[Message Prev][Message Next][Thread Prev][Thread Next][Message Index][Thread Index]

Re: Attackers Exploit Animate Cursor Flaw

Subject: Re: Attackers Exploit Animate Cursor Flaw
From: "Robert Green" <ROBERT_GREEN1963@xxxxxxxxx>
Date: Mon, 9 Apr 2007 21:32:40 -0400
Newsgroups: comp.home.automation
References: <-PKdnQEOYt8HPZDbnZ2dnUVZ_u6rnZ2d@xxxxxxx> <prts03lenlklicuo93ljtsg292jlqjoj7b@xxxxxxx>

"Marc_F_Hult" <MFHult@xxxxxxxxxxxxxxxxxxxxx> wrote in message

> On Fri, 30 Mar 2007 19:21:39 -0400, "Robert Green"
>
> >Attackers Exploit Unpatched Explorer Flaw

<stuff snipped>

> IMO, HA and a smart home ought to be helpful in smart risk assessment and
> effective risk reduction, and real-time loss mitigation (think sprinklers
and
> their cyber equivalents) -- not feeding paranoia.

With more and more emphasis on HA, alarm and even HT systems being "internet
enabled" security issues are going to require careful consideration.  It
appears that the cursor exploit is being considered as rather serious among
security experts.  It's unfortunate that not one poster here has indicated
an interest (or perhaps a willingness) to engage in discussions about how to
secure the HA to internet interface as best as possible.  Perhaps we need to
sort that sociological issue out before any technological or educational
interaction can proceed.

In the meantime, I'll ring that paranoia buzzer one more time and quote some
of a recent Infoworld article on the .ANI exploit.  I find it interesting
because the speed and seriousness of the exploit this late in the lifecycle
of the affected OS's really suprised me.  If the information leads even one
person to patch their system where they might not have otherwise, then it
was worth the effort:

http://www.infoworld.com/article/07/04/03/HNemergencywindowspatch_1.html

Microsoft Issues Emergency Windows Patch
By Robert McMillan, IDG News Service April 03, 2007

With attackers finding more ways to exploit a critical flaw in its Windows
operating system, Microsoft has published an emergency software patch . . .
security experts are most concerned about a bug in the way Windows processes
.ani Animated Cursor files. Online criminals have been exploiting this bug
since late last week.  . . . Microsoft was forced to release the early
update a week ahead of schedule because attacks had become too widespread,
said Ken Dunham, director of malicious code intelligence with iDefense. "We
have more than 400 different URLs identified and related to attacks, and
multiple e-mails have been sent out that direct people back there," he said.
"We have proof that organized groups are now launching attacks."

--
Bobby G.

Follow-Ups:
- Re: Attackers Exploit Animate Cursor Flaw
  - From: Neil Cherry

Prev by Message: Re: X10 and modified sine wave inverters
Next by Message: about charging circuit
Previous by thread: Re: X10 and modified sine wave inverters
Next by thread: Re: Attackers Exploit Animate Cursor Flaw
Index(es):
- Message
- Thread

comp.home.automation Main Index | comp.home.automation Thread Index | comp.home.automation Home | Archives Home