Day: April 2, 2007

PSP price drop – $170

Finally. The long-overdue PSP price drop has come to be. Starting April 3rd, the PSP core pack will be just $169.99.

Were you planning on picking up a Sony PSP tomorrow from your local Gamestop or EB Games? Excellent. Were you planning on paying for it? Super excellent. As a reward for your unquestionable moral values, you’ll be given a $30 discount on that purchase of “the past”. You see, as of April 3, the PSP Core Pack is being marked down from $199.99 to $169.99.

I’ve been planning on getting a PSP for a while. Looks like another push for me to get out and do it.

[tags]PSP price drops $30, PSP core now $170[/tags]

Australian game reviewers get offered special perks for positive reviews

If I ever saw a dream job, this story about the offerings for game reviewers in Australia certainly seems to be the one I’d try to get.

Former editor of Official Australian PlayStation 2 Magazine Richie Young got his weekly editorial off to a very controversial start by suggesting that corruption is rife in the Australian gaming press.

Young’s accusations include reviewers being offered sex and money to change review scores, backroom deals in exchange for “exclusive” stories, elaborate gifts like overseas trips, and advertising support influencing review scores.

Time to start looking for a job down, I suppose, so I can pay the bills until I get the dream job.

[tags]Australian game reviewer offered sex for exclusive stories and better review scores[/tags]

Latest zero day attack in the wild

If you surf the web using Internet Explorer, here’s another reminder that you should consider switching browsers:

If you’re reading this with Internet Explorer on a Windows machine, don’t. The Windows animated cursor zero-day attack that was coming through on IE 6 and 7 running on fully patched Windows XP SP2 is now also hitting Windows 2000, Server 2003 and Vista. As F-Secure advises, better to use some other combination.

Proof-of-concept code for the attack was released after business hours on Friday, according to SANS.

Blocking .ani files won’t help. SANS has picked up reports of the vulnerability being exploited in the wild with .ani files renamed as JPEGs.

Microsoft today posted security advisory 935423 about the exploit. Here’s the full list of vulnerable systems:

Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows Vista

The company still hasn’t provided a patch. The vulnerability is a candidate for inclusion in the CVE (Common Vulnerabilities and Exposures) list, having been assigned the label CVE-2007-0038 (previously also CVE-2007-1765).Although there currently is no official patch, a SANS handler has posted instructions on detecting and filtering out .ani file exploitation attempts. eEye provided a temporary patch, although the company recommends updating to Microsoft’s patch when it’s out.

That’s a pretty significant vulnerability, and there’s just not a way to deal with it in a manner that would leave me comfortable.  I highly recommend Mozilla or Opera for the Windows-bound, although you have to remember that no matter what browser you use, there will be vulnerabilities at times.  In this case, it’s a matter of reducing your exposure.

[tags]Zero-day Windows exploit via animated cursors, Time to switch browsers[/tags]