Recipe for Removing Latest Adobe Shockwave (Win) Vulnerability

Adobe Shockwave has a critical vulnerability (APSB09-08) that doesn't update itself a la Microsoft's push updates. The instructions found hither and yon surrounding this update seemed a bit vague, so here is a simple attempt.

Although it might seem otherwise, Adobe doesn't have a standard patch push mechanism, so this recent critical vulnerability in Shockwave is probably not being fixed on your machine. It wasn't on mine.

http://www.adobe.com/support/security/bulletins/apsb09-08.html

Shockwave may not be on all machines. If it's not in your Add or Install Programs list (XP) or Programs and Features (Vista), you don't have it, and haven't needed it in your web travels.

Adobe's advice (echoed elsewhere) is to first uninstall and reboot (! - this is not obvious, as the uninstaller does not automatically recommend this for you) and then replace it with the current version. Shockwave Player 11.5.0.596 and earlier versions are affected. (The version Adobe offered as of this writing was 11.5.0.600). To optionally check the installed version manually -- since this is a bit of a fuss -- manually, see Properties Version tab here:

C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe

-- or your equivalent system path, as c:\windows\system32 is just a default location.

Get the new version of Shockwave here:http://get.adobe.com/shockwave/

A minor warning: When Shockwave installed for me, Adobe wanted to push a Norton scanning tool. Uncheck the box if you don't want this; it defaulted to yes.

Adobe indicated that this advisory applies to Windows only.

Facebook's Toilet Paper Model for Post Search and Recall

When Mark Bahti asked me to resend an old Facebook post made from a third party content provider, this seemed like a modest request, requiring trivial effort. Wrong! While there's work underway to remedy this, Facebook doesn't provide an easy to search status posts to retrieve previous content -- neither one's own, or the posts of others. Nor are such posts readily disgorged from Google or Bing.

The screenshot at right shows the result of thirty minutes' effort at retrieving posts, one painful scroll at a time, only to learn that FB would cease showing posts older than a few weeks.

Facebook's limitless single-page scroll model has seemed lame from day 1. In a recent fit of annoyed clairvoyance, the underlying analog became clear: a Facebook post is torn from a continuous roll of HTML toilet paper -- not intended for reuse.

Win "Access Denied Write Protected" Caused by Simple File Sharing Feature

As with many computer-related symptoms, the long-lived expression "Access Denied" has multiple causes for Windows users. A review of several alternative and equally plausible causes did not fit my scenario, hence this post.

What was puzzling about this incident was that it occurred while a large backup was being restored. The backup originated on a RAID subsystem. The controller card and drives were moved to a system after a machine had been put out to pasture. The restore using a simply copy-and-paste operation was moving along nicely until certain files and folders exhibited the "Access Denied" messages shown in the screenshots.

To solve this version of the problem in Windows XP at least, two Microsoft tips from the Microsoft.com maze are needed.

The first tip disables Simple File Sharing. Simple File Sharing does not allow for changing ownership of files and folders, which is essential to the cure. It's obvious that Simple File Sharing is in effect if the Windows Explorer does not have a Security tab to allow for changing ownership. XP Pro is needed in order to disable Simple File Sharing.

The second Microsoft tip, which is only helpful after Simple File Sharing has been disabled for the system, is to change ownership to a local administrator account. Once this has been done, file attributes can be changed using the ATTRIB command. (While a single recursion through all subfolders should reset everything, this didn't seem to work if certain source directories had a mix of different owners and permissions; this was not investigated further).

An unrelated, but possibly useful note, is that restores of this kind, that do not use native Windows backup file formats, work best with Robocopy, which will restore folder and file timestamps as originally recorded. Lastly, it should be noted that Robocopy may not copy files such as PST that are thought by it to be in use.

Psychology: Still an IT Stepchild

Coworker Anita D'Amico testified on June 10th before the House Committee on Science and Technology. The subject was Cyber Security R&D, but a subject worthy of broader attention was the role of psychology as an information technology discipline. Perhaps because of its uncertain standing as a science (everyone thinks they already "know" human behavior), psychology has for several generations of scholarship pushed ever -- well, harder -- to present itself as "hard science." Whether such striving is worth the effort, and whether it succeeds in this struggle matters little to the role that psychology should be playing in information technology.

Psychology has had a supporting role in the Human Computer Interactions (HCI), artificial intelligence, program understanding, semantics, and more recently social networks. These are all important, large subjects, but, as Dr. D'Amico observed, very few psychologists are employed in cybersecurity, or IT generally, it must be conceded.

While gifted Silicon Valley engineers are credited with user-friendly designs like the iPhone, some psychology-friendly advocates believe that many effective designs could have been made available long ago. They believe that such design thinking should follow a path parallel to other technical innovations, rather than being seen as just another expression of armchair technical innovation by "engineers."

The House Committee provides a RealMedia archive of today's webcast. (Link to be provided later).

A copy of her full testimony (PDF) before the Committee is publicly available from the official House site. Anita leads the Secure Decisions division of Applied Visions, Inc.

Views expressed in this or any other post are my own and not necessarily those of the Company.