Another second Tuesday of the month and another set of Microsoft patches. I realize it’s important to patch vulnerabilities as soon as possible and this monthly release schedule tends to go against that, but I like the consistency and ability to plan. Anyway, this week brought two patches. The first is MS08-001 titled “Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution”. This affects all supported desktop OS’s. It’s rated as Important for Windows 2000 and Critical for all flavors of Windows XP and Windows Vista. I didn’t have any [...] Read the rest »
Security Quest #16: WordPress Edition
WordPress has released version 2.3.2 which it calls an “urgent security release”. WordPress 2.3.2 contains a total of 7 bug fixes. The security vulnerability would allow someone to see future posts by giving access to draft posts. Sixteen WordPress files were changed in this update. This version will also suppress some DB error messages to avoid giving out to much information. The error messages will still be displayed if debug mode is enabled. Details on all the changes can be found at Westi on WordPress. The update was released on [...] Read the rest »
Security Quest #15: Links & Numbers
Not much happening this holiday week so just some spam numbers and links. Spam Counts My primary mailbox (which manages multiple addresses) didn’t get any new spam messages and the 30-day count is down to four from last week’s seven. My more public GMail address received a bunch of spam messages this past week, all of which was filtered by GMail. The thirty day count jumped to 176, up from 154 messages last week. This site’s spam comment count jumped to 7,414, up 73 from last week. All were caught [...] Read the rest »
Security Quest #14: Apple Releases Security Patches
Apple released Security Update 2007-009 for OS X 10.4.11 Tiger and OS X 10.5.1 Leopard on Monday. The Apple support article lists 41 vulnerabilities that were patched. Patched components include Core Foundation, CUPS, Flash Player Plug-in, Launch Services, perl, python, Quick Look, ruby, Safari, Samba, Shockwave Plug-in, and Spin Tracer. The update requires a reboot. The Leopard update was a 35.4MB download on my Intel Macs through Apple Automatic Update. It’s also available as a 35.6MB standalone download. There are two versions for Tiger. The PPC version is a 15.9MB [...] Read the rest »
Security Quest #1a: Introduction and Catching Up
I’ve been running another site called the Spam Chronicles which was last updated after Patch Tuesday in August. I’ve accepted that I don’t have time to keep both sites up to date. So, long story short – I’ll stop even thinking about updating the Spam Chronicles and will instead incorporate the new content here when it’s appropriate. The current Spam Chronicles will stay up, no reason to pull it down. When winter sets in I may find time to do a redesign. A new feature here will be the Security [...] Read the rest »
Comments and Comment Spam
In the recent past a couple comments posted to this site have been incorrectly flagged as spam. This means I actually have to log into the WordPress admin console to even know they exist and then to release them. I had been considering turning off the spam filter since I hadn’t received any real spam. Well, that changed this weekend. There were a couple dozen spam messages caught over this weekend. So the spam filter stays on and I’ll have to start checking the console regularly to process the spam. [...] Read the rest »
