John's web design and music blog

Wednesday Jan 27, 2010

A Day at the Coal-Face in a Full-Service Agency

Today, we'll look at some of the factors involved in a days' work in a full-service agency from a point of view of Brighton based Digital Marketing Agency.

Many web companies have particular areas of specialist knowledge; some will have huge levels of experience in database-driven solutions, others will create amazing graphics and Flash animations. A full-service agency will pick a workforce that allow them to complete multi-disciplined projects in-house and the projects benefit from clear lines of communication throughout.

As a Brighton digital agency, we are surrounded by creative types. Our location has lead to many contacts in the music industry and many of our projects are undertaken for record labels and music venues. Consequently, we build sites with e-commerce solutions, enabling labels to market their music digitally, as well as selling merchandise & traditional formats online through their sites. We also take enquiries and projects from businesses from all shapes and sizes, from independent retailers to large multinational organisations. Being full-service enables us to give attention to detail to the requirements of each client, without relying on external factors that could result in things coming though behind schedule or over budget.

Increasingly, people need more than just a website. Brighton SEO companies are becoming ubiquitous these days, but we have been in the game long enough to know that quick-fix or black hat solutions are never the answer. Keeping abreast of the ever-changing world of internet marketing strategies is paramount, as is monitoring search trends within the industry sectors that we work in for SEO clients.

As well as these factors, many companies are finding that off-the-shelf solutions are not esoteric enough to fit their needs. In the 21st Century, more and more companies are choosing bespoke software development to ensure that the solution is measured precisely to fit the problem, rather than papering over the cracks.

In short, a full-service agency needs to be personable, adaptable and solution-focussed to achieve. Working within one is a great way of surrounding yourself with people with amazing skill-sets and learning a lot in the process!

[Read More]

Posted at 11:28AM Jan 27, 2010 by John Chen |

Sunday Oct 11, 2009

Arkansas Arts Centre Corporate Devision - Site revamp

I am currently involved in revamping the Arkansas Arts Centre Corporate Devision web portal. I am in desperate need of a new logo design and currently don't have the resouces to set one up, if anyone is interested please contact me for the details.

The corporate organisation unit for Arkansas Arts Center, information on corporate events, hall hire and sponsorships.

For over 30 years, the Arkansas Arts Center has been steadfastly committed to building a collection of unique works on paper, primarily American and European, from the Renaissance to the present. Among the most recognizable works in the collection are sheets by CÃÂ©zanne, Van Gogh, Jackson Pollock, Georgia OÃ¢â¬â¢Keeffe, Alison Saar, Rembrandt and Rubens. The collection also features 135 drawings and watercolors by the Post-Impressionist Paul Signac, over 100 Post-Minimalist drawings, Arthur DoveÃ¢â¬â¢s Sketchbook Ã¢â¬ÅEÃ¢â¬Â, and nearly 80 works by Will Barnet.

[Read More]

Posted at 12:27AM Oct 11, 2009 by John Chen |

Thursday May 07, 2009

drupal6: Multiple Vulnerabilities

Package        : drupal6
Vulnerability  : multiple
Problem type   : remote
Debian-specific: no
Debian Bug     : 526378

Multiple vulnerabilities have been discovered in drupal, a web content
management system.

pod.Edge discovered a cross-site scripting vulnerability due that can be
triggered when some browsers interpret UTF-8 strings as UTF-7 if they
appear before the generated HTML document defines its Content-Type.
This allows a malicious user to execute arbitrary javascript in the
context of the web site if they're allowed to post content.

Moritz Naumann discovered an information disclosure vulnerability.  If
a user is tricked into visiting the site via a specially crafted URL
and then submits a form (such as the search box) from that page, the
information in their form submission may be directed to a third-party
site determined by the URL and thus disclosed to the third party. The
third party site may then execute a cross-site request forgery attack
against the submitted form.

For the stable distribution (lenny), these problems have been fixed in 
version 6.6-3lenny1.

The old stable distribution (etch) does not contain drupal and is not
affected.

For the unstable distribution (sid), these problems have been fixed in
version 6.11-1

Operating System:     Debian GNU/Linux 5.0
Impact:               Execute Arbitrary Code/Commands
                      Read-only Data Access
                      Cross-site Request Forgery
                      Cross-site Scripting
Access:               Remote/Unauthenticated

[Read More]

Tags: internet security drupal auscert
Posted at 09:57PM May 07, 2009 by John Chen |

Thursday Oct 30, 2008

Serviced Offices make your business success their priority

At one time or another we have all had the dream to become a successful entrepreneur. Some of us may have fantasized about opening a bike shop, while others like to explore the complexity of investments and taxes, and seek out to become certified financial planers. We all strive for the freedom of being our own boss, managing a company effectively, to our own standards, and implementing ideas we feel may lead to a wealthy future.

If you are one of these budding industrialists just starting your search for office space, are growing and expanding your current business into new markets, or if you need to lower your real estate and operating costs, and want to adjust your space requirements, The Offices can provide you the flexibility and services you need to meet your needs.

The Offices, a serviced offices provider company located in the Brisbane area offers furnished executive suites, which are equipped with broadband Internet access and extended telephone answering services. Superior reception, bookkeeping and administrative services, a large conference room, as well as the latest messaging technology systems are all included. Furthermore, experienced staff members will tend to all your office details, while you take care of your business. Imagine, coming to work knowing that every day, refreshments are brought to your office, your mail has been prepared, and you will never have to worry about hiring or firing employees. It is not only a tremendous time saver, but will also conserve funds, which you can reinvest in your business.

At a facility management company, such as the serviced offices Brisbane, they welcome you every morning with a cheerful hello and a newspaper, just for you! You will have their first class, in house networking support system at your fingertips, even when you are in a meeting with clients, and suddenly need comprehensive bookkeeping services. A secretarial assistant will also back you up whenever needed, conveying a superior professional image, that will definitely impress your clients.

For an hourly, daily or permanent solution, you can contact the serviced offices north Brisbane. The facility at the offices includes executive, furnished office suites, boardrooms (tea or coffee on arrival, chilled water and sweets can be requested), furnished training rooms and a seminar room that boasts surround sound and in-roof data projector. These options will make your presentations even more proficient.

It is obvious that when you need a professional address or want to conduct business in a high quality environment, away from the distractions and challenges of home, you need the professional services and affordable tailor-made solutions of serviced offices. The advantages outweigh the cost, and think about it, the less time you spend on administrative hassle, the more you can concentrate on making money.

New Ways To Save Money On Employee Training During Tough Economic Times

"Understanding the value of change is the key to success!" This revelation certainly includes mankind, a being born with a drive for endurance. The fight for survival started as early as the stone-age, when cavemen, who did not have training and assessment courses at their disposal, had to hunt to survive. Staying alive in today's world seems not as crude, or dramatic, nevertheless, we too have to do whatever it takes, to subsist.

We may no longer be chasing bears to feed our families, but we are still in pursuit of ways to make life easier, educating ourselves being one of them. Today's professional and educational marketplaces are more competitive than ever, and the only way to keep up with the ever changing employment demands is to continue one's education. It does not matter if you are looking at the best induction courses available, or your new dream job is in the hospitality, airline and tourism industries, and you are required to complete one of the RSA courses, you do need high quality training.

Deciding on what occupation seems to fit you best, or which training and assessment courses will get you to your goal the fastest, is not easy. The best way to approach the matter is by writing down which activities you love doing. If you think that working at a warehouse would make you happy, you may have to take some forklift courses. On the other hand, if you prefer working outdoors, and like the idea of building homes, construction courses may get you established a little faster, than just blindly go to a company, and apply. Most employers prefer skilled laborers, even if they have to pay them more.

Examining the current fluctuating job market, we notice that job security is no longer a guarantee in the business world, and situations may change without warning.Â These days anyone can suddenly become unemployed. Job loss, or a higher cost of living can lead to unexpected bills and a sudden need for additional income. These are all valid reasons, why re-training or additional skills, may be of the upmost urgency. In that case, the best solution would be to contact a last minute training booking facility, which can provide the best standby course placements.

Look for an excellent facilitator, such as Startnextweek.com.au, who offers the biggest range of courses, at the lowest prices. They have no bias toward any particular training provider, and therefore ensure that each company has equal opportunities to sell their last minute places, regardless of size or financial position. Startnextweek.com.au has hundreds of renowned training providers listed, has the best courses at genuine last minute prices, and can be reached 24 hours a day, seven days a week. They agree that improving one's skills and expanding the everlasting well of knowledge does not have to cost a fortune. They truly understand that the last thing any trainee, if registered for computer courses or anything else, needs is another financial burden.

Training and education are an accumulation of skills and knowledge. They are essential requirements to putting one's potentials to maximum use, and the key to success and financial freedom.

Hit and Runs Spark Run On Bollards for Businesses

The recent spate of ram raids and hit and runs across Australia has sparked a rush on businesses looking for property protection through products such as bollards and speed humps.

"It used to be that bollards were mainly bought by big companies such as banks and shopping centres, but with the recent run of hit and runs we are fielding lots of enquiries from smaller businesses such as cafes with outdoor seating and corner stores," said Scott Davy from Superior Bollards and Security.

"Businesses and councils are becoming more aware of the risks of cars leaving the pavement and running into customers or property, and as a result we have seen a dramatic increase in the installation of bollards in the past 12 months".

"Even people with businesses or goods stored in industrial sheds are installing their own bollards in front of their roller doors rather than relying on the centre's security" said Scott. A number of recent ram raids have targeted industrial sheds for items such as valuable cars, computers and high priced stock.

"Maybe it is just a sign of the times, but the trend we have observed is that businesses are identifying and addressing the need for better exterior building protection for their properties and their customers."

This trend has also extended to other traffic control systems to slow traffic down around people or businesses. Speed bumps, including portable speed bumps that can be rolled out for major events or during traffic diversions and removed when needed, are also becoming popular for small to medium businesses.

Superiorbollards a Brisbane Bollards supplier can help you determine the perfect system to protect both your personell and property. Call Scott on 1300 426 552 or visit their website for a complete catalog.

[Read More]

Tags: bollards security speed humps convex mirror
Posted at 09:55AM Oct 30, 2008 by John Chen |

Monday Oct 13, 2008

3D Graffiti

Graffititechnica.com is dedicated to the progression of hardcore electronic art and 3d graffiti. The graffiti designs and lettering on this site are completely digital as I want to explore new ways to create 3d graffiti and move away from using paint as a means of expression. So much emphasis is put on the illegality of graffiti in the public space that a lot of people dismiss this art form as just vandalism by frustrated kids with spray paint and too much time on their hands. Despite this stereotype I want to use my work and design skills to create something that has never been seen before and show people a new way of looking at this form of urban art. by web design Brisbane.

computer graffiti

Why Electronic Graffiti?

Because I grew up in the 1980's and I can remember having heaps of electronic toys and being influenced by so many styles of that time. From early game console designs to any number of toy robots from Japan or China. Growing up around technology has clearly influenced my style of art (as with so many of my generation). Graffiti has always been an influence on me since the first time I saw works from trains on the way to the school... All the back industrial lots were covered in styles from generic tags to intricately designed wildstyle. Back and forwards to school gave me loads of time to try to understand the styles and colors that were being used. It was an art form that was so advanced compared to anything that was in the modern culture that it was no wonder that the general public didn't understand it and why society was so keen to remove graffiti at any cost.

[Read More]

Tags: graffiti design art 3d
Posted at 10:20AM Oct 13, 2008 by John Chen |

Sunday Sep 21, 2008

SEO_What not to do as an SEO Company

A lot of my time as an SEO consultant has been spent on educating clients ( mostly small business owners ) on the value of Search Engine Optimisation and it is only within the last 18 months have I seen an improvement in the general publics response and business owners receptiveness to this relatively new marketing channel.

It is not surprising to see now, as the SEO industry begins reaching more public awareness and gaining more exposure. Some irresponsible companies jumping onboard the boom, and taking advantage of small business owners have not been educated enough about search engine optimisation, and the benefits it offers.

An example of what NOT to do as an SEO company can be found here;
http://www.searchenginerankings.com.au/seo-blog/

Internet Advancement told to refund clients

SEATTLE The state attorney general said yesterday Redmond-based Internet Advancement must pay penalties for failing to get its customers top placement on major search engines.

Internet Advancement, which also goes by 4GreatBuys.com, must refund customers, pay $24,432 to the state for costs incurred and a civil penalty of $25,000.

The company had promised to get its customers ranked in the top 10 to 20 results on the search engines for $980 to $1,500 in set-up fees and monthly fees of $79.80 to $89.95.

The case involved "search engine optimization" services, which attempt to get businesses high placement in search-engine results.

"Internet Advancement misrepresented its success rate, promised more than it could deliver, then refused to provide refunds to customers who didn't get what they paid for," said Attorney General Christine Gregoire.

She said the Attorney General's Office, the Federal Trade Commission and the Better Business Bureau received more than 100 complaints from customers around the country.

It is absolutely essential when been approached or approaching an SEO that business owners are aware of the basic fundamentals on how SEO works, or at least they should ask the SEO in detail what will be done to help them achieve their goals.

It is now a very common practice for juvenile SEO to make claims such as "We guarantee top 3 position in GOOGLE in under 3 weeks", be very weary of such outlandish claims any SEO that has been involved in the industry for over 5 years will tell you this is utter nonsense, and company that guarantee you a particular position in a short amount of time, should be treated the same way as those emails claiming your long lost royal relatives from X country has left huge sums of money to you.

SEO | Suggested reading

I offer to you below a list of bookmarks that I personally recommend every business owner to read before or after talking to an SEO, this will help save time, money and a level expectation between you and the SEO.

http://www.google.com/support/webmasters/bin/answer.py?hl=en&answer=35291
http://googleblog.blogspot.com/2008/07/introduction-to-google-ranking.html
http://googlewebmastercentral.blogspot.com/ ( a gold mine for those that can handle the reading)
http://www.diggy.com.au ( my current employer, an ethical and valuable partner to any business, big or small )

Summary

SEO just like any other marketing tool, is NOT the golden egg, if you do not have a solid business plan, or your product is not competitive within the market, no amount of SEO will help improve your business.

If however your business is simply struggling to get more clients / sales or you are wanting to expand your brand's exposure ( world wide or interstate ), SEO is can be an effective channel and cost effective method to help grow your business.

If you have questions or comments, please feel free to post them in the comment box or email me directly.

[Read More]

Tags: small busines online marketing seo general consumer awareness law su
Posted at 03:18PM Sep 21, 2008 by John Chen |

Friday Sep 19, 2008

Drupal third-party module vulnerability - Mailsave, Link To Us

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2008.0887 -- [Win][UNIX/Linux][OSX]
Mailsave, Link To Us (Drupal third-party module) - Cross Site Scripting
18 September 2008

===========================================================================

AusCERT Security Bulletin Summary
---------------------------------

Product: Mailsave
Link To Us
Publisher: Drupal
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact: Cross-site Scripting
Access: Remote/Unauthenticated

Original Bulletin: http://drupal.org/node/309802
http://drupal.org/node/309861

- --------------------------BEGIN INCLUDED TEXT--------------------

- ------------SA-2008-051 - MAILSAVE - CROSS SITE SCRIPTING------------

* Advisory ID: DRUPAL-SA-2008-051

* Project: Mailsave (third-party module)

* Versions: 5.x and 6.x

* Date: 2008-September-17

* Security risk: Critical

* Exploitable from: Remote

* Vulnerability: Cross site scripting

- ------------DESCRIPTION------------

Mailsave is a module that is designed to interact with mailhandler. It will
detach files that are emailed to the site and save them with the node.

The module trusts the mimetype that is send with the file enabling
malicious users with the ability to upload files to execute cross site
scripting attacks.

- ------------VERSIONS AFFECTED------------

* Versions of Mailsave for Drupal 5.x prior to 5.x-3.3

* Versions of Mailsave for Drupal 6.x prior to 6.x-1.3

Drupal core is not affected. If you do not use the Mailsave module, there is
nothing you need to do.

- ------------SOLUTION------------

Install the latest version.

* If you use Mailsave for Drupal 5.x upgrade to Mailsave 5.x-3.3 [
http://drupal.org/node/297842 ]

* If you use Mailsave for Drupal 6.x upgrade to Mailsave 6.x-1.3 [
http://drupal.org/node/297841 ]

Also see the Mailsave project page [ http://drupal.org/project/mailsave ].

- ------------REPORTED BY------------

* Mark Burdett (mfb [ http://drupal.org/user/12302 ])

- ------------CONTACT------------

The security contact for Drupal can be reached at security at drupal.org or
via the form at [ http://drupal.org/contact ] and by selecting the security
issues category.

- ------------SA-2008-052 - LINK TO US - CROSS SITE SCRIPTING------------

* Advisory ID: DRUPAL-SA-2008-052

* Project: Link To Us (third-party module)

* Versions: 5.x

* Date: 2008-September-17

* Security risk: Critical

* Exploitable from: Remote

* Vulnerability: Cross site scripting

- ------------DESCRIPTION------------

The Link To Us module creates a page to display uploaded banners that can
be used by others to link to your Drupal site. The module will create well
formed SEO links with full title, alt and anchor text determined by the
node title, taxonomy term or other pages that are directed to the module.

Unfortunately, the module does not properly escape text, which allows
malicious users who are able to post content to insert arbitrary HTML and
scripts into a page. Wikipedia has more information about such cross site
scripting [http://en.wikipedia.org/wiki/Xss ] (XSS) attacks.

- ------------VERSIONS AFFECTED------------

* Versions of Link To Us for Drupal 5.x prior to 5.x-1.1

Note: the 6.x development version is also vulnerable to this issue. A fix
for the issue will appear within 12 hours in the next 6.x development
snapshot.
Development snapshots are not supported.

Drupal core is not affected. If you do not use the Link To Us module, there
is nothing you need to do.

- ------------SOLUTION------------

Install the latest version.

* If you use Link To Us for Drupal 5.x upgrade to Link To Us 5.x-1.1
[http://drupal.org/node/309863 ]

Also see the Link To Us project page
[ http://drupal.org/project/link_to_us ].

- ------------REPORTED BY------------

* Justin Klein Keane

- ------------CONTACT------------

The security contact for Drupal can be reached at security at drupal.org or
via the form at [ http://drupal.org/contact ] and by selecting the security
issues category.

[Read More]

Tags: blogs auscert drupal. internet security
Posted at 12:00AM Sep 19, 2008 by John Chen |

Wednesday Sep 10, 2008

QuickTime 7.5.5 released fixing multiple vulnerabilities

APPLE-SA-2008-09-09 QuickTime 7.5.5

QuickTime 7.5.5 is now available and addresses the following issues:

QuickTime
CVE-ID: CVE-2008-3615
Available for: Windows Vista, XP SP2 and SP3
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: An uninitialized memory access issue exists in the
third-party Indeo v5 codec for QuickTime, which does not ship with
QuickTime. Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution. This
update addresses the issue by not rendering content encoded with any
version of the Indeo codec. This issue does not affect systems
running Mac OS X. Credit to Paul Byrne of NGSSoftware for reporting
this issue.

QuickTime
CVE-ID: CVE-2008-3635
Available for: Windows Vista, XP SP2 and SP3
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A stack buffer overflow exists in the third-party Indeo
v3.2 codec for QuickTime. Viewing a maliciously crafted movie file
may lead to an unexpected application termination or arbitrary code
execution. This update addresses the issue by not rendering content
encoded with any version of the Indeo codec. This issue does not
affect systems running Mac OS X. Credit to an anonymous researcher
working with TippingPoint's Zero Day Initiative for reporting this
issue.

QuickTime
CVE-ID: CVE-2008-3624
Available for: Mac OS X v10.4.9 - v10.4.11,
Mac OS X v10.5 or later, Windows Vista, XP SP2 and SP3
Impact: Viewing a maliciously crafted QTVR movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in QuickTime's handling
of panorama atoms in QTVR (QuickTime Virtual Reality) movie files.
Viewing a maliciously crafted QTVR file may lead to an unexpected
application termination or arbitrary code execution. This update
addresses the issue through improved bounds checking of panorama
atoms. Credit to Roee Hay of IBM Rational Application Security
Research Group for reporting this issue.

QuickTime
CVE-ID: CVE-2008-3625
Available for: Mac OS X v10.4.9 - v10.4.11,
Mac OS X v10.5 or later, Windows Vista, XP SP2 and SP3
Impact: Viewing a maliciously crafted QTVR movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A stack buffer overflow exists in QuickTime's handling
of panorama atoms in QTVR (QuickTime Virtual Reality) movie files.
Viewing a maliciously crafted QTVR file may lead to an unexpected
application termination or arbitrary code execution. This update
addresses the issue through improved bounds checking of panorama
atoms. Credit to an anonymous researcher working with TippingPoint's
Zero Day Initiative for reporting this issue.

QuickTime
CVE-ID: CVE-2008-3614
Available for: Windows Vista, XP SP2 and SP3
Impact: Opening a maliciously crafted PICT image may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow exists in QuickTime's handling of
PICT images. Opening a maliciously crafted PICT image may lead to an
unexpected application termination or arbitrary code execution. This
update addresses the issue by performing additional validation of
PICT images. Credit to an anonymous researcher working with the
iDefense VCP for reporting this issue.

QuickTime
CVE-ID: CVE-2008-3626
Available for: Mac OS X v10.4.9 - v10.4.11,
Mac OS X v10.5 or later, Windows Vista, XP SP2 and SP3
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in QuickTime's
handling of STSZ atoms in movie files. Viewing a maliciously crafted
movie file may lead to an unexpected application termination or
arbitrary code execution. This update addresses the issue through
improved bounds checking of STSZ atoms. Credit to an anonymous
researcher working with TippingPoint's Zero Day Initiative for
reporting this issue.

QuickTime
CVE-ID: CVE-2008-3627
Available for: Mac OS X v10.4.9 - v10.4.11,
Mac OS X v10.5 or later, Windows Vista, XP SP2 and SP3
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption exist in QuickTime's
handling of H.264 encoded movie files. Viewing a maliciously crafted
movie file may lead to an unexpected application termination or
arbitrary code execution. This update addresses the issue by
performing additional validation of H.264 encoded movie files. Credit
to an anonymous researcher and Subreption LLC working with
TippingPoint's Zero Day Initiative for reporting this issue.

QuickTime
CVE-ID: CVE-2008-3628
Available for: Windows Vista, XP SP2 and SP3
Impact: Opening a maliciously crafted PICT image may lead to an
unexpected application termination or arbitrary code execution
Description: An invalid pointer issue exists in QuickTime's handling
of PICT images. Opening a maliciously crafted PICT image may lead to
an unexpected application termination or arbitrary code execution.
This update addresses the issue by correctly saving and restoring a
global variable. This issue does not affect systems running Mac OS X.
Credit to David Wharton for reporting this issue.

QuickTime
CVE-ID: CVE-2008-3629
Available for: Mac OS X v10.4.9 - v10.4.11,
Mac OS X v10.5 or later, Windows Vista, XP SP2 and SP3
Impact: Opening a maliciously crafted PICT image may lead to an
unexpected application termination
Description: An out-of-bounds read issue exists in QuickTime's
handling of PICT images. Opening a maliciously crafted PICT image may
lead to an unexpected application termination. This update addresses
the issue by performing additional validation of PICT images. Credit
to Sergio 'shadown' Alvarez of n.runs AG for reporting this issue.

QuickTime 7.5.5 may be obtained from the Software Update
application, or from the QuickTime Downloads site:
http://www.apple.com/quicktime/download/

For Mac OS X v10.5 or later
The download file is named: "QuickTime755_Leopard.dmg"
Its SHA-1 digest is: 934f784a553c2d4484d298071ad6d95ea34b8b2f

For Mac OS X v10.4.9 through Mac OS X v10.4.11
The download file is named: "QuickTime755_Tiger.dmg"
Its SHA-1 digest is: dcdf58e27aad2a1e958788c0f58584605c4b8e78

For Windows Vista / XP SP2 and SP3
The download file is named: "QuickTimeInstaller.exe"
Its SHA-1 digest is: 5900ff0b8044972cb06b52dfc913c6364bf27ccc

QuickTime with iTunes for Windows XP or Vista
The download file is named: iTunes8Setup.exe
Its SHA-1 digest is: 5d4ff8ffbe9feeaed67deb317797c1d71a03c359

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

- -----BEGIN PGP SIGNATURE-----
Version: 9.7.2.1608

- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
[Read More]

Tags: quicktime security internet auscer
Posted at 01:37PM Sep 10, 2008 by John Chen |

edna.edu.au

Tags

Entries

Feeds

Links