This has been a rough quarter for Office vulnerabilities… there seems to be a pattern, Microsoft patch day, then…. zero-day exploit within a week for an Office component. First Word, then Excel and now this month our vulnerable app is Powerpoint. The Security Fix has some coverage and notes the pattern – the likely motivation is so that there will be more time to exploit before the vulnerability is patched. The moral of the story is to be suspicious of Powerpoint attachments/files from untrusted sources. i.e. verify that you should be receiving an attachment even from KNOWN sources.
Category: Computers
-
Another attempt at different hardware problems
I mentioned some time ago a frustrating issue with the hardware on my desktop that I had finally solved. I got the new system Which was a 64-bit AMD Athlon on an Asus k8N4-E board and a pci-express nvidia based card (6200 TurboCache), 1 GB of memory… Things worked very nice for a while, rock solid stable and no issues. But the one day, I noticed…. “where did my tvcard go”. There were 2 pci slots, one I had used for a tvcard, the other for an addon sound card.
-
The Spam fight turns to blogs….
I’ve detailed some of the struggles I had for a bit with FLOODS of comment spam. Details of the issue and a fix which has been rock solid for WordPress can be found in the following posts (reverse chronological order): Update on comment spam storms, trackback spam countermeasures such as akismet and trackback validation, another trackback storm, botnets spreading trackback spam?, Initial trackback storm. To sum up though, I’ve found 2 plugins to make for a rock solid combination here in wordpress. Akismet (which caught 99% or so of trackback spam) and The trackback validator plugin which caught everything else. (99% sounds good, but when you’re getting thousands of attempts a day?)
-
Debian development server compromise
Sans also brings this story about the Debian development server being compromised. Investigation is ongoing. The machine was gluck.debian.org and hosted CVS among other things (ddtp, lintian, people, popcon, planet, ports, release). It has been taken offline currently for a reinstall, other systems have been locked down until they can patch the vulnerability that they suspect was exploited. More details will be announced.
-
Anonymized Botnet?
Sans has a story on botnet traffic spotted coming from the TOR network. Now, I had to refresh my memory on what TOR is, but it’s an anonymizing network, essentially a computer running TOR, would collect a list of TOR client machines on the internet and then connections to other pcs are routed through encrypted connections through several different pcs, which masks the origination of the data request. Of course, this doesn’t mean that botnets are actively making use of TOR, it could just be an inadvertant…. “route all my traffic through TOR” computer got a bug….
-
VMWare server 1.0 final release
I’ve been keeping an install of Vmware virtual Server through their beta and Release Candidate phase and have seen several places that they’ve released the 1.0 version today. This release is free (as in no charge.) Although support is available….
-
Adobe Acrobat reader update
On the heels of yesterdays massive update day from Microsoft, Adobe has released an update for the free Adobe Reader. The Adobe reader is one of those ALMOST essential applications that MOST everyone has installed. So, this will be of particular interest to MOST computer users. A SERIOUS security flaw (They’re tagging it CRITICAL) could be exploited with a specially crafted PDF file in version 6.0.4 (or earlier – back to 6) of the Reader for Mac or Windows.
Version 6.0.5 has been released to address this. It should be noted that the current newest version available is 7.0.8….
-
Google Maps upgrade
I’ve seen a couple places referring to some improvements in the way google maps handles zooming and so I decided to take a look in Firefox. The zoom handling of Google maps is the one thing that I’ve wished for an improvement in for some time. After noticing MSN’s virtual earth had the capability of scroll wheel zooming, I really wanted it in Google Maps.
-
Converting MPG video to dv files
I don’t know much about the dv format, except that it is a standard format that many camcorders use. For this reason, many video editors (such as kino for linux) prefer to see files coming in dv format. The problem I ran into is that the new handycam dvd puts images in .VOB files (which are really MPG). So, I found this handy script… that runs on Mac or Linux and is called mpeg2dv. It does the trick and is public domain. The only requirement I can see is ffmpeg.
-
Sony Handycam DCR-DVD405
Well, the Sony Handycam DCR-DVD405 that I ordered from Amazon has arrived today (ordered the 5th of July, arrived the 11th with the “slow boat” free shipping option.) I’ve had it long enough to charge batteries, set time and do a few still pictures and a few short video clips. So, these will be my initial impressions, and I’ll likely follow up later with further thoughts/experience/etc. This was certainly not a small purchase for us and I spent quite a bit of time narrowing down choices. I really wanted a dvd based recorder. The idea of having it already in a format that we could archive was a real plus there. Yes, I might pull it onto the computer for editing, but life will be much simpler if I don’t HAVE to….