks you through the process step-by-step.
Now that the school year has started again, I thought I’d point out the back-to-school templates you might find especially useful. To sift through the free downloads yourself:
1. In Excel, click the File tab, and then click New.
2. In the Search Office.com for templates box, type your query, for example “school”, and then press ENTER to start your search.
3. To see a preview, c lick the image of the template you’re interested in (it will appear on the right side of the screen), and if you like what you see, click Download.
4. Start filling out that form!
You’ll notice that a lot of the available templates are for Excel 2003 and Excel 2007, but you can still open and use them in Excel 2010. Note that many of these templates are added by community members, so we expect more 2010 templates to be uploaded as more people make the jump to the new version. Speaking of which, if you’ve created a great school template in Excel, why not share it with others by submitting it to Office.com?
And to help save you even more time, here are a few templates you might find extra useful:
· Weekly family calendar (My new favorite! Keep track of where everyone needs to be at any given time during the week)
· Homework schedule (A great way for busy students to track their homework assignments)
· Weekly class schedule (Parents, help your new junior high and high school students juggle their busy class schedules)
· Electronic gradebook template (elementary school) (A detailed template for teachers to track student grades)
· Weekly class attendance record (Keep track of how many days this week Little Timmy made it to school)
· Education credits tracker (Teachers, track your continuing education credits here)
Using these templates instead of creating your own version might just save you some of that precious time that suddenly seems so elusive.
Finally, if in your copious amounts of spare time you’ve daydreamed about school-related Excel templates you wish you had, shout ‘em out in a comment below. The Office.com Templates team is always looking for good ideas and I’d be happy to pass yours along.
Adobe® ActionScript® Code Coverage Plug-in for Adobe Flash® Builder™ helps ActionScript and Adobe Flex® developers understand exactly what code is executed while an application is running. When added to Flash Builder, the plug-in provides a new Eclipse perspective that allows you to start/stop the code coverage tool, view generated reports, examine source code and save/load reports.
The ActionScript Code Coverage Plug-in for Flash Builder can be used with applications developed in ActionScript 3, optionally using either Flex SDK 3.x or Flex SDK 4.x, targeting both Adobe Flash Player and Adobe AIR®. A trial or licensed version of Adobe Flash Builder 4 Premium is required to use the ActionScript Code Coverage Plug-in.