My Adobe Flash paranoia isn't completely un-founded it would seem: http://www.theregister.co.uk/2007/12/21/flash_vulnerability_menace/The Flash monoculture seriously concerns me . . . I'm surprised we haven't seen more active exploitation using Flash. I guess it will happen eventually.
Google Orkut worm: http://blogs.zdnet.com/security/?p=767
Hi5 social networking site worm planned: http://sirdarckcat.blogspot.com/2007/12/making-social-network-xss-worm-hi5com.html
The HP patches for their bundled software should be a huge warning to ALL OEMs who add "stuff" to Windows . . . my in-laws bought a new HP notebook over the Christmas holiday and the first thing I did was to format the drive and install Vista from a DVD for them to decrapify the OS and make it more resistant to attack. Not only does it run faster now - it's a lot more secure due to the reduced attack surface.
What sucks is I did add the Quick Launch app back so that their fancy new touch sensitive buttons for volume and stuff would work - so I guess I'll have to patch that for them now (and make sure they've got the latest Flash) (I didn't install the HP Software Update app so I guess I don't need to patch that).
What really sucked about the ordeal though was that even though Vista had the Webcam drivers built-in - the webcam wouldn't work on 64bit Vista with Live Messenger or the Windows Media Encoder 9 series . . . I'd get some device error when it would try to start the Webcam. So I decided to start an IM support session with some HP person to ask what was up. They promptly informed me that the retail version of Vista that I installed wasn't supported on the notebook since it was "different" from the image they shipped on the notebook. They would only talk to me if I restored the notebook using the DVDs I made of the original image. Whatever . . . I eventually managed to get the Webcam working by installing some massive 150MB multimedia application I remembered seeing on the notebook before I formatted it. :) I found a download link to it on the HP web site and it turns out it's a 3rd party multimedia app from CyberLink called 'Quick Play' (I believe - memory is a bit fuzzy after New Years). After installing that the WebCam now works in Messenger.
FYI - If you own an HP machine you can subscribe to their security bulletins using these instructions:
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue.Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.
Finally - my team got Slashdot'd while I was out of the office on vacation: http://it.slashdot.org/it/07/12/28/018226.shtml, and http://blogs.cnet.com/8301-13505_1-9838072-16.html?part=rss&subj=news&tag=2547-1_3-0-20
That like . . . almost never happens. :) I'll see if I can maybe think of something cool to blog there . . .
PingBack from http://geeklectures.info/2008/01/02/random-stuff-from-the-last-2-weeks/
Other alarming sources of security vulnerabilities that people believe are 'safe': Sun Java, Apple QuickTime, RealPlayer, Acrobat Reader. They're ubiquitous but rarely kept up to date.
When people have problems with an Internet Explorer security update, a common reason seems to be an old (vulnerable) version of one of these plugins.