Sans is talking about the unofficial patch for the WMF vulnerability. One of their handlers has helped with it to extend it to work on XP SP 1 and Windows 2000. They’ve also looked at the patch thoroughly and it sounds as though it’s very well done.
Category: Computers
-
NEW exploit for the WMF vulnerability
Just when you thought we had a good understanding of the recent zero-day WMF (Windows metafile exploit) it’s worse. Sans is reporting on a new variation on the exploit released today. They have gone to yellow (again) to warn people. Here are some details. This exploit was “made by the folks at metasploit and xfocus, together with a anonymous source.”
-
Network Security guide for the home or small business network – Part 19 – What about when you’re not on your home network?
When you’re not at your home network is probably one of those times you should be more on your guard. Wireless access points are very common and a greatly useful thing, but there are some steps you should take to protect yourself, your pc and the data stored there. First it’s worth having a personal firewall for just this type of situation. You obviously can’t make use of a second hardware firewall when hooking up to a wireless LAN. (Although I would think that a small “wireless bridge” adapter of a wireless device to a wired ethernet port MIGHT be able to serve that function. It depends on how it’s implemented.)
-
WMF exploit through indexing software
One of the vectors that has been mentioned early on is the infection of a system through the WMF exploit even when the exploited file was downloaded through a dos command shell. At first this seemed absurd, but it appeared that Google Desktop search was indexing files dynamically and once the file was downloaded it indexed the file and triggered the vulnerability. There is word that Microsoft’s indexing service does likewise – although Microsoft has only said that they’re “looking into reports”. Incidents.org is saying that they think this may be the giant white elephant no one is talking about. I certainly would shudder to think if machines on a network are indexing a network share and manage to subvert every machine running an indexing share….
-
New IM worm using WMF vulnerability
There is news this morning of a new twist in the WMF vulnerability (it was only a matter of time.) There are reports of an instant messenger worm using the vulnerability to spread. Currently incidents.org is reporting that the worm is spreading through the MSN messenger IM network and contains a malformed WMF file called “xmas-2006 FUNNY.jpg” The original source of the warning is Kaspersky Labs viruslist.com
-
Third Party WMF patch
The F-secure blog is reporting on a third party patch for the WMF exploit. I have not tested it, it seems to come from a knowledgable source though. As I’m writing this though, the thought strikes me that a really nasty trick would be a claimed fix that actually exploited the vulnerability. It pays to check up on the source of ANY third-party fix for Windows (or any other operating system or software suite…) Anyway, this seems to be a good source though. He’s the primary author of IDA Pro (Interactive Disassembler Pro).
-
OpenVPN series
After the Hamachi article I wanted to do a series on OpenVPN. I’ve used it before, but not since the 1.x days…. it’s now at version 2.0.5 and has quite a bit more flexibility. When I first used it, it was pretty much a point-to-point vpn solution. You could set up routing to see the rest of the network and for the network to see the vpn client, but only one client could connect to one server. What this meant is that multiple tap or tun devices were needed on the server, one for each remote vpn client. Also, multiple openvpn processes and multiple openvpn ports.
From my understanding this setup wasn’t necessary under the 2.x series.
-
Flightgear scenery objects
So, I’ve spent a bit of time talking about flightgear. Here are a couple extra resources that I want to “bookmark” here. There is a Good unofficial how-to here. (Mostly linux flightgear oriented. Also, the flightgear scenery is available here. The link is to a grid covered world map. Clicking on a grid quadrant downloads scenery for that quadrant.
-
Common Networking Ports
Along the lines of “knowing your network” with the network security guide. Here are some of the most commonly used network ports. There are 65535 ports that can listen for a connection, so this is not a thorough listing. (These are tcp unless noted otherwise.)
-
Scheduling tasks in linux kcron
I don’t know if kcron deserves a seperate entry for scheduling tasks under linux. Cron is what I typed on last time and it’s the daemon that controls scheduled tasks. The method for scheduling tasks that I went through last time is for the command line. Like many things in linux, there are other ways to get the job done. In this case, one way through the graphical interface is kcron…