Updated: 12/1/06; 2:49:52 PM.
Ted's Radio Weblog
Mission: Interoperable. Competition breeds Innovation. Monopolies breed stagnation. Working Well with Others is Good.
        

Thursday, November 2, 2006

Slashdot notes IE7 Released As High-Priority Update. jimbojw writes, "Internet Explorer 7 was finally released this morning and is available via automatic update or download from Microsoft."
4:27:36 PM    comment []

Over at Shedding Some Light, Rick Schummer blogs IE7 Breaks Older QuickBooks: "I use FireFox as my primary Web browser and really like it... A couple of weeks ago at Southwest Fox I learned a bunch of things about IE7 from Rick Borup. His session got me excited about some of the changes and new features. So I have been looking forward to the automatic update about to hit my machine. Then I accidentally ran across a blog from one of my technical partners about how IE7 breaks QuickBooks Pro. No email from Intuit (they hit me up with lots of offers to upgrade, but I guess this little detail was not that important, or I seriously overlooked it)... I use QuickBooks Pro to manage the accounting books here at White Light Computing. I have used this product for years to keep track of the hours I bill, invoicing, tracking accounts receivables, printing checks to my vendors and subcontractors, and reporting the financials to my wife and our accountant. I use this program all the time. It is almost as important to me on the administrative side of the business as Visual FoxPro is to the technical side of the business."

Rick goes on to point out some work-arounds to prevent IE from "upgrading" itself and making your accounting system inoperable. Thanks for the tip, Rick!!!
2:38:15 PM    comment []


Over at DDJ.com, they're reporting that "New Hacker Toolkit Cloaks Browser Exploits" No real surprise there - polymorphic browser exploits can avoid primitive signature detection techniques that just look for "DO BadCode()" in the payload. Code that runs in a browser has to run in a safer environment, like the "security sandbox" design of Java. ActiveX controls are just Windows executables that run with the permissions of the user. That won't work, no matter how many "digital signatures" or "Are you sure" dialogs MS layers on top of their insecure design. JavaScript isn't much better with the potential for downloadable JavaScript network scanners implying that every device on the network must be firewalled from every other.

There are no easy solutions in sight. Run with the least privileges practical. Firewall off unneeded services. Scan for unacceptable activity in memory and on disk. Turn off runtime capability in the browser except when needed - Flash, ActiveX, JavaScript and Java should only run with permission of the user.
9:19:38 AM    comment []


© Copyright 2006 Ted Roche.   

Creative Commons License This work is licensed under a Creative Commons License.

  

 

November 2006
Sun Mon Tue Wed Thu Fri Sat
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30    
Oct   Dec


Click here to visit the Radio UserLand website.

Subscribe to "Ted's Radio Weblog" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog.
Blogroll
miniXmlCoffeeMug.gif miniXmlButton.gif Byte