A patch to fix the VERY BAD WMF metafile vulnerability! Go the the link, download the patch, and install it. It is VERY important that you do this immediately!
WMF Metafile Patch
This patch offers complete protection for the problem EXCEPT for Windows 98, it won’t fix that (but, hopefully, you aren’t using 98 anyway!) Once Microsoft gets around to responding with their own patch, this patch can be uninstalled in “Add Remove Programs.” Remember, it is ABSOLUTELY necessary to install this patch! Listen to your Doctor! This is the WMF Metafile patch that Steve Gibson recommended on the Security Now! Podcast!
REMEMBER: This fixes a problem that does NOT require you to click on an attachment, or do ANYTHING… just visiting a web page that contains an “infected” image, and you are infected by the WMF Exploit! Take this one seriously!
Podcast: Play in new window | Download (Duration: 36:25 — 12.5MB) | Embed
Subscribe: Apple Podcasts | Android |
Dr. Bill Podcast – 17 – (01/01/06)
Click on the “Streaming MP3” badge below to play Streaming Audio of this Podcast.
(Right-Click on the Link Above and Choose “Save” to Save the MP3 file locally on your PC.)
Click on the “Streaming Ogg” badge below to play Streaming Ogg Vorbis Format Audio of the Podcast.
Download Ogg Vorbis Format
(Right-Click on the Link Above and Choose “Save” to Save the Ogg Vorbis file locally on your PC.)
Intro – Happy New Year!, Time Warner Cable Broadband rocks!, Comcast Connection Blues, Link to the video by Three Dead Trolls, “Every OS Sucks”
Every OS Sucks Video
The First Video Game: SpaceWar! (1960 on the DEC PDP/11), The Sad Irony of SCO, more evil than Microsoft!, Virus Poses as a Leaked MSN Messenger Beta!, Peter Quinn, CIO of Massachusetts, announced that he will resign, effective in January, from his post, due to flack that he has gotten for standing up for the OpenDocument standard, Women Now Out-Number Men On-Line, Windows WMF metafile flaw allows system compromising behavior, Star Trek: TNG “Beep” Badges in the corporate world, Return of the Commmand Prompt!, Microsoft creates “Monad” to add Windows shell scripting… Ad-Ware Writers take advantage of the Windows Exploit! (By the way, turns out I WAS right about SCO Xenix, check out this quote: “SCO produced XENIX, an Intel 8088 port of AT&T Unix System III with some BSD-like enhancements, in 1983.” Good memory, huh?!?) HAPPY NEW YEAR!
I told you about the VERY SERIOUS Windows exploit that came out a few days ago that involves the Windows metafile property in Windows. This exploit effects all versions of Windows, including older versions. It allows web sites, or banner ad creators to embed code into images that can then be executed by simply visiting a web site. You don’t have to go to a bad site, just one that uses a banner ad, or some other image from an Ad-Ware company… which are all over the Web!
Windows Exploit Now Spreading Ad-Ware!
“Researchers said that sites running pop-up advertisements from the network will infect viewers with vulnerable systems.”
As an old DOS hacker, the C:\> prompt was my friend! In these graphical user interface days, no one really thinks about it that much. There are still some things that you can only do from the ol’ C:\> prompt! Well, there is more on the way in Vista!
Return of the Command Prompt
“Code-named Monad, the new shell will enable a host of new programs known as scripts–something at which rival Unix operating systems have historically excelled. While these new commands and scripts will interest primarily administrators and power users, less-technical types may benefit from Monad scripts that could circulate on the Internet as Unix scripts do. For example, a Monad script might quickly reorganize files and directories based on their name or creation date–a task that can take a fair bit of manual labor in Windows Explorer.”
“Riker to Bridge!”, he says as he hits the badge on his chest. You have seen it on Star Trek: The Next Generation, and now you may be seeing it in corporate America! Very cool!
Star Trek Comes to Corporate World!
I want one! Maybe I can talk CCL (where I work) into it? Well, maybe! Now if they could just beam me to work!
This one is major nasty! It affects fully patched Windows XP systems running Service Pack 2, and is actually out in “the wild.”
Really BAD Exploits Treatens Windows XP
“A new exploit has been discovered in the wild that affects fully patched Windows XP SP2 systems, according to reports by security firms F-Secure and Sunbelt. The malicious code takes advantage of a vulnerability in the WMF graphics rendering engine to automatically download and install malware. WMF, or Windows Metafile, is a vector based image format used by Microsoft’s operating systems. SHIMGVW.DLL is loaded to render the images and contains a flaw that opens the door for a malformed WMF image to cause remote code execution and potentially allow for a full system compromise.”
Microsoft has been notified of the issue, and they are expected to come out with a patch soon.
Computers and the Internet have long been considered a “man’s world,” some would even say it is only a geek’s world! (With geeks being mostly men!) So, a subset of a subset! However, this is no longer true! Women now out-number men, according to a new study!
Women on the Web
While a slightly larger percentage of men than women are online (68 percent vs. 66 percent,) the larger population of American women tips the balance. Other findings: younger women and black women outpace their male peers by larger margins than the wider population.
Very nice! Keep it up, ladies!
Peter Quinn, CIO of Massachusetts, announced that he will resign, effective in January, from his post, due to flack that he has gotten for standing up for the OpenDocument standard for Mass. government. It seems that Microsoft is winning this one!
Mass. CIO Resigning
“Peter Quinn, the man responsible for bringing OpenDocument to the state of Massachusetts as CIO will resign on January 9, citing the controversy around the decision as well as personal attacks aimed at him as reasons for his departure,” according to BetaNews.
The move to standardize on the OpenDocument format for all electronic documents in Massachusetts began on September 1, when the proposal was first approved. The plan was quickly attacked by Microsoft, which called it “inconsistent and discriminatory.” The Evil Empire has been flexing it’s muscle since then to destroy this effort toward open standards in government.
Don’t download and install a BOGUS MSN Messenger Beta! (Actually, I wouldn’t install MSN Messenger in any case!!) But THIS one is a virus!
MSN Messenger Beta really a Virus
If you must IM, IM with a really good client, like Trillian! And, if you use IM, be sure to use Avast! Anti-virus, which works with IM clients!
“Unsuspecting Windows users who install the phony MSN Messenger Version 8 ‘beta’ actually install an IM worm that spreads to their IM contacts, and connects their computer to a remote control ‘bot’ network run by malicious hackers, according to F-Secure Corp., an antivirus firm based in Helsinki.”
SCO is very EVIL! More so than even Microsoft! SCO (the Santa Cruz Operation) is the company that decided that instead of innovating, instead of developing great, new products, they would try and make money by litagating. I.E., they took anyone and everyone to court that was using Linux in a major way, with the bare faced lie that “Linux” had stolen their (some say with good reason that they don’t even own it) UNIX source code. How a huge, Open Source project with no one company behind it can “steal” is, of course, a bit of a problem too. It would be like saying another movement like, oh, let’s say the “right to life” movement, stole source code. As a movement, it has adherents all over the world, from every walk of life. How does a movement “steal?” Well, anyway, SCO is evil… and they are paying for it. Their market share has plummeted. They are losing money hand-over-fist. But it COULD have been different!
The Sad Irony That is SCO!
It is hard to feel sorry for them, though. They made their bed. Now they are lying in it… and a nasty bed it is.