Showing posts from September, 2006

[M$] Still more details on drive-by Internet Exploder

Microsoft has issued a bulletin, describing how you can manually disable system functions to protect against picking up viruses just by visiting a web site while using Internet Explorer.

A fix, rumored to be labeled KB925486 (which is not yet an active link), is said to be in the works. Until then, either perform the complicated steps outlined in the M$ bulletin, or use the safer Firefox web browser, instead of Internet Explorer.

MacBook hackability: Hacked in Sixty Seconds?

Yes, Mac notebooks can be hacked, and here's a discussion, starting with a Washington Post article.

However, this is a hack of hardware, not of an operating system, and the same vulnerability exists with all PC-capable operating systems. In addition to having hackable hardware,
1) you have to tell the Mac you will accept any connection from any wireless network,

2) the hacker has to be within the range of your wireless network card, and

3) you have to be running as the administrator of your Mac and not just a user.
Whatever you use, OS X, Windows or Linux, make sure to update your operating system frequently to cover security holes.

[M$] More details on the Internet Exploder drive-by security hole

Here, Sunbelt Software shows how a fully patched Internet Explorer shows picks up viruses just by visiting a website.

This is a follow-through to yesterday's warning.

It's 15 days until Microsoft is scheduled to fix this.

[M$] Drive-By Viruses, Internet Exploder and a fix

ZERT, the very unofficial Zero Day Emergency Response Team, now offers an unofficial patch targeted at Internet Explorer browser users who otherwise could get viruses just by visiting a web page. Of course, the free, faster and otherwise superior Firefox is immune to getting viruses this way {/hint}.

ZERT was formed after the December 2005 WMF (Windows Metafile) attacks and is not Microsoft-endorsed. However, as Microsoft becomes more agressive in sunbsetting popular operating systems like Windows 2000 and 98, more and more IT gurus will comoe out of the woodwork to become the J. C. Whitney catalog of software longevity and keep these old classics alive, as well as offering response quicker that 'wait 'til the second Tuesday of the month' Patch Tuesday approach Microsoft has extended to Windows users."Something has to be done about Microsoft's patching cycle. In some ways, it works. But, in other ways, it fails us," says Joe Stewart, a senior security research…

Hail Eris!

The dwarf planet formerly known as Xena received a new name today, while Pluto was given a number to reflect the loss of its status as a planet, as explained in this NY Times article.
“It is absolutely the perfect name,” Dr. Brown said, given the continuing discord among astronomers and the public over whether Pluto should have retained its planetary status. In mythology, Eris ignited discord that led to the Trojan War.

“She causes strife by causing arguments among men, by making them think their opinions are right and everyone else’s is wrong,” Dr. Brown said. “It really is just perfect.”

Sony Rootkit Not Dead Yet

Reports indicate the 'rootkit' Sony's music CDs installed if you played their music CDs on your PCs is still causing trouble.

The glitch may cause a computer's CD-ROM drive to be disabled, according to the Texas attorney general's office, which said Wednesday that the problem was discovered by officials who have been testing the XCP copy-protection technology as part of the state's lawsuit against Sony BMG.

State investigators found that if a CD with XCP technology is loaded on a computer running AOL's ``Safety and Security Center'' software, the program's antispyware feature will attempt to delete the XCP components, but often while also disabling the CD-ROM's configuration in the PC's operating system. The same glitch surfaced on computers running CA Inc.'s PestPatrol separately from AOL, the state said.

[Mobile] Cellular measurement

Popular Science has a list of procedures for various popular cellphones which enables accurate signal strength results on the phone display. Kewl.

[Amateur Radio] Where to take the test

With the removal of the requirement for Morse Code for the first (and very useful Technician license, amateur radio is easier than ever before to join.

Oregon has many, many Volunteer Examiners who will administer the FCC-required tests to get an amateur radio license, and here's a statewide list, with dates, times and locations(also for Metro Portland only). The federally-mandated fee is $14, a much more reasonable cost than back when I also had to drive two hours to The Big City to take the exam in an FCC Office.

If you'd like to sit in a class to study, here's an October session forming nearby. The Hoodview club for Gresham and East County also has courses; click here for details.

You can study on-line with the Amateur Radio Relay League course which includes on-line support, or order the study guides if you prefer self-study. There's even a free study guide for Palm PDAs, or you can download plain text or PDF files of the question pool for your exam. MAKE SURE Y…

Word 2000 + Windows 2000 = Extremely Critical Flaw

An "extremely critical flaw" in Microsoft Word 2000 is currently being exploited by malicious attackers, which could lead to remote execution of code on a user's system, security researcher Secunia advised yesterday in a C|NET story appearing today. The vulnerability affects systems running Windows 2000 and occurs when processing malicious Word 2000 documents, according to Secunia's security advisory.

Symantec detected the Trojan MDropper.Q exploit several days ago. It uses a two-step attack. Trojan MDropper.Q exploits the Microsoft Word vulnerability to drop another file, a new variant of Backdoor.Femo, according to a security advisory by Symantec.

Will this incident increase the rate of migrations to the free and functionally compatible OpenOffice? And, how will this latest hole in Microsoft security affect Microsoft Office, their long-time cash cow?