Archive | 2006

PowerPoint Zero-Day Vulnerability in the Wild

By Ted Roche on July 16, 2006 in Microsoft, Security

Slashdot post PowerPoint ZeroDay Vulnerability Exploited. “whitehatlurker writes to mention a WashingtonPost.com article about another unpatched flaw with Microsoft Office. The bug, part of the PowerPoint software, has already been used in the wild, and may be connected to an industrial espionage case.”

1. Never EVER open an untrusted document, whether it is Word or PowerPoint or a PDF or a video.

2. There are no trusted documents.

What #2 means is that you should always confirm that, whenever a document arrives appearing to be from a friend or a co-worker, it really is from them. Most of the time, you've had a conversation in advance. Social engineering works by making you think that a document is part of a normal exchange. If Bob in accounting send a message with some non-descript “check this out” message and an attachment that appears to be a spreadsheet, it's worth taking a couple seconds to verify it's really from him. Malware steals other people's email addressbooks, so the mail could appear quite legitimate.

Nashua Telegraph reports on Northeast Linux Symposium

By Ted Roche on July 13, 2006 in Linux, OpenSource, Technology

Dave Brooks of the Nashua Telegraph reports on the recent Northeast Linux Symposium held at Gould Academy in Maine. NLS is focused on bringing Free and Open Source software into the schools, something that is increasing in popularity around here. I thought Dave's reaction to FOSS and its zealots was promising: FOSS is no panacea, but an alternative worthy of consideration.

How Google Works

By Ted Roche on July 13, 2006 in Technology

Baseline Magazine has an interesting article entitled, “How Google Works,” containing some history, interesting links, rumors and speculation.

Microsoft Monthly Patch: 7 Patches, 5 Critical, Remote Code Execution – patch now!

By Ted Roche on July 12, 2006 in Microsoft, Security

OSNews also notes Microsoft Patches Seven Vulnerabilities. “Microsoft alerted us this time about seven vulnerabilities of which five were rated critical and two important. There are vulnerabilities in the Server service, the DHCP Client service, Excel and Office that could allow remote code execution.”

Seven patches, 5 Critical with Remote Code Execution possibilities, 2 Important, which includes Remote Code Execution within IIS. Bulletins MS06-033 through MS06-039 issued on the 28th week of the year. It looks like this kind of velocity, more than one per week, has been steady at Microsoft for nearly three years now. I would have expected the more secure IIS6 and Windows Server 2003 to stem the flow a bit. But these product continue to be listed in the affected systems list. Hmm.

MS06-033: Vulnerability in ASP.NET Could Allow Information Disclosure (917283)

MS06-034: Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution (917537)

MS06-035: Vulnerability in Server Service Could Allow Remote Code Execution (917159)

MS06-036: Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388)

MS06-037: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285)

MS06-038: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284)

MS06-039: Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (915384)

Security is not a feature, it's a process. Patch now to avoid more problems later.

Parallels virtualization software for Macs reviewed

By Ted Roche on July 12, 2006 in Apple Macintosh OS X, Linux, Microsoft, Technology

OSNews points out that “Ars reviews Parallels Desktop for MacOS X, and concludes: “People pondering the switch to a MacBook can rest assured that with the exception of USB device support and hardware accelerated 3-D applications, their needs will be well met by this little workhorse of a program. Between the networking that just works, the impressive speed and the inability of the client operating systems to know they are running within a 'virtual machine', I think you'll be hard-pressed to find software for any x86 OS that doesn't work within a Parallels VM.”

It's hard to imagine a more desirable machine than a laptop or desktop with dual-core processors and the ability to run Windows, OS X and Linux in separate virtual machines.

ODF gains a new member: Google

By Ted Roche on July 12, 2006 in Technology

Computerworld Breaking News reports Google backs OpenDocument Format. “The ODF Alliance, which backs the expanded use of the OpenDocument file format, gained a new member over the weekend: search engine company Google Inc.” Cool! The more the merrier!

New front-end tool to manage SELinux

By Ted Roche on July 9, 2006 in Linux, OpenSource, Security

OSNews reports SELinux Policy Editor 2.0 Released. “In the past, SELinux has been critized for being too dificult to configure. To solve this, the SELinux policy editor was created: A GUI-oriented editor with a simplified policy description language (ala Apparmor). According to the announcement, this new version includes a much improved user interface and some improvements to the “Policy description language”.

Very cool. Security-Enhanced Linux is the next-generation security implementation beyond UNIX users and groups, individual file permissions and general security policies of firewalling unwanted traffic and requiring logins. However, I've found it difficult to grasp at first, and surely difficult to master. A friendly front-end GUI tool to manage SELinux is welcomed.

Sophos says you should Switch

By Ted Roche on July 7, 2006 in Security

Jeremy Reimer at Ars Technica notes that Antivirus company suggests home users switch to Macs. “The Antivirus firm Sophos has done an about-face, suggesting in their latest report on the state of malware threats that many home users should consider switching to the Macintosh platform. Are they serious?”

Making RSS Pretty

By Ted Roche on July 7, 2006 in Technology

Sean Burke has some great notes and code on “Making RSS Pretty,” a nice solution to the problem of people clicking on the XML link and getting an ugly page of XML.

OpenOffice.org 1.1.x and 2.0.x vulnerabilities – get patching!

By Ted Roche on July 6, 2006 in OpenSource, Security

InfoWorld: Application development reports OpenOffice.org warns of three vulnerabilities. “OpenOffice.org is warning users of security vulnerabilities that can crash the OpenOffice.org productivity software and give malicious hackers access to full system resources.”

“The company is urging OpenOffice.org 2.0.x users to upgrade to version 2.0.3, released last week. A patch for OpenOffice.org 1.1.x will be available soon, the company said.”

Older posts Newer posts

S	M	T	W	T	F	S
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30

Navigation