So I took the plunge.  This morning I drove over to the local mall and much to my surprise waited about two minutes to get an iPhone.  I wandered into the Apple store and sort of looked around meekly for the queue, only to discover that there was no queue - just walk up to the register and buy one.  The official reason for the trip was I needed to pick up an ipod shuffle as a giveaway for an upcoming trade show at which we'll be having a booth, but since I was there...

I figure I can justify it since I'm sort of an expert on messaging and collaboration, and since people are likely to want to use one for messaging and collaboration, i should probably have one so I can deliver such functionality for clients.  Yeah, that's why I needed one alright.

Anyhow, before my impressions, I wanted to highlight what I had to do to get started:

1. Download iTunes to my work laptop
2. Copy a bunch of MP3's over from my home system to my work laptop so I can upload them to the new bauble (aka the iPhone)
3. Install iTunes and import my music
4. Dock the iPhone and follow the wizard
5. Configure the Mail app for hitting our Exchange server (using IMAP)

The setup was frankly surprisingly easy.  Amazingly easy!  Even the process of porting my number was simple to do (which begs the question - why is this so difficult for the people working in a cell phone store?  But that's for another post). I configured the phone to sync contacts and calendars with Outlook 2007, as well as photos and bookmarks (with IE). I disabled the mail sync (it WILL sync with Outlook if you want) since I was planning to use IMAP anyhow.

So, initial impressions.  The good:

• Overall the thing seems to be pretty damn cool!
• It's a very slick phone.  The UI and graphics are amazing, and the tactile feel of touching the screen is great.
• The on-screen keyboard works much better than I expected.  I'm switching from a WinMobile Smartphone with a qwerty keyboard, and was a bit aprehensive, but it works very well.
• Syncs great so far
• The YouTube inegration is pretty cool, especially given that I don't have a real passion of YouTube!
• The voice mail functions are great
• The email fidelity is better than any other device I have ever used.
• The display is incredible - both inside and out.  It works much better outside in the sunshine than any other Smartphone I have used so far.

The not so good:

• As others have said, the EDGE network is not fast!
• I can't figure out how to jump ahead in contacts if I am making a call - other than flipping through them at high speed.  One thing I think that WinMobile has gotten perfect is the ability to start typing on the keypad and have the phone start displaying a list of potential contacts - if you haven't experienced it, i will make an effort to explain another time.
• The order of email is a bit wonky, sort of.  What I mean is, I have configured my mail to download the latest 50 messages.  But I have a couple hundred in my inbox at any time.  So when I delete messages, older ones then download to replace them and keep the top  50 on the phone.  Sounds neat, but they unread always winds up at the bottom of the list  - a bit annoying.
• Finally, i can't figure out exactly how to save a phone number.  Specifically I missed a call from a friend's cell phone, one who's cell number I don't have in my contacts.  I was hoping I could save it to their contact from within my missed calls section, but haven't figured out if I can or not.

So - first day's impression is this is a very smart Smartphone.  Did I mention that its cool?

Latest Phishing scam thee days seems to be faux e-cards, or electronic postcards.  I've been inundated recently by messages that try to get me to follow a link by telling me that "A Family Member" or "A School Friend" has sent me an electronic greeting, greeting card, or postcard. 

In most cases, once again the target is a .hk domain, meaning the domain is registered as a Hong King domain.  Doesn't guarantee that it is actually located in HK, but it's a fair guess.

Not all the links seem to point there, at first blush, it looks like this came from something called 123Greetings.com - sounds legitimate enough to me, and 1-2-3 Greetings sounds like it could be simple enough for my less tech-savvy Family Member to use!

So a quick look at the headers show that the return email address actually points to 'typ@intel.com' - a curious email address for someone sending messages at 123greetings.com.  Probably means they are bouncing off an intel gateway somewhere, but not necessarily - the 'tyo' alias sounds sorta like a random entry to me, but one thing I am certain of - it didn't come from anyone at a 123greetings.com address!

Then another look at the message source shows that apparently - for some really suspicious reason - the supposed 'postcard' links point you to http://999.999.999.999/888888888888888 (Which of course is not the ACTUAL set of octets, but a sample) as in, an IP Address with what looks like a legitimate GUID for some unique link. 

So the flags:

1. Utter lack of personalization is a flag to me - normally this would have some level of personalization - either addressing to me, or even better an indicator of who sent it
2. Linking to an IP Address rather than a domain name
3. The utterly amazingly sucky grammar in the message.

Now, this one is a bit of a challenge, because 123greetings.com is a somewhat legitimate looking site.  They appear to genuinely allow one to send e-cards - although I browsed it very tentatively and not deeply. 

I know folks love the concept behind the e-cards - so seeing the concept used as this latest attack vector shouldn't be a surprise.  I know grandparents (for example) love the idea of getting these things. These days though when people get them they need to pay attention to the message.

Incidentally both Outlook and Windows Mail (included in Vista) flagged this as a phishing attempt, so there is a level of protection.

The latest Phishing attempt I received came from the "Credit Union Support Team" - apparently a euphemism for unsophisticated wannabe hackers.  Having said that, I'm sure they will draw someone in, so I thought I'd share and point out a few things.

Here's the message:

Dear User (Client)

---

Due to incorrect password entry, several attempts of access to our clients' accounts have been detected and blocked by our security department within the latest day. At the moment, access to your account is partially blocked by the system. It means that you may browse accessible information, change settings but you can not make any transactions. In order to remove restrictions, you have to enter your login and password received at the moment of your account registration in our banking system as soon as possible. Just follow the link https://paylinks.cunet.org and enter necessary information. Should 3 of your attempts be invalid due to incorrect login/password entry, your account will be completely blocked.
We hope for understanding and make our apologies for inconveniences
IT-Security department

Now isn't it nice of them to only block part of your access given the security concerns they have?  By the way, I made it red to raise your alert level, and changed the embedded links to prevent any "accisdents."

A couple pointers:

• No security department is going to partially block an account
• No security department has such poor grammar
• No security department is going to address you in such a generic way as User (Client)
• Your credit union does not use CUNET.ORG as it's domain name (Not one you want to do business with, anyhow)
• Your credit union would actually tell you to go to their web page and login and/or contact them via phone if they detected a security breach.
• They also wouldn't present a link like paylinks.cunet.org and then redirect you to paylinks.cunet27.COM (by the way, I changed that link to our website, in case you are wondering, in the text above.  Wouldn't want anyone hitting them by mistake).
• Finally, No Security Department is ever, ever, EVER, EVER going to ask you for your password.

OK, enough ranting.  Just thought I'd share.

By default, Vista sets a restore point when you install new software, as well as once per day at midnight.  But what if you want to have it run more often? 

A client asked me about this recently and so I decided to do a little digging.

The place you go to use or set a system restore point is the System Protection section - it's a tab in the system properties that you can get to by hitting Control Panel | System | System Protection.  From here you can decide what volumes should be included in System Restore, create a restore point manually, or do a restore from one of your previously created restore points.  But oddly enough, no schedule button!  What's a frustrated SysAd to do?

Windows Scheduler to the rescue.  WinAt is used extensively in Vista for maintenance routines and that's the place to go for System Restore schedule settings.  Go to Start | All programs | Accessories | System Tools | Task Scheduler.

Or if you're a bit of a geek you can just click Start and in the 'Find' field (which doubles as a 'Run' field in case you didn't know) type "Taskschd.msc" and hit enter.

Now then, to me, this is the "New and Improved" WinAt. 

1. On the left-hand tree expand Task Scheduler Library | Microsoft | Windows | SystemRestore . 
2. Right-Click on the SR event in the top window and click Properties.
3. Go to the Triggers tab and then select the Daily Trigger, and click Edit. 
4. Make the desired mods and you're all set!

Easy enough, if a bit hidden away.  Enjoy!

Just finished reading an article discussing the unacceptability of the upcoming iPhone as an enterprise class smartphone.

Several sound reasons were given, all of which are certainly factors to be considered in deploying the iPhone in the enterprise, or even allowing it to connect. Lack of security, lack of support for enterprise email systems, lack of flexibility of carriers, and high price are all reasonable factors that should be considered in adopting or allowing iPhone connectivity in an enterprise.

But the one factor that seems to be overlooked again and again is: The Users Want Them.

I'm not lobbying for iPhones (although I do think they are cool - from what we've seen so far - and I'm undecided on whether or not I'll get one) but instead, I'm lobbying for User's Rights.

All too often IT Admins seem to forget that their primary job should be to enable the business.  Enabling does not mean blocking, by the way, nor does it necessarily mean being unsecure.  it means figuring out how to make the Customers (users) do what they need and/or want to do while still maintaining the integrity of the data.
I can't tell you how many Admins I've consulted with in the past that were like little kids running to Mommy to report the misdeeds of the user community.  "Why do they need to send big files?  Why do they need to send HTML-formatted email?  Why do they get a puppy?" Alright, I threw that last one in there, but the idea is the same: IT is often so busy figuring out what users are doing that they shouldn't BE doing, that they don't bother trying to figure out how to let users do those things within safe boundaries.

We should be working with the user community to determine what they need (or want) to do and how to enable it - not worrying about why they are using corporate email to send Elfwars at Christmas.

Some folks are familiar with the term 'M&M Security' - if not, it's basically a reference to security built around a secured perimiter but failing to properly secure internal systems.  The assumption is that if you are on the interior network, you should have access to those systems.  The term comes from the candy - hard outer shell, but soft and chewy in the middle.

It's exceptionally important to closely manage internal systems these days.  Certainly a client firewall should be running on each and every system - the Windows XP firewall, while admittedly not the best choice available, is much better than nothing.  One reason to like the built in windows firewall is it is exceptionally manageable via group policy, and if properly configured it is generally on-par with other third-party firewalls.

But a firewall isn't enough.  Take a very recent example from Phizer:

In a letter dated June 1, Pfizer’s privacy officer, Lisa Goldman, told the affected individuals that an investigation showed files stored on an employee laptop had been exposed, but the company is unclear about which information was accessed or copied.

Goldman adds in the letter that Pfizer has no reason to believe that the sensitive data was accessed.

The laptop was loaded with an unauthorized file-sharing program, the letter says. Upon learning of the unauthorized access, Pfizer retrieved the laptop and disabled the peer-to-peer software. The investigation could not uncover which employees’ information was accessed or viewed, the letter says.

So here we have a huge company with a dedicated security team that apparently alloed unfettered access to install applications on the system.  I'm absolutely just guessing here, but a dollar to donuts says the user had admin privelidges on the local system.  Why?  In many cases it's simply easier than trying to figure out how to allocate proper permissions, or (an even worse excuse) it's just too hard to argue that users should not be local admins.

So today's tip: Users should run with user-level permissions.  In fact, Admins should run with user-level permissions, and have a specific admin account that they use for network or system administration.  Furthermore, they should never log in using that account on their local system; instead login using the user account and 'run-as' the admin.  of course, this bring up some other potential security risks of which we need to be aware, but the improvement in security and risk mitigation in such a system is considerable.

Bottom line: never let anyone install any software that is not validated, support, licensed, and approved!  And don't let users run as a local administrator!

I've notice some pretty sophisticated phishing attempts recently, and thought I'd highlight them on the off-chance anyone actually reads this thing.

I've noticed that .hk domains seem to be the location of choice lately - seems like everyone is using one for their phishing scams. The difference these days is in the level of sophistication some of these attacks have.

First, though, let's start with a simple attack that is incredibly clever.  The email message purports to be from someone - typically a first name only - that has sent you an e-card.  Everybody wants to get e-cards, especially from a friend - and wouldn't it have to be a friend that is just using their first name?  The link to retrieve the 'card' is typically not even camouflaged, but I'm willing to bet that despite this they are fooling people by the thousands - it just sounds 'real' because people are ALWAYS sending out those stupid e-greetings.  Very clever approach on the part of the phishers, if you ask mw.

Second attack I saw recently was from PNC bank.  The phishers in here are doing a pretty good job of hiding their redirect with a JSP call, and it took a little examination of the source code to find the place where they slip it in - oddly enough, to another .hk domain. 

Finally, the latest ebay phish.  A VP's admin assistant asked me about this message where I am working onsite with a (large) client. Basically the gist of the message is that the sender has 'tried to contact you, placed a bid, and/or needs information immediately, or they will report you to ebay.' This one, though, was very slick.  Basically the only links that are redirecting - and you of course only see the redirect in the source code - were the link to the auction item - to a faux login page, natch - and the 'click to reply' button.  Conveniently enough, they included a link in the message to 'learn more' about how to detect ebay email scams! How convenient!  The phisher is even kind enough to send you to the real ebay page on the subject.

I found all three vectors to be quite likely to rope in more than a few unsuspecting or less technology-adept folks - and more than a little clever as well.

So another TechEd has come and gone.  I get an odd feeling of melancholy whenever I'm wandering the conference and it's winding down on the last day - I always remember the first one I ever attended back around 1996 or So.  Actually did a bit of digging and fount this list from Somebody's Random TechEd Blog that runs through locations of the past:

TechEd '93 - Orlando, FL
TechEd '94 - New Orleans, LA
TechEd '95 - New Orleans, LA
TechEd '96 - Los Angeles, CA
TechEd '97 - Orlando, FL
TechEd '98 - New Orleans, LA
TechEd '99 - Dallas, TX 
TechEd '00 - Orlando, FL
TechEd '01 - Atlanta, GA
TechEd '02 - New Orleans, LA 
TechEd '03 - Dallas, TX 
TechEd '04 - San Diego, CA
TechEd '05 - Orlando, FL 
TechEd '06 - Boston, MA
TechEd '07 - Orlando, FL 
TechEd '08 - Orlando, FL

Interesting how popular Orlando is lately.  Easy enough for me since I live here, and based on conversations with other attendees the 'go on the company dime, bring the family along' plan seems to be a popular one.

The last few sessions I attended were among the most interesting.  Laura Chappell and Mark Russinovich both gave very interesting sessions.  I was a bit bored in the 'Exchange Disaster Recovery' session given by one of Dell's Exchange Rangers - once he got into the basics of ESEUTIL and ISINTEg I bailed, that stuff is probably informative but exceptionally old hat to me by now.

Marcus Murray also did some excellent sessions on hacking your network.  Overall I found the security content this time to be really top notch. 

Other sessions I spent a bunch of time in included the Windows Mobile sessions - usually interesting, although never deep enough IMHO.  Also Exchange 2007 sessions - lots of big changes in E2K7.  I've read much of the material, but there's always something good to pick up as well.

In any case, just some quick thoughts - overall I think it's a bit of a shame that some of the best sessions take place on Friday, 'cause soooooo many people bail  before the end of the conference and miss out on the good stuff.  MarkRus's presentation on Process Monitor (which replaced RegMon and FileMon, two of my favorite tools) was outstanding, and yet it took place in the last timeslot of the week - I suspect he'd have had significantly more people in the audience (and should have - this is core troubleshooting at it's finest) had it taken place on Wednesday.

Oh one final thought - the party this year sucked.  the weather was bad, but it was jam-packed and not at all like the grand events of the past.  basically they rented out Universal's Islands of Adventure and then opened up maybe half the fast food windows.  When I go to a big party like that I expect long tables of cool stuff.  I also remember in the past the product teams having giveaways and contests and just generally feeling like it was a unique event.  Well none of that this year - instead it just felt like another day at the park.

Figured I'd offer some info and my personal review of TechEd 2007 - so far, anyhow. This year's theme is "Make your Mark" and I frankly have no idea what the hell that means.

As usual I skipped the keynote - they're always available online, and 95% of the content is less than amazingly interesting to me personally. I suppose you could argue that it's sort of like blogging - who cares about my opinion? And certainly Bob Muglia has a "bit" more of a following than I do. See this link if you just absolutely need to know more.

The breakout sessions are, as usual, a wide variety of quality. Don Livengood's sessions on E2K7 have been excellent as always - I'm certain Don doesn't remember me anymore, but he's one of the sharpest guys I know in the migration business, and he's a hell of a presenter IMHO. One of the things I do when I'm working up my agenda for these conferences is check the speaker lists, and pick out the ones I know will be good. Don is one of those, and predictably he didn't disappoint.

Another one of those is Steve Riley, another former MCSer that worked on the Security team now, and he gave a great presentation on new approaches to intranet versus extranet approaches. Very cool stuff and even if you don't always agree with Steve, he's always engaging and ready to debate with his audience. I think he intimidates some folks as a speaker, 'cause he's more than a little flamboyant in his delivery, but I think he's top notch.

Finally (for now) there was/is plenty of info on Windows Mobile (and as usual, I have a new gadget to discuss soon) with some pretty cool info. Even with all its flaws, I'm a big fan of WinMobile as my platform of choice, and I'll chat about that soon as well.