omeone ruined Redmond's Christmas
Iain Thomson, vnunet.com 03 Jan 2006
Exploit code is appearing for an unpatched vulnerability in Microsoft's Windows operating system, but users will have to wait another eight days before their computers will be safe.
The problem lies in the system for handling Windows Meta Files (WMF) and was discovered on 27 December. Exploit code started to appear shortly afterwards and administrators are now being urged to block all WMF files for the time being.
"Microsoft is aware of the public release of detailed exploit code that could allow an attacker to execute arbitrary code in the security context of the logged-on user, when such user is visiting a website which contains a specially crafted WMF image," said the company in a statement.
"An attacker would have no way of forcing users to visit a malicious website, but would have to persuade them to visit the site typically by getting them to click a link that takes them to the attacker's site."
The statement added that Microsoft engineers devised a patch within days of the discovery and will be releasing it on 10 January as part of the company's regular patch releases.
Microsoft highlighted some possible workarounds in a security advisory, such as updating antivirus software, and said that users of its OneCare system are protected.
The software giant also advised users not to open unsolicited emails and to avoid visiting unknown websites.
Mikko Hyppönen, chief research officer at security firm F-Secure, warned that this is one of the most wide-ranging Microsoft problems yet seen, potentially affecting every version of Windows.
"This is not really a bug, it's just bad design. When Windows Metafiles were designed in the late 1980s, a feature was included that allowed the image files to contain actual code," he said in a blog entry.
"This code would be executed via a call-back in special situations. This was not a bug; this was something which was needed at the time."
Hyppönen explained that the code was needed to stop print runs if they were cancelled mid-job. This means that other vulnerabilities in the WMF system are likely, and that every version of Windows is potentially affected.
Trojan infected emails have already been discovered, as have websites containing the code. Internet monitoring firm Websense has a collection of screenshots of infected websites here.
Thursday, June 15, 2006
Looking for Goood Loooks ;)
As I m a software tester ... Always searching for Good GUI for the software whcih I m testing ... this is impactin my life ...and nowadays ... I always checks for the good looks... in everything ;)
GUI Standards
Fundamentals of Designing User Interaction - Checklist for a Good Interface
Use it to help you confirm that your application is designed to provide the best user experience:
Your application installs easily in a minimum number of steps.
Your application installation does not require the system to restart.
Users do not have to read a Read me file before using your application.
User-generated data files are stored by default in the My Documents folder.
Your application avoids cryptic file names that are visible to users.
Your application does not create folders outside of the Program Files folder.
Your application does not write files to the root of the hard disk.
If your application uses a disk cache, it also registers with the Disk Cleanup utility.
Your application does not include entries to its Help, Read me, and Uninstall files on the Start menu.
Your application does not install icons to the Windows desktop without the user's permission.
If your application is run at startup, it loads without displaying splash screens and dialog boxes.
Your application does not use the taskbar notification area for status, for launching applications or utilities, or for querying properties. It uses the notification area only to alert the user of an important change.
Your application appropriately applies the color choices the user selected in Display properties in Control Panel.
Your application is keyboard accessible.
Your application works correctly if the user increases the size of the default font.
Your application supports the standard set of keyboard shortcuts, where applicable.
Your applications uninstall process leaves no remaining files or registry entries other than files created by the user.
Your application does not use jargon in its user interface text. Use industry-specific or technical terms only if they are clearly understood by the user.
Your application adjusts appropriately when the user changes the display resolution as well as for multiple-monitor configurations.
Use it to help you confirm that your application is designed to provide the best user experience:
Your application installs easily in a minimum number of steps.
Your application installation does not require the system to restart.
Users do not have to read a Read me file before using your application.
User-generated data files are stored by default in the My Documents folder.
Your application avoids cryptic file names that are visible to users.
Your application does not create folders outside of the Program Files folder.
Your application does not write files to the root of the hard disk.
If your application uses a disk cache, it also registers with the Disk Cleanup utility.
Your application does not include entries to its Help, Read me, and Uninstall files on the Start menu.
Your application does not install icons to the Windows desktop without the user's permission.
If your application is run at startup, it loads without displaying splash screens and dialog boxes.
Your application does not use the taskbar notification area for status, for launching applications or utilities, or for querying properties. It uses the notification area only to alert the user of an important change.
Your application appropriately applies the color choices the user selected in Display properties in Control Panel.
Your application is keyboard accessible.
Your application works correctly if the user increases the size of the default font.
Your application supports the standard set of keyboard shortcuts, where applicable.
Your applications uninstall process leaves no remaining files or registry entries other than files created by the user.
Your application does not use jargon in its user interface text. Use industry-specific or technical terms only if they are clearly understood by the user.
Your application adjusts appropriately when the user changes the display resolution as well as for multiple-monitor configurations.
Subscribe to:
Posts (Atom)