According to The Sans handlers diary, a worm exploiting one of the security vulnerabilities disclosed last week by Microsoft, is in the wild and spreading. The worm tagged as zotob.a exploits the ms05-039 vulnerability. (Sans reminds us that ms02-039 was the vuln. targetted by the slammer worm. Interesting coincidence.)
They are still at infocon yellow. (Note the infocon graphic at the bottom of each page.)
Good news on the WordPress front. A new release has been, well, released. Version 1.5.2 is a bugfix/security fix release. On the heels of an August 10th security advisory. The release announcement is available here.
If you have a website, you likely will look at your logs from time to time to see just who or how many people are visiting your site. I’ve certainly looked at a lot of logfiles both for my site and for others and thought I’d pass along some things you will likely see. For starters you are likely to see requests for pages that don’t exist. Even if you’ve never made changes to your site, you may see requests for files like (more…)
Once you’ve made the plunge to look at operating systems outside of the Microsoft realm, linux has typically been the easiest accessible. Lot’s of livecds are out there and much can be freely downloaded. Of course there is the Mac as well with Os X. I’ve liked what I have seen of it, but there is a higher cost of commiting to that platform. (Hardware +software). I’m also not comfortable giving up one company that has fairly tight control over the software for a company that has fairly tight control over the hardware and some of the software.
A while back I did an article on a preview of KDE 3.5 (currently in alpha). Today the Second part of that preview of what is to come (kome?) in KDE is up. He picks up featuring the changes in konqueror. (The default web browser under KDE.) On the eyecandy front…. SuperKaramba has been included in the main release of the next KDE.
Wow, some people are quick. What has it been a day? There is already a review up of the second Beta in the release cycle of Mandrake…. uhmmm Mandriva Linux 2006. (Still can’t quite get used to the name change.) Anyway… The review is complete with screenshots and a link to the complete package list.
The Register writes that New York has passed a law that will require local government agencies and businesses to disclose security breaches. (System broken into or data stolen). I can understand businesses being reluctant to disclose this kind of information. “What will they say about us”, “bad reputation”, “we’ll lose customers”, the thoughts could go on. However, there are some people that respect a business that is up front about a problem like this.
I’ve seen a story over at Desktop linux about the release of Turbolite 2005. Which is based on Turbolinux. It’s targeted at older, refurbished hardware. They offer “all the essential functions required for a desktop PC, including a Mozilla Web browser and email client, a Flash player, and streaming multimedia capabilities.”
For several years now I’ve used a neat tool at Gibson Research to test a clients firewall quick and easy from the web browser. They have a tool called Shields Up that does a limited port scan to determine of network ports are open, closed or “stealth”.
According to the entry for WordPress 1.x at Secunia.com, there is a “Highly critical” WordPress vulnerability announced August 10th that affects all 1.x versions including 1.5.1.3 The details are in this advisory. There is not yet an updated version of WordPress to address the issue, but there is a possible workaround.