Microsoft Office System Beta 2 Technical Refresh

According to a German blog, Microsoft plans to release Beta 2 Technical Refresh on the 14/15th September.

The blog also lists the following:
Office 2007 Beta 1: 17.11.2005
Office 2007 Beta 1 TR: 13.03.2006?
Office 2007 Beta 2: 22.05.2006
Office 2007 Beta 2 TR: 14/15.9.2006
Office 2007 RTM: 25-28.10.2006 – Business customers -> volume licensing
Office 2007 Release Date: 30.01.2007- Home Users -> Retail and OEM
The dates tie in with the expected release date and RTM of Windows Vista.
View: Volkan’s Blog

A wireless hacking computer that can’t be hacked

Las Vegas (NV) – If you think seeing a dozen wireless networks makes your computer the ultimate scanning box, think again. A small security firm has made a portable computer that is capable of scanning 300 networks simultaneously. Dubbed the „Janus Project“, the computer also has a unique „Instant Off“ switch that renders the captured data inaccessible.

The computer is the brain-child of Kyle Williams from the Janus Wireless Security Research Group in Portland, Oregon. We first spotted Williams sitting quietly and sipping Mountain Dew at the recently held Defcon security convention at the Riviera Casino in Las Vegas, Nevada. While it appeared as if Williams wasn’t ver busy, the bright yellow Janus computer in front of him was scanning and capturing data from hundreds of wireless networks in range.

GoldyAt first glance, the Janus computer looks like a laptop, but Williams said it is much more powerful than that. Inside the rugged yellow case sits a mini-computer motherboard powered by a 1.5 GHz VIA C7 processor and an Acer 17″ LCD screen. Ubuntu 6.0 Linux runs the eight Atheros a/b/g Gold mini-PCI cards which continuously scan wireless networks. The mini-PCI cards are connected to two four-port PCI to mini-PCI converter boards. The wireless data is stored onto a 20 GB hard drive.

While the eight Wi-Fi cards are impressive, the Janus box also has two Teletronics 1 watt amplifiers along with external antenna ports in the back of the Pelican case. Williams made every port watertight by sealing them with epoxy and silicone. „When the lid is closed, it is essentially waterproof,“ said Williams.

So what does all of this wireless firepower provide? The Wi-Fi cards allow Williams to continuously scan and capture traffic from any wireless channel. Williams likes to continuously dump the raw network traffic to the hard drive, while running the Kismet scanner to get a „bird’s eye“ view of the area. From his Riviera hotel room and using a 1W amplified antenna, Williams said his Janus computer was able to capture data from 300 access points simultaneously. He said over 2000 access points were scanned and 3.5 GB of traffic was captured during the entire convention.

In addition to scanning for wireless traffic, Williams says the computer can break most WEP keys very quickly by focusing all eight wireless cards on the access point. Using a combination of common utilities like airreplay, airdump and aircrack, Willams said, „When I use all 8 radios to focus in on a single access point, [the WEP key] lasts less than five minutes.“ However, he added that some retail wireless access points will „just die“ after being hit with so much traffic.

In addition to the capturing process, the hard drive and memory contents are continuously encrypted with AES 256-bit keys. There is also an „Instant Off“ switch that, according to Williams, renders the captured data inaccessible to anyone but him.

Williams and his friend Martin Peck optimized the OS crypto software to take advantage of the C7’s hardware crypto engine. During normal operation the operating system loops the XFS file system, along with the swap partition, through the AES 256-bit encryption. For added security, the encryption keys are rotated throughout the entire memory space.

After the Instant Off switch is hit, a USB key with a 2000-bit passkey and a manually entered password are needed to access the computer. Williams said that even if someone managed to grab the USB key, they would still have to „torture or bribe me“ to get the password.

Williams is improving the Janus computer to crack wireless networks even faster. He is optimizing software routines to use the C7 chip to crack WPA and WPA2 protected networks without the use of Rainbow tables. He is also working on breaking SHA1 and RSA encryption in a single processor instruction cycle.

Williams told us that he has spent a few thousand dollars building the Janus computer and hopes to make his money back by selling commercial versions to big companies and government organizations. „Maybe one day I could get the military to be a customer,“ said Williams.

 

GAG, THE GRAPHICAL BOOT MANAGER

GAG (initials, in spanish, of Graphical Boot Manager) is a Boot Manager program. It’s loaded when the computer is turned on and allows you to choose the operating system you want to use.

Its main features are:

  • Allows boot of up to 9 different operating systems.
  • It can boot operating systems installed in primary and extended partitions on any available hard disk.
  • Can be installed from nearly all operating systems.
  • GAG doesn’t need its own partition. It installs itself in the first track of the hard disk, wich is reserved for these kinds of programs. It can also be instaled on a floppy disk, without using the hard disk.
  • It has a timer to boot a default operating system (selectable by the user).
  • The configuration menu can be protected with a password.
  • The program works in graphic mode (needs a VGA or better graphic card), and has a lot of icons.
  • Hides the primary partitions which allows the user to have instaled more than one DOS and/or Windows in the same hard disk.
  • Allows a password to be put on each operating system, denying access to non-authorized people.
  • Allows the boot manager text to be translated to all languages.
  • Can exchange disk drives, allowing to boot from the second, third… hard disk operating systems such as MS-DOS.
  • Has the SafeBoot system, that allows to boot your hard disk even if GAG is accidentally overwrited.
  • Supports a great variety of keyboards (QWERTY, AZERTY, QWERTZ and DVORAK keyboards).
  • Fully support for hard disks up to 4 terabytes (4096 gigabytes).
  • Full version and free software (distributed under GPL licence, with source code)

Microsoft releases Vista Pre-RC1 (build 5536) to the public

Microsoft has quietly released build 5536 for the first 100,000 people to download it from their Windows Vista site.5536 was recently released to tech testers and is the best build that has ever been officially released.

Be quick and get 5536 before Microsoft closes the downloads at 100,000.

Download: Windows Vista Pre-RC1 Build 5536
View: Windows Vista

Note: After downloading, you will need to obtain a Product Key from this Windows Website.

Cisco Flaws Leave Firewalls, VPNs Vulnerable

Network routing and switching giant Cisco Systems has issued an alert for a potentially serious security flaw affecting multiple firewall products, warning that the bug could cause passwords to be changed without any user interaction.

The San Jose, Calif., company said unauthorized users can take advantage of the firewall bug to try to gain access to a device that has been reloaded after passwords in its startup configuration have been changed.

In addition, authorized users can be locked out and lose the ability to manage the affected device, according to the published advisory.

Affected products include Cisco PIX 500 Series Security Appliances, the Cisco ASA 5500 Series Adaptive Security Appliances and the FWSM (Firewall Services Module) for the Cisco Catalyst 6500 switches.

Cisco 7600 Series routers are impacted if they are running an affected software version, the company said.

„The software issue may cause the EXEC password, password of locally defined users, and the enable password in the startup configuration to change without user’s intervention. This will prevent administrators from logging in to the device if authentication is configured to use the passwords stored in the startup configuration,“ Cisco warned.

The company also posted patches for a pair of vulnerabilities in the Cisco VPN 3000 series concentrators when file management via FTP (File Transfer Protocol) is enabled.

The Cisco VPN 3000 series concentrators are a family of remote access VPN (virtual private network) platforms for data encryption and authentication.

In a separate alert, Cisco said the flaws could allow authenticated or unauthenticated attackers to execute certain FTP commands and delete files on the concentrator.

Vulnerable products are the Cisco VPN 3000 series concentrators 3005, 3015, 3020, 3030, 3060 and 3080.

Microsoft’s Availability Plans for Vista 5536

Following some confusing back-and-forth with Microsoft, we believe we now have an accurate update on exactly who is designated to receive (legally) Windows Vista build 5536 – and when. As of August 25, the build was available for download via the Microsoft Connect site for Technology Adoption Program (TAP) and TechBeta customers.

The week of August 28, the build also will be available for download by Microsoft Developer Network (MSDN) subscribers and a selected slice of Customer Preview Program (a k a Vista Beta 2) participants. Contrary to some published reports, Microsoft will not be distributing the full-fledged Release Candidate 1 Vista build the week of August 28. RC1 is due out at some later time in September, Microsoft officials said.
News source: MicrosoftWatch

Yahoo Opens Hack Day to Developers

We’ve opened up Yahoo! from the inside out with our world-renowned Hack Day, and from the outside in through the Yahoo! Developer Network. Now we’re opening up Yahoo! itself to a select group of hackers and special guests for a weekend festival of hacking, camping (yes, the tents-in-the-outdoors kind–we have really, really nice grass!, music, and good times.

The event is Friday, September 28th, if you are a developer who has an idea for a project it is well worth attending.
Link: Yahoo! Hack Day is Coming!

Microsoft releases Internet Explorer 7 RC1

Microsoft has quietly released the latest test version of Internet Explorer 7.
The RC1 build includes improvements in performance, stability, security, and application compatibility. With this build, Microsoft has also made enhancements to the fit and finish of the user interface, completed CSS platform changes, added language support and included an auto-uninstall feature in Setup, which automatically uninstalls prior betas of IE7 making installing the new build even easier.
IE7 RC1 is available in English today, and all localized versions of RC1 will be available in September including Arabic, Finnish, German, and Japanese as well as the French and Spanish versions which will be available for the first time.
Microsoft is expected to finalise Internet Explorer 7 at the same time as Windows Vista.

Download: IE7 RC1 for Windows XP SP2 | x64 | Windows Server 2003

Vista Build 5536: A tale of 3 impressions

On Friday Microsoft released Windows Vista build 5536. This is a pre-RC1 build. On Monday, Microsoft expects to release build 5552 which many anticipate to be the official first release candidate of Windows Vista.

The last mile stone build, 5472, was considered by many to demonstrate that Windows Vista is not on track.  Specifically, Longhorn Blogs and developer Stardock believed that a beta 3 was in order. Paul Thurrott of WinSuperSite was disappointed in the status but felt that Microsoft would not likely alter its ship date.
So what’s the view now? Robert McLaws of Longhorn Blogs is escatic about the new build and thinks RC1 is back on track. Paul sees great improvement as well and says it’s „wonderful“.  Laurance Parry, head of Stardock’s Vista lab, sees improvement but feels it is still being rushed.
I haven’t gotten to play with it yet but from talking to some of the people using it there is a definite consensus that it’s a big improvement. The question is whether it’s a big enough improvement. And being better than previous betas of Vista isn’t the question, the question is how much better is it than Windows XP?  The clean boot memory use is apparently over 500 megabytes – twice that of XP. That’s not surprising given that XP was designed 6 years ago.  But does Vista return enough back to justify requiring a 1 gigabyte memory system (minimum)?  That is the question many are waiting to see.
Neowin will be taking a close look at the release candidates and giving a guided tour of the system both good and bad.  Based on what we’ve seen, we’re cautiously optimistic that Microsoft is indeed going to pull it together in time.  We also think that a couple thousand 20-something year old developers living in Redmond Washington are going to need to take a serious vacation when this is all over.
 
Screenshots: >> Click here << @ WinFuture
Screenshots: >> Click here << @ ProNetworks