A new flaw has been found in how Windows handle the behavior of animated cursors according to the security advisory by Microsoft. This flaw affects all Windows versions including the newest OS, Vista.

It’s a very serious flaw since it can affect an e-mail even if the user just previews an email without opening it. If the malicious e-mail is previewed or if a certain web page contains the malicious code, it will be executed instantly.

The code can make someone’s computer be a botnet.

“This is one of the more serious ones as this allows remote code execution,” said Don Leatham of PatchLink.

This warning was also posted at Avert Labs of McAfee.

Source: Internetnews.com

No you won’t find anything about going to work on hoverboots or becoming one with your machine in the manner of the Matrix or the Lawnmower Man (look it up if you have to). Every so often, you have to take stock of the way you have always done things, and look at where the industry is going, and if you are going in the same direction as it….and find out what to do if you’re not.
Read the rest of this entry »

Finally, a patch has been release on the issue about iPod getting corrupted when using them on a Windows Vista PC.

The release was not by Apple. Instead, Microsoft Corp was the company that released the patch for this flaw. The patch was included when they released several of them last tuesday to fix various Windows Vista bugs.

The bug in Vista about iPod is about the “Safely Remove Hardware” function in Vista.

The other patches are for digital cameras and some updates for Windows Customer Experience Improvement Program.

There were a total of five patches.

The only way to get this download is by validating that your OS is a legitimate copy.

This one was recommended by one of our forum members. ClamWin Portable is a free Windows antivirus with a difference; it can run entirely from portable media such as a USB flash drive, iPod, portable harddrive or even from a CD without needing to be installed.

Read the rest of this entry »

New bugs has been found on StarOffice and OpenOffice suites by Sun Microsystems. The bugs can let an attacker take control of a user’s PC by either sending the user malicious documents or website addresses.

One flaw is located in StarOffice’s spreadsheet application called StarCalc. The other is on the functionality of how the suite handles URLs. Sun had not yet released a patch for either of the flaws and they also don’t have recommendations on how users can protect themselves for a possible future attack.

For the flaws on the OpenOffice suites, the newest release candidate which is version 2.2 includes patches against flaws that have been found.

Source: Computerworld

A warning has been released by Microsoft about an attack that can send someone who is browsing a website through a malicious proxy server.

A technology called Web Proxy Automatic Discovery protocol is used by Microsoft’s web browser, Internet Explorer, and it enables a browser to configure the settings of its proxy. The new flaw that was discovered can let an attacker make a configuration and plant it on a user’s PC to route the user’s web traffic to a malicious proxy.

Microsoft has info on how admins can configure DNS and WINS settings on their servers to prevent these type of actions.

Source: Computerworld

Computers are one of those things which have its novelty wear off pretty fast. I find myself upgrading several components of my system every year on a regular basis, in order to keep up with the technological evolution (though often it feels like a revolution rather than an evolution). Even then, every three years or so, I usually end up buying a completely new system. Upgrade is not always a viable solution. As your system grows old, most of its components are no longer compatible with the latest available on the market.

If you do it the way I do, after a few years or so, you’ll usually find yourself heaps of computer relics in the corner of your garage, and wondering what you are going do with them.
Read the rest of this entry »

The network of Symnatec’s DeepSight has released a statement saying that the threat rating of the recent Windows Mail bug has been increased from 6.8 to 7.5. This is due to the fact that they have confirmed that the exploit can be attacked on a remote location.

The exploit can be can be installed as simple as just one click.

Symantec explained that an attacker can send an email to a potential victim and if that victim clicks on the link on the email, a program could be executed which can let the attacker access the user’s PC.

If the mailicious file is not on the user’s PC, the link would give the user a yes/no question.

Source: Computerworld

The developers who are making programs for Microsoft’s Windows Home Server have reported a total of almost 2400 flaws.

Chris Sullivan who writes a blog about Microsoft’s Home Server said that about 21% of the bugs are still active, i.e. not yet fixed.

The term active bug in this case means that it is either under investigation and no response yet that has been given by Microsoft or it is on queue to being investigated.

Of the bugs that has been reported, 15 percent have been fixed, 13 percent are about issues in server design, 21 percent are not reproducible, 11 percent will not be patched until later versions, and 7 percent will probably not be fixed.

Source: PC World

A new vulnerability has been found in Outlook Express’ successor, Windows Mail. The vulnerability is rated as critical.

A person known as Kingscope said “Remote Code Execution is possible if a user clicks on a malicious prepared link. Vistas Mail Client will execute any executable file if a folder exists with the same name. For example the victim has a folder in C:\ named blah and a batch script named blah.bat also in C:\. Now if the victim clicks on a link in the email message with the URL target set to C:\blah the batch script is executed without even asking. There is for example a CMD script by default in C:\Windows\System32\ named winrm.cmd (and also a folder named winrm inside System32).”

For more info, read the full article on iTWire’s website.