Tuesday, 11 January 2005

Microsoft today released three security bulletins, two of which are classified as “Critical” severity, and related patches to resolve the issues described in each bulletin:

Jan 11, 2005 Vulnerability in HTML Help Could Allow Code Execution (890175): MS05-001

Affected Software: Windows NT Server 4.0, Windows NT Server 4.0, Enterprise Edition, Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 for Small Business Server, Windows Server 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition, Windows 98, Windows 98 SE, Windows Me, Internet Explorer 6
Windows NT4 Service Pack 6a, Windows 2000 Service Pack 3, Windows 2000 Service Pack 4, Windows XP Service Pack 1, Windows XP Service Pack 2, Windows Server 2003 Gold, Windows 98 Gold, Windows 98 SE Gold, Windows 98 SP1, Windows Me Gold, Internet Explorer 6 SP1 Critical
Jan 11, 2005 Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution (891711): MS05-002

Affected Software: Windows NT Server 4.0, Windows NT Server 4.0, Enterprise Edition, Windows NT Server 4.0, Terminal Server Edition, Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 for Small Business Server, Windows Server 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition, Windows 98, Windows 98 SE, Windows Me
Windows NT4 Service Pack 6a, Windows NT4 Terminal Server Service Pack 6, Windows 2000 Service Pack 3, Windows 2000 Service Pack 4, Windows XP Service Pack 1, Windows Server 2003 Gold, Windows 98 Gold, Windows 98 SE Gold, Windows 98 SP1, Windows Me Gold Critical
Jan 11, 2005 Vulnerability in the Indexing Service Could Allow Remote Code Execution (871250): MS05-003

Affected Software: Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 for Small Business Server, Windows Server 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition
Windows 2000 Service Pack 3, Windows 2000 Service Pack 4, Windows XP Service Pack 1, Windows Server 2003 Gold Important



Add/Read: Comments [0]
IT Security | Tech
Tuesday, 11 January 2005 11:45:30 (Pacific Standard Time, UTC-08:00)
#  Trackback

I was wide awake at about 4am today, looking around for a fast way to get live syndicated content (need it to always be up-to-date) from a weblog’s RSS feed to the home page of a web site I am maintaining for non-profit organization. Cops on Top has climbers in Africa this week for a memorial mountain climbing expedition to Kilimanjaro, and they are sending electronic communications from the field via email and phone calls. The messages can show up on the weblog in real time, without anyone else’s intervention. So, I wanted to be able to show the latest weblog posts on the org’s home page.

I did a quick Google for what I needed, and came up with a gem of a tool: Feed2JS.

What Feed2JS does is to provide an interface where you can specify the URI to a RSS feed, click a few boxes and buttons on a web page to specify your options, and generate a Javascript output that you can stick straight into your web page, ready to go and immediately syndicating content from the specified feed. In addition, there’s a stylesheet generator on the site that lets you customize the look and feel of the feed as it’s displayed on your web page.

You can even download the original PHP scripts (which are provided under an open source license) and run Feed2JS on your own server, which could speed up the feed-to-web proxy function if you have scalability concerns due to very large volume, or if you want to modify the RSS cache to update more frequently than every 60 minutes. That is the default cache time for feeds being gathered and serviced by the Feed2JS system. At any rate, download your own copy and run it yourself, and you get complete control.

The results are quite good. Sure, the end user has to have jscript/Javascript enabled on the client, but that works for this purpose, so I am happy. Recommended.

Another slightly less-elegant (but quite useful) method using server-side ASP is called RSS in ASP. It works, as well.



Add/Read: Comments [1]
RSS Stuff | Tech
Tuesday, 11 January 2005 06:25:58 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Monday, 10 January 2005

I have been testing development and release builds of dasBlog 1.7 for the past week or so. There are a few of us running it on our live sites to make sure everything’s working as expected and to provide real-world feedback.

This version – spearheaded by developers Omar and Scott and incorporating the work of several others – simply rocks.

There are a large number of performance improvements (it’s a lot faster and uses less resources on the server) and feature additions/enhancements. You can read about all the changes on the dasBlog wiki page for v1.7. Some of my favorites are the ability to post drafts without actually publishing to the live site, RSS 2.0 enclosures, referral spam protection,

One thing that I just added to this site with the latest build is live support for the Movable Type Blacklist, which is another mechanism to kill referral spam before it happens. There’s also the ability to block referrers from being listed by keyword. It’s all pretty cool.

It’ll be done soon, and when it is you’ll want to check it out, regardless of whether you currently use dasBlog.



Add/Read: Comments [1]
Blogging | Tech
Monday, 10 January 2005 20:52:38 (Pacific Standard Time, UTC-08:00)
#  Trackback

Adam Gaffin, who publishes Network World Fusion’s Compendium (RSS feed here: RSS feed), has announced that Network World’s weekly interviews are now available a la Podcast – as a RSS 2.0 feed with enclosures.

So, point your feed reader or podcast client over to the RSS feed podcast feed at http://www.nwfusion.com/podcasts/radio.xml and partake of the quality content – these are quite good interviews and recordings, especially for IT pro’s and people who want to learn more about IT in the home and office.



Add/Read: Comments [0]
Blogging | Tech
Monday, 10 January 2005 15:46:30 (Pacific Standard Time, UTC-08:00)
#  Trackback

Here is a point of view I tend to agree with, with regard to business and blogging… It’s not just what you say at work that can get you fired, and companies can employ (or not) based on a number of aspects of a person’s life. If you’re a blogger, these thoughts over at the Blog Your Way weblog are worth reading and taking into account:

Blog Your Way » My thoughts on being fired for blogging

There have been a lot of posts lately about being dooced (fired for blogging). Dooce (Heather) was the first to be fired almost three years ago and thousands have been fired since then. It seems that many more will follow. What was the common denominator in the majority of them? Discretion…and not thinking about the possible reaction to their posts.



Add/Read: Comments [0]
Blogging
Monday, 10 January 2005 15:36:07 (Pacific Standard Time, UTC-08:00)
#  Trackback

From MS MVP Jerry Bryant comes news about the new malicious software combat tools that will launch on Tuesday this week from Microsoft:

Announcement of Upcoming Release of Malicious Software Removal Tools

Starting from January 11th, 2005, Microsoft will provide Windows customers with Malicious Software Removal Tools. New versions of these tools will be available monthly (second Tuesday of every month on the same schedule that Microsoft already delivers other security updates) or more frequently if necessary…

…Microsoft will provide new versions of this tool updated to remove malicious software that is found to be prevalent for that month. The first version of the tool available in January will be able to remove Blaster, Sasser, MyDoom, DoomJuice, Zindos, Berweb (also known as Download.Ject), Gailbot and Nachi viruses / worms.

These removal tools will be made available to customers through the following delivery vehicles:

  • As a download through the Microsoft Download Center
  • As a critical update through Windows Update and through Auto Update for those customers who have Auto Update turned on
  • As an ActiveX control also available at www.microsoft.com/malwareremove


Add/Read: Comments [0]
IT Security | Tech
Monday, 10 January 2005 15:15:49 (Pacific Standard Time, UTC-08:00)
#  Trackback