Archive | November, 2005

IE exploit still unpatched six months later

Computerworld News: “Attackers targeting unpatched IE bug, Microsoft warns. Microsoft today warned that attackers could exploit a critical unpatched bug in Internet Explorer, first reported in May, and take over a user’s computer.”

“Microsoft Corp. is warning Internet Explorer users to be careful where they browse because attackers are now targeting a critical unpatched bug in the software. If successful, these attackers could possibly use this bug to seize control of a user’s system, the company said.”

“Be careful?” With clever phishing schemes, unicode obfuscation of URIs, DNS poisoning and adware injection, it’s not possible to “be careful.” Just don’t use IE.

Apple Security Update 2005-009, (Wed, Nov 30th)

[SANS Internet Storm Center, InfoCON: green] notes “Published: 2005-11-30,
Last Updated: 2005-11-30 01:45:17 UTC by Bojan Zdrnja (Version: 1) Apple has released a new Security Update, 2005-009. A number of products have been patched, including Apache2, apache_mod_ssl, CoreFoundation, curl, iodbcadmintool, OpenSSL, passwordserver, Safari, sudo and syslog. Security Update 2005-009 may be obtained from the Software Update pane in System Preferences, or from Apple’s Software Downloads web site:”

Get patching!

DLSLUG: Bill Stearns on LVM

Bill McGonigle posts: “The next regular monthly meeting of the DLSLUG will be held: Thursday, December 1st, 7-9 PM at:Dartmouth College, Carson Hall Room L01. All are welcome, free of charge.” Bill Stearns will present LVM – Logical Volume Management.

“Bill Stearns has trained folks on LVM professionally for a nationally-renowned training organization and packages some LVM utilities. He’ll give us the 1.5-hour overview version of what LVM is and how to make it work.”

I noted on a recent install that Fedora Core 4 uses LVM by default. This is a session well worth attending. Bill’s a great presenter and I’ve never failed to pick up some new tips.

FireFox 1.5 released

InfoWorld: Top News reports Mozilla releases Firefox 1.5 on schedule. (InfoWorld) – “The wait is over for the Firefox faithful, as the Mozilla Foundation released the new version of the browser as planned Tuesday.”

The 1.5 release improves performance, smoother updating, support for SVG, JavaScript 1.6, better security and pop-up blocking. I’ve been working with the release candidates and FireFox looks solid and reliable. Check it out!

CentraLUG: 5 December: James Fogg on Windows-Linux Interoperability

Please note the change in location: we will be meeting in Little Hall Room 230, a lab with computers. On the NHTI map located at (warning: 1 Mb+ PDF), the building is marked “K”

The monthly meeting of CentraLUG, the Concord/Central New Hampshire chapter of the Greater New Hampshire Linux Users Group, occurs on the first Monday of each month on the New Hampshire Institute Campus starting at 7 PM. Open to the public. Free admission. Tell your friends.

This month’s meeting will feature James Fogg discussing Windows-Linux interoperability. James Fogg is a principal with JDFogg Technology Consulting, where he is a network engineer specializing in delivering IT, Telecommunications and Computer Services, Systems, Sales and Consulting to the Fortune 500.

Many companies now operate mixed environments and managers expect their technical staff to be able to “make it work.” James will provide some ideas on how to do it. He’ll be covering interoperability methods between Microsoft Windows products and Linux/Unix systems. File Sharing, Application Sharing, network Services (DNS, DHCP, NTP, etc.), Mail and Printing. Also included will be the basics of Linux, Unix and Active Directory authentication, authorization and auditing.

I was pleased to learn that in the most recent editions of Microsoft’s Services for Unix, Microsoft is including an NFS client. SFU is a downloadable component for the currently supported versions of Windows and Microsoft has committed to including some of the functionality future OS releases. Interoperability is Good. SFU is one of several things James plans to cover.

Hope to see you there!

SANS: Top 20 vulnerabilities

Computerworld News and eWeek point to an interesting SANS report. Computerworld: “SANS: Cyberattackers found green fields in 2005. After years of writing viruses and worms for operating systems and Internet server software, hackers found new areas to target in 2005, according to a report on security trends released today.”

It’s interesting to see malicious crackers moving “up the stack.” One encouraging aspect is that network stacks are becoming more resistant to attack. However, applications are reaching further down into the stack, with user-space apps poking at ports and taking on more risky behaviors. We want to avoid repeating the mistakes of the past…

Xbox 360 shortages: panic in the streets?

Ken “Caesar” Fisher over at Ars Technica reports “Xbox 360: shortages no joke. Today I ventured out into the wilderness of North Boston to gauge Xbox mania. Initial reports on the ground paint a pretty grim picture for pre-Christmas Xbox shipments.”

There’s two possible explanations. Many, many, many rumor-mongers insist that Microsoft is staging this shortage, coordinating press releases with the stores, to announce a record sell-out on the opening day and start a panic that Junior won’t get his new machine for Christmas. The other is that Microsoft is incapable of planning around all the challenges of shipping a product on time. Which seems more likely?

Microsoft announces Simple Sharing Extensions

Over at Scripting News, Dave Winer posts Sharing at so many levels!.

Microsoft has unveiled a new proposal called SSE, which stands for Simple Sharing Extensions for RSS and OPML. “… “Now, in 2005, almost ten years later, we may be grown-up enough to actually work this way.”

Tigers and their stripes. I’m skeptical, of course. There’s only so many times you can have formats and features embraced, enhanced, extended and extinguished (E^4) before you look at a gift from Microsoft very carefully. On the plus side, though, the spec is released under a Creative Commons license. Interesting.

Microsoft to seek ISO standardization for Office 12 formats

InfoWorld: Top News reports “Update: Microsoft to open Office document format. (InfoWorld) – Microsoftæon Monday said it will offer its Word, Excel, and PowerPoint document formats as open standards, a move that could spark a war with technology rivals over standard document formats.”

Interesting. I wonder if ISO standardization will really change the basic positioning. Will use of Microsoft’s mis-named “Open XML” be free from RAND licensing fees, patent encumberances, or the onerous licensing terms that made it inaccessible from GPL software?

Unpatched IE Javascript exploit published.

InfoWorld: Top News: Hackers publish code for critical IE bug. InfoWorld) – Security experts are warning Internet users to be careful where they click, thanks to a nasty unpatched bug in the way Microsoft Corp.’s Internet Explorer browser handles the JavaScript computer language. The bug is of particular concern because security researchers in the U.K. have now published “proof of concept” code showing how hackers could exploit the problem and possibly take over a Windows system.By (Robert McMillan).

Just to review: never browse with an untrustworthy browser.

UPDATE: Details at the Internet Storm Center, raising their InfoCon level from green to yellow. ISC is labeling it a zero-day exploit. It’s certainly the potential for one.

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.