A flaw has been found by a researcher, Vinoo Thomas, from McAfee about Windows’ StickyKeys feature.

The bug can be used to trick users on launching unauthorized machine in Windows Vista. Attackers can replace a file named as sethc.exe, which launches the StickKeys feature, to another program of their choice.

This flaw existed in Windows 200 and XP.

He wrote that, as a solution, “one can uninstall the Accessibility Tools feature, which is installed by default, to avoid this fairly simple, yet potentially serious built-in backdoor.”

“And don’t forget to hit the shift key five times and see what pops up on your desktop,” he added.

Microsoft has not yet responded on this issue.

Source: PC WORLD India

A person named Brian Livingston who is a Windows expert says that Microsoft’s latest operating system, Vista can be run for at least one year without the need to activate it. This claim is huge concerning about Microsoft’s ways of antipiracy.

He also said that it may be possible to run the OS indefinitely if he or other people researched about this possibility.

“The [activation] demands that Vista puts on corporate buyers is much more than on XP. Vista developers have [apparently] programmed in back doors to get around time restrictions for Vista activation,” said Livingston.

“This is a documented feature of the operating system,” he added.

Source: Computerworld

A news has been released about a malware in a MySpace webpage.

The webpage is promoting a French band and it uses a Quicktime flaw to run a JavaScript.

The procedure is that first, an invisible Quicktime video is applied on the webpage. Second, a JavaScript in the video downloads another JavaScript and that second script becomes a spyware when it is executed.

The person who is credited on finding this flaw is Didier Stevens.

Stevens said that McAfee was the only company among antivirus companies which detected the flaw. McAfee flags the first script as JS/SpaceTalk Trojan.

Source: The Register

Once you’ve advertised the job of someone else’s dreams, the next stage is to decide who is going to get the job. A formal way of doing this is shortlisting (taking the hopefully long list of candidates that applied, and narrowing it down to the ones that kind of meet the outline requirements you prepared earlier). You will have to move onto the next stage - interviewing. The world’s most uncomfortable one to one chat! To make sure it’s as pain free as possible, prepare, prepare, prepare. Here’s our pearls of preparatory wisdom to make it as pain free as possible for you!
Read the rest of this entry »

A new email scam is circulating on the internet which targets ebay users according to anti-virus developer, Symantec. It uses Ebay auctions which are real and a Windows Trojan which sucks the bandwidth of a user’s internet connection.

The malware is called Trojan.Bayrob and it sets up what is known as a man-in-the-middle attack.

“Man-in-the-middle attacks are very powerful, but are also difficult to code correctly.” said Liam O’Murchu of Symantec.

If a victim receives the email and tries to buy the item in the email, the money goes to the attackers.

Source: PC World India

The Service Pack #2 has been released for Windows Server 2003. It is for both the 32-bit and 64-bit Itanium editions.

Users can apply the service pack if they have one of the following systems:
- Windows Server 2003
- Windows Server 2003 R2
- Windows Storage Server R2
- Windows Unified Data Storage Server 2003 SP1
- Windows Small Business Server 2003 R2
- Windows XP Professional x64

Some of the new features include Windows Deployment Services, XmlLite, and a firewall authentication for every port.

The patch can be downloaded through Microsoft’s Download Center.

Source: Arstechnica

Symantec has been dominating the computer security market for years now; their most popular offering being Norton Antivirus which is often pre-installed on new brand-name computers. Unfortunately Norton products tend to install themselves deep down into the critical parts of your system and if the product becomes damaged in some way you have a big problem.

I have seen it many times on computer repair callouts. Someone tries to remove the Norton product (which is usually the antivirus program) and it appears to uninstall, but next time they reboot the computer Norton presents an error message saying Norton couldn’t start because its missing a critical component. Of course it cant start properly because they just uninstalled most of its components expecting everything to be removed which leaves you with a crippled copy of Norton which wont uninstall.

This is where the Norton Removal tool comes in handy.
Read the rest of this entry »

Computerworld have a new report on their website about the OneCare bug that deletes people’s emails in Outlook and Outlook Express.

Microsoft posted an instruction on how to recover the deleted emails which are either in a .pst or .dbx file. They said that users should open the Quarantine folder of OneCare.

However, some people said that this instruction did not work for them. The Microsoft representatives on some cases told users that they (the users) have deleted the .pst or .dbx files and Microsoft closed their cases because of this.

A patch is scheduled to be released within 24 hours.

Source: Computerworld

A new bug has been reported for Windows 2000 and XP operating systems. The bug is connected to file called OLE32.DLL which is a library file that is used for linking and embedding actions such as inserting an Excel file to a Word file.

The bug can be exploited by attackers. They can trick people on opening Word document files and when unsuspecting people open the Word file, their system will crash and they need to reboot.

A Microsoft spokesperson said “Microsoft is aware of a report of a possible vulnerability and is currently investigating the issue.”

Source: COMPUTERWORLDUK

If you’ve been a faithful reader of Technibble so far, you may have noticed that our articles have been tech-related either as direct troubleshooting or developing social skills you’ll need in order to act and become a professional. However, thus far there haven’t been any real reports from workplaces that would showcase either of those two distinct, yet equally important aspects of being a successful technician. As this week’s special feature, what follows is a report from one such workplace, conducted by yours truly.
Read the rest of this entry »