Page 1 of 1
SP2 flaws uncovered
Posted: Thu Aug 19, 2004 10:51 pm
by Iceman
Woo.Hoo ...
http://zdnet.com.com/2100-1105_2-5315063.html
A German security company says it found minor problems in Windows XP Service Pack 2. Researchers predict more critical issues will emerge.
"I'm positive that we will see critical flaws over the next few weeks, and worms that will circumvent SP2 features over the next few months," [Larholm] said.
Posted: Thu Aug 19, 2004 10:58 pm
by Krom
And this is supprising because?
Posted: Thu Aug 19, 2004 11:00 pm
by Tetrad
This article is full of crap. Did you look at the "vulnerabilities" linked to on that page?
1. The cmd Issue
Description
The command shell cmd.exe ignores the ZoneID of files. The command
cmd /c evil.exe
executes the file evil.exe without warning, regardless of its ZoneID.
And in other news, typing rm -rf from the root command line in linux has negative consequences. If you want to be secure, disable access to cmd in the user policies.
But the thing is, they're complaining about a
warning dialog box that doesn't pop up from
cmd. Oh no.
2. Windows Explorer caching of ZoneIDs
Description
Windows Explorer caches the result of ZoneID lookups. If a file is overwritten, Explorer does not properly update this cached information to reflect the new ZoneID. This allows spoofing of trusted or non-existant ZoneIDs by overwriting files with trusted or non-existent ZoneIDs.
....
Exploiting this issue requires the ability to overwrite existing files which have a trusted or non-existant ZoneID. Right now there is no known way to achieve this in an attack mounted from the Internet.
The only "problems" here is that the user can hurt themselves. The OS can't prevent against social engineering. Although, yes, this is in fact a bug. I'll give you that.
And as far as the firewall is concerned, even the article itself says that the problem is pretty much the same with all consumer software firewalls. I suppose it could be ran at a lower level, but I'm sure the firewall distributors would be kicking up a hissyfit if Microsoft put their firewall that tied deeply inside windows.
Posted: Thu Aug 19, 2004 11:29 pm
by Grendel
Tetrad wrote:1. The cmd Issue
Description
The command shell cmd.exe ignores the ZoneID of files. The command
cmd /c evil.exe
executes the file evil.exe without warning, regardless of its ZoneID.
And in other news, typing rm -rf from the root command line in linux has negative consequences. If you want to be secure, disable access to cmd in the user policies.
But the thing is, they're complaining about a
warning dialog box that doesn't pop up from
cmd. Oh no.
Research before you post --
try this
Posted: Fri Aug 20, 2004 12:16 am
by Tetrad
Grendel wrote:Research before you post --
try this
What that certainly is interesting.
Posted: Fri Aug 20, 2004 8:33 am
by Iceman
Krom wrote:And this is supprising because?
Not surprising ... expected ...
Posted: Fri Aug 20, 2004 9:34 am
by DCrazy
Heh @ that site... "Hey, user! Drag this executable file into your startup folder!"
Posted: Fri Aug 20, 2004 12:24 pm
by Iceman
Tetrad wrote:Grendel wrote:Research before you post --
try this
What that certainly is interesting.
I suggest you both edit your posts before some poor fool actually clicks that link and does something with it. Not all of the peeps that read this BBS are computer savvy ...
Posted: Fri Aug 20, 2004 1:18 pm
by DCrazy
You didn't help by quoting it, Iceman. Edit your post too.
Posted: Fri Aug 20, 2004 2:59 pm
by Vindicator
Tetrad wrote:Grendel wrote:Research before you post --
try this
What that certainly is interesting.
Yet another reason to use Firefox: it doesnt render that correctly!
Posted: Fri Aug 20, 2004 3:22 pm
by MD-2389
Vindicator wrote:Tetrad wrote:Grendel wrote:Research before you post --
try this
What that certainly is interesting.
Yet another reason to use Firefox: it doesnt render that correctly!
heh, it seems that bleh.com is a real site.
Posted: Fri Aug 20, 2004 3:59 pm
by Tetrad
Vindicator wrote:Tetrad wrote:Grendel wrote:Research before you post --
try this
What that certainly is interesting.
Yet another reason to use Firefox: it doesnt render that correctly!
It's not the rendering. It's the fact that the executable runs itself from cmd. Still, people who would actually do that sort of thing are stupid, so my point still stands.
Posted: Fri Aug 20, 2004 4:09 pm
by Krom
The subject of this thread shoud be: *News flash* SP2 does not protect idiots from themselves any better then SP1 did.
Posted: Fri Aug 20, 2004 4:21 pm
by Grendel
Tetrad wrote:Still, people who would actually do that sort of thing are stupid, so my point still stands.
I'd agree if you change that to
computer-stupid. Lately I met a some really smart people that just never did anything even remotely w/ computers before and helped them out to get online. I looked away for 1/2hr at the beginning and in a flash I'd to remove 5 different worms.. Kind of enlightened me why so many machines on the net are virus/worm infested.
Posted: Fri Aug 20, 2004 5:49 pm
by Iceman
DCrazy wrote:You didn't help by quoting it, Iceman. Edit your post too.
LOL ... gimme a break ... look at what it (was already) linked to ...
Posted: Fri Aug 20, 2004 11:31 pm
by Grendel
It's just a proof of concept, nothing (too
) bad.
Posted: Fri Aug 20, 2004 11:49 pm
by Tetrad
Grendel wrote:Kind of enlightened me why so many machines on the net are virus/worm infested.
Most people just don't care. Hell, at the game company I work at, which some people would argue would be the most computer savvy place you could be (game dev places in general), I still have to clear off a coworker's computer that had all this crap tied in with IE and other rogue processes. We even had to ask people company wide to start using virus scanners since there was stuff bogging down our already-slow internet connection. These people know computers but as far as they can tell, unless it bothers them directly, it's unimportant.
Posted: Sat Aug 21, 2004 12:37 am
by Grendel
Tetrad wrote:Grendel wrote:Kind of enlightened me why so many machines on the net are virus/worm infested.
Most people just don't care.
That may be true for a company but not for the gross of home users -- they just don't
know and they have a hard time to catch up.
Posted: Sat Aug 21, 2004 12:52 am
by Duper
The funny thing is that I've been on the net over 7 years now and I've never had a worm or virus. Did get bug once when my daughter got careless (A trojan to be specific), but a 10 minute scolding and 3 days without the puter got her attention.
I normally wouldn't have been that harsh but I had to make her remember as she's 14 ... has the attention span of a gold fish.
Spyware is my "largest" problem and regualr maintainence deals with that of course.
Posted: Sat Aug 21, 2004 2:31 am
by kurupt
firefox would eliminate the problem completely. i'm 1 year removed from IE, and not one piece of spyware since
Posted: Sat Aug 21, 2004 12:11 pm
by Krom
I just recently installed both adaware and spybot on my computer. Neither one liked download accelerator plus (regged, ad free), and adaware found a few cookies, that was it. Every virus scan I run comes up clear. I do not use adaware or spybot often, and I rarely find anything, I do not use a always on virus scanner. The worst I ever found was a few bits of javascript after a few long hunts for programs on the net, I use a rather aggressive program that blocks all java and activex on webpages, along with most ads. Deleteing the javascript bugs was easy, just hit delete, they never got any further then then browsers cache dir.
Posted: Wed Aug 25, 2004 10:48 am
by Grendel