Ed Leafe and Paul McNett tooks the covers off of Dabo 0.1, a project
they’ve been working on for some time: an n-tier, cross-platform,
data-aware application development framework written in Python. I’ve
been toying with the framework for some time, and I think this could be
a great framework for deploying apps on Windows, Mac and Linux. See
more details at http://dabodev.com/
Archive | May 11, 2004
Microsoft Security Bulletin MS04-015: Vulnerability in Help and Support Center Could Allow Remote Code Execution
Just had the little Microsoft Update critter in the tray pop up to tell
me that there was a new update. The text was incredibly generic:
A security issue has been identified that could allow
an attacker to compromise a computer running Windows and gain complete
control over it. You can help protect your computer by installing this
update from Microsoft. After you install this item, you may have to
restart your computer.
Well, we certainly wouldn’t
want that, now would we? With caution from the Sasser worm patch that
rendered machines unbootable, I thought I’d investigate a bit more. A
visit to the Microsoft KnowledgeBase did not show the article mentioned – 840374. A visit to the Microsoft Security site didn’t show anything about this article, either, but the Microsoft Technet Security site
does – a link on the right to “MS04-015: Vulnerability in Help and
Support Center Could Allow Remote Code Execution (840374),” which leads
to the wrong article – MS04-014 instead of -015. Changing the address
in the address bar leads, finally, to the correct article: “MS04-015: Vulnerability in Help and Support Center Could Allow Remote Code Execution (840374)“
This vulnerability affects WinXP and 2003 only. While Microsoft only rates this update as “Important” they do indicate
that a malicious web site using the flaw in Microsoft’s HCP protocol
means that “An attacker could take any action on the system, including
installing programs, viewing data, changing data, deleting data, or
creating new accounts that have full privileges.” I wonder what they
save the “Critical” rating for! Mitigating factors are many, and
suggested ways to minimize the dangers include not using Outlook, or
using Outlook in text-only mode, and unregistering the HCP protocol,
which might break local help links as well. Details are in the article
linked above.
It’s the 20th week of 2004, and this is Microsoft’s 15th security bulletin.
Nicholas Carr: IT still doesn’t matter
Nicholas G. Carr, author of the controversion Harvard Business Review
article “IT Doesn’t Matter” last year, follows up in Wired magazine
with some intriguing examples: Intel’s Centrino, Sun’s OpenOffice.org
and Microsoft’s IE.
Nicholas Carr:
“In public, industry CEOs may continue to exercise their Peter Pan
complexes, pretending that the IT business will never grow up. But
behind the scenes they’re dismantling Neverland piece by piece.” [Scripting News]
Microsoft drops wireless products
Microsoft drops its Wi-Fi offerings.
Microsoft Corp. has decided to stop producing wireless networking
products and will discontinue its range of gear using the 802.11b
wireless networking standard, also known by the Wi-Fi marketing name,
the company announced Tuesday. [InfoWorld: Top News]