From Newsgroup: comp.sys.ibm.pc.games.action


Yes, another reason for you AMD/ATI users to gloat. But not you Linux
users; the bugs affect you too ;-)

But there have been a number of 'high-severity' bugs that allow
enabling unexpected code-execution that could lead to someone getting administrative access to your computer and data. 15 such
vulnerabilities reported in the last 24 hours.

Fortunately, the most recent drivers have all of the (currently known)
security holes fixed, so while I'm not usually the sort to recommend
grabbing the latest-and-greatest drivers, maybe in this case you
should.

For Windows, that means at least v596.49 (for modern GPUs) or v482.53
(for GeForce 10-series or older). On Linux, you want v590.48.01

Details here:
https://nvidia.custhelp.com/app/answers/detail/a_id/5821


And before you AMD users get too smug... don't be so secure in the
idea that your software doesn't have similar vulnerabilities that just
haven't been reported yet. Nvidia is terrible with drivers, sure, but
AMD hasn't been all that great about that sort of thing either. It's
probably a good idea to update those drivers too.


--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.sys.ibm.pc.games.action

Huh? I thought they stopped supporting my GeForce GTX 750 Ti! I missed
the last one before the new one. No updated drivers for my old 8800 GT
since 11/10/2015, but that's in Debian/Linux with its opensource
driver. :P Thanks. ;)


Spalls Hurgenson <[email protected]> wrote:

Yes, another reason for you AMD/ATI users to gloat. But not you Linux
users; the bugs affect you too ;-)

But there have been a number of 'high-severity' bugs that allow
enabling unexpected code-execution that could lead to someone getting administrative access to your computer and data. 15 such
vulnerabilities reported in the last 24 hours.

Fortunately, the most recent drivers have all of the (currently known) security holes fixed, so while I'm not usually the sort to recommend
grabbing the latest-and-greatest drivers, maybe in this case you
should.

For Windows, that means at least v596.49 (for modern GPUs) or v482.53
(for GeForce 10-series or older). On Linux, you want v590.48.01

Details here:
https://nvidia.custhelp.com/app/answers/detail/a_id/5821

And before you AMD users get too smug... don't be so secure in the
idea that your software doesn't have similar vulnerabilities that just haven't been reported yet. Nvidia is terrible with drivers, sure, but
AMD hasn't been all that great about that sort of thing either. It's
probably a good idea to update those drivers too.

--
"May the God who gives endurance and encouragement give you a spirit of unity among yourselves as you follow Christ Jesus, so that with one heart and mouth you may glorify the God and Father of our Lord Jesus Christ." --Romans 15:5-6
Note: A fixed width font (Courier, Monospace, etc.) is required to see this signature correctly.
/\___/\ Ant(Dude) @ http://aqfl.net & http://antfarm.home.dhs.org.
/ /\ /\ \ Please nuke ANT if replying by e-mail.
| |o o| |
\ _ /
( )
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.sys.ibm.pc.games.action

On Thu, 21 May 2026 00:43:23 -0000 (UTC), [email protected] (Ant) said
this thing:

Spalls Hurgenson <[email protected]> wrote:

But there have been a number of 'high-severity' bugs that allow
enabling unexpected code-execution that could lead to someone getting
administrative access to your computer and data. 15 such
vulnerabilities reported in the last 24 hours.

For Windows, that means at least v596.49 (for modern GPUs) or v482.53
(for GeForce 10-series or older). On Linux, you want v590.48.01

Huh? I thought they stopped supporting my GeForce GTX 750 Ti! I missed
the last one before the new one. No updated drivers for my old 8800 GT
since 11/10/2015, but that's in Debian/Linux with its opensource
driver. :P Thanks. ;)

It's surprising how little splash this had made in the news. The only
reason I even noticed is that Windows Update started offering an
updated nvidia driver, which was pretty unusual. WU rarely offers
driver updates. So I did some peeking and prodding and found out it
was because there were so many vulnerabilities being found Microsoft
took it upon themselves to update their users.

(Not that I used the Microsoft-provided drivers; I went to the
official source. I've been burned by Windows-Update drivers more than
a few times in the past, and while those sort of problems may not be
an issue anymore, I prefer to do the extra legwork... just to be safe. Microsoft isn't a company that inspires me with confidence ;-)




--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.sys.ibm.pc.games.action

On Thu, 21 May 2026 12:13:12 -0400, Spalls Hurgenson <[email protected]> wrote:

Microsoft isn't a company that inspires me with confidence ;-)

Maybe, but their investment in security for their own software
distribution is a lot more rigorous than most other companies, due to
the sheer amount of liability at stake.

If Microsoft drops the ball and a supply chain attack infects all Dept
of Defense with ransomware through Windows Update, it's a lot more
serious and costly than if a video card vendor has a supply chain
exploit incident on a specific game driver release.

So basically...

... stifle it Edith, will yas?

:)
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.sys.ibm.pc.games.action

Spalls Hurgenson <[email protected]> writes:

It's surprising how little splash this had made in the news. The only
reason I even noticed is that Windows Update started offering an
updated nvidia driver, which was pretty unusual.

Nvidia didn't exactly advertize this in the release notes either. Just
listed two bug fixes for v596.49. Much the same for v596.36 where those security fixes apparently went. I guess they don't want to pollute their release notes with tedious security bulletings.
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.sys.ibm.pc.games.action

On Wed, 20 May 2026 13:11:14 -0400, Spalls Hurgenson <[email protected]> wrote:

Yes, another reason for you AMD/ATI users to gloat. But not you Linux
users; the bugs affect you too ;-)

But there have been a number of 'high-severity' bugs that allow
enabling unexpected code-execution that could lead to someone getting >administrative access to your computer and data. 15 such
vulnerabilities reported in the last 24 hours.

Fortunately, the most recent drivers have all of the (currently known) >security holes fixed, so while I'm not usually the sort to recommend
grabbing the latest-and-greatest drivers, maybe in this case you
should.

For Windows, that means at least v596.49 (for modern GPUs) or v482.53
(for GeForce 10-series or older). On Linux, you want v590.48.01

Details here:
https://nvidia.custhelp.com/app/answers/detail/a_id/5821

And before you AMD users get too smug... don't be so secure in the
idea that your software doesn't have similar vulnerabilities that just >haven't been reported yet. Nvidia is terrible with drivers, sure, but
AMD hasn't been all that great about that sort of thing either. It's
probably a good idea to update those drivers too.

Here is something else, from Toms Hardware:

"Microsoft warns GPU mining malware is being spread to users through
SEO poisoning and AI chatbots � cryptojacking campaign targets gamers
and high-end PC users with downloads disguised as popular PC
utilities"

https://www.tomshardware.com/tech-industry/artificial-intelligence/microsoft-warns-gpu-mining-malware-is-being-spread-to-users-through-seo-poisoning-and-ai-chatbots-cryptojacking-campaign-targets-gamers-and-high-end-pc-users-with-downloads-disguised-as-popular-pc-utilities?lrh=e475157eecb7dd5a143f7c36aea0032717f5d2d16d286111a58b04424ffe30f4

-pw
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.sys.ibm.pc.games.action

On Sat, 30 May 2026 09:11:32 -0600, PW <[email protected]> said
this thing:

On Wed, 20 May 2026 13:11:14 -0400, Spalls Hurgenson ><[email protected]> wrote:

Yes, another reason for you AMD/ATI users to gloat. But not you Linux >>users; the bugs affect you too ;-)

But there have been a number of 'high-severity' bugs that allow
enabling unexpected code-execution that could lead to someone getting >>administrative access to your computer and data. 15 such
vulnerabilities reported in the last 24 hours.

Fortunately, the most recent drivers have all of the (currently known) >>security holes fixed, so while I'm not usually the sort to recommend >>grabbing the latest-and-greatest drivers, maybe in this case you
should.

For Windows, that means at least v596.49 (for modern GPUs) or v482.53
(for GeForce 10-series or older). On Linux, you want v590.48.01

Details here:
https://nvidia.custhelp.com/app/answers/detail/a_id/5821


And before you AMD users get too smug... don't be so secure in the
idea that your software doesn't have similar vulnerabilities that just >>haven't been reported yet. Nvidia is terrible with drivers, sure, but
AMD hasn't been all that great about that sort of thing either. It's >>probably a good idea to update those drivers too.

Here is something else, from Toms Hardware:

"Microsoft warns GPU mining malware is being spread to users through
SEO poisoning and AI chatbots � cryptojacking campaign targets gamers
and high-end PC users with downloads disguised as popular PC
utilities"

https://www.tomshardware.com/tech-industry/artificial-intelligence/microsoft-warns-gpu-mining-malware-is-being-spread-to-users-through-seo-poisoning-and-ai-chatbots-cryptojacking-campaign-targets-gamers-and-high-end-pc-users-with-downloads-disguised-as-popular-pc-utilities?lrh=e475157eecb7dd5a143f7c36aea0032717f5d2d16d286111a58b04424ffe30f4

Even worse, even legitimate apps are becoming vulnerable if they use
AI in their coding, because AI will often link libraries from *any*
source regardless if its secure or validated. And black-hat hackers
are starting to take advantage of this, putting up libraries with the
same name as legitimate libraries, except their versions have
backdoors in them. And there have been reported incidents of AI
grabbing these libraries and embedding it into otherwise legitimate
projects. And unless the developer goes through all the linked
libraries by hand, it's unlikely they'll notice the substitution.

So it's not just a surplus of quickly-programmed-with-AI apps that are poisoning the Internet, it's programs that are designed with good
intentions that are being poisoned from within.

After all, the former really isn't that new. There have been fake or
hacked versions of popular apps and utils from the start, and its
always been up to the end-user to make sure they are downloading from
the legitimate website to ensure that they aren't getting an infected
version. It's just gotten a lot easier for hackers because they can
create and distribute their malware faster than ever thanks to AI.

But now even REAL software is a risk because the AI 'supply chain' is
so easily compromised. The only real solution is not to use AI, but to
many programmers the convenience is just too much to give up.




--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.sys.ibm.pc.games.action


Not quite as crucial (or widespread) but on a related note:

If you use the Windows version of the 7-Zip archiving program (for compressing/decompressing .zip / .rar / .7z / etc. files) be sure that
you are running v26.01. A high severity vulnerability has been
announced for v26.00 and lower.

The patch was actually released a month ago (the researchers who
discovered it gave the developers time to patch it before disclosing),
so you may be upgraded already. But if you haven't, now's the time.


Details on bug: https://www.techspot.com/news/112575-new-7-zip-security-flaw-could-put-hundreds.html
Where to get the update:
https://7-zip.org/


I was NOT updated to the latest version, so I'm glad I saw that
announcement on techspot. To be fair, it's not a vulnerability most
people will experience, since it requires you to open an NTFS-volume
image file, and that's not something a lot of end-users encounter. But
better safe than sorry.

Bug aside, I highly recommend 7Zip. It's a great program. Fast,
lightweight, updated only when necessary (and not just to keep adding
new features you really don't need), it supports multiple archive
formats (although the .7z has great compression), and it has an
uncomplicated interface. I used to have a variety of archivers on my
computer; these days I find 7Zip is all I need. And its free to boot!
;-)


--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.sys.ibm.pc.games.action

On Sat, 30 May 2026 11:38:55 -0400, Spalls Hurgenson <[email protected]> wrote:

On Sat, 30 May 2026 09:11:32 -0600, PW <[email protected]> said
this thing:

On Wed, 20 May 2026 13:11:14 -0400, Spalls Hurgenson >><[email protected]> wrote:

Yes, another reason for you AMD/ATI users to gloat. But not you Linux >>>users; the bugs affect you too ;-)

But there have been a number of 'high-severity' bugs that allow
enabling unexpected code-execution that could lead to someone getting >>>administrative access to your computer and data. 15 such
vulnerabilities reported in the last 24 hours.

Fortunately, the most recent drivers have all of the (currently known) >>>security holes fixed, so while I'm not usually the sort to recommend >>>grabbing the latest-and-greatest drivers, maybe in this case you
should.

For Windows, that means at least v596.49 (for modern GPUs) or v482.53 >>>(for GeForce 10-series or older). On Linux, you want v590.48.01

Details here:
https://nvidia.custhelp.com/app/answers/detail/a_id/5821


And before you AMD users get too smug... don't be so secure in the
idea that your software doesn't have similar vulnerabilities that just >>>haven't been reported yet. Nvidia is terrible with drivers, sure, but
AMD hasn't been all that great about that sort of thing either. It's >>>probably a good idea to update those drivers too.

Here is something else, from Toms Hardware:

"Microsoft warns GPU mining malware is being spread to users through
SEO poisoning and AI chatbots � cryptojacking campaign targets gamers
and high-end PC users with downloads disguised as popular PC
utilities"

https://www.tomshardware.com/tech-industry/artificial-intelligence/microsoft-warns-gpu-mining-malware-is-being-spread-to-users-through-seo-poisoning-and-ai-chatbots-cryptojacking-campaign-targets-gamers-and-high-end-pc-users-with-downloads-disguised-as-popular-pc-utilities?lrh=e475157eecb7dd5a143f7c36aea0032717f5d2d16d286111a58b04424ffe30f4

Even worse, even legitimate apps are becoming vulnerable if they use
AI in their coding, because AI will often link libraries from *any*
source regardless if its secure or validated. And black-hat hackers
are starting to take advantage of this, putting up libraries with the
same name as legitimate libraries, except their versions have
backdoors in them. And there have been reported incidents of AI
grabbing these libraries and embedding it into otherwise legitimate
projects. And unless the developer goes through all the linked
libraries by hand, it's unlikely they'll notice the substitution.

So it's not just a surplus of quickly-programmed-with-AI apps that are >poisoning the Internet, it's programs that are designed with good
intentions that are being poisoned from within.

After all, the former really isn't that new. There have been fake or
hacked versions of popular apps and utils from the start, and its
always been up to the end-user to make sure they are downloading from
the legitimate website to ensure that they aren't getting an infected >version. It's just gotten a lot easier for hackers because they can
create and distribute their malware faster than ever thanks to AI.

But now even REAL software is a risk because the AI 'supply chain' is
so easily compromised. The only real solution is not to use AI, but to
many programmers the convenience is just too much to give up.

*--

I wrote software most of my life until about 10 years ago. Now 68 and
keep thinking about this idea I have and if I am too old for it, and
debating whether I should somehow teach myself AI. But in the back of
my mind, I keep telling myself no because of security reasons. Besides
being too old for that sh** now! lol!

Thanks Spalls! Very interesting!!!!

-pw
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.sys.ibm.pc.games.action

On 5/30/2026 9:57 AM, Spalls Hurgenson wrote:

Not quite as crucial (or widespread) but on a related note:

If you use the Windows version of the 7-Zip archiving program (for compressing/decompressing .zip / .rar / .7z / etc. files) be sure that
you are running v26.01. A high severity vulnerability has been
announced for v26.00 and lower.

The patch was actually released a month ago (the researchers who
discovered it gave the developers time to patch it before disclosing),
so you may be upgraded already. But if you haven't, now's the time.

Details on bug: https://www.techspot.com/news/112575-new-7-zip-security-flaw-could-put-hundreds.html
Where to get the update:
https://7-zip.org/

Thanks for that, I updated. (it took all of 10 seconds because of the
various anti-virus prompts.)
--
-Justisaur

ø-ø
(\_/)\
`-'\ `--.___,
¶¬'\( ,_.-'
\\
^'
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.sys.ibm.pc.games.action

On Mon, 1 Jun 2026 07:57:45 -0700, Justisaur <[email protected]>
said this thing:

On 5/30/2026 9:57 AM, Spalls Hurgenson wrote:

Not quite as crucial (or widespread) but on a related note:

If you use the Windows version of the 7-Zip archiving program (for
compressing/decompressing .zip / .rar / .7z / etc. files) be sure that
you are running v26.01. A high severity vulnerability has been
announced for v26.00 and lower.

The patch was actually released a month ago (the researchers who
discovered it gave the developers time to patch it before disclosing),
so you may be upgraded already. But if you haven't, now's the time.


Details on bug:
https://www.techspot.com/news/112575-new-7-zip-security-flaw-could-put-hundreds.html
Where to get the update:
https://7-zip.org/

Thanks for that, I updated. (it took all of 10 seconds because of the >various anti-virus prompts.)

I used to be a lot more pro-active when it came to updating my
software, trying to keep an eye out for news of vulnerabilities and
downloading the latest versions as necessary. These days, I sort of
let things like that slide unless news --like the 7Zip vulnerability--
happen to cross my path. I don't totally ignore the problem --every
six months or so I update the major software packages on my PCs all at
once-- but beyond that I've gotten lazy. Also, because I have so many
PCs now that it's just such a chore ;-)

The only exception is the OS (which handles it on its own) and browser software. The first because it's so crucial, and the second because
it's the most frequently opened door to the Internet, so hardening it
seems sensible.


--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.sys.ibm.pc.games.action

Spalls Hurgenson <[email protected]> wrote:

On Mon, 1 Jun 2026 07:57:45 -0700, Justisaur <[email protected]>
said this thing:

On 5/30/2026 9:57 AM, Spalls Hurgenson wrote:

Not quite as crucial (or widespread) but on a related note:

If you use the Windows version of the 7-Zip archiving program (for
compressing/decompressing .zip / .rar / .7z / etc. files) be sure that
you are running v26.01. A high severity vulnerability has been
announced for v26.00 and lower.

The patch was actually released a month ago (the researchers who
discovered it gave the developers time to patch it before disclosing),
so you may be upgraded already. But if you haven't, now's the time.


Details on bug:
https://www.techspot.com/news/112575-new-7-zip-security-flaw-could-put-hundreds.html
Where to get the update:
https://7-zip.org/

Thanks for that, I updated. (it took all of 10 seconds because of the >various anti-virus prompts.)

I used to be a lot more pro-active when it came to updating my
software, trying to keep an eye out for news of vulnerabilities and downloading the latest versions as necessary. These days, I sort of
let things like that slide unless news --like the 7Zip vulnerability--
happen to cross my path. I don't totally ignore the problem --every
six months or so I update the major software packages on my PCs all at
once-- but beyond that I've gotten lazy. Also, because I have so many
PCs now that it's just such a chore ;-)

The only exception is the OS (which handles it on its own) and browser software. The first because it's so crucial, and the second because
it's the most frequently opened door to the Internet, so hardening it
seems sensible.

For major updates, I always do big back ups (drive images) just in case
and when I have time. Minor upgrades, I just do them. I always do
frequent data back ups.
--
"I saw the Holy City, the new Jerusalem, coming down out of heaven from God, prepared as a bride, beautifully dressed for her husband. And I heard a loud voice from the throne saying, "Now the dwelling of God is with men, and he will live with them. They will be his people, and God himself will be with them and be their God. He will wipe every tear from their eyes. There will be no more death or mourning or crying or pain, for the old order of things has passed away." --Revelation 21:2-4. Now pls.
Note: A fixed width font (Courier, Monospace, etc.) is required to see this signature correctly.
/\___/\ Ant(Dude) @ http://aqfl.net & http://antfarm.home.dhs.org.
/ /\ /\ \ Please nuke ANT if replying by e-mail.
| |o o| |
\ _ /
( )
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.sys.ibm.pc.games.action

On Tue, 2 Jun 2026 00:16:27 -0000 (UTC), [email protected] (Ant) said
this thing:

For major updates, I always do big back ups (drive images) just in case
and when I have time. Minor upgrades, I just do them. I always do
frequent data back ups.

I've a daily back-up that runs with the most crunky and ancient backup
program around (I mostly keep using it because a) it works, b) I don't
want to have to migrate, and c) the stored data is easily read by
other systems). Although that's mostly data that's being protected.
I'm less concerned with application/system back-up; if something goes
wrong there I prefer just to reinstall entirely rather than depend
restoring to an older version.

It helps that I store data and programs on separate drives, though. So
many that, between the different drives and partitions, I've used up
almost all of the Windows drive-letters ;-)



--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.sys.ibm.pc.games.action

Spalls Hurgenson <[email protected]> wrote:

On Tue, 2 Jun 2026 00:16:27 -0000 (UTC), [email protected] (Ant) said
this thing:

For major updates, I always do big back ups (drive images) just in case >and when I have time. Minor upgrades, I just do them. I always do
frequent data back ups.

I've a daily back-up that runs with the most crunky and ancient backup program around (I mostly keep using it because a) it works, b) I don't
want to have to migrate, and c) the stored data is easily read by
other systems). Although that's mostly data that's being protected.
I'm less concerned with application/system back-up; if something goes
wrong there I prefer just to reinstall entirely rather than depend
restoring to an older version.

It helps that I store data and programs on separate drives, though. So
many that, between the different drives and partitions, I've used up
almost all of the Windows drive-letters ;-)

Yep, separate drives and take them offline and out of home when done in
case something happens at home!
--
"I saw the Holy City, the new Jerusalem, coming down out of heaven from God, prepared as a bride, beautifully dressed for her husband. And I heard a loud voice from the throne saying, "Now the dwelling of God is with men, and he will live with them. They will be his people, and God himself will be with them and be their God. He will wipe every tear from their eyes. There will be no more death or mourning or crying or pain, for the old order of things has passed away." --Revelation 21:2-4. Now pls.
Note: A fixed width font (Courier, Monospace, etc.) is required to see this signature correctly.
/\___/\ Ant(Dude) @ http://aqfl.net & http://antfarm.home.dhs.org.
/ /\ /\ \ Please nuke ANT if replying by e-mail.
| |o o| |
\ _ /
( )
--- Synchronet 3.22a-Linux NewsLink 1.2

From Newsgroup: comp.sys.ibm.pc.games.action

On Wed, 3 Jun 2026 00:16:02 -0000 (UTC), [email protected] (Ant) said
this thing:

Spalls Hurgenson <[email protected]> wrote:

On Tue, 2 Jun 2026 00:16:27 -0000 (UTC), [email protected] (Ant) said
this thing:

For major updates, I always do big back ups (drive images) just in case
and when I have time. Minor upgrades, I just do them. I always do
frequent data back ups.

I've a daily back-up that runs with the most crunky and ancient backup
program around (I mostly keep using it because a) it works, b) I don't
want to have to migrate, and c) the stored data is easily read by
other systems). Although that's mostly data that's being protected.
I'm less concerned with application/system back-up; if something goes
wrong there I prefer just to reinstall entirely rather than depend
restoring to an older version.

It helps that I store data and programs on separate drives, though. So
many that, between the different drives and partitions, I've used up
almost all of the Windows drive-letters ;-)

Yep, separate drives and take them offline and out of home when done in
case something happens at home!

There's the old rule of thumb that you should always keep THREE copies
of your data on TWO different types of storage media and keep ONE copy off-site.

If you use an cloud-based backup solution, that takes care of the last
two rules (cloud counts as media ;-), and then just have a second
home-based backup onto backup HDDs and you're good. Make one of the
two methods daily (or more) and the other weekly or monthly to
minimize the workload.


Having so many old computers hanging around serves as a third backup
for me; every six months or so I sync the most crucial data (my Usenet postings? ;-) to the older PCs. In at least one instance, this
actually helped me recover a file! It was found on my oldest computer.
See? I knew I kept all that archaic hardware around for a purpose!


--- Synchronet 3.22a-Linux NewsLink 1.2