Saturday, December 31, 2005
Blogger: Browser Cookies Disabled
Blogger: Browser Cookies Disabled
Why do I get this error when I try to log into blogspot.com but can get in if I use the Blogger button on the Google toolbar?
Why do I get this error when I try to log into blogspot.com but can get in if I use the Blogger button on the Google toolbar?
ANY ATTEMPT TO DISPLAY A MALICIOUS IMAGE IN WINDOWS
Security Now! Notes for Episode #20: "regsvr32 -u shimgvw.dll" This is from Steve Gibson from www.GRC.com
This fix is temporary, until Microsoft comes out with a patch Steve has an undo for it if it breaks anything.
To immediately disable the vulnerable Windows component:
Logon as a user with full administrative rights.
Click the Windows "Start" button and select "Run..."
Enter the following string into the "Open" field:
regsvr32 -u shimgvw.dll
(You can copy/paste from this page using Ctrl-C/Ctrl-V)
Click "OK" to unregister the vulnerable DLL.
If all goes well, you will receive a confirmation prompt, and your system is now safe. No need to reboot, but you might want to just to be sure that any possible currently loaded instance is flushed out.
This fix is temporary, until Microsoft comes out with a patch Steve has an undo for it if it breaks anything.
To immediately disable the vulnerable Windows component:
Logon as a user with full administrative rights.
Click the Windows "Start" button and select "Run..."
Enter the following string into the "Open" field:
regsvr32 -u shimgvw.dll
(You can copy/paste from this page using Ctrl-C/Ctrl-V)
Click "OK" to unregister the vulnerable DLL.
If all goes well, you will receive a confirmation prompt, and your system is now safe. No need to reboot, but you might want to just to be sure that any possible currently loaded instance is flushed out.
Friday, December 30, 2005
'Intel Inside' sent to the place where brands go to die
So how does "Leap Ahead" grab you?
I knew that it would, lol.
As an AMD only household here I won't have to change my case badges ;-)
I knew that it would, lol.
As an AMD only household here I won't have to change my case badges ;-)
Wednesday, December 28, 2005
Windows zero day nightmare exploited
Image handling flaws can infect Windows machines, including XP SP2, when visiting maliciously constructed web sites. This does not just affect Internet Explorer users. Firefox users are apparently vulnerable as well.
More information is available at F-Secure here. This one will garner a LOT of attention in nearly every corner of the web.
Watch Microsoft closely for a patch.
Jack
More information is available at F-Secure here. This one will garner a LOT of attention in nearly every corner of the web.
Watch Microsoft closely for a patch.
Jack
Tuesday, December 27, 2005
Schneier on Security: Internet Explorer Sucks
"This study is from August, but I missed it. The researchers tracked three browsers (MSIE, Firefox, Opera) in 2004 and counted which days they were 'known unsafe.' Their definition of 'known unsafe': a remotely exploitable security vulnerability had been publicly announced and no patch was yet available.
MSIE was 98% unsafe. There were only 7 days in 2004 without an unpatched publicly disclosed security hole.
Firefox was 15% unsafe. There were 56 days with an unpatched publicly disclosed security hole. 30 of those days were a Mac hole that only affected Mac users. Windows Firefox was 7% unsafe."
Mr. Schneier continues....
"This underestimates the risk, because it doesn't count vulnerabilities known to the bad guys but not publicly disclosed (and it's foolish to think that such things don't exist). So the "98% unsafe" figure for MSIE is generous, and the situation might be even worse.
Wow."
Why is ANYbody using IE still? Get Firefox!
--MissM
MSIE was 98% unsafe. There were only 7 days in 2004 without an unpatched publicly disclosed security hole.
Firefox was 15% unsafe. There were 56 days with an unpatched publicly disclosed security hole. 30 of those days were a Mac hole that only affected Mac users. Windows Firefox was 7% unsafe."
Mr. Schneier continues....
"This underestimates the risk, because it doesn't count vulnerabilities known to the bad guys but not publicly disclosed (and it's foolish to think that such things don't exist). So the "98% unsafe" figure for MSIE is generous, and the situation might be even worse.
Wow."
Why is ANYbody using IE still? Get Firefox!
--MissM
Monday, December 26, 2005
Open Source and Your Legal Rights
A court fight in Florida over the software used in the instruments that detect alcohol in breath could threaten the ability of states and localities to prosecute drunk drivers.
The battle is over the source code of breath analyzers made by CMI Group, a closely held maker of breath-alcohol instruments. Defense lawyers have challenged the use of the device and asked to see the original source code that serves as its computer brain, saying their clients have the right to examine the machine that brings evidence against them.
Last February, a state appeals court in Daytona Beach ruled that Florida had to produce "full information" about the test that establishes the blood-alcohol level of people accused of driving under the influence, or DUI. Otherwise, the court said, the evidence is inadmissible.
"It seems to us that one should not have privileges and freedom jeopardized by the results of a mystical machine that is immune from discovery," the state's Fifth District Court of Appeal wrote.
A court in Seminole County later interpreted the ruling to apply to CMI's source code. As a result, at least 1,000 breath tests have been thrown out of court in the county this year. Last month, a court in Sarasota County said the breath tests used in 156 DUI cases will have to be thrown out if CMI continues to refuse to hand over the source code.
CMI, which is based in Owensboro, Ky., has refused to turn over the code for its Intoxilyzer 5000, saying it is proprietary. "It's a trade secret, and like any company they don't just turn over information for the asking," says Allen Holbrooke, outside attorney for CMI. [WSJ 12-16-2005]
As I see it, this is a huge, broad issue that has been creeping inexorably onto the radar screen: since the constitution grants defendants the right to challenge the evidence against them, it should come as no surprise that DUI defendants -- or rather, the defendant's lawyer -- are going after the technology that nailed them. Since most test and measurement equipment (TME) today has a programmed computer in its bowels, the defendants want to double-check the code of the all-too-human programmer. "Opening the source", as it were.
Now, those country-boy lawyers are no dumbies. They realize that any self-respecting TME manufacturer would want to protect its source code -- especially as open-source Linux replaces proprietary TME operating systems and programming languages. It has become too easy to lift source code from online court documents right into a compiler. So, the lawyers are trying to bluff an acquittal by asserting TME source code evidence as critical to their cases. "Uh, my client is innocent by reason of programming error." In the past, the TME device was treated as a "black box"; it could be externally tested but its entrails could not be dissected. To test a radar gun, for instance, you drive a car with a calibrated speedometer at the radar gun and then trigger a speed measurement. How the gun got the measurement internally is less relevant when the external results match the experimental. Apparently, the law is heading down a different track with programmable TME.
So, besides DUI, look for more creative legal tactics regarding voting machines, ATM fraud, automobile insurance cases -- did you know automobiles now tell police and insurance investigators how fast you were going when the car went off the road? -- medical devices and many other instances. Thousands of legal hours worth. It will be interesting to see how defendants rights are (re)balanced against property rights.
The battle is over the source code of breath analyzers made by CMI Group, a closely held maker of breath-alcohol instruments. Defense lawyers have challenged the use of the device and asked to see the original source code that serves as its computer brain, saying their clients have the right to examine the machine that brings evidence against them.
Last February, a state appeals court in Daytona Beach ruled that Florida had to produce "full information" about the test that establishes the blood-alcohol level of people accused of driving under the influence, or DUI. Otherwise, the court said, the evidence is inadmissible.
"It seems to us that one should not have privileges and freedom jeopardized by the results of a mystical machine that is immune from discovery," the state's Fifth District Court of Appeal wrote.
A court in Seminole County later interpreted the ruling to apply to CMI's source code. As a result, at least 1,000 breath tests have been thrown out of court in the county this year. Last month, a court in Sarasota County said the breath tests used in 156 DUI cases will have to be thrown out if CMI continues to refuse to hand over the source code.
CMI, which is based in Owensboro, Ky., has refused to turn over the code for its Intoxilyzer 5000, saying it is proprietary. "It's a trade secret, and like any company they don't just turn over information for the asking," says Allen Holbrooke, outside attorney for CMI. [WSJ 12-16-2005]
As I see it, this is a huge, broad issue that has been creeping inexorably onto the radar screen: since the constitution grants defendants the right to challenge the evidence against them, it should come as no surprise that DUI defendants -- or rather, the defendant's lawyer -- are going after the technology that nailed them. Since most test and measurement equipment (TME) today has a programmed computer in its bowels, the defendants want to double-check the code of the all-too-human programmer. "Opening the source", as it were.
Now, those country-boy lawyers are no dumbies. They realize that any self-respecting TME manufacturer would want to protect its source code -- especially as open-source Linux replaces proprietary TME operating systems and programming languages. It has become too easy to lift source code from online court documents right into a compiler. So, the lawyers are trying to bluff an acquittal by asserting TME source code evidence as critical to their cases. "Uh, my client is innocent by reason of programming error." In the past, the TME device was treated as a "black box"; it could be externally tested but its entrails could not be dissected. To test a radar gun, for instance, you drive a car with a calibrated speedometer at the radar gun and then trigger a speed measurement. How the gun got the measurement internally is less relevant when the external results match the experimental. Apparently, the law is heading down a different track with programmable TME.
So, besides DUI, look for more creative legal tactics regarding voting machines, ATM fraud, automobile insurance cases -- did you know automobiles now tell police and insurance investigators how fast you were going when the car went off the road? -- medical devices and many other instances. Thousands of legal hours worth. It will be interesting to see how defendants rights are (re)balanced against property rights.
Sunday, December 25, 2005
OnComputers Radio show Podcast 12-25-05
This is the On Computers Radio show podcast for 12-25-2005. If you prefer, you can download the same file here via ftp.
Alex Bosworth's Weblog: Dynamics of Digg
I found this article interesting. I believe that it is a glimpse inside what I believe Web 2.0 really is, and that is "Attention," although there are many terms for this now. Everybody is trying to monetize the eyes that are drawn to a site. And I believe that most diggers are what could be considered "early adopters," those who use RSS, podcasts without Itunes, fill in your own "geeky edge" :).
» Digging into the Digg System | Web 2.0 Explorer: "Digging into the Digg System
Posted by Richard MacManus @ 6:43 pm
Alex Bosworth has a great post investigating the dynamics of the digg.com system. He discovered that the system is 'very simple' and made up of five groups of people:
1. Readers: Alex guesstimates that 'ten to twenty percent of those ever click 'digg''. I'd love to know the actual figure though.
2. Diggers: 10-20% says Alex. He also says these are the least important members of the system, because 'once a link is on the front page, it makes marginal difference the number of votes next to the link.'
3. Hardcore Diggers: 'people who sit in the queue of submitted stories and watch for breaking news that should make its way up to the front page, or report stories as being spam or irrelevant.'
4. Submitters: people who submit stories. It's highly competitive and difficult to be the first to post a successful story (one that makes the front page).
5. Publishers: 'often bloggers who want to get readership for their content.'"
--MissM
P.S. in order to give attribution to the source of the link, I used a new extension I found for Firefox 1.5, its called How'd I get here? and once put on your toolbar, it will trace back the path to the original site to the page one is looking at.
Clicking back one more time, the original link came from digg.com ;)
» Digging into the Digg System | Web 2.0 Explorer: "Digging into the Digg System
Posted by Richard MacManus @ 6:43 pm
Alex Bosworth has a great post investigating the dynamics of the digg.com system. He discovered that the system is 'very simple' and made up of five groups of people:
1. Readers: Alex guesstimates that 'ten to twenty percent of those ever click 'digg''. I'd love to know the actual figure though.
2. Diggers: 10-20% says Alex. He also says these are the least important members of the system, because 'once a link is on the front page, it makes marginal difference the number of votes next to the link.'
3. Hardcore Diggers: 'people who sit in the queue of submitted stories and watch for breaking news that should make its way up to the front page, or report stories as being spam or irrelevant.'
4. Submitters: people who submit stories. It's highly competitive and difficult to be the first to post a successful story (one that makes the front page).
5. Publishers: 'often bloggers who want to get readership for their content.'"
--MissM
P.S. in order to give attribution to the source of the link, I used a new extension I found for Firefox 1.5, its called How'd I get here? and once put on your toolbar, it will trace back the path to the original site to the page one is looking at.
Clicking back one more time, the original link came from digg.com ;)
Xbox 360: Back to the Drawing Board
Though this FiringSquad.com article really takes the XBox 360 team to task, it is still constructive criticism. I have disagreements with a few small details, but only a few. It's worth a read.
XBos 360 is a perfect example of how a company gets painted into a corner by a release date and doesn't have time to work everything out well enough. It's a common problem, and not just at Microsoft. Still, I like the product, which surprises me greatly. I expected it to be just another console, which it definitely is not.
Jack
XBos 360 is a perfect example of how a company gets painted into a corner by a release date and doesn't have time to work everything out well enough. It's a common problem, and not just at Microsoft. Still, I like the product, which surprises me greatly. I expected it to be just another console, which it definitely is not.
Jack
Migration Software
This looks good. Whether or not it is will take some time and a long look at a bulk licensing agreement.
It's softare to automate the transition from various Microsoft products to Linux. Handles the desktop, Exchange to Linux based apps and a whole lot more.
I've sometimes wondered why this hasn't been done before. A series of products like this could ease the transition to Linux to the point where the expense becomes acceptable. Yes, you save money using Linux. Everyone knows that. But the costs of conversion could easily double one's IT budget for the year, which is a powerful deterrent. It will take a good while to amortize the expense of conversion and begin realizing the savings. If this software can cut the price and problems of conversion to a significant degree, it could sell a lot of enterprises on the conversion.
Jack
It's softare to automate the transition from various Microsoft products to Linux. Handles the desktop, Exchange to Linux based apps and a whole lot more.
I've sometimes wondered why this hasn't been done before. A series of products like this could ease the transition to Linux to the point where the expense becomes acceptable. Yes, you save money using Linux. Everyone knows that. But the costs of conversion could easily double one's IT budget for the year, which is a powerful deterrent. It will take a good while to amortize the expense of conversion and begin realizing the savings. If this software can cut the price and problems of conversion to a significant degree, it could sell a lot of enterprises on the conversion.
Jack
Saturday, December 24, 2005
Friends in Tech » A Geek Christmas Carol
This is a group of Technical podcasters who have forums and tech news podcasts, in addition to several of their own geeky podcasts. I listen to a bunch of them, myself!
and, the podcast pickle also did a version: A Podcast Christmas Carol
"God Bless us every one!"
--MissM
and, the podcast pickle also did a version: A Podcast Christmas Carol
"God Bless us every one!"
--MissM
Official Google Blog: Looking at 2005
Well, its been over a week since a post about Google!
They announced 2005's Year-End Google Zeitgeist. As Patrick Norton said on 12/23 dl.tv, "This is scary! [after reading the top 10 google news search list] Its the hard news that makes the list." Do you agree? ;)
--MissM
They announced 2005's Year-End Google Zeitgeist. As Patrick Norton said on 12/23 dl.tv, "This is scary! [after reading the top 10 google news search list] Its the hard news that makes the list." Do you agree? ;)
--MissM
Friday, December 23, 2005
Symantec flaw leaves opening for viruses | CNET News.com
"Symantec has issued a patch for a flaw in its scanning software that could cause a virus to execute, rather than catch it. " It looks like Symantec isn't getting anything right lately! :(
Thursday, December 22, 2005
How to Score an xBox 360 While Sleeping
Hey, Gang, got someone in your house who wants an xBox 360? And they are whining? Sad, really sad. Well, Bucky, you can go to sleep tonight and let the 'Net do the shopping -- or at least the looking.
The tools described in this article will alert you online as to who has the inventory in stock, so you can score that xBox without resorting to a handgun, as happened at 3am Sunday morning at the BestBuy near me.
Merry (Stressfree) Christmas!
The tools described in this article will alert you online as to who has the inventory in stock, so you can score that xBox without resorting to a handgun, as happened at 3am Sunday morning at the BestBuy near me.
Merry (Stressfree) Christmas!
Flaw reported in Symantec anti-virus software
If you use RAR files and Norton Anti-Virus, you need to read this article.
Symantec shuts down discussion groups
Symantec Corp. has shut down its enterprise technical support discussion groups, saying they're no longer an effective vehicle to address customers' technical support needs.
Here THEY go AGAIN :(
Here THEY go AGAIN :(
Is the Wiretap Fracus About a High Tech Breakthrough or a Fiasco?
Why would the president authorize warrantless wiretaps of U.S. citizens is a timely question? The conventional press (and many politicians) are reacting as if the president is thumbing his nose at the courts and congress. Maybe the situation makes a warrant in advance impossible, as this Ars Technica article suggests.
It is a fact that the U.S. has captured laptops and cell phones from terrorists. Let's hypothesize that JohnDoe@yahoo.com is one of the captured e-mail contacts. Nobody knows who he (or she) is nor where in the world they are. It seems to me that the gist of what is happening is that the NSA puts a flag on JohnDoe@yahoo.com and waits and watches. The e-mail may be retrieved from anywhere in the world. Ditto on cell phone calls. The monitoring starts when the contact picks up the phone or retrieves the e-mail. At that point, it's too late to run down a judge.
In a separate Ars Technica article, the author suggests that the technology to do voice matching in real time on a large portion of the U.S. telephone traffic is not only technologically possible with today's computer power but is likely in place. Is hunting for the bad guy's voice a technology needle in a haystack? I suspect the answer is no, it's not impossible at all.
It is a fact that the U.S. has captured laptops and cell phones from terrorists. Let's hypothesize that JohnDoe@yahoo.com is one of the captured e-mail contacts. Nobody knows who he (or she) is nor where in the world they are. It seems to me that the gist of what is happening is that the NSA puts a flag on JohnDoe@yahoo.com and waits and watches. The e-mail may be retrieved from anywhere in the world. Ditto on cell phone calls. The monitoring starts when the contact picks up the phone or retrieves the e-mail. At that point, it's too late to run down a judge.
In a separate Ars Technica article, the author suggests that the technology to do voice matching in real time on a large portion of the U.S. telephone traffic is not only technologically possible with today's computer power but is likely in place. Is hunting for the bad guy's voice a technology needle in a haystack? I suspect the answer is no, it's not impossible at all.
Use Intuit TaxCut. Double Your IRS Tax Refund
Got your attention, didn't I. Well, this deal got mine too. Inside the retail box for Taxcut 2005 is a flyer that spells it all out. And it's legal too!
It works like this: as you electronically file your 2005 taxes -- and 2/3rds of U.S. households filed electronically last year -- you can assign your refund to a couple dozen consumer products retailers. The list includes Loews, Borders books, AMC movies, Sharper Image, Starbucks, Bed Bath & Beyond and many others. Instead of a check from the IRS, you get a gift card tanked up with the amount of your refund -- plus a bonus that can double the effective amount of the refund. Got a $1,000 refund? Get a gift card for up to $2,000.
Only in America...
It works like this: as you electronically file your 2005 taxes -- and 2/3rds of U.S. households filed electronically last year -- you can assign your refund to a couple dozen consumer products retailers. The list includes Loews, Borders books, AMC movies, Sharper Image, Starbucks, Bed Bath & Beyond and many others. Instead of a check from the IRS, you get a gift card tanked up with the amount of your refund -- plus a bonus that can double the effective amount of the refund. Got a $1,000 refund? Get a gift card for up to $2,000.
Only in America...
Wednesday, December 21, 2005
Review roundup by PC Magazine: Price-Comparison Sites Strive to Save You Time and Money
"Feeling the urge to splurge? Savvy shoppers know that the best deals on iPods, DVD movies, LCD monitors, and just about everything else can usually be found online. "
Remember your safer using that credit card online than handing it to a store clerk and them walking into the back room to run the charge!
Joe
Remember your safer using that credit card online than handing it to a store clerk and them walking into the back room to run the charge!
Joe
Subscribe to:
Posts (Atom)