BugBlog Home
BJK Research Home
BJK Research Home

Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Jump to the BugBlog archives

Dec 06
Nov 06
Oct 06
Sept 06
Aug 06
July 06
June 06
May 06
Apr 06
Mar 06
Feb 06
Jan 06
Dec 05
Nov 05
Oct 05
Sept 05
Aug 05
July 05
Jun 05
May 05
Apr 05
Mar 05
Feb 05
Jan 05
Dec 04
Nov 04
Oct 04
Sep 04
Aug 04
Jul 04
June 04
May 04
Apr 04
Mar 04
Feb 04
Jan 04
Dec 03
Nov 03
Oct 03
Sept 03
Aug 03
July 03
June 03
May 03
April 03
Mar 03
Feb 03
Jan 03
Dec 02
Nov 02


View vintage BugNet coverage here

Cleveland-area blogs*:

Backup BugBlog

Economic Development Futures

Brewed Fresh Daily


Working with Words


Sardonic Views

Filtering Craig

Hotel Bruce


Up Yours

Kevin Holtsberry

Steve Goldberg

Red Wheelbarrow

Anita Campbell

Swerb's Blurbs

Rachel's Law

*there are more blogs in Cleveland, these are just from people I've met or know. Some of the above are actually farther away, but are bloggers I've met here.


What I'm Reading

The Baroque Cycle, by Neal Stephenson

Macromedia ColdFusion MX Web Application Construction Kit


Here is the daily bug, incompatibility or other computer problem from the BugBlog

The BugBlog is free- but if you want to help support its existence, subscribe to the BugBlog Plus. A three month subscription is only $5. XML The BugBlog uses monthly archives. All the current April bug are here. Use the links on the left or below to jump back to past months.

Read the Special Report on bugs, fixes, and incompatibilities in Windows XP Service Pack 2

4/30/2005 Disk Utilities May Not Be Compatible with Mac OS X 10.4

Playing with Tiger? If you have upgraded to Mac OS X 10.4, which is the Tiger Release, note that it supports Extended Attributes in the file system. If you try to use older disk utilities with Mac OS X 10.4, Apple says you may either get false errors, or the utility may try to fix things and will wipe out some data instead. Before you use any third-party disk utility, such as Alsoft DiskWarrior, Micromat Tech Tool, and Symantec Norton Disk Doctor, check to make sure you have a version that will be compatible with 10.4. Apple points out that there is a disk utility that is included with the new version.

Today's BugBlog Plus has five more bugs and fixes for Macromedia and Microsoft.

4/29/2005 Spyware Seven Step Program

No, this isn't for software that wants to kick a spyware addiction. These are the seven things to consider when picking your anti-spyware package, courtesy of the Security Pipeline. The checklist accompanies a story detailing how many big software companies are enrolling in the anti-spyware fight. Read it at http://www.securitypipeline.com/161601251.

4/28/2005 Symantec AntiVirus Had a Bug

Symantec says that the there is a bad component in the Symantec Antivirus products for Windows. It is the portion of the program that looks at archived or encoded products. An attacker may be able to place malicious code within an archived file, and will not be noticed by the initial antivirus scan. However, if the code is extracte from the archive, Symantec says their RealTime virus scan will catch it. They have already fixed this -- it will only be an issue if you updated to a bad version, and then didn't update to a fixed version. Go to http://securityresponse.symantec.com/avcenter/security/Content/2005.04.27.html to see the versions of the bad builds.

4/27/2005 Lowdown on iPod Batteries

There has been a certain amount of complaining over the performance and battery life of Apple iPods. (Not from me -- I don't have one.) Here's a page that attempts to link to all the information about the topic. Note that its not an official Apple page, although it is pro-Apple. It does link to a number of other articles that I'm sure don't get the Apple seal of approval. Read the whole thing at http://ipodbatteryfaq.com/.

Today's BugBlog Plus has eleven more bugs and fixes for Adobe, Apple, IBM, Microsoft, Netscape, Red Hat and Sun Microsystems.

4/26/2005 Adobe Fixes an InDesign Overflow

Adobe has fixed a buffer overflow in InDesign 3. This overflow enabled an attacker to send a specially formatted PNG file that could crash InDesign. The patched version is the April 2005 release of InDesign 3.0.1.

4/25/2005 Musicmatch Jukebox Fixes an Overflow

There's an update to Musicmatch Jukebox to fix two security bugs. One might cause a buffer overflow, which could be exploited by an attacker to run their own code on your computer. Another bug is an input validation error that a malicious website could use to overwrite your files. Go to http://www.musicmatch.com/download/free/security.htm. Windows XP users can grab the updated version 10; other versions of Windows must be content with the updated version 9. Credit for finding the bugs goes to Robert Fly and Hyperdose, along with Musicmatch.

Today's BugBlog Plus has ten more bugs and fixes for Adobe, Apple, Microsoft, and Red Hat.

4/23/2005 iSync Overflow Could Sink Mac OS X

Apple has a security update to fix a buffer overflow in iSync. This bug could be exploited by local users so that they could run their own commands as root on the local system. The update is for iSync 1.5 on Mac OS X 10.2.8 and Mac OS X 10.3.x. Apple credits Braden Thomas for finding this bug.

Today's BugBlog Plus has five more bugs and fixes for Adobe and Microsoft.

4/22/2005 Windows 2000 Bug in Windows Explorer

Security researchers at GreyMagic say that Windows Explorer in Windows 2000 has a serious bug in the Web View preview pane. An attacker may be able to construct a file that hides damaging code inside a document. It could be triggered when someone browses the file via Windows Explorer's web view. The GreyMagic advisory is at http://www.greymagic.com/security/advisories/gm015-ie/. A story in eWeek says that Microsoft has confirmed this, although not via a Knowledge Base posting. That story is at http://www.eweek.com/article2/0,1759,1788600,00.asp. As a workaround, Windows 2000 users can go to Windows Explorer and give the Tools, Folder Options, Use Windows Classic Folders.

4/21/2005 Buffer Overflow on Real Player

RealNetworks has fixed a bug in almost all versions of their RealPlayer and RealOne Player on Windows, Mac, and Linux platforms. The bug caused a buffer overflow that may have allowed an attacker to run their own code on the victim's computer. Go to http://service.real.com/help/faq/security/050419_player/EN/ to get your update.

4/20/2005 Long Awaited Fix for Windows Media Player

Microsoft has patched Windows Media Player 9 and Windows Media Player 10. This update fixes a number of bugs, including one where the Windows Digital Rights Management can be fooled into redirecting the user to a hostile web page. This security problem was widely publicized earlier in 2005. Couriously, the fix was released after Microsoft's normal Patch Tuesday for security fixes. Get your fix at http://support.microsoft.com/kb/892313/.

Today's BugBlog Plus has seven more bugs and fixes for Apple, Microsoft, Mozilla, OpenOffice, Oracle, PHP, and Red Hat.

4/19/2005 Bug in McAfee Internet Security Suite

Researchers at iDefense say there is a bug in the McAfee Internet Security Suite 2005. The problem is with lax permissions on who can make changes to files in the McAfee application. A local attacker without Administrator permissions may be able to substitute a file with malicious code, or otherwise change things. According to iDefense, McAfee has acknowledged the bug and is providing fixes through their automated updating service. McAfee also says this only affects "an extremely small subset" of their users. Read the original security bulletin at http://www.idefense.com/application/poi/display?id=233.

Today's BugBlog Plus has five more bugs and fixes for Apple, Microsoft, Mozilla and Sun Microsytems.

4/18/2005 Windows Server 2003 Service Pack Breaks Microsoft Apps

Microsoft says that after you install Windows Server 2003 Service Pack 1, you will have some compatibility problems with Microsoft Application Center 2000 Service Pack 2. Applications may have problems connecting to a server when a cluster is created. Microsoft says to see http://support.microsoft.com/?kbid=329473 for workaround information.

Today's BugBlog Plus has six more bugs and fixes for Apple, Microsoft, and Mozilla.

4/17/2005 Apple Patches Safari Bug

The Mac OS X 10.3.9 Update fixes a security bug in Safari. Without the update, in both the Mac OS X client and server, a hostile website may be able to combine some HTML and Javascript to run hostile content in the local domain. Apple credits David Remahl for finding this problem.

Today's BugBlog Plus has five more bugs and fixes for Apple, IBM, and Microsoft.

4/16/2005 Firefox Fixes Favicon Flaw

The Mozilla Foundation has patched a bug in Firefox and in the Mozilla Suite. A malicious webpage may be able to play tricks with the favicons function, which is what adds the little website logo to your address bar or bookmarks list. As a result, they may have been able to run a script that would run malicious content on your computer. This is fixed in Firefox 1.0.3 and Mozilla Suite 1.7.7. The Mozilla Foundation credits Michael Krax for finding this bug.

Today's BugBlog Plus has five more bugs and fixes for Microsoft and Mozilla.

4/15/2005 Adobe InDesign Decides to Quit

While running Adobe InDesign CS on a Mac OS X 10.2.x or 10.3.x computer, the program may crash with one of these uninformative error messages:
Adobe InDesign is shutting down. A serious error was detected, please restart.
InDesign has unexpectedly quit.
Adobe has two possible solutions to this. The first, if applicable, is to update to Mac OS X 10.2.8 or later. If you've already done that, then they suggest re-creating the InDesign preferences file. See http://www.adobe.com/support/techdocs/330125.html for help on how to do that.

4/14/2005 Some Massive Identity Theft Numbers

Two different data brokers, ChoicePoint Inc. and LexisNexis, have testified before Congress that possibly "hundreds of thousands" of US residents have had their data compromised. That's not the greatest news to read the same week you e-filed your tax return. Also "Even if Social Security numbers were not for sale on the Internet, the reality is Social Security numbers have been compromised in many ways for such a long period that it's laughable that either government or commercial enterprises [use them]... as identifiers for maintaining security of databases." Read the whole thing at http://www.computerworld.com/securitytopics/security/story/0,10801,101058,00.html.

4/13/2005 Bug in Windows Shell

Microsoft says there is a bug in the Windows Shell that may allow a remote attacker to run their code on your computer. However, for this to happen, you would have to open up an attachment that was sent to you via email. This affects Windows 2000, Windows XP, and Windows Server 2003. (It has been fixed in Windows Server 2003 Service Pack 1.) Microsoft says that the exploit happens through unregistered file name extension types. If a system is configured to block unknown names, it should help prevent this vulnerability. Microsoft only deems this an Important, not a Critical Update. You can get the updates at http://www.microsoft.com/technet/security/bulletin/MS05-016.mspx. Microsoft credits iDEFENSE for finding this bug.

Today's BugBlog Plus has 12 more bugs and fixes for Apple, Microsoft, Red Hat, and Sun Microsystems, including full coverage of Microsoft's Patch Tuesday.

4/12/2005 Critical Update for Windows TCP/IP

Microsoft has patched TCP/IP in most versions of Windows to fix five separate bugs that may allow remote attackers to crash your computer or possibly take it over completely. This affects Windows 2000 Service Packs 3 and 4, Windows XP Service Packs 1 and 2, and Windows Server 2003. Earlier versions of Windows (98, ME) are affected, too, but Microsoft says its not critical for them. This has already been fixed in Windows Server 2003 Service Pack 1, which was released last week. You can get patches for your version of Windows at http://www.microsoft.com/technet/security/bulletin/MS05-019.mspx. Microsoft credits these people for finding these bugs: Song Liu, Hongzhen Zhou, and Neel Mehta of ISS X-Force; Fernando Gont of Argentina's Universidad Tecnologica Nacional/Facultad Regional Haedo; and Qualys.

4/11/2005 MS Word Gives Nightmare to Dreamweaver

Microsoft Word's Track Changes feature may behave unexpectedly with Macromedia Dreamweaver or Contribute. If you import parts of a Word document into one of Macromedia's web editing programs, and that document has been set up to track changes, text that was deleted in the Word document may show up in Dreamweaver, no matter whether the settings for Display for Review or Track Changes is later turned off. Macromedia suggests some safeguards at http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=7d45cde; since this is part of a broader problem (what might be hidden in a Word document) they also point to Microsoft's help at http://office.microsoft.com/en-us/assistance/HA010983881033.aspx.

4/10/2005 Review of Cargo Magazine

Getting away from usual bug coverage, here's a review of Cargo Magazine.

4/10/2005 Upgrade Upsets an iPod

Upgrade your iPod photo from version 1.0 to 1.1, and it might go a little goofy on you. Apple says that some transitions won't work, you may see a black screen during a slide show, and that colors may not appear correctly. Apple says that the colors may look like "abstract art" instead. Fix this by connecting the iPode to iTunes 4.7.1 after you do the upgrade. iTunes will update the photo library so that it will appear correctly. If you can't do that, Apple says restoring the iPod 1.1 software may also work.

Today's BugBlog Plus has five more bugs and fixes for Macromedia, Microsoft, and Novell.

4/8/2005 April's Patch Tuesday Will Be Busy

Microsoft has given advance notice that Tuesday, April 12 will be a busy day for people concerned with computer security. They will be releasing five security bulletins for Windows, at least one of which will have a Critical Rating. There will be one Critical bulletin for Microsoft Office, one Critical Bulletin for Microsoft Messenger, and one Critical Bulletin for Microsoft Exchange. They will also release an update of the Microsoft Windows Malicious Software Removal Tool via the Windows Update and the Download Center. After their release, they will be covered in the BugBlog and/or the BugBlog Plus.

Today's BugBlog Plus has five more bugs and fixes for Apple, Cisco, IBM and Microsoft.

4/7/2005 Print Preview Breaks Access 2002

If you do a File, Print Preview command in Microsoft Access 2002, and then go to the OfficeLinks list and click Publish It with Microsoft Word, you may break both the Open and Design options for your Microsoft Access objects. Microsoft has a hotfix for this, which will be in a future Office service pack. Can't wait for the fix? Contact Microsoft Technical Support and ask for the Access 2002 post-Service Pack 3 hotfix package dated 3/3/2005. Note that you may get charged for this call. More information about the fix is at http://support.microsoft.com/?kbid=895469.

4/6/2005 More disguises for Trojan Horse Programs

The Internet Storm Center has issued a warning about Trojan horse programs hiding within Web "postcards". You may get an email message that says something like "You have received a virtual postcard from a family member" with a link. Clicking the link will install the Trojan. Another set of threats may come masqerading as a greeting card from a legitimate card company such as Blue Mountain or American Greetings. (That's just great -- now I'll have to go back to buying snail-mail cards.) Read more about this at http://www.computerworld.com/securitytopics/security/story/0,10801,100874,00.html

Today's BugBlog Plus has eleven more bugs and fixes for Apple, iD, Mandrake, Microsoft and Novell.

4/5/2005 JavaScript Bug in Mozilla

There is a bug in the JavaScript engine of Mozilla Firefox 1.x and also Mozilla 1.7. This bug may allow heap memory to be exposed; this memory may contain sensitive information that could lead to further attacks. You can read the workings of Mozilla.org as they fix this at https://bugzilla.mozilla.org/show_bug.cgi?id=288688; apparently, part of this bug stretches back to 1997. They have a fix, but it has not yet been released. The bug was reported by Secunia at http://secunia.com/advisories/14820/ from Russian sources. UPDATE: Fixed in the Firefox 1.0.3 update on 4/16

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, Cisco,and Microsoft.

4/4/2005 Adobe Acrobat Discloses File Existence

Adobe Acrobat 7.0 and earlier, and the Adobe Reader 7.0 and earlier have a bug in the way they interact with an Internet Explorer ActiveX control. If this control is invoked directly by a webpage, an attacker may be able to learn whether certain local files exist. This will only happen on a computer that is running Microsoft Internet Explorer. According to Adobe, the file contents are not exposed. This has been fixed in the Adobe Acrobat and Acrobat Reader 7.0.1 update.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, Lotus, Microsoft, and Sun Microsystems.

4/1/2005 April's Bug of the Month

The April Bug of the Month is the potential denial of service attack against Norton Antivirus.

4/1/2005 A Bogus Directory?

If you go to http://blogs.pcworld.com/techlog/archives/000591.html, you will see a very telling example that maybe, just maybe, not everything on the Internet is on the up and up. At the very least, it shows you one place you shouldn't go to look up a name and phone number.

Today's BugBlog Plus has five more bugs and fixes for Microsoft, Novell, and Symantec.

3/31/2005 Windows Server 2003 SP 1 Released

Microsoft has released Windows Server 2003 Service Pack 1. In terms of bug and security fixes, Microsoft describes this as the server-equivalent of Windows XP Service Pack 2. You can both download it, or read much more about it, at http://www.microsoft.com/technet/prodtechnol/windowsserver2003/servicepack/default.mspx. One important thing to note -- if your computer has a custom Hal (Hardware Abstraction Layer, not the computer from 2001) be sure to read the Release Notes to see how to handle the customization.



| June 05 | May 05 | Apr 05 | Mar 05 | Feb 05 | Jan 05 | Dec 04 | Nov 04 | Oct 04 | Sept 04 | Aug | July 04| June 04 | May 04 | April 04 | Mar 04 | Feb 04| Jan 04 | Dec 03 | Nov 03 | Oct 03 | Sept 03 | August 03 | July 03 | June 03 | May 03 | April 03 | March 03 | February 03 | January 03 | December 02 | November 02

Home | Contact | Writing | Online | News | Tips | CABE |

© 2005 BJK Research LLC