> -----Original Message----- > From: Thor (Hammer of God) [mailto:[EMAIL PROTECTED] > Sent: Thursday, January 05, 2006 5:00 PM > To: Erin Carroll; [email protected] > Cc: Larry Seltzer; [email protected] > Subject: Re: New article on SecurityFocus > > > A few hundred million Windows XP machines lay vulnerable on > the Web today, > > a > > week after a zero-day exploit was discovered. Meanwhile, > new approaches > > and > > ideas from the academic world - that focus exclusively on > children - may > > give us hope for the future after all. > > > > http://www.securityfocus.com/columnists/377 > > Sorry, but it's not going to happen. Yes, it is a serious > vulnerability, > but there will be no Armageddon here. Comparing this to the RPC > vulnerability (which had worm potential) is specious. > > Overall, I think community's coverage of wmf has been > delivered with an > ounce of perception, and a pound of obscurity. It's almost > as if people > *want* it to be worse than it is. I'm not surprised, of course. But > regardless, my call is that we'll see a little activity here > and there, the > patch will come out, most will install it (or have it installed > automatically) and the whole issue will fade away. But that's all. > > We'll know for sure shortly, either way. > > t > > ----- > "I may disapprove of what you say, > but I will defend to the death your > right to say it."
There are reports of over a million machines infected (I would imagine mostly workstations), although I'm not going to stand behind them since I could easily put up my own site with some counter on it. I think the "big news" here is not going to be about the real impact, but the possible impact. Microsoft may play it down, and security lists may play it up, but the middle ground is still hugely serious. The only good news is that this exploit is not self-propagating - it requires minimal user interaction. The potential for damage though, is enormous. Imagine Doubleclick getting hacked, and having some of their ads replaced with WMFs. I'm sure someone's already tried. I've already installed the patch on one of my servers and I'm about to hit the reset button on my own workstation. Hopefully the early release wasn't rushed. =) Derick Anderson --------------------------------------------------------------------------- ---------------------------------------------------------------------------
