A bit over a week ago Dell had a massive recall announced for potentially hazardous laptop computer battery issues. (Flaming laptops.) Now, it’s Apple’s turn. It seems as though Sony is the common supplier for both issues. The BBC has an overview here. Here’s a link at Apple’s site giving more information on getting a replacement and identifying if your battery is affected.
Category: Computers
-
Wireshark, various vulnerabilities disclosed
There used to be a tool called ethereal and then it changed it’s name to wireshark. Today a number of security vulnerabilities were disclosed. A new version is available and workarounds. Please upgrade if at all possible.
-
IE7 will have many css fixes
They’re doing what they can at Microsoft to put to rest the notion that IE7 won’t make drastic strides in CSS compliance. One of the fronts they’re pushing is this detailed listing of CSS fixes that will be found in Internet Explorer 7 when it is released.
-
Good sarc monitoring tip
Sarc is still in their month of security tips per day and todays is another good one. Todays tip is about monitoring machines, particularly those that “defend” your network. (Mail antivirus scanners/ proxy fitlers/scanners/etc.) The core of the advice is to not just ping – that only tells you if the system exists and is online – it doesn’t tell if things are working. They suggest scripting tests (antivirus scanner can be tested via the EICAR test signature for instance.) They note that doesn’t tell if the av scanner is updated (I prefer a crontab output of the days updates – looks like there were around 9 clamav signature updates yesterday.
-
Hiding malware may evade antivirus
Sans had an interesting malware analysis this morning about a blob that appeared to be ascii text (gibberish) that was retrieved by a piece of malware. It turns out that the ascii text was a cleverly encoded exe file (windows executable or program file.) It took several iterations of their analysis to uncover the actual file. A followup referred to a study of “hiding” malware in various Microsoft Word supported formats and how successful (or unfortunately UNsuccessful) several antivirus programs tested were able to identify it. This was performed by running the files through virus total and the virus was the EICAR test pattern.
-
But it’s brand new, how could it have so many updates?
This morning I was doing a fresh install of Windows XP SP2 into a Virtual Machine. So far, things are fine I went through windowsupdate and found 3 updates the first time, then rebooted and hit windowsupdate again to see 55 updates available. A lot of times when I set up a new pc for somebody they wonder why I want to check windows update multiple times. They’ll usually say something along the lines “but it’s brand new there shouldn’t be any updates.” Well, this install was from a SP2 disk and there have been a large number of updates since that was released. Many manufacturers use fairly sophisticated techniques to roll out the default install images they use, but it’s still very possible that your machine will have several updates waiting for it when you get it.
-
More Microsoft Patch problems MS06-042
This has been one of the “problem child” patches this time around and it looks as though it’s worse than initially thought. Apparently, instead of “just” crashing IE SP1 when viewing compressed http 1.1 web pages on WinXP SP1 or Windows 2000 SP4…. as stated in Microsoft’s bulletins, this could also lead to a buffer overflow allowing for code execution. Microsoft is saying that they are not aware of that vulnerability being exploited or impacting customers at this time. The issue that was originally reported is detailed in this knowledge base article.
-
Skype and linux audio issues
One of the things I didn’t mention in my first skype post was the “getting skype to work with linux” bit… The version available via urpmi in Mandrake was 1.2, so I installed it (before I had the usb audio phone) and gave a try. It gave consistent errors trying to access the audio device (/dev/dsp). I looked and it seems that the older 1.2 version used OSS exclusively for this and had LOT’S of problems. I did find that version 1.3 that can use either OSS or ALSA seemed to work flawlessly on the three systems I tested. (Two of them Mandriva 2006 and the test box Ubuntu 6.06.1) The testbox didn’t have a sound card prior to the usb phone, the other two had built in sound and that is what was tested.
-
Skype and USB phones….
I’ve seen skype I just haven’t used it personally until very recently. In fact there was a place (dialpad?) that I had used once upon a time for a few free long distance calls online. It was neat, but had some limitations (delay). It quickly became non-free and frankly the microphone I have hooked up to the PC fell back in the corner beside the desk and I haven’t dug it out in quite a while. A few weeks ago though my Dad discovered Skype and ordered a cheap ($17) “phone” that plugs into the usb port of the pc and can be used with skype and a variety of other services. (in fact, it works as a generic usb sound card so… there might be other possibilities for using it to record wav files directly, etc.)
-
Strange net problems with a Netgear FS608 switch
This was weird and now that the switch is replaced I haven’t been able to duplicate it, but let me explain. There was a netgear fs608 (8 port unmanaged) switch plugged into a linksys router (model number not noted.) The cable was straight (although the fs608 has support for link through straight or crossover cables.) This setup worked well for quite some time. 4 computers and a printer hooked up. 3 pcs with fixed address and 1 with DHCP for their IP address. Well, I had a call that two pcs were unable to connect to the network and when I got there and looked… sure enough 169.**** ip addresses from Microsoft’s “auto configure” pool.