-----Original Message-----
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
[snip]
What we need here is education of why we shouldn't be blindly
clicking
like we are. When you buy a new computer...where is the security
education from the Best Buy or Dell?
If users could be educated it would have already been done by now. I
can't take credit for that opinion as Marcus Ranum
(http://www.ranum.com/security/computer_security/editorials/dumb/) said
it first.
I think it's funny that you bring up Dell and Best Buy when Microsoft is
the one with an EXECUTABLE image format. There have been quite a few
image vulnerabilities in the last year or so but I don't remember any of
them resulting from the built-in ability to execute code.
But to say this is "It's probably bigger than for any other
vulnerability we've seen"
http://money.cnn.com/2006/01/03/technology/windows_virusthreat
/index.htm?cnn=yes
Gimme a break... it didn't stop the Internet [SQL Slammer], it didn't
shut down entire businesses [Blaster], but it did freak out
the Security
community.
From what I can tell, Slammer wasn't a 0-day and neither was Blaster (at
least the first set of worms). If memory serves, Slammer was the result
of admins not applying a patch from Microsoft available months before
the worm was released. Since then Microsoft patching has vastly improved
and admin paranoia has gotten worse.
The scariest thing about WMF is that it targets user interaction using
what used to be the most innocuous file format besides plain text. Users
are the hardest part of the network to secure - and with WMF it just
takes one click.
Derick Anderson
---------------------------------------------------------------------------
---------------------------------------------------------------------------
