BugBlog Home
BJK Research Home
BJK Research Home

Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Jump to the BugBlog archives

Dec 06
Nov 06
Oct 06
Sept 06
Aug 06
July 06
June 06
May 06
Apr 06
Mar 06
Feb 06
Jan 06
Dec 05
Nov 05
Oct 05
Sept 05
Aug 05
July 05
Jun 05
May 05
Apr 05
Mar 05
Feb 05
Jan 05
Dec 04
Nov 04
Oct 04
Sep 04
Aug 04
Jul 04
June 04
May 04
Apr 04
Mar 04
Feb 04
Jan 04
Dec 03
Nov 03
Oct 03
Sept 03
Aug 03
July 03
June 03
May 03
April 03
Mar 03
Feb 03
Jan 03
Dec 02
Nov 02


View vintage BugNet coverage here

Cleveland-area blogs*:

Backup BugBlog

Economic Development Futures

Brewed Fresh Daily


Working with Words


Sardonic Views

Filtering Craig

Hotel Bruce


Up Yours

Kevin Holtsberry

Steve Goldberg

Red Wheelbarrow

Anita Campbell

Swerb's Blurbs

Rachel's Law

*there are more blogs in Cleveland, these are just from people I've met or know. Some of the above are actually farther away, but are bloggers I've met here.





Here is the daily bug, incompatibility or other computer problem from the BugBlog

The BugBlog is free- but if you want to help support its existence, subscribe to the BugBlog Plus. A three month subscription is only $5. XML The BugBlog uses monthly archives. All the current April bugs are here. Use the links on the left or below to jump back to past months.

4/30/2006 New Worm Spreads Via Mail, IM

Symantec reports that there is a new worm that spreads through instant messaging as well as email. The W32.Nugache.A@mm worm, after it tries to spread to your contacts, will also open a backdoor on your computer. Read Symantec's advice at http://www.sarc.com/avcenter/venc/data/w32.nugache.a@mm.html. There's also some discussion at the Internet Storm Center at http://isc.sans.org/diary.php?storyid=1300.

Today's BugBlog Plus has five more bugs and fixes for Apple, Macromedia Microsoft, and Novell.

4/28/2006 Vista Will Ship With Half the Firewall Turned Off

Whenever Microsoft ships Windows Vista, it will ship with an improved firewall, one that monitors both incoming and outgoing traffic. The current Windows firewall only monitors incoming traffic which makes it helpless against malware currently on your system, unlike the two-way firewalls in products like ZoneAlarm and Norton Internet Security. That sounds like good news -- except that by default, the outbound monitoring will be turned off. It will be up to the users to make sure they turn it on. (Well, the BugBlog will never run out of things to write about as long as Microsoft is around.)

4/27/2006 Microsoft Rolls Up a Rollup

Microsoft has released the April 2006 Update Rollup for their Windows XP Media Center Edition 2005. While this is a cumulative update, it is a cumulative update to the Windows XP Media Center Edition 2005 Update Rollup 2. I'm pretty sure that this means that this is an update rollup to a previous update rollup. (Why does Microsoft think it necessary to name their updates with all the precision of a Zen koa?) The April 2006 update is at http://support.microsoft.com/kb/914548, and it has links back to the earlier Update Rollup. This appears to be a bugfix update to a lot of the media functions, such as the TV tuner, channel guide, and teletext.

4/26/2006 Microsoft Tries Again With Windows Patch

Microsoft has re-released the MS06-015 Security Bulletin, which is for Windows Explorer on Windows 2000, Windows XP, and Windows Server 2003. This version fixes incompatibility problems the original patch had with the Hewlett-Packard Share-to-Web program and with some older NVIDIA graphics card drivers. If you have installed the original version of this patch, and you don't use the affected products, Microsoft says you don't need to get the newer version. Get it at http://www.microsoft.com/technet/security/bulletin/ms06-015.mspx.

Today's BugBlog Plus has ten more bugs and fixes for Adobe, Apple, Microsoft, Mozilla, and Red Hat.

4/25/2006 InDesign Doesn't Like Borderless Printing

Although you may have a printer that supports borderless printing, it won't work if you print something from Adobe InDesign CS2. You will still get a printout with a white border. Adobe has three different workarounds for this. See http://www.adobe.com/support/techdocs/331949.html to figure out which one may work best for you.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, IBM, and Microsoft.

4/24/2006 Don't Forward Malware with Mozilla Thunderbird

There is a security bug that may hit Mozilla Thunderbird when you forward mail in-line (instead of as an attachment.) Any JavaScript that is embedded in the message may execute. This will happen if you are use the default HTML editor. You can prevent this by switching to plain text mail composition. Better yet, update to Thunderbird, Thunderbird 1.0.8, or the Mozilla Suite 1.7.13 to fix it completely. Mozilla credits Georgi Guninski for finding this bug.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, Hewlett-Packard, Microsoft and Novell.

4/22/2006 Microsoft Tries Again with Windows Explorer Patch

Microsoft will be re-issuing their MS06-015 security patch, which was released on 4/11/06 to patch some critical security holes in Windows Explorer. Unfortunately, the patch also caused some major compatibility problems with third-party applications, including the Hewlett-Packard Share-to-Web service, Sunbelt Software's Kerio Personal Firewall, and older drivers for NVIDIA graphics cards. The revised patch is being tested. Look for it around April 25.

Today's BugBlog Plus has five more bugs and fixes for Apple, Cisco, Linksys, Microsoft and Symantec.

4/21/2006 CiscoWorks Wireless LAN Bugs

There are a couple of bugs in the CiscoWorks Wireless LAN Solution Engine (WLSE). One of them is a cross-site scripting bug that may let an attacker steal administrative privileges on the network. The second may let a local attacker gain access to the underlying operating system. All versions earlier than 2.13 are vulnerable. Cisco has a free fix at http://www.cisco.com/en/US/products/ps6305/products_security_advisory09186a0080667332.shtml.

4/20/2006 NIVIDA Problems With Microsoft Security Patch

A blog posting at the Microsoft Security Response Center says that another incompatibility with the MS06-015 security update has been uncovered. Users with older versions of NVIDIA graphics card drivers may have problems. Newer versions of the driver are OK, so if you have a NVIDIA graphics card, make sure you update your drivers before you install MS06-015. Updates are at http://www.nvidia.com/content/drivers/drivers.asp.

4/19/2006 Oracle Releases Massive Security Patch

Oracle has released a critical patch update that fixes security bugs in many of their products, including: Oracle Database 2,3, 8i, 9i and 10; Enterprise Manager, Application Server, Collaboration Suite, E-Business Suite, and PeopleSoft Enterprise Tools. They have also released a password scanner to look for older Oracle applications that may have been installed with well-known default passwords still in place. Find out more at http://www.oracle.com/technology/deploy/security/pdf/cpuapr2006.html.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, Microsoft and Symantec.

4/18/2006 Microsoft Patch Compatibility Problems

Microsoft's patch for Windows Explorer in MS06-015 is causing compatibility problems with a number of other applications, including those from Microsoft itself. After appling the patch, you may have problems getting to some of the special folders. Microsoft cites My Documents and My Pictures as two of them. They say that you may not be able to open Microsoft Office documents within the My Documents folder, or the Office application may lock up. According to Microsoft, the Hewlett-Packard Share-to-Web software reacts badly with one of the new components, VERCLSID.EXE, applied by the patch. You will need to adjust the behavior of the Share-to-Web software to avoid these problems. See http://support.microsoft.com/default.aspx/kb/918165 for the details.

Today's BugBlog Plus has five more bugs and fixes for Apple, IBM, Novell, Red Hat, and Symantec.

4/17/2006 Intel-Mac Firmware Limitation

If you have an Intel-based Mac and want to install a firmware update, you will have problems if your computer is configured with a non-standard partition scheme. When you try to install, the computer may beep once when you boot it up, but the update won't take place. This affects the Mac Mini (early 2006) Firmware Update 1.0; the MacBook Pro (early 2006) Firmware Update 1.0; and the iMac (early 2006) Firmware Update 1.0. See http://docs.info.apple.com/article.html?artnum=303609 for more.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Microsoft, Mozilla and Opera.

4/14/2006 Mozilla Fixes Critical CSS Bug

There is a bug in the CSS (Cascading Style Sheets) letter-spacing property in Mozilla Firefox, Thunderbird, Mozilla Suite, and SeaMonkey. The bug sets up a heap buffer overflow that a remote attacker with a malicious website could exploit to take over your computer. This has been fixed in Firefox, Firefox 1.0.8, Thunderbird, Thunderbird 1.0.8, SeaMonkey 1.0.1, and the Mozilla Suite 1.7.13. Mozilla credits TippingPoint and the Zero Day Initiative for finding this bug. Get the free updated products at http://www.mozilla.com/products/.

Today's BugBlog Plus has ten more bugs and fixes for Apple, Microsoft, Mozilla and Novell.

4/13/2006 Worm Zaps the Border Patrol

Wired News reports that a major computer outage in the summer of 2005 in the U.S. Customs and Border Protection agency, part of the the Department of Homeland Security, was caused by the Zotob worm. One of the reasons that the worm spread so fast is that a security patch was held back instead of being installed. Read the whole thing at http://www.wired.com/news/technology/0,70642-0.html.

4/12/2006 Top Phishing Schemes (And We Don't Mean BassMasters)

McAfee has a new Threat Center, where they track the top malware, spyware, phishing schemes, and other bad things that may happen to you. You can visit it at http://www.mcafee.com/us/threat_center/. They list the top Phishing scams, which I won't repeat, since it may keep the newsletter from getting past many of your spam filters, but it includes many of the top commercial banks around the world, as well as eBay and PayPal.

Today's BugBlog Plus has five more bugs and fixes for Microsoft from the Patch Tuesday releases.

4/11/2006 Massive Update for Microsoft Internet Explorer

Microsoft has released the latest cumulative security update for Microsoft Internet Explorer. This is a Critical update, and covers IE for Windows 2000, XP, and Server 2003. In addition to all the previous fixes for IE, it also fixes ten new bugs, most of which are Critical, and could allow a remote attacker to take control of your computer. Find links to the update for each version at http://www.microsoft.com/technet/security/Bulletin/MS06-013.mspx, as well as details for each of the bugs. Also check the Credits section to see the eight people who found these bugs for Microsoft.

Today's BugBlog Plus has five more bugs and fixes for Microsoft from the Patch Tuesday releases.

4/10/2006 All About Spam

The BugBlog probably gets ten phishing emails a day alerting me to "fraudulent" activity at my PayPal account. It's relatively easy to see that they are fake, because hovering (but not clicking) any of the links in the email will show that they link just about everywhere but PayPal. A recent posting at the Internet Storm Center, at http://isc.sans.org/diary.php?storyid=1252, compiled a list of places you can report spam, phishing, and other fraud attempts. They also point out http://spamlinks.net, the "anti-spam portal: everything you didn't want to have to know about spam." By the way, I wish I really did have bank accounts at all the "banks" that have recently warned me about fraudulent activity in my accounts.

Today's BugBlog Plus has five more bugs and fixes for Apple, IBM, and Microsoft.

4/9/2006 Worm Comes in Spoofed Email

Symantec says there is a new worm, called MSIL.Letum.A@mm, that may arrive as a spoofed email supposedly from Symantec. The worm is written in Microsoft .NET's Microsoft Intermediate Language (MSIL) and can infect both Windows PCs and Windows Mobile devices, if the .NET framework is present. Updated AV signatures from Symantec will stop it. If you are already infected, see removal details at http://securityresponse.symantec.com/avcenter/venc/data/msil.letum.a@mm.html.

4/7/2006 A Critical Patch Tuesday

Microsoft will be releasing four security bulletins for Windows on Tuesday, April 11. At least one of the bulletins will be labelled Critical. There will also be a security bulletin for Microsoft Office; that one only has a "Moderate" rating.

Today's BugBlog Plus has five more bugs and fixes for Apple, Cisco, and Microsoft.

4/6/2006 HP Lets Outsiders Take a Peek

Hewlett-Packard says that both the HP Color LaserJet 2500 and 4600 Toolbox have bugs that may allow remote attackers to read arbitrary files from your computer. HP has updates that plug the security hole. Find them at http://www.hp.com/go/clj2500_software and http://www.hp.com/go/clj4600_software, under the Download Drivers and Software option. Look for version 3.1.

Today's BugBlog Plus has five more bugs and fixes for Apple, Cisco, Microsoft, and Red Hat.

4/5/2006 Mac OS X Password Bypass

The Mac OS X 10.4.6 update fixes a security problem for the new Intel-based Macintosh computers. Apple says that without the update, someone sitting at the computer can bypass the firmware password and gain access to Single User Mode. The update increases the password security to prevent this. Apple credits David Pugh for finding this bug.

Today's BugBlog Plus has ten more bugs and fixes for Adobe, Apple, IBM, Microsoft, and Red Hat.

4/4/2006 Is Your Computer "Vista Capable"?

Are you wondering if your computer is capable of being upgraded to Windows Vista? (Whenever Vista is actually released, that is.) You can check out the "Windows Vista Capable PC Hardware Guidelines" at http://www.microsoft.com/technet/windowsvista/evaluate/hardware/vistarpc.mspx. You don't want to be anywhere near what the minimums are, however, unless you like seeing your computer sluggishly bogged down.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, Microsoft, Mozilla, and Novell.

4/3/2006 Windows Help You Can Do Without

US-CERT is investigating reports of a security problem in the Microsoft Windows Help File viewer. If you are sent a maliciously designed Help file, and you open it, an attacker may be able to trigger a buffer overflow and run code on your computer. The bad help files would need to be distributed either via a website or an email attachment, and can affect most versions of Windows. See http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-1591 for more information.

Today's BugBlog Plus has five more bugs and fixes for Adobe, Apple, IBM and Microsoft.

4/2/2006 Adobe Wins the Bug of the Month

The bug in the Adobe Macromedia Flash Player is this month's winner. For all the rest of the bugs, remember that it is an honor just to be nominated.

4/2/2006 iPod Screen Gets Stuck

An Apple iPod nano or iPod with video (Fifth Generation) may seem to get stuck on an album art screen or rating screen. This may happen if you press the Center button many times from the "Now Playing" screen. Apple says you can keep this from happening if you wait and let the screen refresh after you hit the Center button. If you were impatient, you can see how to get unstuck at http://docs.info.apple.com/article.html?artnum=303130. In the long-run, upgrade to the iPod 1.1.1 or later software.

3/31/2006 IE Component May Cause Crash

Microsoft says that if the Discuss toolbar is enabled in Microsoft Internet Explorer, on a computer where Microsoft Ofice 2003 is also installed, IE may crash when you first start it up. Microsoft has two workarounds to fix this. The first is a Registry edit; the second is to unregister Owsclt.dll, a COM component that adds the Discuss toolbar. See the details for both at http://support.microsoft.com/kb/915726.



Home | Contact | Writing | Online | News | Tips | CABE |

© 2006 BJK Research LLC