The Code Cave

I’ve recommended Rob Miller’s plugins before. I’ve had his Now Reading plug in installed on this blog for a while but some how, in a way neither of us understood, the authors and the titles got mixed beyond my desire to fix.

While browsing his blog, I came across a 52 books in 52 weeks challenge reference. And like others, I took up the challenge.

I didn’t record many of the books I read, but I know that I did easily pass the count of 52. Here in fact are 56 books that I read since Jan 1 of last year:

Orson Scott Card
Ender’s Game
Speaker for the Dead
Xenocide
Childeren of the Mind
Enders Shadow
Shadow of the Hegemon
Shadow Puppets
Magic Street
A war of Gifts

Fred Saberhagen
Berserkers
The Empire of the East

Sara Paretsky
Bitter Medicine
Blacklist
Fire Sale

David Eddings
Pawn of Prophecy
Queen of Sorcery
Magician’s Gambit
Castle of Wizardry
Enchanters’ End Game

Guardians of the West
King of the Murgos
Demon Lord of Karanda
Sorceress of Darshiva
The Seeress of Kell

Catherine Asaro
Primary Inversion
Catch the Lightning
The Last Hawk
The Radiant Seas
Ascendant Sun
The Quantum Rose

Anne McCaffery
Changelings: Twins of Petaybee
Maelstrom: Twins of Petaybee

Freedom’s Challenge
Freedom’s Choice
Freedom’s Landing
The Tower and the Hive
The Rowan
Damia
Damia’s Children

Cornelia Funke
Inkheart

Kevin J. Anderson
Eragon
Eldest

Terry Goodkind
Phantom

Ben Bova
Mars

Kate Jacobs
The Friday Night Knitting Club

Philip K. Dick
Minority Report and Other Stories

Johann Wyss
The Swiss Family Robinson

J. M. Barrie
Peter Pan in Scarlet

Josepha Sherman
Vulcan’s Soul

Robert A. Heinlein
The Rolling Stones
The Star Beast
Double Star
Starship Troopers
The Moon Is a Harsh Mistress
Variable Star
Voyagers

BTW I have since found out that the original challenge was to write and review 52. We’ll see if I can do that next year. I met the challenge I had set for myself for this year.

Cheers all!

Please excuse the dust as I fiddle with a few things here!

It looks like my host changed their default PHP extension last night around 8pm.  Whatever they did, and I’m very curious, took out WP-Cache 2.  I just got a blank site any time the plugin was enabled.  It didn’t matter if I cleared the cache or even recreated its directories.  I’ll diagnose it later, but for now I’ve moved myself over to a different install of PHP. 

 Let me know if you see any issues.

I’d already decided not to post about this, but then learned more.  There is no fix.  No work around. I’m vulnerable and at this point, I can’t do anything about it.  Even on Vista, just pre-viewing an HTML email in Outlook 2002+ means you are vulnerable.   An that’s not just OE but the REAL Outlook used is offices everywhere.  You can’t turn off Java Script, or Active X or anything.  You don’t even crash.  Your system is just pwned…

What does MS have to say?

Microsoft is investigating new public reports of attacks exploiting a vulnerability in the way Microsoft Windows handles animated cursor (.ani) files. In order for this attack to be carried out, a user must either visit a Web site that contains a Web page that is used to exploit the vulnerability or view a specially crafted e-mail message or email attachment sent to them by an attacker. [...] Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This will include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.  Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary. - http://blogs.pcworld.com/staffblog/archives/003973.html

For Outlook, the only fix Microsoft has is “read all e-mail in plain text rather than HTML”.  I know Outlook REALLY well, but I don’t remember a setting that does that.  There’s no solution for Internet Explorer.  Basicaly any application, even ones that you might have written in Delphi that happen to have a TBrowser component in them that is allowed access to the outside world, is vulnerable.  So if you have any custom email programs you’ve written, watch out!

The basic avenue of attack  is to display a customized animated cursor.  Once you open that email or browse through that site,  they gain access to your computer.  There is no crash, it just instantly happens.  The code can then promote the Limited Access account you are using (because we all only use admin accounts when we need to… Yeah, right!) to an Adminstrator account, and then do whatever they please, from rootkits to personal webservers.  Oh! and of course don’t forget that an “animated” cursor can appear to be static. It can look exact your normal cursor. 

In the article “ Windows Zero-Day Flaw ‘Very Dangerous,’ Experts Say Bug affecting IE and Windows is potentially very damaging, and there’s no quick fix in sight. “, by Gregg Keizer of Computerworld, there are a couple of good quotes.

“This is a good exploit,” Roger Thompson, CTO of Exploit Prevention Labs

“According to Adrian Stone, an MSRC program manager, Outlook 2007 is invulnerable, as is Vista’s Windows Mail–as long as users don’t reply or forward the attacker’s messages. The SANS Institute’s testing, however, contradicted Microsoft; by SANS’ account, Outlook Express in Windows XP, Windows Mail in Vista, and Outlook 2003 in any version of Windows puts users at risk when they simply preview a malicious message. They don’t have to actually open the message to be in danger of an infection.”

“Worse, we know there are vulnerabilities that can be exploited in Vista to escalate privileges,” said Brown. “All you need is access to the system, which this [animated cursor] provides.” Once inside, said Brown, the attacker could up rights from even a safer local user to administrator privileges. “Then, all bets are off.”

UPDATE:

 It seems that eEye Digital Security is taking advantage of the situation and has release a patch if you have their 1 year free personal addtion intrusion software:

Patch Location: Download Now!
Patch Version: 1.0
Patch Source Code: View

The patch prevents the loading of any non local ani files.  Well, my intrusion software is somewhat out of date anyway.  I’ll give it a try.  I’ll let you know if this is another “Scare you till you upgrade” program that is hard to remove.

UPDATE #2: eEye Digital Security is incredible.  At first glance, it seems to be professional and high-level.  I think it is actually meant to protect your system and not scare your Aunt Martha into buying more and more additions to it.  I’m impressed.  I’m also sad to say that for the second time since 1985ish when I first got a PC clone (a Compaq Portable Plus with Compaq Dos 2.12 and 10mb HD, if you must know), I actually had a virus detected on any disk or computer in my home.  It was one just reported in the wild for the first time at the end of Feb.  So my current antivirus software, somewhat out of date, hadn’t picked up on it.  Still I guess 2 viruse detections out of all of the stuff I’ve done and all the disks I’ve used and stuff I’ve downloaded, is a pretty good safety record for 2.2 decades.

All looks good.  Let me know if you see anything wrong.

MENTAL NOTE 6743: After update your blogs, do not freak out when the version at the bottom of the page doesn’t change.  You simply did not clear your cache via the WP-CACHE plugin.  Chill!

Hang on for the ride!

wordpress-2.1.3-RC3.tar.gz

Server might be a little slow.  And I’m walking away for a bit.  It’s nice to be able to do this and get full back ups with 30 seconds of effort…

The website functioned PERFECTLY as long as you were logged in! HONEST! 

Anyway, Lloyd, Cindy and Joe EVENTUALLY convinced me that they really weren’t insane.  Even my wife told me she got an error on the site, I just thought it was her IE6 gagging on a media file as it is prone to do.

And people think programmers are making it up when they say “Well, it works fine when I do that…”

But hey - what’s 10 hours of down time amoungst friends… Sheesh…

PS. For the record  DO NOT use Anarchy Media Player Plugin 2.0 Beta with version 2.1.2 of WordPress…  Stick with 1.6.5 even though you don’t get buttons on the editor any more.   Or you will get the behaviour I did.  I’ll diagnose it later.