January 08, 2004

Microsoft security page

(Reported in the January 8, 2004 issue of the Windows Client Update, an email newsletter from Windows Network and .NET Magazine)

Looks like Microsoft's trying to convince everyone that they're serious about security with this page. I think it's pretty funny, though, that they're running ActiveX on even the entry page.

Posted by tony at 04:49 PM | Comments (0)

Yahoo IM file transfer vulnerability

Another security advisory from Secunia, this time it's a filename buffer overflow in Yahoo's Messenger. It's supposedly addressed in V5.6.0.1358.

Posted by tony at 08:37 AM | Comments (0)

January 06, 2004

Microsoft Word password protection bypass

Secunia reports in this advisory of a way to bypass password protection of Microsoft Word documents. It requires using a hex editor to modify the document but, still, the protection's broken.

Another reason to use PDF?

Posted by tony at 07:21 PM | Comments (0)

January 05, 2004

Woo-hoo -- 802.11g, here I come!

I've been researching 802.11g rigs for a couple of weeks now. The best as far as distance and speed is supposedly the Netgear WGT624 108Mbps router but the 2nd best is the D-Link DI-624 router. Both products run the Atheros chipset which can bond 2 channels together, effectively doubling the data rate from 54 to 108Mbps. No, you don't actually get 108Mbps through the router ... more like 30+Mbps.

Anyway, D-Link has a $40 rebate if you buy both the DI-624 and the DWL-G650. You have to purchase them by the end of the day today (1/5/2004) and they both have to appear on the same invoice. Well, I've been looking at them on Amazon.com for well over a week. This morning they cost a little over $160. This evening they cost around $135. Even if something goes wrong with the rebate, I still feel good about this price.

Should be here in a week or two (I'm too cheap to pay extra for shipping).

Posted by tony at 07:58 PM | Comments (0)

SlickRun updated to V3.0.0.1

One of my favorite utilities, SlickRun has been updated to V3.0.0.1. It's a utility that only an old command-line jockey like myself could love. Hit a hot-key combination and up pops a little window into which you type a string of characters (autocompletion available). If the combination is recognized it'll laumch a command that you specify. Fast. And Slick!

Posted by tony at 07:48 PM | Comments (0)

January 04, 2004

Canon VB-C10R Network Camera Cross-Site Scripting Vulnerability

Reported here by Secunia. It makes sense but, I mean, c'mon! -- scripting vulnerabilities in a webcam?!?

Posted by tony at 08:52 PM | Comments (0)