Adobe Patches Flash Player

February 11, 2010

Adobe has published a Security Bulletin (APSB10-06), which announces the availability of a security upgrade for its Flash Player to versions 10.0.45.2.  (Adobe’s AIR product is also upgraded.)  The upgrade addresses two security vulnerabilities (CVE-2010-0186 and CVE-2010-0187) that could be exploited by malicious Flash content.  Adobe characterizes this as a Critical update.  It is applicable to all platforms (Windows, Linux, and Mac OS X).

The new version can be downloaded from the Flash Player Download Center.  Given that Flash Player is one of the most widely deployed and used browser plugins, it is an atrractive target for the Bad Guys; so I recommend getting the updated version as soon as you can.


Adding Things Up

February 11, 2010

The New York Times has recently introduced a new series of “Opinionator” articles on its Web site, articles that are all about mathematics.  (One has to admit that this is not a typical subject for OpEd pieces.)  The articles are written by Prof. Steven Strogatz, professor of applied mathematics at Cornell University.  As he describes his objective:

I’ll be writing about the elements of mathematics, from pre-school to grad school, for anyone out there who’d like to have a second chance at the subject — but this time from an adult perspective. It’s not intended to be remedial. The goal is to give you a better feeling for what math is all about and why it’s so enthralling to those who get it.

Judging from his first two columns, Prof. Strogatz is an entertaining writer who is able to present some subtle ideas in a very accessible way.  In his first column, “From Fish to Infinity”, he talks about what one might call the duality of numbers: they represent something very concrete, like six fish or six baseballs or six dollars, yet they have an abstract existence in which they follow their own rules.

Even though they exist in our minds, once we decide what we mean by them we have no say in how they behave. They obey certain laws and have certain properties, personalities, and ways of combining with one another, and there’s nothing we can do about it except watch and try to understand.

He also talks about an idea I always try to emphasize with students I tutor: that a number is something distinct from the name or symbol by which we refer to it.  That is,

5, V, cinq, fünf, 8-3, 20/4

all refer to the same number.

In his second column, “Rock Groups”, Prof. Strogatz talks about the playful side of arithmetic, and uses the idea of arranging groups of rocks to illustrate, for example, why the sum of two odd numbers is always an even number.  Perhaps more surprising, he shows how the sums of sequential odd numbers are perfect squares; that is:

1 + 3 = 4

1 + 3 + 5 = 9

1 + 3 + 5 + 7 = 16

1 + 3 + 5 + 7 + 9 =25

It is, perhaps, a way of thinking about the properties of numbers and arithmetic that is a bit different from what most people are used to; yet in some ways it is not that odd, at all.

Looking at numbers as groups of rocks may seem unusual, but actually it’s as old as math itself. The word “calculate” reflects that legacy — it comes from the Latin word “calculus,” meaning a pebble used for counting.

I think it’s quite possible that much of the early understanding of how numbers work came from little experiments like these.

In any case, I think it’s great to see a column like this one in a publication like the New York Times.  I’m looking forward to reading Prof. Strogatz’s next article.

(Incidentally, the columns also furnish some great references to further sources of mathematical insight.  One that is worth mentioning is the wonderful essay, “The Unreasonable Effectiveness of Mathematics in the Natural Sciences”, by Prof. Eugene Wigner, Nobel laureate in physics.)


MS Patch Causes Blue Screen of Death

February 11, 2010

Brian Krebs, in his “Krebs on Security” blog, is reporting that one of the patches from this month’s Microsoft “Patch Tuesday” is causing some Windows computers to crash with the infamous “Blue Screen of Death”.  (There are also reports on this problem at Ars Technica and at the SANS Internet Storm Center.)  The problem apparently affects mainly Windows XP 32-bit installations.  The dodgy update is apparently MS10-015 (Microsoft KB 977165), which pertains to a Windows kernel vulnerability.  Installing the update requires a system reboot; when this is done, the result is a Blue Screen with the following messages:

A problem has been detected and Windows has been shutdown to prevent damage to your computer.

PAGE_FAULT_IN_NONPAGED_AREA Technical Information: STOP: 0x00000050 (0x80097004, 0x00000001, 0x80515103, 0x00000000).

There is a way to uninstall the patch that seems to be causing the problem, although it requires that you have your original Windows CD, or a bootable Windows installation on a USB drive:

  1. Boot from your Windows XP CD or DVD and start the recovery console (see KB307654 for help with this step)
  2. Type this command: CHDIR $NtUninstallKB977165 $\spuninst
  3. Type this command: BATCH spuninst.txt
  4. Type this command: systemroot
  5. When complete, type this command: exit

If you are a home user in the US or Canada, you are eligible for free support from Microsoft on security-related issues; you can open a support incident by calling 1-866-PCSAFETY (1-866-727-2338). If you have not yet installed this month’s patches, and are running XP, it might be wise to skip installing MS10-015.

I will update this post with further information if/as it becomes available.

Update, Thursday, 11 February, 17:10 EST

Ars Technica reports that Microsoft has provided this link for people who believe they have been affected by this issue.  At the moment, a quick glance does not reveal anything directly related, but it’s probably worth looking at a bit later to see if anything new has been posted.  I’ll update this post again if I find out anything new.

Update, Thursday, 11 February, 22:45 EST

Microsoft now has posted an article on their “Security Research Center” blog about this issue.  Apparently the MS10-015 update has now been removed from the automatic Windows Update mechanism, although it is still available via other channels.  The article also mentions a work-around for the vulnerability (which I believe is the one I wrote about back in January)  for those who don’t want to risk installing the patch.

Update, Friday, 12 February, 14:03 EST

Microsoft has an update on this issue at the “Security Research Center” blog. They say that one cause (not necessarily the only cause) of the problem is installing the update (MS10-015) on a system that is already infected with malware.   They are continuing to investigate the problem.

Update, Wednesday, February 17, 23:30 EST

Microsoft has published another update on this problem on the “Security Research Center” blog.  See my recent post here for more details.


%d bloggers like this: