glitch – Page 22 – Nuudelisoppa

2006/01/06

Microsoft's patch for the WMF vulnerability

Microsoft Security Bulletin MS06-001 discusses the WMF vulnerability and provides patches for 2k, Xp and Server. W98, 98SE and ME are left unpatched, as Microsoft claims that “although Windows 98, Windows 98 Second Edition, and Windows Millennium Edition do contain the affected component, the vulnerability is not critical because an exploitable attack vector has not been identified that would yield a Critical severity rating for these versions.”

Who should read this document: Customers who use Microsoft Windows

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately.

Microsoft

2006/01/04

Microsoft paikkaa WMF-turva-aukon viikossa

“Microsoft aikoo julkaista ensi tiistaina päivityksen, joka korjaa Windows-järjestelmissä havaitun vakavan tietoturva-aukon. Yhtiö kertoo, että tietoturvapäivitys on valmis mutta testaus kesken.”

YLE24

2006/01/03

GD67: Panasonicin paskapuhelin

Kirjoitin tänään kahta viestiä vähän niin kuin rinnakkain eli pidin molempia puhelimen lähtevissä viesteissä tallessa, ja kun tuli aika lähettää, niin vaikka se listauksessa näytti ne kaksi, ja toisen pystyi avaamaan normaalisti, niin sen toisen niistä valitseminen antoi näyttöön sekin vain sen ensimmäisen! Sitten kun koetin lähettää sitä toista, se muuttui siinä listauksessakin siksi ensimmäiseksi eli siinä oli nyt enää se ensimmäinen viesti kaksi kertaa.

Kaiken huipuksi sen jälkeen sen toisesta ensimmäiseksi muuttuneen taikaviestin poistaminen ei onnistu mitenkään! Vaikka valitsee poista niin se vain olla möllöttää siellä. Eikä puhelin tarjoa mitään muuta poistamiskeinoa (kuten “Poista kaikki”) kuin se yksittäin Poistaminen. Lukeminen, muokkaaminen tai lähettäminenkään ei toimi, eli se Poista on ainoa joka edes hetken tiedostaa tuon viestin olemassaolon, mutta sekään ei sitä siis sitten kuitenkaan poista. Viesti on kai joutunut jotenkin näiden toimintojen käsittelemän muistialueen ulkopuolelle ilmeisesti.

2006/01/02

Wmf kenties historian pahin turva-aukko

“F-Securen viruslaboratorion johtajan Mikko Hyppösen mukaan […] wmf-tiedostojen ominaisuus näyttää myös viittaavan siihen, että käytännössä kaikki Windows-versiot aina 15 vuoden takaiseen Windows 3.0 -versioon saakka ovat haavoittuvia. Kyseessä on siis laajin koskaan löydetty turva-aukko, joka vaivaa käytännössä kaikkia maailman satoja miljoonia Windows-käyttäjiä. Kun rikolliset löysivät aukon ennen tietoturvatahoja ja muuttivat sen nollapäivähyökkäykseksi, on kyseessä harvinaisen paha yhdistelmä.”

Tietokone via Just Sopivasti

2006/01/01

Temporary fix for the WMF vulnerability

“This week a new vulnerability was found in Windows […]. Microsoft will certainly come up with a thouroughly tested fix for it in the future, but meanwhile I developed a temporary fix – I badly needed it.

The fix does not remove any functionality from the system, all pictures will continue to be visible. […]

If for some reason the patch does not work for you, please uninstall it. […] I recommend you to uninstall this fix and use the official patch from Microsoft as soon as it is available.”

Hex blog via F-Secure via Viistolla pinnalla

2005/12/29

New exploit blows by fully patched Windows XP systems

“We saw a new nasty exploit yesterday around 5:00 PM. […]

We have a number of sites that we have found with this exploit. Different sites download different spyware. We only had a handful of websites using this new exploit but now we are seeing many more using this to install bad stuff. […]

Folks, I’ve seen it with my own eyes and this is a really bad exploit. Be careful out there.”

Sunbelt Blog via BlogsNow

Microsoft Security Advisory 912840 discusses a “Vulnerability in Graphics Rendering Engine [which] Could Allow Remote Code Execution.”

F-Secure lists sites you should avoid until the vulnerability is patched.

2005/12/08

Firefox 1.5 buffer overflow

“Basically firefox logs all kinda of URL data in it’s history.dat file, this little script will set a really large topic and Firefox will then save that topic into it’s history.dat.. The next time that firefox is opened, it will instantly crash due to a buffer overflow — this will happen everytime until you manually delete the history.dat file — which most users won’t figure out.

this proof of concept will only prevent someone from reopening their browser after being exploited. DoS if you will. however, code execution is possible with some modifcations.”

packet storm via Juha

2005/12/03

Xbox 360 Scratches Game Disks

“A growing number of Xbox 360 customers are reporting having problems with their [discs] getting scratched by the DVD drive when switching the unit’s position from vertical to horizontal and vise versa.. Initially we thought this was the usual fanboy vs. hater propaganda that swirls around the launch of any new console like this. It didn’t take long until the seriousness of the situation reared it ugly head right here in the Llamma’s shop. I personally have experienced this issue not once but twice already.”

The Llama’s Adventures via Juha

Check out the video; the buzzsaw-like sound the Xbox makes when destroying the disc is ugly enough to make you gasp!

Although I categorized this as a bug/glitch, I wouldn’t directly point the finger at Microsoft with this one. Having said that, I’d like to think I would never tilt my PS2 with the power on, but it’s easy enough to imagine a hard core gamer teenboy in the middle of a mission, when mom comes in with her vacuum cleaner and you just think “well maybe it’ll take it just this once…”

2005/12/03

Iceland left in the cold after cable cut

“Many companies on Iceland were again without broadband internet last week when the Farice Line, a 1400 km long fibre optic line connecting Iceland to Europe through the Faroe Islands and Scotland, was cut near Inverness. Apparently, a digger accidentally severed it.

According to Iceland Online it is the 17th time in less than two years that the main communications link to and from Iceland has been cut. On two earlier occasions rats had chewed through the line. Most interruptions lasted between three and nine hours.”

The Register via TSOB

2005/11/27

Steve Jobs Ruined My Thanksgiving

“I recently got an iPod Nano, mainly because I’m annoyed at the limitations of my iPod Shuffle on long trips (like flying half way around the world). Two nights ago, I fired up iTunes and finally accepted its offer to upgrade from version 4.9 to version 6.0. That was a big fucking mistake–a mistake that I’ve spent the last two days attempting to recover from.”

J. Zawodny via BlogsNow

I’ll fully subscribe to Adam’s view on this:

“Sure, Apple’s got a neato click wheel. That’s admittedly nice. But other than that, I really don’t see the allure of the whole iPod brand other than as something that’s “trendy.” And, as we see here, rather buggy to boot.”