Archive | January 10, 2007

Microsoft leaves Word zero-day holes unpatched

CNET News.com is reporting Microsoft leaves Word zero-day holes unpatched. Hmmm… is it still a zero-day hole if it has been around for a while? I’m afraid the term has lost its punch. Nonetheless, Cnet goes on to say,

Microsoft on Tuesday released fixes for vulnerabilities in its Windows and Office software, but left several known Word zero-day flaws without a patch.

As part of its monthly patch cycle, Microsoft published four security bulletins with fixes for 10 vulnerabilities. Three of the bulletins are deemed “critical,” the company’s most serious rating; the fourth is tagged “important,” a notch lower. All bulletins, however, address flaws that could allow an attacker to commandeer a PC.

Nasty stuff. It’s the second week of 2007, and Microsoft patches are already up to MS07-08, although four of the patches were pulled from this release. I wonder if they’ll still be “zero-day” next month?

Hit the Microsoft site at http://www.microsoft.com/security if you need more information on these patches. Get patching!

FoxTalk Death Throes Continue…

On the FoxPro wiki, Alex Feldstein documents the most recent of many problems with New Hill Services, aka Eli Research, the latest purchasers of the FoxTalk newsletter, originally from Pinnacle Publishing. (Disclosure: FoxTalk published several articles of mine, starting in 1992 and ending in 2004). These people are just incredibly clumsy in the way they have worked with the community that once supported the newsletters. Terminating the editor, dropping or antagonizing their top-notch contributing writers, harassing former subscribers and failing to engage the community have ruined any chances of FoxTalk’s recovery. I wish they would just terminate the paper and spare us all the embarassment.

Just this morning, I received an email announcing “Your latest FoxTalk 2.0 is Available Online!” Curious if they were giving away free online content or offering a trial, I navigated to http://osslogin.com/login/pin, which asked for a login and displayed the Pinnacle (not Eli, not New Hill) logos and no links — no “Who we are,” “Read our other publications,” nothing. Really suspicious. Examining the HTML source, there were no signs of foul play (it does look like a phishing expedition, doesn’t it?), so I tried the “forgot your password” link and supplied my email address (I already get and squash 500 spams a day, so one more wouldn’t hurt). I promptly got an email with my password, and attempted to log in. “Account Expired” it told me, again with no other information or links. How annoying! If it was expired, why send the email notice? And wouldn’t this be a killer opportunity to ask me to re-up? Nothing. Bozos.

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.