UGN Security
Posted By: Ghost WMF Vulnerability Patch - 01/04/06 10:43 AM
Info:
http://money.cnn.com/2006/01/03/technology/windows_virusthreat/index.htm?cnn=yes
http://it.slashdot.org/it/05/12/30/1310243.shtml?tid=220

You can grab a patch here:
http://www.hexblog.com/

SANS has verified that this patch is valid and does only what it says it does, nothing more.

Also, as Microsoft and other security firms have suggested, "Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll" (without the quotation marks), and then click OK." This will de-register the vulnerable DLL.

I was actually hit by this vulnerability earlier today while browsing. All you need to do is browse to a malicious website and you can be infected with whatever payload the variant author decides. I suggest that everyone install this hotfix as soon as possible.
Posted By: Defcon Re: WMF Vulnerability Patch - 01/06/06 12:54 AM
Update on this, as of 2pm today Microsoft is releasing a security update. You can download the patch here.

http://www.microsoft.com/technet/security/Bulletin/ms06-001.mspx
Posted By: jonconley Re: WMF Vulnerability Patch - 01/06/06 05:50 AM
Thanks both for the info.
Posted By: paulpierce34 Re: WMF Vulnerability Patch - 01/09/06 09:56 PM
Man, I wish I didn't have a PC. I really respect Gates/Microsoft, because they obviously make the most popular machines, but man, Macs are just so much more reliable. No time wasted downloading security updates, etc. *sigh*
Posted By: Gremelin Re: WMF Vulnerability Patch - 01/09/06 11:21 PM
PSSST, Microsoft doesn't make PC's, they build operating systems/software...

Linux is another, quite secure, alternative to Windows.
Posted By: Spyrios Re: WMF Vulnerability Patch - 01/10/06 12:51 AM
Here it comes : is windows really less secure than linux or is it just that windows is expoited more because people don't like microshaft?
Posted By: Gremelin Re: WMF Vulnerability Patch - 01/10/06 01:27 AM
I didn't say it WAS more secure, I said that it WAS a secure ALTERNATIVE...
Posted By: jonconley Re: WMF Vulnerability Patch - 01/10/06 04:27 AM
Here is an interesting article about the security in 2005 overall in regards to operatin systems

Over 5,000 bugs in 2005
Posted By: Defcon Re: WMF Vulnerability Patch - 01/10/06 01:52 PM
All operating systems have flaws, bugs, and exploits. The only reason why you are more apt to hear about a Microsoft bug then a Mac or Linux bug is ofcourse they are the big guys. Macs have just as much spyware, keyloggers, and security holes as Windows, and lets not forget their crappy iPods that break randomly (working at a studio, I've seen more then a few being shipped back to Macintosh because they just "stopped" working). Not having to download security patches... cracker please. Take that Bono!

The truth of the matter is any operating system can be made secure or become the virus laced whore of Babylon. True, Windows isn't 100% secure out of the box, but what isn't. A little tweaking, knowledge of the OS and some elbow grease can make it run a whole lot better. No computer OS is 100% (except if it doesn't connect ANY network or Internet and doesn't have a floppy drive) so just quit your bitchin!

Oh yeah and to rub salt in teh wounds...
http://www.flurl.com/uploaded/Why_Macs_Suck_15109.html

Man up and get a real computer and a real operating system. Get a copy of Windows XP Pro (and tweak out the registry), Linux (and tweak it out too), or my favorite OpenVMS (considered to be "Unhackable" at Def Con9).

This has been a public service announcement
by me, thank you, bitches
Posted By: Spyrios Re: WMF Vulnerability Patch - 01/10/06 03:28 PM
Quote:
Originally posted by Defcon:
This has been a public service announcement
by me, thank you, bitches
um, ok, uh you're welcome I guess.
Posted By: paulpierce34 Re: WMF Vulnerability Patch - 01/10/06 10:12 PM
I guess I can see your point, defcon, but from my knowledge, MACs are just that much better than PCs. I don't know anyone who owns a MAC that has ever had spyware or any other such virus on it. From my understanding, it can't really get stuff like that because, unlike PCs, Macs are not open to other people/not on the same 'server' or what-have-you as everyone else is. Therefore, safety is increased.

I have owned PCs for many years, and no matter what I do, viruses, etc. tend to always f*** them up. I know people who have had Macs for many years without these problems.
Posted By: jonconley Re: WMF Vulnerability Patch - 01/10/06 10:28 PM
I have used windows for over 10 years and never have I been infected with a virus or trojan.
Posted By: paulpierce34 Re: WMF Vulnerability Patch - 01/10/06 10:37 PM
You're one lucky duck then. Not even one little spyware thing? Do you have top-of-the-line security software? I know that there are such software out there, but costs a very pretty penny.

Even still, you must admit that although you're computer has supposedly never ever gotten one virus that you have heard about more problems with PCs than with MAC computers. Perhaps it's a regional thing?? Here in Dublin our products may not be the best of the best, as opposed to the US where Windows was born.
Posted By: Gremelin Re: WMF Vulnerability Patch - 01/11/06 12:09 AM
I use only freeware tech...

AdAware PE
Spybot Search and Destroy
Then some random anti virus suite...
Posted By: Spyrios Re: WMF Vulnerability Patch - 01/11/06 01:47 AM
Quote:
Originally posted by paulpierce34:
Even still, you must admit that although you're computer has supposedly never ever gotten one virus that you have heard about more problems with PCs than with MAC computers. Perhaps it's a regional thing?? Here in Dublin our products may not be the best of the best, as opposed to the US where Windows was born.
Yes, we ship the crappy Windows releases to Ireland and keep all the good ones here in the US to ourselves, mwahaha.

Actually, if you just practice smart computing (i.e. running a virus scan on that pron you just scored off your 3 year old version of Kazaa) you will avoid virtually everything. Yes there are exploits, and even though I am not a microshaft fanboi by any means, not because of ther software because of their business practices, I must say they are getting better at patching holes when they realize they were there.

Also, I realize that you are a Mac fanboi, but it seems you have no actual Mac experience. Just because a company is not Microsoft is not a good reason to hold them up. BTW OSX is more closely related to linux, OSX Linux Link , which may be why people see it as more secure.
Posted By: Defcon Re: WMF Vulnerability Patch - 01/11/06 03:36 AM
....What the [censored]....
Quote:
From my understanding, it can't really get stuff like that [Spyware and viruses] because, unlike PCs, Macs are not open to other people/not on the same 'server' or what-have-you as everyone else is. Therefore, safety is increased.
Kinda hard since they all connect to the same internet using TCP/IP protocols... There is no MacNet (well unless someone had the idea of starting one huge AppleTalk network) or "PC"Net.

Macs are primarily designed for retarded people who normally can't figure out how to use any computer. In essance if AOL made a computer, it would be a Macintosh. Now maybe when you are downloading from obscure sites and hacking utilities you got nailed with a billion viruses while using a PC, but that's simply your fault, not Microsoft's. If you were smart you'd be careful about what you download and what sites you frequent. You'd have easy to use utilities that would help protect you from those occasional accidents. You would actually be an intelligent computer user who would understand how these buggers can get in and how to avoid the whole thing entirely.

I too rarely have had any problems with Windows (except in College until I went from 98FE to 2kPro, damn those college intranets are like a gaggle of African AIDS Whores) and find it to be a fairly decent operating system for my uses. 99% of most problems are either because the user doesn't know what he's doing or he's trying to make the program/os/machine do something it doesn't want to or usually do. Data gets corrupted, Hard Drives crash, Macintosh Laptops set themselves on fire. You are relying on strings of little 1's and 0's where the margin of error is nonexistant... ofcourse [censored] will happen!!

Oh yes and while we are on the topic of evolutions of Operating Systems, did you know that MS-DOS is VERY loosely based upon Unix? Lets straighten out this factoid too... Microsoft did not rip off Mac when making Windows. Windows was actually based off of the work between IBM and Microsoft for the development of OS/2.

In short... the masses are indeed asses when it comes to computing.
Posted By: Gremelin Re: WMF Vulnerability Patch - 01/11/06 03:51 AM
Deffy, AOL does make computers now, and it is a PC lol...
Posted By: Defcon Re: WMF Vulnerability Patch - 01/11/06 04:14 AM
Well yeah, The Macs already been done, so whatelse is there to taint but a PC...

Gimme an Alpha any day!
Posted By: Infinite Re: WMF Vulnerability Patch - 01/11/06 04:50 AM
Quote:
BTW OSX is more closely related to linux, OSX Linux Link, which may be why people see it as more secure.
That's not entirely true.

OSX is a combination of FBSD's userland apps with a custom Apple kernel.

Linux is an *nix clone.
Posted By: Spyrios Re: WMF Vulnerability Patch - 01/11/06 12:17 PM
If you look in my last post onm this topic there is a link that very briefly explains that relationship.
Posted By: Infinite Re: WMF Vulnerability Patch - 01/11/06 12:57 PM
No, it doesn't.

That article is somewhat wrong, and totally misleading in the way it's titled.

Quote:
Mac OS X nowadays is based on Darwin and chunks of existing open source software from a large number of sources like BSD, GNU, Mach, ... and even Linux.
First off, to be technical, Linux is a kernel. The entire userland is what's called Gnu. OSX uses a custom kernel (that, I admit, could very well be borrowing source code from Linux), with a BSD userland. BSD does use some Gnu, but not a lot.

Quote:
The OS-X Linux connection exists for several reasons:

* You only have or like Apple hardware.
* Interaction with commercial software.
* Input / Output devices only compatible with Apple hardware.
* Audio or Video interfaces that don't have Linux drivers.
* Customized software that only works in one platform.
* Perhaps you are not used to compile Linux kernels.
* File transfer and exchanging.
That part just makes no sense whatsoever. Like none. Zilch. Nonsense.

EDIT** ok, I re-read that again and Ithink I get it. This is not a conection, this is reasons to bridge the gap and create a "hybrid", if you will, of the two OS's.

Quote:
The missing link between OS X and Linux in many respects is X11 or the X window system referenced above in its own section.[quote]

Huh? WTF? Who the hell wrote this? X is far from "the missing link" here. There are a lot more fundamental differeces out there... And to add to that there is more than X11 for Linux. I myself use X.org, and I havce heard great things about XFCE.

[quote]Many of the commands only available in Unix systems before are becoming more and more available in OS X in particular because of the Fink project which is also an Open Source initiative. Therefore it should not be hard to have that same Linux functionality with Apple hardware.
I don't think this person understands the difference between core systems utils and run of the mill apps. Fink has nothing to do with that statment.

I understand what you're saying in your comments Spyrios. What I'm saying is DO NOT belive everythign you read as gospel just cause it's published. This person has some basic errors in his understanding that causes this article to be misleading.
Posted By: Spyrios Re: WMF Vulnerability Patch - 01/11/06 06:54 PM
Thanks for setting me straight, I just wanted a brief article to help steer our misguided friend in the right direction. My understanding of linux is limited to some redhat and knoppix, i've never used it extensively. I will read more about it.
© UGN Security Forum