January 5th, 2006 at 12:14pm
Looking at some of the news in the IT world at the moment, there is certainly a lot happening.
Starting with the Microsoft WMF (Windows Metafile) bug, which is undoubtedly the worst bug Microsoft have had for quite a while. Basically, a WMF file is a vector image script, which defines lines and shapes, effectively allowing it to be scaled to any size without distortion. Unfortunately when Microsoft designed the WMF specification, they included an error handler so that a faulty WMF image could still do something, however this allows people to write bad WMF files with an error handler containing malicious code. Even worse is that it is virtually undetectable, as a WMF files doesn’t have to have a .wmf extension and can be opened simply by being an image of a webpage, in an email, a document of some description or any number of other ways.
It gets worse, within 24 hours of the exploit being discovered, there were active exploits, dropping all sorts of nasties on Windows based computers everywhere, and Microsoft still don’t have a patch, despite the fact that it is now well over a week since the exploit was found. Thankfully an independent security expert has written a temporary patch, which Microsoft and many security agencies are recommending that you install.
The patch has been verified by the Internet Storm Centre who have hosted the patch at http://handlers.sans.org/tliston/wmffix_hexblog14.exe, the patch has also been verified by many other security agencies and experts. This vulnerability affects most versions of Windows, and is a very severe. It is recommended that you install the patch.
Apart from that, it is common sense security which will also help. The usual don’t open unknown attachments, don’t follow suspect links, and something that a lot of people don’t do but should, turn off the preview pane in your email client, otherwise your emails open simply by being selected, which can happen very easily, and very accidentally.
Other interesting and good IT News includes:
Wisconsin requires voting software to be open source and print a paper confirmation so that anybody who wants to can verify the software does what it should do.
The French military police ditch Internet Explorer and Outlook in favour of Mozilla Firefox and Mozilla Thunderbird, citing standards compliance and the fact that they want everybody to be able to read their public information, not just Microsoft users.
Portable Apps releases a portable USB thumb drive version of Open Office 2.01, so that anyone can access their documents and office apps anywhere.
Massachusetts confirms that they are adopting the Open Document Format (ODF), currently found in Open Office, and ditching Microsoft’s proprietary office format, citing, again, open standards compliance, enabling anyone to read and write the data regardless of operating system or office software (once Microsoft play ball and accept ODF in MS Office, it’s Microsoft’s loss if they don’t!).
An interesting day or so in IT, and not Microsoft’s finest!
Entry Filed under: IT News