The same person that has given the New Year’s gift of an unofficial patch for the WMF exploit circulating has also provided a WMF vulnerability checker, download and install, it will tell if you’re vulnerable. Post is available here. According to the first comment it seems as though the vulnerability checker is triggering Norton’s auto-protect. (Norton detects it as “Bloodhound.Exploit.56”). (Which is a good sign…)
Month: January 2006
-
Network Security guide for the home or small business network – intermission…
At this point I’ve exhausted all the topics on network and computer security that I was eager to cover. As things change/ ideas strike I may well add to this series. One direction I see it going is talking in detail about several network utilities and more advanced topics like looking into web site ownership, email header analysis, good topical books/etc.
-
Kdirstat to track space hogs
I’m putting this under the Windows tech support category because I’ve used this on a boot cd before to do the same for Windows as I’m about to describe for Linux. I need to clean up and organize my hard drive(s). But when it comes to actually deleting things you really do want to get the biggest bang for the buck and go after the biggest files first. I remember an old Windows 95 utility I think it was called space Hog or something like that (more space 95??) Anyway, it would scan the disc and show the files sorted by size. Under linux (KDE desktop), there’s a similar (in many ways better) utility called kdirstat.
-
WMF exploit situation summary…
Since there’s been quite a bit of flux the last couple of days I thought I’d try to “reset” the situation and give a general overview of where we stand now with regards to the recent WMF zero-day exploit.
1st there is a vulnerability in the way Windows renders WMF (Windows MetaFile) image files that makes possible an exploitable buffer overflow allowing remote execution. There are at least two exploits for this vulnerability and it is not necessary for the wmf to have a name ending in .wmf (it could masquerade as jpg for instance.) The specially crafted WMF could be in a web page, email (html email), or other document. There are many possible vectors of entry for this.
-
WMF Exploit — it’s worse…
This is going to be a rough start to the new year for IT staff and computer users….
There’s coverage at Incidents.org, the sunbeltblog and f-secure of the latest twist in what will likely be a BIG mess to clean up. It looks like there’s a someone spamming emails to tons of addresses with a specially crafted image (uses the WMF exploit.) It’s also a slightly different variant of the exploit.
-
Network Security guide for the home or small business network – Part 20 heterogeneous networks
One thing I’ve already mentioned in this serious is using alternative programs like Mozilla Firefox instead of Internet Explorer, or Thunderbird, Eduora instead of Outlook Express. Even if you’re not using alternative software as your primary web browser, email program there are advantages to having networks with mixed software, operating systems and even mixed network hardware. Back when the blaster worm hit, there were stories of businesses paralyzed when every Windows XP machine in the place (read – EVERY machine in the place) could not stay up long enough to download a fix. In order to get a fix they had to get online to find out about it and it was crashing within 30 seconds of booting.
-
Happy New Year
I hope that you all enjoy a very Happy New Year. I probably should have had this post go out at 00:00 GMT, but… I thought I’d post it using the server local time….