Persistence of data on storage media

Most people I’ve met don’t think twice about what happens when they press the delete key, or drag a file to the trash/recycle bin. The guys at Security Focus have written a nice article on this subject which will be eye-opening for anyone who hasn’t read about it before. The sad thing is that this information has been common knowledge in the IT community as far back as I can remember, yet it is still a problem to this day.

If you’re like me, you mostly use bluetooth on one of those high-tech looking wireless headsets for your phone. Every once in a blue moon when I get bored with my current ringtone, or if I want to get some pictures off my phone I use the OBEX feature to transfer files to and from my phone from a computer. I recently had this urge while using a new laptop from work running Vista. Windows XP had some limited bluetooth support, so I figured things would be better in the latest version. Perhaps my Mac has spoiled me, but I was expecting a lot more than I got. While there’s actually some built-in control panel tools, the functionality is essentially the same as XP. You’re only built-in option for file transfers is the antiquated send/receive file option. This is how you would have transferred a file via IR on a pair of PDAs about 10 years ago. Finally in frustration I turned to google which pointed me to a shareware program from Medieval Software. Their OBEX file transfer program did the trick. Still, when I could do all of this on a 5-year old Mac with the built-in tools in OS 10.4, it was disappointing.

note: if you happen to turn off the bluetooth adapter in Vista and then can’t find the notification icon that turns it back on, check the properties of your start menu. When I disabled the bluetooth adapter on my Dell D620, the icon became inactive and got hidden. To get it back I had to uncheck the “hide inactive icons” option on the “Notification Area” tab of the start menu properties page.

A zero-day exploit was posted to PacketStorm a few days ago for WordPress 2.2. The vulnerability allows SQL code injection due to unchecked inputs in the xmlrpc.php file. A patched version of this file has been posted to TRAC, but no official update has yet been released. If you’re running a WordPress 2.2 powered blog, I’d highly suggest applying this fix immediately. It might not be a bad idea to take a look through your database as well. There was a discussion of this exploit and the related fix on the WordPress support site, but I’m surprised that 5 days later there has still been no official mention of this on the WordPress dashboard.

update: A release candidate of 2.2.1 has been posted which fixes the xmlrpc bug as well as a few others. Hopefully we’ll see an official release of 2.2.1 soon…