Andy Haigh And everyone has been ignoring it since. John T eServices For You > -----Original Message----- > From: JosephK [mailto:josephk@xxxxxxxxx] > Sent: Thursday, January 05, 2006 9:43 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: WMF Vunrability > > http://www.ISAserver.org > > I've noticed that my spell checker stops at the subject line of this > thread. > Who spelled Vunrability??? Damn you guys for making me hit cancel first > :) > > Joseph > > -----Original Message----- > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > Sent: Thursday, January 05, 2006 7:34 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: WMF Vunrability > > http://www.ISAserver.org > > Hi Joseph, > > Keeping my eyes open for it. > > Tom > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://spaces.msn.com/members/drisa/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > **Who is John Galt?** > > > > > -----Original Message----- > > From: JosephK [mailto:josephk@xxxxxxxxx] > > Sent: Thursday, January 05, 2006 12:52 AM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: WMF Vunrability > > > > http://www.ISAserver.org > > > > Hi Thomas, > > > > I here that the next round of this type of attack may indeed be *.gif > > or some other variant. > > > > Joseph > > > > -----Original Message----- > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > > Sent: Wednesday, January 04, 2006 10:33 AM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: WMF Vunrability > > > > http://www.ISAserver.org > > > > Hi Joseph, > > > > Yes, I knew what .wmf meant, was just have some fun there :) > > > > You could change the application that opens the .wmf file, but what if > > they change the file extension to .doc or .xls or .gif? I think you > > still end up getting whacked. > > > > Tom > > > > Thomas W Shinder, M.D. > > Site: www.isaserver.org > > Blog: http://spaces.msn.com/members/drisa/ > > Book: http://tinyurl.com/3xqb7 > > MVP -- ISA Firewalls > > **Who is John Galt?** > > > > > > > > > -----Original Message----- > > > From: JosephK [mailto:josephk@xxxxxxxxx] > > > Sent: Wednesday, January 04, 2006 12:03 PM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: WMF Vunrability > > > > > > http://www.ISAserver.org > > > > > > Hi Thomas, > > > > > > WMF -- Um, this is a family list! But, I could also think of > > > a few more > > > things. Google desktop indexing has a flaw...If some > > > unsuspecting user > > > sets it up incorrectly or some goof uses it on a corporate network, > > > then, the indexing process can show up on the internet! Now that's > > > why I don't use trash like that. > > > > > > I'm sure you knew that *.wmf was for windows meta file. > > Changing the > > > program that opens that to notepad actually works. At least > > in my test > > > environment. > > > > > > Thank you, > > > Joseph > > > > > > -----Original Message----- > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > > > Sent: Wednesday, January 04, 2006 10:03 AM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: WMF Vunrability > > > > > > http://www.ISAserver.org > > > > > > Hi Jospeh, > > > > > > I read that even if you use Google indexing service on your > > > computer, it > > > will whack you when the WMF is accessed. > > > > > > BTW, what does WMF stand for? I can think of a few things > > > right now :)) > > > > > > Tom > > > > > > Thomas W Shinder, M.D. > > > Site: www.isaserver.org > > > Blog: http://spaces.msn.com/members/drisa/ > > > Book: http://tinyurl.com/3xqb7 > > > MVP -- ISA Firewalls > > > **Who is John Galt?** > > > > > > > > > > > > > -----Original Message----- > > > > From: JosephK [mailto:josephk@xxxxxxxxx] > > > > Sent: Wednesday, January 04, 2006 11:53 AM > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] RE: WMF Vunrability > > > > > > > > http://www.ISAserver.org > > > > > > > > Another minor way to fix this from the desktop point of view > > > > and yes it > > > > is a pain in the ass. Change the program that opens up *.wmf (fax > > > > viewer) to use > > > > notepad instead. Not very feasible though with a real large shop. > > > > > > > > Joseph > > > > > > > > > > > > > > > > -----Original Message----- > > > > From: Edgardo Balansay [mailto:balansay@xxxxxxxxx] > > > > Sent: Wednesday, January 04, 2006 9:49 AM > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] RE: WMF Vunrability > > > > > > > > http://www.ISAserver.org > > > > I have been thinking similar to "Thor" in that, "... have you > > > > found the > > > > application/x-msmetafile mime block is all you have to do?" > > > > As .wmf file type is listed as > > > > http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/mim > > > > etypes.msp > > > > x > > > > > > > > However Jim Harrison, mentions, "...use pattern matching in > > > > the response > > > > stream. Request and response headers are ok unless the > > "bad place" > > > > decides to spoof them." > > > > > > > > So application/x-msmetafile mime block does not completely > > > > block the wmf > > > > type of files? Is what Jim is saying is that the "bad > > > place" may spoof > > > > the headers, and Windows will continue to open the file with the > > > > vulnerable application/dll? > > > > > > > > But doesn't ISA Application Filter and therefore able to block the > > > > specific mime type for *.wmf regardless of headers? Much > > > like how it > > > > blocks executables regardless of extension? > > > > > > > > Just attempting to add to the discussion, thanks! > > > > Edgardo > > > > > > > > (BTW: above quotes are taken from the "OT - texas hold em" thread) > > > > ------------------------------------------------------ List > > > Archives: > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server > > > > Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server > > > > FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > ------------------------------------------------------ Visit > > > > TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ You > > > > are currently > > > > subscribed to this ISAserver.org Discussion List as: > > > josephk@xxxxxxxxx > > > > To unsubscribe visit > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > ------------------------------------------------------ > > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org Discussion > > > > List as: tshinder@xxxxxxxxxxxxxxxxxx > > > > To unsubscribe visit > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org > > Discussion List as: > > > josephk@xxxxxxxxx > > > To unsubscribe visit > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org Discussion > > > List as: tshinder@xxxxxxxxxxxxxxxxxx > > > To unsubscribe visit > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion List as: > > josephk@xxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion > > List as: tshinder@xxxxxxxxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > josephk@xxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > johnlist@xxxxxxxxxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx