There are a couple notes to pass along with regards to some pretty serious vulnerabilities in various wireless network adapter drivers. First, Sans has information on some Intel Centrino updates that resolve some vulnerabilities that would affect the Windows Centrino driver and the ProSet management software. F-secure chimes in on this noting that the download is a whopping 129MB.
Month: August 2006
-
Frustrated with Mandriva Club mirror finder
It seems like I go through this every time I have to search for an SRPM to rebuild… search at rpms.mandrivaclub.com then prompted to login – login… oops wrong password. Login again stranded at main club page….. ok – downloads…. mirror finder. First – there’s no way in the mirror finder to search for SRPMS (you can search for architecture builds). There is a search for cooker, but EVERY time I do it I find mirrors that cannot be found. For my own reference ftp://mandrake.redbox.cz/Mandrivalinux/devel/cooker/SRPMS/main/release/ currently works. (Although given the name change from Mandrake to Mandriva I wonder if/when that will change.) It’s about the 4th or 5th mirror I tried after several “cannot change directory” errors, then looking at the mirror to decide if it really IS there and is just renamed to Mandriva…. They really need to look at updating their mirror list.
-
New site domain www.computerrepairasheville.com
Just by way of information….. I’ve seperated out the www.computerrepairasheville.com and www.ashevillecomputerhelp.com domains now to point to a seperate web site with the main goal of simplifying and clarifying my computer services in the Asheville, NC area. I’ll keep the brief page on this site that gives an overview, but the new computerrepairasheville.com domain will act as the main point of information for those services. On there I’ve tried to put a list of all of the “things I do” although I’m sure I’ve forgotten something.
-
Time for Apple Mac OS X updates again
From the look of it Apple has released a bunch of updates for OS X. A number of security issues are detailed. As always, SANS has some good details and links to more info on each of the ~13 issues. Many of them are legacy bugs if you will from older *nix-based systems. This is as good a time as any for the now familiar lesson – NO operating system is invulnerable, you must keep any software install updated with current security patches.
-
Mozilla Firefox user-agent spoofing
Sometimes you run across a site that’s a browser snob. You know the type…. you visit it in Mozilla Firefox or (anything other than IE) and it says, “you must use Internet Explorer version 6 or newer to use this site. Well, some browsers have nice ways of changing the user agent through the menus, and I wouldn’t be surprised if there’s a plugin for this in firefox (haven’t yet looked.) But, there is a way in about:config.
-
More reason to be cautious with Firefox plugins
Again…. this article referring to an exploit related to the cross platform plugin capability in firefox, is a GOOD reminder to be cautious when looking at potential plugins to install for mozilla firefox. In fact, the advice is usually do NOT install software (including plugins) from untrusted sources. By all means, please investigate any piece of software before downloading and installing. (And please don’t take just the software makers word for it…. ie. “my toolbar is really cool and makes firefox work better” does not equal something you can now trust and install.)
-
Nice, lean linux image viewer
Feh….. what a name… well, linux.com has an article up on feh which is a nice lean image viewer for linux. It has quite a few command line switches so it should make cli users happy with the choices and it is nice, lightweight and fast.
-
Banks and Web security
George Ou has a good post on Banks cheating their way to meet web security guidelines. Many of the observations that he notes come from the Between the Lines column here and are SPOT ON. The biggest I see is related to “multifactor authentication”….
-
Security Tip a day for August
SANS has an answer to last months browser vulnerability a day blog… for August they’ll present a security tip a day. So, if you haven’t visited the handlers diary, this may be a good time to “tune in”. The first one has to do with strong passwords (I think they decided they may as well get that out of the way up front….)
-
Another McAfee security product flaw
Sans has info on a security flaw affect several McAfee security products. It could allow remote code execution. The 2007 versions of the products are not affected and a patch is expected soon. For your information, here are the affected products: McAfee Internet Security Suite 2006, McAfee Wireless Home Network Security, McAfee Personal Firewall Plus, McAfee VirusScan, McAfee Privacy Service, McAfee SpamKiller, McAfee AntiSpyware.
You may note that antivirus software is increasingly being scrutinized as a means to remotely exploit systems. Be watching for the patch to come from McAfee.