Archive for October, 2010

Microsoft Dynamics CRM 2011: best-in-class functionality and value

Thursday, October 28th, 2010

For those seeking to migrate from an existing CRM platform due to cost, scalability, or integration issues (think Salesforce), Microsoft recently released the beta of Dynamics CRM 2011 for on-demand or on-premise users.  Native support for and integration with MS Office applications already resident in most office environments, as well as a price point nearly half that of, make the choice a no-brainer for companies in the market for a CRM solution upgrade.  According to Microsoft, the beta of Dynamics CRM 2011 offers:

  • Familiar experiences through a next-generation native Microsoft Outlook client, Microsoft Office contextual CRM Ribbon, RoleTailored design and user personalization
  • Intelligent experiences through guided process dialogs, inline data visualizations, performance and goal management, and real-time dashboards
  • Connected experiences through cloud development, Windows Azure integration, contextual Microsoft SharePoint document repositories, teamwork and collaboration, and the Microsoft Dynamics Marketplace

Contact Gyver Networks today if your company is interested in learning more about what Dynamics CRM 2011 can do for your team.

Microsoft releases Office for Mac 2011

Tuesday, October 26th, 2010

Mac users have a new productivity suite available to them today, as Microsoft released MS Office for Mac 2011.  The new version boasts Outlook, advanced Office Web Apps (OWA) integration, offline coauthoring options, the Office ribbon UI, document template gallery, Excel formula builder, Visual Basic support for task automation, and more.

For those looking for an excuse to migrate back to their beloved Mac from a Windows OS, the Office for Mac 2011 Outlook features a handy .pst import tool so you can import your mailbox right from Windows.

Microsoft is positioning Office for Mac 2011 as the “compatible … familiar … professional” choice, to be preferred over alternative office productivity suites.   It goes without saying OpenOffice is in their sights here, as it garners an increasingly greater share of Microsoft’s market by the day.

Some purchases of Office for Mac 2008 include a free upgrade to 2011.  Home and Student versions are available in single and 3-license family packs, and excludes Outlook.  Business versions are available in single and 2-license packs.  Both versions include limited technical support from Microsoft.

Cisco study on mobility: Is the office really necessary?

Tuesday, October 26th, 2010

“Global study by Cisco reveals 60 percent of workers believe being in the office is no longer needed to be productive.  Demand to work anywhere, anytime stronger than desire for higher salary; two of three workers expect IT to allow access to corporate information with any device, personal or company-issued” – Cisco release

Mobile workers increase demand on ITA recent study commissioned by Cisco Systems, with statistics on worker mobility in relation to everything from productivity and corporate security, to company loyalty, salary and job preference, has been released with the tease line, “Is the office really necessary?”  The Cisco Connected World Report includes responses from workers and IT professionals in 13 countries worldwide.  Here are some of the key findings from the workers interviewed:

  • As many as 60% of workers believe their office is not integral to their productivity, with 66% expecting IT to permit corporate access from mobile devices, whether corporate or personal
  • A 66% majority said they would accept a position paying lower salary, provided it had greater flexibility with regard to mobile and  social media access, over a position paying a higher salary

The trends aren’t really surprising.  As offices offer increasingly greater options for mobile access, workers are going to continue to demand more.  The concern is actually with regard to the responses of the IT professionals interviewed :

  • Nearly half (45%) declared their company unprepared for increased mobile demand, citing security as the greatest impediment, with corporate policies and inadequate technology infrastructure factoring in as well
  • In support of their security concerns, 26% of IT respondents reported that one in four of the mobile devices issued to workers in the past year had already been lost or stolen

The study’s findings indicate that enhanced network infrastructure is absolutely necessary to accomodate the increasing demand for worker mobility, as well as management’s demand for worker productivity.  On the management side, progressive policies and employee education on mobile access will contribute to company morale and productivity, and, of course, data security.

Is your company ready to expand the boundaries of your office?  Contact Gyver Networks today to find out.

Device driver and software compatibility lists for Windows Server, Windows 7, Vista, and XP

Monday, October 18th, 2010

You know the story:  you see a really cool new USB gadget or  some software that you just have to have online, in store, at a friend’s house.  You go to Amazon to order it, or maybeyou’re so excited you even drive to the mall to pick one up.  You get it home and plug it in, throw it in your DVD drive, whatever…

“Device not recognized?”  What?  It’s brand new!  How can it not work with Windows 7?

“Software does not support Service Pack 2?”  Aw, come on!

Well, you can avoid those moments of consternation by checking the compatibility of your coveted device and/or software before wasting your time and money hunting all over the Internet for drivers and patches that may or may not work from sites that may or may not be safe to download from:

Windows 7

See the Windows 7 Compatibility Center

See the Windows Logo’d Product List for Windows 7

Windows Vista

See the Windows Vista Compatibility Center

See the Windows Logo’d Product List for Windows Vista

Windows XP

See the Windows Logo’d Products List for Windows XP

Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows 2000 Server,
and Windows 2000 Professional

See the Windows Server Catalog

Legacy & Windows Me; Windows 98

Windows NT 4.0

Windows 98

Windows Me


IPv4 addresses now 95 percent used up

Monday, October 18th, 2010

The final stages of the squeeze are arriving: of the 4.3 billion Internet addresses possible with today’s Net mainstream technology, 95 percent are gone.

That’s the word Monday from the Number Resource Organization, a group representing the world’s five regional Internet registries (RIRs) that dole out the numeric addresses.

“This is a major milestone in the life of the Internet and means that allocation of the last blocks of IPv4 to the RIRs is imminent,” Axel Pawlik, chairman of the Number Resource Organization, said in a statement.

ARIN, one of five registries that allocate Internet addresses, shows the steadily diminishing number of available "/8" blocks of 16.7 million IP addresses. In June, it was down to 16, but today, 12 remain.

ARIN, one of five registries that allocate Internet addresses, shows the steadily diminishing number of available “/8” blocks of 16.7 million IP addresses. In June, it was down to 16. Today, 12 remain.

Text-based Internet addresses, such as, are a convenient label for the numeric addresses that actually do the behind-the-scenes work when it comes to sending data such as a Web page across the Internet. Using today’s IPv4 (Internet Protocol version 4), though, the number of numeric addresses are dwindling. This is why Pawlik and many others are urging those with Internet operations to start supporting the more capacious IPv6.

A single IPv4 numeric address can be shared by multiple computers through a technique called network address translation. But NAT has its limits, so it’s no surprise that IPv4 addresses are in high demand.

Major companies including Comcast, Google, and Facebook are working to adapt to an IPv6 world, but countless smaller companies have yet to begin taking the plunge. Although IPv4-based Internet operations will continue to work, those with IPv4-only technology won’t be able to reach the IPv6 realm.

It was only last January that IPv4 exhaustion, as it’s called, crossed the 90 percent mark. Despite that rate and the difficulties of migrating to IPv6, the NRO does not believe there is a last-minute rush for IPv4 addresses. Meanwhile, the NRO is urging IPv6 action to head off fears of a “chaotic scramble for IPv6, which could increase Internet costs and threaten the stability and security of the global network.”

The entire IPv4 address space is divided into 256 blocks, each called a slash-8 or /8. There are now 12 /8s remaining. After seven more are allocated to the five RIRs, each RIR will get one of the last remaining five.

Those last five /8 blocks likely will be handed out to the registries in early 2011, NRO said.

That won’t be the complete end of IPv4 addresses, though, as the RIRs allocate the numbers to direct and indirect customers downstream.

IPv4 addresses are divided into four 8-bit chunks that together mean an IPv4 Internet address is a 32-bit number. IPv6 addresses, in comparison, use four 32-bit chunks for a 128-bit number. If you’re not conversant with binary math, that means there are 340,282,366,920,938,463,463,374,607,431,768,211,456 IPv6 addresses. So while the transition to IPv6 has been painful, IPv6 isn’t likely to run out of room any time soon.


DHS US-CERT security bulletin lists Microsoft, Adobe, Apple, Cisco, Google vulnerabilities as notable

Friday, October 15th, 2010

The Department of Homeland Security’s Computer Emergency Readiness Team (US-CERT) periodically releases comprehensive security risk updates for public review in an attempt to keep end-users as secure as possible.  The complete report can be found here, including links to updates, but notable – as designated by US-CERT – excerpts are listed below:

Microsoft released multiple updates in July.

  • Security Bulletin MS10-046 addressed a critical vulnerability affecting Microsoft Windows. This vulnerability is due to the failure of Microsoft Windows to properly obtain icons for shortcut files. By convincing a user to display a specially crafted shortcut file, a remote attacker may be able to execute arbitrary code.
  • Microsoft has released Security Advisory 2269637 indicating that it is aware of a remote attack vector for a class of vulnerabilities related to how applications load external dynamic link libraries (DLLs). See the Security Highlights section for further details.
  • The Microsoft Security Bulletin Summary for August 2010 addressed vulnerabilities in Microsoft Windows, Internet Explorer, Office, and Silverlight. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges.

Adobe released updates for Shockwave, Reader, and Acrobat.

  • Flash Player addressed multiple vulnerabilities that may allow an attacker to execute arbitrary code or cause a denial-of-service condition. This vulnerability also affects Adobe Air and earlier versions. Refer to Adobe Security Bulletin APSB10-16 and US-CERT Vulnerability Note VU#660993 for additional details.
  • Adobe Security Bulletin APSB10-17 addressed multiple vulnerabilities in Reader and Acrobat. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition or execute arbitrary code.
  • Adobe security bulletin APSB10-20 addressed multiple vulnerabilities affecting Shockwave Player and earlier versions. These vulnerabilities may allow an attacker to execute arbitrary code.

Apple released updates for QuickTime, iOS, and multiple applications.

  • QuickTime 7.6.7 for Windows addressed a vulnerability regarding a stack buffer overflow that exists in QuickTime error logging. By convincing a user to open a specially crafted movie file, a remote attacker could execute arbitrary code or cause a denial-of-service condition. Additional details are provided in Apple article HT4290.
  • Monthly Activity Summary – August 2010 3
  • iOS 4.0.2 for the iPhone and iPod touch and iOS 3.2.2 for the iPad addressed vulnerabilities in the FreeType and IOSurface packages. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or gain system privileges. Additional information regarding the vulnerability affecting the FreeType package can be found in US-CERT Vulnerability Note VU#275247 and Apple article HT4291.
  • Apple security update 2010-005 addressed multiple vulnerabilities affecting the ATS, CFNetwork, ClamAV, CoreGraphics, libsecurity, PHP, and Samba applications. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, cause a denial-of-service condition, or impersonate hosts within a domain. Refer to Apple article HT4312 for details.

Cisco released multiple Security Advisories in August.

  • Security Advisory cisco-sa-20100804-fwsm addressed multiple vulnerabilities in the Cisco Firewall Services Module. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition.
  • Security Advisory cisco-sa-20100812-tcp addressed a vulnerability affecting IOS Software Release 15.1(2)T. This vulnerability may allow an attacker to cause a denial-of-service condition by sending a specially crafted packet through normal network traffic.
  • Security Advisory cisco-sa-20100827-bgp addressed a vulnerability in the Cisco IOS XR Software Border Gateway Protocol feature. Exploitation of this vulnerability may result in the continuous resetting of BGP peering sessions, which may cause a denial-of-service condition for affected networks.
  • Cisco released Security Advisory cisco-sa-20100825-cucm and Security Advisory cisco-sa-20100825-cup to address vulnerabilities in Cisco Unified Communications Manager and Cisco Unified Presence. These vulnerabilities affect the processing of Session Initiation Protocol (SIP) messages. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition, which could cause an interruption of voice services.

Google released two updates for Chrome.

  • Chrome 5.0.375.126 for Linux, Mac, and Windows contained an updated version of the Flash plugin, which addresses multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.
  • Later in the month, Google released Chrome 5.0.375.127 for Windows, Mac, and Linux to address multiple vulnerabilities that may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or conduct spoofing attacks. Additional information can be found in the Google Chrome Releases blog entry.

Harnessing the Cloud for Hacking: Cloud password cracker is a sign of things to come

Friday, October 15th, 2010

Want to check if the password to your wireless network (or your neighbor’s) passes muster? For $34, you can do just that by using a password-cracking service that’s primarily aimed at “penetration testers”–people who are paid by a company to test its network’s security.

The service, known as WPA Cracker, is one of the first hacking services to rely on cloud computing. WPA Cracker went live on Monday–it uses pay-as-you go cloud computing resources to search for an encrypted WiFi Protected Access (WPA) password from 135 million different possibilities, says creator and hacker Moxie Marlinspike. Normally the task would take a single computer about five days, but WPA Cracker uses a cluster of 400 virtual computers and high-performance computing techniques. It takes only 20 minutes, he says.

“Security is moving into the cloud … so the attacks will follow security into the cloud as well,” says Marlinspike. “Password cracking is an obvious thing. Normally, it is cost-prohibitive to run CPU-intensive jobs. [With cloud computing] it costs a lot less money than doing it yourself.”

At its core, cloud computing is about providing services or infrastructure through the Internet that can easily be ramped up to meet demand. Online giants, including Amazon, Google, and Microsoft, all have services that offer the ability to run an application in a large data center or to rent time on a cluster of virtual computers, allowing customers to tap into large amounts of computing power more efficiently.

Security experts say the performance and costs advantages of cloud computing are already luring cybercriminals.

“We have seen attacks emanate from IP ranges associated with cloud-based computing services,” says Tom Cross, manager of advanced research at IBM’s X-Force security team. Cross would not elaborate on which services were involved, however.

Yet other real-world examples exist. In 2008, a spammer used Amazon’s Elastic Computing Cloud (EC2) service to blast out a massive campaign of porn-related junk e-mail. And last month, security firm Arbor Networks reported that a cloud application hosted on Google’s AppEngine platform appeared to be the command-and-control hub for a small botnet. However, Google removed the application for usage-policy violations and said that the malicious behavior was the result of a programming error, not criminal intent.

Even if the intent was not malicious, however, the example shows that poorly behaved applications can run in the cloud, says Danny MacPherson, chief security officer for Arbor.

“As more people start using cloud infrastructure, I absolutely think we will see malicious uses as well,” says MacPherson. “I would encourage anyone using those infrastructures to not make security a chewing-gum, bolt-on-after-the-development sort of infrastructure.”

In some ways, criminals have already started their own cloud services by compromising users’ computers and centrally controlling them. These botnets, as such networks are called, can be used for different tasks, such as sending spam, hosting malicious content, or sending a flood of data to overwhelm a target network. Some underground entrepreneurs even created an online market, dubbed Golden Cash, where criminals could buy or lease any number of compromised computers.

If a cloud service provider does not monitor its network sufficiently, a criminal could use the service to do the same thing.

“When you are building a botnet, what you are trying to do is use a lot of computers for some purpose,” Cross says. “If you can get a hold of a credit card, you can purchase a whole slew of virtual computers from a cloud provider.”

Already, Amazon’s service has become a playground for security researchers. This past summer, security firm SensePost revealed a number of techniques for abusing cloud services. By misusing the account creation process, for example, the researchers easily avoided Amazon’s 20-computer limit per customer. SensePost’s security team also demonstrated ways that malicious developers could create virtual-machine templates that included rootkits or other malicious code. If another Amazon customer used the template, they could find themselves vulnerable to attack.

“The cloud is going to offer the serious criminal huge computing resources on tap, which has lots of interesting applications,” says Haroon Meer, director of security research for SensePost. “If nothing else, it should change a few threat models.”


Google’s WebP image support coming soon, ‘webconv’ tool released in SDK

Friday, October 15th, 2010

We’ve heard for some time now about the WebP image format Google made mainstream when it acquired On2 Technologies, but no notable browsers or image viewers support it natively.   There are some plugin options available presently for Chromium and on the Mac, but native support for WebP is coming soon to Google’s Chrome browser.  In support of that, Google recently  released the webconv WebP image conversion tool as part of their SDK.

For the hardcore graphics junkies out there who can’t wait to get started, here are a few WebP command line conversion tips to help  get a jump on implementation:


webpconv [-output_dir dir] [-format format] [-quality quality] input_file(s)


Path to directory where files are placed. If no path is specified, files are created in the input directory.
Output image format. Valid formats are: BMP, JPEG, PNG, WEBP.
Integer. Parameter that specifies the trade off between the file size and the quality of the output image. The range is from 0 to 100; 100 is the best image quality with the largest file size. If no value is specified, the default quality value corresponds to a target peak signal-to-noise ratio (PSNR) value of 42. A PSNR value of 42 is usually regarded as a good quality image.

Microsoft Security Intelligence Report outlines malware trends, botnets top the list

Thursday, October 14th, 2010

Microsoft recently released a periodic SIR (Security Intelligence Report) designed to reveal trends in malware from over 600 million PCs around the world.  Yours may very well be one of them, if you didn’t uncheck the ‘I want to anonymously send information to Microsoft’ button during software/OS installs.

Among the information – and it is voluminous – that can be gleaned from the report are statistics relative to malware infection incidence by operating system, as well as a listing of the most prominent ‘rogue security’ (i.e., fake antivirus) malware and their ‘cover names.’   Have a look:




Fake antivirus


Microsoft chose to focus on botnet activity in this SIR as the predominant malware issue facing end-users today, bearing a great burden of responsibility for the spam that bombards you every morning, but also for many more serious crimes like identity theft.  Who would have suspected such nefarious activity from someone with a name as innocent-sounding as a “bot-herder”?


Bot network


The bottom line?  Stay protected with the latest antivirus and antimalware solutions, and contact Gyver Networks immediately if something gets through.  Loss of identities and/or invaluable data is too high a price to pay for complacency….

Microsoft Office 2010 beta to end October 31st

Thursday, October 14th, 2010

Unlike the attention-grabbing reminder users experienced with the Windows 7 beta (where your PC would suddenly restart every two hours as a gentle prompt that the beta grace period was about to end and it was time to shell out some cash for a full version license), Microsoft Office 2010 beta will quietly expire on October 31st.

If the date mentioned in the EULA  snuck up on you and you’re really strapped for cash, you can download a 60-day trial from Microsoft that will grant you an additional stay of execution. Whether you decide to buy or try, though, you’ll have to uninstall the beta and reinstall the full version.

For environmental purposes, Microsoft is asking that users download their purchase copy electronically, as opposed to buying hard copies of the software.

Report: Linux makes gains in server applications

Wednesday, October 13th, 2010

Linux use circa October 2010 A new report from the nonprofit Linux Foundation shows that Linux continues to grow at breakneck speed and will outpace all other server operating systems over the next five years. Additionally, Linux will be chosen for more than 66 percent of new or “greenfield” applications.

The report, titled “Linux Adoption Trends: A Survey of Enterprise End Users,” reflects the results of an invitation-only survey with responses from 1,900 individuals. According to the report, Linux adoption continues to grow for a number of reasons, not just driven by reduced costs, but by technical superiority and security measures.

It’s important to take these kinds of statistics with a grain of salt, considering the respondents are already partial to Linux. However, the trend toward Linux and open-source is clearly a big part of enterprise computing, and the report itself shows that end-users believe the OS continues to improve–even if they often still have to sell their companies’ upper-management on the idea. That said, nearly 60 percent of respondents said that Linux is seen as more strategic to their organization than it was a year ago.

Key findings from the report:

  • 79.4 percent of companies plan to add more Linux relative to other operating systems in the next five years.
  • 66 percent of users surveyed say that their Linux deployments are brand-new deployments.
  • Among the early adopters who are operating in cloud environments, 70.3 percent use Linux as their primary platform, while only 18.3 percent use Windows.
  • 60.2 percent of respondents say they will use Linux for more mission-critical workloads over the next 12 months.
  • 86.5 percent of respondents report that Linux is improving, and 58.4 percent say their CIOs see Linux as more strategic to the organization as compared to three years ago.

Another important aspect of the report results is the fact that with more companies coming to depend on Linux, there are many job opportunities available for those with skills. In fact, more than 38 percent of the survey respondents cited a lack of available Linux talent as one of their main concerns related to the platform.

Other major concerns include driver support and availability for specific hardware and overall interoperability with other applications and platforms, both of which Linux Foundation Executive Director Jim Zemlin assured me the organization and its constituents are working on. Zemlin also told me that Linux is seeing phenomenal growth in emerging markets such as China, where many developers have grown up using Linux and see it as the obvious solution to computing challenges.


Amazon’s iPhone barcode scanner takes impulse buying to a new level

Wednesday, October 13th, 2010

Amazon for iPhoneThe latest version of Amazon Mobile, 1.2.8, contains a barcode scanner in its search screen. As with barcode scanners in other mobile apps, Amazon Mobile uses your iPhone’s camera to take in a product’s zebra-striped barcode. Amazon’s servers then find a match, and after you select the item, you can sign in to your account to purchase the product on the spot.

As on the regular Amazon Web site, you’ve got gift options and a choice of multiple shipping addresses. Just like before, you can also add the product to your wish list or cart for later purchasing.

Although the app won’t clear your latest search until you enter a new one, we would like the option of reviewing previously scanned items for later reference, especially if we find ourselves without the product later on.

Amazon’s iPhone app isn’t the first to match barcodes to items in a database, of course, and shopping comparison apps have existed for a couple of years. However, Amazon’s addition will be an effective way to convert barcode scanning into concrete sales with the touch of a finger. As one colleague commented, “Amazon just made the world its showroom.”

It’s a sure bet that the online superstore hopes this iPhone app will help prop up its flagging second-quarter earnings, which failed to meet Wall Street’s expectations.

Amazon Mobile is free. Barcode scanning wiAmazon for iPhonell work on iPhone 4 and iPhone 3GS devices running iOS 4.


Sony Internet TV and Logitech Revue: never leave the couch again, thanks to Google TV

Thursday, October 7th, 2010

That’s right, it’s finally here: the end of channel surfing, the end of getting up to switch between television and internet connections, the end of all things not related to sitting on the couch and listening to your muscles atrophy. Punch in a keyword and Google TV will find something on your DVR or on the web that matches, including movies, pics, games, apps – pretty much anything entertainment related. If it exists in a standard media format, you can now watch it from the comfort of your recliner.

Want to manage your fantasy basketball team without turning on your computer or leaving the couch? Check.

Interested in the ability to search for media from your Android device or iPhone without the strenuous exercise of pushing buttons? Just voice search from your phone app and see the results on your television (incidentally, multiple phones can control the same TV/box, which is going to make for some interesting dispute resolution scenarios when there is a disagreement over what to watch).

Want to do something on the web without missing any part of your favorite show? No worries, Google has you covered with a picture-in-picture function that allows you to multitask (you know, if that’s how you like to characterize your lolligagging). I see this feature as a particular favorite of MMORPG’ers who like to divide their attention evenly between leveling their avatar and watching TV. (P.S., if you understood any part of that last sentence, you just failed the geek test… now get back to your WOW, Farmville, EverQuest, etc., before some sun accidentally hits you and you lose your pasty glow.)

Logitech is also offering an external camera and video calling service, so you can videoconference with others using the Logitech hardware/service right from your couch. And as with all of the features discussed herein, your experience will only be as enjoyable as your wireless connection is reliable, so be sure to contact Gyver Networks for help in planning your multimedia network.

Another of the cooler features of the platform is the homescreen, which starts you off with the option of navigating directly to your favorite channels, programs, sites, and more.

The two options available as of this posting are Sony’s Internet TV ($1,000-$2,000, depending on size) and the Logitech Revue box (around $300) for your existing TV, both based on the Android OS and featuring an integrated Chrome browser and Flash 10.1 support. There is expectation that Sony will also be releasing an internet box for those not in the market for a new TV. Android Market will be coming for the platform sometime in the next year and, with it, all the apps you know and love. The SDK for Google TV developers will be forthcoming in the next year as well, which will give rise to even more couchworthy apps (quick, someone patent that: “couchworthy app,” soon all the kids will be saying it).

Notably absent from the list of web content optimized for Google TV is, which actually blocks Google TV from accessing the website, but there is speculation that Google will resolve that issue soon. Currently, Dish is the only cable or satellite service capable of linking your DVR to Google TV, but Google promises that more are coming.

So there it is: the nexus of all media and entertainment on your living room TV. Once Google releases the app that makes nachos and goes to the bathroom for us, we see no need to ever leave the couch again. Dare to dream….