FireFox 2.0.0.13

Mozilla have released Firefox 2.0.0.13.

Fixed in Firefox 2.0.0.13 [1]
MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)
MFSA 2008-18 Java socket connection to any local port via LiveConnect
MFSA 2008-17 Privacy issue with SSL Client Authentication
MFSA 2008-16 HTTP Referrer spoofing with malformed URLs
MFSA 2008-15 Crashes with evidence of memory corruption (rv:1.8.1.13)
MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution

Vulnerability ratings: 2 Critical, 2 High, 1 moderate
Evaluation: Update now

We strongly recommend that all Firefox users upgrade to this latest release. If you already have Firefox 2.x, you will receive an automated update notification within 24 to 48 hours. This update can also be applied manually by selecting “Check for Updates…” from the Help menu. [3]

[1] Fixed in Firefox 2.0.0.13 [Mozilla]
[2] Mozilla Firefox 2.0.0.13 Release Notes [Mozilla]
[3] Firefox 2.0.0.13 security and stability update now available for download (2008-Mar-25) [Mozilla]

Daylight savings 2008

From 2008 the ACT, NSW, South Australia, Victoria and Tasmania will all start daylight savings on the first Sunday in October and end on the first Sunday in April. This introduces common start and finish dates in these states.

Victoria returns to Eastern Standard Time on Sunday 6th April 2008 at 3:00 a.m. and clocks go back one hour.

The extension of Daylight Savings in 2008 may have implications for some computer systems if they have not been updated to the new finish date.

[1] Daylight Saving Time – Implementation [Bureau of Meteorology]
[2] Preparing for daylight saving time changes in 2008 [MS]
[3] Updating Windows Mobile devices for the new Daylight Saving Time [MS]
[4] FYI – Daylight Savings End – Reminder – 6 April 2008 (2008-Mar-20) [UNIMELB]

Nero BurnRights

This one has been sitting around as a DRAFT for too long. I’ll publish it now and clean it up afterwards
Nero BurnRights is of great use in our Multimedia lab for managing our Bravo CD/DVD burn and print robot.

Nero BurnRights [1]
* Why do I need Nero BurnRights? Since Windows 2000 and Windows XP do not grant access to low level drivers for users without administrative rights it’s not possible for them to burn CDs with Nero.
* What is the purpose of Nero BurnRights? Nero BurnRights allows users without administrative rights to burn CDs with Nero. The administrator is able to setup user accounts with exclusive “burn rights” for Nero.
* How do I use Nero BurnRights? Please download the installer file and doubleclick the file to start the installation. Please make sure that you are logged onto the system as administrator. You will find a new entry in Start/Settings/Control Panel/Nero BurnRights. Doubleclick it to start the application.Note: If you select “Members of User Group Nero” you will be asked to agree the generation of a new user group “Nero”. Every change of the Rights Level Settings requires a reboot (including the reset). Now you can add users to the group “Nero”.

The Nero Burn Rights installer can be downloaded individually from the Nero web site or you can find it in the Nero Toolkit folder from Version 7 of Nero. (Nero-7.10.1.0_eng_update.exe contains BurnRights v2.0.0.6

The download version isv1.0.0.12
Current version is listed as Nero BurnRights v2.1.0.10 (Nero-7.10.1.0_Online.exe has BurnRights.exe v2.1.0.10 with control panel v2.0.0.6)
The three options are:

• Administrators – Only administrators can use Nero and write CDs.
• Everyone – Everyone on my computer can use Nero and write CDs.
• Nero group – Nero BurnRights creates a new group named Nero and only user(s) in this group can use Nero and write CDs.

The program is installed as c:\windows\system32\NeroBurnRights.cpl

[1] Nero 6 [Nero BurnRights] [Nero]
[2] Nero 7 [Nero BurnRights] [Nero]
[3] Nero 7 [User Guide / Help File for Nero BurnRights] [Nero]

Apple pushes Safari via Apple Update

UPDATE: A new release (or version) of a piece of software that is generally understood to be an error correction release and does not contain new functionality. (as opposed to Upgrade)

If you have a current version of iTunes installed on a Windows machine the chances are that you also have Apple Software Update (ASU) installed. Now this is a good thing, using ASU you can keep your versions of iTunes and Quicktime patched and up to date.

Apple have decided to leverage their install base for iTunes and push their Safari browser our via ASU. Safari will be listed as a software update even if you do not have Safari currently installed. This is behaviour is so wrong!

My gripes:
1.) This is not an update, this is a new software install. This product should not be distributed via an update mechanism.
2.) The select box is ticked by default and you cannot remove the product from your update options.

Apple once again shows that it is not enterprise IT savvy

Earth Hour this Saturday (2008-Mar-29)

Created to take a stand against the greatest threat our planet has ever faced, Earth Hour uses the simple action of turning off the lights for one hour to deliver a powerful message about the need for action on global warming. — http://www.earthhour.org/

In 2008, 24 global cities will participate in Earth Hour at 8pm on March 29. Earth Hour is the highlight of a major campaign to encourage businesses, communities and individuals to take the simple steps needed to cut their emissions on an ongoing basis. It is about simple changes that will collectively make a difference – from businesses turning off their lights when their offices are empty, to households turning off appliances rather than leaving them on standby. — http://www.earthhour.org/

This weeks links (2008-03-26)

New Ethical Hacker Network Challenge – It Happened One Friday
If you can’t answer this challenge 100%, still send something in to qualify as a random winner. This month’s prize is my book, Malware: Fighting Malicious Code, which I authored with Lenny Zeltser. Each winner gets a signed copy.
Ed Skoudis has a new challenge up athe Ethical Hacker Network. The challenge is entitled It Happened One Friday.

RIP Raymond Leblanc, publisher of Tintin
Joe sez, “Tom Spurgeon on the excellent Comics Reporter posted sad news over the holiday weekend – Belgian publisher Raymond Leblanc passed away at the age of 92. For those who don’t know, Raymond, a former Resistance member during the Nazi occupation, set up the famous Tintin magazine after the war, bringing in Herge, then labouring under a blacklist for collaboration during the occupation. He pushed Lombard into one of the top European comics albums publishers and worked with a roll call of the great and good of the medium. Fair to say the comics scene would have been far, far poorer without him and some of the characters generations of us have grown up reading might never have made it if not for his guidance and energy.” — RIP Raymond Leblanc (2008-Mar-25)[BoingBoing]

The Adventures of Tintin on BBC7 this week
The hearty goodness of Tintin on radio, BBC7 brings us the second series for the Easter holidays.

Some fun and thrills for the Easter holidays, famous boy reporter Tintin has been covering the return of the Sanders-Hardiman expedition from Peru. When all the participants fall mysteriously ill, Tintin is compelled to investigate. Starring Richard Pearce, Lionel Jeffries and Andrew Sachs, The Advenures of Tintin was dramatised by Simon Eastwood and produced by John Yorke. It was first broadcast on Radio 5 in 1993.
Monday to Monday at 9am, 8pm and 1am — BBC 7 Newsletter – Friday 21st March

Real Audio stream available via the listen again pages for the next 7 days.

@#%&! handbrake fail

What happens if your handbrake falls on a steep block!
Managed to catch it just in time. Had to jump into the vehicle as it was moving which was a little bit too exciting.

To recover the vehicle we used a winch to pull it forward and off the log.

Arthur C. Clarke 1917-2008

Arthur C. Clarke the visionary science fiction writer has passed away in Sri Lanka at the age of 90;

(…) Mr. Clarke’s influence on public attitudes toward space was acknowledged by American astronauts and Russian cosmonauts, by scientists like the astronomer Carl Sagan and by movie and television producers. Gene Roddenberry credited Mr. Clarke’s writings with giving him courage to pursue his “Star Trek” project in the face of indifference, even ridicule, from television executives.

In his later years, after settling in Ceylon (now Sri Lanka), Mr. Clarke continued to bask in worldwide acclaim as both a scientific sage and the pre-eminent science fiction writer of the 20th century. In 1998, he was knighted by Queen Elizabeth II.

He played down his success in foretelling a globe-spanning network of communication satellites. “No one can predict the future,” he always maintained.

But as a science fiction writer, he couldn’t resist drawing up timelines for what he called “possible futures.” Far from displaying uncanny prescience, these conjectures mainly demonstrated his lifelong, and often disappointed, optimism about the peaceful uses of technology — from his calculation in 1945 that atomic-fueled rockets could be no more than 20 years away to his conviction in 1999 that “clean, safe power” from “cold fusion” would be commercially available in the first years of the new millennium. (…) [1]

Clarke was the progenitor of geosynchronous communication satellites in a 1945 technical paper in the British journal “Wireless World.” The geostationary orbit has been officially designated the Clarke Orbit by the International Astronomical Union.

[1] Arthur C. Clarke, Premier Science Fiction Writer, Dies at 90 (2008-Mar-18) [New York Times]
[2] Arthur C Clarke [Wikipedia]

Security Update 2008-002

Security Update 2008-002

Available for:
* Mac OS X 10.4.11 Intel Client and Server
* Mac OS X 10.4.11 PPC Client and Server
* Mac OS X 10.4.11 Universal Server
* Mac OS X 10.5.2 Client and Server

Apple on Tuesday released an Security Update 2008-002 for Mac OS X. The update contains over 40 fixes for various components of the operating system. [2]

[1] About Security Update 2008-002 (2008-Mar-18 ) [Apple]
[2] Apple releases Security Update 2008-002 (2008-Mar-19 ) [MacWorld]

Using PVX v8.0 from home

I have found very intermittent results when using the VPN/NAT setting on the PVX software getting only a black screen and no real video signal. I am guessing that many home/small business NAT gateways are not really video conference friendly (and in reality are not going to be reconfigured for you).

On the other hand I have found that using our CISCO VPN and the PVX VPN settings screen I have had a much better experience.

Get to the settings via the PVX settings ‘spanner’ icon

Setup > Network > Connection > Connected over VPN

Choose the virtual network adapter, select Cisco Systems VPN Adapter. Select Apply and OK.

NOTE: Start your VPN client and establish a connection before starting PVX.

For our travelling users I would certainly recommend using the VPN as it will eliminate any effects caused by the remote networks (hotels, conference centres, etc.).