BugBlog Home
BJK Research Home
BJK Research Home

Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Jump to the BugBlog archives

Dec 06
Nov 06
Oct 06
Sept 06
Aug 06
July 06
June 06
May 06
Apr 06
Mar 06
Feb 06
Jan 06
Dec 05
Nov 05
Oct 05
Sept 05
Aug 05
July 05
Jun 05
May 05
Apr 05
Mar 05
Feb 05
XP SP2
Jan 05
Dec 04
Nov 04
Oct 04
Sep 04
Aug 04
Jul 04
June 04
May 04
Apr 04
Mar 04
Feb 04
Jan 04
Dec 03
Nov 03
Oct 03
Sept 03
Aug 03
July 03
June 03
May 03
April 03
Mar 03
Feb 03
Jan 03
Dec 02
Nov 02

XML

View vintage BugNet coverage here

Cleveland-area blogs*:

Backup BugBlog

Economic Development Futures

Brewed Fresh Daily

Cleve-blog

Working with Words

Gassho

Sardonic Views

Filtering Craig

Hotel Bruce

Blogcritics.org

Up Yours

Kevin Holtsberry

Steve Goldberg

Red Wheelbarrow

Anita Campbell

Swerb's Blurbs

Rachel's Law

*there are more blogs in Cleveland, these are just from people I've met or know. Some of the above are actually farther away, but are bloggers I've met here.

Blogcritics

 

 

BugBlog

Here is the daily bug, incompatibility or other computer problem from the BugBlog

The BugBlog is free- but if you want to help support its existence, subscribe to the BugBlog Plus. A three month subscription is only $5. XML The BugBlog uses monthly archives. All the current September bug are here. Use the links on the left or below to jump back to past months.

9/30/2005 Acrobat Installations Problems

Try to install Adobe Acrobat 6.x or 7.x, either the Professional or Standard versions on Windows, and you may see one of these error messages
Error 1402: Could not open key [key name]
or
Error 1406: Could not write value Folders to key [key name].
Adobe has two possible solutions for this: either remove all previously-installed versions of Acrobat first, or reset all your permissions to default in the Registry. See http://www.adobe.com/support/techdocs/329137.html for details.

9/29/05 Get the Bugs Out of the Shuffle

Apple's iPod Updater 2005-09-23 includes the iPod shuffle update. This gives the shuffle the same update as the other iPods got in the 2005-09-06 update. This means a number of unspecified bug fixes. Shuffle off to http://www.apple.com/support/downloads/ipodupdater20050923.html for the update.

Today's BugBlog Plus has five more bugs and fixes for Microsoft, Mozilla, and Real Networks.

9/28/2005 IE Users May Be Sitting Ducks

Microsoft Internet Explorer users may be sitting ducks for an exploit that attacks via a bug in the XmlHttpRequest object in IE. Security researcher Amit Klein has posted details about the problem at http://www.cgisecurity.com/lib/XmlHTTPRequest.shtml, earlier than he originally planned because the recent Mozilla 1.0.7 update fixes a similar bug, and shares some of the same concepts. Users of Internet Explorer 6.0 on a fully-patched Microsoft Windows XP SP2 computer are vulnerable. Attackers may be able to bypass security, and disclose or manipulate information because of the bug. A story in eWeek at http://www.eweek.com/article2/0,1895,1864174,00.asp says that Microsoft is investigating.

Today's BugBlog Plus has fifteen more bugs and fixes for Apple, IBM, Microsoft, Mozilla, and Ubisoft

9/27/2005 MS Word Has No Background

If a Microsoft Word 2002 or 2003 document has a background, you may have problems getting it to print. While the text of the document will print correctly, the background won't. Microsoft suggests two workarounds. First, try to use the the Printed Watermark feature. If that doesn't work, they suggest using Microsoft Internet Explorer. See http://support.microsoft.com/kb/906306 for details on the workarounds.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple and Red Hat

9/24/2005 Apple Patches More Versions of Safari

There is a bug in Apple Safari for Mac OS X 10.3.9 that may allow cross-site scripting. According to Apple, a malicious website could serve up web archives masquerading as another site's pages. This is fixed in the Apple Security Update 2005-008. They had already fixed this bug for Mac OS X 10.4.2 in their last security update.

9/23/2005 Exploit Announced Against Mozilla Browsers

Details of how to mount an attack against Mozilla Firefox and Netscape browsers has been posted on the Web. This attack would exploit the international domain name (IDN) bug first discussed in the BugBlog on 9/12. There are two ways to guard against this new exploit. The best would be to upgrade to Mozilla Firefox 1.0.7, which was released 9/21. If you can't upgrade right away, apply the fix discussed when this bug was announced on 9/12. See the fix details at https://addons.mozilla.org/messages/307259.html. If you don't, and you happen on a malicious website set up to exploit this, and the bad guys may take over your computer.

Today's BugBlog Plus has five more bugs and fixes for Apple, Microsoft, and Mozilla.

9/22/2005 Adobe Acrobat and Microsoft Word Have Their Problems

Installing Adobe Acrobat 7.0 in some cases may interfere with Microsoft Word. According to Microsoft, these are some actions that may not be saved: changing the workspace (toolbars, views, etc) in Word; creating a macro; changing the default font; adding a toolbar. The next time you start Word, these changes aren't saved. Another problem may be when you open Word. You will see this error message
There is insufficient memory. Word cannot display the requested font.
You may also see visual c++ runtime errors. According to Microsoft, the problem is in the COM add-in in from Adobe that gets saved to \Acrobat 7.0 \PDFMaker\Office. Microsoft does not give any indication of whether just some users of Acrobat 7 have these problems. Two workarounds from Microsoft: Manually save macros, preferences, and custom settings in Word; or use the Save All command. They also suggest contacting Adobe. See the details at http://support.microsoft.com/kb/906899.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Microsoft, Mozilla, and Novell.

9/21/2005 Firefox 1.07 Fixes Buffer Overflow

Mozilla Firefox 1.0.7 has been released. This is really just an interim bug-fix release while Firefox 1.5 is being polished up, but the Mozilla Foundation strongly recommends that you update. One thing fixed in this release is a bug that allows a buffer overflow if you load a hostname that has all soft-hyphens. Download the 4.7 MB update at http://www.mozilla.org/products/firefox/.

Today's BugBlog Plus has ten more bugs and fixes for Apple, Macromedia, Microsoft, Mozilla, and Red Hat.

9/20/2005 A Buggy Opera Mail Client

Security researchers at Secunia say that the Opera mail client has two bugs. They can be combined by a remote attacker for a script insertion attack. This can be done by opening files from the user's cache without any warning. This has been confirmed in Opera 8.02, and it may also affect earlier versions. It has been fixed in Opera 8.50, which you can get at http://www.opera.com/download/. You can read the original Secunia bulletin at http://secunia.com/advisories/16645/.

Today's BugBlog Plus has six more bugs and fixes for Apple, Microsoft, Novell, Sun, and Symantec.

9/19/2005 Flash 8 Asks For Trust

Upgrade to Macromedia Flash Player 8, and a new security setting may cause a warning message where there wasn't one before. Now, if you load a Flash file from either your local computer or somewhere on your LAN, a security warning will pop up asking if you wish to "trust" the file. If you say yes, then the Flash presentation should go on without a problem. (In general, you should trust the files already on your computer, unless you aren't sure how they got there.) Learn more about the new Flash security settings at http://www.macromedia.com/go/13530cdd.

Today's BugBlog Plus has five more bugs and fixes for EA, IBM, and Microsoft.

9/18/2005 ZoneAlarm Clears Up Conflicts

If you are using Zone Labs ZoneAlarm 6 and you are experiencing conflicts with Symantec Norton AntiVirus, then update Zone Alarm to 6.0.667.000. According to Zone Labs, this should fix the conflict. You can get the update at http://download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html.

Today's BugBlog Plus has five more bugs and fixes for Apple, Macromedia, and Microsoft.

9/17/2005 Extensive Look at Anti-Spyware Tools for Networks

Looking for anti-spyware software that can be managed across a network from a central console? Network Computing has tested applications from Computer Associates, F-Secure, Lavasoft, McAfee, Sunbelt Software, Trend Micro and Webroot Software, and report extensively on the results. Read all about it at http://www.securitypipeline.com/showArticle.jhtml?articleId=170703907

9/16/2005 Uninstallers Missing for Macromedia on the Mac

If you need to uninstall one of the Macromedia Studio 8 products on a Macintosh OS X computer, it may be a little difficult. Macromedia says there are only uninstallers available for Fireworks 8 and Flash 8. The other applications (Dreamweaver 8, Contribute 8) need to be uninstalled manually. Macromedia has detailed instructions available at http://www.macromedia.com/go/8f101099.

9/15/2005 Offline File Limit Changes in Windows 2000/XP

In both Windows XP and 2000, you can go to Windows Explorer, Folder Options, and set the Amount of disk space to use for temporary offline files. It will let you set an amount greater than 2 GB, but the next time you go to this dialog, you will see that you have switched back to the earlier, lower value. Microsoft says there is a 2 GB limit (because they use a signed 32-bit integer to calculate the size). There is actually no limit for manually-cached files. Right-click a file and select Make Available Offline to do this.

9/14/2005 Google Blog Search

A quick review

9/14/2005 Multiple Security Bugs with Linksys WRT54G

Researchers at iDefense have posted a series of bulletins detailing problems with the Linksys WRT54G wireless access point/router/switch. Some of the bugs may allow an unauthorized user to change the router's configuration or firmware, and another may allow unauthorized users to run their own commands. Fix these by upgrading the router's firmware to 4.20.7. The link to the firmware is impossibly long, dynamic and tangled, so it is best to go to http://www.linksys.com and find the product. You can find the iDefense reports, authored by Greg MacManus, at http://www.idefense.com/application/poi/display?type=vulnerabilities.

Today's BugBlog Plus has ten more bugs and fixes for Adobe, Apple, IBM, Macromedia and Microsoft.

9/13/2005 Retreating from QuickTime 7.0.2

If Mac users run into problems with QuickTime 7.0.2 and need to beat a retreat, Apple has a QuickTime 7.0.1 Reinstaller for QuickTime 7.0.2 available at http://www.apple.com/support/downloads/quicktime701reinstallerforquicktime702.html. Note that QuickTime 7.0.2 does need Mac OS X 10.3.9 or higher, which may be one reason you need to remove it.

Today's BugBlog Plus has five more bugs and fixes for Apple and Microsoft.

9/12/2005 IDN Bug in Mozilla

The Mozilla Foundation has released a quick fix for a security bug in both the Mozilla Firefox and Mozilla Suite. The bug is in the way Mozilla handles International Domain Names (IDN), and the fix temporarily removes support for IDNs. You can either make a quick configuration change to Mozilla to implement the patch, or you can download a file that will do this for you. Both ways are explained at https://addons.mozilla.org/messages/307259.html.

Today's BugBlog Plus has ten more bugs and fixes for Apple, IBM, Microsoft, Netscape and Red Hat.

World Trade Center9/11/2005 No Bugs, Just Memories

From the inside.

9/10/2005 Phishing Scheme Using Fake PayPal Email

Yesterday, the BugBlog got two emails, allegedly from PayPal, with a subject line saying "This email confirms that you paid MICROBAZAR (sales@microbazar.com) $175.85 USD using PayPal" with the message body saying it was for a Nokia N90 phone. A BugBlog reader says he got three of them yesterday (gee, he's more popular than me). At the bottom is a link that says to click here to get a full refund if you didn't order it. The text says the link is to PayPal, but if you hover over the link WITHOUT clicking, you see the link is to the IP address 62.193.199 and then 132, which is registered to something called the RIPE Network Coordination Center in Amersterdam, Netherlands. Obviously, this is not from PayPal, and you should never, ever click on a link in an email such as this. If you have doubts, open up a fresh browser window, go to PayPal, and check on your account activity.

9/9/2005 One Critical Windows Patch Next Week

Microsoft will only be releasing one patch next week on their monthly "Patch Tuesday". It is a critical update for Windows, but they don't yet say which part of Windows. One possibility is always Internet Explorer -- in the 9/7 BugBlog Plus eEye Digital Security says they have alerted Microsoft to a critical bug in Internet Explorer. UPDATE 9/12: Apparently there is a bug in the patch, and Microsoft won't be releasing it till the bug in the bug fix is fixed.

9/8/2005 Cisco Bug May Allow Denial of Service Attacks

Another bug in Cisco IOS, this time in the Firewall Authentication Proxy for FTP and Telnet, may make widespread denial of service attacks against Cisco routers and other devices more likely. Devices that run IOS 12.2ZH and 12.2ZL based trains, 12.3 based trains, 12.3T based trains, 12.4 based trains, and 12.4T based trains, could be affected, but only if the are configured for for Firewall Authentication Proxy for FTP and/or Telnet Services. If they only handle HTTP and HTTPS, they are not affected. Cisco has links to the available fixes at
http://www.cisco.com/warp/public/707/cisco-sa-20050907-auth_proxy.shtml.

USCG Stranded/Missing Person Request

It will be a long time before phone/email/cell service is restored to the Gulf region. The Coast Guard has a collection of emergency numbers at http://homeport.uscg.mil/mycg/portal/ep/home.do (yes, it ends in .do) that may help in search and rescue, as well as other numbers that can be used to help look for missing people. Plus, here's the Red Cross, Catholic Charities, and the Salvation Army donations pages.

9/7/2005 Registry Leak and Windows XP Profiles

There is a Registry handle leak in Windows XP in the Remote Procedure Call Server Service (RPCSS). Microsoft says that this may keep user profiles from being unloaded, which then will prevent the Copy To command from working when you try to copy user profiles for a user who isn't logged on to the computer. Microsoft has a fix for this, which will be in a future Windows XP service pack. If you can't wait for the fix, contact Microsoft Technical Support and ask for the hotfix described at http://support.microsoft.com/kb/894232. Microsoft may charge you for this call.

Today's BugBlog Plus has ten more bugs and fixes for Apple, Cisco, IBM, Microsoft, and Novell.

9/6/2005 Windows Firewall Doesn't Show User-Opened Port

The built-in firewall in Windows XP Service Pack 2 and in Windows Server 2003 Service Pack 1 won't show an open port that has been opened via a user modification of the Registry, if the user hasn't given a name to the exception they create. This is not something a remote attacker can do, only someone with Administrator rights to the computer can do the modification. The essence of the problem is that the Windows Firewall won't remind you that you have left a door open. Microsoft says this is not a security vulnerability, but they have still fixed it. Get the fix at http://support.microsoft.com/kb/897663.

Today's BugBlog Plus has five more bugs and fixes for Apple, Microsoft, Mozilla, NVIDIA and Red Hat.

9/3/2005 Bug in Symantec's LiveUpdate

An alert posted at SecurityFocus says that a bug in Symantec AntiVirus Corporate Edition 9 stores usernames and passwords involved with LiveUpdates in plaintext and at a fixed location on the computer. During part of the process, this information is encrypted, but at some point the encryption is dropped. Bad guys could use this knowledge to learn the usernames and passwords, which could be tools used in future attacks. Read the original report at http://www.securityfocus.com/archive/1/409655/30/0/threaded. Symantec has updated their LiveUpdate to fix this. Read their bulletin at http://www.symantec.com/avcenter/security/Content/2005.09.02.html.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, IBM, and Microsoft.

9/2/2005 Winamp Update Fixes WMA Problems

Winamp has been updated. The new version 5.1 has new features, but also a number of bug fixes. If you have been suffering from stutters during WMA playback, problems with the Sonic engine, or long MP3s having the wrong length listed, then get the update at http://www.winamp.com/player/.

Today's BugBlog Plus has five more bugs and fixes for IBM, Microsoft, Novell, and Sun.

9/1/2005 Creative Adds Worm at Factory

A story in eWeek says that a worm infected the Creative Technology Zen Neeon MP3 players at the factory, and the infected products were shipped to customers. There were 3,700 players affected, with serial numbers between M1PF1230528000001M and M1PF1230533001680Q. According to Creative, you should be able to use anti-virus software to remove the W32.Wullik.B worm. Read the whole story at http://www.eweek.com/article2/0,1895,1854724,00.asp.

9/1/2005 Apple Wins the Bug of the Month

Apple's Security Update 2005-007, which disabled 64-bit applications, wins the Bug of the Month.

8/31/2005 Diagnostics Tool for DVD Problems in Windows

Having problems viewing a DVD on your Windows XP or Windows XP Media Center 2005 computer? The problem may be incompatibilities between your MPEG-2 video decoder and Windows Media Player. Microsoft has a diagnostics tool that will tell you whether you have a compatible MPEG-2 decoder. It will also tell you whether it is compatible with the recorded TV playback in Windows Media Center. Get it at http://www.microsoft.com/downloads/details.aspx?FamilyID=de1491ac-0ab6-4990-943d-627e6ade9fcb&displaylang=en.

Today's BugBlog Plus has twelve more bugs and fixes for Adobe, Apple, ATI, IBM, Microsoft, and Novell.

 

 

 

 

 


Home | Contact | Writing | Online | News | Tips | CABE |

© 2005 BJK Research LLC