Saturday, October 27, 2007

Russian PDF attacks surge; Microsoft takes blame

Microsoft Windows ShellExecute function turns out to be the real culprit in the PDF vulnerability problems. Fixes to Firefox, Adobe products and others close the URI attack vectors but do nothing to address the underlying vulnerability or vulnerabilities.

While MS says (accurately) in the advisory that the attacks are "fairly limited", they are growing in number and intensity. This short article on Computer World's site explains some and the MS advisory tells the rest.


Windows Server 2008 RC0

Tom's Hardware has an extensive (19 pages surely qualifies as that) review of the first release candidate of Windows Server 2008.

If you have any interest in such things (and I do) this is probably the best place to start checking it out.

Microsoft is now gaining server market share faster than anyone else, Linux included! A careful reading of this will tell you enough that you can figure out why.


How to remove Windows Desktop Search

Okay. Here's instructions on how to clean up your machine if Automatic Updates has put Windows Desktop Search on your machine. I've done it once, via Add/Remove Programs. Apparently, I was lucky. Should you need a bit more to remove it, here's what you need.


Friday, October 26, 2007

When PDF's Attack... Again!

Adobe is ahead of this game. So are most of the Anti-Virus folks. But if your reader is not up to date, or your AV definitions, you can be had. Seeing as so many folks are bad about updating, this one is likely to get some real traction, if it hasn't already.


Routing Economics Threaten the Internet

Looks like it is time to change how we route information over the Internet. While there are some scary thoughts in this article, it is not as alarmist as the title promises. It's more a statement of facts with a workable solution given. I'm sure more solutions will materialize, too.


RealNetworks closes several security holes

Looks like the folks at Real have been busy again. This is important if you have any version of Real Player installed.


This Bud's for You?

This is a scam warning. I just thought it unusual enough that it might be of interest to you. A very short read and a laugh.


Links from the Gregg Zone!

1) Well, it is that time of year, when we start to think about those things that go bump in the night. Yes, Halloween is moments away, also a big time of year for Joe and Sue, and so a moment to say happy birthday Joe…happy birthday Sue…and happy anniversary to Joe and Sue. In the interest of the Halloween spirit, I thought I would post a few sites concerned with that venue. To start off I remember younger days trying to carve pumpkins usually with limited success, lucky for me they were supposed to look ghoulish, and ugly. Unfortunately not amateurish, luckily everyone would think the younger kid carved it. I used to marvel at those that were almost like works of art. This first site was the best I found on how to carve a pumpkin; they have free downloadable patterns, lots of them. I thought the pumpkin ladys link was most useful, not so much for the patterns, but the tips at the end. I will not be carving this year, but only because of the timing, and the fact I do not do Halloween any more. I would very much like to attempt one or two of the more complex ones, just for the heck of it, anyway here is the link check it out.

2) Do you like word games? I know that I do; here is one that is related to Halloween, it is a hangman variation with a skeleton, a sarcastic one at that. The game is fun, and not all that easy, I managed to reach 475, of course, I only played twenty or thirty times. Using the old e,a,r,s,t,l,n,i, etcetera concept. A hint the n seems to come up more than usual. So, try it and see what you can do, there is also a link to add to a web site if you want.

3) You have been invited to a party that starts in an hour or two, and you are stuck without a costume, what are you going to do? Here is a site with some ideas for a last minute ideas that might pull you out. I did not say necessarily good ideas, but if you are desperate, it is a start. There are also many other ideas here if you have more time.

4) Next up ghost stories, I thought I would put up a link for some ghost stories online. This is from a site mentioned by Jack a while ago “Project Gutenberg” they do audio, and e-text books on line. Currently over 20,000 free downloads online books, and over 100,000 if you include partners, affiliates, and resources, you can also volunteer to do proof reading, or of course donate funds. The link offered is to Charles Dickens, “Three Ghost Stories” in audio format. If you are interested in more, just click on the main page link.

5) To finish out the week a link to the Washington Post for an article about the origin of the Halloween holiday, the oddest holiday celebrated in the U.S. There is not any connection to anything with this holiday, it is not religious, not patriotic, has nothing to do with the seasons, yet it is one of the widest celebrations of all, crosses all segments of our society. Reading the article, I find there is as much mystery in its origins as there is in the way we celebrate it. Check it out a very in-depth and interesting article, you will be quite well prepared to discuss the subject with anyone, and sound like a true scholar on the subject.

6) This is a late addition thanks to Jack, an article on the tech side of the ghost busting business. A line of work requiring some creativity to develop the tools of the trade cannot just go to Fry’s and get them off the shelf. If this subject fires up your “I want to try it juices”, you may want to start easy and cheap using stuff you have on hand. I would suggest trying some E.V.P.’s that is an acronym for electronic voice phenomena. Here is a site with some interesting links to do everything from record your own, listen to others, or read about the subject.

Thursday, October 25, 2007

Microsoft's OneCare silently changes Automatic Updates

Last Patch Tuesday, or should I say the Wednesday morning after, I woke up to find my computer had rebooted itself over night. Knowing the date I opened Microsoft update and found that updates had been installed without my intervention. Now I know that I just hadn't accidentally changed the setting. I always leave my setting at "download, but ask me to install". I had used One Care Live. I just uninstalled it.

There is a name for programs that silently do things behind your back and against your expressed will. They are called Malware.

And there is the basic issue of ownership. I guess if you have Windows on you computer, you have to abide by MS's license and therefore they own your computer.

And yes, danged straight I'm angry.

Microsoft Update Strikes Again!

Now it seems MS is pushing their desktop search as an automatic update!

While some may really like the search, it is not my idea of a good time. Unless you have a really fast machine, it will bog your computing experience down as surely as dragging an anchor. It can be disabled, as it runs as a service, but we should not have to deal with this.


Password-cracking chip causes security concerns

The processors on high-end graphics cards are very good at the type of operations used to crack passwords, among other things. So it is really no surprise they got put to that use. Still, this is just one more threat to worry about, I guess. Pass the Rolaids, please.


Storm worm strikes back at security pros

This thing just gets scarier and scarier.


Sun's ZFS is close to perfect, but widely misunderstood

You all have heard me wax enthusiastically about Sun's ZFS (Zetabyte File System) a couple times on the show. It's a tremendous improvement on any existing file system and probably will be the model for all those to follow, at least in part, for quite a while, unless Microsoft's WinFS actually materializes and fulfills all it's promises. In that case; ZFS goes onto large machines and WinFS onto Windows desktops and servers.

Incidentally, Sun is having to defend it's open sourcing of ZFS in court, which may prove interesting.

Here is a one page article that will explain a good deal about ZFS without getting very technical on Tom Yager's blog at InfoWorld. It is worth a read by everyone. For the technically inclined, it will whet your appetite and the rest of us will learn just what all the talk is about.


Wednesday, October 24, 2007

WARNING: device driver updates causing Vista to deactivate

If Microsoft were a human Vista's activation would be the piece of toilet paper hanging out of its pants as it left the washroom. What don't companies get about punishing their paying customers? Deactivating a legitimately purchased and installed copy of Vista on as little as a driver update seems unconscionable to me.

Nasty PDF exploit runs wild

This one is bad. Really. Adobe's Acrobat Reader software is one application no one thinks to update. Even when notified, no one updates it.

What you are reading at The Register, courtesy of the link above, is just the first whisper of what is bound to be a flood of coverage.


Would-be identity thief finds himself stumped without printer drivers

I just love stupid criminal stories.

Tuesday, October 23, 2007

Panda Anti-Rootkit

I've now used this tool twice. I like it. I doubt there is much difference in efficacy between this and RootKit Revealer, but one cannot have too many tools like this at hand and this one seems worthy of inclusion to your working software collection.


AMD DTX Small Form Factor System Sneak Peek

As I said on the show a couple months ago; I'm stoked over this effort to bring standardization to small form factor (SFF) PCs. It's completely open and free to anyone to implement. It's also backward compatible, which will ease the minds of a lot of component makers. has an excellent short and concise look at the new form factor. I'm sure that when you finish reading it, you will be able to imagine one or more of these machines fitting right into your home or office and your life. I do.


WARNING: device driver updates causing Vista to deactivate

I can testify this is true. Driver updates for Creative X-Fi and Diamond ATI Radeon cards have caused it among my people in the last couple days. Calling in for new activation rectified the problem, but the tech I spoke to about the Creative X-Fi issue was openly skeptical, though he did grant the activation.


Hellgate: London Includes Adware

Plus, the End User License Agreement (EULA) authorized the company (Massive, Incorporated) to collect data on you and use that to serve contextual ads.

The bit about ads in a game demo is one thing. But in a game someone has already shelled out big bucks for, it's a disgrace. Greed run rampant. There is no other way to say it. And to add to the injury, the reporting, etc. seems to amount to really big back-door to one's computer.

When are the companies going to realize that it is MY computer, not theirs? And that it is MY personal information and they have no right to it?


Monday, October 22, 2007

Workaround available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat

This has been floating around for a while, but I have to admit to having been only dimly aware of that. Anyway, it is a serious flaw, but there is a workaround, which is at the link above.

Of course; the best workaround would be to use a smaller, less bloated reader, like the Foxit product. But that's another story all together.


Core of "Windows 7" taking shape: meet the "MinWin" kernel

We spoke a little bit about this on the show, yesterday. It's fascinating to me.

This article at Ars Technica is good, explaining a lot. Plus, it has a link to a one hour video of the presentation Eric Traut gave on the subject. Should you not want to do such a long video, there is also a link to a shorter "digest" version.


Sunday, October 21, 2007

OnComputers Radio show Podcast 10-21-07

This is the On Computers Radio show podcast for 10-21-07. You can listen live every Sunday from 10AM to 1PM Pacific thats 1PM to 4PM Eastern. Join us for the live show and chat. If you prefer, you can download the same MP3 file here via ftp.

Here is a good, well done security reference. Not for those of us who more or less keep up on this sort of thing, but for those who are potential victims. It's worth it.

And as an added bonus; I found this site from Roger's Information Security Blog, which I consider a really good place to get early info on security warnings. Most of Roger's posts are short pointers to another site, but he also has some good things to say when he describes them. This is one to put on your feed reader list and check whenever he posts.


Links from the Gregg Zone!

1) This is for anyone who like was an Art Bell fan, due to the subject matter, but has been disillusioned with the way the show has evolved. Personally, I can no longer listen to the show at all, to many commercials, and the quality is just not there anymore. I have started to look around the net at some of the alternatives; this site is one I found that I like quite a lot. The sites name is the “Black Vault”, I especially like the radio pod cast section it is very good, and very well done. This site was started by, John Greenewald when he was fifteen years old and has been going for over ten years. I will post more of these as I run across them.

2) I was trying to update myself on what has been going on with the Princeton Eggs. The place I am trying to send you to is a newsletter link I found doing my update inquiry. The newsletters titled “FUTUREdition”, “Future Facts – from Think Links – The Future in the News….Today”, this newsletter from The Arlington Institute. A newsletter affiliated with the Princeton Global Consciousness project. If you are trying to stay ahead of the crowd with what is latest in science news, you should add this to your arsenal. You will need to follow a path to get there, because the direct link would not work. Start at the home page link provided, , then go to the bottom of the page, select links, in the text on that page there is a link that says newsletters. When you click on that link it takes you to a page offering two newsletters, click on FUTUREdition. That will take you to a page that says the page does not exist, you need to delete everything except the first word futuredition in the link, then hit the search box. It is a little extra work, but a nice site.

3) Joe and I had the U.F.O. subject visit us last week, sorry I can’t go into that at all here, let us just say Roswell, high ranking military contacts, secrecy, and leave it at that. Anyway I went back to find the disclosure project video, thought I would put up that link here for those who have not seen it. This is a copy of the description from the link…..A large number of ex high ranking officials including air traffic controllers, ex secret op. officers, commercial pilots, numerous military defense specialists with top secret clearance, people who had access to very sensitive documents lieutenants, ex commanders in the u.s air force,
astronauts, etc...
All going before the national press club to discuss what their experiences have been regarding U.F.O’s and all are willing to go before congress to testify under oath.. Never before has such a group come forward..

4) This is just plain weird, it is a converter, like metric to standard. Except there is nothing standard about it, for example how many chickens = Tom Cruse ans. 45.3597024435 / or Tom also is equal to 3984 + U.S. quarters, but he is smaller than the testicle of a Wright Whale. Strange as it is, here it is