These issues affect the ‘ExtCreateRegion’ and ‘ExtEscape’ functions.

This must have something to do with the recent CERT reports
on how Microsoft Windows was less vulnerable that Linux/Unix. The world’s most widely used OS was recently certified by CERT as having lesser vulnerabilities than Linux.

Experts and Linux-lovers from around the world engaged in hot debates on the topic with opinions ranging from how results were rigged to miscategorisation claims (this one by RedHat) to crying unfair.

And now, barely five days after the report was published, two more flaws in the same engine are discovered. Seems like someone was waiting to do it… Well, they do say, revenge is a dish best served cold…

As for the exploit-fears, the solution and advice is the same:

• Do not open images from untrusted sources
• Keep your mail image setting to high security, i.e. edit your mail options to “Do not display HTML Graphics.” Follow this, especially if you are using a web-based email client.
• Keep your system updated with the latest patches from Microsoft.
• Keep an eye out for updates from this site. His name is Ilfak Guilanov and he is one of the good guys.
• Get generic WMF vulnerability news.
  http://news.google.com/news?q=WMF+vulnerability

Seriously though, on a positive note, the more vulnerabilities are found, the better it will be. The optimist says, we are on a way to a better and secure system. This, as long as, the competition remains healthy. Once it disintegrates into a bloodbath, well….

Of course, Redmond must act fast, something it has been known not to do. Billy boy, are ya listenin’?

(via PCMAG: New Batch of WMF Flaws Flagged )

Technorati Tags: WMF, vulnerability, exploit, security, ShrikantJoshi, CorporateSpices
]]> http://42quirks.com/2006/01/10/wmf-again-wtf/feed/ http://42quirks.com/2006/01/03/hex-blog-wmf-vulnerability-checker/ http://42quirks.com/2006/01/03/hex-blog-wmf-vulnerability-checker/#comments Tue, 03 Jan 2006 15:55:58 +0000 Shrikant Joshi http://42quirks.com/?p=12 A vulnerability was recently discovered in the Windows WMF format which could lead to your system being compromised. Security analyst Ilfak Guilfanov has reated a patch for the this vulnerability.

You can read more about the vulnerability on Ilfak’s site or download the patch. The patch provided by him is on an AS-IS basis and unofficial. Yet, SANS security center advises that the patch be downloaded and installed on every Windows machine.

Note: The Sans guys have reverse engineered the patch and found it to be effective. Yet, install the same at your own discretion. Me, I have installed it. You?

Read more at www.hexblog.com/2006/01… ]]> http://42quirks.com/2006/01/03/hex-blog-wmf-vulnerability-checker/feed/ http://42quirks.com/2005/10/20/web-20-the-way-i-see-it/ http://42quirks.com/2005/10/20/web-20-the-way-i-see-it/#comments Thu, 20 Oct 2005 22:27:00 +0000 Shrikant Joshi http://42quirks.com/?p=8 The answer is simple. Web 2.0.

So what is Web 2.0? Think of it this way: You create a software that caters to a section of the market which nobody has tapped until now. You release the first version of your software. People like it and start using it. It becomes so popular nobody even dares to touch it. You are the sole leader. Over the time, better machines come out but your software is still the same. Your consumers slowly begin to dissent. You realize that it is time to act now.

So you gather your team of developers. They have been waiting to do it. In fact, most of them have been working away on small projects. You build new features and new additions to go along with the latest in the market. And you release a new version.

The Internet until now was the Web version 1.0. It is now time for a newer, more stable, more power-packed version to take over. Why? Simply because we as consumers want more. We are not satisfied with innovation. We want innovation tailored to the latest trends on the Internet. A couple of years ago it was the eMail and web-based eMail clients. Now it is Collaboration and Web-based Collaborative Clients. And that is why, it is time for a new version of the World Wide Web.

Google, Yahoo and MSN complied with the AJAX trend and the results were Reader, MyWeb2.0 and Start (Live, to some extent, too…) respectively. With Web 2.0 being the hot topic currently, who knows what can come out of their kitties.

I, for one, am waiting to see what happens.