Monthly Archives: September 2006

Exploits, exploits and exploits!

Posted on by
Reply

I don't intend this blog to be a security blog; that's a full time job better served by others. However, you ought to be alert to what's going on out there:

MS “re-released” MS06-049 as version 2.0 (new and improved!) to patch NTFS file compression on Windows 2000 SP4.

The Internet Storm Center is reporting yet another Internet Explorer exploit, taking advantage of a bug in an ActiveX control.

The ISC is also pointing to reports of an exploit packaged in a PowerPoint file. I may have mentioned it before: Do not open attachments from untrusted sources and… there are no trusted sources. I wouldn't advise anyone to open a PowerPoint until they are sure their anti-virus scanners have been updated and clear the file. Better yet, open it in OpenOffice.org. Better yet… imagine a day with no PowerPoint. Wow.

Microsoft issues patch for Zero-Day VML exploit on Day Eight

Posted on by
Reply

Slashdot is noting that Microsoft Patches VML Vulnerability. “Microsoft has quietly released an official patch for the zero-day VML vulnerability. The patch was publicly available yesterday, But Microsoft has just added it to the Security Bulletin Index.” Eight days from time of first report to patch is pretty fast for Microsoft, and is almost two weeks ahead of their normal patch schedule. This security flaw was being aggressively exploited out in the wild.”

For Microsoft to break their usual once-a-month patch cycle is pretty unusual, so I'd consider this patch sooner rather than later. Get patching!

InfoWorld Off the Record: We need it in Windows!

Posted on by
Reply

InfoWorld's Off the Record column continues to supply great tales of the software world's mis-steps, like this one:

“Ten years ago, I was the IT manager at a successful software company whose main product was aimed at large insurance companies. It was a DOS app that read records from large data files, did a little processing, and passed the results to other apps downstream. It wasn't particularly pretty, but it was accurate — and it was fast! It worked in batch mode, processing thousands of records per minute, which was a critical feature, considering how many records our clients needed to manage each day.”

“We were doing well with this app, which was pretty much the industry leader. So in a classic it-ain't-broke-so-let's-fix-it-anyway move, some of our managers and salespeople began complaining that it wasn't written for Windows.”

Betcha can't guess what comes next. Read the whole story here.

Posted on by
Reply

InfoWorld's Off the Record column continues to supply great tales of the software world's mis-steps, like this one:

“Ten years ago, I was the IT manager at a successful software company whose main product was aimed at large insurance companies. It was a DOS app that read records from large data files, did a little processing, and passed the results to other apps downstream. It wasn't particularly pretty, but it was accurate — and it was fast! It worked in batch mode, processing thousands of records per minute, which was a critical feature, considering how many records our clients needed to manage each day.”

“We were doing well with this app, which was pretty much the industry leader. So in a classic it-ain't-broke-so-let's-fix-it-anyway move, some of our managers and salespeople began complaining that it wasn't written for Windows.”

Betcha can't guess what comes next. Read the whole story here.