Yet Another ActiveX/Internet Explorer Exploit Being Exploited

For those people who have to care about Windows systems SANS ISC has info on a scary new ActiveX remote exploit doing the rounds that allows an attacker to run code on a Windows box rendering HTML via Internet Exploder or (presumably) Outlook, etc if you have virtually any version of MS Office installed..

This vulnerability exists in the ActiveX control used by IE to display Excel spreadsheets. The CVE entry for the vulnerability is CVE-2009-1136. Microsoft mentions that they are aware of active exploits against this vulnerability

There is no fix at present, though a workaround is available to disable those ActiveX controls. Attackers are actively targeting people with this too:

A highly targeted attack against an organization earlier today who received a Microsoft Office document with embedded HTML. This one was particularly nasty, it was specifically crafted for the target – with the document being tailored with appropriate contact information and subject matter that were specific to the targeted recipient. Analysis of the document and secondary payload found the attacker used a firewall on the malicious server so that all IP traffic outside of the targeted victim’s domain/IP range would not reach with the server.

Remember Microsoft isn’t the answer, Microsoft is the question. “No” is the answer.

Linux Based Open-PC Project Launched

The KDE News website has the announcement of a new Open-PC project to create a PC shipped with Linux and other FOSS software. Why another ? Well, as they say:

The project was initiated in response to the lack of quality in the Free Software-based hardware solutions currently on the market. As many reviewers and end-users have stated, the pre-installed software used by hardware vendors generated a bad image for Free Software with potentially interested end-users. Much of the software was buggy and not widely tested and device drivers were often unstable, non-free or not available at all.

There’s a lot of questions to answer yet – what form factor, what software, etc – so they are running a survey to try and gauge peoples thoughts. The site says there is a second survey planned for a later date, presumably focusing in on options once they’ve got general ideas. The other interesting thing is that they’ve apparently already got a major PC manufacturer lined up and they are aiming to be shipping by late 2009 with part of the profits going to funding FOSS projects.

There is more information in Frank Karlitschek’s presentation (PDF) from the Desktop Summit in Gran Canaria.

Google Chrome OS

I suspect that the world and its dog will have heard about this by now, but in case you’ve somehow missed the announcement from Google..

Google Chrome OS will run on both x86 as well as ARM chips and we are working with multiple OEMs to bring a number of netbooks to market next year. The software architecture is simple รขโ‚ฌโ€ Google Chrome running within a new windowing system on top of a Linux kernel. For application developers, the web is the platform. All web-based applications will automatically work and new applications can be written using your favorite web technologies. And of course, these apps will run not only on Google Chrome OS, but on any standards-based browser on Windows, Mac and Linux thereby giving developers the largest user base of any platform.

If (and I emphasis if) this takes off then MS might be in for something of a rough ride in the Netbook market. The Netbook vendors have been unable to stand up to the MS monopoly with Linux on Netbooks until now, perhaps Google can start to rebalance the marked a little ?

First Solo Photo Exhibition!

I’ve been doing photography for over half my life now (( there’s a scary thought! )) and after having my first ever exhibition jointly with Donna recently I’ve now ended up with my first solo exhibition!

I’ve got 5 large prints and 7 small ones (all framed limited editions) on view at the “Cafe Have Ya Bean” in Upwey, so please do come and see it. It’s a lovely place run by Terry and Liz, nice food and they do a great cappuccino! ๐Ÿ™‚