Okay, so the warning is a little late, but still may save someone.  Microsoft’s latest Patch Tuesday included update MS10-015, which since has rendered some Win XP boxes BSODed into a never-ending reboot loop.  Even booting up into Safe Mode doesn’t seem to fix it because it’s a kernel bug.

If you’re infected with Microsoft’s latest security vulnerability fix and your Windows XP box is now a  brick, your only hope is to have backed up before the patch was thrust upon you.  Though it is possible that some Windows CD/DVD recovery trickery may be able to help uninstall the Patch Tuesday updates.

So you’ve got yourself a Windows 7 RC (Release Candidate) that was meant for testing, and you’re laughing at your friends who actually payed for a retail version of Windows 7.  Well, your laughter may not last for much longer.  Microsoft is on to you.

Yes, that’s right.  Microsoft will start using its wiles to make your free Win7 RC a lot less user friendly.  Starting February 15th you RC users will be annoyed with constant pop-up notifications that you’re not using a legitimate copy and that you should upgrade to the real deal.  As if that’s not bad enough, then starting on March 1st your Win7 RC PC will begin shutting itself down every two hours if you still haven’t upgraded yourself a legitimate copy of Windows 7.  And then on June 1st, if you still haven’t gotten the message, your wallpaper will be removed so that, “This copy of Windows is not genuine,” can be displayed in the lower-right corner, just above the taskbar.  Whilst simultaneously any and all updates or downloads to the RC that require Windows Validation will be blocked.

Yes, that’s right Windows 7 RC users, there is to be no more free lunch.  Your test version of Windows 7 is not going to last forever.  But then, you knew that from the beginning.

And all that you have to do in order to legitimize your Windows 7 experience is upgrade.  That’s right.  You don’t even need to buy the full version.  The cheaper upgrade version is all that you should need to make your Windows 7 experience valid and stop the Microsoft harassment.

Well here’s a shocker (or is that a scorcher?) for you, yet again batteries are being recalled for being flammable.  This time it’s Fujitsu recalling some 2007-2009 AMILO notebooks (Pa2510, Pi2512 and Pi2515 models) with bad batts.

One wonders how after so much time these lithium-ion rechargeables still pose so many problems to manufacture correctly.  It’s no wonder hybrid and plug-in automotive manufacturers are so reluctant to touch them!

So Merry Christmas Fujitsu notebook owners!  Let’s hope what lights up your Christmas tree isn’t a spot of laptop-induced spontaneous combustion!

Do you own a Belkin iPod cigarette lighter dock device?  Certain models of the Belkin TuneBase Direct And Belkin TuneBaseFM are being recalled because they represent a fire hazard due to a possible short circuit!  (Doh!)

The affected models were sold starting April 1st 2009, so if you bought yours before then you should be safe.  If you’re still unsure, the model numbers recalled are: F8Z441, F8Z441ea, F8Z442, F8Z442ea, F8Z176, and F8Z176eaBLK.

For more information and how to go about getting your replacement, look here.

In computers we trust.

But the funny thing is, we shouldn’t.  We really really shouldn’t.

So what’s the latest in security news to remind us how insecure computers can be?  Right.  Let’s get crackin’…

Gone in 60 Seconds, WPA Key On A Silver Platter:

To start with, let’s hear it for wireless networking!  Never has hacking been easier.  You don’t even need to connect a wire.  Often, you don’t even need to be in the building.  Just drive by, park nearby, walk along with a laptop, whatever your evil little heart desires, and you can begin the computer equivalent of breaking and entering at your convenience with no real worry of strange looks or calls to security.  That in itself makes wireless networking so very dangerous.  But then there’s the encryption protocols…

The absolute worst, most rubbish ever to use, would be WEP.  Don’t even touch it.  If you think you’re secure using WEP you might as well just not even bother trying.  Now WPA was at least  better.  Key word here however is “was”.  As in past-tense.  Yes, that’s right.  A system of hacking WPA was developed by Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University that is based on the established Becks-Tews method and can hack WPA in as little as one single minute.  Yes.  Sixty seconds or less and your WPA key is handed over on a silver platter.  This is of news because one of the formerly best hacks of WPA, the aforementioned Becks-Tews method, takes more than ten minutes.  You can look deeper into these methods if you care to, but the simple point is WPA is dead to us.  As dead as WEP.  Now the minimum to be secure wirelessly is WPA2.  Which, being old itself, you should have been using already anyway.

Hot List – Snow Leopard Insecurities:

So you just upgraded your Mac to Snow Leopard, Apple’s latest Mac OS X.  Congratulations!  But did you know that Show Leopard comes with an older version of Adobe Flash?  Yes, that’s right.  Even if you had upgraded to the latest and safest version from Adobe before (which would be 10.0.32.18 at the time of writing), you’re downgraded now.  Back to version 10.0.23.1.  And that means exposure to old exploits and attacks on your shiny new and “secure” Mac.  All without a hint of warning from Apple.  Isn’t that nice of them?  So if you upgraded to Snow Leopard, be sure that one of the first things that you do is update your Adobe Flash … again.

But that’s not all.  Oh no.  Apple’s far too unconcerned with security for that.  Apple has kindly included malware protection built in to Snow Leopard.  (Why is it when Microsoft does this, it’s anticompetitive, but when anyone else does it, it’s heralded as genius?)  Which you’d think is good.  Bundled protection means more people are safe.  If you download and install some Big Nasty Snow Leopard pops up a warning and recommends that you toss it in the Trash before it harms your computer.  How nice.  It sounds good, except that so far Apple’s protection is very … limited.  It hardly identifies any baddies at all.  And this is the problem, because it lulls you into a false feeling of security.  You’re protected, right?  Wrong!  So until Apple does a much better job of identifying malware it is highly suggested that you also install your own protection software.

Microsoft IE – Something Rotten in Denmark England:

And speaking of Microsoft and bundling, Microsoft’s SmartScreen Filter, built/bundled into Internet Explorer 7 and 8, has decided to protect a lot of folks from those dangerous blokes across the pond by blacklisting every uk.com top level domain!  Um, come again?  Yes, that’s right.  To protect you from phishing attacks, IE blocks Blighty.  As one would imagine, this has caused a great deal of problems and phone calls from concerned web surfers over there.  Of course Microsoft fixed things fairly quickly.  After all, blacklisting entire countries on a whim is kind of bad press.  But it just goes to show, sometimes “security” works as much against you as it does for you.

O2- Something Else Rotten in Denmark England:

Customers of O2, a British internet service provider, may want to disconnect.  O2 has been handing their customers faulty routers.  The O2 Wireless Box II (a rebranded Thomson TG585) and the O2 Wireless Box III (a rebranded Thomson TG585n) are vulnerable to cross-site request forgery (CSRF) attacks, allowing pretty much anyone to easily log into your router itself, at will, no questions asked.  This in turn lets them steal your encryption key, even if you use WPA2, and do all sorts of other not-so-nice things to your computer.  Needless to say, this is bad.  But after badgering O2 about it, security champion Paul Mutton has finally convinced O2 that it actually is a problem.  And O2 has promised to look into it and remedy as necessary.  If you’re an O2 customer, make sure you keep on top of this, as at-will hijacking of your router is A Bad Thing.

World of Warcraft – Gone Phishing Again?:

Yes, same as always then.  The official Blizzard WoW forums are being used to distribute malware to steal your passwords, blah blah blah.  If you play World of Warcraft and have somehow not heard of all of the phishing and malware trying to steal your account information so that hackers can sell your loot for real money, then you must be oblivious.  To everyone else, same s___, different day.  This latest phish is pretending to offer you exclusive access to a new service.  Just click on their invitation, bend over, and take it from  behind.  I guess these things must work, because hackers keep doing them.  But honestly, if there isn’t a group of people that should be extremely aware of security by now…  Welcome to the World of Phishcraft.

What’s This?  Good News?  Google Polishes Chrome:

If you use the newest web browser darling, Google Chrome, then congratulations, you’ve got a patch to fix a couple of severe vulnerabilities.  The update to 2.0.172.43 protects you from a known attack on Google’s V8 JavaScript engine, and from a known attack on webpages using XML-encoded information.  If you  haven’t patched your Chrome yet, it is highly recommended.

Well, that’s it for now.  Be wary.  Be safe.