Friday, September 22, 2006

Workaround needed for IE hole

Been here, done this. Or something similar. This is just more info on the same that Jack and MissM have been posting, but it gives a specific workaround. I did it. It is a quick, easy, cut-n-paste. To reverse it is just as easy when the patch comes out. Since IE is so intertwined with Windows, I will remind you that this is needed even if your default browser is Firefox or Opera, etc.

On a personal note I've been completely down with something very nasty this week. If I had eaten spinach I'd know what it was, but I didn't so I'm thinking it was something Norwalk'ish. If you want the details you can look that up. I'm making a slow but steady recovery at this point.

SunbeltBLOG: Seen in the wild: Zero Day exploit being used to infect PCs

This is a different exploit than the one Jack posted below, and its been out a few days, but I've accumulated some links about it, here.

Day Zero
Still Day One: Sunbelt
Microsoft's response (Still Day One)
Minor fix to exploit mitigation
Secunia: Day One

The President of Sunbelt Software publicized this first, on his blog. As I recall one company discovered it, and notified Microsoft, but hadn't announced it yet. Why two days before it was posted here, you ask? Well, my reluctance was because it was an IE exploit, I thought, and I didn't want to repeat what an excellent browser Firefox is. But, I hope that this adds to your knowledge of the current exploit being used by the scum of the internet.

--MissM

Tuesday, September 19, 2006

Microsoft's Zune doesn't seem to give much to it's owner

The link is to a comment piece on ZDNet UK. It details what you can do with a Zune, and more importantly what you cannot do, which seems to be nearly everything. Read it and save your dough.

Jack

Monday, September 18, 2006

Internet Explorer daxctle.ocx "KeyFrame()" Method Vulnerability

The link will take you to a Secunia warning about yet another ActiveX flaw that allows attackers to construct a malicious web page that can crash the browser or, much more seriously and the point of this advisory, run malicious code on the user's machine.

Not for the first time; I have to wonder when MS will give up on ActiveX, which offers no unique benefits and a seemingly endless series of vulnerabilities.

Jack

Sunday, September 17, 2006

On Computers Radio Show Podcast 09-17-06

This is the On Computers Radio show podcast for 09-17-06. You can listen live every Sunday from 10AM to 1PM Pacific thats 1PM to 4PM Eastern. If you prefer, you can download the same file here via ftp.