Zen update

Back from Roanoke; had a great time. I saw these pictures and just had to share...so without further ado...

...your daily dose of Zen.

Calling all receivers...

So it's been a colorful week so far, and probably time for a full update...I grabbed my Security+ certification, and while it's not a major one, I feel now as though I can actually claim to know something about IT security besides by experiences. I guess that's what certifications are for, eh?

Went to 9:30 club on Thursday to see And One and VNV Nation. VNV Nation is a synthpop group, and they put on a great show, but their albums don't sound as strong as their live performances, in my opinion. Still worth checking out however. And One has a harder sound to them, but synthpop all the same, and was the surprise hit of the night as I didn't know much about them. Listened to them alot this morning...=)

The other new find was a group called Covenant, which is synth as well, but they sound more remeniscant of Kraftwerk and....and.....can't put my finger on it. It just sounds really good.

Friday night I skipped hockey and chased a squirrel around my apartment who managed to wedge himself between a cabinet and an air duct. I have no idea how he got in, probably through the duct itself. I pried apart some paneling and managed to get him out, but he scampered off and I proceeded to chase him around the apartment until I manged to corner him, scoop him into a soda box, and release him outside. I managed to get a quick picture of him, which is good since I will need to explain to the landlord why it is I pried their cabinets apart...=P

Went into D.C. for the Japanese festival with a few friends and saw a couple of good shows. It started to get really cold and wet towards the end though, so I headed home.

Thus brings me here, chatting with friends and checking up on EVE Online. I've got some stuff in the works with a friend in regards to the latter, but I can't be too specific yet. Don't want to give anything away. ;)

Patch Tuesday

So normally I follow up posts of vulnerability warnings with some sort of info on how to patch your system. I forgot to this time, and when I realized it, I was pretty much too lazy to put one up. I have long believed that in an ideal world, the common computer user shouldn't have to worry about patches and virus definitions and whatnot. But I am not always the most charitable person either, and while I could have posted a link to the fix and instructed you all to run Windows Update, I just figured I'd leave you all to your own devices this time. (Ok, so I was too busy playing Neverwinter Nights 2....)

But today be Patch Tuesday, and so as pennance for my lack of effort last week, I am directing you all to go over to Windows Update and patch your boxes. Why am I beating this so hard? Because last week's vulnerability exploited a flaw in animated cursors, the kind that you see on crappy geocities and myspace webpages. Mearly browsing to a site that was maliciously modified would exploit the vulnerability, letting "Bad Guys"(tm) install all kinds of malware on your box. No fun.

So, for those of you who want the details, SANS.org has a nice summary of what's fixed here. Microsoft has their own notice here.

There is an error some of you may get after installing one of the patches in which you will get a message that says:

"The system DLL user32.dll was relocated in memory. The application will not run properly. The relocation occurred because the DLL C:\Windows\System32\Hhctrl.ocx occupied an address range reserved for Windows system DLLs. The vendor supplying the DLL should be contacted for a new DLL."

In addition, you might notice that your soundcard control panel doesn't pop up. This is a problem with the MS07-014 patch, but was subsequently fixed in a second patch. I've had one friend see this issue already, but the hotfix solved the problem. I've noticed that the hotfix is now an automatic download from Windows Update, but in case you miss it, you can download it manually from the Microsoft notice here.

ANI vulnerability

A zero-day exploit was announced the other day, taking advantage of the way Windows handles animated cursors. I disregarded this at first until I noticed SANS.org went to yellow the other day...

This effects all versions of Windows, though Vista users will have some level of protection. (IE in Protected Mode will prevent the exploit. Protected Mode is enabled by default.) However, E-mail is still suceptable and XP users going to websites that are designed to exploit this will be at risk.

The AV companies seem to have their signatures in place, so make sure you're keeping them up to date. Also, be wary of the sites you visit; especially social networking and warez pages...

More info here: