Language Selection

English French German Italian Portuguese Spanish

Finally some real coverage of MS

Filed under
News

Microsoft warns of serious computer security hole

SAN JOSE, Calif. -

Microsoft Corp. has taken the rare step of warning about a serious computer security vulnerability it hasn't fixed yet.

The vulnerability disclosed Monday affects Internet Explorer users whose computers run the Windows XP or Windows Server 2003 operating software.

It can allow hackers to remotely take control of victims' machines. The victims don't need to do anything to get infected except visit a Web site that's been hacked.

Security experts say criminals have been attacking the vulnerability for nearly a week. Thousands of sites have been hacked to serve up malicious software that exploits the vulnerability. People are drawn to these sites by clicking a link in spam e-mail.

The so-called "zero day" vulnerability disclosed by Microsoft affects a part of its software used to play video. The problem arises from the way the software interacts with Internet Explorer, which opens a hole for hackers to tunnel into.

Microsoft urged vulnerable users to disable the problematic part of its software, which can be done from Microsoft's Web site, while the company works on a "patch" — or software fix — for the problem.

Microsoft rarely departs from its practice of issuing security updates the second Tuesday of each month. When the Redmond, Wash.-based company does issue security reminders at other times, it's because the vulnerabilities are very serious.

A recent example was the emergency patch Microsoft issued in October for a vulnerability that criminals exploited to infect millions of PCs with the Conficker worm. While initially feared as an all-powerful doomsday device, that network of infected machines was eventually used for mundane moneymaking schemes like sending spam and pushing fake antivirus software.

http://tech.yahoo.com/news/ap/20090707/ap_on_hi_te/us_tec_microsoft_security

More in Tux Machines

today's howtos

Review: Zorin 15.1 "Lite"

Zorin OS is an Ubuntu-based operating system that aims to make Linux easy for Windows and macOS users. In the words of Zorin, it is "the alternative to Windows and macOS designed to make your computer faster, more powerful, secure and privacy respecting". Zorin's main product is the paid-for "Ultimate" edition, which will set you back €39 and comes with macOS, Windows, Linux and "Touch" layouts (i.e. themes) as well as a relatively large collection of software and "installation support". Other editions of Zorin are free but come with less pre-installed software and fewer desktop layouts. For this review I dusted off a MacBook that dates from late 2009 and installed the "Lite" edition which, as the name suggests, is designed to breathe new life into older hardware. The laptop is one of the plastic, white MacBooks. It has an Intel Core 2 Duo CPU and 4GB of RAM - I doubled the amount of RAM a few months ago. The laptop has mostly been running Fedora with the MATE desktop and the i3 window manager as an alternative environment, both of which ran fine. Zorin's Lite edition uses Xfce as the desktop environment. First impressions and installation Zorin's website is either modern and clean or yet another bootstrap site, depending on your view. There are just three links in the navigation menu: Download, Computers and Help (the Computers section links to vendors that sell laptops with Zorin pre-installed). The Download section lists Zorin's Ultimate edition first, followed by the Core, Lite and Education editions. Clicking any of the Download links for the free versions triggers a "Sign up to our newsletter & Download" pop-up window featuring a huge "Sign up & Download" button and a very small "Skip to download" link. I am not a fan of this type of marketing. I don't mind that they ask if I maybe want to sign up to their mailing list, but I take issue with the fact that the dialogue window has been designed to make the "No thanks" option easy to miss. Such marketing techniques assume that users need to be tricked into signing up to receiving marketing materials, which reflects poorly on the project as a whole. Read more

XFS - Online Filesystem Checking

Since Linux 4.17, I have been working on an online filesystem checking feature for XFS. As I mentioned in the previous update, the online fsck tool (named xfs_scrub) walks all internal filesystem metadata records. Each record is checked for obvious corruptions before being cross-referenced with all other metadata in the filesystem. If problems are found, they are reported to the system administrator through both xfs_scrub and the health reporting system. As of Linux 5.3 and xfsprogs 5.3, online checking is feature complete and has entered the stabilization and performance optimization stage. For the moment it remains tagged experimental, though it should be stable. We seek early adopters to try out this new functionality and give us feedback. Read more

Linux 5.5 RC7

  • Linux 5.5-rc7
    Well, things picked up at the end of the week, with half of my merges
    happening in the last two days.
    
    Whether that is the usual "send the weeks work to Linus on Friday", or
    a sign that things are just picking up in general after the holidays,
    I don't know.  If the former, I'll probably just release the final 5.5
    next week. But if it looks like there's pent-up fixes pending next
    week, I'll make another rc.
    
    Nothing in here looks particularly odd. Drivers is about half of the
    patch (networking, sound, gpio, gpu, scsi, usb, you name it), with the
    rest being the usual mix - arch, networking, filesystems, core
    kernel..  The diffstat looks mostly fairly nice and flat, with a
    couple of exceptions that look harmless (a few device tree file
    updates, some pure code movemment, and a couple of driver fixes that
    ended up changing calling conventions to get done and as a result got
    to be more lines than the bug otherwise would have merited).
    
    Please do test, there should be nothing scary going on.
    
                  Linus
    
  • Kernel prepatch 5.5-rc7

    The 5.5-rc7 kernel prepatch is out. Linus is still unsure whether the final 5.5 release will come out next week or not: "if it looks like there's pent-up fixes pending next week, I'll make another rc".

  • Linux 5.5-rc7 Kernel Released

    The seventh weekly release candidate to Linux 5.5 is now available for testing. Linus noted with Linux 5.5-rc7 there was a large uptick in patch volume at week's end. "Well, things picked up at the end of the week, with half of my merges happening in the last two days." Due to the recent holidays in large part, it's possible an eighth release candidate may be needed for Linux 5.5 before then releasing the kernel as stable on 2 February. However, in today's 5.5-rc7 announcement, Torvalds noted he may just end up releasing 5.5 stable next week. In any case, the release of Linux 5.5 is right on the horizon and this should be the kernel powering Ubuntu 20.04 LTS and other upcoming distribution releases.