Posted 02/22/10 at 07:35:13 AM by Paul Lilly

Adobe last week released a security update for a critical vulnerability in Adobe Flash, but according to security researcher Aviv Raff, installing the update could be cause for concern.

"If you did upgrade to the latest version of Flash from the Adobe website, you very likely have Adobe Download Manager installed," Raff points out.

So what's the big deal? Raff says there's an undisclosed flaw in the way Adobe's Download Manager works, which makes it possible for an "attacker [to] force an automatic download and installation of any executable he desires." In other words, those who download the update end up exposing themselves to a zero-day attack, Raff claims.

Adobe is apparently aware of the issue and is reportedly working with Raff to patch it up. The software maker also downplayed the security risk, saying "the user has to accept a number of prompts before being taken through the installation process," and therefore making it hard for a user to install unwanted and malicious software without their knowledge.

Read More

Posted 01/06/10 at 07:05:37 AM by Paul Lilly

Y2K is but a distant memory at this point, Y2K10 is not, at least not for Symantec. While there are no forecasts of the end of the world and other gloom and doom scenarios, Symantec did confess that its Endpoint Protection Manager is incorrectly labeling updates issued in 2010 as out-of-date.

"Customers running SEP (Symantec Endpoint Protection) are still protected, and we are continuing to release updated definitions as normal," the company said in a blog post. "However, for the time being, SEP definitions will display a date of December 31, 2009, with increasing revision numbers."

Symantec says the bug affects its Endpoint Protection v11.x product line, EndPoint Protection Small Business Edition v12.x product line, and products which rely on Symantec Endpoint Protection for definition updates ( such as Symantec Mail Security for Microsoft Exchange or Symantec Mail Security for Domino).

The company said it is working on a permanent fix. In the meantime, you can find out more info here.

Read More

Posted 11/06/09 at 11:15:04 AM by Paul Lilly

Late last month, several owners of Intel's X25-M G2 solid state drives cried foul when a firmware update promising a 40 percent performance boost ended up bricking their drives instead. Oops! That marked the latest in a what's becoming a string of problems plaguing the 34nm SSDs, and once again, Intel says a fix is on the way.

"Intel has replicated the issue on 34nm SSDs -- X25-M -- and is working a fix," wrote Alan Frost of Intel's NAND Solutions Group. "Intel is pursuing the resolution of this as a high priority. Intel is seeking direct feedback on this issue from members of the [Intel Support Community]... asking them to send their drives directly to Intel to expedite the analysis of the issues. This action will enable us to more quickly generate a resolution for this issue."

Frost added that there have been no reports of related issues by users who were able to successfully upgrade to the 02ha firmware via the firmware upgrade tool, which would suggest the problem isn't the firmware itself, but a bug in the loader software.

Read More

Posted 10/13/09 at 04:50:23 PM by Paul Lilly

Following the launch of Windows 7 next week, if Microsoft's upcoming OS can avoid deleting user data, it will have bragging rights over Apple's recently released Snow Leopard. That's because Snow Leopard users have been reporting lost data due to a bug in the OS.

"We are aware of the issue, which occurs only in extremely rare cases, and we are working on a fix," an Apple representative said in a prepared statement Monday.

According to the complaints, the problem crops up when a user logs into the Guest account, whether on purpose or by accident. Once the user logs out and then back into their regular one, users are greeted with a fully reset account where all the data has been eradicated, just as if they had created a new one.

Users initially reported that the data was unrecoverable, but Cnet published steps on how to restore the files from a Time Machine backup to a new, identical user profile, although the method can take over two hours to complete, Neowin.net reports.

Read More

Posted 08/07/09 at 09:46:33 AM by Paul Lilly

For the most part, Windows 7 has been met with considerable praise from those who have given the beta and RC releases a spin, but all those good vibes are in jeopardy following the discovery of a major bug. According to DailyTech, RTM build 7600.16385 suffers from a "massive" memory leak in the frequently used chkdsk.exe application.

The bug rears its ugly head when scanning a second hard disk on a non-boot partition or second physical drive using the "/r" parameter. Doing so triggers a nasty memory leak, with the term "leak" being used loosely. Some users have reported the dreaded blue screen of death, while others note a memory usage of about 98 percent within seconds of running the app, but without the system crash.

DailyTech says the bug has been confirmed on a variety of hardware configurations, including netbooks and Core 2 Duo notebooks, and it affects both 32-bit and 64-bit versions.

Steven Sinofsky, president of Microsoft's Windows division, downplayed the bug saying:

"In this case, we haven’t reproduced the crash and we’re not seeing any crashes with chkdsk on the stack reported in any measurable number that we could find. We had one beta report on the memory usage, but that was resolved by design since we actually did design it to use more memory. But the design was to use more memory on purpose to speed things up, but never unbounded — we request the available memory and operate within that leaving at least 50M of physical memory. Our assumption was that using /r means your disk is such that you would prefer to get the repair done and over with rather than keep working."

More info here.

Read More

Posted 01/05/09 at 03:46:52 PM by Mark Edward Soper

When Build 7000 of Windows 7 leaked onto the Internet recently, some bloggers speculated that Microsoft had deliberately leaked Build 7000. If that's the case, Redmond has some 'splainin' to do: numerous users have reported that Windows Media Player 12 (the media player included in Windows 7) corrupts some MP3 files. 

According to posters at a Neowin.net forum, WMP 12 removes the first 2 to 3 seconds of MP3s that have large headers (over 16KB) when the "automatically fill in missing metadata using the online service" option is selected. This option is part of the Express setup defaults. According to ZDNet's Hardware 2.0 blog, the problem seems to be confined to variable bit-rate (VBR) MP3 files.

Microsoft is aware of the bug and is working on a patch, but if you've decided not to wait for an official Beta 1 of Windows 7, what should you do in the meantime to protect your MP3 collection? Join us after the jump to learn how to protect your precious rips and purchased files - and for your chance to tell us if this has happened to you.

Read More

Posted 10/23/08 at 11:00:00 AM by David Murphy

Everyone's heard of Linux, right?  We wouldn't be wrong in suggesting that Linux is the most well-known representation of the open-source platform. Or, at least, we're willing to bet that it's going to be on the tip of your friend's tongue the next time you sit down at bar, order up a drink, and ask, "What's an example of Open Source?"

But we think you'd spit out your drink if your friend answered "Chumby," or "RepRap."  You might even try calling out your buddy because you think he's just feeding you jibber-jabber to sound smart. Well, you'd be wrong to do so. These are indeed open-source creations, but you aren't going to find these projects no matter how much you scour SourceForge.  That's because they're examples of open-source hardware, not software.  That's right.  The concept of throwing back the curtain and revealing all the working pieces of a particular item for you to modify at your leisure isn't an act that's constrained to bits and bytes.  

Click the jump, and we'll show you the Open Source hardware projects you can make right now!

Read More

Posted 07/15/08 at 07:01:40 PM by Mark Edward Soper

ZDNet's ZeroDay security blog reports that software engineering and reverse engineering expert and author Kris Kapersky is ready to prove that bugs in Intel CPUs can be exploited by various types of attacks. Kapersky will be speaking at the 2008 Hack in the Box Security Conference in Kuala Lumpur, Maylasia, in October.

To find out how Kapersky plans to prove his theory, read on after the jump.

Read More