I had hoped to get in another test of Windows 98 with yet another WMF viewer (tried Kodak imaging, and irfanview). So far I haven’t seen a way that the WMF exploits can work on Windows 98 SE. I’m running out of time before I have to run to some computer service appointments and maybe will be able to pick up again this afternoon/evening. Larry Seltzer had a post this morning that earlier versions of Windows might not be as vulnerable because they had no default WMF viewer, but with a default WMF viewer they may be susceptible. I’m still looking for a WMF viewer that makes the exploit possible on Windows 98 SE.
Category: Computers
-
The Google PC and OS
Rumors have been around for some time about Google launching Google OS, an Operating System to compete with Microsoft Windows. Well…. now the rumors are circulating around the Google PC (with Google OS). The Latimes.com is reporting that Google has been meeting with people from Wal-Mart (and others) to distribute a cheap pc. This would be a Google PC running something other than Windows – Google OS….
-
Blackberry Security Hole
There’s another security warning out related to specially crafted image files. This time it’s targetted at the blackberry, which is a small portable email/pda device. Basically a corrupted TIFF may lead the user to be unable to view other image attachments. The US-CERT advisory seems to indicate that remote code execution could be possible, although there is no comment to this issue from the makers, Research in Motion.
-
WMF patch from Microsoft expected January 10th
The Microsoft security bulletin on the WMF vulnerability has been updated to indicate that Microsoft expects to release an update for the issue in their regular patch release on January 10th. The first couple paragraphs strike me as a bit defensive. Explaining about their immediate mobilization of Incident Response and immediate work on a patch, in addition to the explanation of extensive testing of the patch in 23 languages….
-
Metasploit
I had hoped to do an article on metasploit in the not too distant future, but not as early as tonight…. However, I’ve made a couple of references to it in previous posts which, well, it would be nice if I’d already given a bit of information about metasploit in general. For starters, metasploit is considered a “framework” for exploit modules and payload modules. Much like real weapons, knives, guns…. there are good uses and there are bad uses. It can be used by a network/security auditor to check for vulnerable systems. It could also be used by a cracker to exploit systems remotely. There’s a fine line.
-
Moving from Evolution to Konqueror
After several weeks of good behaviour from Evolution 2.4 since the Mandriva 2006 upgrade, I started getting a wierd error on sending messages *(Mail From response Error Unknown). Nothing within my settings for Evolution had changed since the night before when things worked… I tested with Kontact and was able to send mail, closed it, opened it, bonobo-slay’ed it… still getting the error, so… since I was on the fence as to whether or not I was going to migrate to Kontact, I went ahead with it. I’ve already covered moving the calendar and contact (addressbook) information in a previous post. So this will be on moving the messages.
-
WMF unofficial patch updated
There’s been an update to the unofficial patch for the WMF (Windows MetaFile) vulnerability. The main change appears to be some options to allow for quiet installation (unattended) to help administrators in large environments try to roll the patch out in automated login scripts/etc.
It can be found here or at the incidents.org site.
-
Virtual machine as a safe browsing environment
I mentioned this in my summary yesterday morning as a possible workaround until there are patches for the WMF vulnerability that’s been big news the last week. I notice that incidents.org has mentioned it too as a possibility today. VMware has released VMPLayer as a free way of running premade virtual machines.
-
Windows 98 and the WMF exploit
I’ve seen breathless headlines that say “Windows PCs face ‘huge’ virus threat; Affects every MICROSOFT OS shipped since 1990…” and really would like to try to clarify (again) what the situation is. Yes, the bug or vulnerability that’s currently being exploited exists as far back as Windows 3.0, but as far as I can tell there is not an active, current exploit that is taking advantage of this flaw in earlier versions of windows. Currently the exploit only seems to affect Windows 2000, XP, and Vista.
-
WMF exploit virus detection revisited
Yesterday, when I was testing the WMF exploit against a Windows 98 virtual machine, I sent samples through virus total and the only antivirus product to detect each of them was “TheHacker” from hacksoft. This evening I was revisiting the exploit (with the new rule for metasploit) and saved 20 samples which I also tested with virustotal. The results this evening are better. This evening 4 antivirus products detected each one.