BugBlog Home
BJK Research Home
BJK Research Home

Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Jump to the BugBlog archives

Dec 06
Nov 06
Oct 06
Sept 06
Aug 06
July 06
June 06
May 06
Apr 06
Mar 06
Feb 06
Jan 06
Dec 05
Nov 05
Oct 05
Sept 05
Aug 05
July 05
Jun 05
May 05
Apr 05
Mar 05
Feb 05
Jan 05
Dec 04
Nov 04
Oct 04
Sep 04
Aug 04
Jul 04
June 04
May 04
Apr 04
Mar 04
Feb 04
Jan 04
Dec 03
Nov 03
Oct 03
Sept 03
Aug 03
July 03
June 03
May 03
April 03
Mar 03
Feb 03
Jan 03
Dec 02
Nov 02


View vintage BugNet coverage here

Cleveland-area blogs*:

Backup BugBlog

Economic Development Futures

Brewed Fresh Daily


Working with Words


Sardonic Views

Filtering Craig

Hotel Bruce


Up Yours

Kevin Holtsberry

Steve Goldberg

Red Wheelbarrow

Anita Campbell

Swerb's Blurbs

Rachel's Law

*there are more blogs in Cleveland, these are just from people I've met or know. Some of the above are actually farther away, but are bloggers I've met here.





Here is the daily bug, incompatibility or other computer problem from the BugBlog

The BugBlog is free- but if you want to help support its existence, subscribe to the BugBlog Plus. A three month subscription is only $5. XML The BugBlog uses monthly archives. All the current July bug are here. Use the links on the left or below to jump back to past months.

7/31/2005 Grand Theft Worm, Not Grand Theft Auto

A new worm is circulating on both peer-to-peer networks and instant messaging (IM) networks, disguised as Grand Theft Auto: San Andreas. Instead of the game, you will get the worm called Hagbard.A, which will install itself on your computer, and maybe even install a web server on the computer. This would give the bad guys even more ways to control your computer. The workaround, of course, is to avoid pirated software.

7/29/2005 Cisco Flaw In IPv6 Could Crash Routers

After a dispute that was as much legal as technical, Cisco announced that their Internetwork Operating System (IOS) software, if it is enabled for IPv6, may be vulnerable to a denial of service attack as well as the possibility of running code sent by attackers. This type of attack can only be done from a local network segment, so the threat is somewhat tempered. Cisco has fix information at http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml. This bug was discovered by Michael Lynn, who used to work for Internet Security System, and was discussed at the Black Hat Event in Las Vegas. Read about the legal dispute behind this at

Today's BugBlog Plus has five more bugs and fixes for IBM, Microsoft, Opera and Symantec.

7/28/2005 USB Drivers As A Security Threat

An article in eWeek highlights an upcoming talk at the Black Hat Briefings conference about weaknesses in Windows USB drivers. Buffer overflows in the drivers may let attackers circumvent a locked Windows machine, and gain access to data. To exploit this, you need physical access to the computer so that you can plug in the USB device. Read the article at http://www.eweek.com/article2/0,1895,1840131,00.asp for more about weaknesses that may be inherent in USB design.

7/27/2005 Adobe Bridge is Picky About Its Location

You must install Adobe Bridge in its default location. If you customize and install it somewhere else, Bridge 1.02 may give this error message at startup
Adobe Bridge cannot be used at this time because of licensing restrictions. You must have installed and launched at least one other Adobe application to use Adobe Bridge.
Adobe says to uninstall Bridge, and then re-install it at C:\Program Files\Adobe\Adobe Bridge.

Today's BugBlog Plus has ten more bugs and fixes for Adobe, Apple, IBM, McAfee, Microsoft, Novell and Red Hat.

7/26/2005 Netscape Fixes Security Bugs

The Netscape 8 browser is based on Mozilla Firefox. That means when there's an update to Firefox, a new version of Netscape will be here soon. In this case, it is Netscape, which fixes a number of security problems, as well as a bug in the way that the browser history was being synced between the rendering engines in Netscape. Get the update at http://browser.netscape.com/ns8/download/default.jsp.

Today's BugBlog Plus has five more bugs and fixes for Apple, Cisco, IBM and Microsoft.

7/25/2005 Windows 2000 Rollup Causes Problems for ISS Products

Microsoft says that Windows 2000 SP4 Update Rollup 1 causes incompatibility problems with some products from Internet Security Systems (ISS). This includes RealSecure Desktop 3.6 and 7.0, BlackICE Agent for Server 3.6, and BlackICE PC Protection 3.6. The problem is with some of the older ISS X-Press Updates (XPUs) signature and driver updates. Before installing the Windows 2000 rollup, make sure you have updated your ISS products. See http://support.microsoft.com/?kbid=901159 for Microsoft's side of the story. ISS downloads are at http://www.iss.net/download/.

Today's BugBlog Plus has seven more bugs and fixes for Adobe, Microsoft, Mozilla, and Red Hat.

7/23/2005 Windows Power Savings May Hide iPod

One of the power-savings configuration settings you can make on a Windows laptop computer is turning off the power on the USB bus. If you do that, and then you plug in an Apple iPod, the iPod may not get recognized by the computer. You'll need to turn the power back on by turning off the option "Allow the computer to turn off this device to save power" in the Device Manager. See http://docs.info.apple.com/article.html?artnum=301343 for details on how to do that.

Today's BugBlog Plus has five more bugs and fixes for Adobe, IBM, and Microsoft.

7/22/2005 Another Zlib Patch for Red Hat

Red Hat as another update for zlib, the data compression library that was patched earlier in July. The first patch correctly took care of an overflow in how compressed streams were handled, but new bugs were discovered that could cause a crash when opening PNG or other files. Get the update at https://rhn.redhat.com/errata/RHSA-2005-584.html. Red Hat credits Markus Oberhumer for finding the new bugs.

7/21/2005 Protection For Shared Computers

If you manage a number of shared Windows XP computers, such as in a school or library setting, you may want the Microsoft Shared Computer Toolkit for Windows XP. It is a set of tools and documentation that may help restrict access, protect the hard drive and user profiles, and more. It appears to be aimed at the non-IT pro. In fact, Microsoft says that "... provides far less capability than Active Directory and Group Policy. A customer who uses Active Directory and Group Policy can accomplish everything they could with Windows Restrictions tool and much more." Read more and download the beta version at http://www.microsoft.com/windowsxp/sharedaccess/default.mspx.

7/20/2005 Retreat is Now an Option In Microsoft Office

At one time, you couldn't easily uninstall an update to Microsoft Office. The only way to do it was to uninstall Office completely, and then re-install Office but not the offending update. Of course, you may have other updates that you want to keep, which means you will need to reinstall them. Starting with the Microsoft Word 2002 update, which is in Knowledge Base article 895589 released on 7/12/2005, you will be able to uninstall updates. Or at least you will as long as the computer has Windows Installer 3.0 or 3.1 doing the installation. To see more about the new uninstall capabilities, see http://support.microsoft.com/kb/903771.

Today's BugBlog Plus has ten more bugs and fixes for Adobe, Apple, ATI, Microsoft, and Mozilla.

7/19/2005 My Documents Folder Keeps Popping Up at Start

If the My Documents folder opens up every time you log on to a Windows XP Service Pack 2 computer, then some stray entries for Userinit and PersistBrowsers may have gotten into the Registry. If you don't want this folder to open up automatically, you will need to do a Registry edit. See the details, and important safeguards, at http://support.microsoft.com/?kbid=899865.

Today's BugBlog Plus has five more bugs and fixes for ATI, Apple, Macromedia, Novell and Nullsoft.

7/18/2005 ATI Fixes Warcraft Corruption Bug

ATI says that if you are playing Blizzard Entertainment Warcraft III on a Windows XP computer with an ATI graphics card, rotating your display counter-clockwise 90 degrees may cause display corruption. ATI says they have fixed this in the drivers included in the Catalyst Software Suite 5.7. Until you can get the update, make sure to turn 270 degrees clockwise.

Today's BugBlog Plus has six more bugs and fixes for ATI, Microsoft, and Mozilla.

7/15/2005 Winamp Gets Bugged By Tag

There is another reported vulnerability in Nullsoft Winamp 5. The bug is in the way that ID3v2 tags are handled, with a buffer overflow in the Artist field in the tag. This may allow an attacker to run their code on the victim's computer, if they can create the right kind of malicious file and persuade someone to add it to a playlist and then play it. There is no fix yet. The bug was found by Croatian bug hunters at security.lss.hr. Read their English-language report at http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-07-14. Update 7/19: Look for fix information at http://forums.winamp.com/showthread.php?s=&threadid=221801.

7/14/2005 Bug in Apple Finder is Fixed

In the Apple Mac OS X 10.4.1 Finder, if you choose Show Package Contents several times for the same package, Finder may suddenly crash. (Maybe it just got bored?) Apple says they have fixed this in the Mac OS X 10.4.2 Update. This update also fixes some bugs in the Finder slideshow feature.

Today's BugBlog Plus has six more bugs and fixes for Apple, Mozilla, and Microsoft.

7/13/2005 Mozilla Plugs Third-Party Leak

The Mozilla Foundation says that some third-party media players, such as Macromedia Flash and Apple QuickTime, can run scripts that open the default browser and go to a URL. The default behavior for Mozilla and Firefox is to open that new content in an existing browser window. The new URL would be treated as if it came from the site previously displayed in the browser, and may be able to steal cookies or passwords. An attacker would need luck to exploit this, being dependent on a particular site being open in a browser window. Firefox 1.0.5 fixes this by opening these new URLs in a blank context, so they have no access to data from other websites. See http://www.mozilla.org/security/announce/mfsa2005-53.html for the details on how to change this behavior in earlier versions.

Today's BugBlog Plus has six more bugs and fixes for Apple, Mozilla, and Red Hat.

7/12/2005 Font Parsing Bug in Microsoft Word

There is a bug in the font parsing function of Microsoft Word 2000, Word 2002 and the Microsoft Works suite. A remote attacker can send a poisoned Word document; if a victim opens it, the attacker may gain the same privileges as the victim. Links to patches to the various vulnerable versions are at http://www.microsoft.com/technet/security/Bulletin/MS05-035.mspx. Microsoft credits Lord Yup working with iDEFENSE for finding this bug.

Today's BugBlog Plus has five more bugs and fixes for Microsoft and Six Apart.

7/11/2005 Word to Acrobat Headings Get Jumbled

If you have a Microsoft Word document with multiple headings levels, they may not convert correctly into bookmarks when you turn that document into an Adobe Acrobat PDF file. They say that any additional Level 1 headings, after the first and subsequent Level 2 headings, may get turned into child bookmarks instead of parent bookmarks. Adobe suggests two workarounds, neither of which may be satisfactory. The first is to only convert the top level headings. The second is to go into the Acrobat document and manually fix the messed up headings.

Today's BugBlog Plus has seven more bugs and fixes for Adobe, Apple, IBM, and Microsoft.

7/9/2005 Update Your iPod Instead of Restoring It

Just to make sure everyone understands the difference -- the Apple iPod 2005-06-26 software has new options, Update or Restore. Choosing Update will give you the new iPod software, but leaves your data alone. If you choose Restore, you get the new software, but it erases all the data on your iPod, including your music. If all you see is one choice, Restore, it means your iPod already has the most current version of the software. Get the update at http://www.apple.com/support/downloads/ipodupdater20050626.html.

Today's BugBlog Plus has five more bugs and fixes for Apple, Lotus, and Microsoft.

7/8/2005 The Truth is Out There

Microsoft's AntiSpyware application used to alert you to products from Claria Corporation, labelling them as spyware and recommending that you quarantine them. Some of these Claria products are Dashbar, Gator, PrecisionTime and Weatherscope. The latest version of their AntiSpyware program now suggests that you ignore these applications. Earlier, rumors circulated in the tech press that Microsoft was in talks to aquire Claria. See http://www.eweek.com/article2/0,1895,1834607,00.asp. As a workaround, use Spybot Search and Destroy, or Lavasoft Ad-Aware.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Microsoft, and Red Hat.

7/7/2005 Zlib Bug for Red Hat

Red Hat, along with many other Linux distributions, is releasing an updated Zlib package for Red Hat Enterprise Linux 4. A bug in the Zlib data compression library leads to a buffer overflow that could cause system crashes. Red Hat notes that this only affects Enterprise Linux 4 and the Red Hat Desktop 4, and not earlier releases. They credit Tavis Ormandy for finding this bug. Get the fix at https://rhn.redhat.com/errata/RHSA-2005-569.html.

7/6/2005 Stop Superfluous Server Services

Tech Republic has compiled a detailed worksheet with information on all the services that are in Windows Server 2003. There's about 4 MB worth of information on what services to keep running, and what you can turn off, and the ramifications if you do so. Keeping the unneccesary services off frees up system resources, and will also tighten security. You may not want to accept the spreadsheet as the last word, but it can help you when you make your decisions. Get it at http://techrepublic.com.com/5138-10879-5766252.html.

Today's BugBlog Plus has ten more bugs and fixes for Adobe, Apple, IBM, Microsoft, and Red Hat.

7/5/2005 Searching for an Accent

Microsoft says that if you want to search for a character in Word 2002 or Office Word 2003 that also has a combined diacritic mark, such as an accent above an a or e, as in á or è, the search may fail if you search for just the character, or just the accent mark. Your search needs to be made for both. Microsoft explains how to do this at http://support.microsoft.com/kb/886954.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Microsoft, Novell and Symbian.

7/4/2005 Google Earth Compatibility Issues

If you want to try out the new Google Earth program and you have a Mac or Linux computer, you are out of luck. Google says they are working on a Mac version, but they don't mention Linux. As a general rule, they say that if you have a Windows desktop computer that's more than four years old, or a laptop that's more than two years old, they probably won't be able to handle it. The specific compatibility requirements are at http://desktop.google.com/download/earth/index.html. Also, you are going to need a broadband connection to be able to download all the imagery. This is not suitable for dial-up.

Today's BugBlog Plus has five more bugs and fixes for Apple, IBM, and Microsoft.

7/2/2005 iTunes 4.9 Didn't Eat Your Music

If you upgrade to Apple iTunes 4.9, and then downgrade back to an earlier version, it may appear that all your music has disappeared. It hasn't. iTunes 4.9 upgrades your music library, but saves the old library to a Previous iTunes Libraries folder that should be underneath the new one. It is possible to switch versions of iTunes, you will just have to make sure you find the correct library. Apple shows you how at http://docs.info.apple.com/article.html?artnum=301875.

Today's BugBlog Plus has five more bugs and fixes for Adobe and Microsoft.

7/1/2005 July Bug of the Month Goes to RealNetworks

A series of bugs in the media player software wins the top spot

7/1/2005 Another Threat Against IE

Researchers at SEC-Consult (that's not the Securities and Exchange Commission) say that if you load an HTML document with some embedded CLSIDs, Microsoft Internet Explorer will try to treat them as Active-X controls. Attackers may be able to exploit this to corrupt memory, and possibly run their code on your machine. Microsoft says, at http://www.microsoft.com/technet/security/advisory/903144.mspx, that they are researching this. Until a fix comes out, you may want to tighten security by setting Internet and Local intranet security zone settings to “High”. You can read the original security advisory from SEC at http://www.sec-consult.com/184.html.

6/30/2005 Dell PowerEdge Problem with Windows Server 2003

If you are running Windows Server 2003 on some Dell PowerEdge servers, you may be having Registry problems. Even if you aren't having problems now, Microsoft suggests that the problems are lurking in the background. The problem situation is a Dell PowerEdge with Windows Server 2003 factory-installed, and with one of these disk-drive controllers: Mraid35x.sys; Perc2.sys; A320raid.sys; Aac.sys; Symmpi.sys; Cercsr6.sys; Aarich.sys; Fasttx2k.sys. You can get a hot-fix for this, along with more details, at http://support.microsoft.com/kb/898792.

6/29/2005 Stranger in a Strange Land

Did some recreational reading during the blog break -- here is a review of Stranger in a Strange Land by Robert Heinlein.




| June 05 | May 05 | Apr 05 | Mar 05 | Feb 05 | Jan 05 | Dec 04 | Nov 04 | Oct 04 | Sept 04 | Aug | July 04| June 04 | May 04 | April 04 | Mar 04 | Feb 04| Jan 04 | Dec 03 | Nov 03 | Oct 03 | Sept 03 | August 03 | July 03 | June 03 | May 03 | April 03 | March 03 | February 03 | January 03 | December 02 | November 02

Home | Contact | Writing | Online | News | Tips | CABE |

© 2005 BJK Research LLC