Button up and keep your head down, zero day exploits becoming thenorm....

Discussion in 'NZ Computing' started by thingy, Oct 9, 2006.

  1. thingy

    thingy Guest

    1. Advertising

  2. Re: Button up and keep your head down, zero day exploits becoming the norm....

    In message <>, thingy wrote:

    > http://computerworld.co.nz/news.nsf/news/333F86FDDE816DC9CC25720100308517


    This caught my eye:

    SetSlice chews through a hole in the WebViewFolderIcon ActiveX control
    by overflowing an integer with a large negative number, and it’s being
    remotely exploited on a large scale at the moment. It works on Windows
    2000, XP and Server 2004 — all Service Pack Levels.

    A patch from Microsoft is expected out on October 10, but the SetSlice
    exploit was made public in July already. Over two months later, and
    Microsoft still hasn’t plugged a serious, remotely exploitable security
    hole that can be triggered by simply visiting the wrong website. This
    begs the question: is Microsoft able to keep up with the malware writers
    despite its commitment to security?

    Contrast this with the speed with which Microsoft was able to rush out the
    patch to plug the DRM hole in Windows Media Player
    <http://www.wired.com/news/columns/0,71738-0.html> -- just three days. And
    you can see where Microsoft's priorities lie--with the security of itself
    and its biggest business/revenue partners, not with most of its customers.
     
    Lawrence D'Oliveiro, Oct 9, 2006
    #2
    1. Advertising

  3. thingy

    thingy Guest

    Re: Button up and keep your head down, zero day exploits becomingthe norm....

    Lawrence D'Oliveiro wrote:
    > In message <>, thingy wrote:
    >
    >> http://computerworld.co.nz/news.nsf/news/333F86FDDE816DC9CC25720100308517

    >
    > This caught my eye:
    >
    > SetSlice chews through a hole in the WebViewFolderIcon ActiveX control
    > by overflowing an integer with a large negative number, and it’s being
    > remotely exploited on a large scale at the moment. It works on Windows
    > 2000, XP and Server 2004 — all Service Pack Levels.
    >
    > A patch from Microsoft is expected out on October 10, but the SetSlice
    > exploit was made public in July already. Over two months later, and
    > Microsoft still hasn’t plugged a serious, remotely exploitable security
    > hole that can be triggered by simply visiting the wrong website. This
    > begs the question: is Microsoft able to keep up with the malware writers
    > despite its commitment to security?
    >
    > Contrast this with the speed with which Microsoft was able to rush out the
    > patch to plug the DRM hole in Windows Media Player
    > <http://www.wired.com/news/columns/0,71738-0.html> -- just three days. And
    > you can see where Microsoft's priorities lie--with the security of itself
    > and its biggest business/revenue partners, not with most of its customers.


    Why are we not surprised.....I just wish it was possible to show MS etc
    as liable for hacked PCs.....something like patching DRM in 3 days yet
    taking 2 weeks for setslice is just pathetic....and they should be held
    accountable IMHO.....then we would see a whole new ball game.....

    regards

    Thing
     
    thingy, Oct 9, 2006
    #3
  4. Re: Button up and keep your head down, zero day exploits becoming the norm....

    "thingy" <> wrote in message
    news:4529d751$...
    > Lawrence D'Oliveiro wrote:
    >> In message <>, thingy wrote:


    --snip--

    > Why are we not surprised.....I just wish it was possible to show MS etc as
    > liable for hacked PCs.....something like patching DRM in 3 days yet taking
    > 2 weeks for setslice is just pathetic....and they should be held
    > accountable IMHO.....then we would see a whole new ball game.....
    >
    > regards
    >
    > Thing


    If you got hit by a truck speeding through a red light would your car
    manufacturer be liable for not protecting you from this accident?
     
    dilberts_left_nut, Oct 9, 2006
    #4
  5. thingy

    cobs Guest

    Re: Button up and keep your head down, zero day exploits becomingthe norm....

    Lawrence D'Oliveiro wrote:
    > In message <>, thingy wrote:
    >
    >> http://computerworld.co.nz/news.nsf/news/333F86FDDE816DC9CC25720100308517

    >
    > This caught my eye:
    >
    > SetSlice chews through a hole in the WebViewFolderIcon ActiveX control


    [...]


    > Contrast this with the speed with which Microsoft was able to rush out the
    > patch to plug the DRM hole in Windows Media Player
    > <http://www.wired.com/news/columns/0,71738-0.html> -- just three days. And
    > you can see where Microsoft's priorities lie--with the security of itself
    > and its biggest business/revenue partners, not with most of its customers.



    No particular barrow to push, but the SetSlice PoC 2 months ago crashed
    IE - didn't allow for remote code execution.
    http://www.avertlabs.com/research/blog/?p=98
    Remote code execution appeared at the end of Sept ..though that doesn't
    lessen the risk now for unmanaged WinX hosts.

    Managed Win2k sp4+ hosts have no infection excuse.
    # AD / ieak / your script language of choice lets you disable all / some
    or when activex controls run (if IE is needed).
    That helps you at day 0.5 when the bug appears as a faint radar trace.

    # To reduce the '0day' exposure - no user on a managed desktop should
    run with admin rights (well, any, but that's another discussion).
    Bad app only works as admin? don't be lazy - track where it breaks. If
    the vendor is a useless noddy, only then do you push elevated rights to
    required reg keys / specific files to that app user group via gpo.
    In a perfect world, this would occur at the evaluation stage before
    purchase. In the real world, it can be time consuming and frustrating.
    It is definitely worth doing.

    # Safer(MS) - even with restricted users, you can run specific apps with
    lower privs at start. That would be at least IE, WMP and MS Office main
    executables :)

    # XPsp2 (possibly sp1a?) - use the firewall in domain mode to limit the
    spread of network-aware nasties. Use software dep (with your exceptions)
    - or h/w dep if supported.
    Track your apps, feed port requirements into fw rules. Partition the
    network - fw / vlan / etc.

    Usual stuff about best practice layered defence et al - regardless of
    whether the environment is heterogeneous or homogeneous.

    For all the (sometimes misplaced) huff & puff in the article, there's
    very little new in principle.

    Doesn't matter what's being run - end point security has always been
    important - and we've been familiar with rapidly spreading nasties using
    low visibility exploits since the Morris worm.

    My 10c - apparently I can't use the 5c piece any more.

    /C
     
    cobs, Oct 9, 2006
    #5
  6. Re: Button up and keep your head down, zero day exploits becoming the norm....

    In message <>, dilberts_left_nut wrote:

    > "thingy" <> wrote in message
    > news:4529d751$...
    >
    >> .....I just wish it was possible to show MS etc
    >> as liable for hacked PCs.....something like patching DRM in 3 days yet
    >> taking 2 weeks for setslice is just pathetic....and they should be held
    >> accountable IMHO.....then we would see a whole new ball game.....

    >
    > If you got hit by a truck speeding through a red light would your car
    > manufacturer be liable for not protecting you from this accident?


    Are we playing random pointless hypotheticals today? OK, how about this: if
    you get an static electric shock from your seat cushion while reading
    USENET while wearing nylon clothing, will that invalidate the terrorism
    insurance on your house-plants?
     
    Lawrence D'Oliveiro, Oct 10, 2006
    #6
  7. Re: Button up and keep your head down, zero day exploits becoming the norm....

    "Lawrence D'Oliveiro" <_zealand> wrote in message
    news:egfqa8$i7$...
    >
    > Are we playing random pointless hypotheticals today? OK, how about this:
    > if
    > you get an static electric shock from your seat cushion while reading
    > USENET while wearing nylon clothing, will that invalidate the terrorism
    > insurance on your house-plants?


    Congratulations, that is pretty random and pointless.

    I agree that the OP article says a lot about MS priorities re patches,
    however I take issue with the MS anti-fanboy attitude that says they are
    responsible for all the bad things that can happen when you use their
    product in an uncontrolled environment.
     
    dilberts_left_nut, Oct 10, 2006
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Silverstrand

    GeForce 7800 GTX Head-to-Head @ TrustedReviews

    Silverstrand, Sep 13, 2005, in forum: Front Page News
    Replies:
    0
    Views:
    774
    Silverstrand
    Sep 13, 2005
  2. Richard Alexander

    Looking for a Multi-Head, Detachable-Head Camera

    Richard Alexander, Apr 26, 2004, in forum: Digital Photography
    Replies:
    9
    Views:
    611
    Richard Alexander
    May 26, 2004
  3. MCC 003 DVDs keep becoming corrupt??

    , Nov 22, 2006, in forum: Computer Information
    Replies:
    0
    Views:
    596
  4. measekite

    Is This a True Head to Head Comparison

    measekite, Jul 12, 2005, in forum: Digital Photography
    Replies:
    2
    Views:
    343
  5. Lawrence D'Oliveiro

    Those Dimdows zero-day vulnerabilities just keep coming...

    Lawrence D'Oliveiro, Nov 7, 2006, in forum: NZ Computing
    Replies:
    4
    Views:
    343
    Lawrence D'Oliveiro
    Nov 9, 2006
Loading...

Share This Page