December 29th, 2005
OK, I mentioned that I infested a virtual machine with the current WMF 0-day exploit. First I should probably clarify. An exploit is a means of getting in to a system. The payload is the software that is installed. In the case of my experience there was a long list of pests installed. Given that the exploit enables any software to be installed, your experience may be different. That’s the first thing I want to make clear, depending on where and when you were affected you may see vastly different malware.
Read the rest of this entry »
Posted in Computers, Security, Tech Support, Viruses, Windows | 1 Comment »
December 29th, 2005
I’ve read the security advisory and unfortunately Microsoft doesn’t give any real workarounds. (There have been several announced from other sources.) Unfortunately, Microsoft: 1)urges caution in opening email and links from untrusted sources, and 2) wants you to call them if you’ve been affected by this. (1-866-PCSAFETY) and 3) make sure you have all updates (which currently don’t protect against this vulnerability) and a list of other things that don’t mitigate against this threat. Disappointing.
Correction — I just noticed, they do mention the “unregister” workaround, I missed it when I looked at the document I missed that you have to click on “workarounds” after viewing the “suggested actions” section. After all that time working on the virtual machine I’m probably not as sharp as I could be.
Posted in Computers, Security | No Comments »
December 29th, 2005
Last night while I was in the midst of infecting a virtual machine, Microsoft issued a release that there’s a “possible vulnerability”… fortunately, their technical document is a bit more straightforward… technet advisory here. Spyware Confidential also has a good roundup on the coverage so far. There’s a bit more disturbing stuff coming too…
Read the rest of this entry »
Posted in Computers, Security, Viruses | No Comments »
December 29th, 2005
Well, I’ve just spent the better part of 6 hours (maybe a bit more) “sacrificing” a virtual machine to the zero-day Windows Meta File (WMF) exploit and all the malware that comes in. I picked one site from the sunbeltblog list to infect the virtual machine with and can attest to it being quite nasty. I was able to get the virtual machine *mostly* clean. I still haven’t gone back over it to try and make sure, but I’ll be posting some details from the “fun” tomorrow.
Read the rest of this entry »
Posted in Computers, Security, Viruses | 1 Comment »
December 29th, 2005
I don’t know off the top of my head of a graphical joystick calibrator for linux, but there is a command line utility that’s dead easy to use…. jscal I found the tip in a flightgear mailing list after having a hard time with one of the first flights. The stick was very far off center, I had to pull almost all the way to the right to keep level. Anyway… here’s the tip.
Read the rest of this entry »
Posted in Computers, Linux, Tech Support | No Comments »
December 28th, 2005
Again – I’m NOT an expert on the subject, but have had some success with building rpm’s from either src.rpms (covered last time) and building from tarballs… This entry will talk about the simplest kind of rpm build from tarballs. This is a situation where the developer’s in their great foresight have actually got a spec file in the tarball (and it’s kept current).
Read the rest of this entry »
Posted in Computers, Linux, Tech Support | No Comments »
December 28th, 2005
Linux supports long file names, in some (many?) ways better than windows. However, when I moved over to linux I had tons of files with spaces in the name. This isn’t really a problem usually, but it can be a bit annoying having to enclose the filename in quotes for everything… anyway. Most of these were mp3’s that I had ripped from my collection of cd’s to store on the server. The script I used to automatically play through the music archive had problems dealing with the spaces (and I didn’t want to figure out how to make it work…) so I found another solution….
Read the rest of this entry »
Posted in Computers, Linux, Tech Support | No Comments »
December 28th, 2005
There are at least two other workarounds for the Windows Meta File (WMF) exploit that I’ve been looking into this afternoon. These from sunbelt blog.
First up…
2. Change file associations for WMF files.
An equally ugly fix (but perhaps preferable) is to do the following:
1. Go to My documents, Tools, Folder Options, File Types.
2. Change WMF Image to notepad and select always open with this.
Your WMF files will open in Notepad. Ugly, but it is a fix.
Read the rest of this entry »
Posted in Computers, Security, Viruses | No Comments »
December 28th, 2005
It’s worth repeating a few things here. There is a nasty exploit in the way that WMF images are parsed in Windows. This means that WITHOUT user intervention a system can be remotely exploited and through that exploit various software (spyware, viruses, other malware) can be installed. There is no patch at this moment, I don’t know of my AV vendors that detect it (f-prot seems to according to their blog posts.) There is a workaround TO PREVENT INFECTION. If the system is already infected, reinstallation may be the only solution.
Read the rest of this entry »
Posted in Uncategorized | No Comments »
December 28th, 2005
The Windows Meta File (WMF) zero-day (0-day) exploit is apparently, VERY nasty, no user intervention required (unless running firefox or opera). Just VISITING a malicous site (viewing a malicious email with image…) would be enough to get the system owned. It sounds as though a FULL reinstall is the best solution. Sunbelt has had some coverage…
Read the rest of this entry »
Posted in Computers, Security, Viruses | No Comments »
