A couple days ago there was a release of Mac OS X 10.4.7 which addressed several security flaws. There is now an exploit published for one of these vulnerabilities. The attacker using this exploit could gain remote root (administrator) access to the machine. So, don’t delay any further on patching. No system is a fortress if the administrator doesn’t keep up with security updates……
Month: June 2006
-
OpenOffice.org security update
Version 2.0.3 of OpenOffice.org has been released. It includes quite a few bugfixes, including three security related fixes. The security vulnerabilities were apparently found in an internal audit. One of the improvements in 2.0.3 is an integrated update check, to be able to check for available updates directly from within OpenOffice. I think this is an important area to be improved.
-
The great firewall of China
The great firewall of China may be just an illusion in technical terms. This article describes the details of how things work…. Basically when “banned content” is detected, both ends of the connection are sent a flood of tcp reset packets. Which (if both sides are designed to pay attention to) means that the two computers “hang up” assuming the other side reset the connection. But, while most current PC operating systems obey the reset packets…. it’s not something that is imperative. (You might think of this as a targeted/surgical denial of service attack using TCP reset packets…) The article goes a bit deeper though….
-
Your own custom BSOD
Do you tire of XP’s blue screen text…. is it too drab and dry? Well you too can spice up your blue screen text…. This is not for the faint of heart when it comes to tinkering with “important files”…. But all you need is Windows XP and resourcehacker (Free). fluxiontech.com has the tutorial. Happy modifying your ntoskrnl.exe …….. (Please follow their directions and save it to another file name so you’ve got your original…) Then just make a change to boot.ini to point to the new kernel and you too have a customized BSOD.
-
Intelliadmin – free disable usb storage tool
For Windows system administrators that have sweated over the perils of usb drives and memory sticks…. Intelliadmin has a tool for you. It’s a small utility that will allow to remotely disable usb drives over the LAN. It won’t affect usb mice/keyboards – just usb storage. So, if your network security policy doesn’t like USB storage you can easily use this to make sure those devices don’t work on plugin.
-
Exploits a plenty – IE / Excel (Firefox?)
There are a number of vulnerabilities that are currently unpatched, but have working publicly known exploits for Excel (*2) and Internet Explorer (2 vulnerabilities here as well.) Proof of Concept code has been released for both the Excel and Internet Explorer vulnerabilities. This means, with the code publicly available, it won’t be long before it’s bundled into other malware delivery structures…. You might look at alternative browsers, BUT…. be forewarned that one of these vulnerabilities appears to work on a fully patched install of Mozilla-Firefox. (According to Sans – the Secunia code doesn’t – but the full disclosure exploit code does affect Firefox.) I’ve seen word of early 1.5.0.5 builds being available – I wonder if that will be modified to fix this issue?
-
Apple Mac OS X updates
There are several issues fixed by a bundle of updates for OS X (for 10.4 up to 10.4.6). The new release is 10.4.7 There are a number of issues fixed in addition to at least 3 security related problems. Incidents.org has more details. I know many Mac users feel the “aura of invincibility”, but…. keeping your OS updated is important no matter what Operating system you use…. mac, windows, linux, bsd, etc.
-
Google Checkout
Gbuy, Gcheckout, Google Payments etc…. the news has been circulating for months – Google will compete with Paypal. Well, Google Checkout has finally launched and is being covered by most every outlet covering online news (including several of Google’s blogs are talking about this latest product launch from google. It seems to be US only at this point and there are a couple of interesting twists.
-
FreeDos suspended development – nevermind
The Freedos has suspended development. It’s been a 12 year project and really, Freedos has become THE free DOS implementation around. It’s been shipped with “blank” pc’s, integrated into several other projects that use a dos’ish boot environment and the 1.0 release has not officially come. (I think the most recent is a Beta9 Service Release 2…) The site has been moved to freedos.sourceforge.net although, freedos.org will redirect to this eventually (DNS settling right now.) On many sites I’ve seen it reported as “freedos is dead”… and the comments are post-mortem style – however this is open source…. –UPDATE– OSNEWS had the original story and it seems like it was a joke of sorts as the dns had been moved to point to the new VHOST at sourceforge. In other words – no one was meant to see the Freedos is dead message at freedos.org… But still the following thoughts on the “death” of an open source project in general still apply….
-
All old scams are new again….
Last week I got a notice of this warning…. it seems that scammers are sending out emails claiming to be from the FDIC (Federal Deposit Insurance Corp.) and the email claims that the government will no longer insure your bank deposits unless you validate certain information…