E-Musings Mon Immorata

Boredom Personified Resolving Microsoft Internet Explorer vulnerabilities, SpoofStick update, Slipstreaming Windows XP SP2 This week's was nearly pretty boring on the cool software front with No new releases. Except for a Warp2Net posting about IrfanView 3.92. But as I couldn't find a download link at either the developer's site, or at Betanews. I decided to let be. But it seems things changed late on Sunday night. But first more browser-related security issues. MSIE's in the news again with 2 newly discovered vulnerabilities. The first concerns MSIE's Address Bar that display's one URL while actually opening another. This 'phish' attack affects Internet Explorer 5.01, 5.5 and 6.x. And is caused when the browser fails to update the address bar after a sequence of action is performed on a named window. I recommend you visit the online test to see if your browser is affected. A previous http-equiv vulnerability affecting MSIE has been re-exploited. The new 'hole' is caused by improper validation of drag 'n drop events issued by the "Internet" (high-security zone) to the local zone. While http-equiv uses drag 'n drop, a possibility exists that a malicious attacker allows a single-click to begin planting infected code on the client computer's Windows Startup folder. Both problems can be temporarily patched by disabling Active Scripting. However, if this results in web sites not working properly, I recommend changing over to Firefox. I also recommend downloading Corestreet's SpoofStick add-in for MSIE and Firefox. This when installed appears in a separate browser bar and displays the real name of the site visited; regardless of what's displayed in the address bar. If there's a mismatch, I sincerely recommend immediately terminating that specific site browsing instance. If you use MSIE and have previously installed SpoofStick do update to v1.02 version. That addresses issues specific to Secunia Advisory 12304 relating to MSIE. Because the problem doesn't affect Firefox, you don't need an update. For the corporate types and newbies who need a helping hand either in convincing senior management that Firefox rocks. Or because they don't want to lose all their carefully hoarded book marks, visited site histories, cookies and passwords. There's a site—Switch2Firefox—for you that covers what's hot about Firefox, shares other users' experiences. And offers tips on making a successful migration. OK, it is official. Irfanview 3.92 has been released. This now supports JPEG auto-rotate image based on EXIF info, improvement to the batch re-sizing module, extended DigiCam format support. There are also numerous bug fixes. And many plug-ins have been updated as well. If you plan downloading (850 kB) IrfanView 3.92, the developer recommends also downloading the updatedplug-ins (4.62 MB) file. Incidentally, as of v3.90, IrfanView is no longer a true freeware product. While it remains free for personal use. Business/commercial users need to pay a $10 registration fee. Of course, this fee is based on the honor system. And there's no way for the developer to check if you aren't honoring his request. If you use Maxthon and have experienced problems. Do visit Maxthon Forums > Bug Reports to check if the bugs you found are listed there. If yours are unique, do add them so that the developers have a better beta tester base to work with. And don't despair. I have reliable information that a new post Maxthon v 1.0.220 Beta will be released soon. If you use Outlook you might want to install the free Mail Alert 1.0 Beta 2. When installed, the plug-in pops up cascaded new mail received notification alerts on the desktop. You can directly reply to (or forward) a message. The default display is 5 seconds. And you can also configure the level of transparency (Windows 2000/XP/2003 only). And also configure appearance. The software supports not just POP3 but also IMAP accounts as well as multiple mail stores. Here at work I have not just my main .PST file. But at any given moment another 5-6 .PST files open. If you use Windows XP SP1, hold off on upgrading to XP2. The list of software that doesn't work with this upgrade is every expanding. And Microsoft has already begun issuing hot fixes for specific problems just days after SP2 made its official debut! If you really want to know what contained in the update, there's a great Guide to the Windows XP Service Pack 2 CD-ROM here. But I'm sure you'd also prefer to know how to slipstream (add-in) SP2 to your original Windows XP CD-ROM or install copy. That's it for this week. Stay Safe until next time. Click Here to Email Me