This has been a slow posting week. Much slower than I had hoped across all the sites. The main reason is a stomach bug of sorts (flu?) Anyway, I managed to get a little work done yesterday and felt clobbered again today. I don’t know how much I’ll be posting before next Tuesday. There is a project I’m getting ready to launch in relation to this site which hopefully will be fleshed out by next week. I’ve already got two essential pieces in place and just need to revise it a bit. Of course, there are lots of news stories going on above and beyond what I had plans of doing this week and there are only a few that I feel like I MUST give an update on here…
Blog
-
Mozilla Firefox 1.0x series end of life….
The Mozilla Firefox 1.0.x series will no longer be supported with security updates. IF you use Firefox as your web browser, make sure you’re using the current version in the 1.5 series (currently 1.5.0.3). You can find what your current version is by going to Help, “About Mozilla Firefox”. The 1.5 series automatically downloads and installs updates and periodically checks for updates for the installed extensions.
-
Google Site: search issues
This is interesting…. there’s been a lot of frustration among some (myself included) with the current state of Googles site indexing. For a good while I’ve been able to consistently find ANY post on my site using google if I quote a certain amount of text that I know is on the page. Currently, such quoted text searches for pages that show up as “supplemental” in a site:averyjparker.com search… turn up nothing. In theory, the supplemental results SHOULD turn up when there are no others. (If I understand correctly…) I’ve been able to duplicate this with other site’s supplemental results as well, so it doesn’t JUST affect this site. Well, there’s an update at the official sitemaps blog that tells of some interesting issues with the site: search operator. It sounds like there might be a connection….
-
Computer security day….
A few days ago – while musing about the botnet take-down of Blue Security – I said something along the lines of “Make sure your pc’s are clean from “bugs†and help your friends do likewise. Spread the word, we need a “worldwide clean your computer with antivirus and antispyware day†or something like it. (Kind of like the installfests, Linux User groups have only an uninstallfest.)” Anyway, it looks as though Switzerland does something like this… According to incidents.org it’s called Swiss Security day.
-
Zero-day ( 0-day) Microsoft Word exploit
There was some news on this last night at Incidents.org, today F-secure has some details as well on the trojan that’s dropped in this circulating, exploit. It seems as though the initial attack was very targetted against a specific organization. Antivirus packages did not recognize the trojan that the exploit file dropped as of yesterday, although it’s looking like f-secure now has detection and I would suspect other AV vendors.
Essentially, one organization reported in to incidents that they were receiving emails with MS Word attachments. One user noticed that a domain name in the email wasn’t exactly correct…
-
Trackback spam and countermeasures like Akismet and trackback validation
As I’ve already commented today…. there has been a massive trackback spam swarm going on the last 24 hours. I’ve now racked up 1300 or so in the Akismet filter on this site and another 150 or so on another two sites. Akismet has been very impressive in defending this attack. Only 1% of the trackbacks slipped through, or about 14 or so across three sites. I’ve looked to see what other measures I can take against trackback spam and found one that looks like it should eliminate the 1% that got through.
-
Microsoft Vista hardware requirements…
Microsoft has started releasing details of the hardware requirements for the upcoming release of Vista. It appears there are two categories of requirements. One is a bare minimum for vista, the other is a minimum for Vista Premium. They’re calling the specs Vista Capable and Premium Ready…
-
I’ve NEVER liked UPNP…. now I have another reason….
I remember the first Windows XP vulnerability was a Upnp vulnerability. I have made one of my first visits on any new XP system a visit to grc.com to disable it on an XP workstation. But, it’s the great thing – makes life so much easier for setting up network devices. “You just don’t like it cause it puts you out of business….” It looks like Upnp is a really “malicious hacker friendly” kind of thing, especially when it’s installed and running on a gateway router… let’s say you have a hardware firewall with Upnp. Normally, you plug in an IP camera and maybe the IP camera uses Upnp to open a port so it’s accessible from the outside world. Nice, simple right? Well… what if you download a “browsing experience enhancement toolbar” that opens up another port on the firewall so you can act as a mail relay?
-
RealVNC 4.1.1 and prior exploits on the loose
As reported over the last several days, there is a critical problem with RealVNC 4.1.1, there is NOW an exploit in the wild for RealVNC 4.1.1, that SANS is looking for more information on. There are updates from RealVNC for all affected product lines. Other VNC implementations have not been reported to be affected. Only (as far as I know), RealVNC 4.1.1 on Windows (prior versions may be, but the initial report didn’t indicate 4.1.0 to be vulnerable.) Don’t take the last sentence to give an excuse NOT to check, check if you have updates for your vnc product.
-
Another trackback spam storm overnight….
All of the the swarms of trackback spam seemed to last an hour give or take a few minutes, so it does look kind of like “rent-a-bot” activity, lots of different IP addresses, trackback spam sites seem to have a common theme – the last batch was insurance type sites…. a sampling of about three or four found that they were all cloaked redirects for the same site/page …. http://www.finance-portal-online.com/insurance.php ALL are registered with moniker.com and all the insurance related domains being spammed (that I checked) redirect to the finance-portal-online.com site above which is registered to a “Bill Bilton” whose email is given as bill at top-support.net ….