Monthly Archives: April 2007

Upd: MacOS to be hacked?

Well… I should correct myself: the vulnerability was not in the OS, moreover not in the browser. It was in Apple QuickTime, and therefore every browser which uses Java on a machine with QuickTime installed is vulnerable. The only workaround for the vulnerability for now is to disable Java. Thus my example was far from excellence, which don’t make my vision of the problem change…

My first post on the problem.

Discontinued exams

Exams on 2000 and NT4 are officially announced to be discontinued from 03.31.2008.

Honestly I haven’t pass any of them because I became certified not long ago. However I guess those who are in IT much longer then I am ,ay miss the whole era…

Full list of deprecated certifications and the news itself is here.

MacOS to be hacked? announced that Safari (built-in MacOS browser) was hacked in two hours on the CanSecWest conference in Vancouver (Canada). This event happened despite the fact that just before the conference had been issued the patch which mitigated 25 vulnerabilities. Moreover, Securityfocus states, that the prize was two small to attract many hackers: MacBook Pro costs approximately $3000 while 0day vulnerability may be worth $5000 to $20000.

Honestly, hackers, as I understood, were unable to get root’s rights – only user’s ones, but the reason for this post is not to have a gloat but rather to say it once more: the quantity of known vulnerabilities depends not only on the “quality” of coders or OS architecture but also its popularity. The more popular it is, and, consequently, higher is the cost of data stored on the computers running the OS, the more people are interested in stealing the data and looking for vulnerabilities.

Therefore increasing of MacOS popularity may turn out badly for users of this without doubt excellent platform.


It is funny and useful IMHO. New event IDs from Security Event Log in Vista appear to have theirs analogs in more old systems (no wonder, actually), but they are away from those exactly by 4096.

It is described why it was done here. In short, great changes were introduced into the content of the events, so there was a need to distinguish between pre-Vista and Vista events. Now as in the source code numbers are represented as hex values they added not 5000 or 6000, but 0x1000=4096

Standard keyboard layout in Vista

If you use more than one language in your environment then it is likely that you once (or more than once) felt unhappy, trying to recall what exactly should you fix in the registry to change Welcome Screen default language from, say, English to Russian keyboard layout. Why, you may be tortured with it in Vista as well, but also you have an option. Load the profile with the settings desired (or just change your settings), go to Start –> Control Panel –> Clock, Language and Region –> Regional and language option, select “Administrative tab” and click “Copy to reserved accounts”. Select “System account” and press Ok.

The result won’t take long.

Virus for iPod

Yep, we’ve ended up with something like virus for iPod. Well… Actually it is just a proof-of-concept, and one should have some nerve to call it a “virus” – you have to work hard to contaminate your iPod with it:

  1. 1) You have to have iPod (Who doesn’t? Even I have one =) )
  2. 2) Flush its own firmware and flash it to Linux (Whew… What a strange idea…)
  3. 3) Finally, catch the virus.
  4. the piece of code does not do anything wrong, only issues some text, yet it proves possibility of viruses even on this platform, proved by Kaspersky.
  5. Who’s next?
  6. Source.

Why my SSL connection doesn’t work?

It is a very frequent question, which, nevertheless, lead to the same answer: the SSL certificate has to be issued for the same name which a connection is being established.

For example: if your certificate is issued for, then every connection to the site by aliases like or will result in error. In the very best case it is the user, who sits on the other side of connection and is able to process the error. Otherwise, in case it is, say, Windows Update client or some other piece of software, it may lead to a fault.


I’ve received a question through the Russian TechNet Forums, answer to which is to be widespread. The fact is that the CRL checking process has been change in IE7 in case CRL is not reachable. While IE6 shows the warning in that case, IE7 by default doesn’t show anything. It is easy to think up the situation (which is, fortunately, harder to implement) which will lead to some problems due to such a behavior of the browser.

It is quite easy to switch the thinks back, just add the following key to the registry:


After that we will receive beautiful, extremely cheerful yellow warning in the address line:


Of course I must warn you of necessity to backup registry before the procedure.