http://www.test104.com/en/misc/index.asp
New Bulletin
CISCO CCNA 640-802 updated. (V19b)
VMware VCP-410 updated.
IBM 000-014, 000-015, 000-011 and 000-012 updated.
CISCO 642-736 and 642-741 updated.
Recent Updates:
VMware VCP-410 Q&A 300 questions updated. (2009/9/30)
IBM 000-014 Q&A 122 questions updated. (2009/9/29)
IBM 000-015 Q&A 146 questions updated. (2009/9/29)
IBM 000-011 Q&A 151 questions updated. (2009/9/28)
IBM 000-012 Q&A 153 questions updated. (2009/9/28)
CISCO 642-736 Q&A 85 questions updated. (2009/9/27)
CISCO 642-741 Q&A 60 questions updated. (2009/9/25)
New Demo
CISCO 642-736
CISCO 642-741
VMware VCP-410
For more details, please refer to:
http://www.test104.com/en/products/products.asp
2009年9月30日星期三
2009年9月25日星期五
New Updates
New Bulletin
CISCO CCNA 640-802 Q&A 182 questions updated. (V19b)
CISCO 642-731 updated.
CISCO 640-460 updated.
Oracle 1Z0-033, 1Z0-047 and 1Z1-054 updated.
LOTUS 190-980 and 190-982 updated.
Recent Updates:
CISCO CCNA 640-802 Q&A 182 questions updated. (V19b) (2009/9/24)
CISCO 642-731 Q&A 52 questions updated. (2009/9/24)
Oracle 1Z1-054 Q&A 192 questions updated. (2009/9/23)
CISCO 640-460 Q&A 114 questions updated. (2009/9/22)
Oracle 1Z0-047 Q&A 168 questions updated. (2009/9/21)
LOTUS 190-982 Q&A 266 questions updated. (2009/9/21)
Oracle 1Z0-033 Q&A 397 questions updated. (2009/9/18)
LOTUS 190-980 Q&A 201 questions updated. (2009/9/18)
New Demo
CISCO 642-731
CISCO 640-460
CISCO CCNA 640-802 Q&A 182 questions updated. (V19b)
CISCO 642-731 updated.
CISCO 640-460 updated.
Oracle 1Z0-033, 1Z0-047 and 1Z1-054 updated.
LOTUS 190-980 and 190-982 updated.
Recent Updates:
CISCO CCNA 640-802 Q&A 182 questions updated. (V19b) (2009/9/24)
CISCO 642-731 Q&A 52 questions updated. (2009/9/24)
Oracle 1Z1-054 Q&A 192 questions updated. (2009/9/23)
CISCO 640-460 Q&A 114 questions updated. (2009/9/22)
Oracle 1Z0-047 Q&A 168 questions updated. (2009/9/21)
LOTUS 190-982 Q&A 266 questions updated. (2009/9/21)
Oracle 1Z0-033 Q&A 397 questions updated. (2009/9/18)
LOTUS 190-980 Q&A 201 questions updated. (2009/9/18)
New Demo
CISCO 642-731
CISCO 640-460
2009年9月22日星期二
News Letters
http://www.test104.com/en/products/products.asp
.CISCO CCNA 640-802 Q&A 192 questions updated. (V19)
.CISCO 642-892 updated.
.Adobe CS4 Flash 9A0-092 updated.
.IBM 000-237 updated.
.HP HP0-A02 updated.
2009/9/14 )
.CISCO CCNA 640-802 Q&A 192 questions updated. (V19)
.CISCO 642-892 updated.
.Adobe CS4 Flash 9A0-092 updated.
.IBM 000-237 updated.
.HP HP0-A02 updated.
Recent Updates:
Oracle 1Z0-052 Q&A 188 questions updated. (
The Open Group OG0-081 Q&A 387 questions updated. (
Symantec 250-265 Q&A 299 questions updated. (
Oracle 1Z0-204 Q&A 199 questions updated. (
Oracle 1Z0-050 Q&A 183 questions updated. (
Free Demo
CISCO CCNP 642-892
LPIC 117-101
IBM 000-973
2009年9月21日星期一
Windows Server 2008 R2 features PowerShell 2 by default
For the Windows OS, few tools hold more weight than the PowerShell scripting environment. In this tip, Rick Vanover breaks down the new environment for Windows Server 2008 R2.
Windows Server 2008's R2 incremental release offers PowerShell 2.0 installed by default. For the base release of Windows Server 2008, you have to explicitly add PowerShell.
PowerShell 2 is currently available as a community technology preview (CTP) at version 3 to replace existing PowerShell 1 installations. The PowerShell 2 that is currently in Windows Server 2008 R2 is slightly different than the CTP that has been available. PowerShell 2 introduces quite a bit of new functionality and some changes to cmdlets within PowerShell. While these changes are minor and generally accommodate additional parameters, you should give consideration to existing scripts. The release notes document on the Microsoft Web site has a full breakdown of the current PowerShell 2 changes and upgrades.
With these new functions and cmdlets, it would be worth testing any PowerShell 1.0 scripts out on a PowerShell 2 environment to ensure the scripts run correctly. With all of the new PowerShell 2 features, it's a good time to line up the resources you need to write good PowerShell scripts. Here are some of the best resources that can help you make the transition to PowerShell 2:
Windows PowerShell Blog: The official Microsoft blog for PowerShell.
PowerGui.org: A community site affiliated with Quest software which has many PowerShell resources, including their own build that can integrate into other products such as Active Directory, VMware Infrastructure, and SQL thoughts PowerPacks.
The PowerShell Guy: A good resource for scripting.
Given that PowerShell will be a default configuration for Windows servers going forward, it's a good idea to have resources lined up for scripting.
Windows Server 2008's R2 incremental release offers PowerShell 2.0 installed by default. For the base release of Windows Server 2008, you have to explicitly add PowerShell.
PowerShell 2 is currently available as a community technology preview (CTP) at version 3 to replace existing PowerShell 1 installations. The PowerShell 2 that is currently in Windows Server 2008 R2 is slightly different than the CTP that has been available. PowerShell 2 introduces quite a bit of new functionality and some changes to cmdlets within PowerShell. While these changes are minor and generally accommodate additional parameters, you should give consideration to existing scripts. The release notes document on the Microsoft Web site has a full breakdown of the current PowerShell 2 changes and upgrades.
With these new functions and cmdlets, it would be worth testing any PowerShell 1.0 scripts out on a PowerShell 2 environment to ensure the scripts run correctly. With all of the new PowerShell 2 features, it's a good time to line up the resources you need to write good PowerShell scripts. Here are some of the best resources that can help you make the transition to PowerShell 2:
Windows PowerShell Blog: The official Microsoft blog for PowerShell.
PowerGui.org: A community site affiliated with Quest software which has many PowerShell resources, including their own build that can integrate into other products such as Active Directory, VMware Infrastructure, and SQL thoughts PowerPacks.
The PowerShell Guy: A good resource for scripting.
Given that PowerShell will be a default configuration for Windows servers going forward, it's a good idea to have resources lined up for scripting.
Microsoft Internet Explorer SSL security hole lingers
http://www.test104.com/en/products/products.asp
Apple's Safari for Windows browser has same problem but Safari for Mac, Firefox and Opera have fixed trouble
Microsoft still does not acknowledge a weakness in its Internet Explorer browser that was pointed out seven weeks ago and enables attackers to hijack what are supposed to be secure Web sessions.
The company says it is still evaluating whether the weakness exists, but Apple, which bases its Safari for Windows browser on Microsoft code, says Safari for Windows has the weakness and the Microsoft code is the reason. If Microsoft doesn't fix the problem, Apple can't fix it on its own, Apple says. Apple has fixed the problem for Safari for Macs. "Microsoft is currently investigating a possible vulnerability in Microsoft Windows. Once our investigation is complete, we will take appropriate action to help protect customers," a Microsoft spokesperson said via e-mail. "We will not have any more to share at this time."
The weakness can be exploited by man-in-the-middle attackers who trick the browser into making SSL sessions with malicious servers rather than the legitimate servers users intend to connect to.
Current versions of Safari for Mac, Firefox and Opera address the problem, which is linked to how browsers read the x.509 certificates that are used to authenticate machines involved in setting up SSL/TLS sessions. In July two separate talks presented by researchers Dan Kaminski and Moxie Marlinspike at the Black Hat Conference warned about how the vulnerability could be exploited by using what they call null-prefix attacks. The attacks involve getting certificate authorities to sign certificates for domain names assigned to legitimate domain-name holders and making vulnerable browsers interpret the certificates as being authorized for different domain-name holders.
For instance, someone might register www.hacker.com. In many x.509 implementations the certificate authority will sign certificates for any request from the hacker.com root domain, regardless of any sub-domain prefixes that might be appended. In that case, the authority would sign a certificate for bestbank.hacker.com, ignoring the sub-domain bestbank and signing based on the root domain hacker.com, Marlinspike says.
At the same time, browsers with the flaw he describes read x.509 certificates until they reach a null character, such as 0. If such a browser reads bestbank.com\0hacker.com, it would stop reading at the 0 and interpret the certificate as authenticating the root domain bestbank.com, the researcher says. Browsers without the flaw correctly identify the root domain and sign or don't sign based on it. An attacker could exploit the weakness by setting up a man-in-the-middle attack and intercepting requests from vulnerable browsers to set up SSL connections. If the attacking server picks off a request to bestbank.com, it could respond with an authenticated x.509 certificate from bestbank.com\0hacker.com. The vulnerable browser would interpret the certificate as being authorized for bestbank.com and set up a secure session with the attacking server. The user who has requested a session with bestbank would naturally assume the connection established was to bestbank.
Once the link is made, the malicious server can ask for passwords and user identifications that the attackers can exploit to break into users' bestbank accounts and manipulate funds, for example, Marlinspike says.
In some cases attackers can create what Marlinspike calls wildcard certificates that will authenticate any domain name. These certificates use an asterisk as the sub-domain followed by a null character followed by a registered root domain. A vulnerable browser that initiated an SSL session with bestbank.com would interpret a certificate marked *\0hacker.com as coming from bestbank.com because it would automatically accept the * as legitimate for any root domain. This is due to "an idiosyncrasy in the way Network Security Services (NSS) matches wildcards," Marlinspike says in a paper detailing the attack. Such a wildcard will match any domain, he says.
The differences between what users see on their screens when they hit the site they are aiming for and when they hit an attacker's mock site can be subtle. The URLs in the browser would reveal that the wrong site has been reached, but many users don't check for that, Marlinspike says.
A Microsoft spokesperson says Internet Explorer 8 highlights domains to make them more visually obvious, printed in black while the rest of the URL is gray. "Internet Explorer 8's improved address bar helps users more easily ensure that they provide personal information only to sites they trust," a Microsoft spokesperson said in an e-mail.
Marlinspike says the null character vulnerability is not limited to browsers. "[P]lenty of non-Web browsers are also vulnerable. Outlook, for example, uses SSL to protect your login/password when communicating over SMTP and POP3/IMAP. There are probably countless other Windows-based SSL VPNs, chat clients, etc. that are all vulnerable as well" he said in an e-mail.
Apple's Safari for Windows browser has same problem but Safari for Mac, Firefox and Opera have fixed trouble
Microsoft still does not acknowledge a weakness in its Internet Explorer browser that was pointed out seven weeks ago and enables attackers to hijack what are supposed to be secure Web sessions.
The company says it is still evaluating whether the weakness exists, but Apple, which bases its Safari for Windows browser on Microsoft code, says Safari for Windows has the weakness and the Microsoft code is the reason. If Microsoft doesn't fix the problem, Apple can't fix it on its own, Apple says. Apple has fixed the problem for Safari for Macs. "Microsoft is currently investigating a possible vulnerability in Microsoft Windows. Once our investigation is complete, we will take appropriate action to help protect customers," a Microsoft spokesperson said via e-mail. "We will not have any more to share at this time."
The weakness can be exploited by man-in-the-middle attackers who trick the browser into making SSL sessions with malicious servers rather than the legitimate servers users intend to connect to.
Current versions of Safari for Mac, Firefox and Opera address the problem, which is linked to how browsers read the x.509 certificates that are used to authenticate machines involved in setting up SSL/TLS sessions. In July two separate talks presented by researchers Dan Kaminski and Moxie Marlinspike at the Black Hat Conference warned about how the vulnerability could be exploited by using what they call null-prefix attacks. The attacks involve getting certificate authorities to sign certificates for domain names assigned to legitimate domain-name holders and making vulnerable browsers interpret the certificates as being authorized for different domain-name holders.
For instance, someone might register www.hacker.com. In many x.509 implementations the certificate authority will sign certificates for any request from the hacker.com root domain, regardless of any sub-domain prefixes that might be appended. In that case, the authority would sign a certificate for bestbank.hacker.com, ignoring the sub-domain bestbank and signing based on the root domain hacker.com, Marlinspike says.
At the same time, browsers with the flaw he describes read x.509 certificates until they reach a null character, such as 0. If such a browser reads bestbank.com\0hacker.com, it would stop reading at the 0 and interpret the certificate as authenticating the root domain bestbank.com, the researcher says. Browsers without the flaw correctly identify the root domain and sign or don't sign based on it. An attacker could exploit the weakness by setting up a man-in-the-middle attack and intercepting requests from vulnerable browsers to set up SSL connections. If the attacking server picks off a request to bestbank.com, it could respond with an authenticated x.509 certificate from bestbank.com\0hacker.com. The vulnerable browser would interpret the certificate as being authorized for bestbank.com and set up a secure session with the attacking server. The user who has requested a session with bestbank would naturally assume the connection established was to bestbank.
Once the link is made, the malicious server can ask for passwords and user identifications that the attackers can exploit to break into users' bestbank accounts and manipulate funds, for example, Marlinspike says.
In some cases attackers can create what Marlinspike calls wildcard certificates that will authenticate any domain name. These certificates use an asterisk as the sub-domain followed by a null character followed by a registered root domain. A vulnerable browser that initiated an SSL session with bestbank.com would interpret a certificate marked *\0hacker.com as coming from bestbank.com because it would automatically accept the * as legitimate for any root domain. This is due to "an idiosyncrasy in the way Network Security Services (NSS) matches wildcards," Marlinspike says in a paper detailing the attack. Such a wildcard will match any domain, he says.
The differences between what users see on their screens when they hit the site they are aiming for and when they hit an attacker's mock site can be subtle. The URLs in the browser would reveal that the wrong site has been reached, but many users don't check for that, Marlinspike says.
A Microsoft spokesperson says Internet Explorer 8 highlights domains to make them more visually obvious, printed in black while the rest of the URL is gray. "Internet Explorer 8's improved address bar helps users more easily ensure that they provide personal information only to sites they trust," a Microsoft spokesperson said in an e-mail.
Marlinspike says the null character vulnerability is not limited to browsers. "[P]lenty of non-Web browsers are also vulnerable. Outlook, for example, uses SSL to protect your login/password when communicating over SMTP and POP3/IMAP. There are probably countless other Windows-based SSL VPNs, chat clients, etc. that are all vulnerable as well" he said in an e-mail.
Google praises Microsoft's HTML 5 thoughts
http://www.test104.com/en/products/products.asp
In a rare display of public goodwill between Google and Microsoft, the companies are bonding over Microsoft's decision to actively participate in the HTML 5 standards process.
In a post to the The WHATWG Blog spotted by Ars Technica, Google's Mark Pilgrim, the company's leading HTML 5 evangelist, thanked Microsoft's Adrian Bateman for joining the conversation over HTML 5 development several weeks ago. "On August 7, 2009, Adrian Bateman did what no man or woman had ever done before: he gave substantive feedback on the current editor's draft of HTML5 on behalf of Microsoft. His feedback was detailed and well-reasoned, and it spawned much discussion," Pilgrim wrote.Despite its role as the developer of the most widely used browser in the world, Microsoft had been practically silent on the development of the HTML 5 standard until August, when Bateman weighed in on some potential choices for how various tags will be implemented in the standard. Since then, Bateman has endorsed the use of the
In a rare display of public goodwill between Google and Microsoft, the companies are bonding over Microsoft's decision to actively participate in the HTML 5 standards process.
In a post to the The WHATWG Blog spotted by Ars Technica, Google's Mark Pilgrim, the company's leading HTML 5 evangelist, thanked Microsoft's Adrian Bateman for joining the conversation over HTML 5 development several weeks ago. "On August 7, 2009, Adrian Bateman did what no man or woman had ever done before: he gave substantive feedback on the current editor's draft of HTML5 on behalf of Microsoft. His feedback was detailed and well-reasoned, and it spawned much discussion," Pilgrim wrote.Despite its role as the developer of the most widely used browser in the world, Microsoft had been practically silent on the development of the HTML 5 standard until August, when Bateman weighed in on some potential choices for how various tags will be implemented in the standard. Since then, Bateman has endorsed the use of the
Virtualise storage through SANs, says IDC
IDC has recommended firms create SANs with storage virtualisation software rather than shelling out for new equipment.
The best way to virtualise your storage is through a storage area network (SAN), according to IDC.
In a new report entitled "Removing storage-related barriers to server and desktop virtualisation," the analyst firm claimed there is no need for high-end expensive systems to reap the benefits of virtualisation - just create a SAN with storage virtualisation software.
Carla Arend, analyst for European storage software and services at IDC, said in the report: "This hardware-independent approach complements server and desktop virtualisation without compromising availability, speed, or project schedules." "Properly implemented, value-added functions like replication and snapshots can be used in a heterogeneous storage environment across storage model and manufacturer boundaries. Just as importantly, it can significantly lower capital and operational expenditure for physical and virtual environments alike."
The report said moving to a virtual environment will simplify management, improve disaster recovery and cut costs, but warned there were pitfalls too. These included initial investment and overlooking needs like shared storage.
Most importantly, IDC said any virtualisation software your firm purchases should not be tied to any one set of hardware. As well, make sure the storage virtualisation software you pick properly addresses your physical servers.
"Otherwise, you may end up fragmenting the IT environment that you are eager to consolidate," said Arend.
订阅:
博文 (Atom)
