Category Archives: Vulnerabilities

Briefs

The weird bounces I was getting a while back are apparently due to a bug in QMail. They’re also causing some mails to be sent multiple times from webmail. Triffic. But I’ve switched webmails from SquirrelMail to IMP, and that seems to help. I don’t like IMP’s “This mail was sent by IMP” footer, but I do like its features, especially the timezone setting, which was never satisfactory in SquirrelMail.

A big batch of Microsoft patches are out. Through as someone at work pointed out, they shouldn’t be due to buffer overflows, ‘cos MS claimed years ago that they’d eliminated them in Windows XP. (Thanks Ian)

Mr 99Zeroes has apparently been sacked from Google. As Scoble remarks, the rule for blogging about work really needs to be: Don’t piss off your boss. The alternative is simply not to blog about work.

C/Net’s new online news/RSS reader/aggregator: NewsBurst. (via Steve Rubel who features on the latest G’day World podcast)

An Englishman was arrested after he used the text-only browser Lynx to donate money to a tsunami fundraiser. Apparently British Telecom technicians looking through the web site logs thought it was a hacking attempt.

XP SP2

I don’t run Windows XP (my PCs are a couple of years old and happy on Win2K… I don’t feel compelled to lumber them with the beautiful XP), but a lot of people I know do. I want to give one of them a copy of SP2 to install, to save a long boring troublesome download via dialup.

Problem? The SP2 download page lets you install it via Automatic Updates or Windows Update. Or you can order a CD. You can order it in any country, not just North America (good) but it takes four to six weeks to arrive (bad). If the average unpatched computer can be compromised in 20 minutes, in four weeks it could be compromised 2,016 times. (Okay okay it’s on dialup, so it wouldn’t be connected all that time.) Gimboids. Even the Download.com page for it pointed me back to Microsoft.

Happily, I did find it on an APC Magazine CD. I also eventually found the Butch Microsoft Technet Geeky Professional Developers’ download page.

A few snippets

Clinging to IE, but wishing there were more security zones, so you can tighten the thumbscrews to varying degrees where appropriate? Add a fifth security zone to IE. (via Greg)

Once upon a time to display JPEGs in DOS, you had to run an obscure JPEG Viewer program, and on my ancient rattling 286, it took a good few seconds to look at the file and actually show it on the (16 colour) VGA screen. Nowadays JPEG display is built into practically everything. Which makes Microsoft’s JPEG display vulnerability doubly-scary. Affected software: just about everything they sell. (Microsoft thanks those who work with them to protect customers, by putting their e-mail address on their web page so they can be bombarded with spam.)

Looking for a freebie FTP client for Windows, but sick of CoreFTP’s vagaries, WSFTP’s oldness (is it even Y2K compliant?), and IE/Explorer’s astounding lack of functionality? FileZilla rocks.