Saturday, September 30, 2006

Security pros patch older Windows versions

A group of security professionals has released a patch to repair a serious flaw in older Windows versions for which Microsoft no longer provides security updates.

The group, which calls itself the Zeroday Emergency Response Team, or ZERT, created the patch so users of Windows versions that are no longer officially supported can protect their PCs against increasing attacks that utilize a recently disclosed Windows flaw.

The vulnerability, first reported last week, lies in a Windows component called "vgx.dll." This component supports Vector Markup Language (VML) graphics in the operating system. Malicious software can be loaded, unbeknownst to the user, onto a vulnerable PC when the user clicks on a malicious link on a Web site or an e-mail message.

Microsoft rushed out a "critical" fix for Windows on Tuesday to address the problem, two weeks before its regularly scheduled patch day. Microsoft's updates are available for Windows 2000 with Service Pack 4, Windows XP with Service Pack 1 or later, Microsoft Windows XP Professional x64 Edition, and Windows Server 2003.

But Microsoft no longer provides updates for its older operating systems. ZERT sought to fill that void. "A ZERT patch has just been made available for unsupported system versions," the group said on its Web site. The patch has been tested on Windows 98, Windows 98 Second Edition, Windows Millennium Edition, Windows 2000 and Windows 2000 with Service Pack 3, the group said.

ZERT is made up of security professionals from around the world who volunteer their time. Last week the group crafted a patch to plug the VML flaw ahead of Microsoft's fix, so IE users can protect themselves while Microsoft worked on an official patch.

Meanwhile, there are several other security vulnerabilities in Microsoft products waiting to be fixed. Some of these flaws are already being used in cyberattacks, though not as widespread as the VML flaw, according to security experts.

A word of caution is always warranted when it comes to third-party fixes, ZERT has noted. The group does test its fixes, but does not have the same resources Microsoft does when it produces patches. ZERT does provide the source code of its fix, allowing people to validate what it does.

ZERT stresses on its Web site that its fix has no warranties.

Link
Link
Link

Friday, September 29, 2006

Lady Swallows the whole Mic

Here is something that you may never have seen before. No words, just watch it over and over.

Link

Thursday, September 21, 2006

Wednesday, September 20, 2006

Teamwork Sailing Video

This is teamwork sailing video.
(Reminds me of Lee and I working together.)

Sunday, September 17, 2006

Intelligent baby

A funny clip

Saturday Night Live (SNL) Clown Penis Commercial

This is a SNL commercial about a firm that was slow to get a web presence, so they had to settle for clownpenis.fart, the only remaining available domain name.

Thursday, September 14, 2006

Sunset

Just had to post the sun setting over the river. After living here just a few weeks, I couldn't be happier with the choice of moving. This picture is what I get to see almost everynight.

-------------------------------
Sent from my HP6515

Thursday, September 07, 2006

10 essential tweaks for Windows Vista RC1

10 essential tweaks for Windows Vista RC1 by ZDNet's Ed Bott -- No, this is not just another set of random Windows Vista screenshots. Now that Release Candidate 1 is available to the public, I've put together detailed instructions for my 10 favorite tweaks, including how to set up Vista without a product key and how to speed up your system without taking the cover off.