I just got my ComicBase 12 CD in the mail for my birthday and I was having trouble installing it on my Vista laptop.

Everything would go fine until I hit next to start the install right before (I would find out) is the accept the license agreement screen. The install would just error out and close. I looked in the Application Log and found this:

Log Name:      Application
Source:        MsiInstaller
Date:          1/11/2008 6:28:41 PM
Event ID:      1033
Task Category: None
Level:         Information
Keywords:      Classic
User:          HANFORDMAN\Chris
Computer:      HanfordMan
Description:
Windows Installer installed the product. Product Name: ComicBase 12. Product Version: 12.0.3. Product Language: 1033. Installation success or error status: 1603.

After doing some research, I found that this is a common thing with Vista and has happened with other products.

With out getting to techinical, you can fix things by running this command at a command line:

regsvr32 %SystemRoot%\system32\vbscript.dll

After you do that, everything works fine.

Bookmark to:

Hide Sites

Any of you bloggers out there using iPowerWeb??  If you are, you might want to check your site!!

Another Mass Compromise at a Hosting Facility - TrendLabs | Malware Blog - by Trend Micro

Another Mass Compromise at a Hosting Facility

December 15th, 2007 by Feike Hacquebord

This week, hundreds of Web sites of the customers of Web hosting
company iPowerWeb got compromised. This incident shows an interesting
mix of hacking technology, Google index poisoning and social
engineering.

A malicious third party added extra directories to the hacked Web
sites and seemingly installed scripts in these new directories that
will redirect victims to traffloader.info. This latter site will
further redirect to sites that attempt to lure Internet users into
installing a codec Trojan, a Zlob Trojan or rogue antispyware.

The redirection to the malicious sites with Trojans only happens
when victims land on the hacked Web site via a Google search. To get
actual traffic to the compromised sites, the hackers poisoned the
Google index database with tens of thousands of hacked URLs. Yesterday,
well-chosen queries into Google showed about 60,000 malicious URLs
hosted on Web sites of iPowerWeb indeed.

One of the tactics used in poisoning Google’s index is that the
malicious URLs appear as “normal” SEO (search engine optimization) spam
Web sites to the Googlebot that crawls the sites. Normal Internet
users, however, are confronted with a malicious redirection instead
(when they arrive at the site via a Google search). So, here, SEO spam
techniques are combined with Trojan infection chains and social
engineering.

The mass compromise might be the result of a security breach of just
a few servers of iPowerWeb. One possible scenario is that hackers got
root permissions on shared webservers and were therefore able to modify
webserver settings. Another scenario is that the hackers successfully
installed a Trojan on an iPowerWeb server, that is able to change
network traffic in a local area network. Once such malicious software
gets installed, all Web sites hosted on different servers in the local
area network may appear as compromised from the outside, while the
contents of the Web sites were actually not changed at all on the
physical hard drives. The attacker just injects his malicious code in
the network traffic between the Web sites and Internet users.

The danger of these attacks shows the need for continuous scanning
of servers at hosting facilities for malicious content like Trojans and
exploits.

Powered by ScribeFire.

Bookmark to:

Hide Sites

This definitely looks suspicious, its trying to load a javascript from 208.122.2.22 which resolves out to http://voxel.net/
a media hosting company.

This is exactly why i use Firefox withNoScript, to protect myself from stuff like this. I submitted the info
to the guys at the Internet Storm Center, they will figure out what is
up. I would be careful going there, or just skip it all together, there isn’t anything worth reading anyway.

Blog@Newsarama » Wizard website is viral. In the wrong way.

Wizard website is viral. In the wrong way.

Tuesday November 20, 2007, 12:15 pm

Admit it; you’ve always thought that Wizard was bad for comics. But did you know that it’s bad for your computer, as well?

“AVG detects a virus everytime I go to the Wizard site today. Just giving a heads up to those who haven’t visited the site yet.”

“I too just got an error from mine. Virus detected on Wizarduniverse.com”

“The site said I needed a chinese language pack for some reason when I was on there earlier today.”

“It may not be a virus, perhaps the site is coded ina away it
ehibits ‘virus like’ activity that triggers your AV proggy. Similar to
the way steam from a shower could trigger older model smoke detectors.”

“Could be, but they need to fix that, who really wants to go there
and take the chance? Besides I’ve been there before and it never
triggered it, shouldn’t it do it everytime? Not just every now and then
for a week or so?”

“I got something on my home pc last weekend, My AV picked it up. The
only site I looked at, beyond here and the BBC News website, was
Wizard’s…”

Consider this a warning.

Powered by ScribeFire.

Bookmark to:

Hide Sites

Not bad

This blog has been named one of the “Blogs to visit when attackers target Microsoft Windows” - Chris Mosby at myITforum.com

Friday, October 12, 2007 8:03 AM
cmosby
[Edit]

This blog has been named one of the “Blogs to visit when attackers target Microsoft Windows”

I have to thank Rod Trent for bring this to my attention this morning.

Bill Brenner over on TechTarget had this to say in a recent blog post.

“In times like these, when IT administrators are trying to determine which flaws to deal with first, it helps to have an array of security blogs
to visit where the vulnerability details are sliced and diced and fellow IT pros can explain how they are addressing a threat in their
environments.

I visit many of these blogs when trying to figure out which security issues need to be written about on any given day, and would like to devote this week’s
column to sharing them. And so here’s my list:”

Not only am I on the list, but I am second in line

Not bad for a blog with no content huh?

In any case I am really glad to see that there are people out there that appreciate my meager attempts at trying to keep the community informed on various security issues. This and all of the people that have come up to me at MMS to give thanks for what I do really make it all worth while.

Thanks again!

Powered by ScribeFire.

Bookmark to:

Hide Sites

This is why i haven’t posted anything in a while, I have been very busy..

Well its official, I will be taking over the primary writing duties on the “Mastering System Center Configuration Manager 2007” book that will be published by Wiley. Chris Urban (former MVP now Microsoft employee) will be writing the rest.

This opportunity kind of fell in my lap after the original author, Brad Price; decided to change careers and go into business for himself. Thanks go out to John Hann for introducing me to the right people, which led to this great opportunity.

This has happened fairly recently but I am already hard at work on the book, and I have been having a lot of fun playing around with ConfigMgr. So far from what I have seen, it is a truly awesome product.

More information on the book can be found here  Note that my name isn’t on the book here yet, hopefully it will get updated soon.

Bookmark to:

Hide Sites

Looks like Dan Didio’s blog on MySpace.com was hacked and two spam posts (with a racy picture) were inserted last night. I sent a message to let them know, but they are still there as of this morning, so I guess no one has noticed. Below is example of the text.

WHATEVER YOU DO, DON’T CLICK ANY LINKS IN THESE POSTS!!! They will probably install malware on your computer.

Hopefully someone that has better contacts at DC will read this and let them know before someone gets infected by this.

blog.myspace.com/ddidio

OMG KELLY IN HER DO ME PANTIES

Current mood: pleased

Today turned out to be a good day after all.

I was feeling a little down because I broke my cellphone last monday
and the plan didnt cover a new one. So like the next day I was on
myspace and some guy i dont even know who he was, sent me this link to
this iphone survey on myspace so i filled it out and never expected to
hear anything about it again. Well friday comes around and I go out and
get the mail and there is this package that says generous genie on it
so i open it up AND IT IS A NEW IPHONE!

I love this thing. the camera on it works REALLY good. check out this pic i took of my girl kelly. haha i cant believe she wears stuff like that!

Powered by ScribeFire.

Bookmark to:

Hide Sites

Patch now!!

WordPress › Blog » WordPress 2.1.1 dangerous, Upgrade to 2.1.2

March 2, 2007

WordPress 2.1.1 dangerous, Upgrade to 2.1.2

By Matt. Filed under Releases.

Long
story short: If you downloaded WordPress 2.1.1 within the past 3-4
days, your files may include a security exploit that was added by a
cracker, and you should upgrade all of your files to 2.1.2 immediately.

Longer explanation: This morning we received a note to our security
mailing address about unusual and highly exploitable code in WordPress.
The issue was investigated, and it appeared that the 2.1.1 download had
been modified from its original code. We took the website down
immediately to investigate what happened.

It was determined that a cracker had gained user-level access to one
of the servers that powers wordpress.org, and had used that access to
modify the download file. We have locked down that server for further
forensics, but at this time it appears that the 2.1.1 download was the
only thing touched by the attack. They modified two files in WP to
include code that would allow for remote PHP execution.

This is the kind of thing you pray never happens, but it did and now
we’re dealing with it as best we can. Although not all downloads of
2.1.1 were affected, we’re declaring the entire version dangerous and
have released a new version 2.1.2
that includes minor updates and entirely verified files. We are also
taking lots of measures to ensure something like this can’t happen
again, not the least of which is minutely external verification of the
download package so we’ll know immediately if something goes wrong for
any reason.

Finally, we reset passwords for a number of users with SVN and other access, so you may need to reset your password on the forums before you can login again.

What You Can Do to Help

If your blog is running 2.1.1, please upgrade immediately and do a
full overwrite of your old files, especially those in wp-includes.
Check out your friends blogs and if any of them are running 2.1.1 drop
them a note and, if you can, pitch in and help them with the upgrade.

If you are a web host or network administrator, block access to
“theme.php” and “feed.php”, and any query string with “ix=” or “iz=” in
it. If you’re a customer at a web host, you may want to send them a
note to let them know about this release and the above information.

Thanks to Ryan, Barry, Donncha, Mark, Michael, and Dougal for
working through the night to figure out and address this problem, and
thanks to Ivan Fratric for reporting it in the first place.

Questions and Answers

Because of the highly unusual nature of this event and release, we’ve set up an email address 21securityfaq@wordpress.org that you can email questions to, and we’ll be updating this entry with more information throughout the day.

Is version 2.0 affected?

No downloads were altered except 2.1.1, so if you’ve downloaded any version of 2.0 you should be fine.

What if we update from SVN?

Nothing in the Subversion repository was touched, so if you upgrade
and maintain your blog via SVN there is no chance you downloaded the
corrupted release file.

Technorati Tags: Blogging, Wordpress, Security patch, upgrade

powered by performancing firefox

Bookmark to: