Random stuff from the last 2 weeks

My Adobe Flash paranoia isn't completely un-founded it would seem:  http://www.theregister.co.uk/2007/12/21/flash_vulnerability_menace/
The Flash monoculture seriously concerns me . . . I'm surprised we haven't seen more active exploitation using Flash.  I guess it will happen eventually.

Google Orkut worm: http://blogs.zdnet.com/security/?p=767

Hi5 social networking site worm planned: http://sirdarckcat.blogspot.com/2007/12/making-social-network-xss-worm-hi5com.html

The HP patches for their bundled software should be a huge warning to ALL OEMs who add "stuff" to Windows . . . my in-laws bought a new HP notebook over the Christmas holiday and the first thing I did was to format the drive and install Vista from a DVD for them to decrapify the OS and make it more resistant to attack.  Not only does it run faster now - it's a lot more secure due to the reduced attack surface.

What sucks is I did add the Quick Launch app back so that their fancy new touch sensitive buttons for volume and stuff would work - so I guess I'll have to patch that for them now (and make sure they've got the latest Flash) (I didn't install the HP Software Update app so I guess I don't need to patch that). 

What really sucked about the ordeal though was that even though Vista had the Webcam drivers built-in - the webcam wouldn't work on 64bit Vista with Live Messenger or the Windows Media Encoder 9 series . . . I'd get some device error when it would try to start the Webcam.  So I decided to start an IM support session with some HP person to ask what was up.  They promptly informed me that the retail version of Vista that I installed wasn't supported on the notebook since it was "different" from the image they shipped on the notebook.  They would only talk to me if I restored the notebook using the DVDs I made of the original image.  Whatever . . . I eventually managed to get the Webcam working by installing some massive 150MB multimedia application I remembered seeing on the notebook before I formatted it. :)  I found a download link to it on the HP web site and it turns out it's a 3rd party multimedia app from CyberLink called 'Quick Play' (I believe - memory is a bit fuzzy after New Years).  After installing that the WebCam now works in Messenger.

FYI - If you own an HP machine you can subscribe to their security bulletins using these instructions:

 Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
  - check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
  - verify your operating system selections are checked and save.

 

Finally - my team got Slashdot'd while I was out of the office on vacation: http://it.slashdot.org/it/07/12/28/018226.shtml, and http://blogs.cnet.com/8301-13505_1-9838072-16.html?part=rss&subj=news&tag=2547-1_3-0-20

That like . . . almost never happens. :)  I'll see if I can maybe think of something cool to blog there . . .

 

 

Published 02 January 08 02:20 by Robert_Hensing

Comments

# Geek Lectures - Things geeks should know about » Blog Archive » Random stuff from the last 2 weeks said on January 2, 2008 4:04 PM:

PingBack from http://geeklectures.info/2008/01/02/random-stuff-from-the-last-2-weeks/

# Mike Dimmick said on January 2, 2008 8:32 PM:

Other alarming sources of security vulnerabilities that people believe are 'safe': Sun Java, Apple QuickTime, RealPlayer, Acrobat Reader. They're ubiquitous but rarely kept up to date.

When people have problems with an Internet Explorer security update, a common reason seems to be an old (vulnerable) version of one of these plugins.

Anonymous comments are disabled

Search

This Blog

Tags

No tags have been created or used yet.

Syndication

Page view tracker