Scott's Weblog The weblog of an IT pro specializing in virtualization, networking, open source, and cloud computing

More WMF Flaws Uncovered

And here I thought things would settle down a bit now that Microsoft has released MS06-001, the patch for the previous exploitable WMF flaw. Now, just days after the release of that out-of-band security patch, more WMF flaws have been uncovered.

(Read more...)

A Good Launcher

Some time ago, I spoke about Mac OS X virtual desktop managers. Specifically, I was (and still am, to a certain extent) torn between two open source projects, Desktop Manager and Virtue. One of the two key advantages that Desktop Manager held over Virtue was a shortcut key for launching applications—critical for me since the window displaying my Applications folder could be a couple of virtual desktops away at any given moment. Now I’ve found a handy program that addresses that shortcoming.

(Read more...)

WMF Flaw Patch Released

There’s a lot of chatter on the Internet today about the MS06-001 patch from Microsoft, designed to address the “zero-day” WMF flaw for which numerous exploits were circulating. Here’s a brief look at some of the links.

(Read more...)

Mac OS X and .local Domains

Some time ago, Mac OS X Hints published a hint I submitted regarding the use of the .local TLD (top level domain) with Mac OS X. Specifically, the hint centered around the use of Mac OS X with Active Directory domains using the .local TLD. For ease of access, here’s that same hint.

(Read more...)

WMF Flaw Exploit Grows Worse

In an update to my previous article on the Windows Metafile flaw, new reports are coming in of greater use of malicious WMF files that take advantage of the flaw, especially by adware companies. Numerous sites are reporting that malicious WMF files are being used in ad rotations on third-party sites. For more information, see one of the following articles:

(Read more...)

Windows Metafile Flaw Already Being Exploited

Two separate reports (this article from eWeek and this article from ComputerWorld) have risen today regarding a “zero-day” exploit of a vulnerability in Windows’ handling of WMF (Windows Metafile) images. According to the reports, simply viewing a WMF file (such as from a web site) can infect your computer. Sunbelt Software’s blog also offers more details on the vulnerability as well. Here’s more information from SecurityFocus as well.

(Read more...)

Initial Impressions of Debian GNU/Linux 3.1

As I’ve mentioned in a couple of previous posts, I have several servers running Red Hat Linux 9.0 that I am looking to upgrade to a newer distribution. I’ve tried a couple of recent versions of CentOS (a clone version of Red Hat Enterprise Linux), but ran into problems with ntpd (I may have finally resolved those). I’d heard good things about Debian GNU/Linux, so I decided to give that a try as well.

(Read more...)

Security Flaw Found in VMware

Just so the Windows flaws don’t get all the attention, here’s a reasonably new one: a flaw in VMware, the machine virtualization software that is tremendously popular, especially among security professionals. Fortunately, it’s reasonably easy to work around the flaw, and VMware has already released a patch.

(Read more...)

Merry Christmas!

I’d like to take a moment to wish everyone a very Merry Christmas and a Happy New Year! I hope that the Lord blesses each of you very richly in the coming year. Let us be sure not to forget the true reason for this season—the birth of Jesus Christ, our Lord and Savior.

(Read more...)

CentOS NTPd Problem (Mostly) Resolved

The NTPd problem that I wrestled with in CentOS 4.1 and again in CentOS 4.2 has finally been resolved. Mostly. I think. The specific steps I took to resolve the issue came from a number of sources, so read on for all the details.

(Read more...)