Peter's Blog

Redefining the Impossible

Rip off

Rip off

Submitted by Peter on Sat Jan 07 2006 12:51 over 3 years ago

Yesterday I did a google for "peter clive wilkinson" (in quotes) and came across a couple of spam blogs that have stolen my content, including the copyright notice at the bottom of the page.

I tried opening the pages but the servers were dead.

Today I did the same search and the old spam blogs have gone but a new one is there.

I won't try to look at the site again as I'm a bit wary of Windows security holes right now and don't want to visit dodgy web sites.

Windows update has installed something or other and is hastling me to reboot my pc. Has it fixed the wmf hole or not? How to tell? I'll install it anyway as I don't like the idea of having gaping security holes on my pc.

Apparently the next generation of processors will have hardware protection against buffer overflow attacks. This might be the only way to protect us from Microsoft's shoddy coding.

Filed under: google windows

Rob Says:

Mon Jan 09 2006 12:16 over 2 years ago

> Apparently the next generation of processors will have hardware protection against buffer overflow attacks.

Isn't that done by simply not mixing the CPU return address and local variable data stacks?

Rob

PS: Why is the comment box only 01234567890123456789 characters wide? Reminds me of the old please write legible in the box provided joke smile

Peter Says:

Mon Jan 09 2006 14:17 over 2 years ago

The hardware protection is something to do with not allowing executable code in the stack, i.e. stopping malicious code being downloaded into a buffer.

Of course there are two problems:

1) it only works if the buffer is on the stack, not if, for example, it was malloced or in a global variable. 2) it will probably break 90% of otherwise functional software so no-one will ever enable it.

Still, it looks good in the feature list.

Regarding the comment box, Dean has the same problem. It's ok for me in firefox. drupal is generating 'cols="70"' instead of 'cols="70"'. I've hacked drupal to fix it.

Peter

Matt Says:

Wed Jan 11 2006 20:39 over 2 years ago

New features like that wouldnt help in all cases, for example, the recent WMF vulnerability didnt use a buffer overflow, it abused a part of the WMF processing that allowed the maker of the WMF to execute other code should the metafile not display properly.

Anyway, in a completley unrelated note. Followed your oneandone to debian howto. steps went ok, Just havnt rebooted and tested yet (servers currently in use by others)

Peter Says:

Wed Jan 11 2006 21:32 over 2 years ago

After reading the following I was under the impression it was a buffer overflow:

Microsoft Windows contains a vulnerability that can allow an attacker to execute arbitrary code. The vulnerability is due to improper bounds checking in the ANIMATEPALETTE function when rendering Windows Metafile (WMF) files. Attackers can exploit the vulnerability to cause a buffer overflow by creating a carefully crafted file and enticing a victim into viewing it on an affected system.

(http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33580).

Good luck with debian, hope my article helped.

Peter

Peter Says:

Sat Jan 21 2006 14:19 over 2 years ago

Seems there are many WMF vulnerabilities: here is another, not a buffer overflow just bad design.

Peter

Have Your Say

I welcome constructive comments or questions but I reserve the right to delete any comments that displease me.

Who are you?

(Optional) If you enter an email address here I might email you back. Your email address will not be sold to spammers or shown anywhere

What do you have to say?