I’m amazed that some of Microsoft’s MVP’s on Security are 14 and 17 years old. Just how do they manage to know all this stuff and get all those qualifications by their age?

There are three security vulnerabilites in RealOne player so if you have this installed you may want to use the autoupdate to get the patches. Not sure how this works with the free bbc version – i’ll check this out soon…..
Update BBC player installed and the update program finds at least 3 updates to install – one to upgrade from version 2 to version 10, one for the security update and another for Realpix. I only bothered to download the second one.

The long awaited patch for ie is now available that will break the standard http://user:pass@domain functionality but will prevent a lot of the phishing attacks that have gone on. To check whether you are still vulnerable or not, visit my initial page on the phishing problem. This update is actually one of three vulnerabilities that has been patched in the cumaltive update.
There are more details in the February 2004 security bulletin

There is a new kb article about ie address spoofing. KB834489, which details how MS are going to address the address bar spoofing that hit the headlines several months ago and which I demonstrated here. Basically they are fixing it by disabling internet explorer from accepting urls in the format of http://username:password@domain This sounds like its breaking the WWW agreed format for urls and could stop bookmarks (and other applications?) from storing usernames/passwords etc. I’m not convinced this is a good workaround as it means some urls will work in mozilla, opera etc but not in ie. Will be interesting to see if this also breaks ie wrappers such as Myie.

Theres been a Vulnerability reported in Gaim (my cross platform Instant Messaging client. Apparently its fixed in the GAIM CVS files but there is no mention of it on the Gaim news page which incidentally has a RSS news feed so I’ve subscribed to that to get the latest news.

Apparently the Bat! (my email client at home) has a memory corruption problem although my latest, christmas, edition is apparently not vulnerable.

If your password is on the Default Password List you really are asking for trouble and should be shot! Thanks to Lost Olive

“Disable pop up blockers; Disable firewalls blocking streaming media/audio; Adjust your cookie settings to receive Broadcast.com media.” Does anyone see any problems with this considering its a security related presentation?

Password safe for Windows and pocketpc sounds good. I’ve not tried it yet but its on the eternally long list of things to do.

NFO has a quick article about building a Network Monitoring Centre, although he calls it a NOC (operating/Monitoring) including EtherApe which draws a pretty picture of network traffic. I’ll be trying that when the laptop gets back from it’s repair.