If you use Internet Explorer to browse the web, I’d suggest finding the instructions to disable active scripting, or drop it and use something else in light of the recent exploit floating around. It seems that in spite of Microsoft’s infinite wisdom that “Microsoft has determined that an attacker who exploits this vulnerability would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker’s Web site”…. the reality is that legitimate sites have been hacked and the malicious code has been added. (Over 200 legit sites…)
Category: Computers
-
Strange Desktop issue resolved….
Well, it’s annoying to me when my own computer has issues that I can’t seem to track down and off and on for the last year I’ve had annoying seemingly random shut downs (I mean it’s as if someone pulled the power plug). It was an AMD XP 1800 system. The first I noticed the problem, I was trying to transcode video. A few minutes into the process – bang power off and it would be followed by a painfull 30 seconds of the system trying to post, shutting down, restarting, off, start, off, start with the floppy drive getting a seek every second or two as it seemed to try to muster the power to boot. For this reason, my first suspect was the power supply, 4 drives, hefty processor, hefty video card, (sound card, network, tv card, etc.etc.etc) maybe my generic 300 watt wasn’t steady enough?
-
Rumors and more on Vista
It’s interesting to see the rumor mill around Vista – I saw articles this morning claiming that 60% of the Vista code would have to be rewritten and the Xbox team was pulled to work on Vista – from what I can see both of those are not true. I suspect people are looking to explain why the release has slipped into the next year. I do find it interesting that there were such ambitious plans for Vista which have gradually evaporated and pushed to a future release and the pruned back plans just aren’t within reach in a short amount of time. However, in some ways software development is about making big plans reality, sometimes it just turns out to be bigger than you thought.
-
Another critical IE flaw
I should mention a fairly big Windows vulnerability (which involves active scripting). Apparently there are proof-of-concept exploits circulating that do innocent things like open up the calculator. Unfortunately, once exploits are out that can do this, it’s trivial for them to do worse. The bottom line is, be careful what sites you visit, beware of “driveby downloads” using this tactic consider alternative browsers until you’re patched. (Although in reality, with IE’s integration in Windows, it’s hard to be completely safe this way with other apps using IE to view html objects….)
-
March Microsoft Updates – etc.
I can’t believe it’s been so long without a post – last post was the last MS update cycle. I’ve been trying to avoid spending almost every waking hour at a computer for a while. Anyway, advance notice for the March Microsoft updates came out and it appears as though the only critical update is expected for Office, with an “important” update for Windows. The Office update may require a reboot, the Windows update is not expected to require a reboot.
Hopefully this will make for an un-eventful patch cycle.
-
Microsoft February Patch day advance notice
Microsoft has given advance notice that next Tuesday they will be releasing 7 updates for Windows, as many as 5 of these will be tagged as critical. The Security Fix has a bit on the advance notice as does Sans. Looks like one of the critical updates will be for Media Player, 4 for Windows itself and 2 updates for Microsoft Office. A reboot will be required for some of the updates.
-
What a week….
I think it’s time to pass along a long story of what’s gone on over the last week or so here and some of the reasons there hasn’t been anything posted. Generally, I would say that work has been busy, but something happened last week that went a bit beyond the day to day and there might be some items worth considering. The short story is my internet access was suspended and I’ve been only connected to the internet for 30 minutes or so at a time to retrieve mail and spent dozens of hours reviewing system logs…. but the long story is needed to sort out what has happened. I’m not going to break this up into multiple posts, but I may pull out some details for seperate posts at some point.
-
Winamp and Shoutcast vulnerabilities
In the last several days there have been a couple vulnerabilities disclosed that I should cover. The first up is related to Winamp. Version 5.12 is vulnerable to a problem with the way it handles .pls (playlist) files. This could allow very bad things with a specially crafted pls file. There were some workarounds mentioned, however all those workarounds can be subverted. There is a new release available http://www.winamp.com/player/.
-
Linksys BEFW11S4 ver. 4 wireless router locking up (default password and hard reset info too)
Not long ago a customer offered me a slightly used Linksys BEFW11S4 ver. 4 wireless router for free. He had replaced it with an 802.11g router (this is only a b) shortly after purchase and said if I knew anyone that wanted it I could have it. Well, it’s hard for me to let tech pass through my hands without taking a look at it and testing it a bit. So, one of the first things I did was test out how well the wireless signal was received from a basement. (Concrete block walls, dirt, etc. blocking..) I was surprised at how well the signal did through concrete, dirt and a couple hundred feet of air.
-
Network Security – Arp spoofing series
I think I’ve wrapped up the series on arp spoofing and it’s implications for network security. I know there’s nothing earth shattering here, most network security types are well aware of the problems (and perhaps aware of more sophisticated solutions?). For some though, this series is likely an eye opener as there are myths that switches cannot be sniffed, that ONLY wireless data packets can be sniffed, etc. etc.