PaulSpoerry.com

A 17-year-old bug in Windows will be patched by Microsoft in its latest security update.

The February update for Windows will close the loophole that involves the venerable DOS operating system.

First appearing in Windows NT 3.1, the vulnerability has been carried over into almost every version of Windows that has appeared since.

The monthly security update will also tackle a further 25 holes in Windows, five of which are rated as “critical”.

Home hijack

The ancient bug was discovered by Google security researcher Tavis Ormandy in January 2010 and involves a utility that allows newer versions of Windows to run programs that date from the DOS era.

Mr Ormandy has found a way to exploit this utility in Windows XP, Windows Server 2003 and 2008 as well as Windows Vista and Windows 7.

The patch for this vulnerability will appear in the February security update. Five of the vulnerabilities being patched at the same time allow attackers to effectively hijack a Windows PC and run their own programs on it.

As well as fixing holes in many versions of Windows, the update also tackles bugs in Office XP, Office 2003 and Office 2004 for Apple Macintosh machines.

The bumper update is not the largest that Microsoft has ever released. The security update for October 2009 tackled a total of 34 vulnerabilities. Eight of those updates were rated as critical – the highest level.

In January 2010, Microsoft released an “out of band” patch for a serious vulnerability in Internet Explorer that was being exploited online. The vulnerability was also thought to be the one used to attack Google in China.

Following the attack on Google, many other cyber criminals started seeking ways to exploit the loophole.

Also this week, a security researcher has reported the discovery of a vulnerability in Internet Explorer that allows attackers to view the files held on a victim’s machine.

Microsoft has issued a security bulletin about the problem and aims to tackle it at a future date. At the moment there is no evidence that this latest find is being actively exploited online.

SimpleTags is my prefer automatic tag generating plugin. It greatly simplifies tagging your posts and it’s just an all around well done plugin. One problem: It doesn’t work with the latest version of Wordpress… or does it?

After my initial upgrade I simply thought the author Amaury BALMER was just a little behind the curve in updating the plugin… or *gasp* maybe it wouldn’t be supported in the future. Perhaps both are true, but after a quick search in the plugin repository I discovered that there is nothing that prevents SimpleTags to work except that there is a hard coded Wordpress version check in there. This isn’t a BAD thing… maybe the later versions of WP wouldn’t work with it? Who knows… but the solution to resolving the issue is pretty straight forward and simple.

If you edit the plugin via the editor interface, find this line (near the top):

if ( strpos($wp_version, '2.7') !== false || strpos($wp_version, '2.8') !== false) {

and change it to

if ( strpos($wp_version, '2.7') !== false || strpos($wp_version, '2.8') !== false || strpos($wp_version, '2.9') !== false ) {

Save and you’re good to go!

A rather silly “trick” ( and really that’s all it is, has been making headlines over the last few days. From what I can tell it was really brought to the forefront by Ina Fried from CNET who says:

“By creating a new folder in Windows 7 and renaming it with a certain text string at the end, users are able to have a single place to do everything from changing the look of the mouse pointer to making a new hard drive partition.”

So somebody decided to call this “God Mode” because to enable this “trick” you make a folder called GodMode.{ED7BA470-8E54-465E-825C-99712043E01C} and double-click on it. What you end up with is… drum roll… the control panel; it’s just in a different view than you’d normally see.

First of all, the text ”GodMode” has nothing to do with making the trick work. You can call the folder “IFreakinRawk.{ED7BA470-8E54-465E-825C-99712043E01C}” and now you’ve discovered the magical “IFreakinRawk” feature hidden in Windows.

In reality all you have discovered is:

A documented feature of the shell. Folders can be easily made into ‘namespace junctions’. The whole thing is described on MSDN. Basically, any folder named <DisplayName>.<CLSID> will show up with just the <DisplayName> portion visible in Explorer, and navigating into the folder will take you to the namespace root defined by the <CLSID> portion of the name. This isn’t for USERS, it’s really more of a developer feature.

The second thing is that it’s really the “All Tasks” folder. This is a special shell folder which is used as the source of the “Control Panel” search results seen in the Start menu. This folder was not designed to be browsed to directly, as the normal Control Panel folder (accessible via Start -> Control Panel) contains all the same items but with a custom view designed to be easier to navigate. The “All Tasks” folder has no custom view, so you just see the standard Explorer list view and little else.

The existence of this folder and its CLSID are implementation details and should not be relied upon by anybody for any purpose.

29% of Americans say religion ‘out of date’

A Gallup poll of Americans’ attitudes towards religion released on Christmas Eve found significant recent increases in those responding either that they have no religious preference, that religion is not very important in their lives, or that they believe religion “is largely old-fashioned or out of date.”

Only 78% of Americans now identify as Christian, while 22% describe their religious preference as either “other” or “none.”

Most of these changes have occurred since 2000 and represent the first significant shift since a sharp decline in religious adherence during the 1970s. Over the last nine years, the number with no religious preference has grown from a level of around 8% to 13%. The number for whom religion is not very important has climbed from just over 10% to 19%. And the number who believe religion is out of date and has no answers for today’s problems has jumped from slightly more than 20% to 29%.

These changes do not appear to have affected the majority of Americans who still consider religion “very important” in their own lives. That figure remains at 56% — roughly the same as for the last 35 years — while 57% still say religion has answers to most of the world’s problems.

The biggest difference is that in the late 1990s, up to 68% of Americans though religion had answers to the world’s problems — even though only about 60% said religion was personally very important to them. It seems as though over the last ten years a significant number may have gone from believing that religion is a positive factor in the world, even if they’re not particularly religious themselves, to seeing religion in a far more skeptical or even negative light.

Of interest is those claiming ‘No Religion’ make up the third largest group in the United States.

Click for full size image.

Anti-malware testing group AV-Comparatives.org not only gave Microsoft Security Essentials a top rating for malware removal, but now they’ve given it their best ranking in their performance test as well.

AV-Comparatives.org ran a series of real-world tests running through common scenarios like downloading, extracting, copying, and encoding files, installing and launching applications, and they also ran through an automated testing suite as well. Once the dust had settled, it became clear that not only is MSE one of only three products that both blocks and removes malware well, but it’s also very light on system resources.

Out of all the products tested, Microsoft Security Essentials was the best-performing free antivirus solution, and one of only two that received “very fast” on each of the real-world tests, earning it their top award: an “advanced+” ranking. We’ve been telling you for a while that you don’t need to pay for Windows security, and now with MSE ranked alongside the top paid apps in both malware removal and performance, you might want to consider making the switch.

Hit the AV-Comparatives link for the full report in PDF form, or check out the PC Mag story for the overview—if you can deal with some irritating in-text ads.

Performance Tests [AV-Comparatives]
AV-Comparatives Rates Anti-Malware Performance [PC Mag via @edbott]

via Lifehacker.