Breaking News from the Tin Foil Hat Crowd

I haven’t had time to check the transcripts as I am walking out the door to shmoocon. According to reports, Steve Gibson claims that the wmf vulnerability could not have been a mistake, it was in intentional backdoor inserted by microsoft. http://thisweekintech.com/sn22 LOL. yet more fodder for grcsucks.com as well as the Microsoft haters. Steve …

Continue reading ‘Breaking News from the Tin Foil Hat Crowd’ »

WMF Antivirus face off

I learned through Donna’s Security Flash about some testing av-test.org has done to see which Antivirus vendors can detect wmf files. See the results from January 1st in a PCMag Article. AVG didn’t fare so well. Aren’t they one of the free products that people alway push instead of the more established vendors?

“Leaked OfficialWMF Patch”… not

Over at broadband reports I see a thread with a link (which the moderator has deleted) claiming to be to the official Microsoft patch for the WMF vulneraibility and that it has been fully q/a tested on Windows XP, Windows 2003 x86, x64 english and that it is currently being tested on other language installs …

Continue reading ‘“Leaked OfficialWMF Patch”… not’ »

Silent switch available for unofficial patch

I had been wondering if it is possible to run the third party WMF patch in a silent mode. When I downloaded the patch and ran it with a /? it did not give me any command line options. SANS is now reporting the syntax to run the install quietly. I’m still wondering how to …

Continue reading ‘Silent switch available for unofficial patch’ »

Using Sybari? Check your Scanallattachments setting

Sybari (or is that Microsoft) sent out a security bulleting relating to WMF viruses. They are calling it WMF/Exploit.b, Alias: Exploit-WMF trojan, Exploit.Win32.IMG-WMF.a, Troj/DownLdr-QB But most importantly, they warn: ****PLEASE NOTE**** For Windows platforms, users must set the “ScanAllAttachments” registry value to 1 for this filetype to be detected. Domino Users: For Domino, the following …

Continue reading ‘Using Sybari? Check your Scanallattachments setting’ »