Here’s some secruity news and computer bug problems from this week’s BugBlog:
Not long after Microsoft announced they would not be releasing any scheduled security bulletins this month, the Danish security company Secunia released information on how hackers could spoof a web site, and the URL it displays in Microsoft Internet Explorer. This could be used to create fake e-commerce sites and get people to give credit card information. For now, read about it on ZD Net at http://zdnet.com.com/2100-1105_2-5119440.html, because there’s no fix yet. (There is also some unconfirmed discussion that the favorite browser over at the BugBlog, Mozilla, may have some exposure to this same problem.)
Windows XP has a somewhat-useful Forgotten Password Wizard. Why only somewhat useful? If you are running Windows XP on a computer that doesn’t have a floppy disk drive, when you run the wizard it will prompt you to insert a floppy disk into drive C. Since that’s normally a hard drive, it might prove to be a little difficult. Microsoft has a hotfix for this, which will be in a future Windows XP service pack. If you think you need this feature (you don’t have a floppy drive and you refuse to write down your passwords somewhere) you may want to contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 830680. Note that you may be charged for this call.
This last one will normally only affect network administrators, but it is kind of funny: If you have an IBM-based Cisco Unity server, there may be an accidental lapse in security. It seems that these servers shipped with an unintended local user account with the name “bubba”. If you have one of these servers and don’t want “bubba” to come logging in unexpectedly, see the workaround instructions at http://www.cisco.com/warp/public/707/cisco-sa-20031210-unity.shtml.