BugBlog Home
BJK Research Home
BJK Research Home

Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Jump to the BugBlog archives

Dec 06
Nov 06
Oct 06
Sept 06
Aug 06
July 06
June 06
May 06
Apr 06
Mar 06
Feb 06
Jan 06
Dec 05
Nov 05
Oct 05
Sept 05
Aug 05
July 05
Jun 05
May 05
Apr 05
Mar 05
Feb 05
Jan 05
Dec 04
Nov 04
Oct 04
Sep 04
Aug 04
Jul 04
June 04
May 04
Apr 04
Mar 04
Feb 04
Jan 04
Dec 03
Nov 03
Oct 03
Sept 03
Aug 03
July 03
June 03
May 03
April 03
Mar 03
Feb 03
Jan 03
Dec 02
Nov 02


View vintage BugNet coverage here

Cleveland-area blogs*:

Backup BugBlog

Economic Development Futures

Brewed Fresh Daily


Working with Words


Sardonic Views

Filtering Craig

Hotel Bruce


Up Yours

Kevin Holtsberry

Steve Goldberg

Red Wheelbarrow

Anita Campbell

Swerb's Blurbs

Rachel's Law

*there are more blogs in Cleveland, these are just from people I've met or know. Some of the above are actually farther away, but are bloggers I've met here.


What I'm Reading

Macromedia ColdFusion MX Web Application Construction Kit
(so I have a dull life!)


The BugBlog uses monthly archives. All the April bugs will be on this page. Use the links on the left or below to jump back to past months.

The BugBlog is free- but if you want to help support its existence, please make a donation via PayPal using the button at left. Better yet, subscribe to the BugBlog Plus. A three month subscription is only $5. XML

Read the special report on bugs, incompatibilities and other problems in entertainment software and hardware.

5/2/2004 Sasser Worm Tries to Exploit Microsoft Bug

There are at least a couple variations of a worm attack that go by the name of "Sasser". These worm attacks try to take advantage of the LSASS bug that Microsoft patched in Security Bulletin MS04-011. Installing that Microsoft patch will help protect you, as will keeping your virus signatures up to date and using a properly configured firewall. You can learn more about this worm from Symantec at http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html.

4/30/2004 You Can Be Too Thin, if You're An Apple PowerBook

Apple says that because of the slim profile of their PowerBook laptops, sometimes when you fold down the screen it will touch the edge of the keycaps. This may result in small vertical marks on the display. The marks aren't permanent. They say you can get rid of them by "gently wiping off the display with a clean cloth." (Good thing they warned about gentle - someone may have used their power washer.) Keeping the keypad free of greasy fingermarks may also help.

4/29/2004 Extra -- MS04-011 Security Patch May Disable Some Win 2000 Computers

While everyone (including me) has been saying that it is critical to install the patch from Microsoft Security Bulletin MS04-011, in at least some cases this patch will disable your computer. This happens on all versions of Windows 2000 when you are using these drivers: Ipsecw2k.sys; Imcide.sys; Dlttape.sys. Your computer may hang while booting, or you may not be able to log on, or CPU usage may spike at 100 percent. Microsoft says that you may run into this situation when the Nortel Networks VPN client is installed and if the IPSec Policy Agent is set to Manual or Automatic for the startup type. There are probably other situations where this is a problem, too. If you've already applied the patch and have a sick computer, see the workaround information at http://support.microsoft.com/default.aspx?scid=kb;EN-US;841382.

4/29/2004 Windows Media Player Slows to a Crawl

Microsoft says that as the size of your Media Library increases, the time it takes for Windows Media Player 9 to copy music media files to a portable player may increase exponentially. The problem is that Microsoft designed the player to continually enumerate through the Media Library to support some features. Microsoft has a hotfix that will speed things up. It will be included in an upcoming release, but if you want it sooner you will need to contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 837272. Note that you might get charged for this call. (In that case, you may want to check out iTunes and iPods from Apple.)

4/28/2004 Apple Says The Data's Not Lost, It's Just Renamed

Apple says that if you rename your home directory in Mac OS X 10.3, either accidently or on purpose, then the next time you log in all your home directory contents, preferences and subfolders will be empty. It will appear that you have lost all your data. Cheer up -- because the data isn't lost. It's over in the renamed directory, and Mac OS X has created a new, empty home directory that you see when you log on. If you want to see how to get things back, go to http://docs.info.apple.com/article.html?artnum=107854. Note that Apple says that it is really not a good idea to rename your home directory.

The BugBlog is free- but if you want to help support its existence, please make a donation via PayPal using the button at left. Better yet, subscribe to the BugBlog Plus. A three month subscription is only $5.

4/27/2004 Threat Against Symantec Norton Internet Security and Firewall

eEye Digital Security discovered a bug in Symantec Norton Internet Security, Norton Internet Security Professional, Norton Personal Firewall and Client Firewall, in all the 2003 and 2004 versions. This bug may lead to a denial of service attack against the software, triggered by just a single packet of information. Symantec has issued patches for their products via Live Update. The full bulletin, credited to Karl Lynn, is at http://www.eeye.com/html/Research/Advisories/AD20040423.html.

4/26/2004 Adobe Camera Raw Supports More Cameras

If you are using Camera Raw 2.2 with Adobe Photoshop CS, an update extends support for more digital cameras. The newly support cameras are the: Canon PowerShot Pro1 and EOS-1D MARK II; Nikon D70 and Coolpix 8700; Kodak DCS Pro 14nx and DCS Pro SLR/n; Olympus C-8080 Wide Zoom; Konica Minolta DiMAGE A2; Sigma SD9 and SD10. There are updates for both the Windows and Mac.

4/24/2004 Troubles with Cisco Internet Protocol Security (IPsec) Passwords

Cisco says that word is circulating in the black hat community about ways to exploit security flaws in the Cisco Internet Protocol Security (IPsec) virtual private network (VPN) client. There is a group password that is scrambled on hard drives, but is not scrambled in memory. There are ways in both Windows and Linux to recover this password. Details are also circulating about ways to stage a "man in the middle" attack. Get details at

4/23/2004 Followup on TCP Bug -- Overhyped?

A follow-up to the 4/21 BugBlog item on the flaw in TCP. The researcher, Paul Watson, who found the bug, says "The actual threat to the Internet is really small right now. You could have isolated attacks against small networks, but they would most likely be able to recover quickly." You can read more on his views on C Net at http://news.com.com/2100-1002_3-5197184.html?tag=cd.lede. The earlier BugBlog assessment that this is not something for end-users to worry about still holds.

4/22/2004 Microsoft Internet Explorer Gags on Compression

Microsoft says that Internet Explorer 6 may have problems with compressed HTTP data. Since IE may not read all the data in the HTTP response from the server, a web page may not completely appear, or IE may just crash. Microsoft has a hotfix, which will be included in a future service pack. To get the fix right away, contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 823386. Note that you may get charged for this call.

The BugBlog is free- but if you want to help support its existence, please make a donation via PayPal using the button at left. Better yet, subscribe to the BugBlog Plus. A three month subscription is only $5.

4/21/2004 A Bug in TCP

A previously-known weakness in the Transmission Control Protocol (TCP) has been announced to be somewhat worse than thought. Since this is the TCP in TCP/IP, it may have wide-ranging effects on the Internet. For now, the potential damage would mostly be denial of service attacks, mostly on the Border Gateway Protocol (BGP) of TCP, which could affect routers that deal with Internet traffic. At this time, it seems to be an issue for network administrators and not end-users. You can see an overview from US-CERT at http://www.us-cert.gov/cas/techalerts/TA04-111A.html, and from the UK's National Infrastructure Security Co-ordination Centre (who seem to be the lead investigators) at http://www.uniras.gov.uk/vuls/2004/236929/index.htm.

Any Cisco devices that uses the Transmission Control Protocol (TCP) may be vulnerable to the 4/20/2004 announcement of problems with TCP. Cisco says that attackers may be able to exploit this weakness more quickly than previously thought, which may make this a better tool for denial of service attacks. Cisco says that for now, there does not appear to be any problems for data integrity or confidentiality -- an attacker can disrupt traffic but can't break in, but "a successful attack may have additional consequences beyond terminated connection which must be considered." They have two bulletins: one for Cisco products that use IOS at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml; and one for all the other products at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.

4/20/2004 MySQL Update for Mandrake, and Others

MandrakeSoft has an updated MySQL package for Mandrake Linux 9.x, 10.0, and Corporate Server 2.1. This fixes a bug in two scripts that come along with MySQL. Because of the bug, temporary files are not created in a secure way. This may be exploited by a remote attacker. In addition to the update via Mandrake, updates are probably available directly from MySQL -- it's hard to tell because the MySQL website is so busy today (4/20/04) there have been problems connecting.

4/19/2004 How to Crash a ColdFusion Server

Macromedia says that a denial of service attack can be launced against a ColdFusion MX 6.1 server by uploading files and then stopping each upload before it is over. The ColdFusion server may not reclaim disk space when this happens, so if the operation is repeated over and over, eventually you could use up the server's disk space and crash it. Macromedia has a fix for this at http://www.macromedia.com/devnet/security/security_zone/mpsb04-06.html.

4/16/2004 Microsoft Money Can't Handle Corruption

When you are balancing an account in Microsoft Money 2003 or 2004, you won't be able to balance if some of the transactions in the account are corrupted. That's understandable. However, you won't always be told what the problem is. Instead, the Next button won't work or be grayed out. To proceed, yo need to clean up the corruption. (Sounds like a political slogan.) See http://support.microsoft.com/default.aspx?scid=837884 for steps on how to root out that corruption.

4/15/2004 Don't Clean Up the GarageBand Files

Apple says that you shouldn't edit or delete any of the files that are in /Library/Application Support/GarageBand. Doing so may screw up Apple GarageBand. If some things, such as Apple Loops or the Instrument Library folders have been removed, you will need to reinstall the software. You may be able to repair some other changes. See http://docs.info.apple.com/article.html?artnum=93782 for details.

4/14/2004 Lots of Broken Windows

Microsoft released a security update on 4/13/2004 that covers Windows NT/2000/XP/Server 2003, and included fixes for fourteen separate problems in Windows. Many of these problems are critical, and could lead to somebody remotely taking control of a computer, or exploits like the MSBlaster worm. They give credit to many different outside security companies for finding the individual flaws. Rather than try to cover each of these individual flaws here, the best thing to do is just go to http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx to get the patch for your version of Windows.

Microsoft issued three other security fixes on 4/13. Coverage of them will be in the BugBlog Plus.

4/13/2004 ZoneAlarm Upgrades

Zone Labs has released ZoneAlarm Pro 4.5.594.000. This version fixes a bug with the ID Lock display. It also takes care of some other unspecified routine maintenance. You can get the upgrade at http://download.zonelabs.com/bin/free/information/zap/releaseHistory.html.

4/12/2004 MP3 Trojans for the Macintosh

Mac owners who were feeling smug about the lack of security threats on their platform of choice, may want to read about MP3Concept. It is a demonstration program that shows how MP3 programs can deliver a Trojan on a Macintosh. According to Symantec, an actual malicious program hasn't been released yet -- this just shows how it can be done. According to the conspiracy-minded, this is all a plot by the security companies to get Mac users to spend more on their AV products. You can read more at http://securityresponse.symantec.com/avcenter/venc/data/mp3concept.html, as well as other security sites on the Web.

4/9/2004 Internet Explorer Flaw Exploited Via Help Files

Want another reason why bundling a browser into the operating system might not be a good idea? Compliments of CERT and the Department of Homeland Security(DHS), here is a warning on how Microsoft Internet Explorer can be tricked into running arbitrary code (ie. a worm, Trojan, or virus) via a compiled help file. There is no patch available yet from Microsoft, so the advice from CERT and DHS is to disable Active Scripting and ActiveX controls in the local Machine Zone. You can read the details at http://www.kb.cert.org/vuls/id/323070.

4/8/2004 Cisco Left a Backdoor That Can't Be Locked

It appears that Cisco hardwired in a default username/password into their Wireless LAN Solution Engine (WLSE) and Hosting Solution Engine (HSE) software. With this information, anyone could log on and control the device. As this software ships, there is no way to disable the username (oops!) nor any workaround. You will have to get the upgraded software, which is available from Cisco at http://www.cisco.com/warp/public/707/cisco-sa-20040407-username.shtml.

The BugBlog is free- but if you want to help support its existence, please make a donation via PayPal using the button at left. Better yet, subscribe to the BugBlog Plus. A three month subscription is only $5.

4/7/2004 Security Problems for RealNetworks, Winamp

The security group NGSSoftware has posted a security alert about the popular digital music player Winamp. Because of a bug in the way Winamp takes care of memory, it may be possible for an attacker to use a malicious HTML file to get Winamp to run the attacker's code. This has been fixed in Winamp 5.0.3. You can download it at http://www.winamp.com/player/

The security group NGSSoftware has found a potential security bug in a component used by many RealNetworks software products, including RealPlayer 8, RealOne Player, RealOne Player 2 for Windows, and RealPlayer Enterprise. The component is the R3T plugin. RealNetworks has an update that will remove the plugin and thus close the security hole. Get it at http://service.real.com/help/faq/security/040406_r3t/en/.

4/6/2004 Incompatibilities between iPhoto Libraries

Apple says that if you upgrade to iPhoto 4, do not try to use libraries created by this newer version in iPhoto 2. There is a new library format in iPhoto 4, that not only can't be read in iPhoto 2, Apple says that if you try, you may damage the library and it won't work in iPhoto 4 any more, either. As a workaround, export photos from iPhoto 4, and then import them into iPhoto 2.

4/5/2004 Enter Key Problems in NVIDIA Control Panel

After upgrading to the NVIDIA GeForce FX 5600 Driver 56.72, you may have problems with the Enter key when using the NVIDIA control panel. According to NVIDIA, pressing the Enter key in a dialog may not have its intended result. They say this will be fixed in a future driver release.

4/4/2004 Microsoft Upgrades Wi-Fi Security in Windows XP

Microsoft has released a Support Patch for Wi-Fi Protected Access. This will increase security according to new standards developed by the WiFi Alliance. Some details on the security upgrade are at http://support.microsoft.com/default.aspx?scid=815485. This page will also link you to the patch download.

4/3/2004 Dreamweaver Scripts May Be Security Breach

Macromedia says that when you use dynamic web pages in Dreamweaver MX, which rely on databases, some of Dreamweavers's default behavior may leave you vulnerable. What happens ks that some scripts are automatically placed in your _mmServerScripts in the root of your website. An attacker may be able to take advantage of them to gain some access to your system. As a workaround, you should make sure these scripts are only on your testing server, not a webserver, and that databases are protected by strong usernames and passwords. See http://www.macromedia.com/support/dreamweaver/ts/documents/rem_db_security.htm?
for full details.

4/2/2004 Online View Can Crash OpenOffice

In OpenOffice 1.1, if a word processing document has bullets or non-breaking hyphens, you may crash OpenOffice if you look at the document in online layout view and then minimize the window. This has been fixed in OpenOffice 1.1.1.

4/1/2004 Windows Media Player Busy Behind the Scenes

After you upgrade to Microsoft Windows Media Player 9 Series, you may see that it leads to more network activity (if you have a network, that is.) That is because, by default, Media Player monitors the My Music folder, and if that folder is on a network share somewhere, it means a busier network. Microsoft says to turn off this option if your content is on a shared resource, so that this background monitoring will end.

3/31/2004 Better Connections With a Palm Tungsten C

If you aren't happy with the Wi-Fi connectivity of your Palm Tungsten C, you should get Update 2.0. It fixes a problem that was causing you to lose your Wi-Fi signal either because of an invalid DHCP request or due to a premature connection timeout. It also fixes a bug that was causing roaming problems where you were in a campus environment with multiple access points. Get the update at http://www.palmone.com/us/support/downloads/tungstenc/tungstenc_update_20.html.

3/30/2004 Windows XP Hotfix May Be Needed to Fix Earlier Hotfix Problems

If you install the Microsoft Windows XP hotfix that is described in Knowledge Base Article 818078, it deletes three values in the Registry key HKEY_CURRENT_USER\Volatile Environment. These are HOMEDRIVE, HOMEPATH and HOMESHARE. If some other third-party application needs these Registry values, they will then have problems. Microsoft has a new hotfix that will fix the problems caused by the earlier hotfix. If you need it, contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 824898. Note that you may get charged for this call.



| June 05 | May 05 | Apr 05 | Mar 05 | Feb 05 | Jan 05 | Dec 04 | Nov 04 | Oct 04 | Sept 04 | Aug | July 04| June 04 | May 04 | April 04 | Mar 04 | Feb 04| Jan 04 | Dec 03 | Nov 03 | Oct 03 | Sept 03 | August 03 | July 03 | June 03 | May 03 | April 03 | March 03 | February 03 | January 03 | December 02 | November 02