Open Systems Journal

Testing text to MP# Conversion

 
I recently read a Computer World article that cited a study touting the benefit of having an MBA in the IT industry. A two-year MBA degree would yield an average 8.2% increase in salary, as opposed to two years of extra experience, which would yield an average of 2.8%.
That sounds good. But the study, they [...]

The other day our LCD on the treadmill went out. Actually it was at the end of winter and my wife was annoyed I didn’t get it fixed right away. Eventually I called Reebok, got support, disassembled part of it, got a diagnosis over the phone of a blown controller board and ordered a new [...]

The mad woman in the attic
A flaw in how the internet’s addressing system works that sparked a patching frenzy on Tuesday night may has first been uncovered by a student as long as three years ago.…
Go to Source

Brad Taylor, Google’s Gmail Spam Czar, has just posted details on the ongoing cooperation with PayPal and Ebay, two of the most targeted brands in phishing emails, the effect of which is rejecting compared to flagging as spam each and every email pretending to be coming from paypal.com and ebay.com as well as from their [...]

Couple readers told us about a security relevant update to Java. Well, you know the drill. I hope you took good notes last time you had to do it. Secunia got a reasonable summary here:
secunia.com/advisories/31010/
———
Johannes B. Ullrich, Ph.D.
SANS Technology Instititue, http://www.sans.edu

Vulnerability Note VU#800113
Multiple DNS implementations vulnerable to cache poisoning
OverviewDeficiencies in the DNS protocol and common DNS implementations facilitate DNS cache poisoning attacks.
I. DescriptionThe Domain Name System (DNS) is responsible for translating host names to IP addresses (and vice versa) and is critical for the normal operation of internet-connected systems. DNS cache poisoning (sometimes referred [...]

Vulnerability Note VU#837785
Microsoft Office Snapshot Viewer ActiveX control vulnerability
OverviewThe Microsoft Office Snapshot Viewer ActiveX control contains a vulnerability, which can allow a remote, unauthenticated attacker to download arbitrary files to arbitrary locations.
I. DescriptionMicrosoft Snapshot Viewer is a viewer for snapshots created with Microsoft Access. Snapshot Viewer is available as an ActiveX control, which is provided [...]

US-CERT has received reports of new Storm Worm activity. The latest activity uses messages that refer to the conflict in the Middle East. This Trojan is spread via unsolicited email messages that contain a link to a malicious website. The website is noted as having the following malicious characteristics which may be used to infect [...]

Microsoft has released a Security Advisory to address a vulnerability in Microsoft Word. The advisory indicates that this vulnerability affects Microsoft Office Word 2002 Service Pack 3. By convincing a user to open a specially crafted Word file, a remote attacker may be able to execute arbitrary code or cause a denial-of-service condition. Additionally, the [...]