Digital Choke Daynotes |
What's a Daynote?"Daynotes" are daily (usually) journal entries of interesting happening and discussions. They are not 'blogs', which are often just a collection of links to other information (although we do include links occasionally). Daynotes are much more interesting (we hope). These "Digital Choke Daynotes" were inspired by the collection of daily journals of the "Daynotes Gang" (see sites at .com, .net), a collection of daily technical and personal observations from the famous and others. That group started on September 29, 1999, and has grown to an interesting collection of individuals. Readers are invited and encouraged to visit those sites for other interesting daily journals. If you have comments, send us an email. A bit more about me is here. You might also enjoy our little story about the death of the 'net. |
Reports
|
Great Christmas for the family. Jared came for the weekend to be with his family, Jason came by Saturday night to be with the rest of the family, and all had a good time. Lots of presents, lots of fun.
Monday was cleanup day. The tree was quite dead, so it was taken to the recycler. Wrapping paper was taken to the trash, lots of vacuuming, and the grandchildren enjoyed playing with their toys. Dinner was a prime rib; quite good.
Back to the grind today. Caught up on all the email, did some reporting on web filtering, and worked on the batch files that do REG QUERY commands of all 2500+ workstations to check for proper configuration for automatic updates. More of that tomorrow. Although it appears that another outer ear canal infection is in progress, so hope that the anti-biotic drops do their job.
On the security front, check out the Internet Storm Center. Looks like another "zero-day" exploit of IE ... and it also applies to Firefox users. Has to do with a picture file; details are sketchy as I write this. Internet Storm Center at http://isc.sans.org -- one of my regular stops.
More information on the WMF "zero-day" exploit mentioned above:
A new "0-day" exploit for Windows systems involving a malformed
WMF (Windows MetaFile) graphic will install a 'bot' on your computer. Exploit
is in the 'wild' as of late yesterday, there are several variations out there.
According to the Internet Storm Center ( http://isc.sans.org ): "The
HTML file runs another WMF (Windows Meta File) which executes a trojan dropper
on a fully patched Windows XP SP2 machine. The dropper will then download Winhound,
a fake anti-spyware/virus program which asks user to purchase a registered
version of software in order to remove the reported threats." The vuln will
affect fully patched Windows XP systems.
Note that Firefox users may also have the problem. Good details about the vuln
are on the F-Protect blog here http://www.f-secure.com/weblog/archives/archive-122005.html#00000753 (F-Protect
is usually very fast in getting out updates).
Other AV vendors will probably issue updates later today, but users are advised
not to open WMF files from untrusted/unknown sources.
I wrote the above this morning (about 8:00am PST). There's more details about this attack on the various security sites, although the F-Secure site might be the most detailed as I write this at about 3:00pm PST. (You might want to consider F-Secure as an anti-virus solution because of their speed in protecting against new viruses. They had protection within hours; others AV vendors took a bit longer). I note that McAfee has released their update today (about noon, I think) which is supposed to catch this exploit.
And one of the entries at the Internet Storm Center ( http://isc.sans.org ),
the 'handler' notes some problematic IP address ranges that continually host
malware. I've added those sites to our web-blocking software at the office.
Just another layer in our defense here.
... more later ...
|
||||||
|
Visitors
| ||||||