Important service change regarding Twitter with Widows Live‏

Social Networking has become not only a popular way for friends to communicate. It is also a great means of sharing information. I have found that I generally get technical news and information faster via Twitter than my large collection of RSS feeds.

For Windows Live users who have not seen the announcement, effective June 30, 2010, twitter posts will no longer be imported from Twitter and shared with your Windows Live Messenger friends. Following is the e-mail notice from the Windows Live Team Newsletter:

"Dear Windows Live Customer,

Thank you for connecting your social networks and other services with Windows Live. We are contacting you because you have added your Twitter feed to Windows Live and we want to notify you of an upcoming change.

Beginning June 30, 2010 your tweets will no longer be automatically imported from Twitter and shared out to your Windows Live Messenger friends due to policy changes made by Twitter. We are working hard with Twitter to make this service available again and apologize for any inconvenience this may cause you.

We remain focused on making Hotmail, Messenger, and your PC with Windows great companions to social networks and other services. This change has no impact on your ability to connect Windows Live with our other 75+ other social networks and other service partners, which include Facebook, LinkedIn, MySpace, Flickr, and more.

Sincerely,

The Windows Live Team"

Clubhouse Tags: Clubhouse, Microsoft, Windows Live, Windows Live Messenger, Instant Messaging, Twitter, Information,

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Online Armor sold to Emsisoft

Yes, it is true. Mike Nash confirmed in his blog post today that he sold the popular software firewall, Online Armor, to Emsisoft. Many followers of Security Garden will remember when Scot Finnie named Online Armor 2.1 as the Best Firewall Software of 2008.

Online Armor has remained a popular and excellent product. In fact, it is one of the two software free-for-personal use firewall products that I recommend.

On behalf of Emsisoft CEO, Christian Mairoll, Mike provided the following information for Online Armor customers:

• "Product editions will stay untouched. Freeware edition will not end of course.
• Website remains on www.online-armor.com, but we'll have to move everything away from tallemu.* domains soon.
• Forum remains, but moved to support.online-armor.com

Which kind of benefits does Emsisoft expect from the deal then? As part of a much larger development team (8 at Emsisoft so far), OA development can progress faster. Sharing knowledge internally is a very important factor for speed and quality of the produced software.

With the existing marketing and sales force at Emsisoft, we want to spread the name about OA much more. It's a great product, winning tests, but we need to tell everybody about it to make it grow.

On the long run, we have plans to create some kind of a suite product. It's gonna be a completely new product most likely. But things are not finally decided yet."

I wish Mike and Tall Emu success in the flexible CRM system, developed for corporate customers.

References:

• Online Armor sold to Emsisoft
• Emsisoft acquires Online Armor! (PDF)

Clubhouse Tags: Clubhouse, Firewall, Security, Information,

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Bing Search Engine Statistics

When reviewing the visitor statistics for Security Garden, I have been noticing a steady increase in visitors resulting from Bing searches.

Although the bar graph below is from U.S. visitors, I noticed today that the results from Bing.com overshadowed those from Google.com.


Thus far, international visitors to Security Garden are not using Bing for their locale and are staying with Google. To set Bing to your part of the world go to the Bing Worldwide page. To change your display language, go to preferences.

Clubhouse Tags: Clubhouse, Microsoft, Bing, Search, Information,

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Adobe Reader and Acrobat Critical Security Updates

An Adobe Security Bulletin has been posted to address critical security issues in Adobe Reader and Acrobat, referenced in Security Advisory APSA10-01.

Affected products include both Adobe Reader 9.3.2 and Adobe Acrobat 9.3.2 (and earlier versions) for Windows, Macintosh and UNIX, (and earlier versions) as well as both Adobe Reader 8.2.2 and Adobe Acrobat 8.2.2 (and earlier versions) for Windows and Macintosh.

The Adobe Reader update for Windows is available from here. Download links for Acrobat and Macintosh and UNIX platforms are available from the Security Bulletin. If you elect to uninstall the current version of Adobe Reader and install the updated product, as with Adobe Flash Player, be careful to UNCHECK the box shown below. It is not needed for the update!

Free McAfee® Security Scan Plus (optional)

Free Google Toolbar (optional)

Search Google from any web page, block pop-ups

Learn more | Privacy policy | License

Free McAfee® Security Scan Plus (optional)

The vulnerability in Security Advisory APSA10-01 could cause the application to crash and potentially allow an attacker to take control of the affected system.

Important Note: There are reports that the issue in CVE-2010-1297, addressed in this update, relating to a memory corruption vulnerability that could lead to code execution is being actively exploited in the wild.

Details of the additional mitigations reported in the Security Bulletin are as follows:

• This update mitigates a social engineering attack that could lead to code execution (CVE-2010-1240).
• This update resolves an invalid pointer vulnerability that could lead to code execution (CVE-2010-1285).
• This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-1295).
• This update resolves an invalid pointer vulnerability that could lead to code execution (CVE-2010-2168).
• This update resolves an invalid pointer vulnerability that could lead to code execution (CVE-2010-2201).
• This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2202).
• This update resolves a UNIX-only memory corruption vulnerability that could lead to code execution (CVE-2010-2203).
• This update resolves a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-2204).
• This update resolves an uninitialized memory vulnerability that could lead to code execution (CVE-2010-2205).
• This update resolves an array-indexing error vulnerability that could lead to code execution (CVE-2010-2206).
• This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2207).
• This update resolves a dereference deleted heap object vulnerability that could lead to code execution (CVE-2010-2208).
• This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2209).
• This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2210).
• This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2211).
• This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2212).

Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Updates, Vulnerabilities, Information,

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

v>

Read More

Windows Installer Cleanup Utility Retired

Since its original release, the Windows Installer Cleanup utility has been recommended countless times to resolve installation problems. The utility removed the installation files, not the program, providing the ability to start the process over.

Unfortunately, it was found that the Windows Installer Cleanup utility was could damage some other components of the Windows operating system. As a result, Microsoft removed the Windows Installer Cleanup utility from the Download Center.

In place of the Windows Installer Cleanup utility, Microsoft now provides a Fix it Solution to fully remove Office 2003, 2007 and 2010 suites without damaging other Windows components. The Fix it for Office 2003, 2007 and 2010 is available at http://support.microsoft.com/kb/290301.

Although Major Geeks is still hosting the Windows Installer Cleanup utility, the use is at your own risk since Microsoft no longer supports the utility.

Hat tip, The Windows Club, Microsoft retires Windows Installer Cleanup utility!

References:

• KB 290301: How do I uninstall Office 2003, Office 2007 or Office 2010 suites if I cannot uninstall it from Control Panel?
• Major Geeks: Windows Installer CleanUp Utility 7.2 Download

Clubhouse Tags: Clubhouse, Microsoft, Windows, Office, Information,

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

U.S. Windows Anytime Upgrade Expires July 3, 2010

The Windows Anytime Upgrade (WAU) program in the U.S. will expire on Saturday, July 3, 2010.

In the event you purchased (or are about to purchase within the next few days) a new computer with a lower version of Windows 7, you can upgrade as follows:

• Windows 7 Starter -> Windows 7 Home Premium for $49.99, saving $30.
• Windows 7 Home Premium -> Windows 7 Professional for $79.99, saving $10.

The step-by-step process of upgrading from a lower edition of Windows 7 to a higher edition provided by the Windows Team Blog is follows:

STEP 1:

When a customer launches Windows Anytime Upgrade (WAU) from Windows 7, they are presented with 2 options: purchase a WAU product key online or enter a WAU product key from a WAU retail package purchased in a store.

If a customer has a WAU product key, they will choose "Enter an upgrade key" to proceed with the upgrade.

STEP 2:

Customer will enter their WAU product key.

STEP 3:

The WAU product key the customer entered will be verified as valid.

NOTE: Step 2 and 3 do not happen for people who choose to purchase a WUA product key online. The process of buying a WUA product key automates these 2 steps and takes you directly to Step 4 after the purchase. After making a WUA purchase online, you are given the ability to print out a receipt and are also sent a copy via email.

STEP 4:

Customer will accept license terms to proceed.

STEP 5:

Customer will be asked to save their work and close all programs. To proceed, the customer will click the "Upgrade" button.

STEP 6:

The upgrade takes place! The customer's PC will reboot.

STEP 7:

The upgrade finishes and the customer is now running the version of Windows 7 they upgraded to with all its features!

References:

• WAU Now
• The Windows Anytime Upgrade Experience for Windows 7

Clubhouse Tags: Clubhouse, Microsoft, Windows, Windows 7, How-To, Information,

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Microsoft Security Essentials Version Update

Microsoft Security Essentials (MSE) has been updated to Version 1.0.1963.0. As indicated in Microsoft KB Article 975959, notification of the update can take several forms:

"You are prompted to do this through the Microsoft Security Essentials user interface, through a pop-up window, or through a "toast" message. Additionally, you may notice an "Important" or "High priority" download, Microsoft Security Essentials Client update package - KB2254596, on Microsoft Update (http://www.update.microsoft.com) that offers an upgrade to the latest version of Microsoft Security Essentials."

To ensure that you have the current version, launch MSE. Click the down arrow by Help (located in the right-hand corner) and select "About Microsoft Security Essentials". If the version number does not match 1.0.1963.0, the updated version can be obtained from the Microsoft Download Center: Microsoft Security Essentials.


Clubhouse Tags: Clubhouse, family, security, How-to, antivirus, Updates, Information

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Mozilla Firefox 3.6.6 Update

Mozilla released Firefox version 3.6.6 which modifies the crash protection feature, added in Firefox 3.6.4. The update increases the amount of time that plugins are allowed to be non-responsive before being terminated.

Note: there was no Firefox version 3.6.5.

The purpose of the crash protection feature is to provide uninterrupted browsing for Windows and Linux users when there is a crash in the Adobe Flash, Apple Quicktime or Microsoft Silverlight plugins. The default timeout in Firefox version 3.6.4 was set to 10 seconds. Apparently, this was too short, particularly for some Facebook Flash-based games such as FarmVille and Mafia Wars.

The default timeout in Firefox 3.6.6 was increased to 45 seconds. If you are still experiencing problems with the default timeout not being long enough, Mozilla provided instructions to disable the hang protection:

"You can disable hang protection to prevent Firefox from killing a hanging plugin process, regardless of how long it's taking. Crashes in the plugin will still be caught and will not terminate the browser process.

1. In the Location bar, type about:config and press EnterReturn.
   • The about:config "This might void your warranty!" warning page may appear. Click I'll be careful, I promise!, to continue to the about:config page.
2. The about:config page should appear. In the Filter box, type dom.ipc.plugins.timeoutSecs
3. Double click the setting and change the number to -1 to disable hang protection.

If not prompted to update, existing Firefox users can update via Help > Check for Updates.

References:

• Release Notes

Clubhouse Tags: Clubhouse, Updates, Information






Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Mozilla Firefox 3.6.4 Update

Mozilla released Firefox version 3.6.4 which includes a feature to provide uninterrupted browsing for Windows and Linux users when there is a crash in the Adobe Flash, Apple Quicktime or Microsoft Silverlight plugins.

In addition, the following security updates were included, with the last four listed fixes identified as Critical:

Fixed in Firefox 3.6.4

• MFSA 2010-33 User tracking across sites using Math.random()
• MFSA 2010-32 Content-Disposition: attachment ignored if Content-Type: multipart also present
• MFSA 2010-31 focus() behavior can be used to inject or steal keystrokes
• MFSA 2010-30 Integer Overflow in XSLT Node Sorting
• MFSA 2010-29 Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
• MFSA 2010-28 Freed object reuse across plugin instances
• MFSA 2010-26 Crashes with evidence of memory corruption (rv:1.9.2.4/ 1.9.1.10)

If not prompted to update, existing Firefox users can update via Help > Check for Updates.

References:

• Release Notes
• Complete list of Changes
  

Clubhouse Tags: Clubhouse, Security, Vulnerabilities, Updates, Information






Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Micrsooft Fix it Available for Windows Help & Support Vulnerability

Last week, Microsoft released Security Advisory 2219475, addressing a vulnerability in the Windows Help and Support Center function in Windows XP and Windows Server 2003. Microsoft updated the Executive Summary of the Security Advisory after becoming aware of limited, targeted active attacks that use the published proof-of-concept exploit code. Note that based on the samples analyzed, Windows Server 2003 systems are not currently at risk from the attacks.

Fix it

For anyone using an operating system affected by the Windows Help and Support Center vulnerability, Microsoft released KB Article 2219475, "Vulnerability in Help Center could allow remote code execution". The KB Article which includes a Fix it solution to protect computers from the vulnerability. Also included is an "undo" Fix it to reverse the process after a security update has been released addressing the issue.

Click the Fix it image above or go to Microsoft Fix it to download the wizard to fix this problem automatically.


Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Vulnerabilities, Information,

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Windows Live Hotmail

The Windows Live Hotmail Team has good reason to celebrate. Microsoft has started rolling out the “new Hotmail” features. Because the Hotmail servers are grouped into hundreds of clusters, and only one cluster is upgraded at a time, the migration is not expected to be complete until the end of summer (winter in the Southern Hemisphere!). If you do not see the new features yet, please be patient. They will be coming your way soon.

Initially, there are some features, like the integrated Office Web Apps and the ability to send files via SkyDrive, that are available only in certain countries. For example, the US, Canada, UK, and Ireland are receiving Office integration first and it will be rolled out to other countries later this year.

Some of the enhanced features of Windows Live Hotmail include the new Sweep menu, freshly integrated Office Web Apps, via SkyDrive, new attachment limits up to 10 GB, and the ability to create and send photo albums right from Hotmail.

However, I am most interested in the improved security features, briefly described below. For more detailed information on the improved security features as well as the other new features in Hotmail, see What's new in Hotmail.

Trusted senders

One feature I am particularly looking forward to is the "Trusted Sender". This feature visually identifies legitimate mail from about 100 senders, mostly financial institutions like banks, that are commonly spoofed by identity thieves.

Account security information

The new Hotmail encourages you to increase the security of your account by adding security information that you can privately associate with your Hotmail account. For example, you can use your cell phone or other items as proof of account ownership. Then, should a problem arise with your account, you can be sent an account recapture code via an SMS message or enable regaining account access.

Single-use codes

For times when you will be using a public computer (i.e., at an internet cafe, airport, coffee shop), All it takes is clicking "request a code", and a one-time use authentication code will be sent to a private proof point (mobile phone or alternate e-mail address). By using a single-use code on a public computer instead of your password, you avoid the chances of it being stolen by key-loggers.

Full-session SSL

The new Hotmail will soon support the option to maintain SSL encryption between you and Microsoft servers during the entire Hotmail session.

References:

• The new Hotmail is rolling out now!
• Office Web Apps
• What's new in Hotmail
• Windows Live SkyDrive
  

Clubhouse Tags: Clubhouse, Windows Live, Hotmail, Security, Office Web Apps, SkyDrive

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Microsoft Security Advisory (2219475)

Microsoft released Security Advisory 2219475, addressing a vulnerability in the Windows Help and Support Center function in Windows XP and Windows Server 2003. One of Google’s security researchers publicly released vulnerability details as well as a working exploit for the vulnerability. Microsoft is not aware of any active attacks at this time.

Because Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2 do not include the Help and Support Center application, they are not vulnerable to this issue or at risk of attack.

Important Note from the Security Research & Defense Team:

"The full-disclosure advisory included a hotfix tool built by the Google security researcher. Unfortunately it is ineffective at preventing the vulnerable code from being reached and can be easily bypassed. We recommend not counting on the Google hotfix tool for protection from the issue."

For an effective workaround, please see the information provided in Microsoft Security Advisory (2219475).


Affected Software

• Windows XP Service Pack 2 and Windows XP Service Pack 3
• Windows XP Professional x64 Edition Service Pack 2
• Windows Server 2003 Service Pack 2
• Windows Server 2003 x64 Edition Service Pack 2
• Windows Server 2003 with SP2 for Itanium-based Systems

References:

• MSRC Blog: Security Advisory 2219475 Released - The Microsoft Security Response Center
• Security Research & Defense: Help and Support Center vulnerability full-disclosure posting
• TechNet: Microsoft Security Advisory (2219475): Vulnerability in Windows Help and Support Center Could Allow Remote Code Execution

Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Vulnerabilities, Information,

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Security update available for Adobe Flash Player

An Adobe Security Bulletin has been posted to address critical security issues in Adobe Flash Player, referenced in Security Advisory APSA10-01. This Security Bulletin affects Flash Player versions 10.0.45.2 and earlier, as well as AIR versions 1.5.3.9130 and earlier.

Although Adobe suggests downloading the upate from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted, the fastest method is the direct download:

• IE: http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player_ax.exe
• Non-IE (Opera, Firefox etc) http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player.exe

If you use the Adobe Flash Player Download Center, be careful to UNCHECK the box shown below. It is not needed for the Flash Player update!

1 MB

Free McAfee® Security Scan Plus (optional)

Free Google Toolbar (optional)

Search Google from any web page, block pop-ups

Learn more | Privacy policy | License

Free McAfee® Security Scan Plus (optional)

Verify Installation:

To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. Do this for each browser installed on your computer.

Details: from the Security Bulletin:

Release date: June 10, 2010

Vulnerability identifier: APSB10-14

CVE number: CVE-2008-4546, CVE-2009-3793, CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, CVE-2010-2187, CVE-2010-2188, CVE-2010-2189

Platform: All Platforms

Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Updates, Vulnerabilities, Information,

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

June 2010 Security Bulletin Release

Microsoft released 10 bulletins to address 34 total vulnerabilities in Windows, Microsoft Office (including SharePoint), Internet Explorer (IE), Internet Information Services (IIS), and the .NET Framework.

Only three of these bulletins get our maximum severity rating of Critical, described at the MSRC Blog as follows:

• MS10-033 is a remote code execution vulnerability in both Quartz.dll and Asycfilt.dll and is rated Critical on all supported versions of Windows. Specially crafted media files could trigger the vulnerability when a user visits a web page or opens a malicious file.
  
  
• MS10-034 is a cumulative update for ActiveX Kill Bits and is Critical on Windows 2000, XP, Vista, and Windows 7. There are two Microsoft controls we are applying Kill Bits for. Those are the Internet Explorer 8 Developer Tools control, and the Data Analyzer ActiveX control. The latter control is not installed by default. In addition, there are Kill Bits for four third-party controls. Please review the bulletin for additional details.
  
  
• MS10-035 is a cumulative update for Internet Explorer. Of the six vulnerabilities addressed in the bulletin, only one, an information disclosure vulnerability, is publicly known. This issue was identified in Security Advisory 980088. We remain unaware of any active attacks against this vulnerability.

The seven remaining bulletins were rated Important:

Microsoft Security Bulletin MS10-032

Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (979559)

Microsoft Security Bulletin MS10-036

Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution (983235)

Microsoft Security Bulletin MS10-037

Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Elevation of Privilege (980218)

Microsoft Security Bulletin MS10-038

Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452)

Microsoft Security Bulletin MS10-039

Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554)

Microsoft Security Bulletin MS10-040

Vulnerability in Internet Information Services Could Allow Remote Code Execution (982666)

Microsoft Security Bulletin MS10-041

Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343)

References:

• MSRC: June 2010 Security Bulletin Release
• TechNet: Microsoft Security Bulletin Summary for June 2010

Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Updates, Vulnerabilities, Information,

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Adobe Flash/Reader Vulnerability Mitigation Options

Reports are that exploitation of the critical vulnerability in Adobe Flash player is growing rapidly. This vulnerability can also be vectored through malicious PDF files to invoke Flash.

Although Adobe has reported that Flash version 10.1 does not appear to be vulnerable to this attack (available from Adobe Labs), this is a release candidate and not the final version. Of course, that is the option suggested by Adobe but many people prefer not to run beta or RC software on their computer systems. Personally, I prefer to take a different route.

For people who use Internet Explorer, I recommend disabling Flash with WinPatrol. Merely launch WinPatrol, select the ActiveX tab and click the Shockwave Flash Object. Click Disable and Yes to the WinPatrol warning:


If you use Firefox, with the NoScript Firefox extension, Flash can be executed only by trusted websites of your choice. However, even with NoScript installed, I recommend disabling the Shockwave Flash plugin:


I long ago left Adobe Reader behind, uninstalling it from all my computers. I prefer Sumatra PDF. Although the bright yellow background is a bit harsh to my liking, Sumatra PDF is a clean, light-weight PDF reader that just works. It has no undesirable toolbars, does not write to the registry and can be run from an external USB drive. Other open source PDF Readers are available from http://pdfreaders.org/.


Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, WinPatrol, Vulnerabilities, Information,

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Security Advisory: Adobe Flash Player, Adobe Reader and Acrobat

Security Advisory CVE-2010-1297 has been posted due to a critical vulnerability in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems. The advisory includes the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems.

This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat.

Adobe's Product Security Incident Response Team (PSIRT) has confirmed that the 8.x versions of Adobe Reader and Acrobat are not vulnerable in this instance. However, there are other vulnerabilities affecting the 8.x versions. The PSIRT also reports that the Flash Player 10.1 Release Candidate does not appear to be vulnerable.

Release date: June 4, 2010
Vulnerability identifier: APSA10-01
CVE number: CVE-2010-1297

References:

• PSIRT: Security Advisory for Flash Player, Adobe Reader and Acrobat
• Adobe Security Advisories: Security Advisory for Flash Player, Adobe Reader and Acrobat

Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Updates, Vulnerabilities, Information,

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

June 2010 Bulletin Release Advance Notification

On June 8, 2010 Microsoft is planning to release ten (10) new security bulletins addressing 34 vulnerabilities. As described at the MSRC Blog:

• Six of the bulletins affect Windows; of those, two carry a Critical severity rating and four are rated Important.
• Two bulletins, both with a severity rating of Important, affect Microsoft Office.
• One bulletin, again with a severity rating of Important, affects both Windows and Office.
• One bulletin, with a severity rating of Critical, affects Internet Explorer.

The bulletin summary is below.

Security Advisory 983438 (Vulnerability in Microsoft SharePoint Could Allow Elevation of Privilege) will be closed with the June bulletins. Also addressed will be Security Advisory 980088 (Vulnerability in Internet Explorer Could Allow Information Disclosure).

==================================
NEW BULLETIN SUMMARY
==================================
Bulletin ID: Bulletin 1
Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft Windows
----------------------------------
Bulletin ID: Bulletin 2
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows
----------------------------------
Bulletin ID: Bulletin 3
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows
----------------------------------
Bulletin ID: Bulletin 4
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Internet Explorer
----------------------------------
Bulletin ID: Bulletin 5
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office
----------------------------------
Bulletin ID: Bulletin 6
Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: May require restart
Affected Software: Microsoft Windows
----------------------------------
Bulletin ID: Bulletin 7
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office Excel, Microsoft Office Compatibility Pack, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac.
----------------------------------
Bulletin ID: Bulletin 8
Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: May require restart
Affected Software: Microsoft Office InfoPath 2003, InfoPath 2007, SharePoint Server 2007, and Windows SharePoint Services 3.0.
----------------------------------
Bulletin ID: Bulletin 9
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows
----------------------------------
Bulletin ID: Bulletin 10
Maximum Severity Rating: Important
Vulnerability Impact: Tampering
Restart Requirement: May require restart
Affected Software: Microsoft Windows
----------------------------------

References:

• MSRC Blog: June 2010 Bulletin Release Advance Notification
• TechNet: Microsoft Security Bulletin Advance Notification for June 2010

Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Updates, Vulnerabilities, Information,

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Kid-Safe Cool Applications and Websites

When I was growing up, before going outside to play, parental instructions were, "Be home by dark" and "Don't talk to strangers". That was before the computer age and was a time when parents depended on school teachers to teach their children in reading, writing and arithmetic.

We live in a much different world today. Before beginning school, children not only know their ABC’s but most also have basic reading and number recognition skills. Parents (or grandparents, aunts or uncles) looking for kid-safe learning games may be interested in ItzaBitza or kidthing.

ItzaBitza is a kids learning game from http://sabigames.com/kids-games/itzabitza/. It has a target audience of kids ages 4 to 8. The program is listed at $19.99 and is compatible with Windows XP, Windows Vista, and Windows 7.

The free content available from ItzaBitza includes Let’s Read!PDF (1.5MB), by Dr. Diana Sharp with creative ways to plant seeds of a lifelong love of reading in your child. Also available is Sketchy Adventures PDF (2.1MB):

The Sketchies are waiting to go on an adventure with you and your child! Each adventure is designed to engage your child in using their creativity and imagination to come up with their own endings.

The ItzaBitza drawing games are intended to allow kids to interact with their drawings. As kids play, they are using creative thinking, problem solving, and reading comprehension skills.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Kids play, read, learn safely online and more from http://www.kidthing.com/. The suggested age ranges of the kidthing products range from 3 to 11. The store has categories by age as well as school levels Pre-K and Elementary.

The kidthing player is free to download and includes a few free things not only to get you started but also to evaluate if it will suit your child. The products at the kidthing store cost between $ .99 and $ 7.99. kidthing is compatible with Windows XP, Windows Vista and Windows 7.

kidthing™ was formed with a single goal in mind - create a new platform that keeps kids safe while using the Internet to have fun learning, sharing and getting to know the world around them.

The company was founded by a team of experienced business people, technologists, and designers. We all have kids and are just as worried about them surfing websites as you are about yours.

kidthing leverages the power and global reach of the Internet to deliver fun and engaging content to kids everywhere, yet keeps them off of the World Wide Web and all of the inappropriate and potentially harmful things that they can encounter there.

As your children begin to explore the computer and the Internet on their own, it is important for parents and family members to have the tools to keep them safe. In addition to the resources provided below, an excellent on-line resource for parents and family members is the website, BeWebAware.

Be Web Aware is a national, bilingual public education program on Internet safety. The initiative was developed and supported by Media Awareness Network (MNet), Bell and Microsoft Canada. It includes safety tips by age, information for parents on cyberbullying, privacy, gaming, marketing aimed at kids, and much more.

A Small Selection of Kid-Safe Websites and Activities

• Cool Math Games
• NASA for Kids
• National Geographic For Kids
• Online and Downloadable Educational Freeware
• PBS Kids
• Scholastic for Kids
• Smithsonian for Kids
• Starfall

Child Safety Help for Parents

• Age-based safety tips for kids
• BeWebAware
• Sample family contract for house Internet rules
• 4 steps parents can take to help protect kids online
• Basics to teach kids about the Internet
• Guide to Using Parental Controls
• Resources for Parents, Teachers and Young People

Clubhouse Tags: Clubhouse, Challenge-Apps, Family Safety, Games, Story, Windows Vista, Windows 7,

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

End of Support: Vista SP1, XP SP2, Windows 2000

Windows Vista

Support for Windows Vista without any service packs installed ended on April 13, 2010. Even if you updated Windows Vista to SP1, it is time to install the SP2 update. Windows Vista SP2 includes support for new types of hardware and includes all of the updates that have been released since Windows Vista SP1. See How to Install Windows Vista SP2.

Windows XP

Support is ending for Windows XP SP2 and below on July 13th, 2010. There is, however, a solution for Windows XP users who are not in a position to upgrade to a new operating system. Windows XP SP3 includes all previously released updates and a small number of new updates. It won't significantly change the Windows XP experience. See How to Install Windows XP SP3.

Note:

There is no SP3 for the 64-bit version of Windows XP. If you are running the 64-bit version of Windows XP with SP2, you have the latest service pack and will continue to be eligible for support and receive updates until April 8, 2014.

Windows 2000

Support is also ending for Windows 2000 on July 13th, 2010. I seldom see many people in the forums with Windows 2000 installed on their computers. The few I see are on old computers that have been lovingly maintained by their owner. As they are painfully aware, end of support is rapidly approaching for all versions of Windows 2000. When their Windows 2000 computers are replaced, they are certainly going to have an adjustment to the newest Operating System!

Update: The following resource was recently published by Microsoft, Migrating User Files from Windows 2000 to Windows 7

, described as follows:

The Windows User State Migration Tool (USMT) version 4.0 does not support migrating user state from Windows 2000 to Windows 7—a challenge for organizations wanting to refresh many computers running Windows 2000 while moving users’ files. This white paper and its companion scripts help overcome this challenge by providing a solution that preserves users’ files during deployment.

Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Updates, Vulnerabilities, Information, Service Pack,

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More