Posted on 12/30/2005 7:21:55 AM PST by zeugma
I don't think we can post articles from this slimy source, but it's a severe enough alert to make it important to be widely known.
Select the source above for some details.
(Excerpt) Read more at washingtonpost.com ...
> Best fix at the moment is Firefox and Thunderbird.
Agreed, and largely because Tbird has images disabled by
default in the preview pane, unlike Outlook, which by
default exposes you to the full power of the dark side.
Given that this was a WaPo article, I'm astonished that
it didn't have their trademarked tag line:
"... women and children hardest hit."
Outlook 2003 does not display images in the preview pane unless the recipient requests they be downloaded.
Outlook 2003 has the same functionality.
And what exactly is that supposed to mean? Are you impuning El Rushbo's sexual orientation?
Mac or Linux is fine by me: the FreeBDS kernel (underlies OS X) and Minux (a crippled version of Unix for Intel chips created as a basis for student exercises, and fleshed out by Linus Torvalds to create Linux) were both produced by category theorists, so I've got a guild-loyalty to both.
It is hard to say
who gets blamed for more bad things,
George Bush or Bill Gates.
If we add WalMart,
we'd have the three-sectioned root
of all the world's BAD . . .
1. Minux is pretty good now, highly robust with a small footprint. 2. Linus didn't flesh it out to make Linux. Minux was his platform used to create Linux, and Linux used some ideas from Minix.
People actually use Windows Server 2003 as a desktop O/S? (I would think that's not very cost-effective.)
Windows admins surf the web and do e-mail on a server box? (All of my servers stay in runlevel 3 precisely to prevent that.)
Hmmmm.
The Liberal's version of the "Axis of Evil"? i think you may be on to something there.
Three letters MAC.
Question: Is this the same WMF vulnerability that was called a trojan on a thread yesterday, or is this something in addition? Symantec dealt with the trojan on the 28th. Will that take care of this?
Trouble is, 'tis not only liberals who dislike mr. gates.
"What troubled me was the part about simply visiting a site could infect your computer."
Happened to me once visiting of all things, a site about Japanese kitchen knives! Luckily my McAfee caught it and I cleansed it.
This is news?
Once you go Mac, you never go back...
I agree with all of that. Hell, I still tend to think of it as gdi.exe, which is about the last time I cared what Windows internals really looked like. But this "bug" is even better than that - it's not in the image format parser, it's in the freakin' WMF API!!! Believe it or not, WMF files are allowed to have callback functions (user or kernel mode unknown by me) in them - in other words a (picture) data file can contain executable code to "help" Windows display it!! It gets better: change the file extension to "jgp" or "gif" or another image type, hell, probably any file type that has a custom icon/is previewable, and Windows will look at the file and go "oh - that's really a WMF file - I know what to do..." (I'm dyin' here). Even Windows Explorer (with thumbnails enabled) will execute the code if you look at a directory that contains one of these files.
If there ever was a smoking-gun lead-pipe indictment of Microsoft's sloppy love of whizzo features, security, stability, maintainability, administerability be damned; this has GOT to be it. If the filetype API is that flawed, we need to just get rid of .WMF files, period.
Yeah, I know take /. posts with a grain of salt, but, if true, it will be interesting to see what will be done about it. --
Ick.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.