Ilfak Guilfanov, who has brilliantly come up with the ONLY legitimate patch for the WMF exploit, has a new tool to check to make sure it’s working. Link to his vulnerability checker here. Link to the actual WMF exploit patch here. I recommend applying his hotfix.  At this point, it is the only broadly effective […]

From SANS: Updated version of Ilfak Guilfanov’s patch Published: 2006-01-01,Last Updated: 2006-01-01 18:54:14 UTC by Tom Liston Ilfak Guilfanov has released an updated version of his unofficial patch for the Window’s WMF issue. We have reverse engineered, reviewed, and vetted the version here. Note: If you’ve already successfully installed the patch, this new version adds […]

So why is this new WMF email such a problem? Well because of other developing information that a few others including SANS have already talked about it. The people at FrSIRT have posted an updated version of the WMF exploit code and our friends over at F-Secure said: enables clueless newcomers to easily craft highly […]

1/1/2006 In an email advisory I just received from McAfee AVERT labs a new version of the WMF exploit using new Exploit-WMF code released today has been confimed in spam attacks resulting in the installation of a new Backdoor-CEP variant. An email message containing the Exploit-WMF sample built from this new code has been spammed. […]

Last night I was checking our website from home and the connection was brutally slow.  I managed to catch our head of IT via Instant Messenger and he checked into it. Well, it turns out that a major blog was linking to our Silly Putty Physics Experiment and it was killing the T-3 that our […]

I recently picked this one up on a Borland alumni list I’m part of — the Computer History Museum is working on a cool project to document the histories of key software companies. It’s still evolving, but if you worked for any of the companies listed and have some history to share, feel free to […]

I had the pleasure of attending a Boxing Day dinner last Monday with some British friends, and had an animated discussion with one Brit about the fact that in the UK, practically of your moves are being recorded on cameras. This started with the discussion of the fact that recently, the UK government has started […]

Wired writes about click fraud. Yes, there is click fraud, but this article includes breathless statements like “It’s search giants against scam artists in an arms race that could crash the entire online economy.”  Excerpt: Pay-per-click is the fastest-growing segment of all advertising, reports the Interactive Advertising Bureau. Last year, Yahoo! alone ran more than […]

Just a reminder that if you are using Snort rules for this exploit, check for updates. Bleeding- Edge Snort has posted a newer one here. Also if you are using Snort rules in the free Sunbelt Kerio Personal Firewall, update your signatures to the latest (simply append them to the file “bad-traffic.rlk” in the \Program Files\Sunbelt […]

Earlier I had written that in our preliminary tests, hardware-enforced DEP was effective at blocking the new WMF file exploit.  Software-enforced DEP was not. However, some were having difficulties making it work.  In one case, for example, a fellow security researcher had to use a different switch in DEP than we had used. Another had […]