Monday, November 12, 2007

Windows Server 2008

Windows Server 2008 will be released early next year.
That’s right…I said it, another major server OS will
be released with undoubtedly more to learn! However,
with this release, Microsoft is also rolling out major
changes to its certification program. All of us old
MCSEs are in for some big changes.

For example, the MCSE we’re all familiar with is going
away. Yep, you heard it, completely going away!
Instead, new certification titles, like MCTS, or
Microsoft Certified Technology Specialist: Active
Directory Configuration or Application Platform
Configuration, will be the certification de jour.

Here’s an overview of the new Windows Server 2008
certification program. Specifically, it will address:
New changes in the Windows Server 2008 certification
program
What you need to do to transition your Windows Server
2003 MCSE skills to 2008
What you need to do to go from Windows 2000 MCSE to
2008
Learn practical tips on what you can do now to start
planning

The world’s most popular certification is going
through a major remodel-are you ready?

[Note: The MCP and MCSA have been excluded from this
article with the focus being only on the MCSE.]
First look: What’s changed?

After years of complaints about the MCSE being far too
ordinary and too generic, Microsoft is taking a new
approach to its certifications. Instead of offering a
more generically themed program (like the traditional
MCSE), Microsoft is creating certifications that are
more tightly focused on specific roles and skill sets.
These changes are part of a larger effort to revamp
the entire certification program (which includes more
than Windows Server 2008). However, for traditional
MCSEs, Windows Server 2008 is where we’ll see the most
changes.

These new tracks are referred to as the Technology
Series and the Professional Series.

Technology Series–Microsoft wants to provide a means
for cert holders to demonstrate proficiency in a
specific technology area, like configuring the Active
Directory or Vista. These certifications are known as
Microsoft Certified Technical Specialist (MCTS) and
are very technologically focused.

Professional Series-Here, there are two focus areas:
IT Professional and Professional Developer. I’ve
excluded the Developer series from this article, as
most traditional MCSEs will likely not be on the
Developer track. Professional certifications allow a
person to demonstrate they can perform a job like
Server Administrator. A person who earns a
Professional certification will be known as a
Microsoft Certified IT Professional, or MCITP.

They also require earning the equivalent technology
certification (MCTS) in the corresponding Microsoft
product. Each focus area has generally one to three
exams. For most MCSEs, there are two Professional
Certifications that will likely be right in your
wheelhouse. I list them below, and include the
necessary exams. The “TS” next to each exam number
denotes an MCTS exam, while the “Pro” denotes an MCITP
exam.
Server Administrator
70-642: TS: Windows Server 2008 Network Infrastructure
Configuring
70-640: TS: Windows Server 2008 Active Directory,
Configuring
70-646: Pro: Windows Server 2008 Administrator
Enterprise Administrator
70-620: TS: Configuring Microsoft Windows Vista Client
or 70-624: TS: Deploying and Maintaining Windows Vista
Client and 2007 Microsoft Office System Desktops
70-643: TS: Windows Server 2008 Applications Platform,
Configuring
70-642: TS: Windows Server 2008 Network Infrastructure
Configuring
70-640: TS: Windows Server 2008 Active Directory,
Configuring
70-647: Pro: Windows Server 2008 Enterprise
Administrator

The theory with these new programs is that they allow
for more specificity by creating very tightly focused
certifications and emphasizing actual real world job
roles, thus making it easier for prospective employers
to judge abilities and talents. I’m already having
nightmares about the alphabet soup that the already
lengthy signature blocks will become. We may be seeing
something like this:

John Smith, Network Engineer, MCSE (NT 4.0), MCSE+I
(Windows Server 2000 and Windows Server 2003), MCSA
(Windows Server 2000 and Windows Server 2003), MCTS:
Windows Server 2008 - Active Directory Configuration,
MCTS: Windows Server 2008 - Network Infrastructure
Configuration, MCTS: Windows Server 2008 - Application
Platform Configuration, MCITP: Enterprise
Administrator… and so on…

Good Grief!

And finally, in a move that not only keeps
technologists current, but, coincidentally, also
generates consistent revenue for Microsoft, the new
MCTS certifications expire. In fact, they expire when
the specific technology expires. The MCITP also
requires re-certification- every three years! However,
in most cases, MCITP re-up will be a single exam, and
it will probably be the latest MCTS exam.
Transition your Windows Server 2003 MCSE to 2008

If you’re a Windows Server 2003 MCSE (W2k3MCSE), the
path to achieve certification depends on what your
goals are. Because the MCSE doesn’t exist in Windows
Server 2008 you have to “transfer” your certification
skills, as a Microsoft calls it, to the new MCTS track
(and then if you’d like, tack on the applicable MCITP
certification) .

Microsoft has created a new exam entitled “70-649: TS:
Upgrading your MCSE on Windows Server 2003 to MCTS on
Windows Server 2008.” When you pass it, you will earn
three MCTS qualifications in one swoop:
MCTS: Windows Server 2008 - Active Directory
Configuration
MCTS: Windows Server 2008 - Network Infrastructure
Configuration
MCTS: Windows Server 2008 - Application Platform
Configuration

A W2k3MCSE who isn’t interested in such a large exam
could take individual MCTS exams in each of the
aforementioned technology areas. However, if you’re
looking for a less circuitous route and you don’t mind
taking the daunting single exam, the 70-649 is
probably the better approach.

It’s important to note that Microsoft is transitioning
folks to the TS level, but there’s no transition plan
to move people directly to the Professional level. You
can still get there, but you have to transition to the
TS level first, and then take the remaining exams at
whatever professional level you are seeking, just like
any other MCITP seeker.

For example, if you’re a W2k3MCSE and you want to be a
MCITP Enterprise Administrator you’d have to:
Take 70-649 to transition your skills to the new MCTS
Select a desktop MCTS (70-620 or 70-624)
Take the 70-647 Enterprise Administrator Professional
Exam

If you only wanted to obtain the MCITP Server
Administrator, you’d have to:
Take 70-649 to transition your skills to the new MCTS
certifications
Take the 70-646 Server Administrator Professional Exam

As I mentioned before, I’ve left the MCSA out of the
discussion here, but you will find a similar, if
slightly less difficult, path to upgrade a Windows
Server 2003 MCSA to Windows Server 2008. Check out the
following link for more information on MCSAs:
http://www.microsof t.com/learning/ mcp/mcsa/ windowsserver200 8/default. mspx.
Going from Windows 2000 MCSE to 2008?

If you’re a Windows 2000 MCSE or, for that matter, any
non-W2k3MCSE (NT 4.0), you’re out of luck. There’s no
transition path from Windows 2000 (or anything
earlier) to Windows Server 2008. Instead, depending on
how far along you are with your Windows Server 2003
MCSE, you have two choices:
Complete your upgrade to Windows Server 2003 (thus
making your transition to Windows Server 2008 a bit
shorter), or
Start fresh with Windows Server 2008

It actually may be easier to upgrade to Windows Server
2003 MCSE in order to make for an easier transition to
Windows Server 2008.

Tuesday, November 06, 2007

Critical vulnerability affecting Microsoft Word 2000, 2002 discovered

A new remote code execution vulnerability in Microsoft
Word has been found. It can be triggered simply by
opening a malicious Word file. A successful exploit
would allow an attacker to execute arbitrary code in
the context of the logged-in user.

Affected products are Microsoft Word 2000 SP3
(Microsoft Office 2000), Microsoft Word 2002 SP3
(Microsoft Office XP), as well as Microsoft Word 2004
for Mac. Microsoft Office 2003 SP2 and above, as well
as Microsoft Office 2007, appear to be unaffected.

You can read more about this issue in Microsoft
Security Bulletin MS07-060. Microsoft recommends that
customers apply the update immediately.

Download the patch for Word 2000 or Word 2002.

According to SecurityFocus, there are already reports
that this vulnerability is being exploited in the wild

विरुस

Once every couple months or so, I find myself
explaining to someone that the flood of viruses
everyone has come to expect is not an unavoidable side
effect of an increasingly networked world. Usually
this comes up in response to the all-too-common
security through obscurity argument that Linux systems
would suffer the same frequency of virus problems as
Microsoft Windows if they were as popular as Windows
is now. Such a comment ignores several factors that
make up the vulnerability profile of Windows with
regard to viruses.

The most obvious, for those who recognized the term
“security through obscurity” that I used above, is
that Linux-based systems and other open source OSes
(such as FreeBSD and OpenSolaris) actually benefit
greatly from the security through visibility approach
taken by popular open source software projects.
There’s another factor that’s much more important to
virus vulnerability in particular, however, that even
most open source software advocates don’t consider.
It’s really quite simple.

Microsoft doesn’t fix virus vulnerabilities.

A virus is malicious code carried from one computer to
another by some kind of medium — often an “infected”
file. Once on a computer, it’s executed when that file
is “opened” in some meaningful way by software on that
system. When it executes, it does something unwanted.
This often involves, among other things, causing
software on the host system to send more copies of
infected files to other computers over the network,
infecting more files, and so on. In other words, a
virus typically maximizes its likelihood of being
passed on, making itself contagious.

All of this relies on security vulnerabilities that
exist in software running on the host system. For
example, some of the most common viruses of the last
decade or so have taken advantage of security
vulnerabilities in Microsoft Office macro
capabilities. Infected files that were opened in a
text editor such as Notepad would not then execute
their virus payload, but when opened in Office with
its macro execution capabilities would tend to infect
other files and perhaps even send copies of themselves
to other computers via Outlook. Something as simple as
opening a macro virus infected file in Wordpad instead
of Microsoft Word or translating .doc format files
into .rtf files so that macros are disabled was a
common protective measure in many offices for a while.

Macro viruses are just the tip of the iceberg,
however, and are no longer among the most common virus
types. Many viruses take advantage of Trident, the
rendering engine behind Internet Explorer and Windows
Explorer that’s also used by almost every piece of
Microsoft software available to one degree or another,
for instance. Windows viruses often take advantage of
image-rendering libraries, SQL Server’s underlying
database engine, and other components of a complete
Windows operating system environment as well.

Viruses in the Windows world are typically addressed
by antivirus software vendors. These vendors produce
virus definitions used by their antivirus software to
recognize viruses on the system. Once a specific virus
is identified, the software attempts to quarantine or
remove the virus — or at least inform the user of the
infection so that some kind of response may be made to
protect the system from the virus.

This method of protection relies on knowledge of the
existence of a virus, however, which means that most
of the time a virus against which you are protected
has, by definition, already infected someone else’s
computer and done its damage. The question you should
be asking yourself at this point is how long it will
be until you are the lucky soul who gets to be the
discoverer of a new virus by way of getting infected
by it.

It’s worse than that, though. Each virus exploits a
vulnerability — but they don’t all have to exploit
different vulnerabilities. In fact, it’s common for
hundreds or even thousands of viruses to be
circulating “in the wild” that, between them, only
exploit a handful of vulnerabilities. This is because
the vulnerabilities exist in the software and are not
addressed by virus definitions produced by antivirus
software vendors.

These antivirus software vendors’ definitions match
the signature of a given virus — and if they’re really
well-designed might even match similar, but slightly
altered, variations on the virus design. Sufficiently
modified viruses that exploit the same vulnerability
are safe from recognition through the use of virus
definitions, however. You can have a photo of a known
bank robber on the cork bulletin board at the bank so
your tellers will be able to recognize him if he comes
in — but that won’t change the fact that if his modus
operandi is effective, others can use the same tactics
to steal a lot of money.

By the same principle, another virus can exploit the
same vulnerability without being recognized by a virus
definition, as long as the vulnerability itself isn’t
addressed by the vendor of the vulnerable software.
This is a key difference between open source operating
system projects and Microsoft Windows: Microsoft
leaves dealing with viruses to the antivirus software
vendors, but open source operating system projects
generally fix such vulnerabilities immediately when
they’re discovered.

Thus, the main reason you don’t tend to need antivirus
software on an open source system, unless running a
mail server or other software that relays potentially
virus-laden files between other systems, isn’t that
nobody’s targeting your open source OS; it’s that any
time someone targets it, chances are good that the
vulnerability the virus attempts to exploit has been
closed up — even if it’s a brand-new virus that nobody
has ever seen before. Any half-baked script-kiddie has
the potential to produce a new virus that will slip
past antivirus software vendor virus definitions, but
in the open source software world one tends to need to
discover a whole new vulnerability to exploit before
the “good guys” discover and patch it.

Viruses need not simply be a “fact of life” for anyone
using a computer. Antivirus software is basically just
a dirty hack used to fill a gap in your system’s
defenses left by the negligence of software vendors
who are unwilling to invest the resources to correct
certain classes of security vulnerabilities.

The truth about viruses is simple, but it’s not
pleasant. The truth is that you’re being taken to the
cleaners — and until enough software users realize
this, and do something about it, the software vendors
will continue to leave you in this vulnerable state
where additional money must be paid regularly to
achieve what protection you can get from a dirty hack
that simply isn’t as effective as solving the problem
at the source would be

KNOWLEDGE Technology

KNOWLEDGE Technology is here! Beyond ICT? How did we
get there? From Babbage to before Bill Gates, to DP to
IS to DPMS to MIS to IT and is there anything beyond
ICT? In order words, what next, after ICT.?

This, question becomes very important to IT
stakeholders, informed by currently emerging studies
and new technology development directions. Indeed,
this may not be viewed as a question as such, but
translated as possible future outlook and confirmation
that ICT is after all, only a temporary technology bus
stop - within the corridor and developmental process
of human knowledge resources, technology history and
learning curves.

Available research and ICT white papers suggest that
the world is already moving-on to adopt the concept
and operational dynamics of 'IKT' (Information
Knowledge Technology) or "KT" (e-Knowledge Technology)
as a new platform, model and strategic imperatives for
globalised knowledge-everywher e for human development.
In this regard, we might as well now begin to rethink
on how beneficial, durable and sustainable is the need
for formulating an ICT policy framework for Nigeria at
the tail end or end-of-life momentum of existing
'global communication' fundamentals?

The emergence of Quantum computing, Megatronics and
Nanotechnology are critical signpost to future
revelations for the knowledge society. All these have
now led to the emergence of "National Knowledge
Commission" as strategic response framework. Suffice
to state that the world is rapidly moving from
"Digital Divide" to the more complex and fearsome
"Knowledge Divide"!

Today, many of us tend to perceive IT and ICT as the
"constant" and adopted as the ultimate end of the
digital revolution/evolutio n - this may sooner than
later reveal itself as a professional fallacy!
Suddenly, every body has become an IT guru and ICT
messiah! At home, the core of all these activities
lead to 'user-perception' rather than
'creator/innovator' vision. Meanwhile, we are reminded
that the only thing that is constant is change. As the
world transits into the information knowledge age, new
conditions are being created for future economic
(industrial) and national development success. Can
existing structures - within the context of current
enabling environment and institutional framework of
government - sustain our 21st century rapid
development competitiveness? How do we achieve the
2020 mission without creative skills? Can our current
national reforms succeed without accelerated IT
deployment?

This is perhaps the ultimate question, whose strategic
response will determine how nations will be positioned
in the meandering 'knowledge divide' equation.

In particular, how will/can Nigeria position herself
at the end of the tunnel of this digital (knowledge)
evolution? Will the scenario of the industrial
(divide) revolution repeat itself? Will it lead to
digital slavery - nay, knowledge slavery?

Responding effectively to those conditions, demands
and challenges, definitely require - a high level of
conscious strategy for knowledge re-structuring and
re-engineering the processes and machinery of
government. This will require abundant political will
and private sector commitment towards education and
youth empowerment.

For President Yar'Adua's government to function
effectively - there is need to completely re-define,
overhaul the national knowledge-base and information
system as well as constructively apply e-government
tools to reactivate the operational defects of major
ministerial deliverables, functions and human resource
base, remain a fundamental assignment and Herculean
task. Indeed, because e-commerce and e-government are
inter-linked to e-citizens deliverables, it would
amount to a great economic misnomer that while the
organised private sector is busy restructuring and
re-engineering its operations - through the infusion
of information and communications technologies (ICTs)
- the operating structures of government remains
unchanged!

In one of my earlier write-ups, I have argued that
Nigeria must now rapidly move from the laboratory and
ICT workshop excitements to constructive and practical
knowledge-base "prove of concept implementation"
process. We must fashion out a proactive actionable
plan and quality approach, capable of cleaning-up our
self-made accumulated socio-economic and political (?)
mess at both micro and macro levels of our (under-)
development! Major implications for governance. First
existing ministerial structures and functions must be
re-defined and re-structured. They must change to be
competitive!

To pretend otherwise will amount to wishful thinking
and national deceit. Furthermore, market forces alone
are incapable in inducing the required change, due to
the enormity of complexities and the rapidity of
change in the Information Age Evolution chain and
Revolution process. It is generally accepted that
knowledge has evolved at a speed that academic centres
are not prepared for it, university diplomas no longer
give a guarantee for the future, communications media
are taking the role of knowledge sharing, production
of knowledge is global and that globalisation,
however, separates the world.

Therefore, can future government and commerce entities
cope and survive the new age without for example, a
'Ministry of Infrastructure' within the context of
LII, NII and GII? What purpose will the Ministry of
Commerce and Industry serve without the sophistication
and competence to manage digital technology trade and
commerce? How will education be improved and
positioned without the intensive application,
diffusion and use of informatics and communications
technologies? How will government respond to the high
velocity of trade and commerce - with respect to
balance of trade issues - in the information age?
Indeed, who should be in government and govern in the
information age? What skill would/should such people
require to perform? A 'change dynamics' response to
these emerging needs and challenges will definitely
'revamp' the structures, functions, operations and
strategies of government in the very near future. Some
of the recommended models will include, but not
limited to:

Ministry of Infrastructure - Incorporating: Department
for Environmental Architecture Planning, Design and
Development, Department for Residential and Industrial
Planning and Design, Department for Road Network and
Highway Design, Department for Energy Infrastructure
and Utility Design, Department for Water Resources and
Drainage Planning and Design, Department for Erosion
Controls Design, Centre for national infrastructure
Research, Design and Development.

Ministry of Information Technology - incorporating:
Knowledge Electronic Governance Division, National
Informatics Centre, National Centre for Software
Technology, Centre for Development of Advanced
Computing, Centre for Materials for Electronics
Technology, Centre for Electronics Design and
Technology, Electronics and Computer Software Export
Promotion Council, Centre for Quantum Computing and
Nanotechnology Research, Working Group on Citizen
Information Technology Needs,

Ministry of Information, Communication and
Broadcasting - Incorporating: Department of
Information Engineering, Department of
Telecommunications, Telecommunication Engineering
Centre, Centre for Development of Telemetics, National
Telecom Regulatory Authority, Department of Test
Messaging and Posts, Directorate of Film Festivals,
Directorate of Entertainment Publicity, Press
Information Bureau, Films Division, Books and
Publications Division, Research, Reference and
Training Division, Art, Song and Drama Division,
Newspapers Registrar of the Federation, Broadcasting
Corporation of Nigeria, All Nigeria Radio Channels,
and Press Council of Nigeria.

Ministry of Human Resource Development -
Incorporating: Department of Education and related
Councils for various knowledge incubation, enhancement
and development - with particular reverence to
science, technology, philosophy, sociology, economics,
research, design and development (RD&D), Council for
Women, Youth and Child Development.

If human capital is recognised as the core critical
mass and topmost priority for nation building and
development, then it is mandatory to redefine our
education institution and repackage it with a
formidable Ministry of Human Resources - not just to
build certificate graduates, but creative and quality
minds in search of and attainment of excellence

Virus Alert

Keystroke loggers are a particularly dangerous
security threat because users typically don’t realize
they’re even there. Learn about the different versions
of keystroke loggers, and get tips for protecting your
organization and your users from this threat.

More and more people have made the switch to using the
Internet for personal tasks — online bill paying and
shopping are just two examples. But while companies
tout the convenience of using the Web for such
purposes, the security threats continue to mount.

That’s why user education is so important. Teaching
users best practices for being safe on the Web can
help mitigate some of these threats. But it’s also
important that users understand the full extent of the
risks.

For example, using an encrypted link (i.e., HTTPS
rather than HTTP) to access bank or e-mail online is a
good way to encrypt the transmission of private
information as it flows across the Internet. However,
it’s vital to remember that the encryption process
doesn’t take place until the information leaves the
machine. This creates a vulnerability that some people
may not be aware of — keystroke logging.

Keystroke loggers are a dangerous security threat,
particularly because — like other forms of spyware —
the user can’t detect their presence. Let’s look at
the different versions of keystroke loggers and
discuss what you can do to protect your organization
and your users from this threat.

Keystroke loggers are available in either software or
hardware versions. They can store everything a user
types without the user ever knowing they’re even
there.

Lesson

3-Minute Management Course

Lesson 1:

A man is getting into the shower just as his wife is finishing up her
shower, when the doorbell rings. The wife quickly wraps herself in a towel
and runs downstairs.

When she opens the door, there stands Bob, the next-door neighbor. Before
she says a word, Bob says, "I'll give you $800 to drop that towel." After
thinking for a moment, the woman drops her towel and stands naked in front
of Bob.

After a few seconds, Bob hands her $800 and leaves.

The woman wraps back up in the towel and goes back upstairs. When she gets
to the bathroom, her husband asks, "Who was that?"

"It was Bob the next door neighbor," she replies.

"Great!" the husband says, "did he say anything about the $800 he owes me?"


Moral of the story : If you share critical information pertaining to credit
and risk with your shareholders in time, you may be in a position to prevent
avoidable exposure


Lesson 2:

A priest offered a Nun a lift. She got in and crossed her legs, forcing her
gown to reveal a leg. The priest nearly had an accident. After controlling
the car, he stealthily slid his hand up her leg.

The nun said, "Father, remember Psalm 129?" The priest removed his hand.

But, changing gears, he let his hand slide up her leg again. The nun once
again said, "Father, remember Psalm 129?"

The priest apologized "Sorry sister but the flesh is weak." Arriving at the
convent, the nun sighed heavily and went on her way.

On his arrival at the church, the priest rushed to look up Psalm 129. It
said, "Go forth and seek, further up, you will find glory."

Moral of the story: If you are not well informed in your job, you might miss
a great opportunity


Lesson 3:

A sales rep, an administration clerk, and the manager are walking to lunch
when they find an antique oil lamp. They rub it and a Genie comes out. The
Genie says, "I'll give each of you just one wish."

"Me first! Me first!" says the admin clerk. "I want to be in the Bahamas ,
driving a speedboat, without a care in the world."

Puff! She's gone.

"Me next! Me next!" says the sales rep. "I want to be in Hawaii , relaxing on
the beach with my personal masseuse, an endless supply of Pina Coladas and
the love of my life."

Puff! He's gone.


"OK, you're up," the Genie says to the manager. The manager says, "I want
those two back in the office after lunch."

Moral of the story: Always let your boss have the first say

Lesson 4

An eagle was sitting on a tree resting, doing nothing. A small rabbit saw
the eagle and asked him, "Can I also sit like you and do nothing?"

The eagle answered: "Sure, why not."

So, the rabbit sat on the ground below the eagle and rested. All of a
sudden, a fox appeared, jumped on the rabbit and ate it.

Moral of the story: To be sitting and doing nothing, you must be sitting
very, very high up

Lesson 5

A turkey was chatting with a bull. "I would love to be able to get to the
top of that tree," sighed the turkey, "but I haven't got the energy."

"Well, why don't you nibble on some of my droppings?" replied the bull.
They're packed with nutrients."

The turkey pecked at a lump of dung, and found it actually gave him enough
strength to reach the lowest branch of the tree. The next day, after eating
some more dung, he reached the second branch. Finally after a fourth night,
the turkey was proudly perched at the top of the tree.

He was promptly spotted by a farmer, who shot him out of the tree.

Moral of the story: BullShit might get you to the top, but it won't keep you
there

Lesson 6

A little bird was flying south for the winter .. It was so cold the bird froze
and fell to the ground into a large field. While he was lying there, a cow
came by and dropped some dung on him.

As the frozen bird lay there in the pile of cow dung, he began to realize
how warm he was. The dung was actually thawing him out! He lay there all
warm and happy, and soon began to sing for joy.

A passing cat heard the bird singing and came to investigate. Following the
sound, the cat discovered the bird under the pile of cow dung, and promptly
dug him out and ate him.

Moral of the story:
(1) Not everyone who shits on you is your enemy
(2) Not everyone who gets you out of shit is your friend
(3) And when you're in deep shit, it's best to keep your mouth shut!


This ends the 3-minute management course.