Skip to Navigation | Skip to Content

March 2007

« February 2007 | Main | April 2007 »

March 30, 2007

Windows Animated Cursor Attack

On Wednesday, March 28, Microsoft announced a new vulnerability that targets the "animated cursor" function in Internet Explorer 6 and 7.

Animated cursors are used on different websites for legitimate reasons. However, this latest vulnerability uses the animated cursor function to install and execute a trojan file on the victim computer. Infected computers may be controlled by a remote attacker, who may install a keylogging tool or other malicious files

The attack does not require any user interaction. Computers can be compromised simply by visiting a website that contains the malicious code. The infection happens in the background and the user may not be aware that the computer is compromised.

This vulnerability affects the following operating systems:

  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 2
  • Microsoft Windows Server 2003
  • Microsoft Windows Vista
  • (See link below for more Operating Systems)

Vista's IE 7 in protected mode shields the computer against drive-by installations.

There are no patches for the vulnerability at this time. Microsoft suggests that customers avoid visiting unknown websites or open email from unknown, untrusted addresses. It is also suggested that users open emails in plain text format since it will reduce the risk of malicious code executing.

Read more about this alert on Microsoft's Security Bulletin website:

Microsoft Security Advisory (935423)

UPDATE 04/09/07

Microsoft has released a critical update that fixes the Animated cursor vulnerability. You can download and install the latest patches by following the link below:

Microsoft Windows Update

March 19, 2007

Call For Nominations: Sadowsky Prize

ITS is seeking nominations for the George Sadowsky Prize of $500 to a student who exhibits exemplary innovation using the Internet for community service. The deadline for nominations is Monday, April 2nd. Nominations may be sent to Heather Rogers: heather.rogers@nyu.edu in ITS. Please send a description of the nominee's work/project (include website if applicable). Please highlight how the work is innovative in its use of the Internet and how it serves the community. Also send contact information (mailing address, phone number, email address) for both the student nominee and the nominator.

George Sadowsky worked at NYU in Information Technology leadership for 10 years and made tremendous progress with the advancement of computing and connectivity for education. In addition to his NYU efforts, he worked globally with a number of different organizations to promote the use of the Internet around the world, especially to those neediest countries where technology is farthest behind. He retired from NYU in 2001 but continues his work as an "Internet evangelist" to this day.

March 07, 2007

Daylight Saving Time Changes

As a result of the Energy Policy Act of 2005, Daylight Saving Time will begin three weeks earlier this year, on Sunday, March 11th, and end one week later, on Sunday, November 4th. Many electronic devices (desktop and laptop computers, handheld devices, clocks, DVD, CD and game players, etc.) are programmed to know when the traditional DST begins and ends, but some may not be prepared for this change. To help ease this transition, take the steps described below.

ON OR BEFORE MARCH 10TH

  • ITS strongly recommends that you back up your data on both handheld and computing devices such as laptops and desktops.
  • Check to see if your device manufacturers have released DST patches.
    • Microsoft released a DST patch for Windows XP in February (http://support.microsoft.com/gp/dst_topissues). To make sure the patch is installed, run Windows Update before March 11th. To run Windows Update, open the Start menu, select Settings, then Control Panel, then Automatic Updates. Check for updates and turn on Automatic Updates if not already activated.
    • Apple released a DST patch for Macintosh OS X in February (http://docs.info.apple.com/article.html?artnum=305056). To make sure the patch is installed, run Software Update before March 11th. To do so, open the Apple menu at the upper left of your screen, select Software Update, and install the updates that appear.
    • Additional patches are listed at the end of this message, but this list is not exhaustive--search your device manufacturers' websites for complete information.

ON OR AFTER MARCH 11TH

  • Check all of the electronic devices you use, and if they have not been automatically updated to the correct time, manually set their clocks one hour forward. Please note that some of these devices may automatically reset their clocks on April 1st, 2007 (the old DST date), so you may need to manually correct these devices again at that time. The same may be true for the October 28th/November 4th change.
  • As a precaution, consider confirming via email or phone any appointments that occur during the following time periods. (Please note that people who use Meeting Maker to schedule appointments during these time periods with people in countries or regions that do not use DST may notice discrepancies and should manually confirm these meetings.)
    • March 11th through the first week of April 2007 (in future years, the period between the second Sunday of March and the week following the first Sunday of April)
    • October 28th-November 4th, 2007 (in future years, the period between the last Sunday of October and the first Sunday of November).

IMPORTANT NOTES

ITS does NOT anticipate DST-related issues with NYUHome or Blackboard, with NYU's data and voice networks, or with our administrative applications (SIS, Albert, HRIS/PASS, fame, Advance, Data Warehouse, BIA, eReports, Brio, Remedy, etc.).

ITS also does not anticipate DST-related issues with Meeting Maker 7.5-8.5 (aside from the potential international meeting issue described above). If you use Meeting Maker v. 7.5-8.5 and synchronize with a handheld device, please do NOT update your handheld device with any DST-related patches. If you have already patched your handheld, be sure to confirm any meetings scheduled during the spring transition period described above (see below for instructions). A new version of Meeting Maker is expected to be available soon. This upgrade, along with new synchronization software, will address long-term DST issues (including the upcoming fall change).

ADDITIONAL UPDATES

Please note that this list is not exhaustive--search your device manufacturers' websites for complete information.

For Handheld Owners Who Have Already Applied the DST Patch

As noted above, people who use a handheld to synchronize with Meeting Maker should not install any DST-related patches. If you have already applied the DST patch to your handheld, follow these steps ON OR AFTER MARCH 11th to determine whether the update will cause any problems when synching with Meeting Maker. Note that ITS has based this assessment on Treo handhelds, but the same procedure should work on other brands as well.

  1. Create a test meeting in Meeting Maker that is scheduled between March 11th and April 1st.
  2. Sync your handheld with Meeting Maker.
  3. Check the time of this meeting on your handheld and make sure that it matches the time in Meeting Maker.
  4. Now create a meeting on your handheld that is scheduled between March 11th and April 1st.
  5. Sync your handheld so that the meeting appears on Meeting Maker.
  6. Check the time of this meeting on Meeting Maker and make sure that it matches the time on your handheld.
  7. If all the times match, then you should not have any issues.
  8. If there are discrepancies, then you will need to manually correct any mistakes that are made by the synchronization. (Alternatively, Treo owners can perform a hard reset to remove the DST patch--this will not work on other brands of handhelds).

In the event that your handheld does not update its clock properly when DST begins on March 11th, you can manually update the time (see below).

How to Manually Change the Time on your Handheld Device

Blackberry

  1. From the home screen on the Blackberry, go to the Options icon. (Note: On newer Blackberries, the Options icon is located in a folder called Settings.)
  2. In the Options menu, go to Date/Time.
  3. Scroll until the cursor is on the hour of the displayed time.
  4. Click the wheel and select Change Options.
  5. Scroll to change the hour, then click the wheel again.
  6. Click the Back button and select Save.

Palm OS (Treo)

  1. From the home screen on the Treo, go to the Pref icon. (Note: At the top right corner of the screen, make sure All is selected.)
  2. In the Pref menu, go to Date & Time.
  3. For Treo users, make sure to uncheck the checkbox next to "Get date & time from mobile network" before manually setting the time.
  4. Click Done when finished.

Windows Mobile

  1. Click the Start menu at the top left corner of the screen and go to Settings.
  2. Click the Settings tab on the bottom of the screen and go to Clocks & Alarms.
  3. Manually set the time and click OK at the top right when done.
  4. Click Yes to save the changes.

Download FireFox Javascript Patch

Mozilla, the company which owns and distributes Firefox, has released a patch that addresses a javascript vulnerability in Firefox 2.0 & 1.5. This update addresses that security issue and is availble for both the Mac and Windows versions of FireFox.

Following recent updates, Mozilla discovered that disabling the javascript feature in the web browser could be circumvented by specially crafted image file tags.

Click here to download the latest patch for your version of Firefox.

Download Patches for Quicktime

On Monday March 5th, Apple released 8 security patches for both the Windows and Mac versions of Quicktime. Quicktime is an Apple media player application that is bundled with iTunes.

Without the patches, Mac's and Windows PC's are vulnerable to a cyberattack. A malicious file can be created that when opened with Quicktime, could give the attacker full control over a computer.

If you have Quicktime installed, click here and download the latest updates for your operating system.

Spring Break Schedule at ITS Labs

From Monday, March 12 through Sunday, March 18, the ITS lab facilities will follow a modified Spring Break schedule:

The normal schedule at all labs will resume on Monday, March 19, 2007.