This should probably go in the Windows tech support category too… but, as I’ve talked about before I’ve spent a good amount of time using different linux livecd’s. I’ve even made a few livecd’s of my own with Mandrake (now mandriva) linux, using the mklivecd scripts. One of the nice things about a livecd is that it’s self contained, portable and relatively secure (any compromise should be able ot be undone by rebooting.) There are linux livecds customized for just about every conceivable use. The ones I did varied from booting to an image slideshow to a full cooker based desktop.
Tag: links
-
Lotus Notes WMF vulnerability
This is really the same zero-day wmf vulnerability, but there is a twist. It’s been found that Lotus Notes v. 6.x and up are vulnerable to the Windows Meta File (WMF) exploit that’s making the rounds. Probably not surprising given that there are reports of many vectors of attack, not JUST the web browser. What makes this one noteworthy is that it is vulnerable EVEN WITH THE regsvr32 WORKAROUND. The only other solution that’s been reported thus far is DEP (Data Execution Protection) with supported DEP hardware.
-
Network Security guide for the home or small business network – Part 17 – The Security Mindset
This may be one of the most important entries in this series. An important defence against those that would try to access your network is to constantly have the “security mindset”. Ask yourself “do I need this, how could it be exploited, what are the implications of this”… When it comes to people asking you to click on a link… “do I trust the person, am I sure it’s from the person that it claims to be… how sure? is it normal behavior for this person to ask me to click on a link?” I guess what it comes down to is developing some healthy critical thinking and skepticism…
-
Microsoft Security advisory on WMF exploit
I’ve read the security advisory and unfortunately Microsoft doesn’t give any real workarounds. (There have been several announced from other sources.) Unfortunately, Microsoft: 1)urges caution in opening email and links from untrusted sources, and 2) wants you to call them if you’ve been affected by this. (1-866-PCSAFETY) and 3) make sure you have all updates (which currently don’t protect against this vulnerability) and a list of other things that don’t mitigate against this threat. Disappointing.
Correction — I just noticed, they do mention the “unregister” workaround, I missed it when I looked at the document I missed that you have to click on “workarounds” after viewing the “suggested actions” section. After all that time working on the virtual machine I’m probably not as sharp as I could be.
-
Fake MS Messenger 8 beta and other IM warnings…
F-Secure is warning about ads for a “leaked version” of Windows Messenger 8 beta. There is no public beta of this and it is a virus….
If you download and run BETA8WEBINSTALL.EXE from that site, you won’t get a new chat client. Instead, your existing MSN Messenger will start to send download links to everyone in your contact list. It also connects your machine to a botnet server.
-
Tracking Santa Claus online
In the spirit of the day before Christmas, I’ve come across a couple links to help you track Santa Claus’ progress around the world. First up the Google Blog points out that you can track Santa with their Google Earth software. They have a link here that will open in Google Earth –UPDATE Christmas 2006–This years link for the Google KML is here. (if installed. Google Earth is a free download and requires hardware video acceleration. The other link is a web browser based tracker… Norad has been doing this for a few years, this years version is at this link. (Flashplayer required.)
-
Takedown phishing sites
Sunbeltblog has a good post on a group that helps “take bad guys out”. The Internet Crime Provention and Control Institute (Link expired). Basically, they will take submissions of complaints and assist in getting sites taken down. A good example would be phishing sites, maybe servers hosting illegal content, stolen information, etc. etc.
Or, perhaps a machine is spewing out viral, nigerian 419 scam or other material. That’s what the ICPCI is there to receive complaints on and coordinate “takedowns”. According to the sunbelt entry (a tip from a reader), they’re pretty effective at the takedowns (even when the site is hosted in places you would think makes it tougher.)
-
Google Music
Beta news is reporting on Google Music. They say it will make it easier to find artists, album titles and lyrics. Not too long ago there was a report that the Recording industry was going to wage a war on lyric sites… Apparently Google will also provide links to music downloads if the music is available from paid download services.
-
Internet Explorer in standalone mode?
Now, it can be useful to run several versions of the same program at the same time (especially if it’s a web browser.) I’ve accomplished this under linux with internet explorer, but didn’t realize there was a way to do so on Windows. Sunbelt blog found a good guide to installing Internet Explorer 7 beta 1 on a system without tampering with their (working) IE 6 install.