eEye wants you to know that Microsoft has eight lingering zero day vulnerabilities, including one they say has been exposed for 420 days…

The following entries are active zero-day vulnerabilities. They have been publicly disclosed and/or used in attacks, and do not have any published vendor-supplied patch.

No vendor patch…but eEye will sell you some software that will “fix” things. The site is actually an advertisement for eEye products, so it’s interesting to see them alerting people to a low risk vuln that is over a year old, while still calling it “zero day”. Usually people talk about protecting you from tomorrow’s risks, rather than the ones you know of and probably aren’t planning to do anything about. On the other hand, maybe someone will find a way to increase damage or expand the risk of Microsoft’s memory exhaustion flaw.

Just a reminder from the Associated Press about the terror-able risks of flying:

“It felt like a shock, a tingly thing. Someone screamed, ‘It’s a scorpion,'” Sullivan recalled. Another passenger stepped on the two-inch arachnid. Someone suggested Sullivan seek medical help.

He scooped up the scorpion as a specimen and headed to the hospital in Burlington. Mrs. Sullivan stopped at the United counter and was told the plane they were on had flown from Houston to Chicago. The Sullivans surmised the scorpion boarded in Texas.

“The airlines tell you you can’t bring water or shampoo on a plane,” Mrs. Sullivan said, referring to recent security restrictions. “All the security we go through” apparently didn’t apply to the scorpion, she said.

Sneaky scorpions. The government should require them to carry identification.

So I admit that I work on several other blogs as well, and one of them happens to run on Google’s system. I was given a hot item to post this morning and so I tried to access the Bloogle site this morning to no avail. I tried from several locations, but all of them either timeout, get a 503 error, or give me an annoying “you’re not welcome here” warning:

We’re sorry…

… but your query looks similar to automated requests from a computer virus or spyware application. To protect our users, we can’t process your request right now.

We’ll restore your access as quickly as possible, so try again soon. In the meantime, if you suspect that your computer or network has been infected, you might want to run a virus checker or spyware remover to make sure that your systems are free of viruses and other spurious software.

We apologize for the inconvenience, and hope we’ll see you again on Google.

I see. My query? I went to the main page. Does that look “automated” to you? Click on the link above and see what happens. From their recent not-so-secret discussions about a lack of internal continuity and gaps in security management (e.g. while everyone has been encouraged to jump around from project to project, guess who was left to follow-up and maintain existing systems/patches — nobody), you can only hope things start to get better from here instead of where they appear to be headed.

UPDATE: The problems continue as a scheduled morning two-hour maintenance has now stretched long into the afternoon. I finally was able to get to the main page and login, only to have my post deleted when I clicked “publish”. Love that feature. Naturally, as I fumed about the loss of my post, the site gleefully redirected me to a “you must be a Google user to continue” page instead. Since I do not have one associated with this particular blog, I was then kicked out to a forgot-password flow for an account I do not have. This sent a secret to an email account. The secret was simply a URL parameter (easy to forward) that gives you the option of entering a new password. Nice. No connection with my old account, no verification, nothing. Ugh. I tried to then login with my newly minted google account and password, only to be bumped back out again and left with a “server not responding” error. Seems like they’re still working on things…my favorite part so far is actually getting the same exact captcha every single time I am able to load the edit page. Still the same one, hours later. When will this hit the news?