Archive for April 2009

Chrome/IE security flaw

April 28, 2009

Kaspersky Labs journalist Ryan Maraine writes up the new security problem when running IE + Google Chrome.

http://blogs.zdnet.com/security/?p=3224&tag=nl.e019

I was particularly interested in this since I run Chrome as my default browser and IE6 as a secondary.  I mainly use IE for online banking (since it doesn’t play well with Chrome) and my time card at work.  However, if you’re surfing with IE while Chrome is installed, you need to read this article.  I will copy over what Ryan said:
 

The skinny:

  • If a user has Google Chrome installed, visiting an attacker-controlled web page in Internet Explorer could have caused Google Chrome to launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker’s choice.

The “high severity” vulnerability affects Google Chrome versions 1.0.154.55 and earlier.

So class, what is rule #1 for making sure a system is secure?  That’s right.  Keep your A/V (you do have A/V, right?), OS, and other software fully patched.  I’m typing this in Chrome v. 1.0.154.59.  So I’m (hopefully) all set, as I’m 4 builds ahead of the vulnerability.  Keep it up to date.  You can check your version by clicking on the “wrench” icon in the upper right hand corner of Chrome and clicking “About Google Chrome.”

Here’s another snide sort of comment Ryan included:
 

“It is important to note that the way Internet Explorer processes URL protocol handlers is a known Achilles’ heel and has been widely used previously to attack other various applications,” [Roi Saltzman at IBM] said.  Proof-of-concept code for this issue is publicly available.
Microsoft maintains the problems are not related to vulnerabilities in its code.
Of course.
Advertisements

Ubuntu Releases 9.04 Jaunty Jackalope

April 24, 2009

Ubuntu released its latest version 9.04 codenamed Jaunty Jackalope. Remember that Ubuntu releases on a six month rotation, but have a two year cycle for LTS (Long Term Support) versions. This new version looks like a good step forward for the development, but if you are using Ubuntu in production services I would keep with 8.04LTS. Ars has a good rundown of the new features. Of particular interest to me is the Netbook Remix version. I have been using the prerelease of this on 8.10. I think this is a bold new step to get Ubuntu specifically tailored for the netbook and I like the design a lot.

As always Ubuntu Servers are bogged down. Expect huge delays and dropped packets if you do the upgrade over the web. One easy way around this is to choose mirrors other than the default (MIT’s is usually running pretty fast). I may drudge up the instructions for upgrading over bittorrent as well.

A few changes

April 23, 2009

I made a few changes today to the widgets on the blog.  For Mark and me, I added the Admin widget, and for you, I added several, including a tag cloud and recent comments.  Have a look on the sidebar and try something new today!

Ben

I must be getting better at programming…

April 21, 2009

… because I got this one without even having to read the alt text. 

comic

The alt text read “If androids someday DO dream of electric sheep, don’t forget to declare sheepCount as a long int.”

If you think that’s terribly unfunny, try this site.  Let me know if it’s more to your tastes.

Comic provided courtesy of http://www.xkcd.com

Oracle buys Sun Microsystems…

April 21, 2009

… and I like it.  I was going to try to post a link to both a positive and a negative opinion, but I am having trouble finding a negative one.  I’m sure there’s one out there, so if you know of one, post it in the comments so we can get some good perspective.

Here’s a positive opinion: 

http://blogs.zdnet.com/Gardner/?p=2903

 

I see some real good here.  Oracle is great at marketing, and Sun could use a marketing makeover at present.  Oracle presents themselves as a straightforward, professional kind of company.  I think that this combined with Sun’s passion for strong enterprise products will be a good addition to Oracle’s large enterprise product portfolio.

Please, let us know your thoughts.  Agree?  Disagree?

Problem with SSD drives

April 13, 2009

So you may remember around here we had a little debate about SSDs (solid state drives). Well I am reminded of another problem. Actually it isn’t so much a problem as a new way to think of things. The short story is that my wife owns a Dell Mini 9. That machine is a netbook with an SSD inside. On Thursday she called me and said that when she booted up the machine she was given a black screen with “OS not found.” I told her not to worry about it because it was likely a Windows problem and that I should be able to get everything off of her drive. It was a faulty premise on my part. I assumed that it wasn’t the drive because none of the warning signs occurred. After doing some troubleshooting I figured out that the SSD itself had died. It couldn’t find the OS because the drive itself was inaccessible. Fortunately there wasn’t much information on that machine that wasn’t already backed up and it is covered under Dell warranty which they just send the new HD with everything preloaded on it. So wait time and fix time will be quick and painless.

The problem comes that there were no warning signs. With the moving parts on a regular HD you get the “click of death.” Of course I am not saying that I need the “click of death,” but with this there was no sound or blue screens or frozen computers. When it died it went silently with no warning leaving myself and the Dell technician scratching our heads. Of course this is just one incident, but it does go back to my original article on SSDs. The point is that there are still some reliability issues. These kinks will get worked out, but SSD technology wasn’t the silver bullet to fix the mechanical parts on the old Hard Disks at least not yet. To be fair I just had to fix one of my co-workers machines at work because of the “click of death.” Old hard disk drives don’t have the best track record either, but the technology has been around in this capacity longer so the variables are understood and the warning signs exist. Perhaps I just don’t know what to look out for yet.

On a side note. Dell Warranty is pretty handy. Before I confirmed the SSD we assumed I just had to run the XP CD. Since I didn’t have an external CD drive at the time he was willing to send a new SSD preconfigured. That was nice, but that meant that we would loose all the data on our machine. Point is that Dell didn’t expect me to have an external CD drive or to fix the problem on my own. I give them a small pat on the back for that.

Gmail becoming a monopoly?

April 13, 2009

I read a rather sensational post this morning.  Not sensational in the good way, either.  Let me explain – sensational can mean “arousing or intended to arouse strong curiosity, interest, or reaction, especially by exaggerated or lurid details” (answers.com).  The author essentially proposed that Gmail could become the de facto standard for business email.  He cites several examples of organizations (incidentally, both colleges, not businesses) that are intending to use Gmail’s business email program for their student email.

This is a great example of how cloud computing can be useful.  I’ve been a Gmail user for about four years, and I like it.  That said, I don’t use their Web client except on rare occasions.  I dislike web clients.  But with the business class service, as well as with the personal email, users can access Gmail via either POP3 or IMAP.  No Web client required.  

I can see this as a viable solution for colleges and small businesses, but frankly, I don’t see this as an enterprise solution unless Gmail 1) guarantees uptime and 2) provides personalized, 24-7 enterprise support solutions.  Their support, from what I understand, is pathetic at present.  However, I think it could work for small businesses.  Google does have a good reputation as a progressive and professional company (unlike another prominent hosting company, whose salacious Super Bowl advertising became an instant bar from use in my business).

So back to the point.  Great idea? Yep.  But did this author stretch the truth?  Yes.  However, there’s still an important point in there – if you’re running a small business and need business email services (your own domain name and hosted email services with high uptime) it’s definitely worth considering.  Honestly, I’d consider going that route for a small business, even though I’m capable of hosting my own email server.  The price point is great too ($50 per user per year).

Bottom line: it’s not going to take over the world, but it’s a great idea for a smaller business who needs professional email services from a reputable company.