There’s another patch for those Win98 users that are nervous about the WMF vulnerability that was announced at the tail end of the year. This site has made the patched version of gdi32.dll available to any and all. Their patch is open source. They basically say “it works for them…” no warranties. Steve Gibson has also said that he’ll be writing a Win9x patch.
Category: Security
-
Hacking with Google (and without Google.)
I found a couple of interesting presentations on network security related topics. Primarily these are about using the internet and search engines for gathering information on specific “targets”. Their very interesting from a “self analysis” point of view as well.
-
Florida leads in Sony Rootkit infections….
According to the securityfix, Florida leads the nation in the number of networks with signs of computers infested with the sony rootkit. In total, 12,588 networks in Florida seem to have computers with the rootkit. Now, these numbers could reflect as few as one machine per network….
-
Windows Wireless vulnerability
Brian Krebs has a post today on a Windows wireless networking “feature” which can be somewhat of a security risk. You see, it seems that With wireless networking enabled, Windows remembers the last wireless SSID that you connected to, so let’s say you were at a public Wireless access point called “Bob’s hotel” and you carry your laptop somewhere else. When the machine boots up, Windows tries to find “Bob’s hotel”, but of course, it’s not available at this other location, so… it assigns a 169.254.x.x ip address and broadcasts looking for “Bob’s hotel” the most recent wireless lan.
-
MS responds to “intentional backdoor”, WMF claim
Microsoft is disputing claims by Steve Gibson, that the WMF vulnerability was an intentionally placed backdoor. There is a response to the claims in the Microsoft Security Incident Response blog. Apparently since the SetAbortProc procedure relates to printing, previous versions of Windows ignored the call unless printing was involved. (Why did windows start paying attention to it otherwise?)
-
WMF vulnerability not an accident? Was it an intentional backdoor?
I’m not quite sure if I’m willing to attribute to design, what I could attribute to a mistake… but, slashdot has pointed out that Steve Gibson in his latest Security Now! podcast (link is to transcript), is suggesting that it appears as though the WMF vulnerability of recent weeks appears (to him) to have been INTENTIONALLY included as a means of a remote backdoor.
-
Clamav 0.88 for Mandrake 10.0
I’ve got a couple of older Mandrake 10.0 servers that I’m still maintaining. They’re systems that it hasn’t been practical (yet) to do an upgrade to a more recent release of the base operating system. Two of those are currenlty using Clamantivirus for their mailscanning. So, with the recent security vulnerability an update was needed. I basically took the clamav 0.88 source rpm from cooker and rebuilt on a 10.0 system. For convenience I’m posting ALL of these for download. So…. I’ll post the original src rpm from Mandriva cooker. (Which you could make use of to rebuild for another release of Mandrake.) And also the resulting built rpm’s….
-
Microsoft Support extensions for XP
Good news for Windows XP users (especially XP Home). Microsoft has extended the support period for XP Home and Pro. Originally, security patch related support was expected to end December 31st of this year. According to the article for XP Home…
So for the consumer versions of Windows XP, mainstream support was going to end on December 31, 2006 and there was no guarantee of any security hot-fixes beyond that time. Microsoft has now extended the mainstream support deadline for the consumer versions to an undefined date that is two years after the release of the follow-on operating system.
-
Apple Quicktime security vulnerabilites and update
There are a number of vulnerabilites reported with Apple Quicktime player related to the way it handles various file formats. Quicktime Player 7.0.4 is the current released GOOD version, everything from 7.0.3 and prior are vulnerable. The Security Fix has some details. There were a total of about 8 vulnerabilities fixed in 7.0.4 and they affect both Windows And Mac….
-
Microsoft’s speed to get security patches out
Brian Krebs at the Security Fix has done an interesting study related to how long it takes Microsoft to release a security fix for a problem, starting from the time they are notified of the security vulnerability. For the most part, 134.5 days has been the window between notification and vulnerability patching for the last 2 years from Microsoft. (That is for vulnerabilities that were submitted to Microsoft through the normal process…)