10 January 2006
And here I thought things would settle down a bit now that Microsoft has released MS06-001, the patch for the previous exploitable WMF flaw. Now, just days after the release of that out-of-band security patch, more WMF flaws have been uncovered.
6 January 2006
Some time ago, I spoke about Mac OS X virtual desktop managers. Specifically, I was (and still am, to a certain extent) torn between two open source projects, Desktop Manager and Virtue. One of the two key advantages that Desktop Manager held over Virtue was a shortcut key for launching applications—critical for me since the window displaying my Applications folder could be a couple of virtual desktops away at any given moment. Now I’ve found a handy program that addresses that shortcoming.
5 January 2006
There’s a lot of chatter on the Internet today about the MS06-001 patch from Microsoft, designed to address the “zero-day” WMF flaw for which numerous exploits were circulating. Here’s a brief look at some of the links.
4 January 2006
Some time ago, Mac OS X Hints published a hint I submitted regarding the use of the
.local TLD (top level domain) with Mac OS X. Specifically, the hint centered around the use of Mac OS X with Active Directory domains using the
.local TLD. For ease of access, here’s that same hint.
29 December 2005
In an update to my previous article on the Windows Metafile flaw, new reports are coming in of greater use of malicious WMF files that take advantage of the flaw, especially by adware companies. Numerous sites are reporting that malicious WMF files are being used in ad rotations on third-party sites. For more information, see one of the following articles:
28 December 2005
Two separate reports (this article from eWeek and this article from ComputerWorld) have risen today regarding a “zero-day” exploit of a vulnerability in Windows’ handling of WMF (Windows Metafile) images. According to the reports, simply viewing a WMF file (such as from a web site) can infect your computer. Sunbelt Software’s blog also offers more details on the vulnerability as well. Here’s more information from SecurityFocus as well.
27 December 2005
As I’ve mentioned in a couple of previous posts, I have several servers running Red Hat Linux 9.0 that I am looking to upgrade to a newer distribution. I’ve tried a couple of recent versions of CentOS (a clone version of Red Hat Enterprise Linux), but ran into problems with ntpd (I may have finally resolved those). I’d heard good things about Debian GNU/Linux, so I decided to give that a try as well.
26 December 2005
Just so the Windows flaws don’t get all the attention, here’s a reasonably new one: a flaw in VMware, the machine virtualization software that is tremendously popular, especially among security professionals. Fortunately, it’s reasonably easy to work around the flaw, and VMware has already released a patch.
24 December 2005
I’d like to take a moment to wish everyone a very Merry Christmas and a Happy New Year! I hope that the Lord blesses each of you very richly in the coming year. Let us be sure not to forget the true reason for this season—the birth of Jesus Christ, our Lord and Savior.
23 December 2005
The NTPd problem that I wrestled with in CentOS 4.1 and again in CentOS 4.2 has finally been resolved. Mostly. I think. The specific steps I took to resolve the issue came from a number of sources, so read on for all the details.