RE: WMF Vunrability

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 5 Jan 2006 09:32:56 -0600

Dude,

I completely understand. I've been in the same test bed. I think the
problem isn't so much a software one, but a hardware one. The software
always seems to be good and worked the way it should, but you know that
you have no security when the hardware isn't secured. In my testing, I
found that even when everything worked fine in the alpha, beta and soon
after RTM, control over access to the hardware was lessened. 

It was at that point that the Event Viewer showed a number of access
violations. What was interesting is that the hardware tried to clear the
log itself after each access violation, which made it hard to
troubleshoot the problem. I have on a couple of occasions needed to pay
someone to take the system off my hands. 

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**

 

> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] 
> Sent: Thursday, January 05, 2006 12:52 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: WMF Vunrability
> 
> http://www.ISAserver.org
> 
> I also tried Ver 1.0.  But I was a new user at the time and 
> had no idea of 
> how much back-end maintenance was required to keep the UI 
> responsive.  The 
> plug-and-play configuration began to consume more resources 
> than I had 
> available, and I was forced to uninstall.
> 
> Thinking myself a wise user, I opted to beta-test vendor 
> products hoping to 
> find the feature set that met my requirements.  I was even 
> open to extending 
> my topology a bit to better accommodate upgrade system 
> requirements- as 
> long, of course, everything still operated on my chosen 
> platform.  It was 
> then that Ver 2.0 went RFM, and everything seemed the hum 
> along just great. 
> In fact, I thought it was the killer app.  I was so confident 
> with the 
> install that I even spawned dependent child processes off of 
> the original 
> product.   But after a time, the product started to behave 
> erratically for 
> no apparent reason.  There was no configuration change, but General 
> Protection Faults began to interrupt operations.  Consulting 
> the event logs, 
> I then found out that there was a licensing issue.  Though my 
> contract was 
> for the single-user version of the product, the logs clearly 
> indicated 
> access by multiple users.  My hardware was not compatible with that 
> configuration, so again, I was forced to uninstall.  
> Fortunately, I did it 
> in a way as to not to damage my legacy applications.  Those are still 
> working great.
> 
> It took all of that for me to realize that one should not look to 
> third-party applications to solve one's own production 
> issues.  Those are 
> best addressed by in-house development.  Any future 
> interaction with be 
> strictly Open Source.  :)
> 
> t
> 
> -----
> "I may disapprove of what you say,
> but I will defend to the death your
> right to say it."
> 
> 
> ----- Original Message ----- 
> From: "Andy Haigh" <ahaigh@xxxxxxxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Wednesday, January 04, 2006 9:56 PM
> Subject: [isalist] RE: WMF Vunrability
> 
> 
> http://www.ISAserver.org
> 
> We have been running anti-wife software since v1.0
> 
> So far has worked very well, though there were a couple of 
> close shaves.
> 
> Know of others who were not so lucky and got caught out. They didn't
> notice anything initially, but all of a sudden they realised they
> behaviour and dress was being changed by this malware. They 
> lost control
> of what they spent their income on, who they went out with and where
> they went.
> 
> They were suddenly spurred into action and the removal of this malware
> became the prime goal. What they thought would be a simple removal
> turned into a painfull and costly process which took a lot of time and
> recources.
> 
> Finally they are rid of it though!!!!
> 
> I have been told that there are versions of the wife malware that
> doesn't effect your user experience and I have even heard 
> tales of this
> malware actually enhancing it.
> 
> You have been warned!!
> 
> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> Sent: Thursday, 5 January 2006 3:33 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: WMF Vunrability
> 
> http://www.ISAserver.org
> 
> Regarding the wmf vulnerability, the Microsoft Outlook spell-checker
> wants to change it to "wife."  Now THAT'S some intuitive damn code!!!
> 
> t
> 
> -----
> "I may disapprove of what you say,
> but I will defend to the death your
> right to say it."
> 
> 
> ----- Original Message -----
> From: "Greg Mulholland" <greg@xxxxxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Wednesday, January 04, 2006 8:20 PM
> Subject: [isalist] RE: WMF Vunrability
> 
> 
> http://www.ISAserver.org
> 
> You've earned you stripes today Harrison :)  nice work
> 
> Greg Mulholland
> 
> ________________________________
> 
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> Sent: Thu 5/01/2006 12:57 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: WMF Vunrability
> 
> 
> 
> http://www.ISAserver.org
> 
> Updated:
> 
> HTTP filter settings (you all know how to get there).
> 
> 1. Extensions:
> <choice>
>    Set "block specified"
>    Add .emf
>    Description="application/x-msmetafile"
>    Add .wmf
>    Description="application/x-msmetafile"
> </choice>
> <choice>
>    Set "allow specified"
>    Remove .emf
>    Remove .wmf
> </choice>
> <notachoice>
>    Set "allow all"
> </notachoice>
> 
> 
> 
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> thor@xxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> ahaigh@xxxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: 
> thor@xxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 

Other related posts:

• » WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability
• » RE: WMF Vunrability

1. Home
2. isalist
3. Archive
4. 01-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---