Wednesday, December 28, 2005

WMF File Exploits

The WMF file exploits are in the wild. For those who don't know what they are, a metafile is a collection of structures that store a picture in a device-independent format (according to Microsoft). Security professionals have been hearing rumors of the vulnerabilities in these metafile for probably the next month, but now the vulnerability is in the wild.

What can it do to your computer? See this link to open a Windows Movie about what happens to your computer. From what I understand, the only real way to irradicate this intrusion is to rebuild your machine.

The SANS Institute has moved their infocon level to yellow, indicating an increased vulnerability level on the internet. See the daily diary for more information.

One workaround being passed around the internet is as follows:
According to iDefense, Windows users can disable the rendering of WMF files using the following hack:

1. Click on the Start button on the taskbar.
2. Click on Run...
3. Type "regsvr32
/u shimgvw.dll" to disable.
4. Click ok when the change dialog appears.

iDefense notes that this workaround may interfere with certain thumbnail images loading correctly, though I have used the hack on my machine and haven't had any problems yet. The company notes that once Microsoft issues a patch, the WMF feature may be enabled again by entering the command "regsvr32 shimgvw.dll" in step three above.

There still may be metafiles not associated with this dll, so YMMV.

Update - 2200 ET - Microsoft has confirmed much of this information with the following advisory:

Monday, December 26, 2005

RED HERRING | The Business of Technology

RED HERRING | The Business of Technology

Red Herring Magazine has their top security trends for 2006. Highlights include phishing at lower levels, worms targeting businesses, and wireless security focus.

Friday, December 23, 2005

MSNBC - Let's see some ID, please

MSNBC - Let's see some ID, please

This is an article about the possible release to consumer PC that is called the Trusted Platform Module (that will be integrated with the chipset). I have mixed feelings about this, as does the article.

However, security expert Bruce Schneier has much concern in a recent blog entry.

Monday, December 12, 2005

Tips for helping remove and or prevent spyware.

spyaxe removal

SpyAxe is a real pain when it comes to possible spyware/scumware. Here are some sites that might help remove this PITA.

Spyaxe removal - Tech Support Guy

Geeks to Go SpyAxe Removal

CastleCops Spyaxe Removal