There’s another patch for those Win98 users that are nervous about the WMF vulnerability that was announced at the tail end of the year. This site has made the patched version of gdi32.dll available to any and all. Their patch is open source. They basically say “it works for them…” no warranties. Steve Gibson has also said that he’ll be writing a Win9x patch.
Tag: Steve Gibson
-
MS responds to “intentional backdoor”, WMF claim
Microsoft is disputing claims by Steve Gibson, that the WMF vulnerability was an intentionally placed backdoor. There is a response to the claims in the Microsoft Security Incident Response blog. Apparently since the SetAbortProc procedure relates to printing, previous versions of Windows ignored the call unless printing was involved. (Why did windows start paying attention to it otherwise?)
-
WMF vulnerability not an accident? Was it an intentional backdoor?
I’m not quite sure if I’m willing to attribute to design, what I could attribute to a mistake… but, slashdot has pointed out that Steve Gibson in his latest Security Now! podcast (link is to transcript), is suggesting that it appears as though the WMF vulnerability of recent weeks appears (to him) to have been INTENTIONALLY included as a means of a remote backdoor.
-
Official WMF exploit patch leak
It looks like, the Windows patch (or a beta) for the WMF exploit has been leaked online. It sounds as though Steve Gibson got a hold of a copy and has tested it along side the unofficial patch. All seems to go well. He notes that the build date was December 28th. So, they have been on it since very early on. That’s reassuring. It would be nice if their testing process could be a bit streamlined though.
-
Hamachi p2p vpn
A few days back I was at grc to run a “shields up” scan on a clients machine and found reference to their Security Now podcast (Leo Laporte and Steve Gibson.) The cast was about a VPN tool called Hamachi… so I revisited and gave a read to the Security Now! transcript. And then visited the Hamachi site. I’ve got to say, I’m impressed on a couple of levels with Hamachi. 1st it sounds as though they’ve done a great approach to a secure free VPN implementation. (Steve Gibson is a pretty good reference….) It’s also easy to install and use and beyond that there are linux/Windows versions of the client currently, Mac will be released after the 1.0 for Linux and Windows.
-
Testing your firewall for open ports
For several years now I’ve used a neat tool at Gibson Research to test a clients firewall quick and easy from the web browser. They have a tool called Shields Up that does a limited port scan to determine of network ports are open, closed or “stealth”.