17th April 2004, 08:19 pm
http://isc.sans.org/diary.php?date=2004-04-15
Dave Aitel of Immunity Security has stated publicly that they have released working exploits of two vulnerabilities patched by MS04-011 to their CANVAS customers:
http://lists.immunitysec.com/pipermail/dailydave/2004-April/000500.html
The LSASS.EXE vulnerability can be exploited to run arbitrary code with system privileges on vulnerable servers. eEye Digital Security has more details and also confirms the ability to run arbitrary code with system privileges using this vulnerability:
http://www.eeye.com/html/Research/Advisories/AD20040413C.html
Immunity’s claim that they have a working ASN.1 exploit has not been directly confirmed, but we have several anonymous confirmations that working exploits exist.
IT IS IMPERATIVE THAT THE PATCHES PROVIDED BY MICROSOFT IN ITS APRIL SECURITY RELEASE BE APPLIED TO SYSTEMS AS SOON AS POSSIBLE. It is our belief that the likelihood of a worm being released SOON that exploits one of the vulnerabilities addressed by these patches is VERY HIGH.
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx is the MS bulletin.
You’ve been warned. Get your stuff patched ASAP.
14th April 2004, 05:29 pm
http://slashdot.org/article.pl?sid=04/04/14/1415217
Lathiat writes “It seems that spammers have taken a new distributed approach to sending spam, and you get paid for it. Virtual MDA will pay you $1 per CPU hour their program is running to relay spam around the world. Obviously this is not something you should do, most users are all to familiar with the atrocity of sorting through up to hundreds of spams a day just to find one real email, Although it has been previously reported that some users love spam, I for one don’t. Is there any way end users can fight back against people like this?” At $1/hour, this sounds like a low-gain way to infuriate both your friends and perfect strangers.
As many comments there suggest, doing this on your PC is most likely prohibited by your ISP’s TOS and the act of spamming is possibly illegal too. It will definitely get your PC put on spammer blacklists. The cash is pretty tempting, but you should only do it if you don’t mind having all your legitimate email blocked, losing your internet service, and/or being convicted of a crime. They also have this neat little clause in the contract where if they happen to lose your account info, it gets reset to $0.00. Wouldn’t it be funny if every time just before you got to the $50 cash out, their DB screwed up and your account got reset? Also note that it’s per CPU hour, not actual hour. Most of the email sending is going to be network traffic, not actual processing. It will take a long time to generate one hour worth of CPU usage by this program.
Then again, a bunch of people have already found ways to turn this against them. Use a firewall to block the outgoing spam, so you still get paid (in theory) but no spam is actually sent anywhere. Sign up for this and just collect the spam they try to send to add to spam filters.
http://www.virtualmda.com is the site. You’ll have to cut and paste the URL if you want to go there. I realize that even bad publicity is still publicity, but I think that most people reading this should now understand this situation. If you know what you’re doing, you can use this for good. If you don’t know what you’re doing, participating in this program (even exactly as intended) is very likely to get you in trouble in one form or another. Also, the site is currently slashdotted. =)
1st April 2004, 01:38 am
It happened again. I’m mentioned by someone more-famouser-than-me. This time it’s at WindowsDevCenter. It’s an article about filtering out web ads, and I’m mentioned on the second page for contributing a .reg file that added an option to IE to change one of the required settings for a PAC filter to work. Proxy Auto Configuration allows for dynamic proxy usage (i.e. use Proxy A for these URLs, but use Proxy B for those URLs), but IE doesn’t check the PAC file every time by default - it checks each server once, then always uses that result for anything else from that server. Obviously, that’s bad if you’re trying to keep good content from a server, but block ads and other junk on the same server. Also, the .reg file has been updated to a .inf file. Same thing, different format. It’s been a while since I even looked at these (since I only use IE when I’m forced to), but I believe the .inf adds an icon to the menu item also. Because MS changes the location of icons around inside files between different versions (i.e. #123 might be a globe in this version of the file, but #123 in the next version is a computer), it might not look right. I think I ended up with one that didn’t look too out of place for the menu option, but seemed to be consistent across a few versions. I make no guarantees though.