Thanks for BIOS Update Dell.. it’s ready for Vista!; BIOS version A04 for XPS M1210 released

I blogged few days ago on how I wish to try Vista as an upgrade from XP (instead of clean-install).  Unfortunately, the A02 and A03 system BIOS of Dell XPS M1210 notebook is not compatible with Vista upgrade.  Today, Dell released a new BIOS for the said notebook! That was fast Dell.  Thank you! Release Title: BIOS: Dell XPS M1210 System BIOS, Windows XP, English, XPS MXC062, A04Release Date: 10/23/2006Criticality: OptionalDescription: XPS M1210 BIOS A04 File Name File Size Download Time (56K) File FormatMXC62A04.EXE 936 KB 2.2 min Non-Packaged Fixes and Enhancements Enhancements————1. Updated Support for Microsoft Vista. 2. Updated Support for Intel Processor T5200. 3. Improved High Definition Audio … Continue reading Thanks for BIOS Update Dell.. it’s ready for Vista!; BIOS version A04 for XPS M1210 released

Hackers Hiding Browser Attacks

Hackers are developing new software that will help hide browser attack code from some types of security software. The software, called VoMM (eVade o’ Matic Module), uses a variety of techniques to mix up known exploit code so as to make it unrecognisable to some types of anti-virus software. Using these techniques, VoMM "can create an endless number of variants of an exploit," said Aviv Raff, one of the developers behind the project. Full article at http://www.techworld.com/security/news/index.cfm?&NewsID=7128 entitled "Hackers to offer protection against browser attacks" Edit: Changed blog entry title 🙂

Adobe Advisory: HTTP header injection vulnerabilities in Adobe Flash Player

Adobe Security Advisory: HTTP header injection vulnerabilities in Adobe Flash PlayerRelease date: October 18, 2006Vulnerability identifier: APSA06-01CVE number: CVE-2006-5330Platform: All Platforms Adobe is aware of a recently published report of vulnerabilities in Flash Player. These vulnerabilities would allow remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks. This may allow an attacker to disrupt, or insert commands into, some internet or network applications. Affected software versions Adobe Flash Player 9.x, 8.x, and 7.x. The custom-header addition feature was added starting with Flash Player 7, thus Flash Player 6 and earlier are not affected. Solution … Continue reading Adobe Advisory: HTTP header injection vulnerabilities in Adobe Flash Player

Apple admits selling iPods infected with computer virus;Apple Says Virus-Infected iPods Are Microsoft’s Fault

Apple admits selling iPods infected with computer virus The computer and music company Apple has warned that some of its iPod music players may be harbouring a virus. Less than 1 per cent of video iPods sold after 12 September were carrying the RavMonE virus, which affects computers using the Windows operating system, the company said yesterday. The iPods were infected with the virus from a Windows computer at one of its manufacturing plants in China. It will only be activated if the iPod is plugged into a Windows computer, and Apple said that up-to-date anti-virus software should recognise the … Continue reading Apple admits selling iPods infected with computer virus;Apple Says Virus-Infected iPods Are Microsoft’s Fault

Internet Explorer 7 "mhtml:" Redirection Information Disclosure

Affected Software: Microsoft Internet Explorer 7.xA vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an error in the handling of redirections for URLs with the "mhtml:" URI handler. This can be exploited to access documents served from another web site. Secunia has constructed a test, which is available at:http://secunia.com/Internet_Explorer_Arbitrary_Content_Disclosure_Vulnerability_Test/ Secunia has confirmed the vulnerability on a fully patched system with Internet Explorer 7.0 and Microsoft Windows XP SP2. Other versions may also be affected. Solution: Disable active scripting support. http://secunia.com/advisories/22477/

Secunia Capturing European Markets and Enhancing Services in German

Security professionals are constantly challenged to know about new vulnerabilities immediately, their potential risk and impact, and how to eliminate these vulnerabilities in order to avoid attacks on their digital assets. And with a rise in number of vulnerabilities of 77% in the past two years the need is bigger than ever. According to Gartner Inc. the business area for commercial services for vulnerability information is still an immature market. Secunia has for years been established as one of the best providers of vulnerability intelligence. Gartner has previously proclaimed Secunia as being one of the commercial services globally that provide … Continue reading Secunia Capturing European Markets and Enhancing Services in German

Opera Browser Advisory: Very large link addresses can cause Opera to crash

An extremely long link address can cause Opera to crash. A specially crafted long link could cause malicious code to be run on the user's computer. Opera's response: Release 9.02 is not affected by this, and Opera Software recommends users with earlier versions to upgrade. http://www.opera.com/support/search/supsearch.dml?index=848 See also: Opera Software Opera Web Browser URL Parsing Heap Overflow Vulnerability

Internet Explorer 7 is out. It’s a final version.

Microsoft released the final version of their Internet Explorer 7 for Windows XP.  Visit the IE website: http://www.microsoft.com/windows/ie/default.mspx See also announcement from MS at http://blogs.msdn.com/ie/archive/2006/10/18/internet-explorer-7-for-windows-xp-available-now.aspx.  Their press release at http://www.microsoft.com/presspass/press/2006/oct06/10-18IE7WinXPPR.mspx Read the release notes at http://msdn.microsoft.com/ie/releasenotes/default.aspx Updating or Reinstalling Internet Explorer 7 If a previous version of Internet Explorer 7 is already installed, installing the latest version of Internet Explorer 7 will automatically remove the previous version. After the previous version is removed, Setup will automatically restart your computer and then begin installing the new version.

Microsoft Security Advisory (917021)

Microsoft Security Advisory (917021)http://www.microsoft.com/technet/security/advisory/917021.mspxDescription of the Wi-Fi Protected Access 2 support for Wireless Group Policy in Windows XP Service Pack 2Published: October 17, 2006 Microsoft is releasing this security advisory to inform customers about an update that enables Wi-Fi Protected Access 2 (WPA2) support for Wireless network Group Policy settings in Windows XP Service Pack 2. This update is being released to provide parity between Windows XP Service Pack 2 (before a broad release vehicle, like a service pack, is released) and the upcoming release of Windows Server 2003 Service Pack 2. With this update, customers can create Wireless network … Continue reading Microsoft Security Advisory (917021)