All of you know my opinions on Microsoft and security. Normally the security problems Microsoft products have are the result of sloppy programming (and are relatively easy to fix), but every once in a while we get a serious design flaw.

This is one of those cases. Read on for details The link provided below gives intricate details, and I recommend any technically oriented (whether you are a programmer or not) person to read it. If you don’t write win32 code, you won’t get it all, but the implications are still clear.

The article describes a simple manner that any user no matter how few privileges they have on a Window’s desktop can get LocalSystem (effectively administrator) privileges.

I am just stunned at the simplicity of this hole, and the fact that I agree with the author that it probably can’t be fixed.

Exploiting design flaws in the Win32 API for privilege escalation.

It was a good weekend. I got to go to Lowe’s, twice even. Elizabeth has wanted a new desk for a long time now. Several months back we settled on a design (or at least a shape for the top). That was done maybe three weeks ago but we were having difficulty in designing the legs. Elizabeth finally decided on building a set of small shelves to be the “legs” of the desk. So we went to Lowe’s on Saturday to get the materials.

So Saturday I built the units, and finished them on Sunday. Of course it required another trip to Lowe’s to get a palm sander (Dewalt DW411K 1/4 sheet sander, to be exact) since I was really sick of hand sanding all of the parts.

So it needs a little more sanding, and then Elizabeth gets to polyurethane it.

Elizabeth has good ideas. the 11th is my birthday.

But Elizabeth decided to make this more fun. On the 1st of this month, she put out all of my presents (11 to be exact) and said I could open 1 present a day until my birthday. It has been lots of fun.

PC building, LEGO style

Somebody with too much time on their hands (Not a read for people who are disturbed by strange things being done to reddy bears).

And everyone’s favorite

The really big button that doesn’t do anything

Link

Turn a game console into an inside out hacker tool for black bag jobs.

Neat :)

GODLEY, Texas (Reuters) – An argument over who was going to heaven and who was going to hell ended with one Texas man shooting another to death with a shotgun, police said Monday.

CNN

I guess they settled that argument…..

You probably have all heard of the “Left Behind” series. Here is an article from Salon on the latest installment and how it applies to the cultural landscape of the US.

A quote to get you started:

“So the rest of us can ignore Left Behind, or chuckle at its over-the-top Christian kitsch. We should keep in mind, though, that for some of the most powerful people in the world, this stuff isn’t melodrama. It’s prophecy.”

The Link

No more to say.

US ‘tried to hide’ bomb blunder

This is why I read the BBC to get the straight shit. Or at least more straight than the US newsmedia.

Wow, was this a meeting. Talk about being a messenger of bad news Here is some history. W&M is installing a new Student Information System (SIS) which is the project I am a part of. As part of this project there are a large number of web-based interfaces for students to register for classes and other activityies. W&M purchased a portal package (lets call it WP) from a comapny called CP that would simplify things and also offer features like webmail, online calendaring, and campus announcements among other things.

We also were grandfathered into CP’s new package L. L was released at the end of June 2002, and we wanted to use it. We have been trying to get our hands on it to no luck. CP kept trying to sell us professional services along with the product. So today we had a meeting with our sales rep B. In addition, we had the professional services group representative on the phone with us (lets call him R).

Before we got R on the phone we made it very clear that we were not interested in buying any more services, we just wanted to have them ship us L.

So we got on the phone and R started running through his market-speak speach talking about how we should be implementing this system and all of the services they could offer us. As we started to get through to him that all we wanted was to have them ship us the product (which they are contractually obligated to do for no extra fee), he started telling us how complicated it was and how basically “we couldn’t handle it.”

Finally Will, my coworker who is doing the project management stuff on our side asked:

Will: “So, what you are saying is that you won’t ship us L and let us install it?”

R: ::silence:: “Yes.”

HOLY SHIT! What it basically boils down to is they started shipping L, then got so innundated with calls for help (one would assume because their product is so unreliable) that they are no longer shipping it and are making their customers pay to have a CP technician come to your site to set it up.

Wow. I am just speachless. I actually feel bad for our sales rep B. But I guess she should be thankful we didn’t rip into her.

Naughty vegetable po ::stops::

We have pictures of actual vegetables from our garden! Yeh! Or at least yeh for Elizabeth, since we only have tomatos and I don’t like fresh tomatos. But she loves them and was very happy at our take. I think that fresh tomatos are too mushy as if they are just not quite “done” all the way. But once they are cooked and made into just about anything, I like them lots. Of course given how much Elizabeth, Kris, and Liz like tomatos I don’t know many will make it past the gauntlet.

So far we have been getting orange and gold colored tomatos and I think we will be getting lots more given the quantity of green ones on the vines.

You can see some pictures.