Free Republic

MADISON — At all hours, strangers phone Anne Nicol Gaylor's Madison home, always desperate.The caller one recent morning was a middle-aged woman with a 14-year-old pregnant daughter."What clinic will she be using?" asked Gaylor, 83, jotting down the response and the cost of a second-trimester abortion ($875)."If we helped with $300, do you think you could find the rest?" Gaylor asked.After the call, Gaylor opened a checkbook for the Women's Medical Fund, a Madison nonprofit that has helped pay for abortions for 34 years. Gaylor has written every check for every abortion.This was No. 18,986.Controversial figureGaylor is well-known for...

(This is a follow up to an earlier thread http://www.freerepublic.com/focus/f-chat/3374828/posts) WMF 5.0 has 'bug which resets the PowerShell module environment during installation' The revolution has been postponed: the long-awaited update to PowerShell that yesterday we reported as having launched, has now been pulled by Microsoft. Redmond says its reversal is due to “a bug which resets the PowerShell module environment during installation” that “can have a serious impact on our customers” because it “resets the PSModulePath environment variable to default values, losing any changes made prior to the WMF 5.0 RTM installation.” Windows Management Framework (WMF) 5.0 has therefore been...

[Edit 12/18/2015 - Added additional detail describing support for Windows 7 and Windows 8] Continuing with the ongoing tradition of holiday gifts to the PowerShell community, we are excited to announce the release of Windows Management Framework 5.0 RTM. WMF 5.0 RTM brings new management technologies such as Just Enough Admin (JEA), PowerShell Classes, PackageManagement, PowerShellGet, etc. and improvement to existing technologies such as Desired State Configuration (DSC), PowerShell Script Debugging, Software Inventory Logging (SIL) etc. to downlevel systems. WMF 5.0 RTM replaces WMF 5.0 Production Preview, and is the fully-supported version many of you have been waiting for. You...

He cited an online post he had seen from a 17-year-old gay Catholic. "The church has a lot to say about what I'm not supposed to do," the youth wrote. "But ... I couldn't find any church document (about) what a gay person is supposed to do with his life. I feel abandoned by the church." He said the church teaches much about the beauty of marriage, but then tells its gay members they "can't have this wonderful thing."

Only an hour ago we had been lamenting yet another incredibly bad road. Here in the Ugandan outback, it is as pointless to complain about the roads as it is to complain about politicians in America, but railing against the unchangeable can lighten the mood. But on the way out of a small village in the Bukedea region of Uganda, we didn’t feel the bumps. That was when our team’s defenses failed, and when the gravity of the assault on women—perpetrated by the champions of “women’s health” and “empowerment”—really hit home. It may have been just me, but my guess...

This is a transcript from a show Steve Gibson did with Leo LaPorte. The link to the audio is at the above link. Also, I will excerpt a little of the relevant information here.Steve: And so, you know, because I'm a developer when I'm not being a hacker, I wanted to understand - oh, and the other thing is, I want to write a robust testing application, you know, that always works all the time. So I wanted to know, like, okay, what bytes have to be set which way, what matters, what doesn't. Because, you know, that's the way...

Leo [Laporte] and I [Steve Gibson] carefully examine the operation of the recently patched Windows MetaFile vulnerability. I describe exactly how it works in an effort to explain why it doesn't have the feeling of another Microsoft "coding error". It has the feeling of something that Microsoft deliberately designed into Windows. Given the nature of what it is, this would make it a remote code execution "backdoor". We will likely never know if this was the case, but the forensic evidence appears to be quite compelling.

Security researchers have released instructions for exploiting a previously unknown security hole in Windows XP and Windows 2003 Web Server with all of the latest patches applied.

* New exploit released for the WMF vulnerability - YELLOW (NEW) Published: 2006-01-01, Last Updated: 2006-01-01 00:06:40 UTC by Tom Liston (Version: 6(click to highlight changes)) New exploit On New Year's eve the defenders got a 'nice' present from the full disclosure community. The source code claims to be made by the folks at metasploit and xfocus, together with an anonymous source. The exploit generates files: * with a random size; * no .wmf extension, (.jpg), but could be any other image extension actually; * a random piece of junk in front of the bad call; carefully crafted to be...

Excerpt - NEW YORK -(Dow Jones)- Microsoft Corp. (MSFT) plans to release a patch for a new security flaw at its next scheduled update release on Jan. 10, leaving users largely unprotected until then from a rapidly spreading computer virus strain. "Microsoft's delay is inexcusable," said Alan Paller, director of research at computer security group SANS Institute. "There's no excuse other than incompetence and negligence." "It's a problem that there's no known solution from Microsoft," said Alfred Huger, senior director of engineering at Symantec Corp.'s (SYMC) security response team. SANS Institute, via its Internet Storm Center, has taken the unusual...

Seeking to put some of the confusion about the recent Windows Metafile vulnerability to rest, I interviewed one of the most reliable sources of information on the bug: Ilfak Guilfanov. In addition to discussing the temporary patch he authored, Ilfak offers valuable guidance and accurate information on a more general level for those dealing with this vulnerability.Tell us a little about yourself so that the audience knows who you are.I’m the author of the IDA Pro tool, which is used by security specialists to analyze software binaries. IDA Pro is the biggest program I wrote, but there are also other...

update Microsoft plans to release a fix for a serious security vulnerability in Windows on Thursday, several days before the patch's scheduled delivery. The company is breaking with its monthly patch cycle because it completed testing of the security update earlier than it anticipated, it said in a note on its Web site. "In addition, Microsoft is releasing the update early in response to strong customer sentiment that the release should be made available as soon as possible," the company said.The security update, originally scheduled for Tuesday, fixes a vulnerability in the way Windows renders Windows Meta File images. The...

See all Newsmakers Ilfak Guilfanov is far from a household name. But that may soon change as the Russian software developer's unauthorized Microsoft security patch is increasingly installed onto computers worldwide. In a rare move, security experts at the SANS Institute's Internet Storm Center and at F-Secure are advising people to download Guilfanov's patch, which aims to fix a flaw in the Windows Meta File. This vulnerability has spawned a torrent of exploits that seek to take advantage of the wait while Microsoft works on its own patch. The software company has said it will release a WMF patch on...

Microsoft has posted a security fix for the windows metafile bug, and it is available at the Windows Update site. I can't speak for earlier operating systems, but I have downloaded and installed it for Windows XP and Windows 2000. Because of the urgency, Microsoft released the fix early. Other updates will be available as usual next Tuesday at the Update site.

Users of the Windows OS should install an unofficial security patch now, without waiting for Microsoft to make its move, advise security researchers at The SANS Institute's Internet Storm Center (ISC). Their recommendation follows a new wave of attacks on a flaw in the way versions of Windows from 98 through XP handle malicious files in the WMF (Windows Metafile) format. One such attack arrives in an email message entitled "happy new year," bearing a malicious file attachment called "HappyNewYear.jpg" that is really a disguised WMF file, security research companies including iDefense and F-Secure say. Even though the file is...

A serious flaw in Windows is generating a rising number of cyberattacks, but Microsoft says it won't deliver a fix until next week. That could be too late, security experts said. The vulnerability, which lies in the way the operating system renders Windows Meta File images, could infect a PC if the victim simply visits a Web site that contains a malicious image file. Consumers and businesses face a serious risk until it's fixed, experts said. "This vulnerability is rising in popularity among hackers, and it is simple to exploit," said Sam Curry, a vice president at security vendor Computer...

Computer security experts were grappling with the threat of a newweakness in Microsoft’s Windows operating system that could put hundreds of millions of PCs at risk of infection by spyware or viruses. The news marks the latest security setback for Microsoft, the world’s biggest software company, whose Windows operating system is a favourite target for hackers. “The potential [security threat] is huge,” said Mikko Hyppönen, chief research officer at F-Secure, an antivirus company. “It’s probably bigger than for any other vulnerability we’ve seen. Any version of Windows is vulnerable right now.” The flaw, which allows hackers to infect computers using...

This alert is a follow-up to a post made yesterday on our blog: http://www.websensesecuritylabs.com/blog/ Websense® Security Labs™ has discovered numerous websites exploiting an unpatched Windows vulnerability in the handling of .WMF image files. The websites which have been uncovered at this point are using the exploit to distribute Spyware applications and other Potentially Unwanted Soware. The user's desktop background is replaced with a message warning of a spyware infection and a "spyware cleaning" application is launched. This application prompts the user to enter credit card information in order to remove the detected spyware. The background image used and the "spyware...

Looking forward to the week ahead, I find myself in the very peculiar position of having to say something that I don't believe has ever been said here in the Handler's diary before: "Please, trust us." I've written more than a few diaries, and I've often been silly or said funny things, but now, I'm being as straightforward and honest as I can possibly be: the Microsoft WMF vulnerability is bad. It is very, very bad.

I don't think we can post articles from this slimy source, but it's a severe enough alert to make it important to be widely known. Select the source above for some details.