Exploit Released for Unpatched Windows Flaw 386
woodchuck writes "Washington Post reports that another Windows hole has been found and exploit code is now running lose that makes swiss cheese of current patches and security measures.
From the article: "Security researchers have released instructions for exploiting a previously unknown security hole in Windows XP and Windows 2003 Web Server with all of the latest patches applied. Anti-virus company Symantec warned of the new exploit, which it said uses a vulnerability in the way Windows computers process certain image files (Windows Meta Files, or those ending in .wmf). Symantec said the exploit is designed to download and run a program from the Web that downloads several malicious files, including tools that attackers could use to control vulnerable computers via IRC.""
They call hackers researchers now? (Score:1, Insightful)
how long? (Score:2, Insightful)
Just checking... (Score:1, Insightful)
Re:They call hackers researchers now? (Score:5, Insightful)
The whole 'white hat' and 'black hat' thing never made it to the media, so all hackers are 'black hats' now.
Re:Just checking... (Score:3, Insightful)
If even only one unpatched security flaw exists, an OS should never be called "pretty tight". This flaw has always been there, even if it has only been exploited just now...
Re:They call hackers researchers now? (Score:3, Insightful)
Submitter, stop helping these people feel legitimate. The parent poster and I agree on one thing: they're just assholes.
Re:They call hackers researchers now? (Score:1, Insightful)
I agree with the parent. A researcher may perhaps publish code to prove that the exploit work, but no serious researcher writes a whole app that connects to an IRC server only as proof of concept. That is not research, it's clear malicious intent.
Moderator, if you're beef is with the parent's use of the word hacker: just grow the fuck up. You and ESR aren't going to be able to police the whole world's use of language anyway, so just give up already.
As for people (as one doofus who replied to this post apparently does) who thinks hackers should be called crackers -- what do you propose people who break copy protection should be referred to as then? You hack into a system, you crack a protection mechanism. If you people would have it your way, the scene would become very confusing very quickly.
Let people use those words however they want to, mmkay? If you don't like it, run home to mommy and cry if you want to, but stop using this forum to whine about it everytime someone doesn't use your non-standard definition of a word in common use.
Genius Idiots. (Score:5, Insightful)
In other words, whatever asshat took advantage of this loophole did so because he thought he could make a buck. If his goal was simply to bring Windows to its knees, cause havoc, or make a political/economic statement of some sort, he would have chosen something else. Wiping out My Documents of all the infected machines, for example.
Whoever did this is obviously deluded. While some money will of course ultimately flow from this nonsense to the "see no evil" people who are the beneficiaries of spamvertisements, spyvertisements and so forth, the actual exploiter basically has little to know chance of getting it (even if he is in Russia, as I'd suspect is a good bet) as his affiliate commission links will be tracked, as will wherever the hell that credit card box for SpySherriff was pointing to and so forth.
So we have somebody smart enough (and make no mistake, it takes some smarts) to either discover or be in a small clique of people discovering a quite obscure loophole (it must be obscure, given just how old the affected .dll is), but have ABSOLUTELY NO FUCKING CLUE how to go about exploiting it other than in the most juvenile and unlikely way to fail imaginable. Furthermore, even though it is likely to fail, the guy has shown himself to basically be a psychopath, with little to no concern about the hundreds of thousands of hours (read: PEOPLE-LIFE-EQUIVALENTS) that will be spent agonizing over and fixing this.
Whoever that person is, they are human filth. But, there's a lot of human filth out there. The sad thing is that this person obviously has potential to do so much more but simply pisses it away intead. Pathetic.
Re:How/Why does thi skeep happening (Score:5, Insightful)
Already being used by scumware sites? (Score:2, Insightful)
Re:They call hackers researchers now? (Score:3, Insightful)
So, yes, let's come up with some third term! But remember, it must sound cool, otherwise the media is not going to adopt it. Although I feel that this is already in the making. I guess that in some years, everybody who would have been called a hacker by today's media is going to be called cyber terrorist by then. Just imagine the headlines: "Cyber Terrorist Exploits Security Hole in IE to Send Spam".
Hmm (Score:2, Insightful)
The fact is, the impression that slashdot is anti-MS and pro-linux is wrong. We just like to know about vulnerabilities in an operating system that 90% of computer users have installed on their systems, and utilize every day. Not many people care about vulnerabilities in gqview for gnome (to take a random app for example). There are just so many apps that are not core to the system. Now, if there was a vulnerability in PHP or Apache that had an exploit in the wild, then that would make the news I'm sure.
Honestly, I think someone should go through all the windows vulnerability stories and count the number of anti-ms, pro-ms, and the smart people posts (i.e., those who realize that simply bashing an OS because of a discovered security flaw is silly, because all Operating Systems have flaws). In the end I think you would see that the majority of people on slashdot do not see Microsoft Windows as the Ultimate Evil. I could be wrong of course. I'm not exactly an authority on the subject. I haven't gone through counting the number of posts.
BTW where on slashdot does it say it's geared towards linux users?
Re:Just checking... (Score:5, Insightful)
Re:They call hackers researchers now? (Score:1, Insightful)
The source can be found here:
http://metasploit.com/projects/Framework/exploits
-HD
Re:They call hackers researchers now? (Score:2, Insightful)
You crack things by breaking them, or part of them. This can be copy protection or security software or DRM. You can even crack into hardware you aren't supposed to be able to open. The metaphor is 'cracking them open' like a coconut.
You hack something by modifying it in a clever way, or using it in a clever way without modifications. The metaphor of 'carving with axes' doesn't really work here.
A hack can be a crack, and crack can be a hack. Witness the X-Box ones that let you run unsigned programs via holes. A hack and a crack.
A hack is not always a crack. In fact, it can be the opposite of one, where a clever modification prevents a crack.
A crack is not always a hack. Sticking a screwdriver into a plastic case and ripping it open with brute-force is a crack, but it not by any means a hack.
The definations are perfectly consistent, and neither requires malicious intent. However, you can hack someone else's stuff in a non-malicious way, but cracking their stuff is almost always malicious, as you're breaking something.
Re:Hmm (Score:1, Insightful)
If you actually read comments on stories about windows flaws, you would see that the people that get modded up are those that say "really, this isn't that serious, this is just Anti-MS stuff."
Really, this is serious, M$ cannot code a simple image viewer without creating a new vulnerability! This has already happened once (just search for JPG vulnerability); now it has happened in a format that M$ championed because they didn't like NIH! and they still fscked it up!
You gotta wonder: are they capable at all?
Essential part of Windows experience (Score:3, Insightful)
Re:Microsoft has released a security note (Score:2, Insightful)
"Microsoft is aware of the public release of detailed exploit code that could allow an attacker to execute arbitrary code in the security context of the logged-on user, when such user is visiting a Web site that contains a specially crafted Windows Metafile (WMF) image. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site."
Microsoft makes it sound like we have nothing to fear, because the attacker can't make you go to his site, but how many times a day do you misspell a URL and go to some strange site?
Luke: "I am not scared master."
Yoda: "Oh you will be, you WILL be..."
Re:They call hackers researchers now? (Score:4, Insightful)
You're fighting a lost battle there. The common understanding of the word 'hacker' now implies criminal behaviour.
The whole 'white hat' and 'black hat' thing never made it to the media, so all hackers are 'black hats' now.
He's not even fighting that battle, he's fighting the one before that. What he calls a "hacker" is not what you call a "white hat hacker". A hacker is an exceptionally gifted programmer, the term has nothing to do with security. People trying to break into computers are crackers, regardless of their intentions. So-called "white hats" are crackers.
That said, yeah, that battle is rather lost...