Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

WMF (Windows meta file) exploit
The SANS Institute ^ | January 2, 2005 | Various

Posted on 01/02/2006 5:07:56 AM PST by KeyWest

Looking forward to the week ahead, I find myself in the very peculiar position of having to say something that I don't believe has ever been said here in the Handler's diary before: "Please, trust us."

I've written more than a few diaries, and I've often been silly or said funny things, but now, I'm being as straightforward and honest as I can possibly be: the Microsoft WMF vulnerability is bad. It is very, very bad.

(Excerpt) Read more at isc.sans.org ...


TOPICS: Miscellaneous; News/Current Events; Technical
KEYWORDS: backdoor; exploit; getamac; internetexploiter; lookoutexpress; lowqualitycrap; microsoft; securityflaw; trojan; trojans; virus; virusbait; windows; wmf
Navigation: use the links below to view more comments.
first previous 1-2021-4041-50 next last
To: Born Conservative

Dang. You mean it ISN'T a computer forum?


21 posted on 01/02/2006 7:23:31 AM PST by rlmorel ("Innocence seldom utters outraged shrieks. Guilt does." Whittaker Chambers)
[ Post Reply | Private Reply | To 8 | View Replies]

To: rlmorel
>You mean it ISN'T a computer forum?

Well, if Forbin can
cut the Colossus links to
Guardian we can

get back to chatting
about news and politics.
Till then, it's tech stuff . . .

22 posted on 01/02/2006 7:29:22 AM PST by theFIRMbss
[ Post Reply | Private Reply | To 21 | View Replies]

To: wvobiwan
Don't you love MS development strategy? "Get it to market first, then finish programming."

What i naive comment. EVERY company releases software before it is finished: name one that doesn't.

No one who programs can say that their software is complete and bug-free. Hell, even if it's just 1 line of code you still can't be certain due to the code that runs under yours.

Program a little, put it in production, and see how much crap people find: it is truly astonishing. Do it without a profit motive and they will actually find more because you aren't as careful.

23 posted on 01/02/2006 7:48:01 AM PST by wireplay
[ Post Reply | Private Reply | To 3 | View Replies]

To: theFIRMbss

LOL!!!!


24 posted on 01/02/2006 8:18:56 AM PST by rlmorel ("Innocence seldom utters outraged shrieks. Guilt does." Whittaker Chambers)
[ Post Reply | Private Reply | To 22 | View Replies]

To: wireplay

I don't code, but I see lots of parallels to confirm the truth in that.

Humans (we) are monkeys with typewriters. If you want something broke or exploited, release it to the masses. As sure as God made little green apples, it is going to break.

I don't necessarily hold it against MS or Apple when they release an OS update and something doesn't work. That happens. I hold it against them when they don't fix it ASAP when it is discovered.

I am much more critical of software companies...they have a more focused approach, and testing can be much more rigorous. Their products should be cleaner and more functional on first releases, IMHO.


25 posted on 01/02/2006 8:24:20 AM PST by rlmorel ("Innocence seldom utters outraged shrieks. Guilt does." Whittaker Chambers)
[ Post Reply | Private Reply | To 23 | View Replies]

To: backhoe
I agree; this is a great place for computer advice.

Here is an example of someone complaining about using FR for computer help.

26 posted on 01/02/2006 8:37:27 AM PST by Born Conservative (Chronic Positivity: http://www.livejournal.com/users/jsher/)
[ Post Reply | Private Reply | To 11 | View Replies]

To: Born Conservative

I actually got more answers, faster, here than on VirtualDr a couple of years ago- we have around 233,000 members now, but even then, with so many different people, professions, hobbies, etc., you can get just about any question answered, or get pointed in the right direction.


27 posted on 01/02/2006 8:43:35 AM PST by backhoe (-30-)
[ Post Reply | Private Reply | To 26 | View Replies]

To: wvobiwan
Don't you love MS development strategy? "Get it to market first, then finish programming."

I suspect it's worse than that. Probably something more like. "Start coding, we'll design it later"

28 posted on 01/02/2006 10:31:02 AM PST by El Gato (The Second Amendment is the Reset Button of the U.S. Constitution)
[ Post Reply | Private Reply | To 3 | View Replies]

Bump


29 posted on 01/02/2006 11:35:58 AM PST by csvset
[ Post Reply | Private Reply | To 1 | View Replies]

To: rlmorel

You don't necessarily know what the issue is when a problem is discovered. I once spent 2 days tracking down a misplaced semicolon. You can bet the MS coders are pouring through it but even when you find it, you have to assess the impact on the other code for a fix. People act as if there is a behemoth behind all of this but my guess is that the load falls on a small number of coders to get it isolated and corrected.

Microsoft tests their code base on more than 10,000 software configurations and probably has a better QA department than any other software firm. That said, things get through. QA tests are only as good as who made the tests and they don't predict the real world use.

Imagine a machine where there are 200 million moving parts. You can work your tail off to isolate all possible failures but it is a bitch to get it 100% correct. Sure, we all want more stable software products but get into the code side and see how complex these things are. You have to realize that software is THE most complex thing ever created by human beings and we're are certainly not perfect.

Personally, I am suprised that Windows and its programs work as well as they do. I give Microsoft credit for making the best software available...period.


30 posted on 01/02/2006 4:33:29 PM PST by wireplay
[ Post Reply | Private Reply | To 25 | View Replies]

To: wireplay

I kind of give them credit for that as well. To put out releases that don't break hardware and software is a real feat.


31 posted on 01/02/2006 6:18:24 PM PST by rlmorel ("Innocence seldom utters outraged shrieks. Guilt does." Whittaker Chambers)
[ Post Reply | Private Reply | To 30 | View Replies]

To: rlmorel

I saw their next O\S (Vista) in alpha mode running a 1985ish program at the last TechEd. They really strive to make things work in today's world but not break what runs yesteryear. That takes feats of programming. As a coder, I respect that level of effort.


32 posted on 01/02/2006 6:24:31 PM PST by wireplay
[ Post Reply | Private Reply | To 31 | View Replies]

To: rlmorel
This struck me as kind of a stupid thing to say. As if the people who distribute these damned things give a crap about whether it is going to deleteriously impact their victims!

Dude, the people who PUBLISHED the "new and improved" version are supposed to be on OUR side. Or at least they CLAIM to be.

I have to agree with the author. What a bonehead move on somebody's part.

33 posted on 01/02/2006 8:22:40 PM PST by an amused spectator (Bush Runner! The Donkey is after you! Bush Runner! When he catches you, you're through!)
[ Post Reply | Private Reply | To 20 | View Replies]

To: Born Conservative

Yeah - but al baby put him in his place...


34 posted on 01/02/2006 8:25:10 PM PST by an amused spectator (Bush Runner! The Donkey is after you! Bush Runner! When he catches you, you're through!)
[ Post Reply | Private Reply | To 26 | View Replies]

To: wireplay
I once spent 2 days tracking down a misplaced semicolon.

Ain't it the truth?

What's worse is when you read the code, and your MIND sticks the semicolon in there...

That's usually another several hours, depending on how computer-melted your brain is by that time.

35 posted on 01/02/2006 8:29:36 PM PST by an amused spectator (Bush Runner! The Donkey is after you! Bush Runner! When he catches you, you're through!)
[ Post Reply | Private Reply | To 30 | View Replies]

To: KeyWest
In essence, if you are using MSIE you are particularly vulnerable.

(C) 1998. All Rights Reserved.

36 posted on 01/02/2006 8:33:41 PM PST by ReignOfError
[ Post Reply | Private Reply | To 1 | View Replies]

To: wireplay
Imagine a machine where there are 200 million moving parts.

If you have a machine with 200 million moving parts, the engineers aren't just addressing the problem. The engineers are the problem.

Personally, I am suprised that Windows and its programs work as well as they do. I give Microsoft credit for making the best software available...period.

Except for all the others.

37 posted on 01/02/2006 8:37:57 PM PST by ReignOfError
[ Post Reply | Private Reply | To 30 | View Replies]

To: KeyWest

I don't seem to see anything telling what the symptoms are.


38 posted on 01/02/2006 8:38:07 PM PST by BlessedBeGod (Benedict XVI = Terminator IV)
[ Post Reply | Private Reply | To 1 | View Replies]

To: KeyWest
I am so amazed that it works as well as it does, that I don't have any complaint if it messes up a little. We are in the beginning of understanding a technology that will ultimately prove itself smarter than all of us.
39 posted on 01/02/2006 8:40:17 PM PST by Bonafide (Everything is Simple When You Understand It!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: BlessedBeGod
I don't seem to see anything telling what the symptoms are.

It's not a virus it's an exploit. A means of gaining access to your computer. A malicious person can do *anything* he wants using this exploit.

It looks pretty serious. I would suggest at the very least performing the Microsoft workaround mentioned on the various sites linked here.

Otherwise, I would suggest you not continue reading FR, since any hack DU clown could post a malicious image in a thread here and you are done.

As I understand it, anyway.

40 posted on 01/02/2006 9:03:12 PM PST by Royal Wulff
[ Post Reply | Private Reply | To 38 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-50 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson