Archive | August, 2006

OpenOffice.org security flaws identified, some patched

Robert McMillan of InfoWorld: Top News reports OpenOffice.org security 'insufficient'. “With Microsoft Corp.'s Office suite now being targeted by hackers, researchers at the French Ministry of Defense say users of the OpenOffice.org software may be at even greater risk from computer viruses… “The general security of OpenOffice is insufficient,” the researchers wrote in a paper entitled “In-depth analysis of the viral threats with OpenOffice.org documents.” … “This suite is up to now still vulnerable to many potential malware attacks,” they wrote.”

Despite the negative tone of the beginning of this article, it's more good news for OO.o than bad. First, the one major flaw that was found has been patched – yeah, Open Source! – and you'll want to ensure you're running the latest OpenOffice.org. The second positive spin of the article is the tone: governments and companies are seriously evaluating OpenOffice.org as a replacement for their current office products. I wonder if this change in the tone has to do with the acceptance of the Office Document Format as a recognized international standard.

But don't just take my word for it…

Microsoft Watch from Mary Jo Foley reports Patch Windows Now, Homeland Security Warns. “The Department of Homeland Security has spoken. Apply the patches in the MS06-040 security bulletin for Windows, which Microsoft released on August 8, the agency is warning users.”

Microsoft's Monthly Security Patches for August 2006

I received the “Microsoft Security Bulletin Summary for August, 2006” in my inbox this morning. You'll want to sign up on the Microsoft site if you don't get this email and have responsibility for supporting and protecting Windows machines. You can find the bulletin here.

Nearly all the 12 items were rated critical and resulted in “Remote Code Execution” – in other words, someone else taking over your machine. Every version of Windows – those still supported – Windows 2000 SP4 through Windows Server 2003 – are affected. Individual applications getting patched include all the Office products, VBA-enabled products, and nearly anything with HTML: Internet Explorer, HTML Help, Microsoft Management Console. Get patching!

MS06-040 – Vulnerability in Server Service Could Allow Remote Code Execution (921883)

MS06-041 – Vulnerability in DNS Resolution Could Allow Remote Code Execution (920683)

MS06-042 – Cumulative Security Update for Internet Explorer (918899)

MS06-043 – Vulnerability in Microsoft Windows Could Allow Remote Code Execution (920214)

MS06-044 – Vulnerability in Microsoft Management Console Could Allow Remote Code Execution (917008)

MS06-046 – Vulnerability in HTML Help Could Allow Remote Code Execution (922616)

MS06-047 – Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (921645)

MS06-048 – Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922968)

MS06-051 – Vulnerability in Windows Kernel Could Result in Remote Code Execution (917422)

MS06-045 – Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398)

MS06-049 – Vulnerability in Windows Kernel Could Result in Elevation of Privilege (920958)

MS06-050 – Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (920670)

We're up to 51 patches on the 32nd week of the year. It's pretty apparent that whatever Trustworthy Computing brings us, it won't be a static thing.

Converting an existing Windows install into a VM

Here is a clever solution to the problem of trying to remember all of your passwords, settings, configurations and so forth when converting your current OS into a VM: backup your old installation and restore it into a clean VM. There may be problems with drivers and such, since the VM “hardware” may not work with all the drivers you have installed, but it sure looks like it could be a timesave.

WWDC Keynote dissected

Andy Ihnatko writes a guest column for InfoWorld that's a great insight into the mind of Mac users and interesting speculation on what we saw, or didn't see, at the recent WWDC keynote.
Leopard's top-secret secrets.

(InfoWorld) – When you watch a Steve Jobs keynote from home, you only get about two-thirds of the value. For one, there's usually complimentary orange juice and danish on the way into the hall. For another, you get to go hyper-nerd obsessive on every observable detail.

Monadnock LUG, Thursday, August 10th: SugarCRM

From Guy Pardoe's announcement:

The next meeting of the Monadnock Linux User Group (MonadLUG) will be this Thursday, August 10th, 7:00pm, at the SAU 1 Superintendent's Office behind South Meadow School in Peterborough.

For directions and other information, visit
http://wiki.gnhlug.org/twiki2/bin/view/Www/MonadLUG

Mark Witham discusses SugarCRM: SugarCRM is a complete CRM and groupware system for businesses of all sizes. Functionality includes sales force automation, marketing campaigns, support cases, project mgmt, calendaring, documents and more. Built on PHP and MySQL.

Microsoft: Our customers are dumb

OSNews points to a ZDNet article, Microsoft: ‘Open Source Is Too Complex’. “Although open-source software can be customized to meet a company’s specific needs, its inherent complexity could dent the profitability of independent software vendors, says Microsoft. “One of the beauties of the open-source model is that you get a lot of flexibility and componentization. The big downside is complexity,” Ryan Gavin, Microsoft’s director of platform strategy, said.”

An ISV has to know what they are getting into, and have sufficient support to deal with the challenges of many platforms. The same is true if you choose to support Windows XP, XP Home, XP Media Center, XP Tablet, Windows 2000, Windows Server 2003 on standalone, networked, workgroup, domain and Active Directory models. The claim that supporting Linux is more difficult because there’s more than one vendor (all of the majors adhering to the Linux Standards Base) is FUD. If you have to support home users with Windows 95 or do-it-yourselfers with a hand-built Linux kernel, the challenges are the same. Their claim to ISVs that Windows is easier to work with may be easy to claim, but I’d like to see Microsoft prove it. Truth Happens. Unbend the Truth.

Microsoft claims that computer technology is complex, and they are smarter about making those decisions than their customers. If they are not careful, they’ll prove that: the smart customers will leave.

Microsoft to ship a dozen on Patch Tuesday

Microsoft Watch from Mary Jo Foley is reporting Windows Fixes to Dominate Patch Day Dozen. “Expect from Microsoft a dozen new security bulletins, with plenty of Windows patches [^] a number of which will be deemed “critical,” on August 8.”

Pencil in some time Tuesday or Wednesday for patching and rebooting.

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.