Problems with Intel wireless drivers
FYI...
Problems with Intel wireless drivers
- http://isc.sans.org/diary.php?storyid=1633
Last Updated: 2006-08-24 07:10:38 UTC
"...Intel initially issued a big file (100MB) that you had to download, but at least it upgraded everything on your machine, if it needed upgrades. After rebooting in the next few days I noticed that my machine is a bit slower then it was. A look at Task manager output, or excellent Process Explorer from Sysinternals showed that a process called S24EvMON.exe is using quite a bit of CPU... Dell... released their own version of drivers... Dell's drivers have the same problem... It looks that everyone with (at least) 2915ABG/2200BG wireless cards is affected. F-secure posted this in their weblog as well* ...
UPDATE:
The easiest way to start and stop these services (so you actually run them only when you really need them) is to create a batch file that will do this job for you (so you don't have to click manually on all 4 of them). You can use the sc start <service name> and sc stop <service name> commands to perform this for you...
UPDATE 2:
..You can use the built-in Windows Wireless Zero Config service, in which case you only need to patch the driver for your wireless card, so you are not vulnerable. As the problem with CPU/memory leaks are in the management service, this is an effective workaround at least until the management service is fixed..."
Working with the Intel Wi-Fi Drivers Again
* http://www.f-secure.com/weblog/archi....html#00000954
August 21, 2006
"...We noticed that software (S24EvMON.exe) installed with the driver seems to be leaky. It's eating tons of file handles and tons of memory - and it continues to grow!... Intel's tech support has replied. They are aware of the issue and are currently at work on it. No official release date yet. We'll let you know."
(Screenshots available at -both- URL's above.)
:spider:
=========================================
- http://isc.sans.org/diary.php?storyid=1643
Last Updated: 2006-08-26 18:16:44 UTC
"Release Notes for the Intel(R) PRO/Wireless 3945ABG Network Connection update have been posted at Intel. The release notes* describe a number of bug fixes including Memory Utilization Increase issues... The download location for Intel® PROSet/Wireless Software version 10.5.0.1 is here**..."
* http://downloadmirror.intel.com/df-s...G/relnotes.htm
> "...Issues resolved in this release
o Potential Memory Utilization Increase
o Profiles Not Migrated When Upgrading from Previous Software Version
o Potential Auto-Suspend Failure when using Microsoft Windows* 2000
o Intermittent Authentication Failure with Cisco Access Point in Heavy Traffic Environment
o Intermittent Failure to Load or Save a Roaming Profile..."
** http://support.intel.com/support/wir.../CS-010623.htm
:cool:
Java JRE "Unpatched JRE's installed..."
FYI...
- http://isc.sans.org/diary.php?storyid=1640
Last Updated: 2006-08-26 02:21:06 UTC
"...SUN says prior to version 5.0 Update 6, an application or an applet could specify the version of the JRE on which it would run. "This issue can occur in the following releases (for Solaris, Linux and Windows platforms):
Java Plug-in included with J2SE 5.0 Update 5 and earlier, 1.4.x, 1.3.1, and 1.3.0_02 and later
Java Web Start included with J2SE 5.0 Update 5 and earlier, and 1.4.2
Java Web Start 1.2, 1.0.2, 1.0.1, and 1.0".
* http://sunsolve.sun.com/search/print...=1-26-102557-1
Date Released: 21-Aug-2006
"Impact
...versions of Java Web Start and the Java Plug-in... may allow applets or applications to run with a specified version of the JRE that does not have the latest security fixes...
Relief/Workaround
...use the latest JRE releases available from Sun and remove all symbolic links of earlier versions of Java Plug-in from the browser "plugins" directory...
Note: Prior to 5.0 Update 6, an application could specify the version of the JRE on which it would run. With 5.0 Update 6 and later installed, unsigned Java Web Start applications that specify a version other than the latest installed will trigger a warning, requiring explicit user permission before the application will run. Signed Java Web Start applications are not affected..."
Download at the following link:
* http://java.sun.com/j2se/1.5.0/download.jsp
(Latest is JRE 1_5_0_08. It is "Highly Recommended" that older versions be uninstalled)
:(
Non-McAfee anti-spyware blocked by McAfee
How long before SpyBot S&D is "blocked" ?
- http://www.spywareinfo.com/newslette...g29.php#mcafee
August 29, 2006
:(
=========================
- http://forums.mcafeehelp.com/viewtopic.php?t=89522
Posted: Wed Aug 30, 2006 6:06 pm
"Here are the version numbers for the core components:
Security Center: 7.0.329
Firewall: 8.0.203
Privacy Service: 9.0.382
Spam Killer: 8.0.239
VirusScan: 11.0.213
The patch will be delivered to everyone who has the new software installed as an automatic update. You can trigger the update by right-clicking on the McAfee icon and selecting "Updates" (or by hitting the Update button in the Security Center)...
Issues addressed in the patch:
...- Several products that were previously marked as incompatible will no longer be flagged ..."
(Includes the "other" anti-spyware product in question)
:spider:
zCodec promises video, delivers adware
FYI...
- http://www.techworld.com/security/ne...fm?newsID=6781
04 September 2006
"Users looking for the latest and greatest video software may not just be in danger from media lawyers. Security firm Panda Software last week warned that zCodec, which claims to offer "up to 40 percent better (video) quality", is in fact an adware program that can install Trojans, rootkits and other malicious software... Panda's advisory* last week revealed that the 100KB file is in fact adware, which "downloads and runs files, changes the DNS configuration and monitors accesses to several adult websites". zCodec, formally known as Adware/ZCodec or Adware/EMediacodec, affects most versions of Windows and was first detected last week, Panda said. When run, the program alters the system's DNS configuration in order to divert traffic to DNS servers of its choice, a technique sometimes used as part of a phishing scam or to rack up clicks for advertising schemes..."
* http://www.pandasoftware.com/virus_i...=128208&sind=0
:(
QuickTime v7.1.3 released
FYI...
- http://isc.sans.org/diary.php?storyid=1694
Last Updated: 2006-09-13 00:00:39 UTC
"Apple released today Quicktime 7.1.3. It fixes 7 vulnerabilities, all leading to arbitrary code execution..."
- http://docs.info.apple.com/article.html?artnum=304357
QuickTime 7.1.3 for Windows 2000/XP
- http://www.apple.com/quicktime/download/win.html
.
Firefox and Thunderbird 1.5.0.7 released
FYI...
Firefox download:
- http://www.mozilla.com/firefox/
Fixed in Firefox 1.5.0.7:
- http://www.mozilla.org/projects/secu...firefox1.5.0.7
Known issues:
- http://www.mozilla.com/firefox/relea....7.html#issues
"This list covers some of the known problems with Firefox 1.5.0.7. Please read this before reporting any new bugs."
-----------------------------------------
Thunderbird download:
- http://www.mozilla.com/thunderbird/
Fixed in Thunderbird 1.5.0.7:
- http://www.mozilla.org/projects/secu...derbird1.5.0.7
================================
- http://secunia.com/advisories/21906/
Release Date: 2006-09-15
Critical: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Mozilla Firefox 0.x, Mozilla Firefox 1.x...
Solution: Update to version 1.5.0.7.
http://www.mozilla.com/firefox/ ..."
- http://secunia.com/advisories/21939/
Release Date: 2006-09-15
Critical: Highly critical
Impact: Security Bypass, DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Mozilla Thunderbird 0.x, Mozilla Thunderbird 1.0.x, Mozilla Thunderbird 1.5.x...
Solution: Update to version 1.5.0.7.
http://www.mozilla.com/thunderbird/ ..."
:spider: ;)
Internet Security Threat Report - first half 2006
FYI...
- http://www.symantec.com/about/news/r...id=20060925_02
Sept. 25, 2006
"...Symantec’s Internet Security Threat Report notes that home users are the most targeted attack sector, accounting for 86 percent of all targeted attacks, followed by financial services businesses. Symantec has identified increased attacks aimed at client-side applications, increased use of evasive tactics to avoid detection, and that large, widespread Internet worms have given way to smaller, more targeted attacks focusing on fraud, data theft, and criminal activity... The tenth volume of the semiannual Symantec Internet Security Threat Report covers the six-month period from Jan. 1, 2006, through June 30, 2006..."
:fear:
Malicious Code on Storage and Caching Servers
FYI...
- http://www.theregister.com/2006/10/1..._malware_risk/
12 October 2006
"...Finjan has published obfuscated examples* of malware found on storage and caching servers to support its claims... Finjan's point is that users visiting a cached copy of such (potentially mainstream) sites would be infected even if the main site pulled the malware. Search engines are not doing enough to flush their caches, it warns..."
- http://www.finjan.com/Pressrelease.a...sLan=293&lan=3
October 11, 2006
"...Finjan has provided the search engines and service providers with full technical details of the discovery, and is conducting a dialogue with these companies in order to assist them in resolving the issue. Some examples of malicious code found on storage and caching servers are presented here*... Another newly discovered web security threat centers on the use of Web 2.0 and AJAX ( Asynchronous JavaScript and XML) technologies for malicious activities. While Web 2.0 and AJAX offer an enriched and improved user experience for Internet users, the technology also flings open the door to new malware propagation methods..."
* http://www.finjan.com/Content.aspx?id=1117
:fear: :spider: