It seems I posted the 1000th article yesterday with the note on the recent IE vulnerability. (I wonder how many articles out of the 1000 were about IE vulnerabilities???) Anyway, nice round numbers like that are interesting to note as milestones. I haven’t been doing much in the way of updates for a bit and there are a couple of reasons. One was the great trauma with the internet connection that I’ve previously described…. what’s interesting about that….
It’s interesting to see the rumor mill around Vista – I saw articles this morning claiming that 60% of the Vista code would have to be rewritten and the Xbox team was pulled to work on Vista – from what I can see both of those are not true. I suspect people are looking to explain why the release has slipped into the next year. I do find it interesting that there were such ambitious plans for Vista which have gradually evaporated and pushed to a future release and the pruned back plans just aren’t within reach in a short amount of time. However, in some ways software development is about making big plans reality, sometimes it just turns out to be bigger than you thought.
I should mention a fairly big Windows vulnerability (which involves active scripting). Apparently there are proof-of-concept exploits circulating that do innocent things like open up the calculator. Unfortunately, once exploits are out that can do this, it’s trivial for them to do worse. The bottom line is, be careful what sites you visit, beware of “driveby downloads” using this tactic consider alternative browsers until you’re patched. (Although in reality, with IE’s integration in Windows, it’s hard to be completely safe this way with other apps using IE to view html objects….)
I’ve had a flood of spammy pings on one specific post. I’ve disabled ping backs on that post and will continue to disable pingbacks when I see spammish “abuse” of the concept. I’d certainly rather not do this. One of the values of a pingback is if someone actually writes a RELEVANT article and cites another as reference. If it looks like someone is just attempting to place an add for their services in a comment/pingback, that comment/pingback will be deleted. If that post becomes a nuisance to me to maintain, my solution will be to cut off comments/pingbacks. I suggest if you’re looking at ways to advertise your site, you might look at Google Adwords.
I can’t believe it’s been so long without a post – last post was the last MS update cycle. I’ve been trying to avoid spending almost every waking hour at a computer for a while. Anyway, advance notice for the March Microsoft updates came out and it appears as though the only critical update is expected for Office, with an “important” update for Windows. The Office update may require a reboot, the Windows update is not expected to require a reboot.
Hopefully this will make for an un-eventful patch cycle.
Microsoft has given advance notice that next Tuesday they will be releasing 7 updates for Windows, as many as 5 of these will be tagged as critical. The Security Fix has a bit on the advance notice as does Sans. Looks like one of the critical updates will be for Media Player, 4 for Windows itself and 2 updates for Microsoft Office. A reboot will be required for some of the updates.
I think it’s time to pass along a long story of what’s gone on over the last week or so here and some of the reasons there hasn’t been anything posted. Generally, I would say that work has been busy, but something happened last week that went a bit beyond the day to day and there might be some items worth considering. The short story is my internet access was suspended and I’ve been only connected to the internet for 30 minutes or so at a time to retrieve mail and spent dozens of hours reviewing system logs…. but the long story is needed to sort out what has happened. I’m not going to break this up into multiple posts, but I may pull out some details for seperate posts at some point.
In the last several days there have been a couple vulnerabilities disclosed that I should cover. The first up is related to Winamp. Version 5.12 is vulnerable to a problem with the way it handles .pls (playlist) files. This could allow very bad things with a specially crafted pls file. There were some workarounds mentioned, however all those workarounds can be subverted. There is a new release available http://www.winamp.com/player/.
Not long ago a customer offered me a slightly used Linksys BEFW11S4 ver. 4 wireless router for free. He had replaced it with an 802.11g router (this is only a b) shortly after purchase and said if I knew anyone that wanted it I could have it. Well, it’s hard for me to let tech pass through my hands without taking a look at it and testing it a bit. So, one of the first things I did was test out how well the wireless signal was received from a basement. (Concrete block walls, dirt, etc. blocking..) I was surprised at how well the signal did through concrete, dirt and a couple hundred feet of air.
I think I’ve wrapped up the series on arp spoofing and it’s implications for network security. I know there’s nothing earth shattering here, most network security types are well aware of the problems (and perhaps aware of more sophisticated solutions?). For some though, this series is likely an eye opener as there are myths that switches cannot be sniffed, that ONLY wireless data packets can be sniffed, etc. etc.
Bookmark this site now by pressing Ctrl+D
