Sorry for the vague title, but there are various thoughts floating around at the moment. The first is a big thanks to the support at Westhost for recovering my VPS over the last weekend. I had started an automatic upgrade of wordpress in one of the sites hosted in this vps, it hung… so I […]
Not really, news, but I was reminded again this evening that mail is not available at the command line in recent default installs of Ubuntu (or kubuntu /xubuntu). If you’re like me and make use of this for scripting notifications…. you’ll need to sudo apt-get install mailx (and a MTA like postfix.) Mailx requires postfix/sendmail/qmail […]
In the last week there was a well documented writeup of a cross site scripting vulnerability which had allowed a phisher to pose as a paypal login with THE LEGIT PAYPAL SSL CERTIFICATE…. Brian Krebs at the Security Fix has some details on some of the new and interesting ways phishers are trying to exploit […]
I ran into an install of Quickboos Pro 2005 that was having a peculiar problem. When any company file was opened I was seeing an Internet Explorer Script Error message (quickbooks uses Internet Explorer to parse the company page ( Usually C:\Program Files\Intuit\Quickbooks\Components\Pages\Comppage.qpg ) The error basically said “An error has occurred in the script […]
There is ANOTHER IE vulnerability that’s come across the news in the last week. It seems that this is currently only a Proof of Concept, I’ll have to check and see if anyone’s reported seeing this in the wild…, but essentially a race condition between a Macromedia flash file and web content can allow a […]
While we wait for Microsoft to release a patch for the MOST recent Internet Explorer vulnerability….. it looks as though MS is “planning” to release a patch on their routine patch day of April 11th. (However they could always change their mind…) As before though there are some 3rd party patches. I’ve got to say […]
If you use Internet Explorer to browse the web, I’d suggest finding the instructions to disable active scripting, or drop it and use something else in light of the recent exploit floating around. It seems that in spite of Microsoft’s infinite wisdom that “Microsoft has determined that an attacker who exploits this vulnerability would have […]
I should mention a fairly big Windows vulnerability (which involves active scripting). Apparently there are proof-of-concept exploits circulating that do innocent things like open up the calculator. Unfortunately, once exploits are out that can do this, it’s trivial for them to do worse. The bottom line is, be careful what sites you visit, beware of […]
Linux systems give you many possibilities and one of them is good scheduling (cron), another is good scripting capabilities. I’ve done things with linux fairly easily that with Windows would have been next to impossible and required me to download several other things to make it happen. Anyway, I recently saw mention of a linux, […]
PHP which is a widely used scripting language for webpages has been found to have a serious vulnerability. The Inquirer is reporting on the announcement at hardened-php.net that the vulnerabilities are in the XML-RPC for PHP and PEAR XML-RPC libraries. This is apparently an eval() vulnerability similar to one earlier in the year. Send […]
Bookmark this site now by pressing Ctrl+D
