My hosting provider reports that their hosts– or, more precisely, my blogs– have been under a comment spamming attack. They’ve disabled my comments executable until further notice; I’ll probably have to either rename it or figure out some way to prevent drive-by comment spams before they’re willing to turn it back on.
Update: we’ve applied some prophylactic changes that will hopefully tamp down the spammers. Comments are now back on.
I wrote a column last week on the public folder management improvements in Exchange 2003 SP2. As a guide, I used Dave Whitney’s post on the improvements, since none of the other SP2 documentation has been made public. Unfortunately, I didn’t include a link to his original article in my column. I always do this when I link to the Exchange blog, because it’s a terrific resource, but this time I plum forgot. This is unfair to Dave, who wrote the original post, so I’m posting this apology. Sorry, Dave; it won’t happen again.
Ouch! This story from yesterday’s Wall Street Journal details how problems with Morgan Stanley’s e-discovery process are going to end up costing them a lot: perhaps $360 million, or even more. The judge in the case labeled their actions as bad faith, and that’s going to cost them.
Morgan Stanley is in serious trouble because of the way it mishandled an increasingly critical matter for companies: handing over email and other documents in legal battles. Lawsuits these days require companies to comb through electronic archives and are sometimes won or lost based on how the litigants perform these tasks. Morgan Stanley kept uncovering new backup tapes, couldn’t perform full searches because of technology glitches and gave material to the other side that was sometimes incomplete or late.
The Morgan Stanley folks made a number of poor decisions and mistakes– ones that you should be sure not to duplicate in your own environment.
Update: this WSJ story says that the jury hit Morgan Stanley for $604 million. As the story also points out, the jury was instructed by the judge to put the burden of proof on Morgan Stanley, not the other way around, so it’s reasonable to expect that this will be appealed, and that it might be overturned. Still, $604 million is a high price tag.
Update: the WSJ just reported that the jury awarded Perelman another $850 million in punitive damages. That brings Morgan Stanley’s total tab to $1.45 billion.
I hate it when this happens: “Orthopedists say they are seeing an increasing number of patients with similar symptoms, a condition known as ‘overuse syndrome’ or ‘BlackBerry thumb.'” I guess I’d better worry about using my Treo with SnapperMail.
Bruce Schneier is reporting that the SHA-1 hash algorithm has been broken:
The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu (mostly from Shandong University in China) have been quietly circulating a paper describing their results:
• collisions in the the full SHA-1 in 2**69 hash operations, much less than the brute-force attack of 2**80 operations based on the hash length.
• collisions in SHA-0 in 2**39 operations.
• collisions in 58-round SHA-1 in 2**33 operations.
This attack builds on previous attacks on SHA-0 and SHA-1, and is a major, major cryptanalytic result. It pretty much puts a bullet into SHA-1 as a hash function for digital signatures (although it doesn’t affect applications such as HMAC where collisions aren’t important).
Filed under Oops!, Security
So, on the Treo 650, when you enable a mail account for Exchange ActiveSync, it warns you that creating the account will empty your calendar– if you use EAS, you have to use it to sync your calendar. I knew that, and had been manually forcing my desktop to overwrite the handheld calendar. This worked fine until (drum roll) I forgot to set the “desktop overwrites handheld” flag as a default. This morning, I synced the device and– oops– almost all of my calendar data is now gone. This is not the end of the world, since we’re coming up to a slow time of year. I still have all of my contact and task data, but it’ll be a hassle to re-enter the events I do have (including kids’ holiday parties at school and my regular weekly team concalls).
From the “I hate it when that happens” department: there’s a vuln in the BlackBerry software (at least in the 7230 model) that can be used to cause the device to reboot on demand. The problem is triggered by >128Kb of text in the “Location” field of a meeting request. As RIM points out, Outlook limits that field to 255 characters, so you’d have to hand-craft attack messages. However, these messages don’t do permanent damage; they just cause annoying reboots.
Filed under Oops!, Security