Thursday, January 19, 2006

Illusions of Security

SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System

In the January 18th diary entry, Swa Frantzen gives a great diatribe about the illusion (or disillusions) that some people in the industry have about security on the Internet.

You never can be 100% assured of security. The best you can do is layer your security posture so that if one level is breached, you have several layers of protection to protect your personal data.

Friday, January 13, 2006

WMF "flaw" intentional?

Security Now! Transcript of Episode #22

Steve Gibson, in his Security Now podcast with Leo Laporte, is explaining the WMF flaw and the possibility that this was an intentional backdoor put into the system.


Update (1/20/2006) - In his episode 23, Steve Gibson backs off some of the backdoor talk and further expands on the issues (or lack thereof) in the Windows 9X line of OS.

Monday, January 09, 2006

Is WMF Vulnerabilities dead yet?

Microsoft Windows Graphics Rendering Engine Multiple Memory Corruption Vulnerabilities

Announced over Bugtraq this weekend (published today), two more functions may be vulnerable to Metafile issues.

Internet Free Speech at Risk

Create an e-annoyance, go to jail | Perspectives | CNET News.com

Could your first amendment rights be at risk on the internet? See this article about changes in federal law about "annoying" someone on the internet, you cannot do so anonymously.

I wonder if what might be the first test case and the legality could be.

Thursday, January 05, 2006

Microsoft Out of Cycle Patch

Microsoft Security Bulletin Advance Notification

Microsoft is releasing (GASP Out of Cycle) MS06-001, it's fix for the WMF file issues announced last week. It is supposed to be available after 5pm ET.

DOWNLOAD IT ASAP, even if you load Ilfak's patch.

Thank you Microsoft for releasing it when testing was done, not in the regular cycle.

Sunday, January 01, 2006

MetaFile Problems Continue..

The SANS Institute's Internet Storm Center (ISC) has raised the infocon level back to yellow, based on the metafile issues that were announced December 28. F-Secure has announced the discovery of using .jpeg attachments in email to propogate this virus/vulnerability and the irresponsible disclosure by FRIST.

There is a temporary patch that is being recommended by the ISC written by Ilfak Guilfanov that will mitigate the problem. The patch can be downloaded at http://handlers.sans.org/tliston/wmffix_hexblog14.exe.

You are still HIGHLY recommended to unregister the dll I listed on December 28th in addition to this patch.

SECURE YOUR COMPUTER. I will be testing it at home and will let post if there are any problems noticed.

Update - 1/3/06 - I have had no issue with the patch so far. Microsoft is scheduled to release their patch on 1/10/06, depending on the results of their testing. The patch put out by Ilfak can be easily uninstalled and should be when Microsoft releases their patch.