WMF Vulnerability checker

Ilfak Guilfanov, who has brilliantly come up with the ONLY legitimate patch for the WMF exploit, has a new tool to check to make sure it’s working. Link to his vulnerability checker here. Link to the actual WMF exploit patch here. I recommend applying his hotfix.  At this point, it is the only broadly effective […]

Continue reading

Updated version of Ilfak Guilfanov’s WMF patch

From SANS: Updated version of Ilfak Guilfanov’s patch Published: 2006-01-01,Last Updated: 2006-01-01 18:54:14 UTC by Tom Liston Ilfak Guilfanov has released an updated version of his unofficial patch for the Window’s WMF issue. We have reverse engineered, reviewed, and vetted the version here. Note: If you’ve already successfully installed the patch, this new version adds […]

Continue reading

WMF files that currently bypass all detections

So why is this new WMF email such a problem? Well because of other developing information that a few others including SANS have already talked about it. The people at FrSIRT have posted an updated version of the WMF exploit code and our friends over at F-Secure said: enables clueless newcomers to easily craft highly […]

Continue reading

New WMF exploit confirmed in spam attacks

1/1/2006 In an email advisory I just received from McAfee AVERT labs a new version of the WMF exploit using new Exploit-WMF code released today has been confimed in spam attacks resulting in the installation of a new Backdoor-CEP variant. An email message containing the Exploit-WMF sample built from this new code has been spammed. […]

Continue reading

What’s with all the bandwidth? Ah — silly putty!

Last night I was checking our website from home and the connection was brutally slow.  I managed to catch our head of IT via Instant Messenger and he checked into it. Well, it turns out that a major blog was linking to our Silly Putty Physics Experiment and it was killing the T-3 that our […]

Continue reading

Computer History Museum assembling histories of companies

I recently picked this one up on a Borland alumni list I’m part of — the Computer History Museum is working on a cool project to document the histories of key software companies. It’s still evolving, but if you worked for any of the companies listed and have some history to share, feel free to […]

Continue reading

Government cameras

I had the pleasure of attending a Boxing Day dinner last Monday with some British friends, and had an animated discussion with one Brit about the fact that in the UK, practically of your moves are being recorded on cameras. This started with the discussion of the fact that recently, the UK government has started […]

Continue reading

Wired on Click Fraud

Wired writes about click fraud. Yes, there is click fraud, but this article includes breathless statements like “It’s search giants against scam artists in an arms race that could crash the entire online economy.”  Excerpt: Pay-per-click is the fastest-growing segment of all advertising, reports the Interactive Advertising Bureau. Last year, Yahoo! alone ran more than […]

Continue reading

Snort rules for WMF exploit updated

Just a reminder that if you are using Snort rules for this exploit, check for updates. Bleeding- Edge Snort has posted a newer one here. Also if you are using Snort rules in the free Sunbelt Kerio Personal Firewall, update your signatures to the latest (simply append them to the file “bad-traffic.rlk” in the \Program Files\Sunbelt […]

Continue reading

Microsoft clarifies "DEP" issue

Earlier I had written that in our preliminary tests, hardware-enforced DEP was effective at blocking the new WMF file exploit.  Software-enforced DEP was not.  However, some were having difficulties making it work.  In one case, for example, a fellow security researcher had to use a different switch in DEP than we had used. Another had […]

Continue reading