Pavlov Scope

(old NEWS - Just documenting the last few security issues for posterity)

KB905915 addresses this bug.
MSRC number: MS05-054

Hi all;

As I’m sure my buddy Bill already knows too, this past Monday afternoon (nov. 21), a new software flaw has been exploited in Internet Explorer (IE).

It is actually an old, known flaw, but the nature of the flaw is different than initially thought (worse).

The flaw is a problem in the JavaScript component in IE (MS calls it “Active Scripting”) and is not yet patched by Microsoft.

The problem is that some “proof of concept” program code which takes advantage of the flaw (what we call an exploit) has been released which will allow malicious code writers (writers of things like viruses, spyware, etc.) to easily adapt the code for attacking computers.

To prevent any new, as-yet-unknown exploits from being able to exploit this flaw, either do not use IE in the meantime or disable “Active Scripting” in IE. However, doign the latter will also prevent many legitimate web applications from functioning correctly since it simply prevents all JavaScript from running on IE. But, I wanted to make sure that you all knew about it going into Thanksgiving weekend.

The hope is that MS will soon publish a fix for the problem, at which point you should update your computers (via Windows Update website). The other “first line of defense” is virus protection, which hopefully can stay ahead of the curve of new viruses that might take advantage of this as-yet-unpatched flaw.

My recommendation in the interim: If you usually use IE, use Opera (8.51) or Firefox (1.5x) instead until a patch comes out for this flaw… Or, just stop using IE altogether (like me ;-)

And/Or manually disable Active Scripting for your Internet Zone as follows:
If you MUST use IE, then in IE, choose:

1. Tools-Internet Options-Security tab
2. Internet Zone
3. Custom Level
4. Scroll down, almost to the bottom and find Scripting/Active Scripting and choose Disable radio button

screenshot example

But, please note that many websites use JavaScript for functionality and this setting will prevent that functionality from working properly (using another browser for the site is the easiest thing). A workaround for THAT (again, if you must use IE for the site) is to place specific sites into your Trusted Sites list in the meantime (if you want more info about that, please let me know).

If you use Firefox, I highly recommend the NoScript plug-in extension. It is highly functional, easier to use than the Trusted Sites model in IE, and keeps you safe and sound using default settings. I suggest, once installed, that you use the “Temporarily enable” function on ‘one-of’ sites that require it… and only then if it is really needed. And if after using it for a while and it works for you, please donate a few Paypal bucks for them to encourage continual development.

While on the topic… the other Firefox add-ons I highly recommend are: Adblock, Fasterfox, and del.icio.us.

Happy (friggin) Thanksgiving (no rest for the wicked, or those of us trying to combat the wicked, or both).

_____________________________________________________________
KevFrey
.     .    .   .  . .. .  .   .    .     .

A new, fun purchase I made “the other day” (Aug. 2005) is the Inova T3 mini flashlight. This flashlight uses a high-power 3watt LED for illumination instead of a normal incandescent bulb. This makes them much more durable and they last much, much longer – effectively never needing replacement.

It is very bright for 2 hours (although two hours is quite a while given normal short length use), then sufficiently bright thereafter. I haven’t had to replace my batteries yet and have been using the light around once per week for the last six months. It is water resistant and made out of very tough “aircraft grade” aluminum (whatever that means) – Regardless, it feels substantial and sturdy for a small-ish flashlight.

During our vacation to the Outer Banks this year, this light allowed us to ride our bikes safely in the pitch darkness of the streetlight-less neighborhoods of the sleepy vacation area.

FlashlightReviews is a great review site for this and a whole array of other flashlights.

_____________________________________________________________
KevFrey
.     .    .   .  . .. .  .   .    .     .

Why didn’t I hear about these two earlier? Boy Robot – Rotten Cocktails

This CD was my first exposure to this extraordinary duo. These two are clearly like “penut butter and chocolote” – very good together through a combination of styles.

This release starts off with a banging low-freq beat underneath light electro synth melodies. This color of music embodies the IDM ethic with its syncopated, half-measure beats and breaks.

There exists good variety of tracks in this release as well: Some tracks have crunchy, hard edged beats, others have smoother 4/4 structures with markedly techhouse overtones, while still others execute glitchy and more purely electronic sounds all while maintaining an emotional, warm feel.

Like Plaid’s Not for Threes release, this album maintains a wonderful balance between aggressive-leaning percussive elements and soft, hooking melodies that fill out each song. Asymetric rythms against human narratives help create a new, but familiar brand of intelligent listening music. An excellent release that is in my top 5 favorites for 2005.

Boy Robot has a previous release named “Glamorizing Corporate Lifestyle” which I just picked up – I’ll write a review of it later. Sadly, AFAIK these are the only two works done by this duo. Their real names are Hans Möller and Michael Zorn (better known as Boulderdash and Zorn of Lux Nigra, respectfully) and have distinct sounds that I feel aren’t quite as good as the two of them together, although strong in their own right.

If you like a more classic feel of IDM (a la B12, late-90s Plaid, etc.), then I think you will like the Boy Robot Rotten Cocktails release. My only problem with this disc is that it won’t free up its space in my six-disc changer in the car… it somehow keeps showing up there… in the number 1 slot.

_____________________________________________________________
KevFrey
kevfrey@gmail.com
.     .    .   .  . .. .  .   .    .     .