Jordo Media RSS / Atom Feed Directory

There are new security warning(s):

·         Microsoft November Update for Multiple Vulnerabilities

What does it affect?: Windows 95, Windows 98, Windows 2000, Windows XP, Windows Vista

What does it do?: Details of Microsoft's November software update concerning a number of vulnerabilities in various products.

How do I fix it?: Update your copy of the software with the download available from the supplier.

Details of Underlying Problem(s):For more technical information about this warning visit:
http://www.microsoft.com/technet/security/bulletin/ms09-nov.mspx.

Date modified: 11/11/2009

Source: HM Government (CPNI)

Got a jailbroken iPhone? Then you need to read this:

The first worm targeting Apple’s iPhone is alive and spreading in the wild. But most iPhone owners need not worry about it.

The worm, known as Ikee, is, as worms go pretty harmless in that all it does is change the lock screen wallpaper to a picture of 80’s signer Rick Astley before looking for other devices to infect.

If you're running a jailbroken iPhone and you didn't change the root password fro the default "alpine" (yes, the whole hacking world knows that it is) then you should change it now!

Here are instructions on how to remove Ikee variants

Variants A, B and C

• Remove: /bin/poc-bbot
• Remove: /bin/sshpass
• Remove: /var/log/youcanbeclosertogod.jpg
• Remove: /var/mobile/LockBackground.jpg
• Remove: /System/Library/LaunchDaemons/com.ikey.bbot.plist
• Remove: /var/lock/bbot.lock
• Reboot the iPhone, reinstall SSH and change the default root password

Variant D

• Remove: /usr/libexec/cydia/startup
• Remove: /usr/libexec/cydia/startup.so
• Remove: /usr/libexec/cydia/startup-helper
• Remove: /System/Library/LaunchDaemons/com.saurik.Cydia.Startup.plist
• Reinstall Cydia from the terminal as follows:
      Su root
      alpine
      get-app remove cydia
      get-app install cydia
• Reboot the iPhone and change the default root password

Fantastic piece by my ZDNet blogging colleague Ed Bott on how you can legally pick up cheap (and even free) copies of Windows 7.

Only suckers pay retail.

If you’ve read any reviews of Windows 7, you’ve seen references to its price list, which ranges from $120 for a Home Premium upgrade to $320 for a fully licensed copy of Windows 7 Ultimate.

Well, guess what? You don’t have to pay that much. Most people have much better options available, if you know where to look.

In this piece Ed examines upgrade offers, deal for students, and subscription services.

A great piece that can save you a lot of money when buying Windows 7.

And Ed's right, only suckers pay retail!

Question from a reader:

"A while ago, someone at Microsoft told me that to install Vista 64-bit on a PC with 4GB or more of memory, that I had to remove the extra memory, e.g. to 2GB, install Vista, and then reinstall the memory, because apparently there was some issue with installing Vista with 4GB of memory or more.  Is there any issue with installing Windows 7 on a PC with lots of memory (e.g. 12GB)?  Thanks."

I remember that problem, and it was really annoying, especially when building or reloading the OS on a system. Thankfully, that problem doesn't exist in Windows 7. In fact, it was fixed in Windows Vista as of Service Pack 1. So you're good to go!

HP is hosting a 24-hour "Expert Day" today (November 5th) over on its support forums.

Check it out!

If you miss this one HP is also planning to do the same thing on November 19th and December 1st.

• Windows 7 and Printing 
• Windows 7 and Desktops 
• Windows 7 and Notebooks 

With some 100,000 apps for the iPhone and iPod touch to choose from, it's good to have a few pointers to really good apps. Well, there's a list for that!

Best iPhone & iPod touch apps

I've discovered a couple of cool apps for my iPod touch from this listing!

Over on ZDNet I've posted my last "Hardware 2.0 Very Best Kit List" of the year. Fear not, the kit list will make a reappearance early January 2010!

Here are the categories:

• CPUs
• Motherboards
• RAM
• Graphics Cards
• Hard Disks
• Sound Cards
• PSUs
• Coolers
• Cases
• Monitors
• Keyboards/Mice
• Netbook
• Notebook
• All-in-One PC
• All-in-One Printer
• In-Car GPS
• Wireless Router 

I've also posted a Holiday Gift Guide for 2009. This contains some gift ideas for geeks. For more gift ideas, check out ZDNet's Holiday Tech Gift Guide page.

A fun piece over on Crave on CNET UK looking at the merits (merits which include things such as looking like a smiley face) of power plugs and plug sockets of the world.

Sure, it's a fun piece, but it does help to hammer two things home to people:

• The voltage that you get your power at in your country might not be the same as the voltage in another country.
• Plugs and sockets vary wildly from country to country.

Oh,and finally, no one who's ever stepped bare-foot on a UK plug (which is almost designed to lay with the metal prongs in the upright, also known as laughing, position) would give the thing 10 out of 10!

Question from the PC Doc mailbag:

"Can I legally download Windows 7? As in buy it but not get a disc?"

Yes, but it'll cost you!

Take a trip over to the Microsoft Store where you’ll find both the full and upgrade versions available for purchase.

• Windows 7 Home Premium Upgrade ($119.99)
• Windows 7 Home Premium Full version ($199.99)
• Windows 7 Professional Upgrade ($199.99)
• Windows 7 Professional Full version ($299.99)
• Windows 7 Ultimate Upgrade ($219.99)
• Windows 7 Ultimate Full version ($319.99)

There are new security warning(s):

·         Microsoft Security Bulletin Summary for September 2009

What does it affect?: Windows 95, Windows 98, Windows 2000, Windows XP, Windows Vista

What does it do?: Microsoft bulletin that summarises their advisories released for September 2009.

How do I fix it?: Update your copy of the software with the download available from the supplier.

Details of Underlying Problem(s):For more technical information about this warning visit:
http://www.microsoft.com/technet/security/bulletin/ms09-sep.mspx.

Date modified: 11/09/2009

Source: HM Government (CPNI)

I've been thinking about doing this for a while ... seems a lot easier than I thought.

We're going to run through a basic installation of Yourls, a server-based webapp that can run pretty much anywhere a WordPress installation can. There are lots of other options, which we'll get to as well, but Yourls is a fairly smart and fast way to get up and running with your own URL shortener.

Might give it a go!

There are new security warning(s):

·         TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products.

What does it affect?: Network Router/Switch/Modem

What does it do?: Description of Denial of Service (DoS) vulnerabilities that manipulate the state of Transmission Control Protocol (TCP) connections in Cisco products.

How do I fix it?: Update your copy of the software with the download available from the supplier.

Details of Underlying Problem(s):For more technical information about this warning visit:
http://www.cisco.com/warp/public/707/cisco-sa-20090908-tcp24.shtml.

Date modified: 11/09/2009

Source: HM Government (CPNI)

Or something like that ...

Anyway ... I can now be found on Twitter ... @the_pc_doc

Important info, ignore at your peril!

The latest version of Flash player is no 10.0.32.18. You can grab the update here for Windows, Mac OS and Linux. If you want to know what version you currently have installed, here is a page that will help.

If you're confused about updates then you might be better using Secunia's PSI vulnerability checking tool to find vulnerable programs on your PC and help you update them.

For those of you out there looking for a free, basic, easy-to-use CD/DVD burning solution, then Nero might have the tool for you.

Grab the download here.

The catch? Well, there are three:

• It's very basic. There are free tools that do a lot more available out there, such as ImgBurn and CDBurnerXP.
• It tries to install the Ask toolbar and change your default search provider. You do get the option not to do this, but you need to pay attention during installation.
• It's Windows-only.

Other than that, it's worth a try!

Very worrying:

With news that 92% of Windows PCs are vulnerable to a zero-day attack that Adobe won’t patch until Thursday, is it time to dump Adobe’s Flash player?

The most current versions of Flash player, 9.0.159.0 and 10.0.22.87, are both vulnerable to hacker. According to security companies, hackers are launching wave after wave of attacks, using both malicious websites, and websites that have been compromised.

Take care out there folks!

Next Tuesday Microsoft will make the Release Candidate of Windows 7 available for the public to download and play with.

Here are some tips to help you get ready:

• First, the download is big - the 32-bit edition is nearly 2.5GB, and the 64-bit download is bigger. You need a fast connection.
• If in doubt as to which download to bring in, go for the 32-bit edition.
• Microsoft won't be placing a limit on the number of product keys it offers, so there's no rush to get the download.
• The Release Candidate doesn’t expire until June 1, 2010, so if you grab a copy you have plenty of time to test the OS thoroughly.
• Here are the system requirements:
  - 1 GHz or faster 32-bit (x86) or 64-bit (x64) processor
  - 1 GB of RAM (32-bit)/2 GB of RAM (64-bit)
  - 16 GB of available disk space (32-bit)/20 GB (64-bit)
  - DirectX 9 graphics device with Windows Display Driver Model 1.0 or higher driver
• Don't go nuts and start installing the software on you main system without a backup!

More info on Windows 7:

• Get your Windows 7 GPU drivers
• Verdict: Windows 7 - Like Vista, just a bit easier to use and less annoying
• Windows 7 - Official system requirements
• Windows 7 "XP Mode" system requirements
• Max memory limits for 64-bit Windows 7
• Windows 7 on a netbook - My verdict
• Windows 7 RC 32-bit vs. Vista SP1 32-bit - Gaming shootout
• First Look: Windows 7 Release Candidate (build 7100)
• Windows 7 Release Candidate (build 7100) leaked

Here's an interesting question I received today ...

Question: Depending on whether you have a 32-bit Windows or 64-bit Windows, which makes more sense; adding more RAM or fitting a faster hard drive (such as a solid-state drive or SSD)?

A lot depends on what you do with the PC, so I'll look at the general picture and then some more specific scenarios.

On the whole, the gains from adding more RAM to a 32-bit Windows system start to tail off at about 3GB (when entire OS can only address 4GB, so there's no point going over that). so if you've already got 2GB or so of RAM installed then adding a faster drive will give you more bang for the buck than adding more memory at that stage. If you've got less than 2GB of RAM, then add the RAM first.

On a system with 64-bit Windows installed things are a little different. Here you get performance gains up to 8GB, and you should make sure that you have at least 4GB of RAM fitted. Below 4GB, add more RAM, but if you have 4GB installed then you'll get more benefit from fitting a faster hard drive.

Finally, let's look at some specific scenarios:

• While many games need at least 2GB of RAM, because the level files are huge you can cut down loading times considerably by installing a faster drive (and loading the games onto that drive).
• Applications such as Photoshop that load and save huge files also benefit from a fast drive.
• If you want a quiet PC then an SSD is great, but you can also find cheaper regular drives that are great for applications such as media centers, such as Western Digital’s Caviar Green drives, or the Seagate Barracuda LP.
• If you have lots of digital photos, a fast drive will help you scan through them quicker.

Remember that these are general guidelines and your mileage could vary.

Thanks to a Slashdot user for this funny:

In the beginning, there was a User.

This User did not possess the special knowledge of the Priests of the Cult of Computers.

This User was granted divine Manna from heaven in the form of a shining disc with an outer shell of a transparent horn-like material.

"Lo!" said he, "I have found the Sacred Tablet of AOL!"

And he put the Tablet in the Slot of Curious Whirrings, and nothing happened. And this was Good.

But the User was unhappy, and complained to the Disciples of AOL, that the sacred disc of AOL was defective.

And so the Disciples of AOL conferred with the Disciples of Borg.

Now, the Disciples discipled for a while, and determined that the User could never be trusted grok the mysteries of "Drive D". The Disciples agreed, also it was bothersome and unholy, to be summoned each time a Tablet was delivered by divine provenance to another User. And so Autorun was created.

Verily, the User could place the Sacred Tablet of AOL in the Slot of Curious Whirrings, and without any further discipling by the Disciples, could run AOL.

And thus were the Demons of AOL unleashed upon the world together with the Lord of PC Plague and Pestilence, he-who-should-not-be-named-but-nevertheless-I-will, Autorun.

If you're an Office 2007 user then you need to head over to the Microsoft Download Center and grab Service Pack 2 (SP2).

SP2 offers what you expect from a service pack. A mix of performance and security updates, as well as support for a new file formats such as PDF and ODF.

If you don't want to bother grabbing the Office 2007 SP2 right now, it'll be available via Automatic Update "no sooner than three months from now."

It didn't take long for scammers and spammers to take advantage of all the Swine Flu news.

First, the spammers are using Swine Flu, in conjunction with the names of famous stars, to encourage recipients to open spam emails.

• First US swine flu victims!
• US swine flu statistics
• Salma Hayek caught swine flu!
• Swine flu worldwide!
• Swine flu in Hollywood!
• Swine flu in USA
• Madonna caught swine flu!

Then there are the scammers who are flocking to snap up Swine Flu related URLs.

Stay safe!

Eight patches from Microsoft today:

Critical:

• Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477)
  This security update resolves two publicly disclosed vulnerabilities and two privately reported vulnerabilities in Microsoft WordPad and Microsoft Office text converters. The vulnerabilities could allow remote code execution if a specially crafted file is opened in WordPad or Microsoft Office Word. Do not open Microsoft Office, RTF, Write, or WordPerfect files from untrusted sources using affected versions of WordPad or Microsoft Office Word.
• Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)
  This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft Windows HTTP Services (WinHTTP). The most severe vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373)
  This security update resolves a privately reported vulnerability in Microsoft DirectX. The vulnerability could allow remote code execution if user opened a specially crafted MJPEG file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• Cumulative Security Update for Internet Explorer (963027)
  This security update resolves four privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer or if a user connects to an attacker's server by way of the HTTP protocol. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557)
  This security update resolves a privately reported and a publicly disclosed vulnerability. The vulnerabilities could allow remote code execution if the user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Important:

• Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)
  This security update resolves four publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker is allowed to log on to the system and then run a specially crafted application. The attacker must be able to run code on the local machine in order to exploit this vulnerability. An attacker who successfully exploited any of these vulnerabilities could take complete control over the affected system.
• Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759)
  This security update resolves a privately reported vulnerability and a publicly disclosed vulnerability in Microsoft Internet Security and Acceleration (ISA) Server and Microsoft Forefront Threat Management Gateway (TMG), Medium Business Edition (MBE). These vulnerabilities could allow denial of service if an attacker sends specially crafted network packages to the affected system, or information disclosure if a user clicks on a malicious URL or visits a Web site that contains content controlled by the attacker.

Moderate:

• Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
  This security update resolves a publicly disclosed vulnerability in the Windows SearchPath function that could allow elevation of privilege if a user downloaded a specially crafted file to a specific location, then opened an application that could load the file under certain circumstances.

The other day I came across an overheating quad-core PC where, at first glance, everything seemed to be OK.

The system was built around a Q6600 Intel quad-core CPU and was running on the standard air cooler. After a few minutes of being switched on the temperature warning alarm kicked in and stayed on. A trip into the PC health menu in the BIOS showed that the alarm was being triggered at 80°C/176°F and was set to shut down at 90°C/176°F. The temperature was hovering at the 80°C/176°F mark. This had just started happening the other day according to the owner.

I whipped the side off the system and came across quite a bit of dust. I've seen far more in a PC so didn't think that this was the cause. I switched the system on to confirm that the fans were working OK and they were. However, when I touched the heatsink it was very, very hot (fortunately a couple of previous finger injuries mean that I have very limited sensation in my index finder ... so while I didn't burn myself I knew that in order to be able to feel it the heatsink had to be really hot).

Note: Do I need to warn readers about the dangers of running a PC with the side off (electric shock, getting caught in fans ...) and the stupidness of touching potentially hot things? Also, take care of your eyes and lungs when working inside a dirty PC.

Hmmm ...

Then I followed a hunch. I detached the fan off the heatsink (there's two little plastic catches on the frame of the fan that fit into a slot on either side of the heatsink) and immediately found out what was wrong. Between the fan and the heatsink was a carpet of dust, dirt and pet hair. I'm talking about a mat that was a couple of millimeters thick and which I could remove and handle without it disintegrating. It had obviously built up over time and just got to the point where it was causing the system to overheat. That said, the fact that the CPU was still only just hitting the alarm trigger limit shows how good those stock coolers are.

I removed the mat, cleaned out most of the dust and within a few minutes the PC was as good as new.

Sun Microsystems has released a security update for the widely used Java platform. If you use Java then it's a good idea to install this update.

Here are some things you should know:

• This update brings the Java version to version 6 Update 13.
• Use this link to check out what version of Java you currently have installed.
• The latest update available from here.
• If you take a look under Add/Remove Programs in the Windows Control panel you might find older versions listed. Feel free to uninstall those to free up space and keep your PC well organized.
• The installer for this update also seems to what to install the new MSN toolbar. This is check by default (bloomin' cheek!) so if you don't want this installed, remember to uncheck this option.