In case you somehow haven't heard, Microsoft released the WMF patch early rather than waiting until the normal 2nd Tuesday. Those using Windows should probably hit Windows Update to manually update right away rather than waiting for Automatic Updates to get it. Unfortunately it does want a restart. Of course at least having AU download and notify if not install should already be set anyways. Unfortunately it's not considered critical for 98 and ME, so anyone using those OSes has to make due with the third-party one or upgrade to something newer or not Microsoft.
Oh yea, on the topic of images and exploits, anyone have an ATI video card?
I don't know how many people have noticed this because of the WMF stuff, but there are also vulnerabilitys for DOS and Code Execution on BES (Blackberry Enterprise Server) when attempting to handle TIFF and PNG images for the Blackberrys connected to it. Basically special image files emailed to a Blackberry and there's issues.
Back on the WMF thing, it looks like email isn't a direct attack vector - one has to click a link in an email. Most people will click links in email without thinking, but at least it's something. That link also mentions no problems with the patch which is false. There's IE issues and printing issues. The latter is sorta scary, since the vulnerability is linked to printing, so it appears poorly designed/outdated drivers could be broken by a real patch too.
My favorite workaround so far is probably unregistering the DLL as Microsoft suggests, but also changing ACLs to prevent shimgvw.dll from reloading.
In other news, a good summary is available from SANS ISC, which mentions that DEP available in XP SP2 could help with the right system. "However, to work well, it requires hardware support. Some CPUs, like AMD's 64 Bit CPUs, will provide full DEP protection and will prevent the exploit."
Also, there's an interesting writeup on the whole issue with image file vulnerabilities (which have been found in pretty much every OS in the last year or two, although not as a designed in feature like WMF).
Virtual Product Placement. I guess if that's what it takes to keep from odd old stuff showing up in syndication and DVDs and stuff. Which is what it looks like they claim is the benefit (well, sorta - they want to use it to change it and sell based on market).
Screen shot from our problem tracking system. And why exactly is this a server team problem and why the heck are a bunch of comptuter geeks supposed to be able to resolve it? :) It's actually an unfortunate abbreviation.
First was Hitch. Rather funny, but otherwise nothing all that special about it.
Today the family went and saw The Chronicles of Narnia: The Lion, the Witch and the Wardrobe. I think it was a good movie. The reason I say think is because the presentation was horrible. The projector had some jitter that made it look blurry (I think the second display of the frame was off), it was offset on the screen a bit (livable), the print had weird marks, and either the print or the projector bulb had an odd slight redish-yellow tint. Then there's the people who couldn't keep their mouths shut and had to talk about what was happening rather than just watching (I kept thinking of Book's quote). I knew there was a reason I usually wait for the DVD... Anyways, the movie was still good I think, so it's staying in the Netflix queue. Maybe I'll even dare to see it again though. When certain types of patrons aren't around and in a theater that I know can properly display a movie.
Anyways, to round out the long weekend, there was Jersey Girl. I don't know why it took me so long to get around to seeing it, but I hadn't seen a Kevin Smith movie in too long. Good movie, I think I need to throw more of his on the watch list again.
Jesper Johansson, a security guy at Microsoft, has a good analysis (his, not official Microsoft opinion) of the benefits and drawbacks, both technical and procedural, of different ways of dealing with the WMF Exploit before an official patch is available.
There's now a worm spreading the exploit around on MSN. If you have no clue what I'm talking about, you can read about the exploit. I'm not sure about the worm specifically, but there is some nasty code out there for this. Basically it takes advantage of Windows looking at the content and not the extension to send it as a .jpg, it splits it over the Ethernet MTU (biggest a single packet can be on the network, 1500 bytes, actually a bit less actual data after IP and TCP) so sniffers that don't reassemble streams can't detect it, plus the usual random size/name/method of implementation. This should be a fun one...
Unfortunately Microsoft says the only fix at this point is to unregister a dll, but the problem is really in gdi and not that one, so if many people do that there'll just be modifications made. Windows users may want to take appropriate action.
So I'm glancing through the sorta news and reading the stats. First one that hits me is that Minnesota's government is ranked "seventh least corrupt". I find the implied expected corruptness interesting. Apparently we're also 3rd ranked third in overall government performance. That third place is a B- (tied with 6 other states). The kicker is "Highest marks were for money management." Yea... Apparently we're first in percent of people getting colon inspections though, which may or may not be related to being the healthiest state on average.
Actually this will cover close to two weeks. I should probably post this stuff more often but shorter. At least I'm posting stuff though I guess. Last week was the last work week of the year. Unfortunately that doesn't exactly mean the last actual work of the year, but good enough. At least it was a 3 day week for me. A lot of the staff and the most dedicated (nerdy?) student workers were all there which was good times. By the last day I was wanting to just get out of there, as the alternative was to start something that I wouldn't finish. I have many of those to choose from. Maybe next week will be headphones and closed door time.
Christmas Eve was with one side of the family. It went well and was fun, although I did end up pulling out the laptop after the pocketpc battery was too low for wireless (it wasn't all me - it was playing video clips for people most of the evening). Headed home late only to come back for an early 8am morning. Which reminds me, I like driving in the midnight-4am timeframe. Not much traffic, the lights usually work out pretty well, and there usually aren't too many drunks out.
Christmas was back to the parents to road trip for the other side of the family. Unfortunately as we were leaving I get a phone call from the server room complaining it's too hot. Fortunately for me I was on my way out of town and not the primary person on call anyways. Then google apparently can't tell the difference between SW and SE on an address in Willmar and silently swaps them, so we missed church trying to find it (SE put it between two houses on adjacent lots). Another long day but it went well. Got home I think around 3am.
The day after Christmas the parents rounded up the family again, and we finally ended up picking out our combined donation. Then the parents cheated and gave us gifts anyways, but I'm not gonna complain too much. At least this year it wasn't 1am before we started opening gifts. Eventually my dad ended up discovering I had Serenity in my bag and we watched that. Great movie and I would rather watch it than not, but that plus the deleted scenes plus outtakes meant I got home at 3:30 again. BTW though, that crew has great outtakes. They screw up and keep going but in some odd direction.
Wednesday I ended up having to work some. For what it was it was better than not working, but still it was right in the middle of my week off... Thursday night was Serenity movie night, and JoeBuck and the Walls were there. schdav showed up long enough to plan the New Years party, but didn't watch the movie if you're the person who cares about that. If you don't know about the party though, ask the Walls.
And that's my life. Sounds like tomorrow may be a movie with the family before the party. Should be a good one.
Copyright ©2000-2008 Jeremy Mooney (jeremy-at-qux-dot-net)
