astirusty
Premium
join:2000-12-23
Henderson, NV
 ·AT&T Southwest
|  reply to Link Logger
Re: Taking off the gloves, help me get punched out
said by Link Logger  :Houston we have a problem, and as soon as I pick up my teeth with my broken arm and figure out a way to describe the carnage the score is Windows Metafile Exploit 1, me 0. The sequence of events was worthy to say the least and hopefully I caught them all. Blake:
Thanks for trying this and trying to separate fact from fiction. Also for being upfront enough to pass on the outcome. Hopefully your results will wake a few more people up before they get woke up the hard way. |
|
norwegian
Premium
join:2005-02-15
Outback
·WestNet Broadband
| said by astirusty :said by Link Logger :Houston we have a problem, and as soon as I pick up my teeth with my broken arm and figure out a way to describe the carnage the score is Windows Metafile Exploit 1, me 0. The sequence of events was worthy to say the least and hopefully I caught them all. Blake: Thanks for trying this and trying to separate fact from fiction. Also for being upfront enough to pass on the outcome. Hopefully your results will wake a few more people up before they get woke up the hard way. This sort of work should be more accessable to the general public so they can start to really understand the issue more, but then i guess if they even read it, some software company will want to sue you for publishing it freely |
|
Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
 ·Shaw
| reply to astirusty
For the last couple of days I have tested a pile of sites with one of my systems and it has defected every attack thus far, but I wanted to see what would happen with a 'default' system and it wasn't good. Now the trick is to go back and try a couple more tests and see what the factors are to defending against this, so we can pass on the 'easy way' to protection with some facts and tests to back up the suggestions. So I'm getting ready to run a test using a non-admin level user and see how much of a difference that makes. I will spend a little more time looking at the default settings for the AV and see if it really does skip scanning wmf files by default.
Blake
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel |
|
norwegian
Premium
join:2005-02-15
Outback
1 edit | you don't have RedXII1234 paying you for this test at all ??
Sounds like admins are in for a wakeup.
 |
|
astirusty
Premium
join:2000-12-23
Henderson, NV
·AT&T Southwest
| reply to Link Logger
said by Link Logger : So I'm getting ready to run a test using a non-admin level user and see how much of a difference that makes. Great! I was just going to ask you if you could try this if you had not already. |
|
novaflare
The Dragon Was Here
Premium
join:2002-01-24
Barberton, OH
| reply to norwegian
said by norwegian :you don't have RedXII1234 paying you for this test at all ?? Sounds like admins are in for a wakeup. Why would i be in for a wake up? Ive done 2 things diffrent to protect my self used the unoffical patch and unregged the dll. I probably would not ever get infected via this route any ways as i dont surf the sites that would be the top users of the exploit.
Now this is one patch that I will install regardless of any potential risk of it hoseing my system. Simply put I use thumb nail and preview to find my textures etc for the 3d models I make.
It would take alot more than this to scare me in to cripling my self by running as a limited user.
--
DSLR security chat at us.ausirc.net chanel #dslr_sec lets pack this channelopen source dns server for *nix and windows »powerdns.com |
|
