Woody's Office Watch #8.50 has more examples of Word docs posted on the web with information stored in them that probably shouldn't be there. Docs from the Department of Homeland Security, the Speaker of the House, Newt Gingrich, the Chief Security Architect from Dell (!) (some of the links will probably be dead or lead to docs that have had the information talked about removed -- at least I hope so!). Names and ids of the folks who edited them are in there as well as the locations of the files on the users' drive, not to mention complete revision histories!
Be careful. Think about what you're doing. Pay attention.
Secunia has released SA10425 which describes a vulnerability in Opera which allows a malicious website to overwrite a file with a simple download operation. The solution? -- upgrade to Opera V7.23.
It's interesting that we see a lot of exploits for non-Microsoft products posted after their solution is available.
This posting to VentureBlog gives some insight into what (at least one) VC is thinking. Some excerpts:
"I frankly think that social networking is close to a zero sum game."
"Relationships are maintained through interaction -- we call, email, have lunch, etc."
"It is conceivable that technology could make us more efficient
and therefore increase our universe of relationships (...) But I
believe that increase is marginal."
In other words the free ride is over. Friendster, LinkedIn, tribe.net and the others need to find some way to provide value or face extinction. This isn't uncommon. First-wave adopters have an advantage of being there (ahem) first but once the "ooo-ahh" has worn off, consumers will turn away unless they have a real reason to stay. It has begun. Within 3 months we'll see the 2nd generation and, hopefully, they'll actually have something to contribute.
... when you cut back. I'm probably "two" hard on them but the editors at Microsoft apparently didn't check this KB article very carefully. For the "two" busy amongst us, read the CAUSE section carefully.
Intel has an online WiFi hotspot finder at http://intel.jiwire.com/index.htm. They say they're verified which is good. Wonder how long it'll last?
Another item from Scot's December 4, 2003 newsletter. He's launched a new Linux site called LinuxPipeline. News, info on applications and distributions. Bunches of stuff that professional Linux folks can use.
Courtesy of the December 4, 2003 issue of Scot's Newsletter -- an excellent newsletter that, unfortunately, isn't published in RSS form.
ZDNet reports on this and you've probably already heard about it but it's one of my worst nightmares -- that an ATM gets infected by a worm. Of course, that begs the question of how the worm got to the ATM in the first place? Wouldn't a responsible bank have the ATMs on an isolated network, firewalled separately from everything else?
eWeek reports that Oracle has issued a High-Severity SSL vulnerability warning, a follow-up to CERT's Advisory CA-2003-26. Looks like there are no viable workarounds so the only option is to apply Oracle's patches from their MetaLink support website.
A long time ago I used McAfee's anti-virus product ... the retail one. Then a few years back I switched to the online version. Their ads and constant attempts to upsell me finally got to me so when it came time to renew this year, I didn't ... even when they said they'd cut the price in half. I went searching for a replacement, tried a couple and wound up with Avast! It's free for personal use and they post frequent updates. You 've gotta get over the fact that you're retrieving your AV updates from a Czech site, though :)
Linux users, listen up! The Debian site was compromised a little while back due to an exposure in the kernel. Secunia has issued this security advisory but it's very recent (as in, dated December 2) against kernels older than 2.4.23. Gentoo, SuSE, Mandrake, Red Hat, Slackware -- as near as I can tell, all of the Linux "vendors" have the problem and are addressing it.
You should also update your rsync package while you're at it.
Saw this in a TechTV newsletter but, for the life of me, I can't find it anymore. Anyway, MoreStuff4Less is in weblog format. It joins eCost and TechBargains on my list of sites to visit for good deals.
Saw a reference to MobileWhack in Dan Gillmor's December 6, 2003 weblog. Great site for information about mobile phones, organizers, etc. This is a tech-heavy site.