Wednesday, January 25, 2006

 

Confidentiality advice for the clueless

The NSA warns: Putting a black graphic box over confidential information in a PDF does not make the information go away. SCO thought a graphic overlay would nonexist information about companies they were planning to go after in their war on Linux. Oops.

The problem does go deeper than such silliness, though. Some word processing formats contain change histories, and the typist may not be aware of this. If you're doing anything which requires serious confidentiality, plain text is the medium of choice.


# posted by Gary McGath @ 12:32 PM 0 comments

Monday, January 02, 2006

 

WMF's documented back door

F-Secure provides a brief explanation of why the recently discovered vulnerability in Windows Metafile (WMF) files is so easily exploited. In two words, "bad design." More precisely, a built-in, documented back door.

The immediate source of the problem, according to a CERT notice, is a buffer overflow vulnerability -- a failure to check if a data object is larger than its permitted size -- which allows the execution of arbitrary code. This type of vulnerability has cropped up in many different pieces of software, because the design of the C and C++ languages and their associated libraries unintentionally encourages code that lacks bounds checking.

Normally, buffer overflow exploits are difficult to write and are specific to a given software application, since exactly what happens to the extra bytes depends upon the exact way the application manages memory. But WMF contains a back door left over from the 1980's, which allows for putting code into an image file. As far as I can tell from the available information, this doesn't by itself allow WMF files to invoke arbitary code; but it simplifies the problem, by making it necessary only to trick Windows into invoking the Escape() or SetAbortProc() function. Add to this the fact that the overflow vulnerability is in an operating system DLL, and the result is that the exploit works across all but the oldest versions of Windows. It also makes it likely that other exploits will also allow malicious use of the back door.

To be fair, when this "feature" was added in the 1980's, the notion of malicious files wasn't more than a theoretical possibility. But when it became a reality, Microsoft should have removed the ability to carry executable code from the file format, and the support for the feature from its operating system. The CERT note states: "Current public exploits use the SETABORTPROC GDI Escape function to execute arbitrary code when viewed. The SETABORTPROC GDI Escape is obsolete, and is provided only for compatibility with 16-bit versions of Windows." DUMB!! Any document format which provides a back door for executable code opens Pandora's box.

Tags: ,


# posted by Gary McGath @ 7:31 AM 0 comments

This page is powered by Blogger. Isn't yours?

free hit counters
free hit counters
hits since 30-Oct-2006
Copyright 2004-2008 Gary McGath. All rights reserved. Permission is granted to publish feeds of this blog on the Internet, provided the content is not altered and credit is given.