30 GB Zunes with latest firmware bite the dust

From Gizmodo:

Apparently, around 2:00 AM today, the Zune models either reset, or were already off. Upon when turning on, the thing loads up and… freezes with a full loading bar (as pictured above). I thought my brother was the only one with it, but then it happened to my Zune. Then I checked out the forums and it seems everyone with a 30GB HDD model has had this happen to them

Happy new year, everybody!

UPDATE: If you own a 30 GB Zune, the problem went away. Ends up there was a slight, uh, programming problem. Years with 366 days – such as 2008 – drove the Zune’s firmware nuts. The problem only lasted a day. By January 1, all was well: if you let the battery drain and re-start, your Zune started working again. Oy.

Time to get caught up – even with Windows XP Service Pack 3

It looks like the December crop of Black Tuesday patches are working out. MS08-070, -072 and -074 all had documentation changes, but the patches haven’t caused any loud screams of pain.

For those of you who haven’t installed Windows XP Service Pack 3, now is the time to do so. The biggest problem arises if you have an, uh, “ungenuine” copy of Windows XP – one that gets flagged by Microsoft’s snooper as being a pirate copy. The downside: if you install XP SP3 and you have an ungenuine copy of XP, your desktop wallpaper will turn black and you’ll get annoying messages down in the system tray – but that’s it. There are no other ill effects. You can even change your wallpaper, but SP3 will check every hour and make it black again.

If you have problems installing XP SP3, take a look at Microsoft Knowledge Base article KB 950718 for suggestions.

I’m moving us down to MS-DEFCON 5: All’s clear. Patch while it’s safe.

WMP 0day not a 0day at all – just a DOS

Two days ago I reported on a new 0day vulnerability in Windows Media Player. I waffled quite a bit in that report, because SANS Internet Storm Center wasn’t able to reproduce the reported flaw: they could get Windows to crash with a dodgy WAV, SND or MIDI file, but they couldn’t get Windows to execute a program.

There’s a reason why: the 0day isn’t a 0day at all. It’s just a bug that crashes Windows – a “Denial of Service” flaw, to use the politically correct terminology.

Jonathan Ness has a blog on the MS Security Vulnerability site that explains the problem.

Windows 7 Beta 1 has leaked

And I can see it right now on the alt.binaries.warez.ibm-pc.me-beta newsgroup. It’s called working.one_microsoft.windows.7.beta.1.build.7000. I can’t vouch for the file’s authenticity – make sure the copy you get has an fsum of f9dce6ebd0a63930b44d8ae802b63825 – but it sure looks like the “gold” version of Win 7 Beta 1.

The warez sites get it before the beta testers, and Torrent traffic is undoubtedly up because of the beta. On the one hand, I bet some folks at Microsoft are furious. On the other hand, it’s a very efficient and egalitarian distribution method.

Another 0day with Windows Media Player

The Security Tracker site reports that there’s a newly discovered security hole in Windows Media Player. Apparently it’s possible to create a WAV, SND or MIDI file that, when played with Media Player, takes over your computer.

I say “apparently” because SANS Internet Storm Center says it has been able to reproduce a system crash, but hasn’t yet gotten the bad WAV file to run anything.

For now, I wouldn’t worry about it, but it’d be a good idea to avoid adding WAV, SND or MIDI files to your music collection for the next week or two. Since most of you are using MP3 (or [shudder] wma or aac files), that shouldn’t pose too much of a burden.

More than 1,000,000 ways to infect your computer

I just bumped into this fascinating blog entitled “More than 1,000,000 ways to infect your computer.”

Gary Warner steps you through the infection process of (yet another) piece of Scareware, which the authors call “System Security.” For the paltry payment of $51.45, you, too, can protect your computer from “38 Infections Found!”.

The article includes a detailed analysis of how you might be tempted to download the little bugger, and what happens when you do. It’s all quite innocuous. Amazing how well it all hangs together.

Anyway, if you have used a search engine recently to visit one of these sites:

microsoft.com, irs.gov, dbrecovery.com, togshop.com, wnbc.com, mrm.mms.gov, countrycurtains.com, portugal-info.net, cyberswim.com, nbcsandiego.com, thebostonchannel.com, thepittsburghchannel.com, hermanstreet.com, viadeo.com, nationalgeographic.com, barronscatalog.com, click2houston.com, lucy.com, wgal.com, rexart.com, kitv.com, bookmatestore.com, attarbazaar.com, titlenine.com, vermontteddybear.com, readthehook.com, theessentials.com, martlmadidebeli-gristianoba.com or “countless media outlets, magazines, universities”

you may have downloaded more than you bargained for.

Take a look – and have a safe Christmas, OK?

Internet Explorer 0day patch posted

And you should apply it immediately.

The big, bad IE 0day has been fixed with – get this – 300 separate patches. Don’t waste a second downloading and installing MS08-078 / KB 960714.

The easiest way to get it is by clicking Start, Programs (or All Programs), Microsoft Update (or Windows Update) and following the prompts to install KB 960714.

There’s an interesting history of the patch on the MS Security Response Center blog.

Note that there’s still no reason to apply any of the December Black Tuesday patches. But you do need this one, even if you always use Firefox, because IE is woven so inextricably into the fabric of Windows itself.

Bit9 puts Firefox at the top of its bad software list

Yes, I know that a whitelisting company called Bit9 has just released a report called 2008’s Most Popular Applications with Critical Security Vulnerabilities and that Firefox tops the list.

What a crock.

What the news articles won’t tell you is that Bit9 is a Microsoft Certified Partner.

Out of the dirty dozen, only one Microsoft program – Live Messenger – made the list.

Go figger.

IE out of cycle patch coming

Microsoft has announced that it will post a patch to the Internet Explorer 0day attack I talked about last week. The patch covers essentially all versions of Internet Explorer, running on essentially all versions of Windows.

Microsoft itself admits that 2 million PCs have been bitten by this particular security bug. The Press Association reports that as of Saturday more than 10,000 Web sites contain malicious code that take advantage of the flaw. That was Saturday.

According to the SANS Internet Storm Center, one of Microsoft’s recommended workarounds breaks Outlook Online Web Access. Even the BBC, for heaven’s sake, has published a warning about using IE: “Users of Microsoft’s Internet Explorer are being urged by experts to switch to a rival until a serious security flaw has been fixed.”

My advice: for the first time in ages, I recommend that you download and install the IE patch the minute it becomes available. You’ll see a notification pop up if you’ve set Windows Automatic Update to “notify but don’t install.” Otherwise, check the link at the beginning of this article every hour or two.

At the same time, obviously, surely, you’re using Firefox by now, right?

What are you looking for?

Google just posted its 2008 Zeitgeist list, a fascinating compilation of all the searches done on Google over the past year.

For example, the “Fastest Rising” search terms – which is to say, the search terms with the largest percentage increase between the end of last year and the end of this year – worldwide are:

1. sarah palin
2. beijing 2008
3. facebook login
4. tuenti
5. heath ledger
6. obama
7. nasza klasa
8. wer kennt wen
9. euro 2008
10. jonas brothers

I confess, I had to look up several of those to figure out what in the world people seek.

Check it out.

Two 0days on the loose

Susan Bradley’s column in the latest issue of Windows Secrets Newsletter talks about two new 0day attacks on Microsoft products.

First, the WordPad virus. No, I don’t make this up. Microsoft discusses the problem in its Security Advisory 960906. If you’re running Windows XP Service Pack 2, you may be at risk, if you open documents with WordPad. Vista and XP SP3 customers are safe.

Gad.

The other one is much more serious, for those of you who insist on using Internet Explorer. It seems that there’s a hole in the way IE interprets XML files. It’s so bad that you can get infected by simply going to a jiggered site. (Remember that some attacks latch on to well-known sites by rolling themselves into advertisements.) No click necessary.

Microsoft has issued an advisory on the hole:

Microsoft is investigating new public reports of attacks against a new vulnerability in Internet Explorer. Our investigation so far has shown that these attacks are against Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008.

SANS Internet Storm Center is keeping track of the latest. It’s nasty, and most antivirus products don’t catch it yet.

The solution? Use Firefox, of course. Sheesh.

Holey Tuesday, Bitman

Microsoft released eight Security Bulletins , plugging a total of 28 individually identified security holes. When you multiply the 28 plugs times the number of different programs effected, there’s a whole lotta patchin’ goin’ on.

For a complete list of patches, Knowledge Base numbers, and links, see the SANS Internet Storm Center December Patch listing.

The only killer at this point is MS08-070, which fixes at least six ActiveX controls that Microsoft made available with Visual Basic 6, and its close ally Visual Studio .NET 2002 and 2003. Unfortunately, many of those controls were distributed by companies other than Microsoft. There’s a known exploit based on the security holes that’s been around for the past four months.

Microsoft yanked its MS08-070 Web page a few minutes ago. At least, every attempt I’ve made to get at the page results in a “Service is Unavailable” error. When you read this, you might want to check and see if it’s up, and if something major has changed.

As usual, my advice is to hold off patching, until we hear the screams of the pioneers, particularly for MS08-070. Make sure you’re using Firefox, not Internet Explorer, to minimize your exposure to bad ActiveX programs. (Remember that Firefox doesn’t run ActiveX.) Give it a couple of days. Hey, it took Microsoft four months to patch the six ActiveX holes. The world isn’t going to come to an end any time soon.

We’re going up to MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.