Miles Associates LLC

Jim Miles – IT & IT Security Consultant – Web Sites for Growing Organizations

Tag Archives: Network World

Microsoft warns of new Windows zero-day bug

Microsoft [Friday] warned Windows users of a new unpatched vulnerability that attackers could exploit to steal information and dupe people into installing malware.

In lieu of a patch, Microsoft recommended that users lock down the MHTML protocol handler by running a “Fixit” tool it’s made available… from from Microsoft’s support site.

via Microsoft warns of new Windows zero-day bug in Network World

Fake GSM base station trick targets iPhones

Fake GSM base station trick targets iPhones

Weinmann [added] that it is possible to “have complete control of the phone”.  Part of the reason these fake GSM network attacks are possible is because the code base used in smartphones such as the iPhone, which is Infineon-based, goes back to the 1990s.  A little sleuthing allowed Weinmann to discover vulnerabilities that can be exploited.  For instance, he got help by finding that an Italian company that went bankrupt in the 1990s put up some code for GSM stacks in Sourceforge for four years before taking it down.

(Emphasis mine – jm)

via Network World.

MS confirms critical IE bug, works on fix

Suggests using blocking tool, but does not plan to issue emergency patch

Microsoft late Wednesday confirmed that all versions of Internet Explorer (IE) contain a critical vulnerability that attackers can exploit by persuading users to visit a rigged Web site.

Although the company said it would patch the problem, it is not planning to rush out an emergency update.

“The issue does not currently meet the criteria for an out-of-band release,” said Carlene Chmaj, a spokeswoman for the Microsoft Security Response Center (MSRC), in an entry on the center’s blog.

Until a patch is ready, Microsoft urged users to use the Enhanced Mitigation Experience Toolkit (EMET) utility to bolster IE’s defenses. The company provided instructions on how to configure EMET to block attacks in the accompanying security advisory .


“Massive Patch Tuesday” scheduled

Microsoft today said it will deliver a record 14 security updates next week to patch a record-tying 34 vulnerabilities in Windows, Internet Explorer IE, Office and Silverlight.


Microsoft plans gigantic Patch Tuesday next week

 Slates record-tying 34 patches for Windows, IE, Office and SharePoint

The patches will also quash two bugs that Microsoft acknowledged in February and April.

“I’d actually call this a moderate month,” said Andrew Storms, director of security operations at nCircle Security. “Looking at the criticality of the bulletins, and the fact that the number [of bulletins] is low, it doesn’t look like a huge month to me.”

By the numbers, however, next week’s updates will be huge. Although the 10 updates fall short of the record of 13 — first set in October 2009, then repeated in February 2010 — Microsoft will fix a total of 34 vulnerabilities, the same number as the current record, also set last October.


Does Google Have Wi-Fi Data from Your Company?

Google has been “accidentally” collecting wi-fi data, but not if it was encrypted.

Google is facing scrutiny and investigation around the world following revelations that it has been capturing and archiving wi-fi data collected by its Google Street View vehicles that drive around capturing the image data used by the Street View service. It is questionable whether Google should have done that, but what is not questionable is whether or not Google should have any data from your wi-fi network.

While it may seem like an invasion of privacy–and in some countries or jurisdictions it may very well be–it is not necessarily against the law here in the United States. Frankly, there is no reasonable expectation of privacy for data that you willingly broadcast unencrypted into public airwaves.


Will femtocells ever get their moment?

Will femtocells ever get their moment?  Airvana exec argues mobile architecture challenges make them inevitable.

Although femtocells have yet to live up to the hype in terms of sales, femtocell vendor Airvana is still confident that they have a future in the mobile marketplace.During last week’s FutureNet conference, Woojune Kim, Airvana vice president of technology, outlined why his company is still bullish on femtocell prospects. The company believes carriers will come to see them as essential to offloading traffic on their mobile data networks as demand continues to grow.


I have a femtocell in my home from Sprint (Airave).  It is pretty cool, although it releases calls (to the outdoor Sprint network) much earlier than you’d expect.  I think I need to move it to the top floor of my house for better wireless performance.  FYI, the Sprint Airave does NOT assist with data, only voice.

Tech Euphemisms: What Those Error Messages Really Mean

These are hilarious.  I thought the best (quoted here) were from Windows.

Euphemism #3
Error message: “Windows has encountered an error and must shut down.”
Translation: Now you’ve done it.

Euphemism #4
Blue Screen of Death (BSoD) message: “Check for viruses on your computer. Remove any newly installed hard drives or hard drive controllers. Check your hard drive to make sure it is properly configured and terminated. Run CHKDSK /F to check for hard drive corruption, and then restart you computer.”
Translation: Oh sh*t.

Euphemism #5
Error message [Windows XP]: “Error copying File or Folder: A system call that should never fail has failed (While copying a file to the desktop).”
Translation: Sometimes the instability of this OS surprises even us.

Euphemism #6
Warning message: “Buffering video stream.”
Translation: Upgrade your slow DSL line, buddy.

Euphemism #8
Error message: “Non-System disk or disk error.”
Translation: If you don’t have a backup, put your head between your legs and kiss your data goodbye.

Euphemism #9
Error message: “Microsoft (MSFT) Word has stopped working.”
Translation: You have stopped working.

via Tech Euphemisms: What Those Error Messages Really Mean.

MS to issue emergency patch for IE zero-day

Microsoft today announced it will issue an emergency security update for Internet Explorer IE tomorrow to patch a zero-day vulnerability that has been used to launch drive-by attacks for at least several weeks.

Tuesday’s update will be the second out-of-band update — Microsoft’s term for one outside its normal once-each-month Patch Tuesday — in the last three months.


Gmail, Yahoo, and Hotmail passwords compromised

Google’s Gmail and Yahoo’s Mail were also targeted by a large-scale phishing attack, perhaps the same one that harvested at least 10,000 passwords from Microsofts Windows Live Hotmail, according to a report by the BBC.


%d bloggers like this: