This is one worth checking out anybody using vnc for remote administration. It looks as though intelliadmin has come across a vulnerability in Real VNC 4 (the slashdot post I saw suggested “any machine running VNC 4.1”) I haven’t tested yet, so I don’t know if this ONLY affects REALVNC’s implementation or is broader. They have a proof of concept page which attempts to connect to the ip of the browser at the vnc port and display a screenshot. The site is getting slashdotted at the moment, so revisit this page and link until you get a chance to test out your VNC serving machines.
Blog
-
Federal requirement to disclose database security breaches?
Fines and prison time are among the penalties envisioned under a proposed house bill. The requirement would be that businesses with database holding information on more than 10,000 people (or federal employees) would have to inform either the Secret Service or the FBI of a data security breach. (The maximum sentence would be five years.) Now, on my first read of this, I thought, well sure – any company should disclose the possible loss, theft, or breach of a database holding customer data. I still think that… but I don’t know that the focus of penalty is on the right shoulders.
-
Interesting spyware push download tactic…
Incidents.org has another interesting post about a spyware site. One of the handlers ran across it while doing a search for an educational institution. (They’ve used a wildcard in the dns record so that they can get traffic to {fillinkeyword}.nastydomain.com) Anyway… the main page tries to install WinAntiSpyware2006FreeInstall.cab from WinSoftware Corporation, Inc. It gives the little ActiveX control popdown bar and insists that it must be installed to view the page properly. But that’s not the most interesting part…
-
Apple Quicktime and OS X updates to patch multiple security vulnerabilities
Apple has released Quicktime v. 7.1 for both Windows and OS X to address about 12 vulnerabilities. It looks as though all of the vulnerabilities were related to either a specially crafted images or movies (a variety of formats…) Upgrade or use another viewer…
-
Google Adwords traffic estimator
For a long time, the only way to play around with Google advertising possibilities was to join Adwords and then you could choose different keywords, see search volume information, estimate the ad position, clicks per day, etc…. I’ve been tempted many times to look into Adwords (which is the flip side of AdSense…) Many times. In fact, I still may, but today the Inside Adwords blog has announced the standalone traffic estimator that can be used without logging into your adwords account.
-
Another problem with one of the Microsoft Patches…
Last month, April, the Microsoft patch cycle had one problem patch that broke certain explorer extensions (most notable some HP software…) This time around it looks like the Flash patch that they distributed has given a few people fits. For starters, yes it’s odd for Microsoft to distribute a patch for a 3rd party product.
-
Google press day announcements…
It looks as though Google has made a bit of a splash with four product announcements today. Nothing being EXACTLY as forecast it is a bit interesting…. First there is Google Coop where it looks as though people in specific fields can help suggest, review and refine results (like a directory), then users subscribe to an individual who has labelled sites. This is the area that Google Health falls under and there are a couple areas that are “Under development”. This gives some interesting possibilities for refining searches in certain areas.
-
Vista UAP (User Account Protection) – too much?
First let me tell you I have not seen first hand Microsoft’s Vista UAP (User Account Protection) I cannot then claim firsthand experience with it, the following is and will be based on what I have read plus how it relates and compares to linux and “run as” functionality. George Ou thinks that UAP is getting a “bum rap” from people, some of whom want it both ways, tighter file access security, but this is annoying… Another ZDNet columnist has done a more detailed look at UAP. One of the articles cited by George Ou is this post from Paul Thurrott which is highly critical of UAP
-
Google Press Day
It seems that today is Google Press day and speculation is rampant as to what will be unvelied. Google Health/ Google Purchases are among the leading speculations. In fact, Google Health has been a standing rumor as has the Google Purchases, but there are some signs that a launch might be nearing.