There is a great post over on Alerding Castor on the use of PowerPoint or rather the misuse of PowerPoint in a presentation. Other than the use of sound I cannot agree more considering the number of PowerPoint's I have had to sit through. It amazes me to this day that any tech company considers the use of PowerPoint as “high tech” as it’s just a step above the overhead projector we all remember from High School. Adding transitions, sound and to many words does not change the fact a PowerPoint should do nothing more than highlight what the speaker is reviewing.

The key points he outlines in his post are:

• No more than six words on a slide.
• No cheesy images. Use professional stock photo images.
• No dissolves, spins or other transitions.
• Sound effects can be used a few times per presentation, but never use the sound effects that are built in to the program.
• Don’t hand out print-outs of your slides. They don’t work without you there.

The Richter Scales are back and this time it’s not Bubble 2.0 but a “joyous” Christmas carol:

In case you missed my weekend post Staples is offering QuickBooks Pro for FREE today!

If the link is broken it’s

Microsoft’s answer to less than stellar sales of Vista has been to push hard on the next Windows release, Windows 7. With more and more information leaking out or outright being sent out by Microsoft it’s pretty much agreed upon that Windows 7 will be released sometime in late second quarter to third quarter of 2009. It is very likely we will see a full Beta release in January and I’ve predicted sometime between the 15th to 17th.

It’s somewhat hard to read but it looks like internal builds are at 7004 or higher. Current leaked versions are 6956 and 6801:

The image above is linked directly to the MSDN Blog so we’ll see if it gets pulled. Just in case I have saved a local copy as well.

Malicious Images and Search Files Can Compromise Windows

Severity: High

9 December, 2008

Summary:

§ These vulnerabilities affect: All current versions of Windows

§ How an attacker exploits them: Multiple vectors of attack, such as enticing a victim to visit a malicious web site or to view a specially crafted image

§ Impact: Various; in the worst case, an attacker can gain complete control of your Windows computer

§ What to do: Install the appropriate Microsoft patches immediately

Exposure:

Today, Microsoft released two security bulletins describing vulnerabilities that affect Windows and components that ship with it. Each vulnerability affects different versions of Windows to a different extent. However, a remote attacker could exploit the worst of these flaws to gain complete control of your Windows PC. Both vulnerabilities are equally severe:

MS08-071: Two GDI Buffer Overflow Vulnerabilities

The Graphics Device Interface (GDI) is a Windows component that helps output pictures and text to your monitor or printer. Microsoft's bulletin describes two buffer overflow vulnerabilities that affect GDI. The flaws differ technically (one is a heap overflow and the other an integer overflow), but they share the same impact. If an attacker can entice one of your users into viewing a specially crafted WMF image, or into running a specially crafted program (which uses the GDI API to copy a WMF image), he could leverage either of these vulnerabilities to gain complete control of your user's computer (regardless of the user's privileges)
Microsoft rating: Critical.

MS08-075: Two Windows Search Code Execution Vulnerabilities

According to Microsoft, Windows Search is a standard Windows Vista and Server 2008 component that allows instant search capabilities for most common file and data types. You can download an optional Windows Search component for Windows XP, but these vulnerabilities only affect the versions that ship with Vista and Server 2008.

Windows Search suffers from two vulnerabilities involving how Windows Explorer handles either Windows Search files (.search-ms) or the Windows Search protocol (search-ms://). Both flaws share the same impact, but the Windows Search protocol flaw is easier for an attacker to leverage. By luring one of your users to a malicious web site, an attacker can exploit the Windows Search protocol flaw to execute code on that user's computer, with that user's privileges. If your user has administrative privileges, an attacker could exploit either of these flaws to gain complete control of the user's PC.
Microsoft rating: Critical.

Solution Path:

Microsoft has released patches for Windows which correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately.

MS08-071:

§ For Windows 2000

§ For Windows XP

§ For Windows XP x64

§ For Windows Server 2003

§ For Windows Server 2003 x64

§ For Windows Server 2003 Itanium

§ For Windows Vista

§ For Windows Vista x64

§ For Windows Server 2008

§ For Windows Server 2008 x64

§ For Windows Server 2008 Itanium

MS08-075:

Note: Microsoft seems to be distributing two separate updates to fix the issues covered in this bulletin. You should apply both.

§ For Windows Vista [ Update 1 (KB958623) / Update 2 (KB958624) ]

§ For Windows Vista x64 [ Update 1 (KB958623) / Update 2 (KB958624) ]

§ For Windows Server 2008 [ Update 1 (KB958623) / Update 2 (KB958624) ]

§ For Windows Server 2008 x64 [ Update 1 (KB958623) / Update 2 (KB958624) ]

For Windows Server 2008 Itanium [ Update 1 (KB958623) / Update 2 (KB958624) ]