The Windows Meta File (WMF) zero-day (0-day) exploit is apparently, VERY nasty, no user intervention required (unless running firefox or opera). Just VISITING a malicous site (viewing a malicious email with image…) would be enough to get the system owned. It sounds as though a FULL reinstall is the best solution. Sunbelt has had some coverage…
Category: Security
-
More on the Windows WMF zero-day exploit
There seems to be quite a bit developing on the Windows Meta File (WMF) zero-day (0-day) exploit which was first reported yesterday. Sans has raised their alert level to yellow in an effort to get attention to this problem. It looks like the original site serving the exploit is down, but now it’s being served MANY places. Here are more details from f-secure…
-
Network Security guide for the home or small business network – Part 16 – Learn about the enemy
I remember I had a geography teacher once that was a former Marine and he said when he was growing up it was the height of the cold war and geography was interesting to him from a “know your enemy” point of view. That’s a good concept to apply to computer security and network security. This doesn’t mean you have to visit a bunch of blackhat sites (although I’ve known those that do) to monitor their activities.
-
Keeping the new PC spyware free
Spyware Confidential has the top 10 tips to keep that new pc spyware free. Some good tips here and these should be on the checklist when setting up a new pc any time of the year…
Paraphrased here….
-
WMF 0-day exploit
There seems to be a 0-day exploit involving WMF (Windows Meta File’s) according to SANS. Here’s their lead-in
Just when we thought that this will be another slow day, a link to a working unpatched exploit in, what looks like Windows Graphics Rendering Engine, has been posted to Bugtraq.
-
Fake MS Messenger 8 beta and other IM warnings…
F-Secure is warning about ads for a “leaked version” of Windows Messenger 8 beta. There is no public beta of this and it is a virus….
If you download and run BETA8WEBINSTALL.EXE from that site, you won’t get a new chat client. Instead, your existing MSN Messenger will start to send download links to everyone in your contact list. It also connects your machine to a botnet server.
-
Network Security guide for the home or small business network – Part 15 – Security Through obscurity
I remember many years ago watching a Dr. Who episode where a very important key was “hidden” in a display of many other keys. Kind of like hiding a tree in a forest. This concept is “security by obscurity”. Generally this is considered a bad approach to security. It is a bad approach if this is the ONLY thing you consider. Many examples are security by obscurity are usually thought of as… proprietary applications that keep source code secret so no one can find what flaws exist, using operating systems or programs that are “obscure” or have small market share and are not targetted.
-
Network Security guide for the home or small business network – Part 14 – Alternative software
There are ways that risks can be avoided. Recently, there was what was called a zero-day exploit for Internet Explorer. As I write this, the exploit surfaced 3 weeks ago and tomorrow there will be a patch. The vulnerability would allow remote code execution through a vulnerability in the way javascript is handled. So, for that 3 week unpatched period, Internet Explorer in it’s default configuration is a sitting duck. Well, truth be told, there are other browser vulnerabilities, many unpatched. (That’s a common method for many spyware bugs to install.)
-
Securing SSH
I REALLY like secure shell (SSH) for remote access to linux machines. You can do more than just a “telnet” like remote shell with it. (Port forwarding.) However, the default configuraton for the openssh-server is sometimes a bit less tight than I would like. For that reason on a new install, I usually like to make a few changes. I don’t know if I’ve mentioned this before, but I haven’t devoted a post JUST to this, so… here we go.