Saturday, January 08, 2005

Microsoft to Serve Up Monthly Virus Zapper :
“Microsoft Corp. on Thursday said it plans to release a virus detection and removal tool on Jan. 11. The antivirus fighter will be updated on the second Tuesday of every month as part of the company's scheduled software patching cycle.

Meanwhile, exactly three weeks after acquiring anti-spyware startup Giant Company, Redmond released the first public beta as a free Windows download through July 31.

Redmond also plans to release a virus detection and removal tool on Jan. 11, which will be updated on the second Tuesday of every month as part of the company's scheduled software patching cycle.

As previously reported, the spyware zapper is an exact replica of the Giant Company application acquired late last year.

Microsoft has retained all of the key Giant AntiSpyware features, including RealTime Detection, AutoUpdater, Spyware Scan and the widely hailed SpyNet Community network, which provides an early-warning mechanism.

Microsoft officials declined to discuss what happens after the beta expires in July, but analysts expect the company to start charging for definition updates once the spyware detection and removal tool goes gold.

The addition of a worm zapper to the monthly Patch Day schedule is a change from the previous policy of releasing individual removal tools after a major virus outbreak.

Using expertise and technology acquired from anti-virus vendor GeCAD, Microsoft's malicious software removal tools will consolidate previously released tools for the Blaster, MyDoom and Download.Ject attacks.”

http://www.eweek.com/article2/0,1759,1748869,00.asp


Three unpatched flaws in Internet Explorer

Three unpatched flaws in Internet Explorer:

“Secunia said Friday that it had raised its rating of the vulnerabilities in Microsoft's browser to "extremely critical," its highest rating. The flaws, which affect IE 6, could enable attackers to place and execute programs such as spyware and pornography dialers on victims' computers without their knowledge, said Thomas Kristensen, Secunia's chief technology officer.

Exploit code for one of the vulnerabilities, a flaw in an HTML Help control, was published on the Internet on Dec. 21 in an advisory by GreyHats Security Group.

"In order for us to rate a vulnerability as extremely critical, there has to be a working exploit out there and one that doesn't require user interaction," Kristensen said. "This is our highest rating and is the last warning for users to fix their systems."

The exploit code can be used to attack computers running Windows XP even if Microsoft's Service Pack 2 patch has been installed, Secunia said. The company is advising people to disable IE's Active X support as a preventative measure, until Microsoft develops a patch for the problem. It also suggests using another browser product.

The Secunia advisory also warns of another HTML Help control vulnerability that, when used in combination with a drag-and-drop flaw, could be used to attack PCs--though in that case, it would have to be with the interaction of the victim. The company first issued an alert about the three security holes in October.”

Microsoft said it was investigating the public reports of the exploit, adding that the delay in fixing the IE patch was related to the extensive work needed to produce an effective patch.

The company is advising people to check its safe browsing guidelines and to set their Internet security zone settings to "high." It also suggests that people continue installing automatic security updates from Service Pack 2.

Secunia also offers users the ability to conduct an online test of their systems to see if they are vulnerable.

http://dw.com.com/redir?destUrl=http%3A%2F%2Fsecunia.com%2Finternet_explorer_command_execution_vulnerability_test%2F&siteId=22&oId=2100-1009-5517457&ontId=1009&lop=nl.ex

http://news.zdnet.com/2100-1009_22-5517457.html?tag=nl.e589

Wednesday, January 05, 2005

CSS Crib Sheet

CSS Crib Sheet:

“You will no doubt come across many quirky layout issues when building a site with CSS. You'll end up banging your head against a wall time and again. This is an attempt to make the design process easier, and provide a quick reference to check when you run into trouble.”

Translations are available in Français, Deutsch, Italiano, Magyar, Finnish, Norwegian, Russian, Portuguese, Japanese and Simplified Chinese.

CSS Problem-Solving http://www.mezzoblue.com/archives/2004/03/10/css_problems/index.php

http://www.mezzoblue.com/css/cribsheet/

Tuesday, January 04, 2005

Firefox has much to learn

Firefox has much to learn:
by George Ou

“It is widely asserted as "fact" that Firefox is more secure, but does that assertion really hold up under intense scrutiny? Peter Torr of Microsoft doesn’t seem to think so. I can hear the howling now to the effect of "but the guy is just a Microsoft lackey on Bill Gate’s payroll". While it is certainly true that he works for Microsoft and is clearly giving a point of view favorable to Microsoft, no one can deny any of the serious criticisms that he lays on Firefox. Here is a list of Peter’s grievances that show a pretty flagrant disregard for the most basic of security principles.”

  • Installing Firefox requires downloading an unsigned binary from a random web server
  • Installing unsigned extensions is the default action in the Extensions dialog
  • There is no way to check the signature on downloaded program files
  • There is no obvious way to turn off plug-ins once they are installed
  • There is an easy way to bypass the "This might be a virus" dialog

Since the initial posting and much "fanfare" from Slashdot, someone pointed how you can turn off plug-ins so Peter has since then conceded the fourth point. While there has been a huge firestorm of responses on the other points, I haven’t heard any acceptable explanations on any of the other four points that Peter has raised. The most serious issue is the first where Firefox might even send you to a raw IP address link (the favorite tactic of phishers) to download unsigned code.


http://blogs.zdnet.com/Ou/index.php?p=22&tag=nl.e539

Podcasting: Evolution or Revolution?

Podcasting: Evolution or Revolution?:
“Podcasting is getting all kinds of press. The buzz generated from this so-called phenomenon harkens back to the pre-2000 Internet, when the next big thing solved problems yet to be realized by the people in need of the solution. Is podcasting to iPods really what Tivo is to television? .”

Jake Ludington explores
  1. Podcast Basics
  2. How Do I Subscribe to a Podcast?
  3. Podcasting and Windows Media Player
  4. Join the Podcast Revolution

http://www.informit.com/articles/article.asp?p=360067

The Basics of Cascading Style Sheets

The Basics of Cascading Style Sheets:
“CSS, if used correctly, can greatly extend your ability to create attractive Web designs. Learn how you can use styles to enhance your Dreamweaver MX 2004 web page. ”

In this article
  • A Brief Introduction to Styles
  • Designing with CSS
  • Style Properties
  • Working with CSS Styles
  • Editing CSS in Code View

The cascading style sheets (CSS) language is a way to describe the appearance of Web pages by assigning styles to specific HTML tags and portions of the page. These styles allow a designer greater range of presentational effects than can be achieved by using only HTML styles. Dreamweaver MX 2004 makes it easy to edit and apply style sheets to new or existing Web documents.

If you're already familiar with CSS, you can skip over the following introduction and go directly to "Designing with CSS" to use Dreamweaver MX 2004 to build Web pages using styles.


http://www.informit.com/articles/article.asp?p=355339