Posts filed under 'IT News'
Well I certainly got a pleasant birthday surprise when I visited slashdot and found that Ubuntu Linux 6.06 has been released. I suppose that means that it’s time for me to order my free CDs via the Ubuntu Shipit service.
To quote from the press release (well, it looks like a press release, even if it doesn’t say it)
New Ubuntu Release Available for Desktops and Servers, with Long Term, Global Support
Ubuntu, which has become one of the world’s most popular Linux distributions in recent years, launched its latest version on June 1 following months of intense testing. The new release is titled Ubuntu 6.06 LTS (Long Term Support), and has a specific emphasis on the needs of large organisations with both desktop and server versions.
Ubuntu 6.06 LTS introduces functionality that simplifies common Linux server deployment processes. For system administrators setting up large numbers of web, mail and related servers, Ubuntu 6.06 LTS offers the fastest and most consistent path to deployment, combined with the availability of global commercial support where needed. “Ubuntu has a reputation for working well out of the box on desktops, and we have worked to bring that same ease of deployment and configuration to the server marketplace” said Mark Shuttleworth, founder of the Ubuntu project. “Based on our analysis of the ways people were already deploying Ubuntu on servers, we have aimed to streamline their experience while expanding the range of software available to people deploying Ubuntu in the data centre.”
Ubuntu is freely available, including security updates for five years on servers, with no restrictions on usage and no requirement to purchase support contracts or subscriptions per deployment. Full telephone & online support on commercial terms is available globally from Canonical Ltd and other companies. “The economics of Ubuntu deployment are fundamentally different from those of other leading Linux distributions that offer commercial support” said Jane Silber, COO of Canonical Ltd. “Companies and individuals can deploy Ubuntu widely, and purchase support only for the machines where they need the assurance of a Support Level Agreement. This makes Ubuntu the preferred choice for large scale deployments where support contracts are not essential on every machine.”
Sun Microsystems and Canonical also announced this week that Ubuntu 6.06 LTS will support the UltraSPARC T1 processor on Sun Fire T1000 and T2000 servers. These SPARC-based systems join the list of architectures for which Canonical will offer technical support on a paid, commercial basis, starting at $700 USD per year for a single server. For more information, please see the ubuntu support pages.
The Server Edition of Ubuntu 6.06 LTS includes a unique mechanism to set up a standardized, certified, and supported LAMP (Linux, Apache, MySQL and PHP) server with a single command. The feature greatly reduces the setup time for companies providing hosted LAMP services, as well as making it easier for organizations to set up and maintain their own LAMP-standardized servers. Canonical Ltd. Also provides technical support for the full suite of components in the LAMP stack.
“This new (LAMP) functionality is the first of several planned fully-certified free software stacks in Ubuntu,” said Fabio Massimo Di Nitto, product manager of Ubuntu Server Edition. The acronym LAMP refers to four ingredients of the world’s most widely used framework for dynamic website publishing. While many variations on the LAMP theme exist, these four components are most commonly deployed together. The process of integrating these components will often take several hours per server and leaves room for the introduction of security vulnerabilities or unnecessary variation in configuration between different systems. “LAMP servers were the most popular use of Ubuntu in the data center, so we focused on that stack first” added Adam Conrad, Ubuntu’s lead LAMP developer.
Ubuntu 6.06 LTS also has a new mechanism to make commercial software available, enabling businesses and individuals to download select software from Independent Software Vendors (ISVs). There are a variety of solutions available this way already, including data management software from Arkeia, cross-platform development tools from Raining Data, PC sharing from Userful and virtualisation from VMware. Additional software for Ubuntu from ISVs will be added in the coming months.
“Ubuntu and VMware have worked together to make industry-leading virtualization a freely available and easy to use capability for Ubuntu 6.06 LTS,” said Dan Chu, VMWare’s Senior Director of Technology Alliances & Developer and ISV Products. “Now any Ubuntu user can automatically install and run VMware Player from the Ubuntu package manager, and join the four million plus users of VMware worldwide for running virtualized servers, desktops, and virtual appliances. Hundreds of thousands of users have already adopted Ubuntu virtual appliances using VMware, and the increased integration between Ubuntu and VMware will further enable broad uptake of these virtual appliances.”
Ubuntu is part of the Debian family of distributions. As such it has an extremely wide selection of software that is instantly available to Ubuntu users, and includes some of the world’s best-regarded software for the management of software updates and changes. “Debian is integral to the success and popularity of Ubuntu” said Matt Zimmerman, CTO of Ubuntu. “The combined efforts of more than 1,000 developers create a unique platform in Debian, which allows Ubuntu to focus on the specific needs of our users.” Ubuntu is believed to be the leading version of the Debian system that includes skills certification from LPI, as well as certifications from hardware and software companies.
A special added bonus of Ubuntu 6.06 LTS is the inclusion of several chapters from “The Official Ubuntu Book”, which Prentice Hall Professional will publish in July 2006, under an Open Content licence. The book represents the collaborative effort of more than a dozen Ubuntu community members from around the world, in addition to the primary authors: Benjamin Mako Hill, Jono Bacon, Corey Burger, Jonathan Jesse, and Ivan Krstic. “We’re thrilled to have been able to develop this book in such close partnership with the Ubuntu community,” said Paul Boger, VP/Publisher for the Pearson Technology Group. “This book is truly by and for the Ubuntu community.” The book can be pre-ordered at http://www.prenhallprofessional.com/ubuntu.
The word “Ubuntu” is a special word in many African languages. It translates loosely as “human-ness” and speaks to the importance of the role each individual plays in their community. In celebration of that, this release of Ubuntu also includes unique video footage of an interview with Nelson Mandela, who speaks on the relevance of this philosophy today.
Sounds good to me, I’ll get around to installing it sometime soon (I’ll probably be patient and wait for the CDs to arrive rather than downloading it).
Samuel
June 2nd, 2006 at 12:25pm
This was originally going to be a minor point in the article about Apple’s advertising campaign, but it has developed into an article in its own right.
I’ve already drawn two upgrade lines for Microsoft software, one being that I’m not upgrading MS Office beyond Office 2000, as Open Office is in my view a superior product (although I do still use MS Office 2000 for some tasks), and the other line being Internet Explorer, which is now relegated to use on IE-Centric sites only, as I much prefer Firefox and Opera (excluding Windows Update for which I use the faster and easier WindizUpdate).
I am now drawing another line: Windows XP will be the last version of Windows I ever use. Windows Vista will, in my opinion, be the proverbial straw which breaks the camel’s back. Windows has enjoyed a long reign at the top, but it is an outdated mess of security issues, Microsoft’s attempts to introduce proprietary standards (oxymoron), and various other problems which need fixing, much like Apple Mac OS 9 was before they released OS X with an entirely different base.
It is quite clear to me that both Mac and Linux have clear advantages over Windows, and I think the general public will also see this soon. The Ubuntu Linux people are doing a good job, and have made some interesting changes for the next version due in June, which does make it look like a good alternative to Windows.
The people at Apple have also done an excellent job on Mac OS X, and with their Boot Camp software providing Windows compatibility, I think it is now clear that Windows will become a secondary operating system with other operating systems taking the lead for a while.
Don’t get me wrong, Windows will still be there, it just won’t be the primary choice for most people, as they will use other operating systems for their day-to-day needs. Of course, there is every possibility that Windows will regain popularity in ten years or so when Mac and Linux start to stagnate and Windows shows ingenuity, after all Windows won favour over Mac and OS/2 by showing the lead a bit over ten years ago.
One thing I think is important here is that having multiple operating systems, multiple web browsers, multiple office suites etc, all gaining public favour is that it distributes the user base so drastically that it promotes ingenuity from all of the competing software writers, and makes life much harder for malicious users who would no longer have one bit of potentially vulnerable software giving them potential to wreak havoc on 90% or more of computer users. It also makes it necessary for software developers to use accepted standards (such as the Open Document Format, or the iCal calendar format) as their users will need to exchange data with other users. Open standards also allow everyone to work together on the future of IT according to their own needs, rather than working against each other, which effectively means that computers will do what people want, sooner rather than later.
Back to the security benefits of having multiple dominant operating systems and web broswers etc, the current situation looks somewhat similar to this (this is an example and probably isn’t entirely accurate, but is close enough):
- Windows/Internet Explorer: 90%
- Windows/Other browser: 6%
- Other OS/Browser of any sort: 4%
Imagine if it looked something like this:
- Mac/Safari: 20%
- Mac/Firefox: 15%
- Mac/Opera: 5%
- Linux/Firefox: 20%
- Linux/Konqueror: 10%
- Linux/Opera: 10%
- Windows/Internet Explorer: 15%
- Windows/Firefox: 3%
- Windows/Opera: 2%
Suddenly you have a mass distribution of users amongst all sorts of software, in which the vulnerabilities could very easily only work on one operating system and not the others. Even if one application did have a cross-platform vulnerability, the most damage it could do would be 38% (Firefox), which is a far cry from the 90% (Windows/Internet Explorer) in the first example. This makes maliciousness much more difficult and less rewarding, and also means that consumers have a greater choice as to which software combination works best for them, safe in the knowledge that their chosen software will be able to exchange data with somebody using different software on a different operating system.
Under the second example, things such as the recent WMF exploit wouldn’t have been as likely to occur due to less people using any particular operating system, would have been less damaging for the same reason, and would have seen a quicker response from the software vendor due to increased competition.
I will admit that I am partially anti-Microsoft, but that it because I think they have become very complacent in their monopolistic position, and day-to-day consumers who just want their computer to do one task or another, suffer as a result. Competition is needed here, and I think the Vista/Mac/Linux combination is about to make it happen.
Samuel
May 3rd, 2006 at 02:33pm
The people at Apple Computer have launched a new advertising campaign which compares Mac and PC (presumably running Windows by the looks of the ads) in a lighthearted manner.
It appears to be a part of their “Get A Mac” campaign, and the ads are on their website (linked above). The ads don’t really say much, but they do provide a bit of light hearted entertainment. Whether or not they will be effective is another thing, but the timing appears to be right with Windows Vista not due until November, and probably facing yet another delay, this time until at least April 2007.
It is an interesting time ahead in the land of computers.
Samuel
May 3rd, 2006 at 11:51am
Before you get your hopes up, no this post does not contain download statistics, they will be delivered in the monthly blog view stats.
In the last few weeks I’ve received a bit of correspondence from the guests who have been on Samuel’s Persiflage, about the monthly statistics I send out. You see, not only do I post the download statistics each month in the blog view stats, I also send statistics letters to all of the guests, with details about the downloads of their episodes.
In general the response has been very good, the guests are pleased to know approximately how many people have been listening (these are download stats, they don’t prove exact listenership), and are looking forward to the monthly updates.
This is pleasing for me as I decided that it would be a good idea to do this from the start. Basically, when you do a radio or television interview, you can find out pretty easily the approximate number of people listening/watching. TV ratings are published daily, and radio ratings come out to a set schedule. Unfortunately the same is not true for podcasts, and as this is a relatively new form of media, some people are skeptical of there being any point in appearing on a podcast.
There is also a problem with the fact that traditional broadcasts are generally instant or mildly delayed, but are usually broadcast once, with no ability for the end viewer/listener to replay what happened if they didn’t record it. Basically, you speak, people hear you, the world carries on. With podcasts though, you speak, a bit later the podcast is published, and for the rest of eternity people may hear/see your message. This obviously isn’t any good for a message you need to deliver right now, but for non-urgent messages this can be quite effective.
This changes the way ratings need to be measured though as you can’t just say “250,000 were listening when you spoke”, you effectively have to say “250,000 heard you on Monday, 75,000 on Tuesday, etc etc”, and of course you can’t really measure the exact size of the audience due to the very nature of downloads, so you measure downloads and call it an approximate audience size, which it is with the law of averages (some will download part of a podcast, some will download a full podcast and share it with others).
As podcasting matures, I think we will see more and more podcasters providing download statistics, as it is something which interests most of the audience, is useful for future guests, and good information for previous guests.
I’m by no means the only podcaster doing this, but I am one of the leaders in providing statistics, and I get the feeling that one day I will be able to say “I helped to start that!”.
Samuel
April 26th, 2006 at 11:14am
I spotted a rather interesting article on Slashdot yesterday about The National Archives of Australia announcing that they are moving their digital archives program to Open Office 2.0, and therefore the Open Document Format.
I personally use both Microsoft Office 2000, and Open Office 2.0, and I have to say that an awful lot of work has been done to make Open Office an almost perfect converter between a multitude of formats, and I think ODF is superior to the MS Office formats for a couple reasons.
- ODF is openly documented, and anybody (with programming knowledge of course) can create an application which can read and write the ODF format.
- MS Office documents (and other proprieatary document formats for that matter) can only really be interpreted by other applications through reverse engineering of the format, which is an error prone and highly tedious and difficult task.
- Microsoft themselves are having trouble reading early office documents…some newer versions of Excel can’t properly open Excel 2.0 files for example, which creates a problem if government documents are in these formats and they are needed 300 years from now
- ODF is XML based, which means it is purely text based, whereas MS Office documents are binary format, this creates a problem if the documents become corrupt for one reason or another. You have a much higher chance of recovering the majority of a corrupt text based document than a corrupt binary document.
- ODF is also a compressed format, if you open an ODF file as a zip file, you will find that it is really a collection of XML files and graphics, compressed in ZIP format. This not only saves on disk space, but also provides a logical way or storing the different parts of the document, again making easier to recover if a corruption occurs.
- Did I mention the fact that Open Office is free, and Microsoft Office isn’t?
The National Archives are by no means the first government agency in the world to convert to Open Office, but they are arguably the first one with such a major role in maintaining historical documents to do so. They cannot risk damaging these documents, and they also cannot risk losing them through technological obsoletion, and I think they have made the right choice in choosing Open Office, and they will now probably lead the way for many more government and private organisations to do the same thing.
Samuel
April 5th, 2006 at 10:48am
If you happen to live in one of Australia’s Daylight Saving time zones, and your computer’s operating system automatically adjusts the time for Daylight Saving, then you will probably find that the clock is out by an hour, as Daylight Saving has been extended by one week this year for the Commonwealth Games.
I nearly thought my lounge room clock was an hour fast when my computer was telling me that it was 2:14AM when it was in fact 3:14AM.
It is worthwhile pointing out that some online services (Gmail being one of them) base the time they show on your computers GMT offset…so you can expect them to be out by an hour as well.
Who would have thought that the land of clocks would be so exciting?
Samuel
March 26th, 2006 at 03:06pm
In the last 24 hours I have noticed a trend where the spammers are moving away from the tried and tested (and blocked very easily by spam filters) method of using short bits of random text, to having long extracts of weird and nonsensical stories. Here is the one that came in this evening, and is undoubtedly the best one so far.
same thing happened. ‘Are you trying to get in my way on purpose?’ screamed Ivan, infuriated. ‘ You’re the one I’m going to report to the police!’ Ivan tried to grab the choirmaster by the sleeve, missed and found himself grasping nothing : it was as if the choirmaster had been swallowed up by the ground. With a groan Ivan looked ahead and saw the hated stranger. He had already reached the exit leading on to Patriarch’s Street and he was no longer alone. The weird choirmaster had managed to join him. But that was not all. The third member of the company was a cat the size of a pig, black as soot and with luxuriant cavalry officers’ whiskers. The threesome was walking towards Patriarch’s Street, the cat trotting along on its hind legs. As he set off after the villains Ivan realised at once that it was going to be very hard to catch them up. In a flash the three of them were across the street and on the Spiridonovka. Ivan quickened his pace, but the distance between him and his quarry grew no less. Before the poet had
Samuel
March 13th, 2006 at 11:10pm
Those of you who regularly read through the comments on this site may remember that near the end of the popup fiasco, the subject of adware and spyware came up, and in the comments in this post, a comment was made by John B1_B5 about Spybot Search and Destroy.
You have to be careful of “Spybot” because it will work ok in the beginning, but after awhile, it sneakily starts acting as an “undercover agent” to allow ’specific’ spyware onto your machine .
Needless to say, this caused me some concern as I have been using Spybot for some time, and have even promoted it, if it is letting in spyware then it has half the computer industry fooled. So I conducted some research, but didn’t turn up anything for a while, until I stumbled upon a quote from Leo Laporte on his radio show, from Sunday February 5, 2006, somewhere around the 34 minute mark.
There are, and this is a really shameful thing, but there are people who camp out on similar names. If you go to “safernetworking.org”, not “safer-networking.org” for instance, just slightly mistyped, it’ll look like Spybot but it’s really not, it’s spyware. So these spyware guys are just nasty, they’ll do every trick in the book including pose as an anti-spyware program.
I did a bit of further research into this, including checking the non-hyphenated domain name, and lo and behold, Leo is correct. It would appear that some spyware creators are “cashing in” on the popularity of Spybot Search & Destroy by registering a very similar (and probably more commonly thought of) domain name, and putting spyware on there which pretends to be spyware. This fake Spybot exhibits the behaviour that John B1_B5 pointed out.
I brought this to the attention of John this afternoon, and he said
It’s quite possible I downloaded the fake one
I can understand that, I could have done the same thing if I wasn’t familiar with the look of the real Spybot website or was slightly inattentive.
So, to summarise, Spybot Search & Destroy is a legitimate and safe anti-spyware application, which should be downloaded from http://safer-networking.org (the website with the dash!).
Samuel
March 4th, 2006 at 10:53pm
OK, I just worked it out (I Hope!). When I disabled the nedstat/webstats4u code by “commenting it out” in the footer template, the popups disappeared in my browser. Unfortunately, it would appear that Internet Explorer doesn’t understand HTML comments and tries to render them instead. It finally occured to me when I saw “–>” appearing next to the webstats4u icon in IE, that I had been so excited about getting rid of the popups that I only commented out that section of code, and forgot to remove it.
This appears to be a rendering bug (or feature) of Internet Explorer, that the standard “< --" and "-->” comment code is not treated as a comment, and instead treated as renderable code, which is why the popups continued to appear in Internet Explorer.
It should now be fixed (although a hard refresh using CTRL-F5 of the samuelgordonstewart.com homepage should force it). Again sorry about the inconvenience, I just never counted on that basic staple of usefulness being ignored by a browser.
Hopefully Internet Explorer will understand comments in version 7, but I’m not holding my breath on that one.
Samuel
February 24th, 2006 at 11:44pm
If the number of people landing here by searching for information about the Bigpond Gmail block, and the number of other websites discussing it is anything to go by, Bigpond’s Gmail block has been quite an ordeal throughout the week.
It turns out that Bigpond use somewhat overzealous third party server blocklists that attempt to automatically work out which SMTP servers are open for third party use, and effectively spamming. Technically this should put just about every ISP mail server on the planet on some blocklist by virtue of the fact that you don’t have to be connected to your ISP to utilise their mail servers.
The basic fact of the matter is that this is an outdated method of blocking mail servers, as most spam originates from “botnets” created on home PCs by malware. These botnets are sold to spammers, “malicious users”, etc by malware programmers for a profit, this is fairly effective as it allows standard PCs, which look pretty innocent, to sporadically start sending spam and other useless junk all over the place.
Unfortunately, one of Gmail’s servers was incorrectly picked up by one of these blocklists late last week, and Bigpond then picked it up in their semi-daily or thereabouts update. Gmail’s server was removed from the list sometime this week, and Bigpond worked that out today at about 11am Canberra Time (Midnight GMT).
There is still a bit of a delay as the queued mail gets delivered, but services appear to be back to normal. Incidentally, another ISP, iinet if my memory serves me correctly, fell fowl of these blocklists a couple weeks ago, and have just recently been fixed.
The bottom line is, Bigpond are now accepting emails from Gmail, and probably blocking someone else instead. I have some advice for Bigpond, forget blocklists, use some proper anti-spam technology to run checks on incoming mail, there’s some pretty good open source software that does precisely that, and it will do a much better job than overzealous blocklists.
Samuel
February 24th, 2006 at 03:04pm
It turns out that Steve Gibson was mostly correct when he announced that he thought the WMF exploit was a deliberate backdoor.
It would appear that Steve stumbled on another part of the exploit, rather than the section which was being used. Steve uncovered a section which made use of an invalid length record in metafiles with only one record. It is the considered opinion of independent security experts that this section of the code was deliberately implemented by the programmer as a way of executing code in a metafile. Whether or not it is a backdoor is dependent on your definition of backdoor. Whilst it is a program backdoor similar to “secret” master BIOS passwords set by the manufacturer, it isn’t a backdoor in the “malicious person remotely gains access to your computer” sense (although it can contain code to do such things).
Steve has now, in collaboration with other experts, created a WMF exploit tester which tests for all the known ways of exploiting the WMF exploit, on Windows and WINE.
The following operating systems and envoironments are vulnerable to the WMF exploit until a patch is installed:
- Windows Vista beta
- Windows XP
- Windows 2000
- WINE
The following operating systems are vulnerable and will not be patched by Microsoft, you must run a vulnerability supressor such as the one from NOD32 (it’s free) on these operating systems.
All other operating systems are safe.
You can download the vulnerability tester, and read more about the WMF exploit from http://www.grc.com/wmf/wmf.htm, the page includes a detailed Q & A about the vulnerability, including analysis from Microsoft and security experts other than Steve.
Whilst I appreciate that there are people who disregard just about everything Steve says, I think he has written a fairly comprehensive, well thought out, and unbiased article on that page. If nothing else, there is a good vulnerability tester there for anyone and everyone to check their systems.
Also, you may be interested in his discussion with Leo Laporte about the WMF exploit in the most recent edition (episode 23) of Security Now!. Steve explains his vulnerability tester, and the discussion explains the exploit.
Samuel
January 22nd, 2006 at 12:09am
I recently made some bold predictions about the general direction of IT in 2006, in this I said Apple would have a resurgence as a popular operating system developer. Early indications certainly show that this could be the case.
Myer is an Australian department store, which is in my view somewhat conservative and isn’t likely to advertise a product it doesn’t expect that people will want to buy it. It has been years (late 1990’s) since I have seen a non-Windows computer in a Myer or Grace Bros store (Grace Bros was at that stage a partner store of Myer as part of the Coles Myer corporation, the two stores have since merged), so you can imagine my surprise when I looked through a Myer catalogue today and saw three Apple computers running Mac OS X, as well as a bunch of software for Mac. For the record the other five computers for sale were all running Windows.
The Apple computers were an iMac, and iBook and a Powerbook. The software was Apple iLife 2005, Apple iWork 2005, Norton AntiVirus for Mac 2005 and Apple Mac OS X (Tiger) 10.4.3, interestingly this was the full version of OS X and retails for $199, which is pretty good considering that Windows XP Home Edition full version costs $324, and Professional costs $478.
I still think that Apple will anounce an x86 version of Mac OS X later in the year, which would give them an interesting advantage over Windows in that Mac would run natively on x86, the new apple-intel platform (whatever it’s called) as well as Power PC (assuming they continue to support PowerPC for a while), whereas Windows would only run on x86 and 64 bit platforms, and would require a fair bit of end user modification to run on apple-intel (I’m running with that name until somebody corrects me!), something which is probably prohibited under the End User Licence Agreement anyway.
Samuel
January 19th, 2006 at 11:53pm
The WMF Exploit has been discussed on this site before, both here and here, but the information which has come to light since then is astounding.
As you may know, security expert Steve Gibson said if Microsoft didn’t release a patch for Windows 9x, he would, so he set about doing that. Steve spent plenty of time researching exactly how the WMF exploit works, and found something very scary indeed. According to Steve, the WMF exploit was not and error, it was a deliberate backdoor from Microsoft, enabling those in the know to execute code.
A WMF file is really a graphic script which tells Windows to draw a line here which is this long, and a rectangle over here which is “x” high and “y” wide with a purple fill colour, and so on. To aid this, the file contains headers, including one for length of record (each line, rectangle or otherwise is a record”). Setting this value to 1, which is a perfectly invalid number in this context, makes Windows behave in an odd manner…it treats everything after that in the file as executable code and runs it.
Steve has announced this in the Security Now! podcast episode 22 (which can be heard here). To quote some of the discussion between Steve Gibson and Leo Laporte:
Steve:But the only conclusion I can draw is that there has been code from at least Windows 2000 on, and in all current versions, and even, you know, future versions, until it was discovered, which was deliberately put in there by some group, we don’t know at what level or how large in Microsoft, that gave them the ability that they who knew how to get their Windows systems to silently and secretly run code contained in an image, those people would be able to do that on remotely located Windows machines…
Leo: So you’re saying intentionally or – Microsoft intentionally put a backdoor in Windows? Is that what you’re saying?
Steve: Yes.
Leo: Well, that’s a pretty strong accusation. Could this not have been a…
Steve: Well, it’s the only conclusion…
Leo: It couldn’t have been a mistake?
Steve: I don’t see how it could have been a mistake. Again, I’m going to continue to look at it. But from what I’ve seen now, this had to be deliberate.
—
Leo: But let me ask you one more – you’re convinced there’s no way this could have happened by accident. It can’t be a programming error or bad design.
Steve: No. No. I mean, you know, again, this is as much a surprise to me, Leo, as it is to, you know, anyone who hears this. I did not expect to see this. I expected to find, for example, that the way this exploit worked was that the SETABORTPROC was working correctly, and that I would give it a pointer to my own code a few bytes lower, then I would do something to force the metafile to abort, and then the metafile processing would use the pointer, the legitimate SETABORTPROC pointer, and then basically run the code that was located right there in the metafile. That’s what I thought I was going to encounter, something that sort of made sense, like we were originally led to believe. Or actually I think, you know, Microsoft didn’t say anything at all. So we just all kind of presumed this was another one of those coding errors that Microsoft now famously makes and corrects on the second Tuesday of every month. This wasn’t a programming error. And, you know, so it’s like, whoa. When I give it the magic key on the size of the metafile record, then it jumps directly into my code.
—
Steve: Now, you know, if Microsoft had said last week, whoops, this was an undocumented backdoor or means for us to run code in a metafile, we never documented it, our security sweeps didn’t find it, blah blah blah – but nothing was said. They allowed the industry to believe that this was just like all their other code mistakes, but this wasn’t like all their other code mistakes.
Leo: Well, it’s a very serious indictment, if not of Microsoft, maybe of a renegade programmer inside Microsoft. If you were doing a code review, would this kind of thing stand out? Would it be fairly obvious that something was going on?
Steve: Yeah. I mean, I’ve seen Microsoft source code. In the old days they used to publish the source for what’s called the DDK, the Device Driver Kit. And, you know, they’re very cautious about, you know, on a module-by-module basis, there’s the person’s name or initials and when they made changes and what they made to the code that follows. So, I mean, again, Leo, we’re never going to know for sure. I mean, I’ve been in this position with Microsoft in the past, or similar positions. And, you know, it’s very difficult to get a straight answer from them. So I don’t know what their source says. But it seems to me that somebody had to have seen relatively recently, certainly since Windows 2000, had to have looked at the code, seen that this was something that was there, and just kind of nodded to himself and said, yup, that’s what we want to have in our metafile processing code.
Leo: Wow. Well, I’m sure we’ll hear more about this. I think you probably are going to stir up a hornet’s nest here. And if Microsoft would like to come on the show and respond, you absolutely are welcome to do so. I’d like to hear an explanation.
In the interests of space, I have not copied every detail, and there is a lot discussed. You can rea the full transcript at http://www.grc.com/sn/SN-022.htm or listen to Security Now! Episode 21 at http://media.grc.com/sn/SN-022.mp3.
Steve is rarely wrong about these things, so this is a major concern. There is some use for this “feature” in that Microsoft could have embedded a super important patch on all of their websites and had it patch an awful lot of computers, but it was also an accident waiting to happen, which did happen a few weeks ago.
As Steve said, this is something which would stand out in a code security audit, and Microsoft have done a few audits on their code, so this almost has to have been something Microsoft purposefully placed there.
More details as they come to hand.
Samuel
January 14th, 2006 at 02:50am
I’ve been doing a bit of thinking about recent developments in IT lately, and with a few excess dot joinings, I’ve come to some conclusions about what may happen in IT this year, or at least some big stories.
With the recent raft of underwhelming presentations on Windows Vista and the gradual loss of originally planned features in it, and Apple Macintosh moving to Intel processors, it wouldn’t be unreasonable to see Macintosh gain ground this year, here’s how I think it will happen.
Microsoft will release Vista with their usual marketing hype, claiming that it is fantastic and probably bring back the “10 reasons to upgrade”. Apple will release their next version of Macintosh with a lot of marketing along the lines of “most of the stuff in Vista we had five years ago, and look what we’ve got now…even better, it runs on YOUR PC“, effectively canning their “Mac Box Only” pseudo-restrictions. Apple, with their increased presence, thanks to the iPod, will gain customers with the more secure, and more impressive OS.
I am really gaining the impression that Apple have lost their “also-ran” status from public perception with the iPod and iTunes and their general “nice guy” appearance, this will help them win customers from Microsoft. Also I think the general public are starting to wake up to the fact that, despite Microsoft claims, new versions of Windows are rarely more stable than the last, and the “new features” aren’t all that exciting after all. Whilst the general public will see this as a way to escape the MS security problems, IT people will see it as a way to make vulnerabilities less attractive to “malicious users” as they won’t have the same large scale effect.
I forsee Open Office using this to their advantage, perhaps making a deal with Apple to include Open Office in Mac OS.
As much as I love Linux, I don’t think 2006 will be the year of the penguin, although Linux will undoubtedly gain ground with the mass exodus of Windows users finding new operating systems. I guess many Linux distros will semi-emulate the look and feel of Mac instead of Windows, or (more likely) offer a choice between the two.
Later this year, if I remember, I might see if this has come true or not.
Samuel
January 14th, 2006 at 01:32am
As you would probably be aware by now, Microsoft have released a patch for the WMF exploit. Microsoft have only released the patch for Windows 2000, XP and Server 2003, if you’re using another version of Windows then you’re out of luck for now, but Steve Gibson from grc.com has said that he may explore writing a patch for the unpatched versions of Windows. Steve, incidentally, helped in the development of the unofficial patch written by Ilfak Guilfanov.
To download the patch from Microsoft, visit http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx and follow their links, or run Windows Update.
To establish if you are vulnerable to the WMF exploit, you can download this WMF file (thanks to the Internet Storm Centre). Download it to your desktop and open it, if you are vulnerable the calculator will open and possibly crash Windows Explorer or whatever program you open it with, this WMF file will not harm your system. If you open it and the calculator doesn’t open, then you are safe. Upon further inspection I have discovered that Norton Anti-Virus detects it as “Bloodhound.Exploit.56” (it’s name for the WMF exploit) and claims that it cannot repair the file. If you are running anti-virus software you might not be able to test the file.
Samuel
January 7th, 2006 at 10:14pm
Next Posts
Previous Posts