August’s advance bulletin of Microsoft updates is already up. Tuesday of course is the monthly Microsoft patch day. It appears as though there will be 12 updates this time around. As usual, it could be that individual updates fix multiple problems. 10 updates will affect Windows at least 1 critical, will require a restart. 2 updates will affect Office, at least 1 critical, MAY require a restart. Also the malicious software removal tool will see an update.
Blog
-
Google Toolbar evil?
Boy, that would bring in comments…. Googling Google highlighted some behaviour of the Google toolbar that seems a bit fishy. It appears that it blocks attempts to modify the default search provider in Internet Explorer. This was first reported over at Google blogoscoped and appears to be a bug (after the toolbar process is closed it fails to close completely.) Google says they’re working on a fix.
-
List of Vendors for Linux preinstalled PC’s
The forums over at LXer.com have a good list underway of vendors that sell linux preinstalled on PC’s (desktops and laptops.) They also list those vendors that sell pcs without an operating system.
-
Running windows applications directly in linux
Linux.com has a good explanation of using binfmt_misc to directly launch a windows (or java or python) application just by typing in the application name. *(without all the contortions of … /home/user/bin/wine /home/user/.wine/c_drive/Program\ Files/Really\ Neat\ Software/Program.exe ) You do have to make the app executable under linux (chmod 755) and you can take it as far as symlinking from a directory in your path (/home/user/bin???) or the system path (/usr/bin).
-
Possible Windows Scheduler local privilige escalation
Sans has a writeup on Windows local privilige escalation using the Windows scheduler and among other things it might be worth starting out by saying that typically, only Administrative group users in Windows XP are allowed to access the Windows Scheduler. However, I have read reference of some installs that even give guests that capability. If that’s a default setting under some install profile – this is a big problem, if it’s just because the administrator chose to make the scheduler accessible to everyone it’s LESS of a problem, but still worth KNOWING about.
-
Wiping cd-r/rw and dvdr/rw media
It looks like those shredders that take on optical media nor the physical scraping of the reflective surface is enough for some…. Plextor will be marketing a drive designed to wipe optical media (cd-r/rw dvd+-r/rw single or dual layer.) It essentially fries the colored dye on the disc and it seems that it would be very difficult to reconstruct anything from the results.
-
Phantastic site for Phishing research….
By way of Sunbelt blog… The Phishtank at Internet Defence has a realtime archive of phishing emails as well as real time information on the status of their host sites. On their phishing site monitor it says…
-
Firefox 1.5.0.6 is out
That was a quick turn around…. It appears as though some of the multimedia streaming issues were severe enough to require a quick turnaround for Mozilla Firefox 1.5.0.6 Sans had the initial heads up…. But it looks as though it’s now officially out (and labeled as a stability update.) Download page.
-
Wireless Driver Vulnerabilities
There are a couple notes to pass along with regards to some pretty serious vulnerabilities in various wireless network adapter drivers. First, Sans has information on some Intel Centrino updates that resolve some vulnerabilities that would affect the Windows Centrino driver and the ProSet management software. F-secure chimes in on this noting that the download is a whopping 129MB.
-
Frustrated with Mandriva Club mirror finder
It seems like I go through this every time I have to search for an SRPM to rebuild… search at rpms.mandrivaclub.com then prompted to login – login… oops wrong password. Login again stranded at main club page….. ok – downloads…. mirror finder. First – there’s no way in the mirror finder to search for SRPMS (you can search for architecture builds). There is a search for cooker, but EVERY time I do it I find mirrors that cannot be found. For my own reference ftp://mandrake.redbox.cz/Mandrivalinux/devel/cooker/SRPMS/main/release/ currently works. (Although given the name change from Mandrake to Mandriva I wonder if/when that will change.) It’s about the 4th or 5th mirror I tried after several “cannot change directory” errors, then looking at the mirror to decide if it really IS there and is just renamed to Mandriva…. They really need to look at updating their mirror list.