FireFox 2.0.0.13

Mozilla have released Firefox 2.0.0.13.

Fixed in Firefox 2.0.0.13 [1]
MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)
MFSA 2008-18 Java socket connection to any local port via LiveConnect
MFSA 2008-17 Privacy issue with SSL Client Authentication
MFSA 2008-16 HTTP Referrer spoofing with malformed URLs
MFSA 2008-15 Crashes with evidence of memory corruption (rv:1.8.1.13)
MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution

Vulnerability ratings: 2 Critical, 2 High, 1 moderate
Evaluation: Update now

We strongly recommend that all Firefox users upgrade to this latest release. If you already have Firefox 2.x, you will receive an automated update notification within 24 to 48 hours. This update can also be applied manually by selecting “Check for Updates…” from the Help menu. [3]

[1] Fixed in Firefox 2.0.0.13 [Mozilla]
[2] Mozilla Firefox 2.0.0.13 Release Notes [Mozilla]
[3] Firefox 2.0.0.13 security and stability update now available for download (2008-Mar-25) [Mozilla]

Daylight savings 2008

From 2008 the ACT, NSW, South Australia, Victoria and Tasmania will all start daylight savings on the first Sunday in October and end on the first Sunday in April. This introduces common start and finish dates in these states.

Victoria returns to Eastern Standard Time on Sunday 6th April 2008 at 3:00 a.m. and clocks go back one hour.

The extension of Daylight Savings in 2008 may have implications for some computer systems if they have not been updated to the new finish date.

[1] Daylight Saving Time – Implementation [Bureau of Meteorology]
[2] Preparing for daylight saving time changes in 2008 [MS]
[3] Updating Windows Mobile devices for the new Daylight Saving Time [MS]
[4] FYI – Daylight Savings End – Reminder – 6 April 2008 (2008-Mar-20) [UNIMELB]

Nero BurnRights

This one has been sitting around as a DRAFT for too long. I’ll publish it now and clean it up afterwards
Nero BurnRights is of great use in our Multimedia lab for managing our Bravo CD/DVD burn and print robot.

Nero BurnRights [1]
* Why do I need Nero BurnRights? Since Windows 2000 and Windows XP do not grant access to low level drivers for users without administrative rights it’s not possible for them to burn CDs with Nero.
* What is the purpose of Nero BurnRights? Nero BurnRights allows users without administrative rights to burn CDs with Nero. The administrator is able to setup user accounts with exclusive “burn rights” for Nero.
* How do I use Nero BurnRights? Please download the installer file and doubleclick the file to start the installation. Please make sure that you are logged onto the system as administrator. You will find a new entry in Start/Settings/Control Panel/Nero BurnRights. Doubleclick it to start the application.Note: If you select “Members of User Group Nero” you will be asked to agree the generation of a new user group “Nero”. Every change of the Rights Level Settings requires a reboot (including the reset). Now you can add users to the group “Nero”.

The Nero Burn Rights installer can be downloaded individually from the Nero web site or you can find it in the Nero Toolkit folder from Version 7 of Nero. (Nero-7.10.1.0_eng_update.exe contains BurnRights v2.0.0.6

The download version isv1.0.0.12
Current version is listed as Nero BurnRights v2.1.0.10 (Nero-7.10.1.0_Online.exe has BurnRights.exe v2.1.0.10 with control panel v2.0.0.6)
The three options are:

• Administrators – Only administrators can use Nero and write CDs.
• Everyone – Everyone on my computer can use Nero and write CDs.
• Nero group – Nero BurnRights creates a new group named Nero and only user(s) in this group can use Nero and write CDs.

The program is installed as c:\windows\system32\NeroBurnRights.cpl

[1] Nero 6 [Nero BurnRights] [Nero]
[2] Nero 7 [Nero BurnRights] [Nero]
[3] Nero 7 [User Guide / Help File for Nero BurnRights] [Nero]

Apple pushes Safari via Apple Update

UPDATE: A new release (or version) of a piece of software that is generally understood to be an error correction release and does not contain new functionality. (as opposed to Upgrade)

If you have a current version of iTunes installed on a Windows machine the chances are that you also have Apple Software Update (ASU) installed. Now this is a good thing, using ASU you can keep your versions of iTunes and Quicktime patched and up to date.

Apple have decided to leverage their install base for iTunes and push their Safari browser our via ASU. Safari will be listed as a software update even if you do not have Safari currently installed. This is behaviour is so wrong!

My gripes:
1.) This is not an update, this is a new software install. This product should not be distributed via an update mechanism.
2.) The select box is ticked by default and you cannot remove the product from your update options.

Apple once again shows that it is not enterprise IT savvy

Earth Hour this Saturday (2008-Mar-29)

Created to take a stand against the greatest threat our planet has ever faced, Earth Hour uses the simple action of turning off the lights for one hour to deliver a powerful message about the need for action on global warming. — http://www.earthhour.org/

In 2008, 24 global cities will participate in Earth Hour at 8pm on March 29. Earth Hour is the highlight of a major campaign to encourage businesses, communities and individuals to take the simple steps needed to cut their emissions on an ongoing basis. It is about simple changes that will collectively make a difference – from businesses turning off their lights when their offices are empty, to households turning off appliances rather than leaving them on standby. — http://www.earthhour.org/

This weeks links (2008-03-26)

New Ethical Hacker Network Challenge – It Happened One Friday
If you can’t answer this challenge 100%, still send something in to qualify as a random winner. This month’s prize is my book, Malware: Fighting Malicious Code, which I authored with Lenny Zeltser. Each winner gets a signed copy.
Ed Skoudis has a new challenge up athe Ethical Hacker Network. The challenge is entitled It Happened One Friday.

RIP Raymond Leblanc, publisher of Tintin
Joe sez, “Tom Spurgeon on the excellent Comics Reporter posted sad news over the holiday weekend – Belgian publisher Raymond Leblanc passed away at the age of 92. For those who don’t know, Raymond, a former Resistance member during the Nazi occupation, set up the famous Tintin magazine after the war, bringing in Herge, then labouring under a blacklist for collaboration during the occupation. He pushed Lombard into one of the top European comics albums publishers and worked with a roll call of the great and good of the medium. Fair to say the comics scene would have been far, far poorer without him and some of the characters generations of us have grown up reading might never have made it if not for his guidance and energy.” — RIP Raymond Leblanc (2008-Mar-25)[BoingBoing]

The Adventures of Tintin on BBC7 this week
The hearty goodness of Tintin on radio, BBC7 brings us the second series for the Easter holidays.

Some fun and thrills for the Easter holidays, famous boy reporter Tintin has been covering the return of the Sanders-Hardiman expedition from Peru. When all the participants fall mysteriously ill, Tintin is compelled to investigate. Starring Richard Pearce, Lionel Jeffries and Andrew Sachs, The Advenures of Tintin was dramatised by Simon Eastwood and produced by John Yorke. It was first broadcast on Radio 5 in 1993.
Monday to Monday at 9am, 8pm and 1am — BBC 7 Newsletter – Friday 21st March

Real Audio stream available via the listen again pages for the next 7 days.