From the look of it Apple has released a bunch of updates for OS X. A number of security issues are detailed. As always, SANS has some good details and links to more info on each of the ~13 issues. Many of them are legacy bugs if you will from older *nix-based systems. This is as good a time as any for the now familiar lesson – NO operating system is invulnerable, you must keep any software install updated with current security patches.
Sometimes you run across a site that’s a browser snob. You know the type…. you visit it in Mozilla Firefox or (anything other than IE) and it says, “you must use Internet Explorer version 6 or newer to use this site. Well, some browsers have nice ways of changing the user agent through the menus, and I wouldn’t be surprised if there’s a plugin for this in firefox (haven’t yet looked.) But, there is a way in about:config.
Again…. this article referring to an exploit related to the cross platform plugin capability in firefox, is a GOOD reminder to be cautious when looking at potential plugins to install for mozilla firefox. In fact, the advice is usually do NOT install software (including plugins) from untrusted sources. By all means, please investigate any piece of software before downloading and installing. (And please don’t take just the software makers word for it…. ie. “my toolbar is really cool and makes firefox work better” does not equal something you can now trust and install.)
Feh….. what a name… well, linux.com has an article up on feh which is a nice lean image viewer for linux. It has quite a few command line switches so it should make cli users happy with the choices and it is nice, lightweight and fast.
George Ou has a good post on Banks cheating their way to meet web security guidelines. Many of the observations that he notes come from the Between the Lines column here and are SPOT ON. The biggest I see is related to “multifactor authentication”….
SANS has an answer to last months browser vulnerability a day blog… for August they’ll present a security tip a day. So, if you haven’t visited the handlers diary, this may be a good time to “tune in”. The first one has to do with strong passwords (I think they decided they may as well get that out of the way up front….)
Sans has info on a security flaw affect several McAfee security products. It could allow remote code execution. The 2007 versions of the products are not affected and a patch is expected soon. For your information, here are the affected products: McAfee Internet Security Suite 2006, McAfee Wireless Home Network Security, McAfee Personal Firewall Plus, McAfee VirusScan, McAfee Privacy Service, McAfee SpamKiller, McAfee AntiSpyware.
You may note that antivirus software is increasingly being scrutinized as a means to remotely exploit systems. Be watching for the patch to come from McAfee.
It has been a few days now, but I noticed that WordPress 2.0.4 has now been released and is highly recommended due to the fixing of a few security issues. They also list a number of bugfixes as well. So, if you’re running a site based on wordpress it’s time to update. It’s really a fairly painless process. I do recall upgrading ONE site to 2.0.3 and it was quite painFUL…. things went quite wrong and I had to restore the database from a backup. BUT… I’ve now upgraded 5 or so installs to 2.0.4 without a hitch. (One was a 2.0.3 install and the others were (I believe) 2.0.2).
Some people spend a lot of time finding ways to block the freeloaders from their wireless internet. Others find fun ways to mess with them…. They start off by settup up dhcpd.conf to carve out two subnets a “good” one with known mac addresses and an untrusted…. then the fun begins with some proxy side image manipulation. Either upside down images, blurry images, etc. I wonder why you don’t just take it a step further…. block images entirely and replace with a jpg of your choice. IF you have a very BUSY accesspoint with freeloaders – maybe you could even sell an ad…. or do a captive portal for the untrusted crowd that redirects through a page that says…. “Uploading personal data…. Please wait…. Credit Card info transfered…. browsing history transfered….. email history transfered…. My Documents in progress…” Of course, it would be actually doing this…
Here is a link to the info page. It sounds as though there are several images available. Mandriva 2007 Beta 1 has Gnome and KDE centric 586 and x86_64 versions of cd images for download as well as an all in one (well – both architectures in one) DVD and cd set (6 disc cd set). They’re interested in people testing it out and reporting bugs. Not all new features are enabled and it is BETA so use it at your own risk.
Bookmark this site now by pressing Ctrl+D
