MS ‘Britney Spears naked’ bug
p2pnet.net news:- Every day p2pnet kills off a number of comment spams – usually, but not only – from China. But for the past few weeks, quite a few of them have been touting pix of Britney Spears.
Nekked.
It turns out these are come-ons for hacker apps meant to exploit the recently revealed, but not recently discovered, flaw through which a dangerous Windows security hole is being exploited.
“There are problems with the patch Microsoft released Tuesday for a critical .ANI vulnerability, and hackers have launched a new spam campaign to take advantage of the flaw,” says InformationWeek, going on:
“Deborah Hale, a handler with the Internet Storm Center, reported in the site’s daily diary on Wednesday that researchers there are receiving reports of users having problems with the patch, which Microsoft pushed out a week earlier than its normal monthly Patch Tuesday release. Microsoft confirmed a problem with the patch and provided a hotfix, or a patch for the patch, when the patch was first released.
“Hale noted that other issues have arisen, as well, and Microsoft is investigating them.”
Microsoft boasts about the speed in which it released a patch.
“I’m sure one question in people’s minds is how we’re able to release an update for this issue so quickly,” said Christopher Budd on the Microsoft Security Response Center Blog.
‘Quickly’ might not have been the best word to use. Bill and the Boyz had known about the hole since last December.
Mark Miller, director of the Microsoft Security Response Center (MSRC), “rejected the idea that Microsoft rushed to release the fix only when exploits appeared and publicity mounted,” says Computerworld.
That Determina’s Alexander Sotirov, not a Microsoft employee, “found the ANI vulnerability speaks ill of the company’s emphasis on security and its claims of code review,” says the story, going on:
“Several analysts and researchers, for instance, have noted the similarity between today’s flaw and one patched in January 2005. That bug, fixed by the MS05-002 update, also involved animated cursors and was reported to Microsoft by researchers from eEye Digital Security 57 days before the patch was issued.
“If, as Miller said, Microsoft uses at least some time of the patch development process looking for similar vulnerabilities in the affected code, why wasn’t the 2007 animated cursor flaw found in 2005?”
“We’re doing an analysis of why we didn’t find it then,” Computerworld has Miller saying.
Also See:
InformationWeek – Hackers Promise ‘Nude Britney Spears’ Pix To Plant .ANI Exploit, April 4, 2007
released a patch – Microsoft cursor bug found, April 3, 2007
Computerworld – Microsoft defends 100-day ANI patch process, April 3, 2007
If your Net access is blocked by government restrictions, try Psiphon from the Citizen Lab at thIs the end (of the Net) nigh?zze University of Toronto’s Munk Centre for International Studies. Go here for the official download, here for the p2pnet download, and here for details. And if you’re Chinese and you’re looking for a way to access independent Internet news sources, try Freegate, the DIT program written to help Chinese citizens circumvent web site blocking outside of China. Download it here.
rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php | | And use free p2pnet newsfeeds for your site
Tired of being treated like a criminal? They depend on you, not the other way around. Don’t buy their ‘product’. Do bug your local politicians. Use emails, snail-mail, phone calls, faxes, IM, stop them in the street, blog. And if you’re into organizing, organize petitions, organize demonstrations and then turn up on your local political rep’s doorstep, making sure you’ve contacted your local tv/radio station/newspaper in advance. Don’t just complain. Do something!
