On Tuesday, a security researcher disclosed to Bugtraq, a public newsgroup, details of remote execution attacks on some models of Hewlett-Packard laptops. According to the researcher, who is using the name "porkythepig," flaws in HPInfoDLL.dll, one of the ActiveX controls used within the HP Info Center, could allow remote attackers to target the laptop and also execute registry changes on the compromised machine.
As of Wednesday, HP has not offered a response.
The scenario within the disclosure suggests that an attacker could lure a victim to a specially created Web site. When viewing the Web site in Internet Explorer, the ActiveX control within the HP Info Center could be compromised. If the victim uses a browser other than Internet Explorer, the browser would still call Internet Explorer to handle the ActiveX component on the specially created Web site.
Once a machine is compromised, an attacker could then install malware, change registry information in preparation for a more sophisticated attack, use the machine in a denial-of-service attack on itself or another target, or steal sensitive data from documents on the compromised machine.
A list of potentially vulnerable HP laptop models can be found in the full disclosure posted on BugTraq. To see whether your particular HP laptop is vulnerable, the researcher also provided a Web site (use this link at your own risk).
Whatever happened to open-source projects being released according to development readiness, rather than an arbitrary release schedule?
Mozilla seems to have forgotten this, with The New York Times reporting that the upcoming Firefox 3.0 set to ship with only 20 percent of its remaining 700 "blocker" (serious enough to justify postponing a release) bugs resolved before it ships.
Of course, Mozilla has already fixed over 11,000 bugs, according to Mozilla developer Asa Dotzler. Even so, that doesn't answer the apparent fact that the Firefox development community is planning to ship a product before a wide range of known blocker bugs are resolved. (Firefox 3 meeting notes can be perused here.)
For now, the mountain to climb appears quite high, as The New York Times notes:
As Mozilla pushes to post Beta 1 of Firefox 3.0, it has asked developers to prioritize already-identified bugs so that the most important can be fixed. But according to notes of yesterday's Firefox 3.0 status meeting, that will leave about eight in 10 bugs untouched.
... Read more
After discovering two weeks ago that the latest version of Excel had a problem with math, the software maker said the spreadsheet is once again ready to resume its spot at the head of the class.
Late Tuesday, Microsoft posted patches to its Web site that fix the arcane math flaw in Excel 2007 and Excel Services 2007.
"Thank you for your patience," Microsoft's David Gainer said in a blog posting announcing the fix.. The bug caused the software to display improper results when calculating numbers around 65,535 and 65,536. The company said the fix will be offered soon through Microsoft Update so that users can get the patch automatically without having to go to Microsoft's site.
It will also be part of the first service pack for Office 2007, though Microsoft isn't saying when that will arrive.
As I said last week in my post about Apple's iPod announcements, I ordered a new 160GB iPod classic as soon as the Apple Store was back online.
It arrived today (Monday)--five days later, from Shanghai--with my custom engraving. I think that's pretty darn excellent.
The iPod packaging has gotten a lot smaller. A box the size of those that contained my first two iPods (a third-generation model, then a fourth-generation iPod when the third-gen model died) could probably hold about six of the new iPod classic packages. I saw the new iPod nano packaging at a local Apple Store this evening, and it's much smaller--and very cool, since it presents the iPod itself under ... Read more
I'd like to think of myself as a patient type. The iPhone's numerous crashes, bugs and quirks have been noted here and there. Applehound does a good job of compiling them, some of which I've yet to experience. What I have experienced, though, is an increasing amount of lag and, well, my iPhone is "cracking out" a lot more recently than it did a couple of weeks ago. Performance is down.
This begs the question, is it time to drop the "r-bomb"? That is, to restore or not to restore? My friend Zach said his friends at the Apple Store in San Francisco said simply to "restore" the iPhone and reinstall and re-sync the dang thing. This is all well and good, but with a PC machine I'm not too sure that all my wonked out Windows settings will again translate to the iPhone. Plus, having to reconfigure the e-mail settings, making sure all my contact information is preserved, and saving all those SMS messages.... Not to mention the time it will take to transfer all my music, movie and other files over to the iPhone again. (OK, I'm sounding Pollyanna-ish, but still, it's a hassle.)
What to do? Argh!
Being a PC person, I've encountered the dreaded "blue screen of death."
I've never seen a comparable thing on Apple products. (I have heard of the sad Mac face, or the sick iPod face.) So, much to my surprise, starting a couple days ago I noticed what appeared to be a "black screen of death." Everything stops working. The time bar at top is there, but the rest of the screen is black. No touching. No prodding of the home key. No pressing of the upper right key will get the thing working again.
Maybe it was the jinx of the upcoming Friday the 13th, I thought. But then after a Google search I see that others have noted the same thing happening to them. Various attempts to reset the iPhone work, but I've had to "hard" reset it a couple of times in the past few days and that doesn't necessarily "reset" the iPhone as much as unlock it.
Weird. Anyone else see this?
This leads me to ask: Apple, where art thou version 1.1?
The Web is filled with folks coming up with makeshift solutions from paper clips to cutting plastic away from headphones for some of the issues I've written about here.
For example, my friend Patrick, otherwise known as "he who waited hours in the iPhone line with me," agreed with my observations about previous generation iPod accessories that, on first glance, don't work with the iPhone. (He also had to wait three days in limbo for his iPhone to activate after being ported from Nextel while his wife's phone worked instantly, but that's another story he can tell you, complete with colorful metaphors.)
Me and Pat at the end of our iPhone wait in San Francisco
Pat, being the persevering type noted:
"I've noticed and been trying out some of the old iPod accessories that I have in the house/car and I've come to some conclusions. For example, I was so psyched to think that the [factory-installed] BMW (glove compartment) adapter would be a two-in-one-charger for my car and an iPod connector. Not sure if you've seen the 'not compatible' notification on the iPhone, but some of the old iPod accessories actually work in the 30-pin dock connector if you opt to switch to Airplane mode. Pretty cool. So, at first I was let down that I couldn't use some old accessories, but actually, you'll just have to send all of your callers to voice mail if you want to listen to your music in the Beemer and/or the bathroom on your Bose SoundDock."
Airplane mode, intriguing. This may well serve as a legitimate excuse to avoid those calls you don't want to take. Hrmm. Thank you Apple for a new reason why I missed that call from the good ol' boss.
As for the headphone "pop, pop, pop" issue I noted yesterday, while our iPhones were searching for a Wi-Fi fix, my friend Zach noted that the issue is most likely caused by the extradeep, recessed headphone port that iPhones have that iPods don't. So, most headphone connectors are too short to really connect with the iPhone's sound outputs (The sexual innuendo with this observation is boundless I swear). This is pretty annoying to me, but eh, market paths can be changed, right?
But Kevin Fox has noted the same issue on his blog, Fury.com, although with a different take:
"As those of you who have already bought iPhones know, most headphones don't fit the iPhone due to how far the plug is recessed into the case, meaning that unless a headphone plug has a very narrow flange behind the plug, it won't fit. A lot of people have commented that this was short-sighted or uncaring of Apple, but I think it's a calculated move toward world domination."
As Kevin notes, a paradigm shift may well be in the works, (he should know a little something about paradigm shifts) but with stop-gap solutions like this from third-party vendors, I'm weary. I'm not sure I want the paradigm to shift if it's not Apple or Google driven. What I do like, however, is the community-based approach at problem solving these bugs we can all do for now.
Adobe added some significant features this week with Photoshop Lightroom 1.1, but some people are having trouble upgrading from version 1.0.
Adobe is trying to figure out the causes for problems some have had moving their database of photos and editing changes from 1.0 to 1.1. "We're very concerned about database upgrade issues," said Adobe's Mark Hamburg on the company's Lightroom forum.
Hamburg's advice includes running Lightroom database integrity checks often; if your computer crashes, don't delete the "journal" file that records database changes; and don't open Lightroom's database with other tools. (Lightroom uses the open-source SQLite database software.)
- prev
- 1
- next
