A couple of Microsoft Zero Day Vulnerabilities

For those still using Internet Explorer for regular web browsing, you need to read this:

From the "@RISK: The Consensus Security Vulnerability Alert - Week 50 2008"

(1) CRITICAL: Microsoft Internet Explorer Remote Code Execution Vulnerability (0day)

Affected:

Microsoft Internet Explorer 7 and possibly prior

Description: Microsoft Internet Explorer contains a remote code execution vulnerability in its handling of certain XML structures. A specially crafted web page can result in remote code execution with the privileges of the current user. This vulnerability is currently being exploited in the wild, and is reportedly not mitigated by the most recent Microsoft patches. No further technical details are publicly available for this vulnerability.

Status: Vendor confirmed, no updates available.

References:

Microsoft Security Advisory

http://www.microsoft.com/technet/security/advisory/961051.mspx

SecurityFocus BID

http://www.securityfocus.com/bid/32721

US-CERT Vulnerability Note

http://www.kb.cert.org/vuls/id/493881

Network World Article

http://www.networkworld.com/news/2008/120908-new-web-attack-exploits-unpatched.html?fsrc=rss-security

SecurityFocus BID

http://www.securityfocus.com/bid/32721

***********************************************

(2) CRITICAL: Microsoft WordPad Text Converter Remote Code Execution (0day)

Affected:

Microsoft Windows XP prior to Service Pack 3.

Description: Microsoft WordPad is a Rich Text Format (RTF) editor included by default in Microsoft Windows. It is the default viewer for RTF files. It contains a flaw in its Text Converter component. A specially crafted RTF document could trigger this vulnerability, allowing an attacker to execute arbitrary code with the privileges of the current user. This vulnerability is being actively exploited in the wild and is reportedly not mitigated by the most recent set of Microsoft patches.

Status: Vendor confirmed, no updates available.

References:

Microsoft Security Advisory

http://www.microsoft.com/technet/security/advisory/960906.mspx

US-CERT Vulnerability Note

http://www.kb.cert.org/vuls/id/926676

SecurityFocus BID

http://www.securityfocus.com/bid/32718

So why aren't you using something else? If you didn't know, there's Chrome, Firefox, Opera, and Safari available for Windows users, among others. The excuse that "I need IE for site X" may be valid for site X, but, why are you using it for everything else?


-Bob

How to set size limits for messages in Exchange Server

I was asked by a customer today how to configure the SMTP message size limit in Exchange. Here is what I found: http://support.microsoft.com/kb/322679

-Bob

BlueScreen Saver...

This has got to be one of the funniest screen savers there ever was, BlueScreen. Of all places, this one comes from Microsoft (http://technet.microsoft.com/en-us/sysinternals/bb897558.aspx).

One of the "Top 10 Harmless Geek Pranks".

-Bob

Footpeg springs for the Oset

I had enough of watching how frustrated my son got with the foot pegs on his Oset. Frequently, as he picked up his feet, the would brush by the foot pegs and the one (or both) of the foot pegs would stick in the folded position. Often this would occur just as he was about to enter a section. This would cause to stop and reset the pegs before continuing. Here's how the foot pegs look on a stock bike (click on the images for larger versions):

Obviously, something had to be done...

A trip to the hardware store was in order to find some suitable springs. After a bit of searching, I found these:

Back at home, it was time to figure out how to put these in place. I started by drilling a hole in the leading edge of each foot peg (see red arrow). The hole was just slightly large then wire diameter of the springs. The hole positioned so that the straight part of the spring would reach to the inner end of the plate portion of the foot peg (see the yellow arrow):

For the other end of the spring, I drilled a hole in the frame just below the foot peg mount. To test this idea I used Ring Terminal electrical connector:

I removed the insulation and threaded the other end of the spring (the end with the loop like a key ring) on to the ring terminal. The ring portion of the ring terminal was "bolted" to the frame using the hole I had drilled just below the foot peg mount. Here are the results:

This done with just a drill and common hand tools. If had a welder, I would have welded a small loop to the frame just below the foot peg mount. This would be much more solid than the current configuration.

So far, this has held up through two events. I've lost count on the number of time the bike has fallen over. Only once did I have to crimp one of the ring terminals back together.

Total cost: about $4.

If you have any suggestions for improvements, please let me know!

-Bob

The BristleBot

Check this out:

At least a few minutes of fun...

Now, where can I get a pager motor?

-Bob

Computer Stupidities

Do you want to waste a lot of time ROTFL? Try: http://rinkworks.com/stupid/ It's a great collection of all of those IT support stories that you've been looking for.

Thanks Ron!

-Bob

Vomit or Linux: your choice

"Imagine standing on the road. An oncoming car is heading rapidly towards you. You have a choice to move, or to stay. Now consider that in business you need to choose a server platform wisely but often Windows shops become entrenched because it is the status quo. A couple of user experiences show why you ought to think about it more."

For the rest: http://www.itwire.com/content/view/16891/1141/

-Bob

Head Tracking for Desktop VR Displays using the WiiRemote

Is this cool or what?

-Bob