Tuesday, July 19, 2005

GreaseMonkey security exploit Despite Microsoft's attempt to, er, monopolize the security news... Alex Feldstein posts Attention Greasemonkey Users. "There's a serious security issue for Greasemonkey. Until I can study this in more detail, and as my use of GreaseMonkey is very minimal, I have chosen to disable it. (Via J-Walk)" As best I've been able to ascertain, the problem occurs in versions before 0.34 and possibly also in the 0.4 alpha, but 0.35 is okay. The GreaseMoney add-in shows a little monkey face on the bottom of the browser. Click to toggle whether it is disabled, and only turn it on when you need it and trust the underlying page. You may also want to consider adding the NOSCRIPT add-on, which lets you specify which sites ought to be allowed to run JavaScript at all. 4:18:03 PM    comment []

More on the RDP Exploit Microsoft Watch from Mary Jo Foley reports Microsoft Suggests Workarounds to Block SP2 Flaw. "Microsoft released a security advisory and some suggested workarounds for a new potential denial-of-service flaw in Windows XP SP2." It's a good idea to double-check systems that ought to have RDP disabled. As part of chasing down a different problem, I was reviewing the Services tab of a WinXP workstations's Adminstration interface, and noted all the Terminal Services items running. Disable Remote access on an individual box by right-clicking "My Computer" and selecting "Properties." On the "Remote" tab, ensure the "Allow users to connect remotely to this computer" is off. 3:30:44 PM    comment []

This work is licensed under a Creative Commons License.