For specific details from the original researchers, visit the ExtendedSubset.com website. The summary of the announcement is shown below:

 Renegotiating_TLS.pdf

Some helpful protocol diagrams: Renegotiating_TLS_pd.pdf

Packet captures: renegotiating_tls_20091104_pub.zip

This one is definitely going to be interesting to watch. The excitement never ends in the security world. Leave a comment and let other ITKE readers know if you foresee any issues on this vulnerability or if you have taken any specific actions to address the risk. Thanks for reading and let’s continue to be good network citizens.

Network-Tools owner sues Microsoft, Cisco, Comcast and TRUSTe over IP Address Blacklisting
Suit alleges eavdropping, privacy policy fraud, breach of contract and defamation

Interesting stuff, huh? So why would this suit be raised? According to the page tracking the lawsuit:

The lawsuit claims that Comcast, Microsoft, and Cisco collected information about Smith’s IP addresses and either put them on a “blacklist” or gave them a poor “Reputation Score.” Comcast even blocked his communication link with a mail server he operates outside the Comcast network. The suit claims that in order to collect this information in the first place Comcast, Cisco and Microsoft violated eavesdropping laws. The suit goes on to claim that Comcast, Microsoft, and Cisco failed to adhere to their privacy policies. When Smith tried to use the privacy policies of Comcast, Microsoft, and Cisco to correct the spammer accusations the companies balked. Comcast even told him it didn’t matter what the privacy policy said, he wasn’t getting the information. He filed complaints with the TRUSTe organization that verifies the privacy policies of Microsoft and Comcast but that did no good.

Previous lawsuits against these “blacklists” have been brought by commercial e-mailers against organizations such as Spamhaus. In this case the accused is not a commercial e-mail, not a spammer, and has no mailing lists of any sort. The accused has even made presentations at the Federal Trade Commission against spammers and testified at the first “Spam Summit” more than 10 years ago.

This case seems to cover a lot of things: privacy; net neutrality; service blockage.  For anyone who has gotten on a blocklist or had to get an organization removed from a blocklist, you can understand some of the frustration. Mr. Smith has gone beyond frustration and is taking some specific actions. This could be a very interesting case to follow based on the defendant organizations. Hopefully information will continue to be provided as the case moves forward. A lot of the case documentation presented to the court can be found on the website. It makes for some interesting reading.

Consider also some of the relief being sought under the lawsuit (not all items requested are listed below):

• Prohibit Microsoft, Comcast and Cisco from eavesdropping on Internet communications of the citizens of New Jersey,
• Prohibit Comcast displaying or distributing false or misleading portions of the Privacy Policy, Customer Privacy Notice, Acceptable Use Policy for High-Speed Internet Services, Network Management Policy, Network Management FAQ, Spam Policy and other related information to the citizens of New Jersey,
• Prohibit Microsoft from displaying or distributing false or misleading portions of the Privacy Statement and other related information to the citizens of New Jersey,
• Prohibit Cisco from displaying or distributing false or misleading portions of the Privacy Statement and other related information to the citizens of New Jersey,
• Prohibit TRUSTe from conducting a false or misleading dispute resolutions services to the citizens of New Jersey,
• Prohibit TRUSTe from endorsing any privacy policies displayed to citizens of New Jersey,
• Prohibit TRUSTe from claiming they certify entire companies when they only certify specific web sites,
• Require Microsoft, Comcast and Cisco to provide Plaintiff with all information collected about Plaintiff’s Internet communications or any associated data or any PII and allow Plaintiff to correct any erroneous information, and
• Prohibit Microsoft, Comcast and Cisco from distributing any defamatory information about Plaintiff to any third party,
• Compensatory damages to compensate Plaintiff for being unable to communication via e-mail without disruptions,
• Compensatory damages to compensate Plaintiff for being unable to communication via e-mail without eavesdropping,
• Compensatory damages to compensate Plaintiff for being unable to correct “profiles” maintained by Defendants about Plaintiff,
• Compensatory damages to compensate Plaintiff for time lost in running his business,
• Statutory damages pursuant to the  Electronic Communications Privacy Act,

What do you think of the merits of the case? What have you experienced with regards to these organizations and their services? Please leave comments below.

Thanks for reading and let’s continue to be good network citizens! Sometimes it may require getting nasty though it seems and filing a lawsuit

The Startup Control panel tool window looks like the window below:

Startup Control Panel window

Using the application:

I have successfully run this utility on both XP and Vista. The dialog contains six to seven tabs, depending on your system configuration. Each tab represents one place where a program can be registered to run at system startup. These include:

• Startup (user) - the current user’s Startup folder in the Start Menu.
• Startup (common) - the common (all users) Startup folder in the Start Menu.
• HKLM / Run - the Run registry key located in HKEY_LOCAL_MACHINE. These apply for all users.
• HKCU / Run - the Run registry key located in HKEY_CURRENT_USER. These apply for the current user only.
• Services - system services that are started before the user logs in. This appears only in Win9x; on NT/2000/XP, use the Services control panel, or the Services item in Computer Management.
• Run Once - started once and once only at the next system startup.
• Deleted - programs go to the Deleted tab when you remove them from another location. They will not run at system startup, but will merely be stored should you ever want to use them again. If you delete an item from the Deleted tab, it is removed permanently.

Each page contains a list of the programs registered at that location. Use the checkbox to enable or disable individual items. Additional operations are available by right-clicking an item. You can select multiple items using the Shift and Control keys. Options include:

• New… - create a new entry. You can also drag & drop files from My Computer or Explorer.
• Edit… - edit an existing entry.
• Delete - delete the currently selected entry.
• Disable / Enable - disable or enable the selected entry. A disabled program will appear in the list with a special icon, and will not run at system startup. You can also use the checkbox next to an item to enable or disable it.
• Run Now - executes the program now.
• Send To - moves the entry from the current location to another.
• Press F5 to refresh the list at any time.

Hope you find this tool as useful as I do. Thanks for reading and let’s continue to be good network citizens.

Clint Huffman Analyzes PerfMon Logs! Mr. Huffman is the creator of the Performance Analysis of Logs tool found at Codeplex. I have found this tool very useful in tracking down server issues to show folks “it’s not the network!”

Shane Creamer Goes Deep on Performance Monitor! This is a very interesting presentation. There is a link to the video presentation portion and another link to the various audio formats. The video presentation has a very long gap in audio at the beginning (almost 12 minutes). This is because the video portion is only capturing the presenter’s audio portion and not the commentators’. You really should download both audio and video to get the full impact of the presentation.

Steven Choy Measures Server Performance!

Other topics that might be of interest includes SQL, Active Directory, IIS, cloud (Azure), Powershell, virtualization, SharePoint, information security, and many other Microsoft-centric technologies. I have subscribed to the RSS feed so I can keep up with new presentations as they are released. If you run any Microsoft technologies, or you just want to learn about some recommended best practices, then check out this resource. There might be something here that will help you “save the day”.

Thanks for reading and let’s continue to be good network citizens!

Some things you will learn in this webinar:

• Using the Default Capture and Display Filters
• Creating a Few Hot Capture Filters
• Filtering Tips and Tricks for Troubleshooting
• Filtering Tips and Tricks for Security

Even if you are very familiar with Wireshark or other packet capture and protocol decode tools, Laura’s seminars are well worth attending. You might even find out a little tidbit here or there because Repetition is one of the keys of learning. Unfortunately I will not be able to attend this webinar since I will be on a golf vacation in North Carolina. So, if you attend this event, please come back and share with me and other IT Trenches readers what you learned and how valuable the webinar was for you.

Thanks for reading and let’s continue to be good network citizens!

The impact on customer email services lasted more than 24 hours while Postini engineers worked to resolve the issues. So, this was not an insignificant event. During this period, messages were delayed and users were not able to get to their quarantines to release messages trapped by filters. Administrators were also unable to access the administration console. The Postini support portal was unreachable at times due to the high volume of users trying to get updates on the event. The support phone line queues were very long and it took a long time to reach a support agent. Nothing like this has happened before in all of the years we have been a Postini customer.

I just received the incident report about the service disruption and wanted to share some of the information with IT Trenches readers.

The event started at about 6:25 PM GMT Tuesday, October 13. At this time customers began experiencing severe mail delays and disruption. Some senders were receiving delivery failure notifications after multiple resend attempts failed. About an hour later, automated monitoring systems detected the mail flow issues and traffic was automatically failed over to a secondary data center. Message flow was also poor through the secondary data center.

Trying to improve message flow, message traffic was directed across both primary and secondary data centers. Also, in an attempt to reduce impact on data center resources, access to the administration and other web consoles was disabled. The engineers were able to eventually discover the causes of the message flow issues.

• A message filter update inadvertantly caused performance issues.
• Unusual malformed messages caused increased scan processing and in tandem with the bad message filter update caused issues with mail delivery.
• Processing capacity was reduced due to a power supply failure on a database storage system. This increased latency in message processing.

As you can see, this event was caused by a series of issues. The hardware was repaired and the filter update was revoked, but not before a lot of messages were either deferred or not delivered.

The corrective actions to prevent future outages due to similar conditions include:

• Create a standard procedure for reverting message filter updates. Isn’t it always a good idea to be able to back out updates?
• Improve monitoring of database server power failures. Apparently this power failure was not detected by their current monitoring process.
• Improve communication with customers during service outage events. This would help relieve some frustration and help customers understand the severity and scope of the outage.

Fortunately email services have now returned to normal. However, during this 24 hour period, there was a high level of frustration and concern about how to work around the impact on email delivery. I think most IT organizations can learn some lessons and improve service delivery when reading of incidents like this and seeing the lessons learned. I know my team will have some discussions around this event and work to improve the resiliency of service delivery.

Thanks for reading & let’s continue to be good network citizens!

Postini system status on October 13, 2009

We have been Postini customers over 4 years now and this is the first time an outage like this has happened. It’s not a full outage as messages are still coming in although at a trickling rate rather than normal expected volumes. This outage is so bad that my ability to login to the support portal is impacted. I receive either an internal 500 server error or “Too many connectionsCould Not Select DB”. A recent update notification said that a secondary Postini secondary data center has been enabled.

The recent GMAIL outage raised some concerns about cloud computing. I wonder if today’s Google Postini outage is a symptom of some deeper Google service delivery problem.

Thanks for reading & let’s continue to be good network citizens! Hopefully you are not trying to send me any messages, who knows how long it might take for the message to reach me today. Otherwise, let me know what you think here in the comments.

According to Wikipedia, the three curses are:

• May you live in interesting times.
• May you come to the attention of those in authority (sometimes rendered May the government be aware of you)
• May you find what you are looking for

These curses have no time frame attached, so they could be true yesterday, today or tomorrow. The first curse about living in interesting times is very true for most IT shops. The challenges never seem to end but the funds do. The business requirements are fuzzy but the support requirements are real. What makes for interesting times in your role and your organization?

The second curse could be attached to information security services. It most assuredly should apply to those who employ botnets and trojans for unrighteous financial gain. The most recent reports of trojans and bots that can dynamically alter web pages during a banking transaction are very scary. Fortunately, information security professionals are aware of the threat and are working on addressing it.

The third curse may be applicable to those who support networks and need to answer the ever present question about “why is the network slow?” It seems like we are always pressed into identifying the reasons for slow application and service performance without having the toolset to do proper diagosis and troubleshooting. It then becomes a challenge to find what we are looking for.

Maybe IT is a cursed profession after all. What do you think? Is there a more cursed profession?

Thanks for reading and let’s continue to be good network citizens!

• Man in space and man landing on the moon
• Satellites
• Lasers
• Solar cells
• Transistors

Just think about all the marvels that have appeared in our world since the mid-1940’s. The relationship between those educated under the GI Bill and these technological advances is easy to see. Now, fast forward to today and the current economic conditions. What will happen in the next few years in the world of technology as a result of those who have lost jobs, being retrained in new skills and starting new careers? Maybe technological advances won’t be as rapid as those in the post WW2 era, but I expect some life-changing advances due to the education and skill changes resulting from the current education stimulus packages.

Electronic medical records, for example, will change both the patient’s and health care professional’s lives. The technology advance may not be sexy like lasers, but it may have a greater impact on the country we live in as a whole. Maybe we are living under the Chinese curse that goes “May you live in interesting times!“

Thanks for reading and let’s continue to be good network citizens!

The case study won the 2009 Best Deployment Scenario - VPN/IPSec/SSL and was featured in the Info Security Products Guide. The winning case study and announcement can be found at Manufacturing Company Achieves Security and Performance Goals with Virtela’s Remote Access Services from the Cloud.

See all 2009 Best Deployment Scenarios and Case Studies. This would be a good time to look at these and see if any of the solutions may meet some of the information security needs of your organization. Consider putting the solutions in your 2010 budgets.

Feel free to leave comments here or contact me through ITKE if you would like more information. Thanks for reading & let’s continue to be good network citizens.