February 2008

Windows Server 2008 will be officially launching in Los Angeles today with Steve Ballmer, Microsoft CEO, kicking off.

In support of this milestone, the Microsoft Solution Accelerators Team has just released the third-generation of the agent-less infrastructure assessment platform called Microsoft Assessment and Planning Solution Accelerator 3.0 (or simply MAP).

{ 0 comments }

Advisory from SecurityFocus, the vendor neutral website which provides a wide range of security-related information.

QEMU is prone to multiple locally exploitable buffer-overflow and denial-of-service vulnerabilities. The buffer-overflow issues occur because the software fails to properly check boundaries of user-supplied input when copying it to insufficiently sized memory buffers. The denial-of-service issues stem from design errors.

Attackers may be able to exploit these issues to escalate privileges, execute arbitrary code, or trigger denial-of-service conditions in the context of the affected applications.

QEMU is prone to a local denial-of-service vulnerability because it fails to perform adequate boundary checks when handling user-supplied input.
Attackers can exploit this issue to cause denial-of-service conditions. Given the nature of the issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.

QEMU 0.9.0 is vulnerable; other versions may also be affected.

A vulnerability discovered in Mozilla’s Thunderbird email client, affecting both Linux and Windows users, has been fixed with version 2.0.0.12

{ 0 comments }

No it’s not ‘Patch Tuesday’, KB 940510 has been released out of cycle.

This update enables Windows Vista to detect activation exploits that bypass product activation and that interfere with usual Windows operation. An exploit is a form of software that replaces or modifies authentic Windows components. When exploits are present on a system, it indicates that a software or hardware vendor may have tampered with genuine Windows to enable the sale of counterfeit software. Therefore, the security and the privacy of the computer are put at risk. After this update is installed, you will know if exploits are present on the system.

Article ID: KB 940510

Windows Genuine Advantage

{ 8 comments }

After removal of what government officials deemed a “blasphemous” video clip, the Pakistan Telecommunication Authority has lifted the ban on YouTube, owned by Google, Inc.

CNN.com

{ 0 comments }

In an effort to block video-sharing website “YouTube”, Pakistan first ordered ISPs to block the site, followed by a more specific BGP route announcement for the block of IP addresses that YouTube uses.

This resulted in YouTube traffic being routed to Pakistan and creating a YouTube blackout for two hours.

According to reports from the BBC, the blackout was probably connected to Pakistan Telecom and ISP (Internet Service Provider) PCCW.

PCCW found it necessary to shut down Pakistan’s Internet access while working out the finer details.

BBC News

{ 0 comments }

The list of 12 products is based on reported issues and is not comprehensive, check with vendors to see if their affected programs offer newer versions or upgrades that could work with Vista SP1.

KB Article ID: 935796
Programs that are blocked from starting after you install Windows Vista SP1.

• BitDefender AV or Internet Security, version 10

• Fujitsu Shock Sensor 2.1.0.0

• Jiangmin KV Antivirus 10

• Jiangmin KV Antivirus 2008<

• Trend Micro Internet Security 2008

• ZoneAlarm Security Suite 7.1

Programs that do not run after you install Windows Vista SP1.

• Iron Speed Designer 5.0.1

• Xheo Licensing 3.1

• FreeAllegiance 2.1

Programs that have a loss of functionality after you install Windows Vista SP1.

• NYT Reader

• Rising Personal Firewall 2007

• Novell ZCM Agent 10.01

{ 0 comments }

Quebec provincial police conducted raids on Wednesday, breaking up a hacking ring said to be responsible for an estimated CDN$45 million in damage to computer systems. Police did not release names of the accused who range in age from 17 to 26 years old. Three are minors.

In a videotaped press conference posted to the police agency’s Web site, Capt. Frederick Gaudreau, of the Surete du Quebec, said the hackers installed remote-controlled botnet software on victims’ machines in order to run phishing and spamming operations. The botnet is believed to contain up to one million zombie PCs, spanning 100 countries around the globe.

If convicted of computer hacking charges, the accused could face 10 years in prison, Gaudreau said.

Police confiscated computer equipment during the raids, and information found on the machines may lead to more charges against other alleged ring members.

{ 0 comments }

With the Vista Service Pack 1 prerequisite updates released last week, reports came in that KB937287 had caused some Vista PCs to either fail to properly boot up or enter an endless boot up loop.

Microsoft released a statement:

We’ve received reports that some customers may be experiencing an unusual reboot cycle after installing KB937287, the servicing stack update we released last week. To prevent further instances of this issue, we temporarily stopped automatic distribution of the update and are investigating solutions to the problem. We believe this problem only impacts a small number of customers. We are working to identify possible solutions and will resume automatic distribution again after we address the issue.

If you were unfortunate to experience this problem you can try using system restore to correct it, or contact 1-866-PC-Safety for help troubleshooting.

Vista Team Blog

{ 0 comments }

Alex Eckelberry reports that despite press on the matter, C-NetMedia is still trying to fool people.

I’m afraid it’s going to take the FTC to handle this one. Apparently the search engines aren’t self-policing on this one.

Article and screenshots: Incredible — C-NetMedia still continues its grossly deceptive practices

{ 0 comments }