BugBlog Home
BJK Research Home
BJK Research Home

Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Jump to the BugBlog archives

Dec 06
Nov 06
Oct 06
Sept 06
Aug 06
July 06
June 06
May 06
Apr 06
Mar 06
Feb 06
Jan 06
Dec 05
Nov 05
Oct 05
Sept 05
Aug 05
July 05
Jun 05
May 05
Apr 05
Mar 05
Feb 05
Jan 05
Dec 04
Nov 04
Oct 04
Sep 04
Aug 04
Jul 04
June 04
May 04
Apr 04
Mar 04
Feb 04
Jan 04
Dec 03
Nov 03
Oct 03
Sept 03
Aug 03
July 03
June 03
May 03
April 03
Mar 03
Feb 03
Jan 03
Dec 02
Nov 02


View vintage BugNet coverage here

Cleveland-area blogs*:

Backup BugBlog

Economic Development Futures

Brewed Fresh Daily


Working with Words


Sardonic Views

Filtering Craig

Hotel Bruce


Up Yours

Kevin Holtsberry

Steve Goldberg

Red Wheelbarrow

Anita Campbell

Swerb's Blurbs

Rachel's Law

*there are more blogs in Cleveland, these are just from people I've met or know. Some of the above are actually farther away, but are bloggers I've met here.


What I'm Reading

The Baroque Cycle, by Neal Stephenson

Macromedia ColdFusion MX Web Application Construction Kit


Here is the daily bug, incompatibility or other computer problem from the BugBlog

The BugBlog is free- but if you want to help support its existence, subscribe to the BugBlog Plus. A three month subscription is only $5. XML The BugBlog uses monthly archives. All the current February are here. Use the links on the left or below to jump back to past months.

Read the Special Report on bugs, fixes, and incompatibilities in Windows XP Service Pack 2

3/1/2005 iPod shuffle Batter Pack Means a Software Upgrade

Apple says that if you want to use the Battery Pack with your iPod shuffle, you will need to get the iPod Updater 2005-02-22. That will deliver the iPod shuttle Software 1.1, which fixes a number of unspecified bugs as well as the battery support. The 24 MB download is at http://www.apple.com/support/downloads/ipodupdater20050222.html.

2/28/2005 Images in Clipboard Causes Windows Crash

Microsoft says that a bug in the Graphics Device Interface (GDI) may cause Windows Server 2003 or Windows XP to crash when you copy an image to the clipboard. You may also see this error message, although the numbers in parentheses may be different:
STOP: 0x00000050 (bc7cf000, 00000000, bf964404, 00000001)
Microsoft has a hotfix for this, which will be in future service packs for the two products. If you can't wait for these, contact Microsoft Technical Support and ask for the hotfix described in Knoweldge Base article 872797. Note that you may be charged for this call.

Today's BugBlog Plus has ten more bugs and fixes from Adobe, Apple, Cisco, HP Microsoft, Mozilla, and Novell.

2/26/2005 Company-wide Bug at Trend Micro

There is a bug that stretches across the security products line from Trend Micro, according to the security researchers at ISS-X Force. The problem is in the ARJ archive file format parser, where a heap overflow may allow an attacker to run their own code on a computer that is guarded by Trend Micro products. Fix this by going to Trend Micro at http://www.trendmicro.com/vinfo/default.asp?sect=SA and update to the VSAPI 7.510 or higher scan engine. You can read the original X Force advisory at http://xforce.iss.net/xforce/alerts/id/189.

2/25/2005 Mozilla Firefox 1.01 Security Fixes

Mozilla Firefox 1.01 has been released. It fixes a number of security bugs, most noticeably the bug for Internationalized Domain Name (IDN) homograph spoofing. Any IDNs will now be displayed as "puny code" which should guard against a spoofing attack where a website could impersonate a trusted web site as a way to steal data. Get the free update at http://www.mozilla.org/products/firefox/

2/24/2005 Solaris Susceptible to Bug in Kodak Color System

Sun Microsystems says there is a bug in the kcms_configure command, part of the Kodak Color Management System, in Solaris 7,8, and 9 that may allow any local user to modify any file on the system. Given the imagination of your local users, this could cause a certain amount of trouble. Sun has fix information at http://sunsolve.sun.com/search/document.do?assetkey=1-26-57706-1. They credit iDEFENSE with finding this bug.

2/23/2005 Apple Update for Java plug-in

Apple has a security update for their Java plug-in for Mac OS X. The update is for Java 1.4.2, and fixes a bug that may let an untrusted Java applet escalate its system privileges through JavaScript. The update isn't needed for versions before 1.4.2. You can get it at http://docs.info.apple.com/article.html?artnum=300980.

Today's BugBlog Plus has eight more bugs and fixes from Adobe, Apple, Microsoft, Novell, Red Hat and Yahoo!

2/22/2005 Cell Phone Hacking for Real

Smart cell phones like the T-Mobile Sidekick are really small computers, which means they can be hacked. In some way, the contents of Paris Hilton's Sidekick got posted on an Internet web site, including the phone numbers of some semi-famous people. (Since most BugBlog readers probably weren't in her address book, we are probably safe.) You can read some of the technical details at http://news.com.com//2100-7349_3-5584691.html, or check out the celebrity aspect at http://news.independent.co.uk/world/americas/story.jsp?story=613486. (I like the British description of her as "pampered hotel heiress and social flit-about.")

2/21/2005 CardBus Removal May Trigger Error

Microsoft says you may get a Blue Screen of Death if you remove a CardBus Compact Flash adapter from your computer, after you have transferred a file or edited a file on the device. The error message will look something like

although the hex numbers in parenthesis may be different. Microsoft says this has been fixed in Windows XP Service Pack 2. However, there are no fixes for it for Windows 2000 or Windows Server 2003.

2/18/205 Red Hat Updates PHP

Red Hat has an updated PHP package for Red Hat Enterprise Linux 4. A number of bugs in the PHP scripting language could be used by remote attackers to either access the memory of the target computer, or run their own code. You can get the updated package at https://rhn.redhat.com/errata/RHSA-2005-032.html.

2/17/2005 Mozilla Workaround for IDN Spoofing

On 2/9, the BugBlog reported an IDN Spoofing bug, where many browsers could be made to show one URL in the address bar, while you are actually at another site. Mozilla has a workaround -- in their upcoming Firefox 1.0.1 and Mozilla 1.8 beta support for IDN will be turned off by default. You will be able to turn it back on again, but will be warned about the spoofing. They also say that the ultimate problem here lies with the domain name registrars, who allow similar-sounding names (this is being called homograph spoofing). See the 2/14 entry at http://www.mozillazine.org/ for much more background.

2/16/2005 Can't See Through a Transparent Image in Adobe Pagemaker

If you are placing a TIFF or EPS graphic into Adobe PageMaker 6.5 -7.x, and that graphic has a transparency, it may not show up correctly on screen. It will be opaque onscreen, although it does print correctly and also exports to a PDF correctly. Adobe has a number of workarounds for this. The simplest may just be to rotate the graphic .01 degrees. Get all the details on the workarounds at http://www.adobe.com/support/techdocs/331220.html.

2/15/2005 IM Networks Seeing More Attacks

The instant messaging (IM) networks of America Online, ICQ, and MSN Networks have already seen ten different worm, Trojan, or virus attacks this year. One of these worms, for instance, spread over the MSN Network via a picture that showed a roast chicken with tan lines. These attacks are being tracked by Akonix Systems, according to a story at C Net at http://news.com.com/Triple+threat+IM+viruses+get+big+jump+on+2005/2100-7349_3-5575653.html.

2/14/2005 ZoneAlarm Denial of Service Attack

Zone Labs says there is a bug in ZoneAlarm Security Suite, ZoneAlarm Pro, ZoneAlarm, and Check Point Integrity that may allow local attackers to crash a system via IPC messages. According to them, this can't be triggered remotely, and it can't do anything other than a denial of service attack. This has been fixed in these releases: Check Point Integrity Client versions and 5.1.556.166; ZoneAlarm Security Suite, ZoneAlarm Pro, ZoneAlarm, ZoneAlarm with Antivirus version; and ZoneAlarm Wireless version Zone Labs credits iDEFENSE for finding this bug.

2/13/2005 MSN Network Forcing an Upgrade

Had problems using Microsoft's MSN Messenger the past couple days? It's because Microsoft has had to make sweeping updates to prevent an "insidious" security threat from sweeping through the network and affecting PCs running MSN Messenger. As of 2/11, you will only be able to access the MSN Messenger service with version 6.2.0205 of the software (or later). Use older versions, and you will get a prompt to upgrade. According to a story in the Security Pipeline, security researchers at Core Security Technologies alerted Microsoft in August 2004 about this bug, which was fixed in a release on February 8, part of Microsoft's massive release of security bulletins. Core published a proof-of-concept on that day, which may make it easier for people to launch attacks via a buddy icon. Read the full story at http://www.securitypipeline.com/news/60400358.

2/12/2005 Mac OS X 10.3.7 Networking Slowdown

If you area Mac OS X 10.3.7 user, you may have noticed that networked applications such as iChat or Mail seen to take a long time to open. Apple says they have fixed this (without actually calling it a bug) in the Mac OS X 10.3.8 update.

2/10/2005 Office 2003 Smart Tags Get Fixed

Microsoft has an update for Office 2003. This update is supposed to make Smart Tags more reliable, and Microsoft achieves this by restricting the ways that websites can be associated with the tags. To see the details and a link to the download, go to http://support.microsoft.com/?kbid=885828.

2/9/2005 Cross-Browser Spoofing Attack

Browsers that support IDN (International Domain Name) are susceptible to a spoofing attack where your address bar will show that you are at a particular site, such as your bank, while the content shown in the browser window is from some other site, such as an identity thief. Browsers that are susceptible include Mozilla, Firefox, OmniWeb, Opera, Konqueror (and other KDE browsers), Netscape, and Apple Safari. One browser that isn't affected is Microsoft Internet Explorer, because it doesn't support IDN. However, there is a plug-in that adds the support, and also the vulnerability. The Secunia security researchers have a test to see if your browser is vulnerable, which you can see at http://secunia.com/multiple_browsers_idn_spoofing_test/. As fix information becomes available, it will be listed individually for each of the browsers.

2/8/2005 Buffer Overrun Against Microsoft Office XP

Microsoft says that Office XP Service Pack 2 and 3, as well as the individual components Word 2002 and PowerPoint 2002, plus Microsoft Project 2002, Visio 2002, and Works Suite 2002, 2003, and 2004, are all susceptible to a buffer overrun. This has been labelled a Critical Update by Microsoft. A remote attacker could, if they can get a user to open an Office document via Microosft Internet Explorer or via an email link, take complete control of the computer system, at the level that the user is logged on. This won't affect you if Microsoft ISA 2004 is your web proxy. For everyone else, go to http://www.microsoft.com/technet/security/bulletin/ms05-005.mspx for links to download the appropriate patches. Microsoft credits Rafel Ivgi from Finjan Software Ltd for finding this bug.

2/7/2005 Windows XP SP2 Slows Down DVD Writing

According to a story in PC World, Windows XP Service Pack 2 slows down Nero AG's InCD4 DVD-burning software. This software is included with many DVD-RW drives, including Sony, Plextor, and Lite-On. Nero says this is because of a cache bug in SP2. Read the details, and get a link to a fix, at http://www.pcworld.com/howto/article/0,aid,119265,00.asp.

Read a review of Real World Web Services

Today's BugBlog Plus has five more bugs and fixes for Apple, Microsoft, and Sun Microsystems.

2/5/2005 Smart Card Authentication Problems on Wireless Networks

Microsoft says that if you are using a smart card for authentication when you log on to a wireless network with a Windows XP computer, you will have problems. While user authentication should be successful, computer authentication won't be. That's because the computer certificate from the smart card isn't accessible during the computer startup process. Microsoft has a hotfix for this, which will be in a future service pack. If you need the fix right away, contact Microsoft Technical Support and ask for the fix described in Knowledge Base article 890937. Note that you may be charged for this call.

Today's BugBlog Plus has five more bugs and fixes for Apple, IBM, Microsoft, and Novell.

2/4/2005 Mardi Gras and Microsoft

There will be no Mardi Gras celebrations for system administrators. Microsoft is releasing nine security bulletins on 2/8 concerning Windows (the worst is a Critical level), plus bulletins for SharePoint Services and Office, .NET framework, MS Office and Visual Studio, and Windows Media Player and Messenger. Those last two are also critical.

2/3/2005 RealPlayer Bugs Team Up with IE Bugs

According to the security researchers at Secunia, a bug in Real Networks RealPlayer 10.x can be combined with already-known bugs in Microsoft Internet Explorer, to deliver malicious content to your computer via a RealMedia .rm file. There have been exploits published that show how to do this. The only prevention for now is to avoid dubious .rm files. Read the Secunia warning at http://secunia.com/advisories/14087/.

2/2/2005 Viruses Come in .rar form

If your email has a file attachment with a .rar file extension, be extra cautious. A story in eWeek says that virus creators are now using the .rar archive method as a way to package their viruses and get them past the anti-virus systems. The story, at http://www.eweek.com/article2/0,1759,1756636,00.asp, claims "Experts say .rar files carrying viruses have been sailing past commercial anti-virus products and finding their way into the mailboxes of users."

Today's BugBlog Plus has eleven more bugs and fixes for Apple, Cisco, IBM, Microsoft, Red Hat and Sun Microsystems.

2/1/2005 DVD-RW Compatibility Problems for Apple

Apple says that some of their SuperDrives may burn DVD-RW disks that won't be recognized by the Mac OS X DVD Player. The models that cause problems are the Pioneer DVD-RW DVR-106D and the Pioneer DVD-RW DVR-107D. Try to boot these disks, and you may see an error message
Not Permitted
Apple says that if you run into this problem, stick to DVD-R disks when making DVD-Video content.

2/1/2005 Microsoft Wins the Bug of the Month Again

1/31/2005 Microsoft GDI Fix Causes a TIFF Problem

Microsoft says that the fixes they have made to GDI+ (Graphics Device Interface) in Windows XP may interfere with the ability of Microsoft Office 2003 to open some TIFF files. The fixes to GDI+ were to fix some security bugs, but they also prevent any TIFF file compressed with the JPEG format from being opened. If you run into this problem, Microsoft says to use the Microsoft Office Document Imaging tool to change the compression schem to lossless compression, or LZW. See the details for this at http://support.microsoft.com/?kbid=885938.

Today's BugBlog Plus has ten more bugs and fixes from Apple, Cisco, IBM, Microsoft, Mozilla and Nullsoft.


| June 05 | May 05 | Apr 05 | Mar 05 | Feb 05 | Jan 05 | Dec 04 | Nov 04 | Oct 04 | Sept 04 | Aug | July 04| June 04 | May 04 | April 04 | Mar 04 | Feb 04| Jan 04 | Dec 03 | Nov 03 | Oct 03 | Sept 03 | August 03 | July 03 | June 03 | May 03 | April 03 | March 03 | February 03 | January 03 | December 02 | November 02

Home | Contact | Writing | Online | News | Tips | CABE |

© 2005 BJK Research LLC