Security – Page 4 – Absoblogginlutely!

wmf flaw being exploited

By Andy on Thursday, December 29, 2005

The flaw in the processing of (yet another) graphics file – the wmf file is actively being exploited to load spyware and other nasties. At the moment there is no patch available and the workaround on the above site is to disable the Windows Picture and Fax Viewer engine by doing the following. ~~(I wish the unregistration was silent as I could then deploy it in a login script)~~ By adding a /s before the %windir% it becomes silent so I *can* deploy. I’ll make a check to see it has already been deployed and then unregister it if it hasn’t)

Un-register the Windows Picture and Fax Viewer (Shimgvw.dll) on Windows XP Service Pack 1; Windows XP Service Pack 2; Windows Server 2003 and Windows Server 2003 Service Pack 1

To un-register Shimgvw.dll, follow these steps:
1.Click Start, click Run, type “regsvr32 -u %windir%\system32\shimgvw.dll” (without the quotation marks), and then click OK.
2.A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.

Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.
To undo this change, re-register Shimgvw.dll by following the above steps. Replace the text in Step 1 with “regsvr32 %windir%\system32\shimgvw.dll” (without the quotation marks).

Security Windows XP

Stored passwords in xp

By Andy on Thursday, December 15, 2005

Had an interesting problem today with a user who suddenly couldn’t connect to one of the servers on the network. It turns out they had recently changed their password and had previously managed to save the password in XP. Following the instructions I was able to remove the stored passwords from the machine and when they next logged on all the network drives were connected ok. I managed to get to this point by following the trail from eventid 14 in the system logs with a source id of kerberos and looking this up at eventid.net and then following the link to the stored passwords page.
I must say this is the first time I’ve ever seen this problem and it had me baffled for a while.
“rundll32.exe keymgr.dll,KRShowKeyMgr” will allow you to delete the obsolete entry.

MBSA Networking Security Visio

MBSA for Visio

By Andy on Friday, December 2, 2005

There is a great tool for integrating Microsoft Baseline Security Analyzer (MBSA) into Visio network diagrams but this is almost useless for the consulting side of things. MBSA requires that it is run as a user with credentials on the domain which is not possible to do on a consultants laptop as it is unlikely that it is going to be a member of the customers domain. Therefore MBSA will not scan the machines and the benefit is lost. It would work if the customer had a copy of visio, but this is unlikely for most of my customers.
I don’t have admin rights on the network back in the office so I can’t even try it out on my office network either 🙁
However, if you are not a consultant and have visio, then this tool is well worth checking out as it will give you colour coded status for each server on the network within visio. From first impressions it does look like you need to have your servers in visio as a server object – you can’t use one of your own objects like a dell rack mount object.

Hacking Security Skype

Skype password changed

By Andy on Wednesday, November 30, 2005

hmmm – I got an email this morning stating that they were going to change my skype password in the next 24 hours due to a upgrade of their software. Why they can’t tell me that they have changed it now, instead of me waiting until I can’t log into skype and then changing it myself I don’t know. This also sounds suspiciously like one of the websites was hacked or compromised. I really can’t see any other reason that they would need to change passwords for so many people. There is more information at SkypeJournal and it seems like a lot of people share my concerns AND have trouble trying to get the password changed.
The funny thing is that they try to convince you that this is not a hoax by saying that there is a copy of the email on the share.skype.com website…Now if I was a scammer with a website such as share.5kype.com it wouldn’t be difficult to host a copy of a phishing email that I am sending out to all my target customers would it?

Bugs ODBC Security Windows XP XPSP2

“is not an existing data source name” errors with odbc

By Andy on Thursday, September 29, 2005

On some new machines that I’ve been building I’ve had major issues with SYSTEM dsn’s not working properly and getting the “DSNNAMEis not an existing data source name” when trying to configure a dsn…. Eventually I found an answer…..

Security

Cross Site Scripting flaw in coppermine.

By Andy on Sunday, September 25, 2005

The Coppermine thread has the details. It’s a fairly easy edit of one file to make the changes quickly, or you can download a new installation.

Photos Security

Security hole in coppermine.

By Andy on Monday, September 5, 2005

There has been an important fix to coppermine to prevent a Cross Site Scripting hack. The patch and discussion can be found at the Coppermine forums. I am surprised that they do not have a (working) announcement mailing list to find out when patches such as this are released. Update A workaround is to go to the forums and click the notify button. You will probably need to be logged in though.

Bugs Microsoft Security Windows Update

Viewing chm files after installing MS05-026

By Andy on Tuesday, July 26, 2005

KB article 896358 shows the steps on re-enabling this ability on intranet/lan locations.

Bugs Firefox Greasemonkey Security

greasemonkey recommendation

By Andy on Wednesday, July 20, 2005

I’ve reinstalled greasemonkey following the Greaseblog: Mandatory Greasemonkey Update by installing version 0.3.5 from greasemonkey.mozdev.org

Firefox Greasemonkey Security

greasemonkey security hole

By Andy on Tuesday, July 19, 2005

Apparently there is a major security hole that allows any website to view the contents of any file on your harddisk if you have greasemonkey installed (see greasemoney mailing list post for information. I can’t reproduce the problem with their proof of concept code, but its a pretty scary possibility. Annoyingly, turning off greasemonkey will reduce the functionality on my flickr/geocaching pages 🙁 Thanks to Pip for the tipoff