Illusions of Security

SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System

In the January 18th diary entry, Swa Frantzen gives a great diatribe about the illusion (or disillusions) that some people in the industry have about security on the Internet.

You never can be 100% assured of security. The best you can do is layer your security posture so that if one level is breached, you have several layers of protection to protect your personal data.

WMF "flaw" intentional?

Security Now! Transcript of Episode #22

Steve Gibson, in his Security Now podcast with Leo Laporte, is explaining the WMF flaw and the possibility that this was an intentional backdoor put into the system.


Update (1/20/2006) - In his episode 23, Steve Gibson backs off some of the backdoor talk and further expands on the issues (or lack thereof) in the Windows 9X line of OS.

Is WMF Vulnerabilities dead yet?

Microsoft Windows Graphics Rendering Engine Multiple Memory Corruption Vulnerabilities

Announced over Bugtraq this weekend (published today), two more functions may be vulnerable to Metafile issues.

Internet Free Speech at Risk

Create an e-annoyance, go to jail | Perspectives | CNET News.com

Could your first amendment rights be at risk on the internet? See this article about changes in federal law about "annoying" someone on the internet, you cannot do so anonymously.

I wonder if what might be the first test case and the legality could be.

Microsoft Out of Cycle Patch

Microsoft Security Bulletin Advance Notification

Microsoft is releasing (GASP Out of Cycle) MS06-001, it's fix for the WMF file issues announced last week. It is supposed to be available after 5pm ET.

DOWNLOAD IT ASAP, even if you load Ilfak's patch.

Thank you Microsoft for releasing it when testing was done, not in the regular cycle.

MetaFile Problems Continue..

The SANS Institute's Internet Storm Center (ISC) has raised the infocon level back to yellow, based on the metafile issues that were announced December 28. F-Secure has announced the discovery of using .jpeg attachments in email to propogate this virus/vulnerability and the irresponsible disclosure by FRIST.

There is a temporary patch that is being recommended by the ISC written by Ilfak Guilfanov that will mitigate the problem. The patch can be downloaded at http://handlers.sans.org/tliston/wmffix_hexblog14.exe.

You are still HIGHLY recommended to unregister the dll I listed on December 28th in addition to this patch.

SECURE YOUR COMPUTER. I will be testing it at home and will let post if there are any problems noticed.

Update - 1/3/06 - I have had no issue with the patch so far. Microsoft is scheduled to release their patch on 1/10/06, depending on the results of their testing. The patch put out by Ilfak can be easily uninstalled and should be when Microsoft releases their patch.