My Adobe Flash paranoia isn’t completely un-founded it would seem: http://www.theregister.co.uk/2007/12/21/flash_vulnerability_menace/
The Flash monoculture seriously concerns me . . . I’m surprised we haven’t seen more active exploitation using Flash. I guess it will happen eventually.
Google Orkut worm: http://blogs.zdnet.com/security/?p=767
Hi5 social networking site worm planned: http://sirdarckcat.blogspot.com/2007/12/making-social-network-xss-worm-hi5com.html
The HP patches for their bundled software should be a huge warning to ALL OEMs who add “stuff” to Windows . . . my in-laws bought a new HP notebook over the Christmas holiday and the first thing I did was to format the drive and install Vista from a DVD for them to decrapify the OS and make it more resistant to attack. Not only does it run faster now – it’s a lot more secure due to the reduced attack surface.
What sucks is I did add the Quick Launch app back so that their fancy new touch sensitive buttons for volume and stuff would work – so I guess I’ll have to patch that for them now (and make sure they’ve got the latest Flash) (I didn’t install the HP Software Update app so I guess I don’t need to patch that).
What really sucked about the ordeal though was that even though Vista had the Webcam drivers built-in – the webcam wouldn’t work on 64bit Vista with Live Messenger or the Windows Media Encoder 9 series . . . I’d get some device error when it would try to start the Webcam. So I decided to start an IM support session with some HP person to ask what was up. They promptly informed me that the retail version of Vista that I installed wasn’t supported on the notebook since it was “different” from the image they shipped on the notebook. They would only talk to me if I restored the notebook using the DVDs I made of the original image. Whatever . . . I eventually managed to get the Webcam working by installing some massive 150MB multimedia application I remembered seeing on the notebook before I formatted it. 🙂 I found a download link to it on the HP web site and it turns out it’s a 3rd party multimedia app from CyberLink called ‘Quick Play’ (I believe – memory is a bit fuzzy after New Years). After installing that the WebCam now works in Messenger.
FYI – If you own an HP machine you can subscribe to their security bulletins using these instructions:
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
– check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
– verify your operating system selections are checked and save.
Finally – my team got Slashdot’d while I was out of the office on vacation: http://it.slashdot.org/it/07/12/28/018226.shtml, and http://blogs.cnet.com/8301-13505_1-9838072-16.html?part=rss&subj=news&tag=2547-1_3-0-20
That like . . . almost never happens. 🙂 I’ll see if I can maybe think of something cool to blog there . . .