Computer Tips -Tech Info

So, the stories are out of the analysis of the code for Mozilla Firefox. It seems there were a large number of potential flaws found (71 potential security vulnerabilities) according to the article. This was done using an automated tool and many say, that in order to evaluate the true severity of the flaws, you […]

There’s a good article at Michael Sutton’s Blog which points out something that really makes sense and I think many people are aware of, but with all the buzz that a new previously undisclosed vulnerability has, we forget. The point is this, there are plenty of machines online vulnerable to ancient flaws that have been […]

A new Internet Explorer bug was published on Monday. It’s been given a CVE (2006-4446) and affects IE 6.0 SP1. It’s worth considering alternative browsers. Details from bugtraq indicate that it’s a buffer overflow in the DirectAnimation.PathControl COM Object(daxctle.ocx)… could cause DoS and possibly remote code execution.    Send article as PDF   

The Java Runtime Environment from Sun has a vulnerability that’s due in large part to a poor approach to updating it. IF you have not uninstalled previous versions of the JRE on your PC, they are likely still there EVEN after an update AND to make things even worse, a specially designed website could specifiy […]

I’ve got to admit, I hadn’t caught the notice of this until it was at incidents.org. I don’t currently administer sendmail on any machines, but…. Sendmail released version 8.13.8 on August 9th to address several issues (including a DoS vulnerability). It was possible for a specially crafted email to trigger the problem.    Send article […]

There used to be a tool called ethereal and then it changed it’s name to wireshark. Today a number of security vulnerabilities were disclosed. A new version is available and workarounds. Please upgrade if at all possible.    Send article as PDF   

This has been one of the “problem child” patches this time around and it looks as though it’s worse than initially thought. Apparently, instead of “just” crashing IE SP1 when viewing compressed http 1.1 web pages on WinXP SP1 or Windows 2000 SP4…. as stated in Microsoft’s bulletins, this could also lead to a buffer […]

I’m having to make sure I put the date in the title of these posts now…. over the weekend there were rumors of a new powerpoint vulnerability. Sans had an early notice of some trojan droppers using powerpoint files. And by the 20th (Sunday) it was being called a 0-day. There is a good FAQ […]

A couple weeks ago the hot story was about the demonstration of a vulnerability in a 3rd party wireless card driver on a Mac. The individuals that demonstrated the vulnerability (in a video taped presentation) also claimed that many wireless drivers were vulnerable to this same flaw and it included the MacBook native drivers (among […]

Or lack of currently available patch as the case may be. From the previous link it appears that there was at least one previously announced vulnerability that was not addressed in the recent patch day from Microsoft. From MS… “this is a DoS only issue that was not addressed in MS06-040, but will be addressed […]