Archive | April 4, 2005

Exploits in IE and Outlook

No news here, move along… eEye Security apparently wasn’t getting its name in the papers enough, so they blabbed to the media that they had discovered yet another exploit in Outlook and Internet Explorer (including exploits that work in Windows XP SP2) and had reported them to Microsoft on March 16th and 29th. InfoWorld and eWeek picked up the story, echoed on sites like OSNews and, well, here 🙂

Since the exploit is in all recent versions of Windows, and most users run as an administrator (or have no choice, on Win9x), an exploit such as this means a malformed web page or email message could take over your machine, letting evildoers steal everything on your hard drive. eEye officials express concern over a “Zero Day Exploit,” a malicious attack before the exploit is patched. If only a small percentage of the estimated 500 million vulnerable Windows machines are exploited, we can anticipate serious disruption and millions in cleanup costs, as we have seen from previous Windows exploits.

What can you do?

First, stop running as administrator – create a power user account and log on as that user. That may not prevent your machine from being compromised, but it can limit the damage done.

Second, stop using the affected software. Enterprise users of Exchange-Outlook may find some trouble finding a replacement for all of the “integrated” features, but when the alternative is continuing, never-ending security exploits, well, compromise is called for. Responsible IT departments are already evaluating workgroup software from other vendors or those packages available under a free license. Make sure yours is.

If you don’t have enterprise Outlook dependencies, consider Thunderbird as an email client replacement.

Replacing Internet Explorer is both more difficult and easier. Get FireFox. It’s just better. Got applications that won’t run without IE? Get rid of them – keeping Typhoid Mary around because it’s so hard to find a good cook just doesn’t make a lot of sense. Cut your losses. You can’t remove Internet Explorer from your computer – Microsoft claims it is an integral part of the operating system, but you can remove its associations and use as the default applications – a quick Google search yields 800,000-plus hits for “disable internet explorer” pointing to sites like About.com. As part of its anti-trust settlement, Microsoft was required to make a utility available to switch default email and internet clients – In Windows XP, check under Control Panel, Set Program Access and Defaults.

MySQL ODBC is doing much better now

I had problems on my systems in January with the MySQL MyODBC driver version 3.51.10, and I ended up rolling back to version 3.51.09, as I posted to the Fox Wiki here, the Leafe.com ProFox forums here and the MySQL Forums here. Remarkably, I didn’t blog it also, but I was busy.

The good news is that the new driver, version 3.51.11-1, seems to fix the problem. Rolling back to the old driver also required additional work to use a weaker password technique, so this is a welcome fix!

Paul McNett: Ubuntu makes a sweet server

On Paul McNett’s Weblog, Paul blogs:

Twenty minutes later and I’m logged in to my new install – no GUI as this is a pure server box… and 10 minutes later my system is completely up to date… and about an hour later I have myself the beginnings of a killer server. And I still haven’t had to compile a single thing. This is really sweet, the best experience I’ve had yet getting a server up and running.

Read more at Ubuntu Server Success!

CentraLUG Monthly Meeting Announcement

The Central New Hampshire Linux User Group (CentraLUG) holds free meetings that educate computer hobbyists and professionals alike about Linux, Open Source Software and Linux-related technologies. The monthly meeting will be held on April 4th at the New Hampshire Technical Institute Library in Concord, room 146 from 7 pm to 9 pm. Meetings are open to the public. Details and directions at http://www.centralug.org.

This month, Bill Sconce will debrief his trip to Washington DC and report on Python Conference happenings and prognostications: new projects, show-and-tell, an outlook for Python 3.0, one difference between Python and Perl and more! Ed Lawson will present Scribus, an Open Source desktop publishing system. An open question and answer session will be held — bring your Linux questions!

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.