Computer Tips -Tech Info

Category: Computers

  • Some days you really want to slap someone at Microsoft….

    So, I was formatting a drive the other day. It’s an external hard drive that will need to be readable AND writable by both Mac and Windows XP machines. So, the only choice (without paying for MacDrive to read/write to HFS+) is really FAT32. The drive is in the 250GB-300GB ballpark. So, I reference the maximum filesystem size and see that FAT32 supports up to 2TB filesystems. No problem. I was doing this from the Windows XP machine that would be one of the drives “hosts” and after much scratching around created and attempted to format the FAT32 partition – a LONG verification process ensued 30 minutes – 1 hour. After which…. “volume size too big” eh? Well… the format tool under Windows XP/2000 is crippled…

    (more…)

  • Microsoft Internet Explorer patches for unsupported OS versions (Windows 98 and ME)

    For starters, if you’re using Windows 98 or ME still in a production system, you REALLY need to be looking at migration options and you should realize that the architecture of those systems is NOT conducive to a good secure platform. No XP isn’t perfect, but it is an improvement in many areas. That much said, if you don’t have too many choices and are wondering how you can protect the old system against the recent Windows Internet Explorer vulnerabilities…. here you go. The zero-day emergency response team has released a version of the VML vulnerability patch for older versions of Windows. So, if you REALLY need to patch an old windows 98 or ME install, you can give that a try. (No guarantees.)

    (more…)

  • Firefox zero-day vulnerability (or is it?)

    I saw a comment somewhere else that zero-day was overused and in essense ANY previously unknown vulnerability in open source software is technically zero day… the intent here though is to use the word in this context…. “vulnerability has been released without giving the vendor an opportunity to patch…” Yes, the fun vulnerability weekend seems to be continuing – there’s a javascript zdnet has coverage it’s “impossible to patch” (?) from the individuals that have publicized it. The announcement came at Toorcon.

    (more…)

  • Oh and ANOTHER Powerpoint vulnerability too….

    Sometimes you feel like the little Dutch boy of myth/legend with his finger trying to plug the hole in a dam…. Incidents bring us this as well…. another powerpoint vulnerability seems to have been disclosed. MS has an advisory. All currently supported Office versions are vulnerable (even on Mac?) Workarounds include not opening powerpoint files… using the Powerpoint viewer 2003 (I don’t see any word on opening in something like Openoffice.org Impress – that MAY mitigate the risk.)

    (more…)

  • Microsoft vulnerability whack-a-mole continues…..

    Translation – Microsoft patched one vulnerability another surfaces…. Incidents.org brings us the frustrating news….

    If you remember the month of browser bugs series of exploits back in July, there was a denial of service there that appears to have code execution after all. Coincidence or not, it got publicly released after the out of cycle Microsoft patch for MSIE.

    So…. here are the possible workarounds….

    (more…)

  • Microsoft releases official VML patch!!

    The big news this afternoon is that Microsoft HAS gone out of the routine patch cycle to release a security fix for the VML vulnerability that’s been actively exploited in recent days for everything from sneak keylogger installs to massive spyware installs. Sans has a few links, if you de-registered the affected DLL you should consider re-registering the same so that you’ll be able to view/access vml content in the future. Here’s Microsoft’s technet Security Bulletin on the matter. (Visit update.microsoft.com if it’s not automatically downloaded for you.) It should be noted that the RC of IE 7 was not affected by this vulnerability.

    (more…)

  • Update on the Internet Explorer VML vulnerability

    Just catching up on the days VML vulnerability news from today…. It looks as though… the exploit is now MUCH more widespread this blog has some video of an infection, what’s notable is that the first take was VERY UNEVENTFUL, it was used to stealthily install a keylogger. (So that they can harvest paypal/bank/etc. passwords…) So, there might not be a big red “you’re owned” sign pop up. Sunbelt reported on a test page to visit to see if you’re vulnerable. The direct link is http://www.isotf.org/zert/testvml.htm (Will crash IE if it’s vulnerable.)

    (more…)

  • Apple Macbook pro and other wireless fixes

    Do you remember the big bruhaha a month or so back about the “apple wireless vulnerability” that everybody picked apart because in the video taped demonstration they used a third party card…. EVEN though the demonstrators stated that the same vulnerability existed in Apple’s own driver some on the internet tore one reporter up over stating that because Apple denied being shown exploit code (slight semantic issue there…) Well… those driver vulnerabilities that must have not existed, were fixed today by Apple. Brian Krebs has the story, as well as incidents.org

    (more…)

  • More fake codecs

    Sunbelt is still finding fake codec sites…. This most recent site is mpcodec.com and the ip address of 69.50.160.58

    (I had to do a doubletake as THIS site (averyjparker.com) is hosted at 69.36.180.58 – I usually see the first and last numbers first and thought – “wait a minute – that looks familiar…” the middle numbers matter too though….)

    Beware of audio/video codec downloads that claim they’re the best thing since sliced bread… Here’s another…

    (more…)

  • How Microsoft could patch VML vulnerability before October’s patch day

    SO, there’s the second big vulnerability exploit for Internet Explorer making the rounds in about a week and Microsoft’s advisory says that the most recent flaw will likely be patched on October’s patch day (“unless the need arises…”) So, what would trigger that need? Lot’s of browsers being subjected to unwanted drive-by downloads? I suppose that doesn’t trigger need for an out of cycle patch. True, “lot’s” is hard to quantify – how many people are really affected by this, home users? office users? etc. After all there IS a way to mitigate this (unregistering the vml dll….) not for the faint of heart but, it’s your computer and you’re responsible for it, right? Last month, a program offered people the capability of removing DRM from Microsoft DRM protected windows media files… it took about 3 days for Microsoft to release a fix…..

    (more…)