March 2005 - Posts

• Firefox 1.0.2 Final

  "A new version of the great and Open Source browser, Firefox, has been released. It is purely a security and stability release so download and install it to stay secure. Change log: MFSA 2005-32 Drag and drop loading of privileged XUL MFSA 2005-31 Arbitrary code execution from Firefox sidebar panel MFSA 2005-30 GIF heap overflow parsing Netscape extension 2 Get the details about the bugs here Download the latest version from here: Firefox 1.0.2"   This is not that new , but I thought that I would post it anyway! Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it! Posted Mar 27 2005, 03:12 PM by John Piers Cilliers with no comments Filed under: Firefox

• Mozilla 1.7.6

  "Mozilla is an open-source Web browser, designed for standards compliance, performance and portability. Mozilla is a cousin to Netscape Communicator that is being developed by the Free Software Community with the cooperation and support of Netscape. What's New in This Release: · Drag and drop loading of privileged XUL · GIF heap overflow parsing Netscape extension 2 · Internationalized Domain Name (IDN) homograph spoofing · Unsafe /tmp/plugtmp directory exploitable to erase user's files · Plugins can be used to load privileged content · Cross-site scripting by dropping javascript: link on tab · Image drag and drop executable spoofing · HTTP auth prompt tab spoofing · Download dialog source spoofing · Overwrite arbitrary files downloading .lnk twice · XSLT can include stylesheets from arbitrary hosts · Memory overwrite in string library · Install source spoofing with user:pass@host · Spoofing download and security dialogs with overlapping windows · Heap overflow possible in UTF8 to Unicode conversion · SSL "secure site" indicator spoofing · Window Injection Spoofing Download" Also not that new, released 24 March 2005 I think! This is for anyone who may have missed it! Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it! Posted Mar 27 2005, 03:05 PM by John Piers Cilliers with 19 comment(s) Filed under: Software

• Alcohol 120% 1.9.5.2722 Retail

  Alcohol 120% 1.9.5.2722 Retail Alcohol 120% is CD/DVD emulation and recording software that allows users to copy discs. Store your most used or important CDs as images on your computer and run them at 200x speed from up to 31 virtual CD or DVD drives. Alcohol is compatible with more than 99% of drives available. It supports the latest image file types including - MDS, CCD, BIN, CUE, ISO, CDI, BWT, BWI, BWS, BWA and many more. Changelog: FIX Fixed minor bugs. FIX Fixed wrong recording speed setting problem with some DVD writers. NEW Supported double layer DVD+R and dual layer DVD-R media. NEW Added showing the name of manufacturer of DVD recordable media. NEW Added DVD+R/+RW setting book-type as DVD-ROM. (not all drives support this at this time) NEW Added DPM for DVD media. NEW Added RMPS for DVD writing. NEW Added Support for more writers. NEW Improved Reading and writing engines within the software. NEW Added support for 16X writers and DVD media. FIX Updated online activation Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it! Posted Mar 27 2005, 03:02 PM by John Piers Cilliers with 1 comment(s) Filed under: Software

• New Maxthon Combo Version (Formerly MyIE2) 1.2.1

  New Maxthon Combo Version (Formerly MyIE2) 1.2.1 Maxthon is a multi-tabbed browser based on the IE core (IE5.x or above required). It can open multiple web pages within one browser window, and uses little system resources. Maxthon has a greatly integrated & customizable interface which supports Skins, Plug-Ins, IE Extensions, & specific toolbars (example: GOOGLE Toolbar). Maxthon also incorporates 2 POPUP blockers (Auto POPUP blocker & a POPUP blocker list filter) and a Content Filter. The Content filter can be used to filter offensive pictures on a web page, if desired. This version Includes: Plugin: AI Roboform, FlashSave, ViewSource, EnableRightClick, Up a Directory, Weather. Skin: Default, Turbo Qute, Mozilla_2, Safari, TCPort, X_Phoenity. What's New: + Auto update RSS feed ( at Add/Edit feed dialog). + Add new function max_language_id to get current language. + Add new function max_activex(var security_id, string progID) to create activex object without security limitation. * Fixed search bar magnifier sometimes disappear problem. * Fixed sometimes cound not popup sidebar under full screen problem. * Fixed some problems that cause Maxthon stay in memory after close. * security_id is made more secure. * Function m2_search_text will need security_id . * Fixed status bar tooltip misplace problem. Go here to download: Maxthon Combo Version (Formerly MyIE2) - [2005-03-24 | Freeware | 5 Mb | Win All | 982436] Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it! Posted Mar 25 2005, 10:20 PM by John Piers Cilliers with 1 comment(s) Filed under: Maxthon (Formerly MyIE2) Ver 1.3.1

• Hacker Turf War Will Lead To Large E-crime Gangs

  Courtesy of TechWeb News A new worm war may be brewing, the head of Moscow-based Kaspersky Labs' research efforts said Friday. The battle is shaping up between rival cyber gangs over the newest turf, infectable PCs. "Some machines connected to the Internet are protected well, some are not," wrote Eugene Kaspersky in the anti-virus vendor's analyst blog. "They are 'infectable.' Go here to read all about it! Hacker Turf War Will Lead To Large E-crime Gangs   Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it! Posted Mar 21 2005, 06:07 PM by John Piers Cilliers with no comments Filed under: General News

• Microsoft Describes Spyware Categories And Responses

  Microsoft issues white paper to detail how its AntiSpyware software works to identify and suppress potentially harmful software. Microsoft this week described how its forthcoming anti-spyware software classifies potentially harmful software and the actions it will let users take to prevent spyware and other malicious software from damaging PCs. The Windows AntiSpyware security software, current in beta testing, uses a library of more than 100,000 threats to identify potential problems and make recommendations to users as to whether the questionable software should be ignored, quarantined, or removed. Go here for the full story: Microsoft Describes Spyware Categories And Responses The seven-page white paper, entitled Windows AntiSpyware (Beta): Analysis Approach and Categories. Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it! Posted Mar 21 2005, 05:53 PM by John Piers Cilliers with 2 comment(s) Filed under: Microsoft Software News

• Censorship!!

  Censorship, official prohibition or restriction of any type of expression believed to threaten the political, social, or moral order. It may be imposed by governmental authority, local or national, by a religious body, or occasionally by a powerful private group. It may be applied to the mails, speech, the press, the theater, dance, art, literature, photography, the cinema, radio, television, or computer networks. Censorship may be either preventive or punitive, according to whether it is exercised before or after the expression has been made public. In use since antiquity, the practice has been particularly thoroughgoing under autocratic and heavily centralized governments, from the Roman Empire to the totalitarian states of the 20th cent. It seems like this is still in force in South Africa as well, in all walks of life, including a funny little blog like this one!!! Oh, I almost forgot to add, for those of you do feel better about the two stars, perhaps now you do not know what the word means?? I hope you feel warm and safe in your tiny, tiny little world! Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it! Posted Mar 18 2005, 02:21 AM by John Piers Cilliers with no comments Filed under: General News

• Racist slur! Rugby Super 12

  Australia and New South Wales lock Justin Harrison has admitted racially abusing (South African Super 12 Team) Cats winger Chumani Booi in a Super 12 rugby match in South Africa last weekend. Initially it was thought that Nathan Grey was the culprit. The Cape Times (SA) reported that Nathan Grey was the person who called Chumani Booi “a stinking black c**t”! Chester William was quoted as saying “This is an isolated matter and I’m not aware of such a thing being said on a regular basis”, he went on to say that, “if this sort of comment was made between two local sides, (SA) the whole world would’ve heard about it and made a huge thing of it!” Today: 18th March 2005: Following up on what has transpired so far: Despite Harrison's admission, both Booi and Cats fullback Conrad Jantjes maintain in their statements to SANZAR officials that the comments were made by Grey. That stance was delaying proceedings last night as the SANZAR regional tournament director in South Africa, Johan Botes, waited for a personal statement from Harrison to complete the documentation to be submitted to the citing commissioner, Piet Nieman. Once Harrison's statement is added to those of Booi, Jantjes and Grey, Nieman will consider the documents and a video of the incident before deciding what action to take. Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it! Posted Mar 16 2005, 11:59 AM by John Piers Cilliers with no comments Filed under: Sport

• Exchange Server Port Requirements

  Exchange Server Port Requirements Submitted By: Ganesh Natarajan Description: A common requirement while using exchange server is to allow access to mailboxes through a firewall, which is primarily requirement of the Internet users through a VPN. This scenario can be addressed by using OWA (Outlook Web Access) client. A front end server is placed in DMZ to accept the incoming requests from the clients.  We need to understand the ports which are used in the communication of Exchange Front end server to the mailbox server through the firewall from the DMZ to the internal network.  Source Destination Port Protocol Description Exchange Front-end Server Exchange mail box server 80 TCP Relayed HTTP traffic. Note that even if the client connection is secured by the means of SSL, the front-end server communicates with the back-end server in clear mode (no use of SSL).  Exchange Front-End Server Active Directory Domain Controller 389 TCP (LDAP) Access required for the front-end server to access the DC (required retrieving Exchange configuration information queries). Exchange Front-end Server Global Catalog 3268 TCP (LDAP) Access required for the front-end server to access the GC (required to determine on which back-end server a user's mailbox is located). Exchange Front-end Server Global Catalog 88 TCP (Kerberos) Access required for the front-end server for mailbox access authentication. Exchange 2000 Front end Server DNS Server 53 TCP (DNS Lookup) Access required for the front-end server to resolve names for back-end server, DCs, GCs, etc. Exchange Front end Server DNS Server 53 UDP (DNS Lookup) Access required for the front-end server to resolve names for back-end server, DCs, GCs, etc. Exchange Front end server Global Catalog 135 TCP (RPC Port Mapper) RPC end-point mapper for the front- end server to query the AD services. This connection will return the RPC service port used by the AD service upon startup of the DC or GC. Exchange Front end Server Global Catalog 1127 TCP (ADS) This is a fixed IP port, which the AD uses to advertise its service for replication and logon. Windows normally assigns the port dynamically in the upper 1,024–65,365 range. In a DMZ environment, you can hardcode the port to force Windows to always use a fixed port.  Exchange Front end Server Global catalog 445 TCP (SMB for NetLogon) SMB traffic for the NetLogon service, required for communication and authentication of the services. Exchange Front end Server Global catalog 123 TCP (NTP) Network Time Protocol required for synchronizing the time between the various machines. You can use the GC as the time source to synchronize all the servers.  In order to define a specific port for the AD to use for the logon service on DCs and GCs, set the following key in the registry on the DCs and GCs that serve the mailbox servers: HKLM\System\CurrentControlSet\Services\NTDS\Parameters Value name: TCP/IP Port Value type: REG_DWORD Value data: 1127 (or whatever port you elect to use) Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it! Posted Mar 14 2005, 05:18 PM by John Piers Cilliers with 1 comment(s) Filed under: MS Exchange Security

• Free ASP.NET Web Development Tool

  Free ASP.NET Web Development Tool   Version 0.6 of ASP.NET Web Matrix is now available as a free 1.3mb download. Web Matrix is a community-supported, easy-to-use development tool for building ASP.NET Web applications. New features include: Access database support, J# support, design time enhancements including improved table editing and user-control rendering, many bug fixes, and much more!    Download version 0.6 of Web Matrix today! Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it! Posted Mar 14 2005, 02:14 AM by John Piers Cilliers with 1 comment(s) Filed under: Dot Net Stuff!

• CeBIT technology fair! GADGETS GALORE!

  The biggest, the smallest, and the most expensive on show at CeBIT technology fair in Germany! Go here for the full story Tech fair showcase! Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it! Posted Mar 14 2005, 02:07 AM by John Piers Cilliers with no comments Filed under: General News

• "Press Freedom"

  Draconian measures seem to be the new wave as laws and proposed laws, start coming into effect! Some of these are aimed at web logs that put forward political ideas and ideals. Any sites that are seen to be actively supporting any political party will also fall foul of the law! If it is determined that "blogs" are in fact political organizations, fines could be imposed if things like press releases are placed on the “bolg” or website. Earlier on I was reading that websites and web logs will be forced to submit to companies if they are asked for their sources, that is, if the company deems that the information published is confidential! A judge, who made a ruling stating that a Web site that published confidential Apple documents, could not protect its sources from an Apple inquiry, has effectively set a precedent that can now put the wheels in motion as regards online press freedom losing some of that status!      Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it! Posted Mar 14 2005, 02:00 AM by John Piers Cilliers with no comments Filed under: Blogs and Logs!

• SUSE LINUX Professional 9.3

  SUSE LINUX Professional 9.3 will be available mid-April, Novell announced at CeBIT yesterday (US pricing will be announced at the same time), calling the 9.3 version the most complete set of operating system, management tools, application software and networking functionality ever shipped for the home computing environment. Novell says v9.3 includes a complete Linux operating system, over 3,000 open source packages and hundreds of open source applications, productivity software and home networking capabilities. Found at Novell Announces SUSE LINUX Professional 9.3 at CeBIT Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it! Posted Mar 13 2005, 09:50 AM by John Piers Cilliers with no comments Filed under: Linux News

• Phishers Turn To DNS Wildcards, Cache Poisoning

  INTERNETWEEK Phishers Turn To DNS Wildcards, Cache Poisoning Phishers are using ever-more-sophisticated tactics, including DNS wildcards and DNS cache poisoning--the latter dubbed "pharming"--to separate consumers from their money, a British security firm said Tuesday. According to Netcraft, criminals are now using DSN wildcards and URL encoding to create e-mail links that appear to be for legitimate sites, but actually send unwary consumers to fake Web sites, where phishers try to steal confidential information, such as bank or credit account numbers. Not surprisingly, the fake site is hosted in Russia, a hotbed of phishing criminals. By Gregg Keizer Courtesy of TechWeb.com Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it! Posted Mar 10 2005, 10:10 PM by John Piers Cilliers with no comments Filed under: General News

• Tarantino 'to make Friday sequel'

  Director Quentin Tarantino is in talks to write and direct a new instalment in the Friday the 13th horror franchise, according to the Hollywood Reporter. Go here to read more on this story Tarantino 'to make Friday sequel' Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it! Posted Mar 09 2005, 04:27 PM by John Piers Cilliers with no comments Filed under: General News