Microsoft Patch Day March 2009

Martin Brinkmann — Tue, 10 Mar 2009 17:26:36 +0000

Just a few minutes ago the patches for this month’s patch day have been uploaded to Windows Update and Microsoft Update. Users are encouraged to update their Microsoft operating system as soon as possible to close the recently discovered security vulnerabilities. Among the affected operating systems are practically all Microsoft operating systems since and including Windows 2000. This means the popular operating systems Windows XP and Vista are affected as well as Windows Server 2003 and 2008.

One security vulnerability has a critical rating for all affected operating systems while the other two are rated important by Microsoft’s security research team.

Details about the Security Bulletins can be found by following these links: Microsoft Security Bulletin MS09-006, MS09-007 or MS09-008. Another possibility is to access the Security Bulletin Summary at Microsoft Technet.

The vulnerabilities fix one remote code execution vulnerability and two spoofing vulnerabilities on the affected Windows operating systems:

Vulnerabilities in Windows Kernel Could Allow Remote Code Execution
Vulnerability in SChannel Could Allow Spoofing
Vulnerabilities in DNS and WINS Server Could Allow Spoofing

Read all Wallstreet Journal articles for free

Martin Brinkmann — Sat, 22 Mar 2008 12:48:23 +0000

The Wallstreet Journal [link] is one of those online magazines that has a subscription service that protects some of its stories from being read by users that have no subscription. Only an excerpt of the story is available for free while the rest can only be read by subscribers, or so we though.

Apparently though the Wallstreet Journal website is making referrer checks to see if a user is coming from either Digg or Google News and will present the user the full story if the check is successful. Everyone else coming from different websites or opening the Wallstreet Journal page manually will only see the excerpt.

A referrer check is one of the weakest protections because referrers can easily be spoofed. The Firefox add-on refspoof provides users with an easy way of spoofing the referrer. Read on to find out how you can read all Wallstreet Journal articles in full length for free.

Install the refspoof Firefox extension or any other utility that is able to spoof the referrer. The refspoof toolbar becomes available after restarting Firefox, enable it under View > Toolbars > Refspoof Toolbar.

Now enter digg.com in the spoof filed and select static referrer by clicking on the R icon on the right end of the toolbar. Visit the Wallstreet Journal and surf around. You will notice that all articles are available. If you disable it many articles will only display an excerpt of the story.

Is it ethical to do so ? That’s honestly not my decision to make, it is yours. I think that the Wallstreet Journal wants that traffic, wants their stories to hit the frontpage of Digg and Digg would surely ban their website if their users were only to see an excerpt of the story.

Update: The Wallstreet Journal recently changed the way their website is accessed. The workaround no longer appears to be working.

gHacks Technology News | Latest Tech News, Software And Tutorials » spoofing

Microsoft Patch Day March 2009

Read all Wallstreet Journal articles for free