BugBlog Home
BJK Research Home
BJK Research Home

Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Jump to the BugBlog archives

Dec 06
Nov 06
Oct 06
Sept 06
Aug 06
July 06
June 06
May 06
Apr 06
Mar 06
Feb 06
Jan 06
Dec 05
Nov 05
Oct 05
Sept 05
Aug 05
July 05
Jun 05
May 05
Apr 05
Mar 05
Feb 05
XP SP2
Jan 05
Dec 04
Nov 04
Oct 04
Sep 04
Aug 04
Jul 04
June 04
May 04
Apr 04
Mar 04
Feb 04
Jan 04
Dec 03
Nov 03
Oct 03
Sept 03
Aug 03
July 03
June 03
May 03
April 03
Mar 03
Feb 03
Jan 03
Dec 02
Nov 02

XML

View vintage BugNet coverage here

Cleveland-area blogs*:

Backup BugBlog

Economic Development Futures

Brewed Fresh Daily

Cleve-blog

Working with Words

Gassho

Sardonic Views

Filtering Craig

Hotel Bruce

Blogcritics.org

Up Yours

Kevin Holtsberry

Steve Goldberg

Red Wheelbarrow

Anita Campbell

Swerb's Blurbs

Rachel's Law

*there are more blogs in Cleveland, these are just from people I've met or know. Some of the above are actually farther away, but are bloggers I've met here.

Blogcritics

What I'm Reading

quicksilver
The Baroque Cycle, by Neal Stephenson



Macromedia ColdFusion MX Web Application Construction Kit

BugBlog

Here is the daily bug, incompatibility or other computer problem from the BugBlog

The BugBlog is free- but if you want to help support its existence, subscribe to the BugBlog Plus. A three month subscription is only $5. XML The BugBlog uses monthly archives. All the current January are here. Use the links on the left or below to jump back to past months.

Read the Special Report on bugs, fixes, and incompatibilities in Windows XP Service Pack 2

1/31/2005 Microsoft Wins the Bug of the Month Again

1/31/2005 Microsoft GDI Fix Causes a TIFF Problem

Microsoft says that the fixes they have made to GDI+ (Graphics Device Interface) in Windows XP may interfere with the ability of Microsoft Office 2003 to open some TIFF files. The fixes to GDI+ were to fix some security bugs, but they also prevent any TIFF file compressed with the JPEG format from being opened. If you run into this problem, Microsoft says to use the Microsoft Office Document Imaging tool to change the compression schem to lossless compression, or LZW. See the details for this at http://support.microsoft.com/?kbid=885938.

Today's BugBlog Plus has ten more bugs and fixes from Apple, Cisco, IBM, Microsoft, Mozilla and Nullsoft.

1/29/2005 Microsoft AntiSpyware Trips Up Windows Media Center

Microsoft says that there is an incompatibility between their new Windows AntiSpyware software (which, to be fair, is still a beta product) and the Window Media Center Edition 2005. According to Microsoft, the Windows Media Center Extender won't be able to establish a remote connection. You will need to remove the AntiSpyware via the Add/Remove Applet in the Control Panel.

Today's BugBlog Plus has five more bugs and fixes from Adobe, Apple, and Microsoft.

1/28/2005 MySQL Attacks Against Windows Systems

Attackers are taking advantage of weak passwords in the default Windows installations of MySQL to take over these machines, and then using these zombie computers to launch other attacks. It appears that at least 8000 of the MySQL installations have been compromised. Since there is at least one estimate of eight million MySQL installations worldwide (but not all on Windows) there could be even more problems. Read more about it at http://www.eweek.com/article2/0,1759,1756094,00.asp.

1/27/2005 Cisco Routers Have DoS Bug

Cisco says that their routers running Border Gateway Protocol (BGP) configured with the bgp log-neighbor-changes option (which is on by default in later versions of IOS) are vulnerable to a denial of service attack. This affects routers running Cisco IOS 9.x, 10.x, 11.x, 12.0(22)S, 12.0(11)ST, 12.1(10)E, and 12.1(10). Updated information to fix this bug is at http://www.cisco.com/warp/public/707/ cisco-sa-20050126-bgp.shtml.

1/26/2005 Apple Plugs a Safari Hole

Apple says that a bug in their Safari browser for Mac OS X 10.2.8 client and server, and Mac OS X 10.3.7, may allow a pop-up window from a malicious website to pretend to be from a trusted website. This can only happen if the "Block Pop-up Windows" option has been turned off. This has been fixed in the Apple Security Update 2005-001. Apple credits Secunia Research for finding this bug.

Today's BugBlog Plus has 12 more bugs and fixes from Apple, ATI, Mandrake, Microsoft, and PayPal.

1/25/2005 Windows XP SP 2 Slows Down Some File Uploads

Windows XP Service Pack 2 may slow down some file uploads. If you are using Internet Explorer 6 to upload a file using an SSL (Secure Socket Layer) connection to a website whose URL starts with https:// and uses an active server page (.asp) or a script to process the file, the upload may take much longer than expected, according to Microsoft. They have a hotfix for this, along with a Registry edit. To find out about the hotfix, and to get the instructions and safeguards for editing the Registry, see http://support.microsoft.com/?kbid=889334.

1/24/2005 Encryption Flaws in Microsoft Office

There is a flaw in the data encryption features in Microsoft Word and Excel, according to a security researcher at the Institute of Infocomm Research in Singapore . A story on ZD Net says that Microsoft Office doesn't do the encryption correctly, meaning that it is easier than it should be to retrieve information from those encrypted files. Another security expert says that this bug is almost identical to one discovered in Microsoft products in 1999. Read the full story at
http://news.zdnet.com/Flaw+found+in+Office+encryption/2100-1009_22-5543940.html.

Today's BugBlog Plus has ten more bugs and fixes from Apple, Microsoft, Novell, Red Hat, Sun Microsystems and Symantec.

1/23/2005 New Worm Uses Current Headlines to Fool Recipients

The Security Pipeline talks about a new worm, called Crowt.a by Sophos, that takes current headlines from the CNN website, along with message content, so that it can fool the recipient into thinking they are receiving a news bulletin. What they actually get is the worm which records keystrokes and also opens a back door on the computer. Since the headlines are constantly changing, the worm may look like a legitimate news bulletin.

1/21/2005 Lotus Notes Misses on XHTML

IBM says that the Lotus Notes client does not support a number of XHTML, or XML tags, and if you use it to browse a web page that has these tags, the page may not render correctly. (That would include this page.) These tags include <br/>, <hr/> and <img/>. According to IBM, an enhancement request to bring the Lotus Notes client into the 21st Century has been made.

Today's BugBlog Plus has five more bugs and fixes from Apple, ATI, and Microsoft.

1/20/2005 Cisco IOS Telephony Crash

Devices running Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, and with Cisco IOS Telephony Service (ITS), Cisco CallManager Express (CME) or Survivable Remote Site Telephony (SRST) turned on, are vulnerable to a denial of service attack. Sending specially designed control protocol messages to the device could cause the crash. Read the details and fix information at http://www.cisco.com/warp/public/707/cisco-sa-20050119-itscme.shtml.

1/19/2005 Windows 2000 Fixes Cause Problems for Windows Explorer

A Windows 2000 computer with either the MS04-004 cumulative security update for Internet Explorer or the MS03-048 November 2003 cumulative security update for Internet Explorer may develop problems in Windows Explorer. The links in the See also list, to My Documents, My Network Places, or My Computer, may not work. Clicking on My Documents may give this error message
Cannot find 'file:///::%7B450d8fba-ad25-11d0-98a8-0800361b1103%7D'. Make sure the path or Internet address is correct.
Clicking on My Network Places may generate this
file:///::%7B208D2C60-3AEA-1069-A2D7-08002B30309D%7D'. Make sure the path or Internet address is correct.
Microsoft has a hotfix that should fix the bugs introduced by these two previous hotfixes. This will be in a future Windows 2000 service pack. You can also get it by contacting Microsoft Technical Support and asking for the hotfix described in Knowledge Base article 839654. Note you may be charged for this call.

Today's BugBlog Plus has eleven more bugs and fixes from Apple, ATI, Microsoft, Netgear, Oracle, and Red Hat.

1/18/2005 iTunes Keeps Your Mac Awake

If you are using iTunes 4.7 on a Mac OS X 10.3 or later and AirPort Express with 6.1 firmware, streaming music to iTunes through an AirPort Express will keep your computer's display from going to sleep. If you want your screen to shut down while you are just listening to music, you will need to upgrade to iTunes 4.7.1 or later.

1/17/2005 Some Panic at Panix

Having your domain name hijacked is bad news. Even worse is when the name hijacked belongs to an ISP. In this case Panix.com, based in New York, says that somehow ownership of its domain had been switched to a company in Australia, the DNS records had been moved to the UK, and email to the company is being re-directed to Canada. (Hmm, sounds like a plot by the British Empire.) If you've sent email to someone with an address ending in @panix.com, the company says to assume it's lost or compromised. If you try to go to a panix.com site, assume for now that it is spoofed. Read more at http://news.zdnet.com/2100-9588_22-5538227.html.

Today's BugBlog Plus has ten more bugs and fixes from Google, Live Journal, Mandrake, Maxis, Microsoft, and Novell.

1/15/2005 Worm Hides Behind Tetris-Style Game

A worm called W32/Cellery-A hides behind a version of the Tetris computer game, according to a report by the anti-virus firm Sophos. While an innocent user may be playing the Tetris-style arcade game and listening to a MIDI tune, the worm is actively seeking other computers on the network to infect. It may arrive as an email message labelled Chancellery. Sophos writes about it at http://www.sophos.com/virusinfo/articles/cellery.html.

1/14/2005 Sims 2 Fixes Baby, Pizza, and Engagement Bugs

The Sims 2 has been updated to fix a number of quirks that may interfere with your sim-life: if your fiancé dies you will now be able to get engaged again; a visitor leaves your lot while carrying your baby will not result in a kidnapping; an adopted baby won't snap to the ground when the social worker puts it in a crib (that's got to hurt!); maids will now clean up pizza boxes and baby bottles; the newspaper delivery person shouldn't get stuck on your lot; and others. Get this 1/11/2005 update at http://thesims2.ea.com/update/.

1/13/2005 Script Bug Trips Up Novell SuSE Linux Kernel

Novell says that the SuSE Linux 9.2 kernel update from the end of December had some problems that may lead to non-booting systems. This was due to a bug in the post-installation scripts. The updates have been fixed, and it is now safe to update. If you updated with the bad version, and your system won't boot, see http://www.novell.com/linux/security/advisories/2005_01_sr.html for workaround information.

Today's BugBlog Plus has five more bugs and fixes from Google, id Software, Microsoft, and Red Hat.

1/12/2005 Cursors and Icons May Allow Attack in Windows

Did you ever think there might be too much needless junk in Windows? Two vulnerabilities in the way that animated cursors and icons are handled may give a remote attacker a way to run their own code on your system. This bug affects Windows NT 4.0 Server, Windows 2000 Service Pack 3 and 4, Windows XP Service Pack 1, Windows XP 64-bit, and Windows Server 2003. This is a critical update from Microsoft, and patches can be downloaded from the Microsoft Download Center, or by following the links from http://www.microsoft.com/technet/security/bulletin/ms05-002.mspx. Microsoft credits eEye for finding this bug.

Today's BugBlog Plus has nine more bugs and fixes from Adobe, Apple, Microsoft and T-Mobile.

1/11/2005 Critical Patch for Windows HTML Help

Microsoft has a critical update for the HTML Help, that will help plug a hole where an attacker, via Internet Explorer, may be able to remotely run their own code on your computer. This affects Internet Explorer 6 on Windows 2000 Service Pack 3 and 4, Windows XP Service Pack 1 and 2, and Windows Server 2003. The problem specifically is a cross-domain vulnerability in the HTML Help ActiveX control. Links to the update for each version of Windows are at http://www.microsoft.com/technet/security/bulletin/MS05-001.mspx.

Today's BugBlog Plus has five more bugs and fixes from Apple, IBM, Microsoft and Novell.

1/10/2005 Problems with Some HP Photosmart Printers

Hewlett-Packard Photosmart 325 and 375 printers may have some problems during installation. You may see this error message on a Windows computer
The wizard could not find the software…Cannot install this hardware
while the error message on a Mac OS X computer may be
-9672
The problem is a bad printer. HP says to call their Customer Care Center at 800-HP INVENT to get a replacement. HP also says this affects only a limited number of these printers.

Today's BugBlog Plus has six more bugs and fixes from Apple, IBM, Macromedia, Mandrake, and Microsoft.

Read a review of Mozilla Thunderbird 1.0

1/8/2005 IE Bug Gets Elevated to Extremely Critical

Security researchers at Secunia have escalated their warning on some Microsoft Internet Explorer bugs to Extremely Critical, which is their highest level. The bugs are in HTML Help, in the drag and drop from the Internet Zone, and a way to circumvent Windows XP SP 2 security, and all have been reported earlier. However, now some example code that shows how to exploit these is circulating. If attackers put everything together, it's possible they could take over your computer. Although Microsoft is releasing security updates on January 11, they have not said whether one of them is to fix IE. You can read the full write-up at http://secunia.com/advisories/12889/.

Read a review of Amazonia: Five Years at the Center of the Dot Com Revolution

1/7/2005 IE Users Get Exposed on Sun Messaging Servers

Sun ONE Messaging Server 6.1 (for Solaris 9), Sun ONE Messaging Server 6.1 (for RHEL 2.1) and Sun ONE Messaging Server 6.1 for Solaris 8 and 9, may expose users to an attack via email. The attacker may be able to construct a message that will allow them to run Javascript on the victim's browser. This will only happen if the victim is using Microsoft Internet Explorer as the client browser to view their webmail. Patches for each version of the servers are at http://sunsolve.sun.com/search/document.do?assetkey=1-26-57691-1.

Today's BugBlog Plus has five more bugs and fixes from EA Sports, IBM, Microsoft, and Symbian.

1/6/2005 EA Sports Speed Problem on Centrino Laptops

EA Sports says that a number of their games don't really like laptop computers using an Intel Centrino processor. It might cause these games to run at "abnormal" speeds, although they don't say whether this means abnormally fast or abnormally slow. The games include FIFA Soccer 2005, Madden NFL 2005, NASCAR 2004, NBA Live 2005, NHL 2005 (I guess there is no strike in the game world) and Tiger Woods PGA Tour 2005. One suggested workaround is to unplug the laptop and play the game using battery power. A second is to go to your laptop maker's website and look for driver updates.

Today's BugBlog Plus has five more bugs and fixes from IBM, Mandrake, Microsoft, and Red Hat.

1/5/2005 Mozilla May Allow Download Spoofing

There is a bug in Mozilla 1.7 for Windows and Linux, and Firefox 1.0 that may let attackers spoof the source name in the Download Dialog box. If there is a really long domain name or path name to the download, it may be truncated. Somebody might use this knowledge to try to spoof what is being downloaded. You should be able to see that it is a long name being downloaded, which should alert you to the possibility of a problem, especially if you are at an unknown or untrusted web site. You can follow along with Mozilla.org's discussion of the bug and fix at https://bugzilla.mozilla.org/show_bug.cgi?id=275417.

Today's BugBlog Plus has ten more bugs and fixes from Adobe, Microsoft, Novell and Red Hat.

1/4/2005 USB Driver Trips Up Small Business Server

If your Microsoft Small Business Server 2000 periodically restarts with this error message
STOP 0x000000D1 (0xdeadfb06, 0x00000002, 0x00000000, 0xf6753512)
the problem may be a bad USB device driver. Microsoft says that an unsupported USB device driver that is using theOpenhci.sys driver may cause this problem. As a workaround, identify which USB devices are using bad drivers, and remove them. Then check with their manufacturer, and see if there is an update. Microsoft has links to various vendor websites at http://support.microsoft.com/?kbid=888825, if you are not sure where to find them.

1/3/2005 Microsoft "Wins" The Inaugural Bug of the Month

A flaw in Windows XP Service Pack 2 takes the January 2005 prize.

1/3/2005 Adobe Apps Have Problems with Sony VAIO

Adobe says that Photoshop CS, Illustrator CS and GoLive CS may all run into problems on Sony VAIO computers that come with Windows XP Service Pack 2 pre-installed. You try to launch any of these programs on the new VAIOs, and you may see this error message
The application failed to initialize properly - 0xc00000005
The problem is actually Sony SonicStage Mastering Studio Audio Filter version 1.1, which comes on these computers. This application isn't compatible with the Adobe apps. Instructions on how to upgrade the Sony program are at http://www.adobe.com/support/techdocs/11331107.html.

Today's BugBlog Plus has five more bugs and fixes from Adobe, IBM, Microsoft, and Red Hat.


| June 05 | May 05 | Apr 05 | Mar 05 | Feb 05 | Jan 05 | Dec 04 | Nov 04 | Oct 04 | Sept 04 | Aug | July 04| June 04 | May 04 | April 04 | Mar 04 | Feb 04| Jan 04 | Dec 03 | Nov 03 | Oct 03 | Sept 03 | August 03 | July 03 | June 03 | May 03 | April 03 | March 03 | February 03 | January 03 | December 02 | November 02

© 2005 BJK Research LLC