Greenguy's Board

Greenguy's Board (http://www.greenguysboard.com/board/index.php)
-   Chit Chat (http://www.greenguysboard.com/board/forumdisplay.php?f=12)
-   -   Another insane windows security hole... (http://www.greenguysboard.com/board/showthread.php?t=27574)

RawAlex 2006-01-02 08:48 PM
Another insane windows security hole...
 
http://news.ft.com/cms/s/0d644d5e-7b...0779e2340.html

This is the WMF issue that surfaced last week... but now the dumbasses that figured it out published the source code to the hack, so expect to be totally bombarded with bullshit.

This is a bad one too, because it is activated with really no action on your behalf. Just surfing to a website with an infected graphic file is enough to infect your system with no additional action on your behalf.

So surf carefully... There is some risk that corporate websites could become infected in the next few days, making any surfing risky.

Be careful out there. :(

Alex

Cleo 2006-01-02 08:53 PM
I really need to switch to Windows

Toby 2006-01-02 08:54 PM
[quote=RawAlexThis is a bad one too, because it is activated with really no action on your behalf.[/QUOTE]Only if you are using IE. If you use Firefox, Mozilla, etc. it generates a dialog box requesting authorization to run.

RawAlex 2006-01-02 10:08 PM
Toby, it can be activated by (and not limited to) google desktop or even the file browser on your system (which is IE in a different box) or image preview. So if you happen to save the file to your desktop rather than view it directl, you likely will activate it.

It doesn't take much at all.

Alex

bluemoney 2006-01-03 01:40 PM
Think this may help . . http://www.grc.com/sn/notes-020.htm

Ilfak Guilfanov, well known in "reverse engineering" circles for his wildly popular IDA Disassembler, needed a temporary patch for his own system due to the seriousness of the WMF vulnerability.

Useless 2006-01-03 03:28 PM
Thanks for the heads-up, Alex. And thanks for the link, bluemoney. I just took the plunge and installed Mr. Guilfanov's temporary hotfix since who the hell knows when Bill Gates' boys will react to this thing. My system rebooted fine and everything seems good, but my bedroom wallpaper is now hideous. Don't know how that happened.
|jester|

RawAlex 2006-01-03 03:55 PM
Don't worry UW, it's just a temporary patch... when you get the real one from MS your walls will once again look like computer generated clouds... ;)

Alex

bluemoney 2006-01-03 04:44 PM
Quote:
Originally Posted by Useless Warrior
My system rebooted fine and everything seems good, but my bedroom wallpaper is now hideous.
Look on the positive side UW! Now you have the “perfect” background to shoot some content.

Mattinblack 2006-01-03 05:03 PM
"The company (Microsoft) could not be reached on Monday for comment."

Sounds about right. Anybody else old enough to remember when this happened before with Postscript files back in the dawn of time?

DJilla 2006-01-03 05:35 PM
Quote:
Originally Posted by bluemoney
Think this may help . . http://www.grc.com/sn/notes-020.htm

Ilfak Guilfanov, well known in "reverse engineering" circles for his wildly popular IDA Disassembler, needed a temporary patch for his own system due to the seriousness of the WMF vulnerability.
Was just coming to post this link myself. Patch works perfectly. Anybody that doesn't have GRC link in his/her Favorites file should add it. Security god and a really good guy!

bluemoney 2006-01-03 07:09 PM
I would be remiss if I didn’t mention this link was provided to me on another board from a user named StrangeDay. I don’t know if he or she is a member here, but they do deserve props on this one |thumb


All times are GMT -4. The time now is 10:08 AM.

Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
© Greenguy Marketing Inc