Forgot your password?
typodupeerror

Submission Summary: 0 pending, 5 declined, 2 accepted (7 total, 28.57% accepted)

Windows

+ - Patch Tuesday - IE7 Clean

Submitted by
jginspace
jginspace writes "As per the advance notification, Microsoft's monthly security bulletin, released yesterday addressed five general Windows issues and one in Visual Studio. It also included a fix for a problem in Outlook Express for a total of seven updates.

As patch Tuesdays go it was fairly unremarkable. The only general Windows update labelled as 'critical' is for a flaw in Media Player. As usual, there's a cumulative update for Internet Explorer, and it does sound quite nasty - there are two critical script-related vulnerabilities and Secunia has already issued an advisory. Significantly, only versions of Internet Explorer versions 5 and 6 are affected. Version 7 is clean - which is welcome news as this is the first round of updates since the upgrade was pushed to world+dog last month as part of Windows Update.

Sans is calling this 'Black Tuesday' and recommends patches be applied urgently for the Visual Studio and Media Player vulnerabilities. The Visual Studio update is for version 2005. Sans indicate that there are already known exploits circulating for the SNMP vulnerability but currently none targetting the latest flaws in IE. However if you really have to use IE I recommend using a metabrowser such as Maxthon, Avant or SlimBrowser. Sans is recommending the Heise Offline Update utility covered in a previous story."
Windows

+ - Security bulletins - advance notification

Submitted by
jginspace
jginspace writes "Vulnerabilities seem to be flavour of the month, what with exploits for Oracle and OS X being in the news just lately.

Microsoft probably won't be outdone. Watch this space - next advance notification is Thurs Dec 7th. It should give you a modest idea of how vulnerable - potentially and currently - you are. Vulnerabilities are exploited quickly once the miscreants know where to look - see previous journal entry - so with advance notice you'll have an idea whether you should be taking steps to boot Linux for a few days, make sure you're running as non-admin, making sure that firewall is up, turning off unnecessary services or getting used to running Open Office instead of the Microsoft version.

Remember the next bunch of updates will be the first since Internet Explorer 7 was pushed out to world+dog via Windows Update. Previous versions of IE made near-monthly appearances so the second Tuesday security bulletin will be an indication of whether Microsoft have really sorted out their browser issues or whether it's a case of more of the same."
Windows

+ - Patch Tuesday - Pick an exploit, any exploit

Submitted by
jginspace
jginspace writes "As per last Thurday's advance notification Microsoft has just released five general Windows updates and one for XML. So what's new? Well a grand total of five are rated 'critical'.

We have the omni-present Cumulative Security Update for Internet Explorer (922760) - pay particular attention to the "HTML Rendering Memory Corruption Vulnerability" - and a nasty-sounding "Vulnerability in Workstation Service".

Last month Microsoft Office took the limelight; this month "Remote Code Execution" targetting the core services seems to be de rigeur. Keep your systems patched, don't run unecessary services and don't run more than you have to as administrator. Sign up for notifications here."
Wireless Networking

+ - What's not illegal in Singapore?

Submitted by jginspace
jginspace (678908) writes "Surprised this hasn't been posted, a 17-year-old from Singapore is is facing three years' jailtime for accessing his neighbour's wireless network.

Yup, the neighbour complained and now the unfortunate Tan Jia Luo is facing charges under the computer misuse act and is scheduled to appear in court on Wednesday.

It must be great having such lovely neighbours."

One man's constant is another man's variable. -- A.J. Perlis

Working...