Archive | Microsoft

Microsoft ships WMF patch early!

By Ted Roche on January 6, 2006 in Microsoft, Security

Bravo to Microsoft for shipping the WMF patch early, rather than waiting an additional five days to ship on their regularly scheduled Patch Tuesday. Many security experts were very concerned about this flaw.

Users of Windows 2000, XP and 2003 should update immediately. Users of previous versions of Windows should stop using IE until Microsoft ships a patch.

The actual MS06-001 Security Bulletin is a bit confusing. It lists “Maximum Severity Rating: Critical” but in the FAQ seems to indicate that they are not shipping a version for Win9x/ME:

“Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) — Review the FAQ section of this bulletin for details about these operating systems….”
In the FAQ… “How does the extended support for Windows 98, Windows 98 Second Edition, and Windows Millennium Edition affect the release of security updates for these operating systems?”
“For these versions of Windows, Microsoft will only release security updates for critical security issues.

”

Okay, I’m confused. Critical or not? Supported or not?

Palm 700w: bulkier, clumbsier

By Ted Roche on January 6, 2006 in Microsoft, Technology

NYT > Technology: David Pogue: A Marriage Not Made in Heaven. “Some features of Palm’s new Treo 700W cellphone-organizer are so well executed, you can’t help grinning, while others are so clumsy, you smack your forehead.” By DAVID POGUE. “The Treo 700W ($400 with a two-year Verizon commitment) is a Frankensteinian mishmash.”

Over at the Wall Street Journal, Walter Mossberg concludes “The Treo 700w will appeal to some Windows Mobile fans, and to some corporate IT staffs. But for everyone else, I advise sticking with the Palm-based Treos.”

Too bad. A friend had told me to keep an eye on the Treo line as he felt the Treo 650 needed one more version to be the category-killer PDA-Phone. Looks like the 700w was not the right one. Palm promises a PalmOS-based version is on the way. I’ll wait.

Latest Sober worm due to launch at midnight tonight

By Ted Roche on January 5, 2006 in Microsoft, Security

Computerworld News catalogs A Sober Primer: The worm from A to Z. “With the Sober worm set to launch new attacks at midnight tonight, here’s an A-to-Z guide to identifying the worm’s many iterations for the past two years.” The linked article talks about the latest incarnation, due to launch at midnight tonight. You may want to turn your Windows PC off tonight, just in case. Check to make sure your virus scanner is up to date, that your firewall is enabled (both incoming and outgoing, not the Windows one-way XP firewall), that your malware detectors are up to date and have scanned your machine recently.

It probably won’t affect anything more than usual, but you ought to check to make sure you’ve got charged batteries for the cellphone, the PDA, the flashlight. A full tank of gas in case you need to drive off to a client first thing, and the Windows ATM isn’t working. Filling the bathtub with water will let you flush the toilet if the water pressure goes. Perhaps you should review your Emergency Preparedness Checklist, just in case. Sleep tight. Don’t let the bedbugs bite.

Trustworthy Computing. Ain’t it grand?

WMF exploits continue to multiply and mutate…

By Ted Roche on January 4, 2006 in Microsoft, Security

Computerworld News Pre-release Microsoft patch for WMF flaw leaked. “Microsoft today confirmed that a pre-release version of its security update for the recently disclosed WMF vulnerability was briefly posted on the Internet . Users appear divided on whether to install an already available third-party patch for the problem.”

Meanwhile, InfoWorld: Top News is reporting…

Attempts to exploit WMF vulnerability by IM multiply.

(InfoWorld) – Security researchers have logged over 70 variations on instant messages attempting to exploit the WMF vulnerability since the first were reported on Saturday.

Watch out for the WMF exploit!

By Ted Roche on January 2, 2006 in Microsoft, Security, Technology

The Internet Storm Center has set their InfoCon alert to Yellow and is full of information on the recent WMF exploit. They are even promoting a private patch, due to Microsoft’s weak response on this issue. Microsoft has plans to ship a patch with their next regular Tuesday (the 10th) patch. Many of the media are a bit agitated to get a patch out sooner. Let’s see how Microsoft’s evaluation of the threat plays out. If they’re wrong, their customers could spend millions cleaning up the mess. If they’re right, no one will notice. Any change to the bottom line for Microsoft? Time will tell.

Zero-Day Windows Meta File exploit

By Ted Roche on December 28, 2005 in Microsoft, Security, Technology

InfoWorld: Application development reports “Update: Malicious hackers busy exploiting zero-day Windows flaw. Fully-patched systems running Windows XP and Windows Server 2003 can be successfully attacked by malicious hackers, various security firms warned Tuesday and Wednesday. By Juan_Carlos_Perez@idg.com (Juan Carlos Perez).”

Short form: IE seems to be subject to exploitation when navigating to a hostile site and received a Windows MetaFile (wmf). Site Admins should filter .wmf (and possibly .emf) files at the periphery. Limit IE use to a minimum, as always. FireFox users will receive a “what do I do with this file?” dialog. Doesn’t seem to affect Linux or Macintosh users.

Google Print and Hentzenwerke

By Ted Roche on December 28, 2005 in FoxPro, Security, Technology

Just to clarify that last post. Mike Sullivan pointed out that Google is posting pages from Hentzenwerke books with the publisher’s permission and/or cooperation. Google is not infringing on my copyright by doing this. I signed over the right to publish my books to Hentzenwerke, with some limitations, and I believe this is within those terms.

I’ve wanted to get Hacker’s Guide to Visual FoxPro on to the web for the past couple of years, but the publisher and authors couldn’t work out the mechanism. Google has solved that problem, at no cost to us. For some books, it’s possible this will lead to new sales. For others, it can make the work more accessible, perhaps elevating the reputation of the authors, leading to new work, which is the motivation for many technical authors.

Technical books face some unique challenges. Frankly, Sturgeon’s Law dictates that 90% of all technical books are crud. Technical books may even exceed that standard. But the grueling effort of assembling a complex technical book or reference book will have a challenging economic model: will publishers want to advance authors money to write a book that people will read for free on Google? You gotta read a novel from cover to cover, but you usually only need to read a single topic in a reference book. It will be interesting to see how this plays out in the marketplace. For the moment, I’m not inclined to invest a lot of effort in another reference work.

Hentzenwerke Books on Google Print

By Ted Roche on December 28, 2005 in FoxPro, Security, Technology

Via Scripting News: “Steve Rubel discovers how to read O’Reilly books, in full, for free, thanks to Google Books.”

It works the same way for Hentzenwerke books, too. Why lug around a 1300-page reference when you can just look it up on Google. Note that Google watermarks the page with “Copywritten Material” while publishing it for all the world to see for free.

Dangerous flaw in Symantec anti-virus

By Ted Roche on December 22, 2005 in Microsoft, Security

Computerworld News reports “Serious flaw reported in Symantec antivirus software. Symantec’s antivirus software is vulnerable to an attack that could allow a malicious hacker to gain control of a system.”

If you’re using a Symantec product, temporarily stop scanning .RAR files and avoid new RAR files until the flaw can be patched.

IIS DIW

By Ted Roche on December 22, 2005 in Microsoft

Over at Shedding Some Light, Rick Schummer posts: IIS Dead in the Water “Dead as a doornail. Less useful than a pet rock. Internet Information Services (IIS) v5.1 on my Windows XP Professional SP2 (all the latest patches) development box has decided to take a holiday break. Normally this would not be a big deal, but I use it every darn single day to access the OpenWiki running on my machine and Fog Creek’s FogBugz for my bug tracking.”

Bummer, Rick. Fastest solution is to make a good backup and/or image, blow it away and start again. Anything short of that just prolongs the agony.

UPDATE: Rick’s up and running 18 hours later thanks to a pointer from Craig Boyd. Anyone tracking the Fox community on-line needs to be tkeeping an eye on Craig as well as Rick. These guys are doing some great stuff.

Older posts Newer posts

S	M	T	W	T	F	S
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30

Navigation