Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Jump to the BugBlog archives

View vintage BugNet coverage here

Cleveland-area blogs*:

Backup BugBlog

Economic Development Futures

Brewed Fresh Daily

Cleve-blog

Working with Words

Gassho

Sardonic Views

Filtering Craig

Hotel Bruce

Blogcritics.org

Up Yours

Kevin Holtsberry

Steve Goldberg

Red Wheelbarrow

Anita Campbell

Swerb's Blurbs

Rachel's Law

*there are more blogs in Cleveland, these are just from people I've met or know. Some of the above are actually farther away, but are bloggers I've met here.

What I'm Reading

The Baroque Cycle, by Neal Stephenson

Macromedia ColdFusion MX Web Application Construction Kit

Here is the daily bug, incompatibility or other computer problem from the BugBlog

The BugBlog is free- but if you want to help support its existence, subscribe to the BugBlog Plus. A three month subscription is only $5. The BugBlog uses monthly archives. All the current February are here. Use the links on the left or below to jump back to past months.

Read the Special Report on bugs, fixes, and incompatibilities in Windows XP Service Pack 2

3/31/2005 Windows Server 2003 SP 1 Released

Microsoft has released Windows Server 2003 Service Pack 1. In terms of bug and security fixes, Microsoft describes this as the server-equivalent of Windows XP Service Pack 2. You can both download it, or read much more about it, at http://www.microsoft.com/technet/prodtechnol/windowsserver2003/servicepack/default.mspx. One important thing to note -- if your computer has a custom Hal (Hardware Abstraction Layer, not the computer from 2001) be sure to read the Release Notes to see how to handle the customization.

3/30/2005 TELNET Bug

US-CERT has issued an advisory about a bug in many TELNET clients. TELNET is an early Internet technology that's been bypassed by the Web, but most operating systems still supply a client. There is a bug in the data length validation that may give a server a chance to run arbitrary code on a client. So far, the bug has been confirmed in Debian, MIT Kereberos, and Sun Microsystems. It's status is unknown in a long list of other applications and operating systems, which you can see at http://www.kb.cert.org/vuls/id/291924. The BugBlog Plus will have info on the individual fixes. US-CERT credits iDefense with finding this bug.

3/29/2005 Norton AntiVirus Fixes DoS Threat

There is a potential denial of service attack that can be launched against most Symantec Norton AntiVirus (NAV) products, including Norton AntiVirus 2004, Norton Internet Security 2004 (Professional), Norton System Works 2004 (Professional), Norton AntiVirus 2005, Norton Internet Security 2005, and Norton System Works 2005 (Premier). Researchers at the Information-Technology Promotion Agency-Japan, IPA, found that if files are modified in a certain way, the NAV products may crash with a Blue Screen of Death when they are scanned with the Norton Smart Scan feature. Symantec has patched all their products, and the fixes are available via LiveUpdate. See the details at http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html.

3/28/2005 IE Chokes on a Complex Page

Microsoft Internet Explorer 6 will have problems printing or print previewing a webpage that has all of the following: a table nested in a table; the nested tables span a page; CSS (Cascading Style Sheets) are used for formatting; the CSS padding for each row is set to something greater than zero pixels. If all that happens, no printing nor previewing. The individual user of IE 6 can't do anything to fix this, other than to badger the webmaster of the offending page to reverse one of these conditions.

3/26/2005 Mac OS X and Classic Printing

Apple says that if you are using a Classic application on a Mac OS X 10.3 computer, you can print using a Mac OS X printer driver. However, this will only work with inkjet printers that use the same printer driver for both Mac OS X and Classic. See the details on how to do this at http://docs.info.apple.com/article.html?artnum=300849.

3/25/2005 Infected Computer Estimate -- One Million

How many computers world-wide might have been infected and now controlled by hackers? One study in Germany says the number might be one million. Of course, that's an estimate extrapolated from a study they did using "honeypot" computer that have been deliberately left unguarded. After seeing how many botnets (computers controlled by hackers - others call them zombies) were attracted to these computers, they made their estimates. Read the details at http://www.securitypipeline.com/159901193.

3/24/2005 MS Office Update May Go Bad

The Microsoft Office Update site, at http://office.microsoft.com/officeupdate/default.aspx, may get confused when you use it to check your computer for needed updates. If you have updated to a newer version of Office, but have left some older versions of Office programs, you may be offered updates for the older ones. You may also get prompted to update Office components that you never installed. For more details on what may happen when good updates go bad, see http://support.microsoft.com/?kbid=830335

3/23/2005 Mozilla Firefox Fix for Sidebar Panel

(Sorry for the delay -- got back from a trip to find my normally ultra-reliable cable modem service from Cox to be very unreliable. But after they quickly replaced a worn cable things are running smoothly...) The Mozilla Foundation says that if you put a bookmark to a maliciously-designed web page in a Mozilla Firefox 1.0.1 sidebar panel, it may be possible for that page to open up a privileged page, inject some Javascript and then run some damaging program. As a workaround, avoid adding sidebar panels (or bookmarking malicious pages.) To fix this, upgrade to Firefox 1.0.2 at http://www.mozilla.org/products/firefox/.

3/21/2005 Mozilla Thunderbird Fixes Drag and Drop Bug

A drag and drop spoofing bug has been fixed in Mozilla Thunderbird 1.0.2. Previously, if you drag and dropped an image to your desktop, it kept its same name and extension. If this had been named a file with an extension such as .EXE, it would have turned into a file that would be launched, running hostile code. The user would need to click on the icon, and not notice that it is an .EXE, so there are still safeguards.

3/19/2005 Photoshop Has Some Personalization Problems

Adobe says that when you start Photoshop CS on a Mac OS X computer, you may see an error message something like this
Could not fully start the application because of invalid personalization information.
Assuming its not your own personality that Photoshop is complaining about, Adobe has a number of troubleshooting steps you can follow, including removing and reinstalling Photoshop. See the details at http://www.adobe.com/support/techdocs/326496.html.

3/18/2005 Windows XP SP2 Interferes with Validator

Here's a bug that mostly affects webmasters -- if you have a Windows XP Service Pack 2 computer, and you try to upload an HTML document to the validator at the W3C (World Wide Web Consortium) at http://validator.w3.org/, you may get this error message from the site
Sorry, I am unable to validate this document because its content type is text/plain, which is not currently supported by this service.
Microsoft says you will need to install MS05-014, the cumulative security update for Internet Explorer, at http://www.microsoft.com/technet/security/bulletin/ms05-014.mspx.

3/17/2005 Help in Checking for SP 2 Incompatibilities

Microsoft has released a new version of the Application Compatibility Toolkit (ACT). Microsoft says that ACT 4.0 is supposed to identify compatibility isuues that may occur with Windows XP Service Pack 2. They do this by checking DCOM interfaces, firewall settings, and IE problems. You can download it, and also find out a lot more about it, at http://www.microsoft.com/windows/appcompatibility/default.mspx.

3/16/2005 Welcome Bloggers

If this is your first visit after hearing about the BugBlog at the Cleveland Bloggers Meetup, Welcome!

3/16/2005 Cache Poisoning With Symantec Products

Symantec says that a security bug may interfere with the DNS (domain name service) through DNS cache poisoning. This could affect the Symantec Enterprise Firewall 7 and 8, Symantec Gateway Security 5300 and 5400, and the Symantect VelociRaptor. This bug may cause hostnames to be resolved to bogus addresses. Symantec first released a fix on March 4, and updated it on March 14. See http://securityresponse.symantec.com/avcenter/security/Content/2005.03.15.html for more details.

3/15/2005 iPod Charging Problems

If you are going to recharge your iPod by plugging it into a port on your computer, Apple says it is best to plug it directly into a USB 2.0 or FireWire port on your computer. It won't charge if it gets plugged into a non-powered hub. In most cases, the USB ports that may be on keyboards are non-powered. They also suggest that if you are having problems plugging it into a USB port on the front of the computer, that you try plugging it into a USB port on the back of the computer.

3/14/2005 Taskbar Cover Up

Microsoft says that on both Windows XP Service Pack (SP) 1 and SP 2 computers, some programs may ignore the Taskbar and Start Menu option to "Keep the taskbar on top." Maximizing these applications will cover up the Task bar. Microsoft has a hotfix for this, which will be in a future service pack. If you can't wait for the fix, contact Microsoft Technical Support, and ask for the hotfix described in Knowledge Base article 884539. Note that you may get charged for this call.

3/11/2005 ATI Catalyst 5.3 Needs .NET

ATI has released the Catalyst 5.3 software suite. The Catalyst Control center within the suite needs Microsoft .NET framework installed on the computer. If it isn't there, you will get an error message when you try to start the Control Center. Also, this package includes the Remote Wonder 3.01 software, which is for Remote Wonder and Remote Wonder II. If you have the Remote Wonder Plus you shouldn't use this new version -- ATI says to stay with the original software for this product.

3/10/2005 From Russia With Love

A new cellphone virus that targets Nokia's Series 60 smartphones is on the loose. It appears to have been born in Russia, and spreads through MMS messages and maybe also through a Bluetooth connection. (The latter method needs physical proximity to work.) The smart way to use a smart cellphone, at least while these things are circulating, is not to install any applications that come via an MMS message, and also to run Bluetooth in undiscoverable mode. While the Nokia phones are mentioned, any other smart phone based on the Symbian OS may also be at risk.

3/9/2005 Phishing is Big Business

Virus writers, while they can do serious harm, mostly do it for fame and recognition among their peers. Phishing, which is obtaining sensitive information from users via fake web sites, is turning into a major international criminal business. (There was another PayPal phishing scheme in my inbox this morning.) You can read much more about it in this eWeek story at http://www.eweek.com/article2/0,1759,1772523,00.asp.

3/8/2005 Password Change Locks You Out From EFS Files

Microsoft says that if you have a Windows XP Service Pack 2 computer, this chain of events may prevent you from accessing your Encrypting File System (EFS) files: logging on to your computer as a local user; getting a prompt to change your password because it expired; changing your password. Microsoft says this will prevent the user profile from loading correctly, which keeps you from your files. If you change your password back, you will be able to access the files. Microsoft has a hotfix for this, which will be in a future service pack. If you can't wait for the fix, contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 890951. Note that you may get charged for this call.

3/7/2005 Novell Fixes ZENworks Support Pack

Novell has released ZENworks 6.5 Support Pack 1a. Version 1a is essentially the same as Support Pack 1, only it fixes two bugs in the Imaging component. If you've already installed SP1, you don't need the full install of SP1a; you can just get the two fixed files separately at http://support.novell.com/cgi-bin/search/searchtid.cgi?/2970908.htm. If you haven't yet upgraded, however, you can get the full package at
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2970909.htm.

3/5/2005 Handle Leak in the Windows Security Center

Microsoft says there is a handle leak in the Windows Security Center service of Windows XP Service Pack 2. This means that when you run a manual or scheduled antivirus scan, you may end up with additional open handles in svchost.exe. Microsoft has a hotfix for this, which will be in a future Windows XP service pack. If you need the fix right away, you can contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 892489. Note that you may get charged for this call. A workaround, of course, is to reboot your computer. That should eliminate the open handles.

3/4/2005 Dreamweaver Design View Chokes on Mac Tables

Macromedia says that the Macintosh version of Dreamweaver MX 2004 sometimes chokes on large HTML tables. The problem is that they won't display correctly in Dreamweaver's Design view -- the last rows of tables may not get shown. However, if you switch to code view the rows are there, and if you display the page in a browser it will display correctly. For now the only workaround is to find some alternative to Design View (such as previewing in a browser) for checking your work.

3/3/2005 Windows XP SP2 Computer is Silent After Wake Up

Some configurations of Windows XP Service Pack 2 computers may lose the ability to play sounds after they've woken from hibernation. This is due to a bug in the Windows Audio Class driver Portcls.sys that may cause a race condition if it gets a request from Windows before it gets back to a powered state. Turning off the computer and then restarting will bring the sound back. Microsoft has a hotfix to keep this from happening, which will be in a future Windows XP service pack. If you can't wait for the fix, contact Microsoft Technical Support and ask for the fix described in Knowledge Base article 892559. Note that you may be charged for this call.

3/2/2005 Real Player Buffer Overflows Allow Attacks

Two separate bugs are affecting most of RealNetworks media players. The affected software includes Helix Player 1.x, RealOne Player v1, RealOne Player v2, RealPlayer 8, RealPlayer 10.x, and RealPlayer Enterprise 1.x. There are buffer overflows that could allow an attacker to run their own code on your computer through a malicious WAV or SMIL file. Updates to these products are available at http://service.real.com/help/faq/security/050224_player/EN/. One bug was reported by Mark Litchfield of NGS Software, and the other came in anonymously through iDEFENSE.

3/1/2005 Bug of the Month for March

The Bug of the Month for March is the cross-browser IDN spoofing bug. Read more about it on the Bug of the Month page.

3/1/2005 iPod shuffle Batter Pack Means a Software Upgrade

Apple says that if you want to use the Battery Pack with your iPod shuffle, you will need to get the iPod Updater 2005-02-22. That will deliver the iPod shuttle Software 1.1, which fixes a number of unspecified bugs as well as the battery support. The 24 MB download is at http://www.apple.com/support/downloads/ipodupdater20050222.html.

| June 05 | May 05 | Apr 05 | Mar 05 | Feb 05 | Jan 05 | Dec 04 | Nov 04 | Oct 04 | Sept 04 | Aug | July 04| June 04 | May 04 | April 04 | Mar 04 | Feb 04| Jan 04 | Dec 03 | Nov 03 | Oct 03 | Sept 03 | August 03 | July 03 | June 03 | May 03 | April 03 | March 03 | February 03 | January 03 | December 02 | November 02

Home | Contact | Writing | Online | News | Tips | CABE |

© 2005 BJK Research LLC