I’ve spent some more effort on trying to infect Windows 98 SE in a virtual machine with some of the exploit samples I can find. The first attempt was at a website with the .wmf download. No luck infecting the system there. Then, I’ve loaded up the image and visited kyeu dot info/WMF/ and tried each of the files there. I don’t have a zip handler in my Windows 98 SE image so that didn’t get tested, but I’m getting nowhere here. Gif opens with Explorer and gives a red x to indicate a broken image, the text file opens as a binary file viewed in a text editor, the htm file does the same only in explorer (I see what I’d usually see if I tried to open a binary file in a web browser…) The avi opens with Media Player and complains about it being an incompatible format.
Category: Computers
-
WMF exploit and Windows 98
Most of the talk on the WMF zero-day has centered on Windows XP, 2000 and 2003. The unofficial patch is available for those three platforms. Microsoft’s (eventual) patch will likely be for those as well. Incidents.org had a comment in one of their posts that this would be a “watershed moment” for Windows 98/ME and that those users should upgrade immediately as there is little/no hope for a patch.
-
WMF vulnerability checker
The same person that has given the New Year’s gift of an unofficial patch for the WMF exploit circulating has also provided a WMF vulnerability checker, download and install, it will tell if you’re vulnerable. Post is available here. According to the first comment it seems as though the vulnerability checker is triggering Norton’s auto-protect. (Norton detects it as “Bloodhound.Exploit.56”). (Which is a good sign…)
-
Network Security guide for the home or small business network – intermission…
At this point I’ve exhausted all the topics on network and computer security that I was eager to cover. As things change/ ideas strike I may well add to this series. One direction I see it going is talking in detail about several network utilities and more advanced topics like looking into web site ownership, email header analysis, good topical books/etc.
-
Kdirstat to track space hogs
I’m putting this under the Windows tech support category because I’ve used this on a boot cd before to do the same for Windows as I’m about to describe for Linux. I need to clean up and organize my hard drive(s). But when it comes to actually deleting things you really do want to get the biggest bang for the buck and go after the biggest files first. I remember an old Windows 95 utility I think it was called space Hog or something like that (more space 95??) Anyway, it would scan the disc and show the files sorted by size. Under linux (KDE desktop), there’s a similar (in many ways better) utility called kdirstat.
-
WMF exploit situation summary…
Since there’s been quite a bit of flux the last couple of days I thought I’d try to “reset” the situation and give a general overview of where we stand now with regards to the recent WMF zero-day exploit.
1st there is a vulnerability in the way Windows renders WMF (Windows MetaFile) image files that makes possible an exploitable buffer overflow allowing remote execution. There are at least two exploits for this vulnerability and it is not necessary for the wmf to have a name ending in .wmf (it could masquerade as jpg for instance.) The specially crafted WMF could be in a web page, email (html email), or other document. There are many possible vectors of entry for this.
-
WMF Exploit — it’s worse…
This is going to be a rough start to the new year for IT staff and computer users….
There’s coverage at Incidents.org, the sunbeltblog and f-secure of the latest twist in what will likely be a BIG mess to clean up. It looks like there’s a someone spamming emails to tons of addresses with a specially crafted image (uses the WMF exploit.) It’s also a slightly different variant of the exploit.
-
Network Security guide for the home or small business network – Part 20 heterogeneous networks
One thing I’ve already mentioned in this serious is using alternative programs like Mozilla Firefox instead of Internet Explorer, or Thunderbird, Eduora instead of Outlook Express. Even if you’re not using alternative software as your primary web browser, email program there are advantages to having networks with mixed software, operating systems and even mixed network hardware. Back when the blaster worm hit, there were stories of businesses paralyzed when every Windows XP machine in the place (read – EVERY machine in the place) could not stay up long enough to download a fix. In order to get a fix they had to get online to find out about it and it was crashing within 30 seconds of booting.
-
Another mythweb php error
So after installing the php-pcre package, I restart httpd and reload the mythweb page and find another error message. Very similar to the first, but slightly different. “Fatal error: Call to undefined function session_name() in /var/www/html/mythweb/includes/init.php on line 48” (At least we’ve made it to line 48…) Anyway, yes… there’s a php-session package and no it’s not installed (yet.) I’m a bit puzzled as to why 1) these two packages were not installed in the upgrade. 2) why mythweb didn’t see those as prerequisites… Anyway….
-
Mythtv mythweb error
After the Mandriva 2006 upgrade I’ve still been looking to find if there is anything ‘not quite right’…. anyway, I’ve run into an issue with mythweb. Mythweb is a web-based interface for the mythtv backend. It basically let’s you browse listings, schedule recordings, see what’s scheduled, etc. For me it’s kind of like checking one of the sites that has tv guide info. It’s even better because it’s local to the machine and let’s me go ahead and set recordings up. (And there are no obnoxious ads, or logins to remember…) Anyway, after the upgrade, the main page is throwing up this message… Fatal error: Call to undefined function preg_replace() in /var/www/html/mythweb/config/conf.php on line 29