Wednesday, February 18, 2009

Get out of the Gmail loop!

A recent update to a popular Firefox plug-in breaks Gmail, but fortunately the fix is simple.

Gmail Manager creates a toolbar icon that can notify you of unread mail in multiple Gmail accounts and show you mail snippets. Last week's update to v0.5.7 created what Firefox labeled a "redirection limit for this URL exceeded" error when trying to access Gmail. Other Google Web programs like Calendar and Docs are unaffected.

Although frustrating, to correct the bug update the plug-in to the latest version, 0.5.7.1, which was published to fix the mistake. After you install it and reload Firefox, you should be able to access Gmail without going loopy.

New exploit targets IE 7 hole patched last week

Cybercriminals are exploiting a critical hole in Internet Explorer 7 that was patched a week ago by Microsoft, security firm Trend Micro warned on Tuesday.

The malicious code, which Trend Micro named "XML_DLOADR.A," is hidden in a Word document. On unpatched systems, when the file is opened an ActiveX object automatically accesses a Web site to open a backdoor that installs a .DLL (dynamic link library) file that can steal information, according to a Trend Micro blog entry. The code sends stolen data to another Web address via port 443, Trend Micro said.

As a result of the back door, "anybody can run commands on the affected system," said Jamz Yaneza, a senior threat analyst and researcher at Trend Micro.

Microsoft released a security patch for the vulnerability, and others, a week ago. The vulnerability arises from the browser's improper handling of errors when attempting to access deleted objects.

"It looks like a proof of concept or targeted attack," Yaneza said. The exploit is similar to politically motivated attacks that were seen before the Olympics last year in which PDF files and Word documents contained exploit code and automatically connected computers to malicious Web sites, he said.

It appears that the site directed to is in China and there is Chinese terminology in the code, according to Yaneza. That and the fact that the 50th anniversary of the Tibetan uprising is approaching, on March 10, suggests that this attack could be politically motivated as well, he said.

Wednesday, February 4, 2009

QOS

Short for Quality of Service, a networking term that specifies a guaranteed throughput level. (Throughput = the amount of data transferred from one place to another or processed in a specified amount of time measured in Kbps, Mbps and Gbps, etc.)

Outline Processor Markup Language

OPML an XML-based format that allows exchange of outline-structured information between applications running on different operating systems and environments. Also known as: OPML.

What is Blogger?

This is a person who keeps a online journal on the web that is usually visible to the public.

What is ActiveX

ActiveX is a programming technology developed by microsoft to allow the creation of powerful scripts that can be embedded in Internet Explorer. These scripts can achieve high levels of access to a computer and there are many cases of malware activex programs.