Fabrice Roux *.*

Link: http://azureus.sourceforge.net/

Azureus implements the BitTorrent protocol using java language.

Azureus safety status:

Download mirror: MajorGeeks

Link: http://filezilla.sourceforge.net/

FileZilla is a fast and reliable FTP client and server with lots of useful features and an intuitive interface.

FileZilla safety status:

Download mirror: MajorGeeks

Link: http://earth.google.com/earth4-beta4.html

The idea is simple. It?s a globe that sits inside your PC. You point and zoom to anyplace on the planet that you want to explore. Satellite images and local facts zoom into view. Tap into Google search to show local points of interest and facts. Zoom to a specific address to check out an apartment or hotel. View driving directions and even fly along your route.

Remark: starting 4.1+ it uses a MSI installer. Currently this installer is as dumb as it gets, it blindly install Google Earth on the C: drive.

Secunia security status.

Download mirror: MajorGeeks

Link: http://www.hamachi.cc/

Hamachi is a zero-configuration virtual private networking (VPN) application.

In other words Hamachi is a program that allows you to arrange multiple computers into their own secure network just as if they were connected by a physical network cable.

Hamachi is fast, secure and simple. Its core version is also free.

Full change list / Secunia statistics.

Download mirror: MajorGeeks

After the JPG, WMF, ANI and much more image file format exploits... the BMP file format comes back to bite you in the rear. Secunia published 2 advisories about a denial of service weakness in the major image readers under Windows XP SP2. The weakest links are ACDSee, IrfanView and FastStone Image Viewer.

No word about remote code execution yet... let's all cross our fingers. :whistle:

Useful links:

• Original advisory by Ivan Fratic. (my B2E antispam prevents me to link to the page either directly or thru tinyurl )
• BMP thread on GRC Newsgroup.
• Example BMP files from Ivan Fratic posted code. (7Zip compressed)

Threat and payload:
The threat comes in the shape of a malformed animated icon. It usually wears the .ani extension but the extension can be changed to anything ie: jpg, bmp,... Currently the file is mainly delivered just by browsing an infected website. Infected HTML emails can also be used... but you can also imagine distribution thru peer to peer networks. A popular torrent/emule stream can deliver a small malformed animated icon.

The payload can be anything the hacker wants. It executes code at the same level as the user. It can go from a simple system crash to turning the host PC into a SPAM/Malware delivering zombie. Nasty nasty nasty bug...

Interim third party patch:
Microsoft is supposed to push a patch for its recent OSes on tuesday april 3rd. (probably available for the european users early wednesday morning) Both eEye Digital and ZERT offer a temporary patch. The eEye patch seems to be the most convenient since it will uninstall itself as soon as Microsoft pushes an official patch.

Final Microsoft patch:
Microsoft released it's patch on april 3rd 2007. It will be pushed thru Windows Update to compliant systems. Since the exploit is highly critical, it's advised to force a manual install. Microsoft Security Bulletin MS07-017.

Remark: this patch has a side effect "When you start a computer that is running Microsoft Windows XP with Service Pack 2, the Realtek HD Audio Control Panel may not start." (read more on KB935448)

Targeted apps:
All the Internet Explorer/Windows Explorer based apps. The major ones are:

• Windows Explorer
• Internet Explorer
• Outlook which uses IE for email rendering
• Outlook Express which uses IE for email rendering
• Windows Mail which uses IE for email rendering

Targeted OS (NT based thru user32.dll / w9x based thru user.exe):

• Windows 95 *
• Windows 98/98SE *
• Windows Me *
• Windows NT
• Windows 2000
• Windows XP
• Windows Server 2003
• Windows Vista

(*) While the w9x based OSes are not listed in the latest Microsoft advisory, they are likely to be vulnerable. They were vulnerable to the original advisory back in january 2005.

Proof of concept video: A malformed icon is saved on the Vista desktop. The explorer.exe crashes then restarts then crashes again and again...

Important links:

• Microsoft advisory.
• eEye Digital advisory. Contains a temporary patch. The patch prevent from using animated icons outside Windows directory.
• ZERT advisory. Contains a temporary patch and a test/proof of concept for NT based OSes.
• Secunia advisory.
• Determinia advisory.
• Websence tracking the compromised websites.

Interesting links:

• Microsoft advisory about the first icon exploit in january 2005. Security bulletin MS05-002.
• Security Now special edition podcast.
• eEye Digital Security 0 day tracker.
• milw0rm proof of concept.
• Microsoft behind the scene of MS07-0017 patch creation.

A nice april's fool from ThinkGeek:

Product Features:

• Helmet based Wii Controller housing allows effortless handsfree game play
• Perfect for Wii sports and works with all your favorite Wii games
• Frees your hands for other important tasks like eating, scratching, beer drinking, petting your dog or cat, nose picking and unwrapping birthday gifts
• 4 frontal LEDs illuminate your surroundings while gaming in the basement at 3 am
• Included Foot Pedals have all Wiimote Buttons, mapped to strategic toe areas
• No danger of throwing Wiimote into TV with the WiiHelm's Saf-T-Lok technology
• Includes: WiiHelm, Foot pedals, Cables, and Instruction Manual
• Manufacturer Limited Warranty: 1 year

Link: http://www.winmerge.org/

WinMerge is an Open Source visual text file differencing and merging tool for Win32 platforms. It is highly useful for determing what has changed between project versions, and then merging changes between versions.

Download mirror: MajorGeeks