Random stuff from the last 2 weeks


My Adobe Flash paranoia isn’t completely un-founded it would seem:  http://www.theregister.co.uk/2007/12/21/flash_vulnerability_menace/
The Flash monoculture seriously concerns me . . . I’m surprised we haven’t seen more active exploitation using Flash.  I guess it will happen eventually.


Google Orkut worm: http://blogs.zdnet.com/security/?p=767


Hi5 social networking site worm planned: http://sirdarckcat.blogspot.com/2007/12/making-social-network-xss-worm-hi5com.html


The HP patches for their bundled software should be a huge warning to ALL OEMs who add “stuff” to Windows . . . my in-laws bought a new HP notebook over the Christmas holiday and the first thing I did was to format the drive and install Vista from a DVD for them to decrapify the OS and make it more resistant to attack.  Not only does it run faster now – it’s a lot more secure due to the reduced attack surface.


What sucks is I did add the Quick Launch app back so that their fancy new touch sensitive buttons for volume and stuff would work – so I guess I’ll have to patch that for them now (and make sure they’ve got the latest Flash) (I didn’t install the HP Software Update app so I guess I don’t need to patch that). 


What really sucked about the ordeal though was that even though Vista had the Webcam drivers built-in – the webcam wouldn’t work on 64bit Vista with Live Messenger or the Windows Media Encoder 9 series . . . I’d get some device error when it would try to start the Webcam.  So I decided to start an IM support session with some HP person to ask what was up.  They promptly informed me that the retail version of Vista that I installed wasn’t supported on the notebook since it was “different” from the image they shipped on the notebook.  They would only talk to me if I restored the notebook using the DVDs I made of the original image.  Whatever . . . I eventually managed to get the Webcam working by installing some massive 150MB multimedia application I remembered seeing on the notebook before I formatted it. 🙂  I found a download link to it on the HP web site and it turns out it’s a 3rd party multimedia app from CyberLink called ‘Quick Play’ (I believe – memory is a bit fuzzy after New Years).  After installing that the WebCam now works in Messenger.


FYI – If you own an HP machine you can subscribe to their security bulletins using these instructions:


 Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
  – check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
  – verify your operating system selections are checked and save.


 


Finally – my team got Slashdot’d while I was out of the office on vacation: http://it.slashdot.org/it/07/12/28/018226.shtml, and http://blogs.cnet.com/8301-13505_1-9838072-16.html?part=rss&subj=news&tag=2547-1_3-0-20


That like . . . almost never happens. 🙂  I’ll see if I can maybe think of something cool to blog there . . .


 


 


Comments (2)

  1. Anonymous says:

    Other alarming sources of security vulnerabilities that people believe are ‘safe’: Sun Java, Apple QuickTime, RealPlayer, Acrobat Reader. They’re ubiquitous but rarely kept up to date.

    When people have problems with an Internet Explorer security update, a common reason seems to be an old (vulnerable) version of one of these plugins.