October 2007

Secunia Advisory: SA27311
Highly critical
Impact:
Spoofing
Manipulation of data
Exposure of sensitive information
DoS
System access
Where: From remote
Solution Status: Vendor Patch

Release Date: October 18, 2007
Firefox v2.0.0.8. Download

{ 0 comments }

Paperghost didn’t like what he wrote in it.

It was all going so well, until…. I saw this post by Zango CTO Ken Smith, and I just had to reply.

{ 0 comments }

Secunia Advisory: SA27277
Highly critical
Impact: Cross Site Scripting, System access
Where: From remote
Solution Status: Vendor Patch

Opera version 9.24. Download

{ 0 comments }

AOL has been in the news for laying off employees and moving their headquarters to Manhattan, New York City.

Bill Pytlovany blogged this with a new twist:

I never signed up or requested Emails from Side Step. The Email was very careful to follow the minimum requirements of the Can-Spam Act of 2003. Having this Email “Certified” by AOL means nothing to me other than “Advertising OnLine” was paid by this company to spam my Email account.

Silicon Alley Insider: Randy Falco Email to employees.

Time Warner: Randy Falco Bio.

{ 0 comments }

A relative in the market for a new computer, showed me a pretty good deal she was looking at and asked what I thought. Everyone in the family knows I am a total geek.

The machine came with Vista Basic installed. I advised her to upgrade to at least Vista Premium so she could run Aero, also a better video card and more RAM.

Then another email arrived saying she had heard Vista was buggy and perhaps XP was in order.

I am biased because I genuinely like Vista. I still have XP Pro machines, but as vendors supply new drivers for Vista, I find myself booting XP up less and less, even though it is a good solid OS.

We decided the best way to go was to show Vista in action, not just the eye candy which it has plently of.

A few hours on my Vista machine and she was sold. Not a technical post on Vista but a human story.

*Added links.

{ 4 comments }

After Alex Eckelberry wrote about this on the Sunbelt Blog, he received some interesting feedback in the comments section.

{ 0 comments }

Today, Microsoft shipped 6 out of 7 bulletins originally stated in the ANS.

The Microsoft Security Response Center (MSRC)

• MS07-055 addresses a vulnerability in Kodak Image Viewer, and is rated as a Critical bulletin.

• MS07-056 addresses a vulnerability Outlook Express and Windows Mail, and is rated as a Critical bulletin for earlier versions of Windows and as an Important bulletin for Windows Vista.

• MS07-057 is a Cumulative Security Update for Internet Explorer, and is rated as a Critical bulletin.

• MS07-058 addresses a vulnerability in RPC, and is rated as an Important bulletin.

• MS07-059 addresses a vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007, and is rated as an Important bulletin.

• MS07-060 addresses a vulnerability in Microsoft Word, and is rated as a Critical bulletin for earlier versions and as an Important bulletin for more recent versions.

In addition to the bulletins mentioned above, Microsoft also re-released bulletin MS05-004. This re-release updates detection includes Server 2003 Service Pack 2 and Vista as affected platforms. There were no changes to the update binaries, so if you have already successfully installed this update, you do not need to reinstall it. Customers who have applied MS07-040 are unaffected by this detection update, as their systems are up-to-date from a .NET Framework security stance. Please refer to the bulletin revision history for more information.

TechNet

{ 0 comments }

Potential security vulnerability
Some WordPress plugins that permit the entry of user-entered values, such as older versions of FeedSmith, can be vulnerable to what is called a “cross-site request forgery.” Without getting overly technical, this permits someone to change WordPress plugin settings on your system without you noticing during the time you are signed into your WordPress control panel. And no one wants that.

According to the official FeedBurner weblog, the update was released 10-03-07. However it did not present in v2.3 WordPress as an available plugin update, so I suggest checking the official FeedBurner weblog for such important updates:
http://www.feedburner.com/fb/a/home

Better yet subscribe to their feed.

{ 0 comments }

Scheduled October bulletin release day, Tuesday October 9, 2007.

The Microsoft Security Response Center (MSRC)
As part of our regularly scheduled bulletin release, we’re currently planning to release seven security bulletins:

• Five Microsoft Security Bulletin affecting Microsoft Windows with a Maximum Severity rating of Critical. Some of these updates will require a restart and will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool.

• One Microsoft Security Bulletin affecting Microsoft Office with a Maximum Severity rating of Critical. These updates will not require a restart and will be detectable using the Microsoft Baseline Security Analyzer.

• One Microsoft Security Bulletin affecting Microsoft Windows and Microsoft Office with a Maximum Severity rating of Important. These updates may require a restart and will be detectable using the Microsoft Baseline Security Analyzer.

We are also planning to release an update to the Microsoft Windows Malicious Software Removal Tool as we do each month.

Finally, we are planning to release three high-priority, non-security updates on Microsoft Update and one on Windows Update.

TechNet Advance Notification

{ 0 comments }