Author Topic: Info on Windows' WMF Vulnerability  (Read 20821 times)

0 Members and 2 Guests are viewing this topic.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Info on Windows' WMF Vulnerability
« on: January 03, 2006, 10:13:45 pm »
I don't know how much of you know about the WMF vulnerability, but it's a file format vulnerability that allows very easy execution of arbitrary code when Windows renders it.  The vulnerbility was found and exploited over a week ago, and MS refuses to release a patch until their next patch cycle (which is probably today). 

So for over a week, all Windows users who are using the Internet were totally sitting ducks.  Metasploit has put out a module for it, there was at least an MSN worm spreading with it, and it had the potential to be one of the nastiest Email worms ever.  The only defense from Microsoft was by telling people to disable image viewers; the only good solution was a third party patch made by a man named Ilfak Guilfanov. 

In my opinion, this is one of Microsoft's bigger mistakes so far, waiting until the patch cycle to patch a vulnerability that's being actively exploited.  But that's just me :)


Quote
Quite a bit of confusing and a vast amount of information coming from all directions about the WMF 0day. Here are some URL's and generic facts to set us straight.

The "patch" by Ilfak Guilfanov works, but by disabling a DLL in Windows. So far no problems have been observed by anyone using this patch. You should naturally check it out for yourselves but I and many others recommend it until Microsoft bothers to show up with their own patch.

Ilfak is trusted and is in no way a Bad Guy.

You can find more information about it at his blog:
http://www.hexblog.com/2005/12/wmf_vuln.html

If you are still not sure about the patch by Ilfak, check out the discussion of it going on in the funsec list about the patch, with Ilfak participating:
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Occasional information of new WMF problems keep coming in over there.

In this URL you can find the best summary I have seen of the WMF issue:
http://isc.sans.org/diary.php?storyid=994
by the "SANS ISC diary" team.

In this URL you can find the best write-up I have seen on the WMF issue:
http://blogs.securiteam.com/index.php/archives/167
By Matthew Murphy at the "Securiteam Blogs".

Also, it should be noted at this time that since the first public discovery of this "problem", a new one has been coming in - every day. All the ones seen so far are variants of the original and in all ways the SAME problem. So, it would be best to acknowledge them as the same... or we will keep having a NEW 0day which really isn't for about 2 months when all these few dozen variations are exhausted.

A small BUT IMPORTANT correction for future generations:
The 0day was originally found and reported by Hubbard Dan from Websense on a closed vetted security mailing list, and later on at the Websense public page. All those who took credit for it took it wrongly.

Thanks, and a better new year to us all,

    Gadi.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: Info on Windows' WMF Vulnerability
« Reply #1 on: January 03, 2006, 10:29:19 pm »
There should be a variant that erases all important system DLLs! :)
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline Ergot

  • 吴立峰 ^_^ !
  • x86
  • Hero Member
  • *****
  • Posts: 3724
  • I steal bandwidth. p_o
    • View Profile
Re: Info on Windows' WMF Vulnerability
« Reply #2 on: January 03, 2006, 10:41:25 pm »
mmm. I've read about and encountered it on Linux serveral times... I pointed, laughed, clicked cancel.
Who gives a damn? I fuck sheep all the time.
And yes, male both ends.  There are a couple lesbians that need a two-ended dildo...My router just refuses to wear a strap-on.
(05:55:03) JoE ThE oDD: omfg good job i got a boner thinkin bout them chinese bitches
(17:54:15) Sidoh: I love cosmetology

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Info on Windows' WMF Vulnerability
« Reply #3 on: January 03, 2006, 10:50:09 pm »
Wow, that's horrible!  Stupid Microsoft.

mmm. I've read about and encountered it on Linux serveral times... I pointed, laughed, clicked cancel.

Haha.  I'm going to buy a new hard drive to install Slackware on soon.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Info on Windows' WMF Vulnerability
« Reply #4 on: January 03, 2006, 10:55:25 pm »
Ah, update: Microsoft is planning on releasing the patch on January 10.  That's over 2 weeks with a vulnerability that's being actively exploited.. I'm still hoping for an email worm so I can laugh :)

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Info on Windows' WMF Vulnerability
« Reply #5 on: January 03, 2006, 11:03:01 pm »
Ah, update: Microsoft is planning on releasing the patch on January 10.  That's over 2 weeks with a vulnerability that's being actively exploited.. I'm still hoping for an email worm so I can laugh :)

ROFL.  That would be so great.

Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: Info on Windows' WMF Vulnerability
« Reply #6 on: January 03, 2006, 11:18:46 pm »
mmm. I've read about and encountered it on Linux serveral times... I pointed, laughed, clicked cancel.

You suck. I wish I had Linux right now.

* Newby cries.
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline Ergot

  • 吴立峰 ^_^ !
  • x86
  • Hero Member
  • *****
  • Posts: 3724
  • I steal bandwidth. p_o
    • View Profile
Re: Info on Windows' WMF Vulnerability
« Reply #7 on: January 03, 2006, 11:35:38 pm »
mmm. I've read about and encountered it on Linux serveral times... I pointed, laughed, clicked cancel.

You suck. I wish I had Linux right now.

* Newby cries.
putty FTW!
Who gives a damn? I fuck sheep all the time.
And yes, male both ends.  There are a couple lesbians that need a two-ended dildo...My router just refuses to wear a strap-on.
(05:55:03) JoE ThE oDD: omfg good job i got a boner thinkin bout them chinese bitches
(17:54:15) Sidoh: I love cosmetology

Offline Blaze

  • x86
  • Hero Member
  • *****
  • Posts: 7136
  • Canadian
    • View Profile
    • Maide
Re: Info on Windows' WMF Vulnerability
« Reply #8 on: January 04, 2006, 12:11:46 am »
If I didn't have putty at school... I don't know what I'd do. :)
And like a fool I believed myself, and thought I was somebody else...

Offline Chavo

  • x86
  • Hero Member
  • *****
  • Posts: 2219
  • no u
    • View Profile
    • Chavoland
Re: Info on Windows' WMF Vulnerability
« Reply #9 on: January 04, 2006, 09:38:39 am »
Meh, it isn't a problem for firefox users......

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Info on Windows' WMF Vulnerability
« Reply #10 on: January 04, 2006, 06:17:26 pm »
Meh, it isn't a problem for firefox users......

It is if you don't know what you're doing and click "yes" to the prompt.  This isn't exactly the sort of issue computer-illiterate (those who are conciously aware of the existance of these sorts of exploits) people are going to address as a potential problem.

Offline Ergot

  • 吴立峰 ^_^ !
  • x86
  • Hero Member
  • *****
  • Posts: 3724
  • I steal bandwidth. p_o
    • View Profile
Re: Info on Windows' WMF Vulnerability
« Reply #11 on: January 04, 2006, 06:38:05 pm »
Even a computer-literate will sometimes wmf for wma/wmv when it's very late at night. Or might just guess it's a new file format ;P
Who gives a damn? I fuck sheep all the time.
And yes, male both ends.  There are a couple lesbians that need a two-ended dildo...My router just refuses to wear a strap-on.
(05:55:03) JoE ThE oDD: omfg good job i got a boner thinkin bout them chinese bitches
(17:54:15) Sidoh: I love cosmetology

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Info on Windows' WMF Vulnerability
« Reply #12 on: January 04, 2006, 06:39:05 pm »
Even a computer-literate will sometimes wmf for wma/wmv when it's very late at night. Or might just guess it's a new file format ;P

Haha, yeah.  I really wouldn't think too much of it if I hadn't read this article (at least until my computer started dying).

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Info on Windows' WMF Vulnerability
« Reply #13 on: January 04, 2006, 08:40:28 pm »
An article called "0-day Holiday" was posted:

http://www.securityfocus.com/columnists/377

Quote
“ Hundreds of millions computers are vulnerable to the whims of just about any website owner, virus writer, or hacker with malicious intent. I can think of a thousand different ways to lure someone into full system compromise using this zero-day vulnerability - and I don’t think this is the vision Gates had ever dreamed of. ”

Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: Info on Windows' WMF Vulnerability
« Reply #14 on: January 05, 2006, 05:57:33 pm »
http://it.slashdot.org/it/06/01/05/2027259.shtml?tid=172&tid=128&tid=201&tid=218

Awesome. Ahead of schedule. It only ~100 or so variants of this vulnerability for them to go "oh, shit, maybe we are fuckbags."
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Info on Windows' WMF Vulnerability
« Reply #15 on: January 05, 2006, 06:28:38 pm »
http://it.slashdot.org/it/06/01/05/2027259.shtml?tid=172&tid=128&tid=201&tid=218

Awesome. Ahead of schedule. It only ~100 or so variants of this vulnerability for them to go "oh, shit, maybe we are fuckbags."

Yuck, what a bunch of dipshits.  At least they're patching it...

Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: Info on Windows' WMF Vulnerability
« Reply #16 on: January 05, 2006, 06:31:04 pm »
Oh, yeah, when this originally showed up on slashdot (the wmf vulnerability) I went to tell my dad and they already had a patch for employees out.

This is what I observed from the internal webpage for M$ slaves, seeing as how the word "test for public" and "download" were all over it.
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Info on Windows' WMF Vulnerability
« Reply #17 on: January 05, 2006, 06:35:56 pm »
There's an MS patch that got released publicly.

Quote
It was posted to DSL Reports earlier. We obtained a copy of it to see if it was actually malware - turned out to be from Microsoft "for real" and contained "WindowsXP-KB912919-x86-ENU.exe" within a ZIP file. We fed it to a few lab rats and it wanted to write to a strange new folder on a D: drive. So we ran it on a couple of lab rats that HAD a D: drive.

 Setup began, wham! BSOD that would have made NT 3.5 proud. "kernel-in-page" error and the world latched. Hard reboot and the "you've been naughty" check of the D: drive every time.   :)

 I can see why they were a bit miffed at it escaping Redmond. Heh.

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: Info on Windows' WMF Vulnerability
« Reply #18 on: January 05, 2006, 08:47:27 pm »
I still wanted to make a non-malicious PoC and post on a large image-sharing website such as deviantART.
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline mynameistmp

  • Full Member
  • ***
  • Posts: 111
  • Hi! I'm new here!
    • View Profile
Re: Info on Windows' WMF Vulnerability
« Reply #19 on: January 06, 2006, 02:40:00 am »
A guy from hexblog released an unofficial fix for this before MS did:

http://www.packetstormsecurity.org/Win/patches/WMFHotfix-1.4.msi

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Info on Windows' WMF Vulnerability
« Reply #20 on: January 06, 2006, 03:48:30 am »
A guy from hexblog released an unofficial fix for this before MS did:

http://www.packetstormsecurity.org/Win/patches/WMFHotfix-1.4.msi

Haha yeah, I think I mentioned Ilfak's patch somewhere.. that's awesome :)

But apparently, it interferes with some printer drivers, so it might not be as simple as originally though.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Info on Windows' WMF Vulnerability
« Reply #21 on: January 06, 2006, 12:24:46 pm »
Of course, Microsoft did the exact same thing as Ilfak, modified very slightly:
http://blogs.securiteam.com/index.php/archives/184

Good game! 

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: Info on Windows' WMF Vulnerability
« Reply #22 on: January 07, 2006, 09:05:17 am »
Quote
Ilfak patched only his own build of Windows XP. Later, Steve Gibson had to help him add support for Windows 2000 SP4 and various others helped with mechanisms for repackaging and deploying on managed corporate networks.

Microsoft dealt with 9 versions and service pack levels of Windows (including 64-bit editions) in U.S. English PLUS 23 localized versions. Since Microsoft’s patch was built into gdi32 rather than “hooked” via AppInit_DLLs, there was much more regression testing required (more to check for build errors than for code/logic errors).

The resulting builds must be signed and packaged with CAT files required by Windows File Protection. Those hotfix packages also contain versioning and dependency checks so that a future hotfix for gdi32 will not be overwritten if this hotfix is accidentally reinstalled. (This sounds simple when you’re only dealing with one DLL but when a hotfix includes multiple DLLs with dependencies, it used to be a real problem in the 2000-2001 timeframe before Microsoft established the current mechanism.)

Additionally, there is automatic “migration” capability so that you can install the hotfix on XP SP1 and then apply SP2 without redownloading and reapplying the hotfix. (If you look under the hidden folder %SystemRoot%\$hf_mig$, that’s what those files are for.)

Conclusion of testing and packaging still left hundreds of files to be mirrored AND verified. There are servers supporting microsoft.com/downloads (direct download), Windows Update/Microsoft Update (the site known to end-users), MBSA (detection tool requiring metadata updates) and Windows Server Update Services (corporate tool). If you snoop through the filenames and XML metadata files used internally, you’ll see that these are separate infrastructures which obviously involve substantial work to stage around the world. Given how heavy the load on hexblog.com was, it still only represented a tiny fraction of technically inclined Windows users. When Microsoft releases a critical fix, the server hits are measured in the hundreds of millions.

Lastly, certain documentation (much of it in multiple languages) must be ready to publish at the same time as the hotfix itself. This always includes Security Bulletins (in simplified and technical versions) and KB articles. In a high-profile situation like this, key partners and enterprise accounts don’t like their “Support Flash” communications to trail the hotfix availability by much.

So when Microsoft says “testing,” you need to realize that there is also substantial “build” and “release” work implied as part of the process. Although grandma probably understands “testing,” it’s unlikely that she cares to hear about anything from the realm of makefiles or XML manifests so you wouldn’t hear about build/release aspects in the soundbite quotes given by Microsoft to mainstream media for laypeople.

Seems they did a bit of more work (By a bit I mean a shitload)
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Info on Windows' WMF Vulnerability
« Reply #23 on: January 07, 2006, 12:54:03 pm »
But in the end, their patch looked almost the same. 

Most of the stuff in the article (like, 95% of it) should be automated.  I highly doubt they went to each of the localized versions and made the same code change, and I doubt they manually test everything.  They obviously don't package cab files or the migration files manually.  I don't really see what the big problem is, everything they're doing there ought to be automatic. 

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: Info on Windows' WMF Vulnerability
« Reply #24 on: January 08, 2006, 04:40:08 am »
They have to ENSURE to thier customers that the patch will work with no strings attached, say that guy's patch hadn't worked, it wouldn't be a big deal. Microsoft deals with hundreds of millions of customers and they have thier reputation to lose along with thier credibility of being able to fix bugs in thier OS. I'd opt for more bug testing and a later release as opposed to less bug fixing and a earlier rushed release.
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline Screenor

  • Hero Member
  • *****
  • Posts: 1611
  • My own little world.
    • View Profile
Re: Info on Windows' WMF Vulnerability
« Reply #25 on: January 08, 2006, 12:13:42 pm »
They have to ENSURE to thier customers that the patch will work with no strings attached, say that guy's patch hadn't worked, it wouldn't be a big deal. Microsoft deals with hundreds of millions of customers and they have thier reputation to lose along with thier credibility of being able to fix bugs in thier OS. I'd opt for more bug testing and a later release as opposed to less bug fixing and a earlier rushed release.
And now I bring you to subject SP2.

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Info on Windows' WMF Vulnerability
« Reply #26 on: January 08, 2006, 12:20:09 pm »
They have to ENSURE to thier customers that the patch will work with no strings attached, say that guy's patch hadn't worked, it wouldn't be a big deal. Microsoft deals with hundreds of millions of customers and they have thier reputation to lose along with thier credibility of being able to fix bugs in thier OS. I'd opt for more bug testing and a later release as opposed to less bug fixing and a earlier rushed release.

The MSI install package for the fix is 86 Kb.  Ilfak was able to code a fix that at least "pseudo" worked in but a few hours.  To me, that says it's not that difficult of a process.

I do agree that patching an OS is a very delicate procedure and it should have thorough testing, but when you have an exploit that renders a computer as venerable as this one, it's pretty time-critical.

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: Info on Windows' WMF Vulnerability
« Reply #27 on: January 08, 2006, 12:42:06 pm »
I think they realized that and after thiers was leaked they had no choice but to release it and hope for the best. It's a hard decision to make I'd agree but atleast it's fixed now officially.
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Info on Windows' WMF Vulnerability
« Reply #28 on: January 08, 2006, 12:46:25 pm »
I think they realized that and after thiers was leaked they had no choice but to release it and hope for the best. It's a hard decision to make I'd agree but atleast it's fixed now officially.

Haha, yeah.  I still don't think they should have ever even considered releasing a patch to a vulnerability this serious that late, though...

Oh well, it's fixed!

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Info on Windows' WMF Vulnerability
« Reply #29 on: January 08, 2006, 02:09:30 pm »
They have to ENSURE to thier customers that the patch will work with no strings attached, say that guy's patch hadn't worked, it wouldn't be a big deal. Microsoft deals with hundreds of millions of customers and they have thier reputation to lose along with thier credibility of being able to fix bugs in thier OS. I'd opt for more bug testing and a later release as opposed to less bug fixing and a earlier rushed release.

Why isn't it automated?  Can't they just upload the patch to a virtual test machine, and it tries it automatically on every conceivable system?  Don't tell me that's beyond Microsoft's abilities, I'm sure it's not.  Testing should take seconds!

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: Info on Windows' WMF Vulnerability
« Reply #30 on: January 08, 2006, 02:17:26 pm »
Well yea they but they take into account the other languages, other factors which may affect the result, best way to fix it, what the repercussions will be (What functionality will they lose), etc..
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Info on Windows' WMF Vulnerability
« Reply #31 on: January 08, 2006, 02:43:47 pm »
And, why don't they test that?

If I was them, I'd have a test bed server that runs every imaginable variation, and tests them all, with the repercussions, all at once. 

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Info on Windows' WMF Vulnerability
« Reply #32 on: January 08, 2006, 02:47:43 pm »
Yeah, I really doubt testing takes that long if they make it top priority... just look at how many programmers they have!

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: Info on Windows' WMF Vulnerability
« Reply #33 on: January 08, 2006, 06:26:23 pm »
It isn't a matter of testing, it's a matter of analyzing what functionality they lose out of what they patch to restrict the exploit from happening. I'd want to compare that and if it isn't worth it find another way to fix the exploit. Things like that they need to consider.
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Info on Windows' WMF Vulnerability
« Reply #34 on: January 08, 2006, 06:29:51 pm »
It isn't a matter of testing, it's a matter of analyzing what functionality they lose out of what they patch to restrict the exploit from happening. I'd want to compare that and if it isn't worth it find another way to fix the exploit. Things like that they need to consider.

Seems like a perfectly valid definition and entailment of testing to me. :)

With something this potentially devastating, they need to get a patch out that prevents people from taking advantage of the exploit and THEN figure out what its negative affects are.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Info on Windows' WMF Vulnerability
« Reply #35 on: January 08, 2006, 10:29:00 pm »
It isn't a matter of testing, it's a matter of analyzing what functionality they lose out of what they patch to restrict the exploit from happening. I'd want to compare that and if it isn't worth it find another way to fix the exploit. Things like that they need to consider.

Yeah, and yet again, I'll say: why can't that be automated?

Offline igimo1

  • Full Member
  • ***
  • Posts: 420
    • View Profile
Re: Info on Windows' WMF Vulnerability
« Reply #36 on: January 09, 2006, 01:58:29 am »
Innumerable variables in the testing, of course!

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: Info on Windows' WMF Vulnerability
« Reply #37 on: January 09, 2006, 02:12:19 am »
You want something to automate something as crucial as that? PCs make mistakes and when automated are assumed to be correct. User made mistakes may be found easily plus save them the embarassment of releasing a bad patch. The entire world isn't a bunch of Linux fanboys sitting around open source, Microsoft is a corperation which needs to satisfy all of it's customers and it makes the best decisions availible buisness wise. I doubt they are going to sacrafice the way they test for a few days (yes a few) of an earlier release. It's not like the patch times between the guy and Microsoft was that incredibly omg off the wall hold the phone long.

@Sidoh: Again, they think for ALL of thier customers and arn't going to potentially make software lose some functionality to again gain a few days of an earlier release.

Like I said it was patched in a timely manner and in an efficient manner. I downloaded and installed the patch and so did the entire hundred zillionjillion that uses Windows. Life goes on.
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Info on Windows' WMF Vulnerability
« Reply #38 on: January 09, 2006, 02:27:38 am »
You want something to automate something as crucial as that? PCs make mistakes and when automated are assumed to be correct. User made mistakes may be found easily plus save them the embarassment of releasing a bad patch. The entire world isn't a bunch of Linux fanboys sitting around open source, Microsoft is a corperation which needs to satisfy all of it's customers and it makes the best decisions availible buisness wise. I doubt they are going to sacrafice the way they test for a few days (yes a few) of an earlier release. It's not like the patch times between the guy and Microsoft was that incredibly omg off the wall hold the phone long.
I'd trust a computer to test every possibility much sooner than I'd trust a human.  You're right, the world ISN'T a bunch of Linux fanboys sitting around, and humans WON'T find every bug, which is why every path should be exercised, and the only way that's going to happen is with a computer doing it.  As you said, there are dozens of versions, and hundreds of paths involving that code, so do you really expect a human to be able to enumerate all of those better than a computer?  I doubt it. 

Like I said it was patched in a timely manner and in an efficient manner. I downloaded and installed the patch and so did the entire hundred zillionjillion that uses Windows. Life goes on.
Except for the people whose computers got screwed up in the 2 week gap because of Viruses.  And the companies that lost money because their computers were down due to this.  Except people who had information stolen or otherwise abused by malicious hackers with the exploit code.  In the 2 weeks while there was no patch, everybody in the world was a sitting duck.  While Microsoft was waiting for their patch cycle (Microsoft employees had a patch for it a week before they actually released it), people were being exploited and infected because Microsoft doesn't want to make it look like they release too many patches.  God forbid they keep their customers SAFE. 

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: Info on Windows' WMF Vulnerability
« Reply #39 on: January 09, 2006, 05:01:04 pm »
Since Humans won't find all bugs I would have a bug nested in the bug testing software which automates the testing. I'm sure however they did use some automation in some areas but leaving it to something to automate the testing is pretty silly.

The information about the patch was fully disclosed and Microsoft patched it within two weeks and ahead of schedule which is a lot to say for the severity of the exploit as explained before. Like with every exploit, people are going to get hurt by it there is nothing stopping that. That guy released a patch along with some other companies, I disagree with Microsoft discouraging the use of them. They work until Microsoft officially released thier patch in which case those applied patches should be uninstalled.
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline Chavo

  • x86
  • Hero Member
  • *****
  • Posts: 2219
  • no u
    • View Profile
    • Chavoland
Re: Info on Windows' WMF Vulnerability
« Reply #40 on: January 09, 2006, 06:36:54 pm »
Quote
I disagree with Microsoft discouraging the use of them.
I don't necessarily agree or disagree with whether they should have discouraged it, but its not like its MS being evil, just about any non company that is out for a profit will say the same thing for CYA.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Info on Windows' WMF Vulnerability
« Reply #41 on: January 09, 2006, 07:34:21 pm »
Since Humans won't find all bugs I would have a bug nested in the bug testing software which automates the testing. I'm sure however they did use some automation in some areas but leaving it to something to automate the testing is pretty silly.

The information about the patch was fully disclosed and Microsoft patched it within two weeks and ahead of schedule which is a lot to say for the severity of the exploit as explained before. Like with every exploit, people are going to get hurt by it there is nothing stopping that. That guy released a patch along with some other companies, I disagree with Microsoft discouraging the use of them. They work until Microsoft officially released thier patch in which case those applied patches should be uninstalled.

Because the testing software would probably be a few hundred lines, maybe a couple thousand, and Windows NT is 40,000,000 lines.  I think I'd trust the testing program to test 40 million lines before I'd trust a human to check 40 million. 

Microsoft left their users vulnerable for 2 weeks to test a 1-line patch.  I stand by the fact that there's no way it should have taken that long, unless they're trying each and every version of Windows individually, which would be dumb, as I already said. 

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: Info on Windows' WMF Vulnerability
« Reply #42 on: January 10, 2006, 05:37:29 am »
It isn't checked all at once after it's done (Windows NT) it is tested component by component as it is written. Divide+Conquer type thing.

Now I think thier patch was a little bit more elaborate than one line since it was stated that there were differences between that guy's and Microsoft's which required the user to uninstall that and install the official one since they did some things differently. Of course they didn't test on all platforms one after the other, rather all at once using different teams. Once they saw the situation was getting out of hand and thier own patch leaked, they released it ahead of time.

Do you think Microsoft reads the security sites where information is disclosed? I doubt it the find the source of it themsevles THEN patch it which I would be able to see why there was a 2 week window in the development and release.
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Info on Windows' WMF Vulnerability
« Reply #43 on: January 10, 2006, 11:07:55 am »
It should be checked all at once, that's what I've been saying this whole thread.  If it's not, then they're dumb. 

Yes, of course they read security sites.  If they don't, they're dumb.

Offline Ergot

  • 吴立峰 ^_^ !
  • x86
  • Hero Member
  • *****
  • Posts: 3724
  • I steal bandwidth. p_o
    • View Profile
Who gives a damn? I fuck sheep all the time.
And yes, male both ends.  There are a couple lesbians that need a two-ended dildo...My router just refuses to wear a strap-on.
(05:55:03) JoE ThE oDD: omfg good job i got a boner thinkin bout them chinese bitches
(17:54:15) Sidoh: I love cosmetology

Offline Chavo

  • x86
  • Hero Member
  • *****
  • Posts: 2219
  • no u
    • View Profile
    • Chavoland
Re: Info on Windows' WMF Vulnerability
« Reply #45 on: January 10, 2006, 07:15:28 pm »
They read security sites, not MS bashing sites  :P

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: Info on Windows' WMF Vulnerability
« Reply #46 on: January 15, 2006, 12:37:05 am »
Quote
I downloaded and installed the patch and so did the entire hundred zillionjillion that uses Windows.

Minus one. I've never installed a Microsoft patch on my box. That's why its working so well...
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Info on Windows' WMF Vulnerability
« Reply #47 on: January 15, 2006, 12:28:43 pm »
Quote
I downloaded and installed the patch and so did the entire hundred zillionjillion that uses Windows.

Minus one. I've never installed a Microsoft patch on my box. That's why its working so well...

If you've never installed a Microsoft patch for Windows, then you're dumber than my parents. 

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Info on Windows' WMF Vulnerability
« Reply #48 on: January 15, 2006, 12:30:25 pm »
If you've never installed a Microsoft patch for Windows, then you're dumber than my parents. 

HAHAHAAHAHAH.

Offline Chavo

  • x86
  • Hero Member
  • *****
  • Posts: 2219
  • no u
    • View Profile
    • Chavoland
Re: Info on Windows' WMF Vulnerability
« Reply #49 on: January 15, 2006, 12:43:21 pm »
I've never installed a Microsoft patch on my box. That's why its working so well...

* unTactical goes to find some "special" links for joe to click on

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Info on Windows' WMF Vulnerability
« Reply #50 on: January 15, 2006, 12:46:44 pm »
* unTactical goes to find some "special" links for joe to click on

LMFAOAH AHHAHAHA. AHAHAH.a. AHAHAHAHAHA...1!!!!hahahaha!.

Sorry, that was just hillarious! :)

Offline Ergot

  • 吴立峰 ^_^ !
  • x86
  • Hero Member
  • *****
  • Posts: 3724
  • I steal bandwidth. p_o
    • View Profile
Re: Info on Windows' WMF Vulnerability
« Reply #51 on: January 15, 2006, 01:00:02 pm »
Quote
I downloaded and installed the patch and so did the entire hundred zillionjillion that uses Windows.

Minus one. I've never installed a Microsoft patch on my box. That's why its working so well...

If you've never installed a Microsoft patch for Windows, then you're dumber than my parents. 
Screw you :(
Who gives a damn? I fuck sheep all the time.
And yes, male both ends.  There are a couple lesbians that need a two-ended dildo...My router just refuses to wear a strap-on.
(05:55:03) JoE ThE oDD: omfg good job i got a boner thinkin bout them chinese bitches
(17:54:15) Sidoh: I love cosmetology

Offline deadly7

  • 42
  • x86
  • Hero Member
  • *****
  • Posts: 6496
    • View Profile
Re: Info on Windows' WMF Vulnerability
« Reply #52 on: January 15, 2006, 02:36:43 pm »
I've only installed the Blaster patch.. I will get around to the WMF patch eventually.
[17:42:21.609] <Ergot> Kutsuju you're girlfrieds pussy must be a 403 error for you
 [17:42:25.585] <Ergot> FORBIDDEN

on IRC playing T&T++
<iago> He is unarmed
<Hitmen> he has no arms?!

on AIM with a drunk mythix:
(00:50:05) Mythix: Deadly
(00:50:11) Mythix: I'm going to fuck that red dot out of your head.
(00:50:15) Mythix: with my nine

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Info on Windows' WMF Vulnerability
« Reply #53 on: January 15, 2006, 02:38:25 pm »
I strongly recommend the Sasser patch (MS04-011). 

And there are many, many others.  But it's really, really stupid to not install patches. 

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Info on Windows' WMF Vulnerability
« Reply #54 on: January 15, 2006, 02:38:47 pm »
But it's really, really stupid to not install patches. 

Completely agreed.

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: Info on Windows' WMF Vulnerability
« Reply #55 on: January 15, 2006, 03:15:28 pm »
Blaster and Sasser are extinct. Everyone else installed the patch, which means that nobody is there to send it to me! Not to mention I'm on 56k and would take days to download it I'm so slow =p
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Info on Windows' WMF Vulnerability
« Reply #56 on: January 15, 2006, 03:24:52 pm »
Blaster and Sasser are extinct. Everyone else installed the patch, which means that nobody is there to send it to me! Not to mention I'm on 56k and would take days to download it I'm so slow =p

Fuck you're dumb.  You can't blame ignorance like other people -- you're fully aware of the dangers (hopefully) that are on the internet.

Blaster and sasser are not extinct.  They're kept circulating around the internet in hopes they'll find some dumbfuck who didn't install the patch.

Offline deadly7

  • 42
  • x86
  • Hero Member
  • *****
  • Posts: 6496
    • View Profile
Re: Info on Windows' WMF Vulnerability
« Reply #57 on: January 15, 2006, 03:49:30 pm »
I strongly recommend the Sasser patch (MS04-011). 

And there are many, many others.  But it's really, really stupid to not install patches. 
I installed Sasser too. I knew I forgot to mention one.. heh, it's hard patching when you have an illegal version of Windoze!
[17:42:21.609] <Ergot> Kutsuju you're girlfrieds pussy must be a 403 error for you
 [17:42:25.585] <Ergot> FORBIDDEN

on IRC playing T&T++
<iago> He is unarmed
<Hitmen> he has no arms?!

on AIM with a drunk mythix:
(00:50:05) Mythix: Deadly
(00:50:11) Mythix: I'm going to fuck that red dot out of your head.
(00:50:15) Mythix: with my nine

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: Info on Windows' WMF Vulnerability
« Reply #58 on: January 15, 2006, 04:20:50 pm »
Not really, just update your serial. I do it everytime I install windows.
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline Blaze

  • x86
  • Hero Member
  • *****
  • Posts: 7136
  • Canadian
    • View Profile
    • Maide
Re: Info on Windows' WMF Vulnerability
« Reply #59 on: January 15, 2006, 05:44:27 pm »
I have 8 copies of Windows I own legally, and around 30 corporates with updateable cdkeys... legally of course. ::)
And like a fool I believed myself, and thought I was somebody else...

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Info on Windows' WMF Vulnerability
« Reply #60 on: January 15, 2006, 06:09:51 pm »
Blaster and Sasser are extinct. Everyone else installed the patch, which means that nobody is there to send it to me! Not to mention I'm on 56k and would take days to download it I'm so slow =p

They aren't even CLOSE to extinct!  They're still spreading as fast as ever, mostly because of dumb people who don't install patches. 

If you use Windows, shouldn't you buy it for real?  I mean, if you're going to use it, you probably want it to be better, so you should at least be giving Microsoft the $450 that they deserve. 

Offline deadly7

  • 42
  • x86
  • Hero Member
  • *****
  • Posts: 6496
    • View Profile
Re: Info on Windows' WMF Vulnerability
« Reply #61 on: January 15, 2006, 06:40:01 pm »
Blaster and Sasser are extinct. Everyone else installed the patch, which means that nobody is there to send it to me! Not to mention I'm on 56k and would take days to download it I'm so slow =p

They aren't even CLOSE to extinct!  They're still spreading as fast as ever, mostly because of dumb people who don't install patches. 

If you use Windows, shouldn't you buy it for real?  I mean, if you're going to use it, you probably want it to be better, so you should at least be giving Microsoft the $450 that they deserve. 
The $450 that they deserve for having a broken operating system.  Right.
[17:42:21.609] <Ergot> Kutsuju you're girlfrieds pussy must be a 403 error for you
 [17:42:25.585] <Ergot> FORBIDDEN

on IRC playing T&T++
<iago> He is unarmed
<Hitmen> he has no arms?!

on AIM with a drunk mythix:
(00:50:05) Mythix: Deadly
(00:50:11) Mythix: I'm going to fuck that red dot out of your head.
(00:50:15) Mythix: with my nine

Offline Blaze

  • x86
  • Hero Member
  • *****
  • Posts: 7136
  • Canadian
    • View Profile
    • Maide
Re: Info on Windows' WMF Vulnerability
« Reply #62 on: January 15, 2006, 07:18:56 pm »
I got all of mine at the Vancouver Microsoft Employee discount. ($ 30)
And like a fool I believed myself, and thought I was somebody else...

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Info on Windows' WMF Vulnerability
« Reply #63 on: January 15, 2006, 08:39:32 pm »
Blaster and Sasser are extinct. Everyone else installed the patch, which means that nobody is there to send it to me! Not to mention I'm on 56k and would take days to download it I'm so slow =p

They aren't even CLOSE to extinct!  They're still spreading as fast as ever, mostly because of dumb people who don't install patches. 

If you use Windows, shouldn't you buy it for real?  I mean, if you're going to use it, you probably want it to be better, so you should at least be giving Microsoft the $450 that they deserve. 
The $450 that they deserve for having a broken operating system.  Right.
Yet, you're still using it.  Pretty hypocritical to complain about it when there are perfectly good alternatives, isn't it? :P

Offline deadly7

  • 42
  • x86
  • Hero Member
  • *****
  • Posts: 6496
    • View Profile
Re: Info on Windows' WMF Vulnerability
« Reply #64 on: January 15, 2006, 09:18:41 pm »
Blaster and Sasser are extinct. Everyone else installed the patch, which means that nobody is there to send it to me! Not to mention I'm on 56k and would take days to download it I'm so slow =p

They aren't even CLOSE to extinct!  They're still spreading as fast as ever, mostly because of dumb people who don't install patches. 

If you use Windows, shouldn't you buy it for real?  I mean, if you're going to use it, you probably want it to be better, so you should at least be giving Microsoft the $450 that they deserve. 
The $450 that they deserve for having a broken operating system.  Right.
Yet, you're still using it.  Pretty hypocritical to complain about it when there are perfectly good alternatives, isn't it? :P
I use Linux on the side too.. I just can't.. change everything!  Linux takes time++ to get used to.  Plus, Starcraft won't work! :\  Not to mention, using Linux as your main operating system would blow if you run it on a box that takes ten years to process 1*6
[17:42:21.609] <Ergot> Kutsuju you're girlfrieds pussy must be a 403 error for you
 [17:42:25.585] <Ergot> FORBIDDEN

on IRC playing T&T++
<iago> He is unarmed
<Hitmen> he has no arms?!

on AIM with a drunk mythix:
(00:50:05) Mythix: Deadly
(00:50:11) Mythix: I'm going to fuck that red dot out of your head.
(00:50:15) Mythix: with my nine

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Info on Windows' WMF Vulnerability
« Reply #65 on: January 15, 2006, 09:24:31 pm »
I use Linux on the side too.. I just can't.. change everything!  Linux takes time++ to get used to.  Plus, Starcraft won't work! :\  Not to mention, using Linux as your main operating system would blow if you run it on a box that takes ten years to process 1*6

It'd be even worse to run Windows on such a horrid machine.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Info on Windows' WMF Vulnerability
« Reply #66 on: January 15, 2006, 09:35:38 pm »
Blaster and Sasser are extinct. Everyone else installed the patch, which means that nobody is there to send it to me! Not to mention I'm on 56k and would take days to download it I'm so slow =p

They aren't even CLOSE to extinct!  They're still spreading as fast as ever, mostly because of dumb people who don't install patches. 

If you use Windows, shouldn't you buy it for real?  I mean, if you're going to use it, you probably want it to be better, so you should at least be giving Microsoft the $450 that they deserve. 
The $450 that they deserve for having a broken operating system.  Right.
Yet, you're still using it.  Pretty hypocritical to complain about it when there are perfectly good alternatives, isn't it? :P
I use Linux on the side too.. I just can't.. change everything!  Linux takes time++ to get used to.  Plus, Starcraft won't work! :\  Not to mention, using Linux as your main operating system would blow if you run it on a box that takes ten years to process 1*6
Yes, and learning Linux is like learning French: you have to immerse yourself in it, and force yourself to use it all the time, and you'll learn it in no time. 

Also, I can design a digital circuit, with logic gates and everything, which can process 1*6 in a very short period.  Hell, I can start with the transistors if you want to be hardcore.  That's a way overexaggeration :P

Offline deadly7

  • 42
  • x86
  • Hero Member
  • *****
  • Posts: 6496
    • View Profile
Re: Info on Windows' WMF Vulnerability
« Reply #67 on: January 15, 2006, 09:39:58 pm »
Quote
Also, I can design a digital circuit, with logic gates and everything, which can process 1*6 in a very short period.  Hell, I can start with the transistors if you want to be hardcore.  That's a way overexaggeration Tongue
I like my hyperbole, thanks!

I use Linux on the side too.. I just can't.. change everything!  Linux takes time++ to get used to.  Plus, Starcraft won't work! :\  Not to mention, using Linux as your main operating system would blow if you run it on a box that takes ten years to process 1*6

It'd be even worse to run Windows on such a horrid machine.
I don't run Windows on the other computer, my dad does. :|
[17:42:21.609] <Ergot> Kutsuju you're girlfrieds pussy must be a 403 error for you
 [17:42:25.585] <Ergot> FORBIDDEN

on IRC playing T&T++
<iago> He is unarmed
<Hitmen> he has no arms?!

on AIM with a drunk mythix:
(00:50:05) Mythix: Deadly
(00:50:11) Mythix: I'm going to fuck that red dot out of your head.
(00:50:15) Mythix: with my nine

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: Info on Windows' WMF Vulnerability
« Reply #68 on: January 15, 2006, 10:02:08 pm »
Quote
Plus, Starcraft won't work! :\
yes it does, use wine. excuse my caps, i'm holding a napkin to my chin to stop bleeding

Quote
I like my hyperbole, thanks!
whats a hyper bowl?
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Info on Windows' WMF Vulnerability
« Reply #69 on: January 15, 2006, 10:20:46 pm »
Quote
Plus, Starcraft won't work! :\
yes it does, use wine. excuse my caps, i'm holding a napkin to my chin to stop bleeding

Quote
I like my hyperbole, thanks!
whats a hyper bowl?

Maybe he'd rather use Windows.

I'll assume the question was meant as a joke.

Offline Ergot

  • 吴立峰 ^_^ !
  • x86
  • Hero Member
  • *****
  • Posts: 3724
  • I steal bandwidth. p_o
    • View Profile
Re: Info on Windows' WMF Vulnerability
« Reply #70 on: January 16, 2006, 01:53:16 pm »
Wow, it's been around since Windows 3.0. But at least this guy says Win9x poons XP
http://blogs.technet.com/msrc/archive/2006/01/13/417431.aspx
Who gives a damn? I fuck sheep all the time.
And yes, male both ends.  There are a couple lesbians that need a two-ended dildo...My router just refuses to wear a strap-on.
(05:55:03) JoE ThE oDD: omfg good job i got a boner thinkin bout them chinese bitches
(17:54:15) Sidoh: I love cosmetology