For those people who have to care about Windows systems SANS ISC has info on a scary new ActiveX remote exploit doing the rounds that allows an attacker to run code on a Windows box rendering HTML via Internet Exploder or (presumably) Outlook, etc if you have virtually any version of MS Office installed..
This vulnerability exists in the ActiveX control used by IE to display Excel spreadsheets. The CVE entry for the vulnerability is CVE-2009-1136. Microsoft mentions that they are aware of active exploits against this vulnerability
There is no fix at present, though a workaround is available to disable those ActiveX controls. Attackers are actively targeting people with this too:
A highly targeted attack against an organization earlier today who received a Microsoft Office document with embedded HTML. This one was particularly nasty, it was specifically crafted for the target – with the document being tailored with appropriate contact information and subject matter that were specific to the targeted recipient. Analysis of the document and secondary payload found the attacker used a firewall on the malicious server so that all IP traffic outside of the targeted victim’s domain/IP range would not reach with the server.
Remember Microsoft isn’t the answer, Microsoft is the question. “No” is the answer.
The KDE News website has the announcement of a new Open-PC project to create a PC shipped with Linux and other FOSS software. Why another ? Well, as they say:
The project was initiated in response to the lack of quality in the Free Software-based hardware solutions currently on the market. As many reviewers and end-users have stated, the pre-installed software used by hardware vendors generated a bad image for Free Software with potentially interested end-users. Much of the software was buggy and not widely tested and device drivers were often unstable, non-free or not available at all.
There’s a lot of questions to answer yet – what form factor, what software, etc – so they are running a survey to try and gauge peoples thoughts. The site says there is a second survey planned for a later date, presumably focusing in on options once they’ve got general ideas. The other interesting thing is that they’ve apparently already got a major PC manufacturer lined up and they are aiming to be shipping by late 2009 with part of the profits going to funding FOSS projects.
There is more information in Frank Karlitschek’s presentation (PDF) from the Desktop Summit in Gran Canaria.
Just upgrade to 2.8.1 and managed to make the SVN version work with judicious use of svn revert and svn switch.
Let me know if anything is broken (email chris at csamuel.org or send me a message on Twitter)!
I suspect that the world and its dog will have heard about this by now, but in case you’ve somehow missed the announcement from Google..
Google Chrome OS will run on both x86 as well as ARM chips and we are working with multiple OEMs to bring a number of netbooks to market next year. The software architecture is simple — Google Chrome running within a new windowing system on top of a Linux kernel. For application developers, the web is the platform. All web-based applications will automatically work and new applications can be written using your favorite web technologies. And of course, these apps will run not only on Google Chrome OS, but on any standards-based browser on Windows, Mac and Linux thereby giving developers the largest user base of any platform.
If (and I emphasis if) this takes off then MS might be in for something of a rough ride in the Netbook market. The Netbook vendors have been unable to stand up to the MS monopoly with Linux on Netbooks until now, perhaps Google can start to rebalance the marked a little ?
The SANS ISC are tracking this potential issue on their site and the LWN article reporting these rumours has a comment on it pointing to a page containing a log of an alleged successful exploit.
Be careful out there and remember to keep your systems up to date..
Update: SANS ISC reckon it’s a hoax.
I’ve been doing photography for over half my life now (( there’s a scary thought! )) and after having my first ever exhibition jointly with Donna recently I’ve now ended up with my first solo exhibition!
I’ve got 5 large prints and 7 small ones (all framed limited editions) on view at the “Cafe Have Ya Bean” in Upwey, so please do come and see it. It’s a lovely place run by Terry and Liz, nice food and they do a great cappuccino! 🙂