CommonMime

Mission Statement

The mission of the Amazon Conservation Team (ACT) is to work in partnership with indigenous people in conserving biodiversity, health, and culture in tropical America.

Visit CommonMime Causes to learn more

I felt that some humor might be beneficial today....

Confronting the 5 Stages of IT Grief

10 More Stupid Things Smart IT People Still Do

Microsoft Tackles Vista, Virtualization Patches

By Lisa Vaas

Patch Tuesday finds Microsoft addressing a host of security issues with Vista and virtualization.

Patch Tuesday brings with it a host of security issues with Vista, issues with virtualization and a fun time for system administrators who deal with clients using some wildly popular Microsoft applications: Internet Explorer and Excel.

On Aug. 14, Microsoft released nine security patches for 14 vulnerabilities, with six of the updates rated critical, in its biggest patch release since February.

Visit aka jane to read the rest of this article

Today's featured artist:
Visit Studio Blue for more on bernie

Facebook Leaks Its Own Code

By Lisa Vaas

Facebook reveals part of its source code on a blog named Facebook Secrets due to a server error.

Social networking site Facebook on Aug. 12 posted Facebook's homepage source code onto a newly created blog named Facebook Secrets on Aug. 12 and is now telling people not to use it.

Visit aka jane to read the rest of this article

Biggest Pump-and-Dump Scam Ever Spikes Spam 445%

By Lisa Vaas
August 10, 2007

The largest spam scam ever tracked increased the spam count by 445 percent in one day.

The largest spam attack ever tracked wound down Aug. 9 after delivering enough big, fat PDF files to increase total spam size 445 percent in one day, according to Postini, a hosted e-mail filtering company that's been tracking the attack since it started Aug. 7.

Visit aka jane to read the rest of this article

Researchers Crack the iPhone

By Lisa Vaas
July 23, 2007

Updated: Apple's popular multifunctional device can be exploited for data theft or snooping purposes, according to a security firm.

A security firm has run the first remote exploits on Apple's iPhone, proving that the widely popular smart phone is vulnerable not only to data theft but also to being turned into a remote snooping device.

A trio of researchers from Independent Security Evaluators—Charlie Miller, Jake Honoroff and Joshua Mason—have created an exploit for the iPhone's Safari Web browser wherein they use an unmodified device to surf to a maliciously crafted drive-by download site. The site downloads exploit code that forces the iPhone to make an outbound connection to a server controlled by the security firm.

Visit aka jane to read the rest of this article

Today's featured artist:
Visit Studio Blue for more on Derek Powazek

Author Claims Mac OS X Worm 'Ready to Go'

By Lisa Vaas

The same troll who claimed to have intercepted and reverse-engineered Dino Dai Zovi's QuickTime exploit from the Mac Pwn-to-Own contest at CanSecWest said over the weekend that he or she now has a Mac OS X worm loaded and ready to go.

Visit aka jane to read the rest of this article

Mission Statement

Leading progressive advocacy and strengthening the progressive movement to ensure robust and equal access to levers of government power.

Visit CommonMime Causes to learn more

Australian Government Sues Google over Deceptive AdWords

Thursday, July 12, 2007 10:06 AM/EST

An Australian government consumer advocacy group is suing Google for "misleading and deceptive conduct" in its SERP AdWords.

Visit aka jane to read the rest of this article

Zero-Day Hits IE-Firefox Combo

By Lisa Vaas
July 10, 2007    

Security researcher Thor Larholm has discovered a zero-day vulnerability that could lead to remote attackers hijacking systems running both Internet Explorer and Firefox.

Larholm is calling this an IE zero day, blaming the vulnerability on an input validation flaw in Internet Explorer that allows users to specify arbitrary arguments to the process responsible for handling URL protocols. It's the same type of input validation vulnerability that Larholm discovered in the Safari 3 beta, he said.

Visit aka jane to read the rest of this article

Today's featured artist:
Visit Studio Blue for more on liiga

...I don't know how long Fender plans to make these, but for now they are the hidden gem in the Stratocaster lineup.  Far superior to that Highway 1 crap, this gem has the vintage features I like, plus the modern fretboard radius...

To view the rest of this post please visit OccasionallyJane.com  (07-06-07)

A Six-Pack of iPhone Hangover Cures

Visit aka jane to read the rest of this article

Mission

The A.J. Muste Memorial Institute is a nonprofit charitable foundation established in 1974 to honor the legacy of pacifist leader A.J. Muste and to further his belief that nonviolent action is the means to achieve social and economic justice. We do this by providing grants, resources and a wide range of support to activist organizations that use nonviolent strategies to oppose war and promote justice and by publishing and distributing educational materials about nonviolence.

Visit CommonMime Causes to learn more

Does the CIA's Dark Past Foretell Current Data Abuse?
By Lisa Vaas

News Analysis: With the CIA's release of reports on 25 years of illegal exploits, data privacy advocates now have a lengthy record of abuses to justify restraining governments' access to personal data.

With the CIA's June 26 release of documents detailing 25 years of illegal exploits, data privacy advocates now have a book-length record of misdeeds—including examples of data abuse such as wiretapping—to back up their arguments that personal data is better off when kept out of the hands of an unsupervised government or law enforcement agency.

Visit aka jane to read the rest of this article

...I live soberly because I have a chance to, I drank in the past because I did not quite know how to do otherwise. Anyway, I don't care in the least!!! Very deliberate sobriety - it's true - leads nevertheless to a condition in which thoughts, if you have any, move more readily. In short, it is a difference like painting in grey or in colours. I am going to paint more in grey, in fact....

To view the rest of this post please visit OccasionallyJane.com  (07-02-07)

Today's featured artist:
Visit Studio Blue for more on ProjectK777

A Compilation of Significant Shows by Stan Parchin,
Senior Correspondent for Museums and Special Exhibitions

To view the rest of this post please visit OccasionallyJane.com  (04-19-07)

Don't Hold Your Breath for a MS DNS Hole Patch

Microsoft says it hopes to patch the hole in its Domain Name System Server—which is now leaving vulnerable PCs open to a worm attack—by "no later" than Patch Tuesday in May.

Microsoft teams are working around the world and around the clock to get a fix out for the May 8 security bulletin release, the MSRC's Christopher Budd wrote in the security center's blog on Tuesday night.

Budd said that Microsoft teams are now developing and testing 133 separate updates, including one in every language for every currently supported version of Windows servers.

"Each of these has to be tested to ensure they effectively protect against the vulnerability," Budd said. "Because DNS is a critical part of the networking infrastructure, they also have to be tested to ensure that changes introduced by the updates don't pose a greater risk than the security issue we're addressing."

Visit aka jane to read the rest of this article

EIGHTEEN YEARS OF SERVICE (1988-2006)
International Relief Teams mobilizes volunteers and distributes medical supplies to support the
organization’s four missions: 1) domestic and international disaster relief, 2) medical education and
training, 3) surgical and clinical outreach, and 4) public health. Volunteer medical teams augment local
health care professionals during natural disasters and other crises, conduct comprehensive in-hospital
training in cardiac resuscitation, obstetrical and neonatal care, and perform surgery in remote,
impoverished areas where specialists do not exist. Volunteer construction teams repair homes
damaged by natural disaster, build public health facilities, and conduct community-based construction
training. IRT also sponsors peer-counseling programs to reduce mother to child HIV/AIDS
transmission. Since 1988, IRT has provided more than $5.1 million in volunteer services, and more
than $96 million in medicines and supplies to families in desperate need worldwide.

Visit CommonMime Causes to learn more

Today's featured artist:
Visit Studio Blue for more on Scarlett1313

By Brian Prince

Microsoft Investigates DNS Attacks

Microsoft is investigating attacks exploiting a vulnerability in the Windows Server Domain Name System Service, as well as two types of hacks targeting Vista's OEM BIOS activation feature.

A company spokesperson said a very limited number of attacks exploiting the flaw in the Windows Server DNS Service have been seen in the wild.

"Our investigation reveals that this vulnerability could allow a criminal to run code in the security context of the Domain Name System Server Service, which by default runs as Local SYSTEM," a Microsoft spokesperson said.

Visit aka jane to read the rest of this article

Today's featured artist:
Visit Studio Blue for more on mareblu

Symantec Patches Flaw in Enterprise Security Manager
By Brian Prince

Symantec has patched a security hole in its Enterprise Security Manager tool that allows attackers to take control of infected machines.

The Cupertino, Calif., company cautioned users in an advisory that all versions of ESM, except version 6.5.3, are vulnerable to a remote code execution attack. The problem, officials at the anti-virus vendor reported, is that the ESM agent remote upgrade interface does not authenticate the source of remote upgrade requests – a vulnerability that can be exploited to launch malware via a specially crafted upgrade request.

Visit aka jane to read the rest of this article

Today's featured artist:
Visit Studio Blue for more on SanguineVamp

Today's featured artist:
Visit Studio Blue for more on Yvonne

ANI Patch: The Day After

Microsoft's release of the patch for the animated cursor—or ANI—vulnerability isn't the end of the story. More chapters will unfold as the company answers why the patch took so long to develop, as so many other flaws are fixed, and as IT organizations grapple with deploying an out-of-band patch.

The ANI vulnerability rose to urgency near the end of March, when the first exploit code appeared and reappeared again and again. Within days of the first exploit, ANI posed such serious risk that Microsoft instructed end users to read all e-mail in plain text.

But while exploits appeared about a week ago, Microsoft had known about the vulnerability since mid-December. Why did the patch take so long?

The ANI vulnerability bears striking similarity to the WMF (Windows Metafile) bug that squashed some Microsoft researchers' 2005 holiday and 2006 New Years. Both flaws affect the Windows graphics subsystem—or GDI—and were exploited without patches being available.

Visit aka jane to read the rest of this article

Firefox Still Sitting Duck for ANI Exploits

By Lisa Vaas

Firefox browsers are still vulnerable to attacks exploiting the animated cursor flaw that caused Microsoft to rush out a patch on April 3.

Alexander Sotirov, the security researcher at Determina who first discovered the ANI flaw and reported it to Microsoft in December, has posted a video depicting successful ANI vulnerability exploits on both Internet Explorer 7 and Firefox 2.0 running on Vista in default mode.

Visit aka jane to read the rest of this article