[CS-FSLUG] Another Major MS Windows Security Flaw
Don Parris
gnumathetes at gmail.com
Sun Jan 1 20:16:26 CST 2006
On 1/1/06, Ed Hurst <ehurst at asisaid.com> wrote:
> dmc wrote:
> > Yet another reason that serious apps need to be moved off
> > MS Windows to a more mature and secure OS platform.
> >
> > It is frightening to know that many national security,
> > health, and other systems still exist under the "toy"
> > OS that is MS Windows.
> >
> > doc
> >
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
> > 'Extremely Critical Flaw' in Windows Discovered, Already Exploited
> > Friday, December 30, 2005
> > By Lisa Vaas
>
> Worse, some say the registry tweak doesn't work. There's a good chance
> anti-virus won't even be able to block this. The way AV works, they
> would have to create a signature for each and every WMF file. Blocking
> the function in the rendering DLL isn't possible.
>
> But wait -- it gets worse still. Just visiting a website with one of
> these, where some of these WMFs have been renamed to a JPEG for example,
> creates a huge door for installing all sorts of malware instantly. No
> clicking required.
>
> So far, only those with hardware-based DEP (Data Execution Prevention),
> available with the latest CPUs, AFAIK.
>
And with the fake MSN beta running loose, it gets it more fun:
http://www.eweek.com/article2/0,1895,1905876,00.asp
Can we say, "Instant Botnet"? Yes, for only $19.95/month, all this
can be yours! Pornography, viruses, spyware, adware and more! If you
hurry, we'll throw in the instant botnet, too! Order now! It's never
been easier! Just click the link! The statistics in the first
article were scary - 30% of users actually falling for phishing
schemes! I realize that has dropped significantly, but they still
click the links that take them to the sites - which is all that's
necessary in some cases.
In times like these, I praise the good Lord for His gift of libre
software, for providing me a way out of these kinds of attacks. For
us clergy, there is a spiritual message in all of this. Satan uses
all kinds of tricks - spiritual viruses and botnets - to snare us, and
as many of those around us as he can. Yet, God provides a way out.
Technology is an analogy to reach the techie believers. It may even
reach some of those who are not so technically inclined, providing
your sermon doesn't get too technical with the terminology.
--
DC Parris GNU Evangelist
http://matheteuo.org/
gnumathetes at gmail.com
"Hey man, whatever pickles your list!"
More information about the Christiansource
mailing list