Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Jump to the BugBlog archives

View vintage BugNet coverage here

Cleveland-area blogs*:

Backup BugBlog

Economic Development Futures

Brewed Fresh Daily

Cleve-blog

Working with Words

Gassho

Sardonic Views

Filtering Craig

Hotel Bruce

Blogcritics.org

Up Yours

Kevin Holtsberry

Steve Goldberg

Red Wheelbarrow

Anita Campbell

Swerb's Blurbs

Rachel's Law

*there are more blogs in Cleveland, these are just from people I've met or know. Some of the above are actually farther away, but are bloggers I've met here.

Here is the daily bug, incompatibility or other computer problem from the BugBlog

The BugBlog is free- but if you want to help support its existence, subscribe to the BugBlog Plus. A three month subscription is only $5. The BugBlog uses monthly archives. All the current December bugs are here. Use the links on the left or below to jump back to past months.

12/31/2005 New Microsoft Graphics Vulnerability

Microsoft interrupts everyone's vacation with news of another vulnerability that could load hostile content onto your computer via a Windows Metafile graphic. The graphic would be hosted on a website, but Microsoft says a user would have to visit the website by clicking on a link -- they could not be forced onto the site. There are reports that code to exploit this are already circulating on the Internet. Microsoft has a bulletin at http://www.microsoft.com/technet/security/advisory/912840.mspx, which will get updated later.

12/23/2005 Have a Merry Christmas and a Happy New Year

The BugBlog will be very sporadic until about January 3. So everybody -- have a Merry Christmas and a Happy New Year. And if you celebrate something else, have a Happy Something Else.

12/23/2005 More Spyware Charges Against Sony

Some of the Sony BMG music CDs loaded copy protection software onto user's computers even if users said No to the licensing agreement. This is according to the Texas Attorney General, who filed one of the first lawsuits against Sony back in November, over the spyware that was secretly loaded onto user's computers, including rootkits that kept themselves hidden from the operating system. You can read about the new charges at http://news.com.com/2100-1030_3-6005042.html.

12/22/2005 Microsoft Software Update Service Gets Confused

Running the Microsoft Software Update Services 1.0 with Service Pack 1 on a Microsoft server after 12/12/2005 may cause a problem. According to Microsoft, previously approved updates may revert to unapproved, but their status may changed to Updated. This won't happen to all servers, but it is more likely to happen to newer ones, mobile systems, or systems that had been turned off. See http://support.microsoft.com/kb/912307/ for details and for some possible workarounds. There is also an Approval Analyzer Tool that can be downloaded from that page that may help sort things out.

12/21/2005 It's Not Santa in the Instant Message, It's a Worm

A new worm disguised as a Santa Claus graphic is travelling through the America Online, Microsoft MSN, and Yahoo instant messaging networks. If you see a message from someone you know that's supposed to contain a picture of Santa, don't click. While you will see Santa, what you won't see is a rootkit being installed behind the scenes. That rootkit will then try to send the Santa message to people on your contact list. See more at http://news.com.com/2100-7349_3-6002790.html.

Today's BugBlog Plus has ten more bugs and fixes for Apple, Microsoft, Mozilla, Red Hat and Symantec. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

12/20/2005 It's Not Just E-Commerce That Leads to Credit Card Fraud

Computerworld says that too many merchants aren't following the correct security procedures when it comes to storing credit card data. This might have been the problem in a number of well-known incidents lately. If you were worried about using your credit card for an online purchase, maybe you should be worried about using it at traditional merchants, too. Read the whole thing at http://www.computerworld.com/securitytopics/security/story/0,10801,107183,00.html.

12/19/2005 Dasher is a Worm, Not a Reindeer

A computer worm called Dasher.B is starting to make itself known on the Internet. It explits a bug in Windows Distributed Transaction Coordinator that Microsoft patched in October. However, there were also some problems with that patch, especially on Windows 2000 computers. The worm itself will install a backdoor on your computer, and then install a keystroke tracker. You can read Symantec's writeup at http://www.symantec.com/avcenter/venc/data/w32.dasher.c.html.

Today's BugBlog Plus has five more bugs and fixes for Adobe/Macromedia, Apple, Citrix and IBM. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

12/18/2005 Flash Media Server Administrator Bug

The Adobe/Macromedia Flash Media Server 1.5 and 2.0 has a remote administrator interface with a security bug. A remote attacker may be able to send bad data to this interface, which listens on TCP port 1111, and crash the administrator service. Adobe does note that the Flash Media Server will still be able to stream content. While there is no fix yet, Adobe has some workaround information at http://www.macromedia.com/devnet/security/security_zone/mpsb05-11.html.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, and Microsoft. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

12/17/2005 Dell Recalls Batteries

Dell is recalling laptop computer batteries that were sold with these models: Latitude D410, D505, D510, D600, D610, D800, D810; Inspiron 510M, 600M, 6000, 8600, 9200, 9300, XPS Gen 2; Precision M20, M70. Some of the batteries in question were also given as replacements in service calls. The batteries were manufactured between 10/5/200 and 10/13/2005. See the complete details at https://www.dellbatteryprogram.com/.

12/16/2005 Microsoft OneCare Is Too Careful

There is an incompatibility between Microsoft Windows OneCare Live and Absolute Software's Computrace LoJack. The Microsoft product is a new antivirus security program that has been available as a beta version since November 29. LoJack is a program that acts as a tracer program if a laptop is stolen. It is designed to contact Absolute Software over the Internet, and can be used by law enforcement officials to track down a missing computer. Unfortunately, the Microsoft program identifies it as malware, and quarantines it from the Internet, thus preventing it from being located. A Microsoft spokesperson says that this problem has been fixed, and updates are available for it. Read more at http://news.com.com/2100-1002_3-5995763.html.

Today's BugBlog Plus has five more bugs and fixes for Adobe/Macromedia, Apple, Avaya and Microsoft. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

12/15/2005 Don't Give the Gift of a Root-Kit

The last thing you want to give someone for Christmas is a music CD that installs a root-kit on their computer. While Sony-BMG is recalling millions of CDs, there's still the chance that you could find one. Rather than memorizing a long list, the Electronic Freedom Foundation has a handy Spotters' Guide that shows what kinds of labels you need to watch out for on the CD jewel box. The guide at http://www.eff.org/IP/DRM/Sony-BMG/guide.php covers both DRM schemes from Sony that can cause problems, the XCP as well as the SunnComm MediaMax method.

12/14/2005 Get Your Sony Bugs Right Here

The latest BugBlog collection -- all the bugs that have appeared in both the BugBlog and in the BugBlog Plus over the Sony DRM controversy.

12/14/2005 Chopped Off Charts in Excel

If you create a chart in Microsoft Excel 2003, and then resize the chart to make it larger, it may not display correctly if you save the Excel spreadsheet as a web page. Microsoft says the chart may appear cut off on the right or the bottom. This has been fixed in the 11/10/2005 hotfix from Microsoft. You'll need to contact Microsoft to get the hotfix, and then you will also need to do a Registry edit. See the details at http://support.microsoft.com/kb/905875.

Today's BugBlog Plus has six more bugs and fixes for Adobe, Apple, and Microsoft. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

12/13/2005 Latest Patch for Microsoft Internet Explorer

Microsoft has released the latest cumulative security update for Internet Explorer. The new update, MS05-054, fixes four bugs of which two are deemed critical. The critical ones are a bug in the COM Object Instantiation and one that Microsoft calls a Mismatched Document Object Model Objects Corruption Vulnerability. Both of these could lead to a remote attacker running their own code on your computer. Get the update at http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx. Microsoft notes that this patch replaces the MS05-052 Internet Explorer Cumulative Update.

Today's BugBlog Plus has ten more bugs and fixes for Apple, Hewlett Packard, Microsoft, Mozilla, Novell, and Sum Microsystems. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

12/12/2005 The Carnival of Computing

One of the newer blog carnivals is the Carnival of Computing. The sixth edition is up at Scott Milener's Blog at http://browster.typepad.com/scott_milener_blog/2005/12/carnival_of_com.html. What's different about this -- it's the first to have an entry from the BugBlog.

12/12/2005 ATI Update Fixes Everquest Problem

The latest drive update from ATI, the Catalyst Software Suite 5.12, fixes an incompatibility between a Windows XP computer with the ATI Radeon X1800 series graphics card and Sony Everquest II. Without the update, there is a chance the operating system will lock up after you've played the game for about five minutes. Get the update at http://www.ati.com/support/driver.html.

12/11/2005 Netscape Affected by Firefox History Bug

Netscape 7.2 and 8.0.4 are also vulnerable to the long title bug that can cause Mozilla Firefox 1.5 to crash. (This bug was covered in the 12/9 BugBlog.) Mozilla.org says that their testing indicates that this bug can only be used in a denial of service, and can't be used by a hostile website to run code on your computer. There are detailed instructions on how to clear your history data, in case you are affected, at http://www.mozilla.org/security/history-title.html.

Today's BugBlog Plus has six more bugs and fixes for Adobe, Apple, Microsoft, and Red Hat. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

12/9/2005 Firefox Has a History Bug

There is a bug in the newly released Mozilla Firefox 1.5 that may cause it to crash if you visit a malicious website. That site would need to exploit a bug in Firefox's history.dat file, which keeps track of the pages you visited. If you visit a site that has a page with a long topic, you will crash Firefox. To get it working again, you will need to erase its histry.dat file, which will be in a users Documents and Settings folder, in Application\Mozilla\Firefox\Profiles\{active profile}. As a workaround, you could go to Tools, Options, Privacy, History, and set the days history saved to 0.

Today's BugBlog Plus has six more bugs and fixes for Cisco, Google, and Microsoft. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

12/8/2005 Sony Says "Oops, We Did It Again"

Sony BMG now says they used another digital rights management (DRM) scheme on other music CDs. This software, SunnCom MediaMax 5, also has a bug that may allow for privilege elevation. Sony and SunnCom have provided a patch, but independent security researchers say the patch itself has problems and you shouldn't use it. The list of bad CDs is at http://www.sunncomm.com/support/faq/releases.asp, (there are some Britney Spears CDs on the list, so the title is appropriate) although it may be more effective to just avoid Sony altogether. The Electronic Frontier Foundation has a FAQ page with many details at http://www.eff.org/IP/DRM/Sony-BMG/mediamaxfaq.php#2.

12/7/2005 PC World Reader Survey on Reliable Tech Brands

Sometimes it is not a bug, it is a breakdown. You want to avoid both, of course. One way of dodging the latter is to buy a reliable brand. Every year, PC World does an extensive survey to determine the winners and losers in categories such as desktops, notebooks, printers, cameras, and MP3 players. This year's survey is online, starting at http://www.pcworld.com/reviews/article/0,aid,123409,00.asp. A preview -- they don't pick a winner in the desktop category.

Today's BugBlog Plus has nine more bugs and fixes for Adobe, AOL, Apple, Dell, Microsoft, RealNetoworks and Red Hat. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

12/6/2005 Key Problem Bugs Multiple Vendors

A bug in the protocol called Internet Key Exchange version 1 will cause vulnerabilities in products from a number of vendors. The key exchange is a method that Internet Security Association and Key Management Protocol (ISAKMP) may use to get computers to authenticate each other over a network. With the bug, a remote attacker may be able to gain access to a computer system. According to US CERT, these vendors may have vulnerable products: Check Point, Cisco, QNX, Stonesoft, and Sun Microsystems. More companies may be added to the list. See http://www.kb.cert.org/vuls/id/226364 for updates.

Today's BugBlog Plus has seven more bugs and fixes for Adobe, AOL, Apple, IBM, Microsoft and Sun Microsystems. . A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

12/5/2005 Excel Function Makes Mistake

If you use the LINEST function in Microsoft Excel 2003, be wary of the results. Microsoft says that this function may give the wrong answer if there are more than nine significant digits in the source range values. There is a hotfix for this bug, which will be included in a future Office 2003 service pack. If you need the fix right away, contact Microsoft Technical Support and ask for the Excell 2003 post-Service Pack 2 Hotfix of 11/7/2005. See http://support.microsoft.com/kb/887964/ for more, including a Registry edit that you will need to make.

Today's BugBlog Plus has five more bugs and fixes for Adobe, IBM, and Microsoft. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

12/3/2005 Internet Explorer Combines Badly with Google Desktop

An Israeli hacker has published an example of how Internet Explorer users who also have the Google Desktop running are vulnerable to a phishing attack. If you visit a malicious website, they may be able to steal things like passwords or credit card numbers that users have stored on their harddrive. It does not affect users of other browsers, such as Mozilla Firefox or Opera, who use the Google Desktop. Turning off Javascript (Active Scripting) in IE should stop the possibility of attack. PC World has more at http://www.pcworld.com/news/article/0,aid,123826,00.asp.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, Macromedia, and Microsoft. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

12/2/2005 Sound Problems in Windows XP

In Windows XP, if an application makes adjustments to Microsoft DirectSound or SetSpeakerConfig, it may cause the Sounds and Audion Devices applet in the Control Panel to show the wrong Speaker Setup information. Normally, users won't know when a program does the former, but they will be able to see the latter if they visit that applet. Microsoft has a hotfix for this, which will be in a future Windows XP service pack. If you can't wait, contact Microsoft Technical Support and ask for the hotfix described at http://support.microsoft.com/kb/909441. Note that you may get charged for this call.

12/1/2005 Sony Wins the Bug of the Month

Sony wins the Bug of the Month for the rootkit they hid on their music CDs.

12/1/2005 Phishers Use Fake IRS Email

Bad programming on a government web site is allowing a phishing scheme to look more legitimate than it really is. If you receive an email that says it is from the IRS, and click on a link, you will be passed through the govbenefits.gov website and then sent to the fraudulent site, where they try to get your Social Security and tax return data. Be wary about any email that says it is sending you to govbenefits.gov, which is an amalgamation of different government agencies trying to ease access to e-government.

11/30/2005 Apple Fixes Safari JavaScript Bug

The Safari web browser in Mac OS X 10.3.9, Mac OS X Server 10.3.9, Mac OS X 10.4.3, and Mac OS X Server 10.4.3 has a bug in the JavaScript engine. If you use Safari to browse a malicious website, some bad JavaScript could trigger a heap overflow which could then run bad code on your system. This is fixed in the Apple Security Update 2005-009.

Today's BugBlog Plus has twelve more bugs and fixes for Adobe, Apple, Microsoft, Mozilla, Sony and Symantec. A low-cost subscription to the BugBlog Plus gets you five times more bug reports.

Home | Contact | Writing | Online | News | Tips | CABE |

© 2005 BJK Research LLC