This morning, I’m noticing some of the machines I monitor having big DNS problems. It seems to be Bellsouth.net’s dns servers gone sideways – none seem to respond. On one network in particular we’re having trouble getting a secondary (outside network) dns server to respond. From outside the bellsouth network things seem fine though. As usual dslreports is a good place to check if others are having the same issue. It appears as though this issue is affecting ALL of bellsouth’s network and has been since at the latest 11:30PM last night (the 16th of October.)
Blog
-
Exploit Thursday – this months winner – Powerpoint
The SecurityFix reminds us of what usually comes close behind Patch Tuesday…. exploit Wednesday or Thursday and this month, the exploits seemed to start coming out Thursday. There’s a new Powerpoint exploit starting to make the rounds right on the heels of Patch day. The main goal is likely to get the most mileage out of the exploit before the NEXT patch Tuesday. Microsoft is reported to be investigating the reports of this vulnerability.
-
The problems with cache servers
Networkworld brings us this report that exploit code removed from websites can live on for quite a while in caching servers. Which, in a way is NOT news, but it’s worth remembering. Many times when someone visits a website, their really visiting a caching proxy server that has previously grabbed a copy of data from the original website. Many networks use cache servers to improve network performance. (i.e…. we have 20 people an hour hitting cnn.com why shouldn’t we just be able to download the page once?)
-
What wasn’t patched Tuesday…
Sunbelt reminds us that the daxctle.ocx exploit was NOT among those patched Tuesday by Microsoft. They remind us of the following workaround…
Mitigation: The DirectAnimation Path control can be disabled by setting the kill bit for the following CLSID: {D7A7D7C3-D47F-11d0-89D3-00A0C90833E6}
More info at Microsoft’s Knowledge Base
-
Google Docs and Spreadsheets
Bye bye Writely – hello Google Docs and Spreadsheets Inside Google has been reporting on the (happening right now) launch of docs.google.com which should be a shared login for both the writely successor and spreadsheets which is now known as Google Docs and Spreadsheets. It appears to support IE 6 and Firefox.
-
Vista kill switch may push people to linux
It’s not really a surprising headline. I think anytime a proprietary vendor tightens the screws a bit to limit piracy they are going to force people to other, competing products. Especially when there’s a significant cost difference involved. If there are three t-shirts for sale, one for $5 with no logo and another for $50 with a brand logo (we’ll say nike) and yet another (pirated) with a nike logo for $10 and everybody thinks the nike logo is cool and in… they’ll buy the $10 “pirated” shirt unless they know that it’s pirated and are morally compelled to spend the $50. If piracy is cracked down on and you have a choice between the $50 logo shirt and the $5 no logo shirt….. hmmm I’d rather have $45 extra dollars than a swoosh on my shirt.
-
Updating Windows XP SP2 serial number
Intelliadmin published this earlier today… with all the problems some people have had with the Genuine advantage notification that their copy of Windows may not be legitimate (many reasons for this…) it may be necessary to buy a new copy of Windows and it would be a nuisance to have to reinstall. So, there is a way to just update the serial number to the new copy. The download from Microsoft can be found here and checks the main system files (for patching/changes to circumvent WGA) and then asks for the new Product Key. Reboot and it should have updated the serial number and maybe WGA will let you do updates.
-
Preventing the automatic update to Internet Explorer 7
Internet Explorer 7 is set to be released this month (October 2006) and it will likely be an automatic update for Windows users either November or December of this year. (I’m thinking November.) Now, it’s been a long time in the making, at one point Microsoft said there wouldn’t be another version past 6 of IE, but… it’s finally coming and some people will not want it installed automatically until they’ve had more time to investigate it and test with their critical uses.
-
Microsoft October 2006 patch Tuesday
The first thing I should mention is that this months update from Microsoft is the last for XP SP1 users should plan a migration path to SP2 to keep getting updates to XP. Multiple vulnerabilities this month have been patched in Office There are 4 advisories, but a total of 15 issues covered by those four. Powerpoint, Excel, Word and Office/Publisher there are a variety of exploits, some public (like the powerpoint) others that were privately reported. Also, Incidents.org gives a nice summary of the advisories and the severity of each (urgency of updating.) The setslice vulnerability is patched in this batch by the way.