Zero-day exploits

| 8 Comments

Over the past years we've heard tons of stories, seen about a zillion patches and updates for all kinds of programs and there have always been exploits around. However, there usually was quite some time in between the date the problem became known and they date exploits (other than POC) were found and used.

In the last year we've seen this timeframe diminish to sometimes as little as a couple of days, and more and more "zero-day" exploits are being reported. If you ask me, it's due to the fact that in order to keep their lucrative business running, malware authors need to exploit everything they can. While each day new and unprotected computers become available for infection and abuse, an ever growing number gets fixed, secured and patched as well. This leaves the abusers a smaller number of "easy targets" and in order to compete and deliver what they are paid for, they revert to more aggressive tactics.

Now... how does that affect you? It's very simple : if you're not part of the solution, you're part of the problem. This means that it's gonna be a neccesity - it even is one today - to be aware of exploits, patches and available updates, even if you're just a user, Joe Average.

How? By signing up (for free) for some low volume security related newsletters, by browsing specialized sites and becoming aware of the fact that security is no longer a matter for specialists alone. You can find some links below, those are a good start I'd say.

Oh, if you wonder why I post this right now, here's the answer : 0-day exploit for winamp.

Note : While windows XP SP2 hasn't been giving me any trouble so far, tuning the new firewall I installed (not the one included in SP2) seems to be a pain in the ass. Well, better a pain in the ass than a firewall with holes in it by default. I'm punching holes right now, to get everything allowed that needs access.

Update 2004-08-27 : according to discussions in the winamp forums, there should be a release of winamp 5.05 (or 5.04x depending on whether or not other functionality/fixes are included or not) should be released soon. Another noteworthy point is that not only IE might be a mitigating factor for infection, nor is it necessary to have winamp running to possibly be infected.

8 Comments

I totally forgot to punch holes in mine last night and now I can't VNC into it from work *sulk* ... well, I guess I'll sort it out tonight!

Well, it would be pretty worthless if you could VNC right into it, wouldn't it? At least you'll know what to do later tonight... too bad it leaves your machine inaccessible for the moment :(

I always forget, everytime I change router, or IP, or any little thing like that :)

er... I've read the winamp article... but er... are they saying that while you use winamp anyone can access your pc? or can they do it also when the application is installed but not running?

and I also don't like their solution lol

As far as I was able to understand, it would take the following in order to be vulnerable :

- winamp version 3.x or 5.x (does this mean 2.x is ok? I doubt that)
- a site or serverpage that contains winamp skins that exploit the bug in winamp (I suppose you have to download the new skin, unless...)
- There is a bug in IE which is exploited as well to push the new skin onto your system.

As far as I know, this means that unless you end up at an infected server/page, download winamp skins, or use IE to do the above, one could be home safe. I do expect a patch from Nullsoft within days though.

What freeware alternatives are there to Winamp? I've yet to find anything good.

Smeg, so far I ain't found any good replacement either. I've googled for some tips, but nothing really stood out :(

I grabbed a copy of "Cool player" last night, and so far, I like it. Very basic player, no plugins (hell, no install, just an EXE and INI file to store your settings!) handles mp3, m3u's etc ... not too bad.

Monthly Archives

Pages

OpenID accepted here Learn more about OpenID
Powered by Movable Type 5.04

About this Entry

This page contains a single entry by ServMe published on August 26, 2004 1:42 PM.

Off the deep end was the previous entry in this blog.

Tired. is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.