|
PureBytes Links
Trading Reference Links
|
Hi All
Below is the latest from WOW regarding the virus threat which
exploits certain security weaknesses in Microsoft Outlook and
Microsoft Outlook Express.
Incidentally WOW is a free service and well worth subscribing
to as it keeps a computer user abreast of the latest happenings
in all areas of Microsoft endeavours.
http://www.mcc.com.au/wow/index.htm
regards
ray
R Barros
101/25 Market Street
Sydney NSW 2000
Australia
Voice: 61 2 92673470
Fax: 61 2 92673478
E-Mail: rbarros@xxxxxxxxxxxxxxxxxx
----------
> From: Woody's Office Watch <wow.robot@xxxxxxxx>
> To: rbarros@xxxxxxxxxxxxxxxxxx
> Subject: Woody's Office Watch #3.32
> Date: Wednesday, August 05, 1998 1:10 PM
>
> --==>> WOW -- WOODY's OFFICE WATCH <<==--
> (your own Microsoft Word & Office guru every week!)
> 5 August 1998 Vol 3 No 32
>
> First, a word from this weeks WOW sponsor ...
>
> WHO PUT THE "MAL" IN MALWARE? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Security, security, security. It's been a sobering week. If
> you use any sort of email program (and since you're reading
> this, you probably do! <grrrrrrin>), you're at risk for the
> "message attachment with long name" problem we described
> last week. If you use Outlook 98, Outlook Express, the
> patch Microsoft posted early last week is just a partial
> solution,
> http://www.microsoft.com/security/bulletins/ms98-008.htm .
> If you use Netscape, there's still no word on when the hole
> will get plugged - at least, none on the Netscape Web site
> that I can find.
>
> But that's just one problem - an email worm. Several other
> security exposures raised their ugly heads last week.
>
> If you run NT on a network, anybody who can log on to PC
> attached to the network can get Administrator privileges
> and blast away. The so-called "privilege elevation attack"
> was discovered in India, and if you have an NT network, you
> need to get the latest patch.
> http://www.microsoft.com/security/bulletins/ms98-009.htm
>
> Then there's the very, very nasty CIH virus. That's a
> Windows 95/98 virus (actually a collection of viruses) that
> not only wipe out data, they can re-program certain PC's
> BIOS, making them completely unbootable. Even MSNBC is
> talking about this one,
> http://www.msnbc.com/news/182929.asp .
>
> And if you still believe in the Ether Bunny and Java's
> super-secure "sandbox", take heart: a group of programmers
> at Princeton just discovered (yet another) hole in the
> sandbox. They wrote a Java program that, when run on
> Netscape Communicator 4.0, will wreak havoc on a PC. (No
> word on whether the same is true with Internet Explorer,
> but it probably is.)
>
> Oh. I almost forgot. There's also the "SMTP and NNTP Denial
> of Service Vulnerabilities in Exchange Server," by which a
> suitably motivated creep (there's that word again) can
> cause Exchange Server's Internet Mail Service to go
> belly-up.
> http://www.microsoft.com/security/bulletins/ms98-007.htm
>
> Anti-virus ace Rob Rosenberger was kind enough to put
> together another WOWarticle to shed some light on all this
> heat...
>
>
> ROB'S MALWARE MISSIVE ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> NTBUGTRAQ moderator Russ Cooper received international
> media attention when he wrote about a "new" email exploit.
> In theory, someone can run malicious code on your computer
> by crafting an extremely long filename for an email
> attachment. The attachment doesn't need to execute -- the
> filename *itself* executes when Outlook tries to parse the
> filename.
>
> Reporters monitor NTBUGTRAQ for juicy computer security
> stories. Cooper's editorial (an outright "call to action")
> piqued the media's interest, so they gave him international
> exposure. This exploit may sound bizarre to the average
> reporter... but I yawned when I heard about it. You see,
> this latest security flaw is just a derivative of the
> 'letter bomb' exploit (1996) and the "res://" exploit
> (1997).
>
> What? You never heard of them before now? Shame on you!
> The 'res://' exploit affected Internet Explorer components
> capable of displaying HTML, including the email & news
> clients. The 'letter bomb' exploit affected Netscape
> components capable of displaying HTML, including the email
> & news clients. Both exploits relied on the use of, shall
> we say, "unanticipated" filenames.
>
> "Why didn't reporters warn everybody about the Res thing or
> the letter bomb thing?" you might ask. Answer: those
> exploits probably came too soon after the Hare virus media
> fiasco of 1996. Some computer magazines reported on them,
> but the international newswires never really took an
> interest. (Neither did NTBUGTRAQ, oddly, but Cooper admits
> "even those [who track security flaws] are finding it too
> difficult to keep up.") Cooper's dire warning of a "modern
> potential for disaster" came at the right time for media
> exposure.
>
> In his editorial, Cooper notes "administrators [and
> urban-legend websites] have been telling their users that
> no email message can harm their machine just by the user
> looking at the message." The long-filename exploit,
> however, changes the nature of a simple email. Again,
> Cooper tells us nothing new -- the person who discovered
> the 'letter bomb' exploit said the same thing in 1996.
>
> On a sad note, Cooper used the "some equals all" fallacy
> concerning the Good Times virus alert hoax. Specifically,
> he declared "with the discovery [of this recent exploit],
> 'Good Times Virus' becomes potentially real!" For the
> record: the mythological Good Times virus launches when you
> read an evil phrase with your eyeballs and it sets your
> processor into a demonic Nth-complexity infinite binary
> loop. Also for the record: the person who discovered the
> 'letter bomb' exploit made the same claim about Good Times.
> A hoax does not suddenly become true just because one part
> of it suddenly became true.
>
> So! Enough chit-chat. Let's assess the severity of the
> newest computer security threat. We'll assume you use an
> exploitable email program, of course.
>
> Can an evil-doer use this new exploit to crash your email
> software, or perhaps crash the operating system itself?
> Yes. Can he do it easily? Yes. Can an evil-doer use this
> new exploit to run malicious code on your computer? Yes.
> Can he do it easily? NO. It remains a highly theoretical
> threat with only a few "I proved my point" examples.
>
> Should you install the security patch from Microsoft?
> Certainly. You can download the current patch if you wish,
> or you can wait for MS to release the "better" patch which
> will also fix a related security flaw. Note: ignore the
> news.com report which claims the patch is "flawed." It
> works exactly as advertised; Microsoft will merely add more
> to it soon, to make your computer even more secure. (Think
> of the next release as "Patch v2.0.") I dismiss the
> news.com report as a typical fear mongering story.
>
> Should you "broadcast" a computer security alert to
> everybody you know? Well, it depends. Do they all look up
> to you as an expert on computer security? Do you know if
> they all use an exploitable email program? If you answer
> "no" to either question...
>
> I predict this latest exploit will soon join its brothers
> in the land of obscurity. Don't go spastic over all the
> media hoopla, folks. Just keep reading Woody's Office
> Watch for news on the latest Office patches. Enough said!
>
> Rob Rosenberger, webmaster
> Computer Virus Myths home page
> http://www.kumite.com/myths
>
> http://kumite.com/myths/myths/myth024.htm to read about the
> 1996 'letter bomb' exploit.
> http://www.pcworld.com/pcwtoday/article/0,1510,5605,00.html
> to read about the 1997 'res://' exploit.
> http://www.wopr.com/wow/wowv3n19.shtml to read WOW archive
> issue v3-n19.
> http://ntbugtraq.ntadvice.com/editorials/newworm.asp to
> read Russ Cooper's 1998 editorial.
> http://home.netscape.com/products/security/resources/bugs/longfile.html
> to read Netscape's instructions on how to avoid the newest
> exploit.
> http://www.microsoft.com/ie/security/?/ie/security/oelong.htm
> to read Microsoft's instructions on how to avoid the newest
> exploit.
|