I wrote a column last week on the public folder management improvements in Exchange 2003 SP2. As a guide, I used Dave Whitney’s post on the improvements, since none of the other SP2 documentation has been made public. Unfortunately, I didn’t include a link to his original article in my column. I always do this when I link to the Exchange blog, because it’s a terrific resource, but this time I plum forgot. This is unfair to Dave, who wrote the original post, so I’m posting this apology. Sorry, Dave; it won’t happen again.
Category Archives: Oops!
Ouch! This story from yesterday’s Wall Street Journal details how problems with Morgan Stanley’s e-discovery process are going to end up costing them a lot: perhaps $360 million, or even more. The judge in the case labeled their actions as bad faith, and that’s going to cost them.
Morgan Stanley is in serious trouble because of the way it mishandled an increasingly critical matter for companies: handing over email and other documents in legal battles. Lawsuits these days require companies to comb through electronic archives and are sometimes won or lost based on how the litigants perform these tasks. Morgan Stanley kept uncovering new backup tapes, couldn’t perform full searches because of technology glitches and gave material to the other side that was sometimes incomplete or late.
The Morgan Stanley folks made a number of poor decisions and mistakes– ones that you should be sure not to duplicate in your own environment.
Update: this WSJ story says that the jury hit Morgan Stanley for $604 million. As the story also points out, the jury was instructed by the judge to put the burden of proof on Morgan Stanley, not the other way around, so it’s reasonable to expect that this will be appealed, and that it might be overturned. Still, $604 million is a high price tag.
Update: the WSJ just reported that the jury awarded Perelman another $850 million in punitive damages. That brings Morgan Stanley’s total tab to $1.45 billion.
Bruce Schneier is reporting that the SHA-1 hash algorithm has been broken:
The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu (mostly from Shandong University in China) have been quietly circulating a paper describing their results:
• collisions in the the full SHA-1 in 2**69 hash operations, much less than the brute-force attack of 2**80 operations based on the hash length.
• collisions in SHA-0 in 2**39 operations.
• collisions in 58-round SHA-1 in 2**33 operations.
This attack builds on previous attacks on SHA-0 and SHA-1, and is a major, major cryptanalytic result. It pretty much puts a bullet into SHA-1 as a hash function for digital signatures (although it doesn’t affect applications such as HMAC where collisions aren’t important).
So, on the Treo 650, when you enable a mail account for Exchange ActiveSync, it warns you that creating the account will empty your calendar– if you use EAS, you have to use it to sync your calendar. I knew that, and had been manually forcing my desktop to overwrite the handheld calendar. This worked fine until (drum roll) I forgot to set the “desktop overwrites handheld” flag as a default. This morning, I synced the device and– oops– almost all of my calendar data is now gone. This is not the end of the world, since we’re coming up to a slow time of year. I still have all of my contact and task data, but it’ll be a hassle to re-enter the events I do have (including kids’ holiday parties at school and my regular weekly team concalls).
From the “I hate it when that happens” department: there’s a vuln in the BlackBerry software (at least in the 7230 model) that can be used to cause the device to reboot on demand. The problem is triggered by >128Kb of text in the “Location” field of a meeting request. As RIM points out, Outlook limits that field to 255 characters, so you’d have to hand-craft attack messages. However, these messages don’t do permanent damage; they just cause annoying reboots.
Inaugurating a new category for security mistakes, we have this story from Computerworld. Seems that the Los Alamos National Laboratory has had a little email security problem, on top of their other recent problems:
In the latest incident, lab spokesman Kevin Roark late yesterday confirmed a Los Angeles Times report that the lab recently discovered new incidents of classified information being sent through a nonclassified e-mail system.
“We have had occurrences recently, yes,” Roark said. “We have had them in the past. It’s anticipated we will have them in the future.”