Networkworld brings us this report that exploit code removed from websites can live on for quite a while in caching servers. Which, in a way is NOT news, but it’s worth remembering. Many times when someone visits a website, their really visiting a caching proxy server that has previously grabbed a copy of data from the original website. Many networks use cache servers to improve network performance. (i.e…. we have 20 people an hour hitting cnn.com why shouldn’t we just be able to download the page once?)
Category: Computers
-
What wasn’t patched Tuesday…
Sunbelt reminds us that the daxctle.ocx exploit was NOT among those patched Tuesday by Microsoft. They remind us of the following workaround…
Mitigation: The DirectAnimation Path control can be disabled by setting the kill bit for the following CLSID: {D7A7D7C3-D47F-11d0-89D3-00A0C90833E6}
More info at Microsoft’s Knowledge Base
-
Vista kill switch may push people to linux
It’s not really a surprising headline. I think anytime a proprietary vendor tightens the screws a bit to limit piracy they are going to force people to other, competing products. Especially when there’s a significant cost difference involved. If there are three t-shirts for sale, one for $5 with no logo and another for $50 with a brand logo (we’ll say nike) and yet another (pirated) with a nike logo for $10 and everybody thinks the nike logo is cool and in… they’ll buy the $10 “pirated” shirt unless they know that it’s pirated and are morally compelled to spend the $50. If piracy is cracked down on and you have a choice between the $50 logo shirt and the $5 no logo shirt….. hmmm I’d rather have $45 extra dollars than a swoosh on my shirt.
-
Updating Windows XP SP2 serial number
Intelliadmin published this earlier today… with all the problems some people have had with the Genuine advantage notification that their copy of Windows may not be legitimate (many reasons for this…) it may be necessary to buy a new copy of Windows and it would be a nuisance to have to reinstall. So, there is a way to just update the serial number to the new copy. The download from Microsoft can be found here and checks the main system files (for patching/changes to circumvent WGA) and then asks for the new Product Key. Reboot and it should have updated the serial number and maybe WGA will let you do updates.
-
Preventing the automatic update to Internet Explorer 7
Internet Explorer 7 is set to be released this month (October 2006) and it will likely be an automatic update for Windows users either November or December of this year. (I’m thinking November.) Now, it’s been a long time in the making, at one point Microsoft said there wouldn’t be another version past 6 of IE, but… it’s finally coming and some people will not want it installed automatically until they’ve had more time to investigate it and test with their critical uses.
-
Microsoft October 2006 patch Tuesday
The first thing I should mention is that this months update from Microsoft is the last for XP SP1 users should plan a migration path to SP2 to keep getting updates to XP. Multiple vulnerabilities this month have been patched in Office There are 4 advisories, but a total of 15 issues covered by those four. Powerpoint, Excel, Word and Office/Publisher there are a variety of exploits, some public (like the powerpoint) others that were privately reported. Also, Incidents.org gives a nice summary of the advisories and the severity of each (urgency of updating.) The setslice vulnerability is patched in this batch by the way.
-
fdisk Unable to read /dev/sda
The other day I was trying to partition a drive hooked up via usb. (So it get’s /dev/sda as it’s device in linux)… I tried a few utilities to access the partition table and all failed, finally, I resorted to fdisk /dev/sda and was told “unable to read /dev/sda” which I thought was peculiar. The drive had come back in a “warranty replacement” swap for another drive and should have been wiped clean and should have been good as well.
-
IE7 coming within the month, Firefox 2 RC2 out as well
It’s kind of interesting to get to do a “browser wars” kind of post where I mention a new release of two browsers coming out about the same time…. The release of IE7 is coming within weeks we are reminded by zdnet. It’s noted that it will be rolled out through automatic updates not long after it’s official release. Incidents.org is less than enthusiastic about the release suggesting that no matter how much of an improvement over IE6 this new release will be it’s bringing us features that have been in competing browsers since 1996 and diversity of browsers is a good policy.
-
By the way, the US commerce dept. computers are under attack….
Shouldn’tthis and this get more news coverage? US Commerce Department computers (specifically a bureau responsible for export licenses) is under cyber attack from hackers based in China. The Bureau in question is the Bureau of Industry and Security…. which handles “U.S. exports which have both commercial and military applications”…. They’ve been targetted by various rootkits among other malwares and in early September were forced to cut off internet access (yes that’s around a MONTH ago).
-
October Microsoft update advance notice….
11 patches will be released by Microsoft on the 10th of October. Bulletin is here, 6 for windows, 4 for Office (at least one in each of those two batches is critical) and 1 .NET (moderate) – yes the Windows updates will likely require a restart. Betanews has a bit more coverage hoping the WebViewFolderIcon ActiveX control vulnerability will get fixed in this batch.